#define ASN1_F_D2I_DSAPARAMS 137
#define ASN1_F_D2I_DSAPRIVATEKEY 138
#define ASN1_F_D2I_DSAPUBLICKEY 139
+#define ASN1_F_D2I_GENERAL_NAME 230
#define ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE 228
#define ASN1_F_D2I_NETSCAPE_PKEY 140
#define ASN1_F_D2I_NETSCAPE_RSA 141
#define ASN1_F_D2I_X509_REVOKED 173
#define ASN1_F_D2I_X509_SIG 174
#define ASN1_F_D2I_X509_VAL 175
+#define ASN1_F_GENERAL_NAME_NEW 231
#define ASN1_F_I2D_ASN1_HEADER 176
#define ASN1_F_I2D_ASN1_TIME 225
#define ASN1_F_I2D_DHPARAMS 177
#define ASN1_F_D2I_DSAPARAMS 137
#define ASN1_F_D2I_DSAPRIVATEKEY 138
#define ASN1_F_D2I_DSAPUBLICKEY 139
+#define ASN1_F_D2I_GENERAL_NAME 230
#define ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE 228
#define ASN1_F_D2I_NETSCAPE_PKEY 140
#define ASN1_F_D2I_NETSCAPE_RSA 141
#define ASN1_F_D2I_X509_REVOKED 173
#define ASN1_F_D2I_X509_SIG 174
#define ASN1_F_D2I_X509_VAL 175
+#define ASN1_F_GENERAL_NAME_NEW 231
#define ASN1_F_I2D_ASN1_HEADER 176
#define ASN1_F_I2D_ASN1_TIME 225
#define ASN1_F_I2D_DHPARAMS 177
{ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0), "D2I_DSAPARAMS"},
{ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0), "D2I_DSAPRIVATEKEY"},
{ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0), "D2I_DSAPUBLICKEY"},
+{ERR_PACK(0,ASN1_F_D2I_GENERAL_NAME,0), "D2I_GENERAL_NAME"},
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE,0), "D2I_NETSCAPE_CERT_SEQUENCE"},
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_PKEY,0), "D2I_NETSCAPE_PKEY"},
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "D2I_NETSCAPE_RSA"},
{ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0), "D2I_X509_REVOKED"},
{ERR_PACK(0,ASN1_F_D2I_X509_SIG,0), "D2I_X509_SIG"},
{ERR_PACK(0,ASN1_F_D2I_X509_VAL,0), "D2I_X509_VAL"},
+{ERR_PACK(0,ASN1_F_GENERAL_NAME_NEW,0), "GENERAL_NAME_NEW"},
{ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0), "i2d_ASN1_HEADER"},
{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "i2d_ASN1_TIME"},
{ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0), "I2D_DHPARAMS"},
M_ASN1_D2I_get(b,func); \
}
+#define M_ASN1_D2I_get_imp(b,func, type) \
+ M_ASN1_next=(_tmp& ~V_ASN1_PRIMATIVE_TAG)|type; \
+ c.q=c.p; \
+ if (func(&(b),&c.p,c.slen) == NULL) \
+ {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
+ c.slen-=(c.p-c.q);\
+ M_ASN1_next_prev=_tmp;
+
#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
(V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
{ \
- unsigned char tmp; \
- tmp=M_ASN1_next; \
- M_ASN1_next=(tmp& ~V_ASN1_PRIMATIVE_TAG)|type; \
- M_ASN1_D2I_get(b,func); \
- M_ASN1_next_prev=tmp; \
+ unsigned char _tmp = M_ASN1_next; \
+ M_ASN1_D2I_get_imp(b,func, type);\
}
#define M_ASN1_D2I_get_set(r,func,free_func) \
LIB=$(TOP)/libcrypto.a
LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
-v3_lib.c v3_prn.c v3_utl.c v3err.c
+v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c
LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
-v3_prn.o v3_utl.o v3err.o
+v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o
SRC= $(LIBSRC)
--- /dev/null
+/* v3_bcons.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static STACK *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, STACK *gen);
+static STACK *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *values);
+#endif
+
+X509V3_EXT_METHOD v3_alt[] = {
+{ NID_subject_alt_name, 0,
+(X509V3_EXT_NEW)GENERAL_NAMES_new,
+GENERAL_NAMES_free,
+(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
+i2d_GENERAL_NAMES,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+(X509V3_EXT_V2I)NULL /*v2i_GENERAL_NAMES*/,
+NULL, NULL},
+{ NID_issuer_alt_name, 0,
+(X509V3_EXT_NEW)GENERAL_NAMES_new,
+GENERAL_NAMES_free,
+(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
+i2d_GENERAL_NAMES,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+(X509V3_EXT_V2I)NULL /*v2i_GENERAL_NAMES*/,
+NULL, NULL},
+EXT_END
+};
+
+static STACK *i2v_GENERAL_NAMES(method, gens)
+X509V3_EXT_METHOD *method;
+STACK *gens;
+{
+ int i;
+ STACK *ret = NULL;
+ GENERAL_NAME *gen;
+ for(i = 0; i < sk_num(gens); i++) {
+ gen = (GENERAL_NAME *)sk_value(gens, i);
+ switch (gen->type)
+ {
+ case GEN_OTHERNAME:
+ X509V3_add_value("othername","<unsupported>", &ret);
+ break;
+
+ case GEN_X400:
+ X509V3_add_value("X400Name","<unsupported>", &ret);
+ break;
+
+ case GEN_EDIPARTY:
+ X509V3_add_value("EdiPartyName","<unsupported>", &ret);
+ break;
+
+ case GEN_EMAIL:
+ X509V3_add_value("email",gen->d.ia5->data, &ret);
+ break;
+
+ case GEN_DNS:
+ X509V3_add_value("DNS",gen->d.ia5->data, &ret);
+ break;
+
+ case GEN_URI:
+ X509V3_add_value("URI",gen->d.ia5->data, &ret);
+ break;
+
+ case GEN_IPADD:
+ X509V3_add_value("IP Address","<unsupported>", &ret);
+ break;
+
+ case GEN_RID:
+ X509V3_add_value("Registered ID","<unsupported>", &ret);
+ break;
+ }
+ }
+ return ret;
+}
+
--- /dev/null
+/* v3_genn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+/*
+ * ASN1err(ASN1_F_GENERAL_NAME_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+ */
+
+int i2d_GENERAL_NAME(a,pp)
+GENERAL_NAME *a;
+unsigned char **pp;
+{
+ unsigned char *p;
+ int ret;
+
+ ret = 0;
+
+ /* Save the location of initial TAG */
+ if(pp) p = *pp;
+ else p = NULL;
+
+ /* GEN_DNAME needs special treatment because of EXPLICIT tag */
+
+ if(a->type == GEN_DIRNAME) {
+ int v = 0;
+ M_ASN1_I2D_len_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
+ if(!p) return ret;
+ M_ASN1_I2D_put_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
+ *pp = p;
+ return ret;
+ }
+
+ switch(a->type) {
+
+ case GEN_OTHERNAME:
+ case GEN_X400:
+ case GEN_EDIPARTY:
+ ret = i2d_ASN1_TYPE(a->d.other, pp);
+ break;
+
+ case GEN_EMAIL:
+ case GEN_DNS:
+ case GEN_URI:
+ ret = i2d_ASN1_IA5STRING(a->d.ia5, pp);
+ break;
+
+ case GEN_IPADD:
+ ret = i2d_ASN1_OCTET_STRING(a->d.ip, pp);
+ break;
+
+ case GEN_RID:
+ ret = i2d_ASN1_OBJECT(a->d.rid, pp);
+ break;
+ }
+ /* Replace TAG with IMPLICIT value */
+ if(p) *p = (*p & V_ASN1_CONSTRUCTED) | a->type;
+ return ret;
+}
+
+GENERAL_NAME *GENERAL_NAME_new()
+{
+ GENERAL_NAME *ret=NULL;
+ ASN1_CTX c;
+ M_ASN1_New_Malloc(ret, GENERAL_NAME);
+ ret->type = -1;
+ ret->d.ptr = NULL;
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_GENERAL_NAME_NEW);
+}
+
+GENERAL_NAME *d2i_GENERAL_NAME(a,pp,length)
+GENERAL_NAME **a;
+unsigned char **pp;
+long length;
+{
+ unsigned char _tmp;
+ M_ASN1_D2I_vars(a,GENERAL_NAME *,GENERAL_NAME_new);
+ M_ASN1_D2I_Init();
+ c.slen = length;
+
+ _tmp = M_ASN1_next;
+ ret->type = _tmp & ~V_ASN1_CONSTRUCTED;
+
+ switch(ret->type) {
+ /* Just put these in a "blob" for now */
+ case GEN_OTHERNAME:
+ case GEN_X400:
+ case GEN_EDIPARTY:
+ M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE);
+ break;
+
+ case GEN_EMAIL:
+ case GEN_DNS:
+ case GEN_URI:
+ M_ASN1_D2I_get_imp(ret->d.ia5, d2i_ASN1_IA5STRING,
+ V_ASN1_IA5STRING);
+ break;
+
+ case GEN_DIRNAME:
+ M_ASN1_D2I_get_EXP_opt(ret->d.dirn, d2i_X509_NAME, 4);
+ break;
+
+ case GEN_IPADD:
+ M_ASN1_D2I_get_imp(ret->d.ip, d2i_ASN1_OCTET_STRING,
+ V_ASN1_OCTET_STRING);
+ break;
+
+ case GEN_RID:
+ M_ASN1_D2I_get_imp(ret->d.rid, d2i_ASN1_OBJECT,V_ASN1_OBJECT);
+ break;
+
+ default:
+ c.error = ASN1_R_BAD_TAG;
+ goto err;
+ }
+
+ c.slen = 0;
+ M_ASN1_D2I_Finish(a, GENERAL_NAME_free, ASN1_F_D2I_GENERAL_NAME);
+}
+
+void GENERAL_NAME_free(a)
+GENERAL_NAME *a;
+{
+ if (a == NULL) return;
+ switch(a->type) {
+ case GEN_OTHERNAME:
+ case GEN_X400:
+ case GEN_EDIPARTY:
+ ASN1_TYPE_free(a->d.other);
+ break;
+
+ case GEN_EMAIL:
+ case GEN_DNS:
+ case GEN_URI:
+
+ ASN1_IA5STRING_free(a->d.ia5);
+ break;
+
+ case GEN_DIRNAME:
+ X509_NAME_free(a->d.dirn);
+ break;
+
+ case GEN_IPADD:
+ ASN1_OCTET_STRING_free(a->d.ip);
+ break;
+
+ case GEN_RID:
+ ASN1_OBJECT_free(a->d.rid);
+ break;
+
+ }
+ Free ((char *)a);
+}
+
+/* Now the GeneralNames versions: a SEQUENCE OF GeneralName These are needed as
+ * an explicit functions.
+ */
+
+STACK *GENERAL_NAMES_new()
+{
+ return sk_new(NULL);
+}
+
+void GENERAL_NAMES_free(a)
+STACK *a;
+{
+ sk_pop_free(a, GENERAL_NAME_free);
+}
+
+STACK *d2i_GENERAL_NAMES(a,pp,length)
+STACK **a;
+unsigned char **pp;
+long length;
+{
+return d2i_ASN1_SET(a, pp, length, (char *(*)())d2i_GENERAL_NAME,
+ GENERAL_NAME_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+int i2d_GENERAL_NAMES(a,pp)
+STACK *a;
+unsigned char **pp;
+{
+return i2d_ASN1_SET(a, pp, i2d_GENERAL_NAME, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE);
+}
return X509V3_EXT_get_nid(nid);
}
-extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku, v3_ns_ia5_list[];
+extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku, v3_ns_ia5_list[],v3_alt[];
int X509V3_EXT_add_list(extlist)
X509V3_EXT_METHOD *extlist;
int X509V3_add_standard_extensions()
{
X509V3_EXT_add_list(v3_ns_ia5_list);
+ X509V3_EXT_add_list(v3_alt);
X509V3_EXT_add(&v3_bcons);
X509V3_EXT_add(&v3_nscert);
X509V3_EXT_add(&v3_key_usage);
ASN1_INTEGER *pathlen;
} BASIC_CONSTRAINTS;
+typedef struct {
+
+#define GEN_OTHERNAME (0|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_EMAIL (1|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_DNS (2|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_X400 (3|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_DIRNAME (4|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_EDIPARTY (5|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_URI (6|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_IPADD (7|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_RID (8|V_ASN1_CONTEXT_SPECIFIC)
+
+int type;
+union {
+ char *ptr;
+ ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
+ ASN1_OCTET_STRING *ip; /* iPAddress */
+ X509_NAME *dirn; /* dirn */
+ ASN1_OBJECT *rid; /* registeredID */
+ ASN1_TYPE *other; /* otherName, ediPartyName, x400Address */
+} d;
+} GENERAL_NAME;
+
+
+
+
#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
",name:", val->name, ",value:", val->value);
BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
+int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp);
+GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp, long length);
+GENERAL_NAME *GENERAL_NAME_new(void);
+void GENERAL_NAME_free(GENERAL_NAME *a);
+
+STACK *GENERAL_NAMES_new(void);
+void GENERAL_NAMES_free(STACK *a);
+STACK *d2i_GENERAL_NAMES(STACK **a, unsigned char **pp, long length);
+int i2d_GENERAL_NAMES(STACK *a, unsigned char **pp);
+
+
+
int i2d_ext_ku(STACK *a, unsigned char **pp);
STACK *d2i_ext_ku(STACK **a, unsigned char **pp, long length);
void ext_ku_free(STACK *a);
BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new();
void BASIC_CONSTRAINTS_free();
+int i2d_GENERAL_NAME();
+GENERAL_NAME *d2i_GENERAL_NAME();
+GENERAL_NAME *GENERAL_NAME_new();
+void GENERAL_NAME_free();
+
+STACK *GENERAL_NAMES_new():
+void GENERAL_NAMES_free():
+STACK *d2i_GENERAL_NAMES();
+int i2d_GENERAL_NAMES();
+
int i2d_ext_ku();
STACK *d2i_ext_ku();
void ext_ku_free();