mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Initial addition of new X509 V3 files, tidy of old files.

Browse Source
This commit is contained in:
Dr. Stephen Henson 1999-01-24 00:50:01 +00:00
parent 69d1dfba24
commit 9aeaf1b4a7
19 changed files with 2506 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -5,6 +5,11 @@
Changes between 0.9.1c and 0.9.2
*) Takes a deep breath and start addding X509 V3 extension support code. Add
files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
stuff is currently isolated and isn't even compiled yet.
[Steve Henson]
*) Continuing patches for GeneralizedTime. Fix up certificate and CRL
ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
Removed the versions check from X509 routines when loading extensions:

88
crypto/x509v3/Makefile.ssl Normal file
View File

@ -0,0 +1,88 @@
#
# SSLeay/crypto/x509v3/Makefile
#
DIR= x509v3
TOP= ../..
CC= cc
INCLUDES= -I.. -I../../include
CFLAG=-g
INSTALLTOP=/usr/local/ssl
MAKE= make -f Makefile.ssl
MAKEDEPEND= $(TOP)/util/domd $(TOP)
MAKEFILE= Makefile.ssl
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
ERR=x509v3
ERRC=v3err
GENERAL=Makefile README
TEST=
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= v3_bcons.c v3_bitstr.c v3_conf.c v3_extku.c v3_ia5.c \
v3_lib.c v3_prn.c v3_utl.c v3err.c
LIBOBJ= v3_bcons.o v3_bitstr.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
v3_prn.o v3_utl.o v3err.o
SRC= $(LIBSRC)
EXHEADER= x509v3.h
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
sh $(TOP)/util/ranlib.sh $(LIB)
@touch lib
files:
perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
/bin/rm -f Makefile
$(TOP)/util/point.sh Makefile.ssl Makefile ;
$(TOP)/util/mklink.sh ../../include $(EXHEADER)
$(TOP)/util/mklink.sh ../../test $(TEST)
$(TOP)/util/mklink.sh ../../apps $(APPS)
install:
@for i in $(EXHEADER) ; \
do \
(cp $$i $(INSTALLTOP)/include/$$i; \
chmod 644 $(INSTALLTOP)/include/$$i ); \
done;
tags:
ctags $(SRC)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
dclean:
perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
errors: $(ERRC).c
$(ERRC).c: $(ERR).err
perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
# DO NOT DELETE THIS LINE -- make depend depends on it.

4
crypto/x509v3/README Normal file
View File

@ -0,0 +1,4 @@
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
This is ***VERY*** new experimental code and is likely to change
considerably or vanish altogether.

0
crypto/x509v3/format → crypto/x509v3/old-v3/format
View File

0
crypto/x509v3/header → crypto/x509v3/old-v3/header
View File

318
crypto/x509v3/old-v3/v3_ku.c Normal file
View File

@ -0,0 +1,318 @@
/* crypto/x509v3/v3_ku.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <ctype.h>
#include "stack.h"
#include "cryptlib.h"
#include "bio.h"
#include "asn1.h"
#include "objects.h"
#include "x509.h"
X509_EXTENSION_METHOD X509v3_key_usage_method=
{
NID_key_usage,
ku_clear,
ex_get_bool,
ex_set_bool,
NULL,
NULL,
NULL,
NULL,
ku_a2i,
ku_i2a,
};
static void ku_clear(a)
X509_EXTENSION *a;
{
}
static int ku_expand(a)
X509_EXTENSION *a;
{
ASN1_BIT_STRING *bs;
if (a->argp == NULL)
{
bs=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,value);
if (bs == NULL) return(0);
a->argp=(char *)bs;
a->ex_free=ASN1_STRING_free;
}
return(1);
}
static int ku_get_bool(a,num)
X509_EXTENSION *a;
int num;
{
int ret;
ASN1_BIT_STRING *bs;
if ((a->argp == NULL) && !ku_expand(a))
return(-1);
bs=(ASN1_BIT_STRING *)a->argp;
ret=ASN1_BIT_STRING_get_bit(bs,num);
return(ret);
}
static int ku_set_bool(a,num,value)
X509_EXTENSION *a;
int num;
int value;
{
ASN1_BIT_STRING *a;
if ((a->argp == NULL) && !ku_expand(a))
return(0);
bs=(ASN1_BIT_STRING *)a->argp;
ret=ASN1_BIT_STRING_set_bit(bs,num,value);
}
static int ku_a2i(bio,a,buf,len)
BIO *bio;
X509_EXTENSION *a;
char *buf;
int len;
{
get token
}
static char ku_names[X509v3_N_KU_NUM]={
X509v3_S_KU_digitalSignature,
X509v3_S_KU_nonRepudiation,
X509v3_S_KU_keyEncipherment,
X509v3_S_KU_dataEncipherment,
X509v3_S_KU_keyAgreement,
X509v3_S_KU_keyCertSign,
X509v3_S_KU_cRLSign,
X509v3_S_KU_encipherOnly,
X509v3_S_KU_decipherOnly,
};
static int ku_i2a(bio,a);
BIO *bio;
X509_EXTENSION *a;
{
int i,first=1;
char *c;
for (i=0; i<X509v3_N_KU_NUM; i++)
{
if (ku_get_bool(a,i) > 0)
{
BIO_printf(bio,"%s%s",((first)?"":" "),ku_names[i]);
first=0;
}
}
}
/***********************/
int X509v3_get_key_usage(x,ret)
STACK *x;
unsigned long *ret;
{
X509_EXTENSION *ext;
ASN1_STRING *st;
char *p;
int i;
i=X509_get_ext_by_NID(x,NID_key_usage,-1);
if (i < 0) return(X509v3_KU_UNDEF);
ext=X509_get_ext(x,i);
st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,
X509_EXTENSION_get_data(X509_get_ext(x,i)));
p=ASN1_STRING_data(st);
if (ASN1_STRING_length(st) == 1)
i=p[0];
else if (ASN1_STRING_length(st) == 2)
i=p[0]|(p[1]<<8);
else
i=0;
return(i);
}
static struct
{
char *name;
unsigned int value;
} key_usage_data[] ={
{"digitalSignature", X509v3_KU_DIGITAL_SIGNATURE},
{"nonRepudiation", X509v3_KU_NON_REPUDIATION},
{"keyEncipherment", X509v3_KU_KEY_ENCIPHERMENT},
{"dataEncipherment", X509v3_KU_DATA_ENCIPHERMENT},
{"keyAgreement", X509v3_KU_KEY_AGREEMENT},
{"keyCertSign", X509v3_KU_KEY_CERT_SIGN},
{"cRLSign", X509v3_KU_CRL_SIGN},
{"encipherOnly", X509v3_KU_ENCIPHER_ONLY},
{"decipherOnly", X509v3_KU_DECIPHER_ONLY},
{NULL,0},
};
#if 0
static int a2i_key_usage(x,str,len)
X509 *x;
char *str;
int len;
{
return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str)));
}
static int i2a_key_usage(bp,x)
BIO *bp;
X509 *x;
{
return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x)));
}
#endif
int i2a_X509v3_key_usage(bp,use)
BIO *bp;
unsigned int use;
{
int i=0,first=1;
for (;;)
{
if (use | key_usage_data[i].value)
{
BIO_printf(bp,"%s%s",((first)?"":" "),
key_usage_data[i].name);
first=0;
}
}
return(1);
}
unsigned int a2i_X509v3_key_usage(p)
char *p;
{
unsigned int ret=0;
char *q,*s;
int i,n;
q=p;
for (;;)
{
while ((*q != '\0') && isalnum(*q))
q++;
if (*q == '\0') break;
s=q++;
while (isalnum(*q))
q++;
n=q-s;
i=0;
for (;;)
{
if (strncmp(key_usage_data[i].name,s,n) == 0)
{
ret|=key_usage_data[i].value;
break;
}
i++;
if (key_usage_data[i].name == NULL)
return(X509v3_KU_UNDEF);
}
}
return(ret);
}
int X509v3_set_key_usage(x,use)
X509 *x;
unsigned int use;
{
ASN1_OCTET_STRING *os;
X509_EXTENSION *ext;
int i;
unsigned char data[4];
i=X509_get_ext_by_NID(x,NID_key_usage,-1);
if (i < 0)
{
i=X509_get_ext_count(x)+1;
if ((ext=X509_EXTENSION_new()) == NULL) return(0);
if (!X509_add_ext(x,ext,i))
{
X509_EXTENSION_free(ext);
return(0);
}
}
else
ext=X509_get_ext(x,i);
/* fill in 'ext' */
os=X509_EXTENSION_get_data(ext);
i=0;
if (use > 0)
{
i=1;
data[0]=use&0xff;
}
if (use > 0xff)
{
i=2;
data[1]=(use>>8)&0xff;
}
return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1);
}

87
crypto/x509v3/old-v3/x509v3.h Normal file
View File

@ -0,0 +1,87 @@
/* crypto/x509v3/x509v3.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#define X509v3_N_KU_digitalSignature 0
#define X509v3_N_KU_nonRepudiation 1
#define X509v3_N_KU_keyEncipherment 2
#define X509v3_N_KU_dataEncipherment 3
#define X509v3_N_KU_keyAgreement 4
#define X509v3_N_KU_keyCertSign 5
#define X509v3_N_KU_cRLSign 6
#define X509v3_N_KU_encipherOnly 7
#define X509v3_N_KU_decipherOnly 8
#define X509v3_N_KU_NUM 9
#define X509v3_S_KU_digitalSignature "digitalSignature"
#define X509v3_S_KU_nonRepudiation "nonRepudiation"
#define X509v3_S_KU_keyEncipherment "keyEncipherment"
#define X509v3_S_KU_dataEncipherment "dataEncipherment"
#define X509v3_S_KU_keyAgreement "keyAgreement"
#define X509v3_S_KU_keyCertSign "keyCertSign"
#define X509v3_S_KU_cRLSign "cRLSign"
#define X509v3_S_KU_encipherOnly "encipherOnly"
#define X509v3_S_KU_decipherOnly "decipherOnly"
void X509_ex_clear(X509_EXTENSION *a);
int X509_ex_get_bool(X509_EXTENSION *a,int num);
int X509_ex_set_bool(X509_EXTENSION *a,int num,int value);
int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len);
int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len);
char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p);
int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p);
int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len);
int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a);

187
crypto/x509v3/v3_bcons.c Normal file
View File

@ -0,0 +1,187 @@
/* v3_bcons.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <pem.h>
#include <asn1_mac.h>
#include <err.h>
#include <objects.h>
#include <conf.h>
#include "x509v3.h"
#ifndef NOPROTO
static STACK *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons);
static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *values);
#else
static STACK *i2v_BASIC_CONSTRAINTS();
static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS();
#endif
X509V3_EXT_METHOD v3_bcons = {
NID_basic_constraints, 0,
(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new,
BASIC_CONSTRAINTS_free,
(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS,
i2d_BASIC_CONSTRAINTS,
NULL, NULL,
(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
NULL,
NULL
};
/*
* ASN1err(ASN1_F_BASIC_CONSTRAINTS_NEW,ERR_R_MALLOC_FAILURE);
* ASN1err(ASN1_F_D2I_BASIC_CONSTRAINTS,ERR_R_MALLOC_FAILURE);
*/
int i2d_BASIC_CONSTRAINTS(a,pp)
BASIC_CONSTRAINTS *a;
unsigned char **pp;
{
M_ASN1_I2D_vars(a);
if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN);
M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER);
M_ASN1_I2D_seq_total();
if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN);
M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER);
M_ASN1_I2D_finish();
}
BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new()
{
BASIC_CONSTRAINTS *ret=NULL;
ASN1_CTX c;
M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS);
ret->ca = 0;
ret->pathlen = NULL;
return (ret);
M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW);
}
BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(a,pp,length)
BASIC_CONSTRAINTS **a;
unsigned char **pp;
long length;
{
M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) ==
(V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) {
M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN);
}
M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS);
}
void BASIC_CONSTRAINTS_free(a)
BASIC_CONSTRAINTS *a;
{
if (a == NULL) return;
ASN1_INTEGER_free (a->pathlen);
Free ((char *)a);
}
static STACK *i2v_BASIC_CONSTRAINTS(method, bcons)
X509V3_EXT_METHOD *method;
BASIC_CONSTRAINTS *bcons;
{
STACK *extlist = NULL;
X509V3_add_value_bool("CA", bcons->ca, &extlist);
X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
return extlist;
}
static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(method, ctx, values)
X509V3_EXT_METHOD *method;
X509V3_CTX *ctx;
STACK *values;
{
BASIC_CONSTRAINTS *bcons=NULL;
CONF_VALUE *val;
int i;
if(!(bcons = BASIC_CONSTRAINTS_new())) {
X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
return NULL;
}
for(i = 0; i < sk_num(values); i++) {
val = (CONF_VALUE *)sk_value(values, i);
if(!strcmp(val->name, "CA")) {
if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
} else if(!strcmp(val->name, "pathlen")) {
if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
} else {
X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
X509V3_conf_err(val);
goto err;
}
}
return bcons;
err:
BASIC_CONSTRAINTS_free(bcons);
return NULL;
}

159
crypto/x509v3/v3_bitstr.c Normal file
View File

@ -0,0 +1,159 @@
/* v3_bitstr.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <pem.h>
#include <asn1_mac.h>
#include <err.h>
#include <objects.h>
#include <conf.h>
#include "x509v3.h"
#ifndef NOPROTO
static ASN1_BIT_STRING *asn1_bit_string_new(void);
static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
static STACK *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits);
#else
static ASN1_BIT_STRING *asn1_bit_string_new();
static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING();
static STACK *i2v_ASN1_BIT_STRING();
#endif
static BIT_STRING_BITNAME ns_cert_type_table[] = {
{0, "SSL Client", "client"},
{1, "SSL Server", "server"},
{2, "S/MIME", "email"},
{3, "Object Signing", "objsign"},
{4, "Unused", "reserved"},
{5, "SSL CA", "sslCA"},
{6, "S/MIME CA", "emailCA"},
{7, "Object Signing CA", "objCA"},
{-1, NULL, NULL}
};
static BIT_STRING_BITNAME key_usage_type_table[] = {
{0, "Digital Signature", "digitalSignature"},
{1, "Non Repudiation", "nonRepudiation"},
{2, "Key Encipherment", "keyEncipherment"},
{3, "Data Encipherment", "dataEncipherment"},
{4, "Key Agreement", "keyAgreement"},
{5, "Certificate Sign", "keyCertSign"},
{6, "CRL Sign", "cRLCertSign"},
{7, "Encipher Only", "encipherOnly"},
{8, "Decipher Only", "decipherOnly"},
{-1, NULL, NULL}
};
X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
static ASN1_BIT_STRING *asn1_bit_string_new()
{
return ASN1_BIT_STRING_new();
}
static STACK *i2v_ASN1_BIT_STRING(method, bits)
X509V3_EXT_METHOD *method;
ASN1_BIT_STRING *bits;
{
BIT_STRING_BITNAME *bnam;
STACK *ret = NULL;
for(bnam =(BIT_STRING_BITNAME *)method->usr_data; bnam->lname; bnam++) {
if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
X509V3_add_value(bnam->lname, NULL, &ret);
}
return ret;
}
static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(method, ctx, nval)
X509V3_EXT_METHOD *method;
X509V3_CTX *ctx;
STACK *nval;
{
CONF_VALUE *val;
ASN1_BIT_STRING *bs;
int i;
BIT_STRING_BITNAME *bnam;
if(!(bs = ASN1_BIT_STRING_new())) {
X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
return NULL;
}
for(i = 0; i < sk_num(nval); i++) {
val = (CONF_VALUE *)sk_value(nval, i);
for(bnam = (BIT_STRING_BITNAME *)method->usr_data; bnam->lname;
bnam++) {
if(!strcmp(bnam->sname, val->name) ||
!strcmp(bnam->lname, val->name) ) {
ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1);
break;
}
}
if(!bnam->lname) {
X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
X509V3_conf_err(val);
ASN1_BIT_STRING_free(bs);
return NULL;
}
}
return bs;
}

165
crypto/x509v3/v3_conf.c Normal file
View File

@ -0,0 +1,165 @@
/* v3_conf.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* config file utilities */
#include <stdlib.h>
#include <ctype.h>
#include <string.h>
#include <pem.h>
#include <conf.h>
#include <err.h>
#include "x509v3.h"
X509_EXTENSION *X509V3_EXT_conf(conf, ctx, name, value)
LHASH *conf; /* Config file */
X509V3_CTX *ctx;
char *name; /* Name */
char *value; /* Value */
{
return X509V3_EXT_conf_nid(conf, ctx, OBJ_sn2nid(name), value);
}
X509_EXTENSION *X509V3_EXT_conf_nid(conf, ctx, ext_nid, value)
LHASH *conf; /* Config file */
X509V3_CTX *ctx;
int ext_nid;
char *value; /* Value */
{
X509_EXTENSION *ext = NULL;
X509V3_EXT_METHOD *method;
STACK *nval;
char *ext_struc;
char *ext_der, *p;
int ext_len;
int crit = 0;
ASN1_OCTET_STRING *ext_oct;
if(ext_nid == NID_undef) return NULL;
if(!(method = X509V3_EXT_get_nid(ext_nid))) {
/* Add generic extension support here */
return NULL;
}
/* Check for critical */
if((strlen(value) >= 9) && !strncmp(value, "critical,", 9)) {
crit = 1;
value+=9;
}
/* Skip over spaces */
while(isspace(*value)) value++;
/* Now get internal extension representation based on type */
if(method->v2i) {
if(*value == '@') nval = CONF_get_section(conf, value + 1);
else nval = X509V3_parse_list(value);
if(!nval) {
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
return NULL;
}
ext_struc = method->v2i(method, ctx, nval);
if(*value != '@') sk_pop_free(nval, X509V3_conf_free);
if(!ext_struc) return NULL;
} else if(method->s2i) {
if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
} else {
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
return NULL;
}
/* We've now got the internal representation: convert to DER */
ext_len = method->i2d(ext_struc, NULL);
ext_der = Malloc(ext_len);
p = ext_der;
method->i2d(ext_struc, &p);
method->ext_free(ext_struc);
ext_oct = ASN1_OCTET_STRING_new();
ext_oct->data = ext_der;
ext_oct->length = ext_len;
ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
ASN1_OCTET_STRING_free(ext_oct);
return ext;
}
/* This is the main function: add a bunch of extensions based on a config file
* section
*/
int X509V3_EXT_add_conf(conf, ctx, section, cert)
LHASH *conf;
X509V3_CTX *ctx;
char *section;
X509 *cert;
{
X509_EXTENSION *ext;
STACK *nval;
CONF_VALUE *val;
int i;
if(!(nval = CONF_get_section(conf, section))) return 0;
for(i = 0; i < sk_num(nval); i++) {
val = (CONF_VALUE *)sk_value(nval, i);
if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
return 0;
if(cert) X509_add_ext(cert, ext, -1);
X509_EXTENSION_free(ext);
}
return 1;
}

165
crypto/x509v3/v3_extku.c Normal file
View File

@ -0,0 +1,165 @@
/* v3_extku.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <pem.h>
#include <asn1_mac.h>
#include <err.h>
#include <objects.h>
#include <conf.h>
#include "x509v3.h"
#ifndef NOPROTO
static STACK *v2i_ext_ku(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
static STACK *i2v_ext_ku(X509V3_EXT_METHOD *method, STACK *eku);
#else
static STACK *v2i_ext_ku();
static STACK *i2v_ext_ku();
#endif
X509V3_EXT_METHOD v3_ext_ku = {
NID_ext_key_usage, 0,
(X509V3_EXT_NEW)ext_ku_new,
ext_ku_free,
(X509V3_EXT_D2I)d2i_ext_ku,
i2d_ext_ku,
NULL, NULL,
(X509V3_EXT_I2V)i2v_ext_ku,
(X509V3_EXT_V2I)v2i_ext_ku,
NULL,
NULL
};
STACK *ext_ku_new()
{
return sk_new_null();
}
void ext_ku_free(eku)
STACK *eku;
{
sk_pop_free(eku, ASN1_OBJECT_free);
return;
}
int i2d_ext_ku(a,pp)
STACK *a;
unsigned char **pp;
{
return i2d_ASN1_SET(a, pp, i2d_ASN1_OBJECT, V_ASN1_SEQUENCE,
V_ASN1_UNIVERSAL, IS_SEQUENCE);
}
STACK *d2i_ext_ku(a,pp,length)
STACK **a;
unsigned char **pp;
long length;
{
return d2i_ASN1_SET(a, pp, length, (char *(*)())(d2i_ASN1_OBJECT),
ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
}
static STACK *i2v_ext_ku(method, eku)
X509V3_EXT_METHOD *method;
STACK *eku;
{
int i;
ASN1_OBJECT *obj;
char obj_tmp[80];
STACK *ext_list = NULL;
for(i = 0; i < sk_num(eku); i++) {
obj = (ASN1_OBJECT *)sk_value(eku, i);
i2t_ASN1_OBJECT(obj_tmp, 80, obj);
X509V3_add_value(NULL, obj_tmp, &ext_list);
}
return ext_list;
}
static STACK *v2i_ext_ku(method, ctx, nval)
X509V3_EXT_METHOD *method;
X509V3_CTX *ctx;
STACK *nval;
{
STACK *extku;
char *extval;
ASN1_OBJECT *objtmp;
CONF_VALUE *val;
int i;
if(!(extku = sk_new(NULL))) {
X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
return NULL;
}
for(i = 0; i < sk_num(nval); i++) {
val = (CONF_VALUE *)sk_value(nval, i);
if(val->value) extval = val->value;
else extval = val->name;
if(!(objtmp = OBJ_txt2obj(extval, 0))) {
sk_pop_free(extku, ASN1_OBJECT_free);
X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
X509V3_conf_err(val);
return NULL;
}
sk_push(extku, (char *)objtmp);
}
return extku;
}

127
crypto/x509v3/v3_ia5.c Normal file
View File

@ -0,0 +1,127 @@
/* v3_ia5.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <pem.h>
#include <asn1_mac.h>
#include <err.h>
#include <objects.h>
#include <conf.h>
#include "x509v3.h"
#ifndef NOPROTO
static ASN1_IA5STRING *ia5string_new(void);
static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
#else
static ASN1_IA5STRING *ia5string_new();
static char *i2s_ASN1_IA5STRING();
static ASN1_IA5STRING *s2i_ASN1_IA5STRING();
#endif
X509V3_EXT_METHOD v3_ns_ia5_list[] = {
EXT_IA5STRING(NID_netscape_base_url),
EXT_IA5STRING(NID_netscape_revocation_url),
EXT_IA5STRING(NID_netscape_ca_revocation_url),
EXT_IA5STRING(NID_netscape_renewal_url),
EXT_IA5STRING(NID_netscape_ca_policy_url),
EXT_IA5STRING(NID_netscape_ssl_server_name),
EXT_IA5STRING(NID_netscape_comment),
EXT_END
};
static ASN1_IA5STRING *ia5string_new(void)
{
return ASN1_IA5STRING_new();
}
static char *i2s_ASN1_IA5STRING(method, ia5)
X509V3_EXT_METHOD *method;
ASN1_IA5STRING *ia5;
{
char *tmp;
if(!ia5 || !ia5->length) return NULL;
tmp = Malloc(ia5->length + 1);
memcpy(tmp, ia5->data, ia5->length);
tmp[ia5->length] = 0;
return tmp;
}
static ASN1_IA5STRING *s2i_ASN1_IA5STRING(method, ctx, str)
X509V3_EXT_METHOD *method;
X509V3_CTX *ctx;
char *str;
{
ASN1_IA5STRING *ia5;
if(!str) {
X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
return NULL;
}
if(!(ia5 = ASN1_IA5STRING_new())) goto err;
if(!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) {
ASN1_IA5STRING_free(ia5);
goto err;
}
return ia5;
err:
X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
return NULL;
}

158
crypto/x509v3/v3_lib.c Normal file
View File

@ -0,0 +1,158 @@
/* v3_lib.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* X509 v3 extension utilities */
#include <stdlib.h>
#include <pem.h>
#include <conf.h>
#include <err.h>
#include "x509v3.h"
static STACK *ext_list = NULL;
static ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b);
static void ext_list_free(X509V3_EXT_METHOD *ext);
int X509V3_EXT_add(ext)
X509V3_EXT_METHOD *ext;
{
if(!ext_list && !(ext_list = sk_new(ext_cmp))) {
X509V3err(X509V3_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
return 0;
}
if(!sk_push(ext_list, (char *)ext)) {
X509V3err(X509V3_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
return 0;
}
return 1;
}
static int ext_cmp(a, b)
X509V3_EXT_METHOD **a, **b;
{
return ((*a)->ext_nid - (*b)->ext_nid);
}
X509V3_EXT_METHOD *X509V3_EXT_get_nid(nid)
int nid;
{
X509V3_EXT_METHOD tmp;
int idx;
tmp.ext_nid = nid;
if(!ext_list || (tmp.ext_nid < 0) ) return NULL;
idx = sk_find(ext_list, (char *)&tmp);
if(idx == -1) return NULL;
return (X509V3_EXT_METHOD *)sk_value(ext_list, idx);
}
X509V3_EXT_METHOD *X509V3_EXT_get(ext)
X509_EXTENSION *ext;
{
int nid;
if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
return X509V3_EXT_get_nid(nid);
}
extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku, v3_ns_ia5_list[];
int X509V3_EXT_add_list(extlist)
X509V3_EXT_METHOD *extlist;
{
for(;extlist->ext_nid!=-1;extlist++)
if(!X509V3_EXT_add(extlist)) return 0;
return 1;
}
int X509V3_EXT_add_alias(nid_to, nid_from)
int nid_to, nid_from;
{
X509V3_EXT_METHOD *ext, *tmpext;
if(!(ext = X509V3_EXT_get_nid(nid_from))) {
X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
return 0;
}
if(!(tmpext = (X509V3_EXT_METHOD *)Malloc(sizeof(X509V3_EXT_METHOD)))) {
X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
return 0;
}
*tmpext = *ext;
tmpext->ext_nid = nid_to;
tmpext->ext_flags = X509V3_EXT_DYNAMIC;
return 1;
}
void X509V3_EXT_cleanup()
{
sk_pop_free(ext_list, ext_list_free);
}
static void ext_list_free(ext)
X509V3_EXT_METHOD *ext;
{
if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext);
}
int X509V3_add_standard_extensions()
{
X509V3_EXT_add_list(v3_ns_ia5_list);
X509V3_EXT_add(&v3_bcons);
X509V3_EXT_add(&v3_nscert);
X509V3_EXT_add(&v3_key_usage);
X509V3_EXT_add(&v3_ext_ku);
return 1;
}

134
crypto/x509v3/v3_prn.c Normal file
View File

@ -0,0 +1,134 @@
/* v3_prn.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* X509 v3 extension utilities */
#include <stdlib.h>
#include <pem.h>
#include <conf.h>
#include <err.h>
#include "x509v3.h"
/* Extension printing routines */
/* Print out a name+value stack */
void X509V3_EXT_val_prn(out, val)
BIO *out;
STACK *val;
{
int i;
CONF_VALUE *nval;
if(!val) return;
for(i = 0; i < sk_num(val); i++) {
if(i > 0) BIO_printf(out, ", ");
nval = (CONF_VALUE *)sk_value(val, i);
if(!nval->name) BIO_printf(out, "%s", nval->value);
else if(!nval->value) BIO_printf(out, "%s", nval->name);
else BIO_printf(out, "%s:%s", nval->name, nval->value);
}
}
/* Main routine: print out a general extension */
int X509V3_EXT_print(out, ext, flag)
BIO *out;
X509_EXTENSION *ext;
int flag;
{
char *ext_str = NULL, *p, *value = NULL;
X509V3_EXT_METHOD *method;
STACK *nval = NULL;
int ok = 1;
if(!(method = X509V3_EXT_get(ext))) return 0;
p = ext->value->data;
if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0;
if(method->i2s) {
if(!(value = method->i2s(method, ext_str))) {
ok = 0;
goto err;
}
BIO_printf(out, value);
} else if(method->i2v) {
if(!(nval = method->i2v(method, ext_str))) {
ok = 0;
goto err;
}
X509V3_EXT_val_prn(out, nval);
} else if(method->i2r) {
if(!method->i2r(method, ext_str, out)) ok = 0;
} else ok = 0;
err:
sk_pop_free(nval, X509V3_conf_free);
if(value) Free(value);
method->ext_free(ext_str);
return ok;
}
int X509V3_EXT_print_fp(fp, ext, flag)
FILE *fp;
X509_EXTENSION *ext;
int flag;
{
BIO *bio_tmp;
int ret;
if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
ret = X509V3_EXT_print(bio_tmp, ext, flag);
BIO_free(bio_tmp);
return ret;
}

312
crypto/x509v3/v3_utl.c Normal file
View File

@ -0,0 +1,312 @@
/* v3_utl.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* X509 v3 extension utilities */
#include <stdlib.h>
#include <ctype.h>
#include <pem.h>
#include <conf.h>
#include <err.h>
#include "x509v3.h"
static char * str_dup(char *str);
static char *strip_spaces(char *name);
static char *str_dup(str)
char *str;
{
char *tmp;
if(!(tmp = Malloc(strlen(str) + 1))) return NULL;
strcpy(tmp, str);
return tmp;
}
/* Add a CONF_VALUE name value pair to stack */
int X509V3_add_value(name, value, extlist)
char *name;
char *value;
STACK **extlist;
{
CONF_VALUE *vtmp = NULL;
char *tname = NULL, *tvalue = NULL;
if(name && !(tname = str_dup(name))) goto err;
if(value && !(tvalue = str_dup(value))) goto err;;
if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err;
if(!*extlist && !(*extlist = sk_new(NULL))) goto err;
vtmp->section = NULL;
vtmp->name = tname;
vtmp->value = tvalue;
if(!sk_push(*extlist, (char *)vtmp)) goto err;
return 1;
err:
X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
if(vtmp) Free(vtmp);
if(tname) Free(tname);
if(tvalue) Free(tvalue);
return 0;
}
/* Free function for STACK of CONF_VALUE */
void X509V3_conf_free(conf)
CONF_VALUE *conf;
{
if(!conf) return;
if(conf->name) Free(conf->name);
if(conf->value) Free(conf->value);
if(conf->section) Free(conf->section);
Free((char *)conf);
}
int X509V3_add_value_bool(name, asn1_bool, extlist)
char *name;
int asn1_bool;
STACK **extlist;
{
if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
return X509V3_add_value(name, "FALSE", extlist);
}
int X509V3_add_value_bool_nf(name, asn1_bool, extlist)
char *name;
int asn1_bool;
STACK **extlist;
{
if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
return 1;
}
int X509V3_add_value_int(name, aint, extlist)
char *name;
ASN1_INTEGER *aint;
STACK **extlist;
{
BIGNUM *bntmp;
char *strtmp;
int ret;
if(!aint) return 1;
bntmp = ASN1_INTEGER_to_BN(aint, NULL);
strtmp = BN_bn2dec(bntmp);
ret = X509V3_add_value(name, strtmp, extlist);
BN_free(bntmp);
Free(strtmp);
return ret;
}
int X509V3_get_value_bool(value, asn1_bool)
CONF_VALUE *value;
int *asn1_bool;
{
char *btmp;
if(!(btmp = value->value)) goto err;
if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
|| !strcmp(btmp, "Y") || !strcmp(btmp, "y")
|| !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
*asn1_bool = 0xff;
return 1;
} else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
|| !strcmp(btmp, "N") || !strcmp(btmp, "n")
|| !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
*asn1_bool = 0;
return 1;
}
err:
X509V3err(X509V3_F_X509V3_VALUE_GET_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
X509V3_conf_err(value);
return 0;
}
int X509V3_get_value_int(value, aint)
CONF_VALUE *value;
ASN1_INTEGER **aint;
{
BIGNUM *bn = NULL;
bn = BN_new();
if(!value->value) {
X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_INVALID_NULL_VALUE);
X509V3_conf_err(value);
return 0;
}
if(!BN_dec2bn(&bn, value->value)) {
X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_BN_DEC2BN_ERROR);
X509V3_conf_err(value);
return 0;
}
if(!(*aint = BN_to_ASN1_INTEGER(bn, NULL))) {
X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
X509V3_conf_err(value);
return 0;
}
BN_free(bn);
return 1;
}
#define HDR_NAME 1
#define HDR_VALUE 2
/*#define DEBUG*/
STACK *X509V3_parse_list(line)
char *line;
{
char *p, *q, c;
char *ntmp, *vtmp;
STACK *values = NULL;
char *linebuf;
int state;
/* We are going to modify the line so copy it first */
linebuf = str_dup(line);
state = HDR_NAME;
ntmp = NULL;
/* Go through all characters */
for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
switch(state) {
case HDR_NAME:
if(c == ':') {
state = HDR_VALUE;
*p = 0;
ntmp = strip_spaces(q);
if(!ntmp) {
X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
goto err;
}
q = p + 1;
} else if(c == ',') {
*p = 0;
ntmp = strip_spaces(q);
q = p + 1;
#ifdef DEBUG
printf("%s\n", ntmp);
#endif
if(!ntmp) {
X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
goto err;
}
X509V3_add_value(ntmp, NULL, &values);
}
break ;
case HDR_VALUE:
if(c == ',') {
state = HDR_NAME;
*p = 0;
vtmp = strip_spaces(q);
#ifdef DEBUG
printf("%s\n", ntmp);
#endif
if(!vtmp) {
X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
goto err;
}
X509V3_add_value(ntmp, vtmp, &values);
ntmp = NULL;
q = p + 1;
}
}
}
if(state == HDR_VALUE) {
vtmp = strip_spaces(q);
#ifdef DEBUG
printf("%s=%s\n", ntmp, vtmp);
#endif
if(!vtmp) {
X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
goto err;
}
X509V3_add_value(ntmp, vtmp, &values);
} else {
ntmp = strip_spaces(q);
#ifdef DEBUG
printf("%s\n", ntmp);
#endif
if(!ntmp) {
X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
goto err;
}
X509V3_add_value(ntmp, NULL, &values);
}
Free(linebuf);
return values;
err:
Free(linebuf);
sk_pop_free(values, X509V3_conf_free);
return NULL;
}
/* Delete leading and trailing spaces from a string */
static char *strip_spaces(name)
char *name;
{
char *p, *q;
/* Skip over leading spaces */
p = name;
while(*p && isspace(*p)) p++;
if(!*p) return NULL;
q = p + strlen(p) - 1;
while((q != p) && isspace(*q)) q--;
if(p != q) q[1] = 0;
if(!*p) return NULL;
return p;
}

127
crypto/x509v3/v3conf.c Normal file
View File

@ -0,0 +1,127 @@
/* v3conf.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <pem.h>
#include <objects.h>
#include <conf.h>
#include <err.h>
#include "x509v3.h"
/* Test application to add extensions from a config file */
int main(argc, argv)
int argc;
char **argv;
{
LHASH *conf;
X509 *cert;
FILE *inf;
char *conf_file;
int i;
int count;
X509_EXTENSION *ext;
X509V3_add_standard_extensions();
ERR_load_crypto_strings();
if(!argv[1]) {
fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
exit(1);
}
conf_file = argv[2];
if(!conf_file) conf_file = "test.cnf";
conf = CONF_load(NULL, "test.cnf", NULL);
if(!conf) {
fprintf(stderr, "Error opening Config file %s\n", conf_file);
ERR_print_errors_fp(stderr);
exit(1);
}
inf = fopen(argv[1], "r");
if(!inf) {
fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
exit(1);
}
cert = PEM_read_X509(inf, NULL, NULL);
if(!cert) {
fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
exit(1);
}
fclose(inf);
sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
cert->cert_info->extensions = NULL;
if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
fprintf(stderr, "Error adding extensions\n");
ERR_print_errors_fp(stderr);
exit(1);
}
count = X509_get_ext_count(cert);
printf("%d extensions\n", count);
for(i = 0; i < count; i++) {
ext = X509_get_ext(cert, i);
printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
if(ext->critical) printf(",critical:\n");
else printf(":\n");
X509V3_EXT_print_fp(stdout, ext, 0);
printf("\n");
}
return 0;
}

112
crypto/x509v3/v3err.c Normal file
View File

@ -0,0 +1,112 @@
/* lib/x509v3/x509v3_err.c */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include "err.h"
#include "x509v3.h"
/* BEGIN ERROR CODES */
#ifndef NO_ERR
static ERR_STRING_DATA X509V3_str_functs[]=
{
{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"},
{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"},
{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"},
{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"},
{ERR_PACK(0,X509V3_F_X509V3_ADD_EXT,0), "X509V3_ADD_EXT"},
{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"},
{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"},
{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"},
{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_INT,0), "X509V3_get_value_int"},
{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
{ERR_PACK(0,X509V3_F_X509V3_VALUE_GET_BOOL,0), "X509V3_VALUE_GET_BOOL"},
{0,NULL},
};
static ERR_STRING_DATA X509V3_str_reasons[]=
{
{X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"},
{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"},
{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"},
{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
{X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"},
{X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"},
{X509V3_R_INVALID_NAME ,"invalid name"},
{X509V3_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
{X509V3_R_INVALID_NULL_NAME ,"invalid null name"},
{X509V3_R_INVALID_NULL_VALUE ,"invalid null value"},
{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"},
{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"},
{0,NULL},
};
#endif
void ERR_load_X509V3_strings()
{
static int init=1;
if (init)
{
init=0;
#ifndef NO_ERR
ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
#endif
}
}

97
crypto/x509v3/v3prin.c Normal file
View File

@ -0,0 +1,97 @@
/* v3prin.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <pem.h>
#include <objects.h>
#include <conf.h>
#include <err.h>
#include "x509v3.h"
int main(argc, argv)
int argc;
char **argv;
{
X509 *cert;
FILE *inf;
int i, count;
X509_EXTENSION *ext;
X509V3_add_standard_extensions();
if(!argv[1]) {
fprintf(stderr, "Usage v3prin cert.pem\n");
exit(1);
}
if(!(inf = fopen(argv[1], "r"))) {
fprintf(stderr, "Can't open %s\n", argv[1]);
exit(1);
}
if(!(cert = PEM_read_X509(inf, NULL, NULL))) {
fprintf(stderr, "Can't read certificate %s\n", argv[1]);
ERR_print_errors_fp(stderr);
exit(1);
}
fclose(inf);
count = X509_get_ext_count(cert);
printf("%d extensions\n", count);
for(i = 0; i < count; i++) {
ext = X509_get_ext(cert, i);
printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
X509V3_EXT_print_fp(stdout, ext, 0);
printf("\n");
}
return 0;
}

340
crypto/x509v3/x509v3.h
View File

@ -1,87 +1,269 @@
/* crypto/x509v3/x509v3.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
/* x509v3.h */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define X509v3_N_KU_digitalSignature 0
#define X509v3_N_KU_nonRepudiation 1
#define X509v3_N_KU_keyEncipherment 2
#define X509v3_N_KU_dataEncipherment 3
#define X509v3_N_KU_keyAgreement 4
#define X509v3_N_KU_keyCertSign 5
#define X509v3_N_KU_cRLSign 6
#define X509v3_N_KU_encipherOnly 7
#define X509v3_N_KU_decipherOnly 8
#define X509v3_N_KU_NUM 9
#define X509v3_S_KU_digitalSignature "digitalSignature"
#define X509v3_S_KU_nonRepudiation "nonRepudiation"
#define X509v3_S_KU_keyEncipherment "keyEncipherment"
#define X509v3_S_KU_dataEncipherment "dataEncipherment"
#define X509v3_S_KU_keyAgreement "keyAgreement"
#define X509v3_S_KU_keyCertSign "keyCertSign"
#define X509v3_S_KU_cRLSign "cRLSign"
#define X509v3_S_KU_encipherOnly "encipherOnly"
#define X509v3_S_KU_decipherOnly "decipherOnly"
#ifndef HEADER_X509V3_H
#define HEADER_X509V3_H
#ifdef __cplusplus
extern "C" {
#endif
#include "bio.h"
#include "x509.h"
/* Forward reference */
struct v3_ext_method;
struct v3_ext_ctx;
/* Useful typedefs */
typedef char * (*X509V3_EXT_NEW)();
typedef void (*X509V3_EXT_FREE)();
typedef char * (*X509V3_EXT_D2I)();
typedef int (*X509V3_EXT_I2D)();
typedef STACK * (*X509V3_EXT_I2V)(struct v3_ext_method *method, char *ext);
typedef char * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK *values);
typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, char *ext);
typedef char * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out);
/* V3 extension structure */
struct v3_ext_method {
int ext_nid;
int ext_flags;
X509V3_EXT_NEW ext_new;
X509V3_EXT_FREE ext_free;
X509V3_EXT_D2I d2i;
X509V3_EXT_I2D i2d;
/* The following pair is used for string extensions */
X509V3_EXT_I2S i2s;
X509V3_EXT_S2I s2i;
/* The following pair is used for multi-valued extensions */
X509V3_EXT_I2V i2v;
X509V3_EXT_V2I v2i;
/* The following is used for raw extensions */
X509V3_EXT_I2R i2r;
char *usr_data; /* Any extension specific data */
};
/* Context specific info */
struct v3_ctx_struct {
X509 *issuer_cert;
X509 *subject_cert;
X509_REQ *subject_req;
/* Maybe more here */
};
typedef struct v3_ext_method X509V3_EXT_METHOD;
typedef struct v3_ext_ctx X509V3_CTX;
/* ext_flags values */
#define X509V3_EXT_DYNAMIC 0x1
typedef struct {
int bitnum;
char *lname;
char *sname;
} BIT_STRING_BITNAME;
typedef struct {
int ca;
ASN1_INTEGER *pathlen;
} BASIC_CONSTRAINTS;
#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
",name:", val->name, ",value:", val->value);
#define EXT_BITSTRING(nid, table) { nid, 0, \
(X509V3_EXT_NEW)asn1_bit_string_new, ASN1_STRING_free, \
(X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
i2d_ASN1_BIT_STRING, \
NULL, NULL, \
(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
NULL, \
(char *)table}
#define EXT_IA5STRING(nid) { nid, 0, \
(X509V3_EXT_NEW)ia5string_new, ASN1_STRING_free, \
(X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \
i2d_ASN1_IA5STRING, \
(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
NULL, NULL, NULL, \
NULL}
#define EXT_END { -1, 0, NULL, NULL, NULL, NULL, NULL, NULL, \
NULL, NULL, NULL, \
NULL}
#ifndef NOPROTO
void ERR_load_X509V3_strings(void);
void ERR_X509V3_error(int function, int reason, char *file, int line);
int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp);
BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length);
BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
int i2d_ext_ku(STACK *a, unsigned char **pp);
STACK *d2i_ext_ku(STACK **a, unsigned char **pp, long length);
void ext_ku_free(STACK *a);
STACK *ext_ku_new(void);
#ifdef HEADER_CONF_H
void X509V3_conf_free(CONF_VALUE *val);
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
#endif
int X509V3_add_value(char *name, char *value, STACK **extlist);
int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist);
int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist);
int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
int X509V3_EXT_add_alias(int nid_to, int nid_from);
void X509V3_EXT_cleanup(void);
X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
int X509V3_add_standard_extensions(void);
STACK *X509V3_parse_list(char *line);
int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag);
int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag);
#else
void ERR_load_X509V3_strings();
void ERR_X509V3_error();
int i2d_BASIC_CONSTRAINTS();
BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS();
BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new();
void BASIC_CONSTRAINTS_free();
int i2d_ext_ku();
STACK *d2i_ext_ku();
void ext_ku_free();
STACK *ext_ku_new();
#ifdef HEADER_CONF_H
void X509V3_conf_free();
X509_EXTENSION *X509V3_EXT_conf_nid();
X509_EXTENSION *X509V3_EXT_conf();
int X509V3_EXT_add_conf();
int X509V3_get_value_bool();
int X509V3_get_value_int();
#endif
int X509V3_add_value();
int X509V3_add_value_bool();
int X509V3_add_value_int();
int X509V3_EXT_add();
int X509V3_EXT_add_alias();
void X509V3_EXT_cleanup();
X509V3_EXT_METHOD *X509V3_EXT_get();
X509V3_EXT_METHOD *X509V3_EXT_get_nid();
int X509V3_add_standard_extensions();
STACK *X509V3_parse_list();
int X509V3_EXT_print();
int X509V3_EXT_print_fp();
#endif
/* BEGIN ERROR CODES */
/* Error codes for the X509V3 functions. */
/* Function codes. */
#define X509V3_F_S2I_ASN1_IA5STRING 100
#define X509V3_F_V2I_ASN1_BIT_STRING 101
#define X509V3_F_V2I_BASIC_CONSTRAINTS 102
#define X509V3_F_V2I_EXT_KU 103
#define X509V3_F_X509V3_ADD_EXT 104
#define X509V3_F_X509V3_ADD_VALUE 105
#define X509V3_F_X509V3_EXT_ADD_ALIAS 106
#define X509V3_F_X509V3_EXT_CONF 107
#define X509V3_F_X509V3_GET_VALUE_INT 108
#define X509V3_F_X509V3_PARSE_LIST 109
#define X509V3_F_X509V3_VALUE_GET_BOOL 110
/* Reason codes. */
#define X509V3_R_BN_DEC2BN_ERROR 100
#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101
#define X509V3_R_EXTENSION_NOT_FOUND 102
#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103
#define X509V3_R_INVALID_BOOLEAN_STRING 104
#define X509V3_R_INVALID_EXTENSION_STRING 105
#define X509V3_R_INVALID_NAME 106
#define X509V3_R_INVALID_NULL_ARGUMENT 107
#define X509V3_R_INVALID_NULL_NAME 108
#define X509V3_R_INVALID_NULL_VALUE 109
#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111
#ifdef __cplusplus
}
#endif
#endif
void X509_ex_clear(X509_EXTENSION *a);
int X509_ex_get_bool(X509_EXTENSION *a,int num);
int X509_ex_set_bool(X509_EXTENSION *a,int num,int value);
int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len);
int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len);
char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p);
int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p);
int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len);
int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a);