X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fx509v3%2Fv3_cpols.c;h=94d4cdbec76e45697f91979d727e9142304adb10;hb=3550ec4f1ff6f259c92a5ef649974a0c8ce851b8;hp=95033f265b28b4d8002eb37c663452980c28b26e;hpb=d943e3724162cb7668b90a34f689e7c2b89ebc64;p=oweals%2Fopenssl.git diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 95033f265b..94d4cdbec7 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -58,10 +58,10 @@ #include #include "cryptlib.h" -#include "conf.h" -#include "asn1.h" -#include "asn1_mac.h" -#include "x509v3.h" +#include +#include +#include +#include /* Certificate policies extension support: this one is a bit complex... */ @@ -69,8 +69,8 @@ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value); static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); static void print_notice(BIO *out, USERNOTICE *notice, int indent); -static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs); -static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot); +static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs, int ia5org); +static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot, int ia5org); static STACK *nref_nos(STACK *nos); X509V3_EXT_METHOD v3_cpols = { @@ -87,17 +87,6 @@ NULL }; -/* - * ASN1err(ASN1_F_POLICYINFO_NEW,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_D2I_POLICYINFO,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_POLICYQUALINFO_NEW,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_D2I_POLICYQUALINFO,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_USERNOTICE_NEW,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_D2I_USERNOTICE,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_NOTICEREF_NEW,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_D2I_NOTICEREF,ERR_R_MALLOC_FAILURE); - */ - static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value) { @@ -107,9 +96,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, ASN1_OBJECT *pobj; STACK *vals; CONF_VALUE *cnf; - int i; + int i, ia5org; pols = sk_POLICYINFO_new_null(); vals = X509V3_parse_list(value); + ia5org = 0; for(i = 0; i < sk_num(vals); i++) { cnf = (CONF_VALUE *)sk_value(vals, i); if(cnf->value || !cnf->name ) { @@ -118,7 +108,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, goto err; } pstr = cnf->name; - if(*pstr == '@') { + if(!strcmp(pstr,"ia5org")) { + ia5org = 1; + continue; + } else if(*pstr == '@') { STACK *polsect; polsect = X509V3_get_section(ctx, pstr + 1); if(!polsect) { @@ -127,7 +120,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_conf_err(cnf); goto err; } - pol = policy_section(ctx, polsect); + pol = policy_section(ctx, polsect, ia5org); X509V3_section_free(ctx, polsect); if(!pol) goto err; } else { @@ -148,7 +141,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, return NULL; } -static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs) +static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs, int ia5org) { int i; CONF_VALUE *cnf; @@ -190,7 +183,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs) X509V3_conf_err(cnf); goto err; } - qual = notice_section(ctx, unot); + qual = notice_section(ctx, unot, ia5org); X509V3_section_free(ctx, unot); if(!qual) goto err; if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) @@ -219,7 +212,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs) } -static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot) +static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot, int ia5org) { int i; CONF_VALUE *cnf; @@ -241,7 +234,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot) if(!(nref = NOTICEREF_new())) goto merr; not->noticeref = nref; } else nref = not->noticeref; - nref->organization = ASN1_VISIBLESTRING_new(); + if(ia5org) nref->organization = ASN1_IA5STRING_new(); + else nref->organization = ASN1_VISIBLESTRING_new(); if(!ASN1_STRING_set(nref->organization, cnf->value, strlen(cnf->value))) goto merr; } else if(!strcmp(cnf->name, "noticeNumbers")) {