Changes between 0.9.1c and 0.9.2
+ *) Takes a deep breath and start addding X509 V3 extension support code. Add
+ files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
+ stuff is currently isolated and isn't even compiled yet.
+ [Steve Henson]
+
*) Continuing patches for GeneralizedTime. Fix up certificate and CRL
ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
Removed the versions check from X509 routines when loading extensions:
--- /dev/null
+#
+# SSLeay/crypto/x509v3/Makefile
+#
+
+DIR= x509v3
+TOP= ../..
+CC= cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE= make -f Makefile.ssl
+MAKEDEPEND= $(TOP)/util/domd $(TOP)
+MAKEFILE= Makefile.ssl
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=x509v3
+ERRC=v3err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= v3_bcons.c v3_bitstr.c v3_conf.c v3_extku.c v3_ia5.c \
+v3_lib.c v3_prn.c v3_utl.c v3err.c
+LIBOBJ= v3_bcons.o v3_bitstr.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
+v3_prn.o v3_utl.o v3err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509v3.h
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ $(AR) $(LIB) $(LIBOBJ)
+ sh $(TOP)/util/ranlib.sh $(LIB)
+ @touch lib
+
+files:
+ perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+ /bin/rm -f Makefile
+ $(TOP)/util/point.sh Makefile.ssl Makefile ;
+ $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+ $(TOP)/util/mklink.sh ../../test $(TEST)
+ $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+ @for i in $(EXHEADER) ; \
+ do \
+ (cp $$i $(INSTALLTOP)/include/$$i; \
+ chmod 644 $(INSTALLTOP)/include/$$i ); \
+ done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+ perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors: $(ERRC).c
+
+$(ERRC).c: $(ERR).err
+ perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+ perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
--- /dev/null
+WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+
+This is ***VERY*** new experimental code and is likely to change
+considerably or vanish altogether.
+++ /dev/null
-AuthorityKeyIdentifier
- {
- keyIdentifier [0] OCTET_STRING OPTIONAL
- authorityCertIssuer [1] GeneralNames OPTIONAL
- authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
- }
-
-SubjectKeyIdentifier OCTET_STRING
-
-KeyUsage
- {
- BIT_STRING
- digitalSignature 0
- nonRepudiation 1
- keyEncipherment 2
- dataEncipherment 3
- keyAgreement 4
- keyCertSign 5
- cRLSign 6
- encipherOnly 7
- decipherOnly 8
- }
-
-extKeyUsage
- {
- SEQUENCE of OBJECT_IDENTIFIER
- }
-
-privateKeyUsagePeriod
- {
- notBefore [0] GeneralizedTime OPTIONAL
- notAfter [1] GeneralizedTime OPTIONAL
- }
-
-certificatePoliciesSyntax
- SEQUENCE of PoliciesInformation
-
-PoliciesInformation XXX
-policyMappings XXX
-supportedAlgorithms XXX
-
-subjectAltName
- GeneralNames sequence of GeneralName
-
-GeneralName
- {
- otherName [0] INSTANCE OF OTHER-NAME
- rfc882Name [1] IA5String
- dNSName [2] IA5String
- x400Address [3] ORAddress
- directoryName [4] Name
- ediPartyName [5]
- {
- nameAssigner [0] DirectoryString OPTIONAL
- partyName [1] DirectoryString
- }
- uniformResourceIdentifier [6] IA5String
- iPAddress [7] OCTET_STRING
- registeredID [8] OBJECT_IDENTIFIER
- }
-
-issuerAltName
- GeneralNames sequence of GeneralName
-
-subjectDirectoryAttribute SEQUENCE of Attribute
-
-basicConstraints
- {
- cA BOOLEAN default FALSE
- pathLenConstraint INTEGER OPTIONAL
- }
-
-nameConstraints
- {
- permittedSubtrees [0] sequence of GeneralSubtree OPTIONAL
- excludedSubtrees [1] sequence of GeneralSubtree OPTIONAL
- }
-
-GeneralSubtree
- {
- base GeneralName
- minimum [0] BaseDistance DEFAULT 0
- maximum [1] BaseDistance OPTIONAL
- }
-
-PolicyConstraints
- {
- requiredExplicitPolicy [0] SkipCerts OPTIONAL
- inhibitPolicyMapping [1] SkipCerts OPTIONAL
- }
-SkipCerts == INTEGER
-
+++ /dev/null
-int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size)
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
-int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp)
-ASN1_INTEGER * d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,long length)
-
-
--- /dev/null
+AuthorityKeyIdentifier
+ {
+ keyIdentifier [0] OCTET_STRING OPTIONAL
+ authorityCertIssuer [1] GeneralNames OPTIONAL
+ authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
+ }
+
+SubjectKeyIdentifier OCTET_STRING
+
+KeyUsage
+ {
+ BIT_STRING
+ digitalSignature 0
+ nonRepudiation 1
+ keyEncipherment 2
+ dataEncipherment 3
+ keyAgreement 4
+ keyCertSign 5
+ cRLSign 6
+ encipherOnly 7
+ decipherOnly 8
+ }
+
+extKeyUsage
+ {
+ SEQUENCE of OBJECT_IDENTIFIER
+ }
+
+privateKeyUsagePeriod
+ {
+ notBefore [0] GeneralizedTime OPTIONAL
+ notAfter [1] GeneralizedTime OPTIONAL
+ }
+
+certificatePoliciesSyntax
+ SEQUENCE of PoliciesInformation
+
+PoliciesInformation XXX
+policyMappings XXX
+supportedAlgorithms XXX
+
+subjectAltName
+ GeneralNames sequence of GeneralName
+
+GeneralName
+ {
+ otherName [0] INSTANCE OF OTHER-NAME
+ rfc882Name [1] IA5String
+ dNSName [2] IA5String
+ x400Address [3] ORAddress
+ directoryName [4] Name
+ ediPartyName [5]
+ {
+ nameAssigner [0] DirectoryString OPTIONAL
+ partyName [1] DirectoryString
+ }
+ uniformResourceIdentifier [6] IA5String
+ iPAddress [7] OCTET_STRING
+ registeredID [8] OBJECT_IDENTIFIER
+ }
+
+issuerAltName
+ GeneralNames sequence of GeneralName
+
+subjectDirectoryAttribute SEQUENCE of Attribute
+
+basicConstraints
+ {
+ cA BOOLEAN default FALSE
+ pathLenConstraint INTEGER OPTIONAL
+ }
+
+nameConstraints
+ {
+ permittedSubtrees [0] sequence of GeneralSubtree OPTIONAL
+ excludedSubtrees [1] sequence of GeneralSubtree OPTIONAL
+ }
+
+GeneralSubtree
+ {
+ base GeneralName
+ minimum [0] BaseDistance DEFAULT 0
+ maximum [1] BaseDistance OPTIONAL
+ }
+
+PolicyConstraints
+ {
+ requiredExplicitPolicy [0] SkipCerts OPTIONAL
+ inhibitPolicyMapping [1] SkipCerts OPTIONAL
+ }
+SkipCerts == INTEGER
+
--- /dev/null
+int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size)
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
+int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp)
+ASN1_INTEGER * d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,long length)
+
+
--- /dev/null
+/* crypto/x509v3/v3_ku.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "stack.h"
+#include "cryptlib.h"
+#include "bio.h"
+#include "asn1.h"
+#include "objects.h"
+#include "x509.h"
+
+X509_EXTENSION_METHOD X509v3_key_usage_method=
+ {
+ NID_key_usage,
+ ku_clear,
+ ex_get_bool,
+ ex_set_bool,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ ku_a2i,
+ ku_i2a,
+ };
+
+static void ku_clear(a)
+X509_EXTENSION *a;
+ {
+ }
+
+static int ku_expand(a)
+X509_EXTENSION *a;
+ {
+ ASN1_BIT_STRING *bs;
+
+ if (a->argp == NULL)
+ {
+ bs=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,value);
+ if (bs == NULL) return(0);
+ a->argp=(char *)bs;
+ a->ex_free=ASN1_STRING_free;
+ }
+ return(1);
+ }
+
+static int ku_get_bool(a,num)
+X509_EXTENSION *a;
+int num;
+ {
+ int ret;
+ ASN1_BIT_STRING *bs;
+
+ if ((a->argp == NULL) && !ku_expand(a))
+ return(-1);
+ bs=(ASN1_BIT_STRING *)a->argp;
+ ret=ASN1_BIT_STRING_get_bit(bs,num);
+ return(ret);
+ }
+
+static int ku_set_bool(a,num,value)
+X509_EXTENSION *a;
+int num;
+int value;
+ {
+ ASN1_BIT_STRING *a;
+
+ if ((a->argp == NULL) && !ku_expand(a))
+ return(0);
+ bs=(ASN1_BIT_STRING *)a->argp;
+ ret=ASN1_BIT_STRING_set_bit(bs,num,value);
+ }
+
+static int ku_a2i(bio,a,buf,len)
+BIO *bio;
+X509_EXTENSION *a;
+char *buf;
+int len;
+ {
+ get token
+ }
+
+static char ku_names[X509v3_N_KU_NUM]={
+ X509v3_S_KU_digitalSignature,
+ X509v3_S_KU_nonRepudiation,
+ X509v3_S_KU_keyEncipherment,
+ X509v3_S_KU_dataEncipherment,
+ X509v3_S_KU_keyAgreement,
+ X509v3_S_KU_keyCertSign,
+ X509v3_S_KU_cRLSign,
+ X509v3_S_KU_encipherOnly,
+ X509v3_S_KU_decipherOnly,
+ };
+
+static int ku_i2a(bio,a);
+BIO *bio;
+X509_EXTENSION *a;
+ {
+ int i,first=1;
+ char *c;
+
+ for (i=0; i<X509v3_N_KU_NUM; i++)
+ {
+ if (ku_get_bool(a,i) > 0)
+ {
+ BIO_printf(bio,"%s%s",((first)?"":" "),ku_names[i]);
+ first=0;
+ }
+ }
+ }
+
+/***********************/
+
+int X509v3_get_key_usage(x,ret)
+STACK *x;
+unsigned long *ret;
+ {
+ X509_EXTENSION *ext;
+ ASN1_STRING *st;
+ char *p;
+ int i;
+
+ i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+ if (i < 0) return(X509v3_KU_UNDEF);
+ ext=X509_get_ext(x,i);
+ st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,
+ X509_EXTENSION_get_data(X509_get_ext(x,i)));
+
+ p=ASN1_STRING_data(st);
+ if (ASN1_STRING_length(st) == 1)
+ i=p[0];
+ else if (ASN1_STRING_length(st) == 2)
+ i=p[0]|(p[1]<<8);
+ else
+ i=0;
+ return(i);
+ }
+
+static struct
+ {
+ char *name;
+ unsigned int value;
+ } key_usage_data[] ={
+ {"digitalSignature", X509v3_KU_DIGITAL_SIGNATURE},
+ {"nonRepudiation", X509v3_KU_NON_REPUDIATION},
+ {"keyEncipherment", X509v3_KU_KEY_ENCIPHERMENT},
+ {"dataEncipherment", X509v3_KU_DATA_ENCIPHERMENT},
+ {"keyAgreement", X509v3_KU_KEY_AGREEMENT},
+ {"keyCertSign", X509v3_KU_KEY_CERT_SIGN},
+ {"cRLSign", X509v3_KU_CRL_SIGN},
+ {"encipherOnly", X509v3_KU_ENCIPHER_ONLY},
+ {"decipherOnly", X509v3_KU_DECIPHER_ONLY},
+ {NULL,0},
+ };
+
+#if 0
+static int a2i_key_usage(x,str,len)
+X509 *x;
+char *str;
+int len;
+ {
+ return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str)));
+ }
+
+static int i2a_key_usage(bp,x)
+BIO *bp;
+X509 *x;
+ {
+ return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x)));
+ }
+#endif
+
+int i2a_X509v3_key_usage(bp,use)
+BIO *bp;
+unsigned int use;
+ {
+ int i=0,first=1;
+
+ for (;;)
+ {
+ if (use | key_usage_data[i].value)
+ {
+ BIO_printf(bp,"%s%s",((first)?"":" "),
+ key_usage_data[i].name);
+ first=0;
+ }
+ }
+ return(1);
+ }
+
+unsigned int a2i_X509v3_key_usage(p)
+char *p;
+ {
+ unsigned int ret=0;
+ char *q,*s;
+ int i,n;
+
+ q=p;
+ for (;;)
+ {
+ while ((*q != '\0') && isalnum(*q))
+ q++;
+ if (*q == '\0') break;
+ s=q++;
+ while (isalnum(*q))
+ q++;
+ n=q-s;
+ i=0;
+ for (;;)
+ {
+ if (strncmp(key_usage_data[i].name,s,n) == 0)
+ {
+ ret|=key_usage_data[i].value;
+ break;
+ }
+ i++;
+ if (key_usage_data[i].name == NULL)
+ return(X509v3_KU_UNDEF);
+ }
+ }
+ return(ret);
+ }
+
+int X509v3_set_key_usage(x,use)
+X509 *x;
+unsigned int use;
+ {
+ ASN1_OCTET_STRING *os;
+ X509_EXTENSION *ext;
+ int i;
+ unsigned char data[4];
+
+ i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+ if (i < 0)
+ {
+ i=X509_get_ext_count(x)+1;
+ if ((ext=X509_EXTENSION_new()) == NULL) return(0);
+ if (!X509_add_ext(x,ext,i))
+ {
+ X509_EXTENSION_free(ext);
+ return(0);
+ }
+ }
+ else
+ ext=X509_get_ext(x,i);
+
+ /* fill in 'ext' */
+ os=X509_EXTENSION_get_data(ext);
+
+ i=0;
+ if (use > 0)
+ {
+ i=1;
+ data[0]=use&0xff;
+ }
+ if (use > 0xff)
+ {
+ i=2;
+ data[1]=(use>>8)&0xff;
+ }
+ return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1);
+ }
+
--- /dev/null
+/* crypto/x509v3/x509v3.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#define X509v3_N_KU_digitalSignature 0
+#define X509v3_N_KU_nonRepudiation 1
+#define X509v3_N_KU_keyEncipherment 2
+#define X509v3_N_KU_dataEncipherment 3
+#define X509v3_N_KU_keyAgreement 4
+#define X509v3_N_KU_keyCertSign 5
+#define X509v3_N_KU_cRLSign 6
+#define X509v3_N_KU_encipherOnly 7
+#define X509v3_N_KU_decipherOnly 8
+#define X509v3_N_KU_NUM 9
+#define X509v3_S_KU_digitalSignature "digitalSignature"
+#define X509v3_S_KU_nonRepudiation "nonRepudiation"
+#define X509v3_S_KU_keyEncipherment "keyEncipherment"
+#define X509v3_S_KU_dataEncipherment "dataEncipherment"
+#define X509v3_S_KU_keyAgreement "keyAgreement"
+#define X509v3_S_KU_keyCertSign "keyCertSign"
+#define X509v3_S_KU_cRLSign "cRLSign"
+#define X509v3_S_KU_encipherOnly "encipherOnly"
+#define X509v3_S_KU_decipherOnly "decipherOnly"
+
+
+void X509_ex_clear(X509_EXTENSION *a);
+int X509_ex_get_bool(X509_EXTENSION *a,int num);
+int X509_ex_set_bool(X509_EXTENSION *a,int num,int value);
+int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len);
+int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len);
+char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p);
+int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p);
+int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len);
+int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a);
--- /dev/null
+/* v3_bcons.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static STACK *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons);
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *values);
+
+#else
+
+static STACK *i2v_BASIC_CONSTRAINTS();
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS();
+
+#endif
+
+X509V3_EXT_METHOD v3_bcons = {
+NID_basic_constraints, 0,
+(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new,
+BASIC_CONSTRAINTS_free,
+(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS,
+i2d_BASIC_CONSTRAINTS,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
+(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+NULL,
+NULL
+};
+
+
+/*
+ * ASN1err(ASN1_F_BASIC_CONSTRAINTS_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_BASIC_CONSTRAINTS,ERR_R_MALLOC_FAILURE);
+ */
+
+int i2d_BASIC_CONSTRAINTS(a,pp)
+BASIC_CONSTRAINTS *a;
+unsigned char **pp;
+{
+ M_ASN1_I2D_vars(a);
+ if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN);
+ M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER);
+
+ M_ASN1_I2D_seq_total();
+
+ if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN);
+ M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER);
+ M_ASN1_I2D_finish();
+}
+
+BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new()
+{
+ BASIC_CONSTRAINTS *ret=NULL;
+ ASN1_CTX c;
+ M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS);
+ ret->ca = 0;
+ ret->pathlen = NULL;
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW);
+}
+
+BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(a,pp,length)
+BASIC_CONSTRAINTS **a;
+unsigned char **pp;
+long length;
+{
+ M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new);
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) ==
+ (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) {
+ M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN);
+ }
+ M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
+ M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS);
+}
+
+void BASIC_CONSTRAINTS_free(a)
+BASIC_CONSTRAINTS *a;
+{
+ if (a == NULL) return;
+ ASN1_INTEGER_free (a->pathlen);
+ Free ((char *)a);
+}
+
+static STACK *i2v_BASIC_CONSTRAINTS(method, bcons)
+X509V3_EXT_METHOD *method;
+BASIC_CONSTRAINTS *bcons;
+{
+ STACK *extlist = NULL;
+ X509V3_add_value_bool("CA", bcons->ca, &extlist);
+ X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
+ return extlist;
+}
+
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(method, ctx, values)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK *values;
+{
+ BASIC_CONSTRAINTS *bcons=NULL;
+ CONF_VALUE *val;
+ int i;
+ if(!(bcons = BASIC_CONSTRAINTS_new())) {
+ X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ for(i = 0; i < sk_num(values); i++) {
+ val = (CONF_VALUE *)sk_value(values, i);
+ if(!strcmp(val->name, "CA")) {
+ if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
+ } else if(!strcmp(val->name, "pathlen")) {
+ if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
+ } else {
+ X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ }
+ return bcons;
+ err:
+ BASIC_CONSTRAINTS_free(bcons);
+ return NULL;
+}
+
--- /dev/null
+/* v3_bitstr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static ASN1_BIT_STRING *asn1_bit_string_new(void);
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
+static STACK *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits);
+#else
+static ASN1_BIT_STRING *asn1_bit_string_new();
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING();
+static STACK *i2v_ASN1_BIT_STRING();
+#endif
+
+static BIT_STRING_BITNAME ns_cert_type_table[] = {
+{0, "SSL Client", "client"},
+{1, "SSL Server", "server"},
+{2, "S/MIME", "email"},
+{3, "Object Signing", "objsign"},
+{4, "Unused", "reserved"},
+{5, "SSL CA", "sslCA"},
+{6, "S/MIME CA", "emailCA"},
+{7, "Object Signing CA", "objCA"},
+{-1, NULL, NULL}
+};
+
+static BIT_STRING_BITNAME key_usage_type_table[] = {
+{0, "Digital Signature", "digitalSignature"},
+{1, "Non Repudiation", "nonRepudiation"},
+{2, "Key Encipherment", "keyEncipherment"},
+{3, "Data Encipherment", "dataEncipherment"},
+{4, "Key Agreement", "keyAgreement"},
+{5, "Certificate Sign", "keyCertSign"},
+{6, "CRL Sign", "cRLCertSign"},
+{7, "Encipher Only", "encipherOnly"},
+{8, "Decipher Only", "decipherOnly"},
+{-1, NULL, NULL}
+};
+
+
+
+X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+
+static ASN1_BIT_STRING *asn1_bit_string_new()
+{
+ return ASN1_BIT_STRING_new();
+}
+
+static STACK *i2v_ASN1_BIT_STRING(method, bits)
+X509V3_EXT_METHOD *method;
+ASN1_BIT_STRING *bits;
+{
+ BIT_STRING_BITNAME *bnam;
+ STACK *ret = NULL;
+ for(bnam =(BIT_STRING_BITNAME *)method->usr_data; bnam->lname; bnam++) {
+ if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
+ X509V3_add_value(bnam->lname, NULL, &ret);
+ }
+ return ret;
+}
+
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(method, ctx, nval)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK *nval;
+{
+ CONF_VALUE *val;
+ ASN1_BIT_STRING *bs;
+ int i;
+ BIT_STRING_BITNAME *bnam;
+ if(!(bs = ASN1_BIT_STRING_new())) {
+ X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ for(i = 0; i < sk_num(nval); i++) {
+ val = (CONF_VALUE *)sk_value(nval, i);
+ for(bnam = (BIT_STRING_BITNAME *)method->usr_data; bnam->lname;
+ bnam++) {
+ if(!strcmp(bnam->sname, val->name) ||
+ !strcmp(bnam->lname, val->name) ) {
+ ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1);
+ break;
+ }
+ }
+ if(!bnam->lname) {
+ X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+ X509V3_conf_err(val);
+ ASN1_BIT_STRING_free(bs);
+ return NULL;
+ }
+ }
+ return bs;
+}
+
+
--- /dev/null
+/* v3_conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* config file utilities */
+
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <pem.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+X509_EXTENSION *X509V3_EXT_conf(conf, ctx, name, value)
+LHASH *conf; /* Config file */
+X509V3_CTX *ctx;
+char *name; /* Name */
+char *value; /* Value */
+{
+ return X509V3_EXT_conf_nid(conf, ctx, OBJ_sn2nid(name), value);
+}
+
+
+X509_EXTENSION *X509V3_EXT_conf_nid(conf, ctx, ext_nid, value)
+LHASH *conf; /* Config file */
+X509V3_CTX *ctx;
+int ext_nid;
+char *value; /* Value */
+{
+ X509_EXTENSION *ext = NULL;
+ X509V3_EXT_METHOD *method;
+ STACK *nval;
+ char *ext_struc;
+ char *ext_der, *p;
+ int ext_len;
+ int crit = 0;
+ ASN1_OCTET_STRING *ext_oct;
+ if(ext_nid == NID_undef) return NULL;
+ if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+ /* Add generic extension support here */
+ return NULL;
+ }
+ /* Check for critical */
+ if((strlen(value) >= 9) && !strncmp(value, "critical,", 9)) {
+ crit = 1;
+ value+=9;
+ }
+ /* Skip over spaces */
+ while(isspace(*value)) value++;
+ /* Now get internal extension representation based on type */
+ if(method->v2i) {
+ if(*value == '@') nval = CONF_get_section(conf, value + 1);
+ else nval = X509V3_parse_list(value);
+ if(!nval) {
+ X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
+ ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
+ return NULL;
+ }
+ ext_struc = method->v2i(method, ctx, nval);
+ if(*value != '@') sk_pop_free(nval, X509V3_conf_free);
+ if(!ext_struc) return NULL;
+ } else if(method->s2i) {
+ if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
+ } else {
+ X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+ ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
+ return NULL;
+ }
+
+ /* We've now got the internal representation: convert to DER */
+ ext_len = method->i2d(ext_struc, NULL);
+ ext_der = Malloc(ext_len);
+ p = ext_der;
+ method->i2d(ext_struc, &p);
+ method->ext_free(ext_struc);
+ ext_oct = ASN1_OCTET_STRING_new();
+ ext_oct->data = ext_der;
+ ext_oct->length = ext_len;
+
+ ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+ ASN1_OCTET_STRING_free(ext_oct);
+
+ return ext;
+
+}
+
+/* This is the main function: add a bunch of extensions based on a config file
+ * section
+ */
+
+int X509V3_EXT_add_conf(conf, ctx, section, cert)
+LHASH *conf;
+X509V3_CTX *ctx;
+char *section;
+X509 *cert;
+{
+ X509_EXTENSION *ext;
+ STACK *nval;
+ CONF_VALUE *val;
+ int i;
+ if(!(nval = CONF_get_section(conf, section))) return 0;
+ for(i = 0; i < sk_num(nval); i++) {
+ val = (CONF_VALUE *)sk_value(nval, i);
+ if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+ return 0;
+ if(cert) X509_add_ext(cert, ext, -1);
+ X509_EXTENSION_free(ext);
+ }
+ return 1;
+}
+
--- /dev/null
+/* v3_extku.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static STACK *v2i_ext_ku(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
+static STACK *i2v_ext_ku(X509V3_EXT_METHOD *method, STACK *eku);
+#else
+static STACK *v2i_ext_ku();
+static STACK *i2v_ext_ku();
+#endif
+
+X509V3_EXT_METHOD v3_ext_ku = {
+NID_ext_key_usage, 0,
+(X509V3_EXT_NEW)ext_ku_new,
+ext_ku_free,
+(X509V3_EXT_D2I)d2i_ext_ku,
+i2d_ext_ku,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_ext_ku,
+(X509V3_EXT_V2I)v2i_ext_ku,
+NULL,
+NULL
+};
+
+STACK *ext_ku_new()
+{
+ return sk_new_null();
+}
+
+void ext_ku_free(eku)
+STACK *eku;
+{
+ sk_pop_free(eku, ASN1_OBJECT_free);
+ return;
+}
+
+int i2d_ext_ku(a,pp)
+STACK *a;
+unsigned char **pp;
+{
+ return i2d_ASN1_SET(a, pp, i2d_ASN1_OBJECT, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE);
+}
+
+STACK *d2i_ext_ku(a,pp,length)
+STACK **a;
+unsigned char **pp;
+long length;
+{
+ return d2i_ASN1_SET(a, pp, length, (char *(*)())(d2i_ASN1_OBJECT),
+ ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+
+
+static STACK *i2v_ext_ku(method, eku)
+X509V3_EXT_METHOD *method;
+STACK *eku;
+{
+int i;
+ASN1_OBJECT *obj;
+char obj_tmp[80];
+STACK *ext_list = NULL;
+for(i = 0; i < sk_num(eku); i++) {
+ obj = (ASN1_OBJECT *)sk_value(eku, i);
+ i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+ X509V3_add_value(NULL, obj_tmp, &ext_list);
+}
+return ext_list;
+}
+
+static STACK *v2i_ext_ku(method, ctx, nval)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK *nval;
+{
+STACK *extku;
+char *extval;
+ASN1_OBJECT *objtmp;
+CONF_VALUE *val;
+int i;
+
+if(!(extku = sk_new(NULL))) {
+ X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
+ return NULL;
+}
+
+for(i = 0; i < sk_num(nval); i++) {
+ val = (CONF_VALUE *)sk_value(nval, i);
+ if(val->value) extval = val->value;
+ else extval = val->name;
+ if(!(objtmp = OBJ_txt2obj(extval, 0))) {
+ sk_pop_free(extku, ASN1_OBJECT_free);
+ X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+ X509V3_conf_err(val);
+ return NULL;
+ }
+ sk_push(extku, (char *)objtmp);
+}
+return extku;
+}
--- /dev/null
+/* v3_ia5.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static ASN1_IA5STRING *ia5string_new(void);
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+#else
+static ASN1_IA5STRING *ia5string_new();
+static char *i2s_ASN1_IA5STRING();
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING();
+#endif
+
+X509V3_EXT_METHOD v3_ns_ia5_list[] = {
+EXT_IA5STRING(NID_netscape_base_url),
+EXT_IA5STRING(NID_netscape_revocation_url),
+EXT_IA5STRING(NID_netscape_ca_revocation_url),
+EXT_IA5STRING(NID_netscape_renewal_url),
+EXT_IA5STRING(NID_netscape_ca_policy_url),
+EXT_IA5STRING(NID_netscape_ssl_server_name),
+EXT_IA5STRING(NID_netscape_comment),
+EXT_END
+};
+
+
+static ASN1_IA5STRING *ia5string_new(void)
+{
+ return ASN1_IA5STRING_new();
+}
+
+static char *i2s_ASN1_IA5STRING(method, ia5)
+X509V3_EXT_METHOD *method;
+ASN1_IA5STRING *ia5;
+{
+ char *tmp;
+ if(!ia5 || !ia5->length) return NULL;
+ tmp = Malloc(ia5->length + 1);
+ memcpy(tmp, ia5->data, ia5->length);
+ tmp[ia5->length] = 0;
+ return tmp;
+}
+
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(method, ctx, str)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+char *str;
+{
+ ASN1_IA5STRING *ia5;
+ if(!str) {
+ X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
+ return NULL;
+ }
+ if(!(ia5 = ASN1_IA5STRING_new())) goto err;
+ if(!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) {
+ ASN1_IA5STRING_free(ia5);
+ goto err;
+ }
+ return ia5;
+ err:
+ X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
+ return NULL;
+}
+
--- /dev/null
+/* v3_lib.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdlib.h>
+#include <pem.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+static STACK *ext_list = NULL;
+
+static ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b);
+static void ext_list_free(X509V3_EXT_METHOD *ext);
+
+int X509V3_EXT_add(ext)
+X509V3_EXT_METHOD *ext;
+{
+ if(!ext_list && !(ext_list = sk_new(ext_cmp))) {
+ X509V3err(X509V3_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!sk_push(ext_list, (char *)ext)) {
+ X509V3err(X509V3_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ return 1;
+}
+
+static int ext_cmp(a, b)
+X509V3_EXT_METHOD **a, **b;
+{
+ return ((*a)->ext_nid - (*b)->ext_nid);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(nid)
+int nid;
+{
+ X509V3_EXT_METHOD tmp;
+ int idx;
+ tmp.ext_nid = nid;
+ if(!ext_list || (tmp.ext_nid < 0) ) return NULL;
+ idx = sk_find(ext_list, (char *)&tmp);
+ if(idx == -1) return NULL;
+ return (X509V3_EXT_METHOD *)sk_value(ext_list, idx);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get(ext)
+X509_EXTENSION *ext;
+{
+ int nid;
+ if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
+ return X509V3_EXT_get_nid(nid);
+}
+
+extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku, v3_ns_ia5_list[];
+
+int X509V3_EXT_add_list(extlist)
+X509V3_EXT_METHOD *extlist;
+{
+ for(;extlist->ext_nid!=-1;extlist++)
+ if(!X509V3_EXT_add(extlist)) return 0;
+ return 1;
+}
+
+int X509V3_EXT_add_alias(nid_to, nid_from)
+int nid_to, nid_from;
+{
+ X509V3_EXT_METHOD *ext, *tmpext;
+ if(!(ext = X509V3_EXT_get_nid(nid_from))) {
+ X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
+ return 0;
+ }
+ if(!(tmpext = (X509V3_EXT_METHOD *)Malloc(sizeof(X509V3_EXT_METHOD)))) {
+ X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ *tmpext = *ext;
+ tmpext->ext_nid = nid_to;
+ tmpext->ext_flags = X509V3_EXT_DYNAMIC;
+ return 1;
+}
+
+void X509V3_EXT_cleanup()
+{
+ sk_pop_free(ext_list, ext_list_free);
+}
+
+static void ext_list_free(ext)
+X509V3_EXT_METHOD *ext;
+{
+ if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext);
+}
+
+int X509V3_add_standard_extensions()
+{
+ X509V3_EXT_add_list(v3_ns_ia5_list);
+ X509V3_EXT_add(&v3_bcons);
+ X509V3_EXT_add(&v3_nscert);
+ X509V3_EXT_add(&v3_key_usage);
+ X509V3_EXT_add(&v3_ext_ku);
+ return 1;
+}
--- /dev/null
+/* v3_prn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdlib.h>
+#include <pem.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+/* Extension printing routines */
+
+/* Print out a name+value stack */
+
+void X509V3_EXT_val_prn(out, val)
+BIO *out;
+STACK *val;
+{
+ int i;
+ CONF_VALUE *nval;
+ if(!val) return;
+ for(i = 0; i < sk_num(val); i++) {
+ if(i > 0) BIO_printf(out, ", ");
+ nval = (CONF_VALUE *)sk_value(val, i);
+ if(!nval->name) BIO_printf(out, "%s", nval->value);
+ else if(!nval->value) BIO_printf(out, "%s", nval->name);
+ else BIO_printf(out, "%s:%s", nval->name, nval->value);
+ }
+}
+
+/* Main routine: print out a general extension */
+
+int X509V3_EXT_print(out, ext, flag)
+BIO *out;
+X509_EXTENSION *ext;
+int flag;
+{
+ char *ext_str = NULL, *p, *value = NULL;
+ X509V3_EXT_METHOD *method;
+ STACK *nval = NULL;
+ int ok = 1;
+ if(!(method = X509V3_EXT_get(ext))) return 0;
+ p = ext->value->data;
+ if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0;
+ if(method->i2s) {
+ if(!(value = method->i2s(method, ext_str))) {
+ ok = 0;
+ goto err;
+ }
+ BIO_printf(out, value);
+ } else if(method->i2v) {
+ if(!(nval = method->i2v(method, ext_str))) {
+ ok = 0;
+ goto err;
+ }
+ X509V3_EXT_val_prn(out, nval);
+ } else if(method->i2r) {
+ if(!method->i2r(method, ext_str, out)) ok = 0;
+ } else ok = 0;
+
+ err:
+ sk_pop_free(nval, X509V3_conf_free);
+ if(value) Free(value);
+ method->ext_free(ext_str);
+ return ok;
+}
+
+int X509V3_EXT_print_fp(fp, ext, flag)
+FILE *fp;
+X509_EXTENSION *ext;
+int flag;
+{
+ BIO *bio_tmp;
+ int ret;
+ if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
+ ret = X509V3_EXT_print(bio_tmp, ext, flag);
+ BIO_free(bio_tmp);
+ return ret;
+}
--- /dev/null
+/* v3_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdlib.h>
+#include <ctype.h>
+#include <pem.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+static char * str_dup(char *str);
+static char *strip_spaces(char *name);
+
+static char *str_dup(str)
+char *str;
+{
+ char *tmp;
+ if(!(tmp = Malloc(strlen(str) + 1))) return NULL;
+ strcpy(tmp, str);
+ return tmp;
+}
+
+/* Add a CONF_VALUE name value pair to stack */
+
+int X509V3_add_value(name, value, extlist)
+char *name;
+char *value;
+STACK **extlist;
+{
+ CONF_VALUE *vtmp = NULL;
+ char *tname = NULL, *tvalue = NULL;
+ if(name && !(tname = str_dup(name))) goto err;
+ if(value && !(tvalue = str_dup(value))) goto err;;
+ if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err;
+ if(!*extlist && !(*extlist = sk_new(NULL))) goto err;
+ vtmp->section = NULL;
+ vtmp->name = tname;
+ vtmp->value = tvalue;
+ if(!sk_push(*extlist, (char *)vtmp)) goto err;
+ return 1;
+ err:
+ X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
+ if(vtmp) Free(vtmp);
+ if(tname) Free(tname);
+ if(tvalue) Free(tvalue);
+ return 0;
+}
+
+/* Free function for STACK of CONF_VALUE */
+
+void X509V3_conf_free(conf)
+CONF_VALUE *conf;
+{
+ if(!conf) return;
+ if(conf->name) Free(conf->name);
+ if(conf->value) Free(conf->value);
+ if(conf->section) Free(conf->section);
+ Free((char *)conf);
+}
+
+int X509V3_add_value_bool(name, asn1_bool, extlist)
+char *name;
+int asn1_bool;
+STACK **extlist;
+{
+ if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+ return X509V3_add_value(name, "FALSE", extlist);
+}
+
+int X509V3_add_value_bool_nf(name, asn1_bool, extlist)
+char *name;
+int asn1_bool;
+STACK **extlist;
+{
+ if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+ return 1;
+}
+
+int X509V3_add_value_int(name, aint, extlist)
+char *name;
+ASN1_INTEGER *aint;
+STACK **extlist;
+{
+ BIGNUM *bntmp;
+ char *strtmp;
+ int ret;
+ if(!aint) return 1;
+ bntmp = ASN1_INTEGER_to_BN(aint, NULL);
+ strtmp = BN_bn2dec(bntmp);
+ ret = X509V3_add_value(name, strtmp, extlist);
+ BN_free(bntmp);
+ Free(strtmp);
+ return ret;
+}
+
+int X509V3_get_value_bool(value, asn1_bool)
+CONF_VALUE *value;
+int *asn1_bool;
+{
+ char *btmp;
+ if(!(btmp = value->value)) goto err;
+ if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
+ || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
+ || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
+ *asn1_bool = 0xff;
+ return 1;
+ } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
+ || !strcmp(btmp, "N") || !strcmp(btmp, "n")
+ || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
+ *asn1_bool = 0;
+ return 1;
+ }
+ err:
+ X509V3err(X509V3_F_X509V3_VALUE_GET_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
+ X509V3_conf_err(value);
+ return 0;
+}
+
+int X509V3_get_value_int(value, aint)
+CONF_VALUE *value;
+ASN1_INTEGER **aint;
+{
+ BIGNUM *bn = NULL;
+ bn = BN_new();
+ if(!value->value) {
+ X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_INVALID_NULL_VALUE);
+ X509V3_conf_err(value);
+ return 0;
+ }
+ if(!BN_dec2bn(&bn, value->value)) {
+ X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_BN_DEC2BN_ERROR);
+ X509V3_conf_err(value);
+ return 0;
+ }
+
+ if(!(*aint = BN_to_ASN1_INTEGER(bn, NULL))) {
+ X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+ X509V3_conf_err(value);
+ return 0;
+ }
+ BN_free(bn);
+ return 1;
+}
+
+#define HDR_NAME 1
+#define HDR_VALUE 2
+
+/*#define DEBUG*/
+
+STACK *X509V3_parse_list(line)
+char *line;
+{
+ char *p, *q, c;
+ char *ntmp, *vtmp;
+ STACK *values = NULL;
+ char *linebuf;
+ int state;
+ /* We are going to modify the line so copy it first */
+ linebuf = str_dup(line);
+ state = HDR_NAME;
+ ntmp = NULL;
+ /* Go through all characters */
+ for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+ switch(state) {
+ case HDR_NAME:
+ if(c == ':') {
+ state = HDR_VALUE;
+ *p = 0;
+ ntmp = strip_spaces(q);
+ if(!ntmp) {
+ X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+ goto err;
+ }
+ q = p + 1;
+ } else if(c == ',') {
+ *p = 0;
+ ntmp = strip_spaces(q);
+ q = p + 1;
+#ifdef DEBUG
+ printf("%s\n", ntmp);
+#endif
+ if(!ntmp) {
+ X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+ goto err;
+ }
+ X509V3_add_value(ntmp, NULL, &values);
+ }
+ break ;
+
+ case HDR_VALUE:
+ if(c == ',') {
+ state = HDR_NAME;
+ *p = 0;
+ vtmp = strip_spaces(q);
+#ifdef DEBUG
+ printf("%s\n", ntmp);
+#endif
+ if(!vtmp) {
+ X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+ goto err;
+ }
+ X509V3_add_value(ntmp, vtmp, &values);
+ ntmp = NULL;
+ q = p + 1;
+ }
+
+ }
+ }
+
+ if(state == HDR_VALUE) {
+ vtmp = strip_spaces(q);
+#ifdef DEBUG
+ printf("%s=%s\n", ntmp, vtmp);
+#endif
+ if(!vtmp) {
+ X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+ goto err;
+ }
+ X509V3_add_value(ntmp, vtmp, &values);
+ } else {
+ ntmp = strip_spaces(q);
+#ifdef DEBUG
+ printf("%s\n", ntmp);
+#endif
+ if(!ntmp) {
+ X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+ goto err;
+ }
+ X509V3_add_value(ntmp, NULL, &values);
+ }
+Free(linebuf);
+return values;
+
+err:
+Free(linebuf);
+sk_pop_free(values, X509V3_conf_free);
+return NULL;
+
+}
+
+/* Delete leading and trailing spaces from a string */
+static char *strip_spaces(name)
+char *name;
+{
+ char *p, *q;
+ /* Skip over leading spaces */
+ p = name;
+ while(*p && isspace(*p)) p++;
+ if(!*p) return NULL;
+ q = p + strlen(p) - 1;
+ while((q != p) && isspace(*q)) q--;
+ if(p != q) q[1] = 0;
+ if(!*p) return NULL;
+ return p;
+}
--- /dev/null
+/* v3conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <pem.h>
+#include <objects.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+/* Test application to add extensions from a config file */
+
+int main(argc, argv)
+int argc;
+char **argv;
+{
+ LHASH *conf;
+ X509 *cert;
+ FILE *inf;
+ char *conf_file;
+ int i;
+ int count;
+ X509_EXTENSION *ext;
+ X509V3_add_standard_extensions();
+ ERR_load_crypto_strings();
+ if(!argv[1]) {
+ fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
+ exit(1);
+ }
+ conf_file = argv[2];
+ if(!conf_file) conf_file = "test.cnf";
+ conf = CONF_load(NULL, "test.cnf", NULL);
+ if(!conf) {
+ fprintf(stderr, "Error opening Config file %s\n", conf_file);
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+
+ inf = fopen(argv[1], "r");
+ if(!inf) {
+ fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
+ exit(1);
+ }
+ cert = PEM_read_X509(inf, NULL, NULL);
+ if(!cert) {
+ fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
+ exit(1);
+ }
+ fclose(inf);
+
+ sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
+ cert->cert_info->extensions = NULL;
+
+ if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
+ fprintf(stderr, "Error adding extensions\n");
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+
+ count = X509_get_ext_count(cert);
+ printf("%d extensions\n", count);
+ for(i = 0; i < count; i++) {
+ ext = X509_get_ext(cert, i);
+ printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+ if(ext->critical) printf(",critical:\n");
+ else printf(":\n");
+ X509V3_EXT_print_fp(stdout, ext, 0);
+ printf("\n");
+
+ }
+ return 0;
+}
+
--- /dev/null
+/* lib/x509v3/x509v3_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "x509v3.h"
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA X509V3_str_functs[]=
+ {
+{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"},
+{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"},
+{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"},
+{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_EXT,0), "X509V3_ADD_EXT"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"},
+{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_INT,0), "X509V3_get_value_int"},
+{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
+{ERR_PACK(0,X509V3_F_X509V3_VALUE_GET_BOOL,0), "X509V3_VALUE_GET_BOOL"},
+{0,NULL},
+ };
+
+static ERR_STRING_DATA X509V3_str_reasons[]=
+ {
+{X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"},
+{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"},
+{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"},
+{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
+{X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"},
+{X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"},
+{X509V3_R_INVALID_NAME ,"invalid name"},
+{X509V3_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
+{X509V3_R_INVALID_NULL_NAME ,"invalid null name"},
+{X509V3_R_INVALID_NULL_VALUE ,"invalid null value"},
+{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"},
+{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"},
+{0,NULL},
+ };
+
+#endif
+
+void ERR_load_X509V3_strings()
+ {
+ static int init=1;
+
+ if (init)
+ {
+ init=0;
+#ifndef NO_ERR
+ ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
+ ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
+#endif
+
+ }
+ }
--- /dev/null
+/* v3prin.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <pem.h>
+#include <objects.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+int main(argc, argv)
+int argc;
+char **argv;
+{
+ X509 *cert;
+ FILE *inf;
+ int i, count;
+ X509_EXTENSION *ext;
+ X509V3_add_standard_extensions();
+ if(!argv[1]) {
+ fprintf(stderr, "Usage v3prin cert.pem\n");
+ exit(1);
+ }
+ if(!(inf = fopen(argv[1], "r"))) {
+ fprintf(stderr, "Can't open %s\n", argv[1]);
+ exit(1);
+ }
+ if(!(cert = PEM_read_X509(inf, NULL, NULL))) {
+ fprintf(stderr, "Can't read certificate %s\n", argv[1]);
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+ fclose(inf);
+ count = X509_get_ext_count(cert);
+ printf("%d extensions\n", count);
+ for(i = 0; i < count; i++) {
+ ext = X509_get_ext(cert, i);
+ printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+ X509V3_EXT_print_fp(stdout, ext, 0);
+ printf("\n");
+
+ }
+ return 0;
+}
-/* crypto/x509v3/x509v3.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* x509v3.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
* 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
*/
-#define X509v3_N_KU_digitalSignature 0
-#define X509v3_N_KU_nonRepudiation 1
-#define X509v3_N_KU_keyEncipherment 2
-#define X509v3_N_KU_dataEncipherment 3
-#define X509v3_N_KU_keyAgreement 4
-#define X509v3_N_KU_keyCertSign 5
-#define X509v3_N_KU_cRLSign 6
-#define X509v3_N_KU_encipherOnly 7
-#define X509v3_N_KU_decipherOnly 8
-#define X509v3_N_KU_NUM 9
-#define X509v3_S_KU_digitalSignature "digitalSignature"
-#define X509v3_S_KU_nonRepudiation "nonRepudiation"
-#define X509v3_S_KU_keyEncipherment "keyEncipherment"
-#define X509v3_S_KU_dataEncipherment "dataEncipherment"
-#define X509v3_S_KU_keyAgreement "keyAgreement"
-#define X509v3_S_KU_keyCertSign "keyCertSign"
-#define X509v3_S_KU_cRLSign "cRLSign"
-#define X509v3_S_KU_encipherOnly "encipherOnly"
-#define X509v3_S_KU_decipherOnly "decipherOnly"
-
-
-void X509_ex_clear(X509_EXTENSION *a);
-int X509_ex_get_bool(X509_EXTENSION *a,int num);
-int X509_ex_set_bool(X509_EXTENSION *a,int num,int value);
-int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len);
-int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len);
-char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p);
-int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p);
-int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len);
-int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a);
+#ifndef HEADER_X509V3_H
+#define HEADER_X509V3_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "bio.h"
+#include "x509.h"
+
+/* Forward reference */
+struct v3_ext_method;
+struct v3_ext_ctx;
+
+/* Useful typedefs */
+
+typedef char * (*X509V3_EXT_NEW)();
+typedef void (*X509V3_EXT_FREE)();
+typedef char * (*X509V3_EXT_D2I)();
+typedef int (*X509V3_EXT_I2D)();
+typedef STACK * (*X509V3_EXT_I2V)(struct v3_ext_method *method, char *ext);
+typedef char * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK *values);
+typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, char *ext);
+typedef char * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out);
+
+/* V3 extension structure */
+
+struct v3_ext_method {
+int ext_nid;
+int ext_flags;
+X509V3_EXT_NEW ext_new;
+X509V3_EXT_FREE ext_free;
+X509V3_EXT_D2I d2i;
+X509V3_EXT_I2D i2d;
+
+/* The following pair is used for string extensions */
+X509V3_EXT_I2S i2s;
+X509V3_EXT_S2I s2i;
+
+/* The following pair is used for multi-valued extensions */
+X509V3_EXT_I2V i2v;
+X509V3_EXT_V2I v2i;
+
+/* The following is used for raw extensions */
+X509V3_EXT_I2R i2r;
+
+char *usr_data; /* Any extension specific data */
+};
+
+/* Context specific info */
+struct v3_ctx_struct {
+X509 *issuer_cert;
+X509 *subject_cert;
+X509_REQ *subject_req;
+/* Maybe more here */
+};
+
+typedef struct v3_ext_method X509V3_EXT_METHOD;
+typedef struct v3_ext_ctx X509V3_CTX;
+
+/* ext_flags values */
+#define X509V3_EXT_DYNAMIC 0x1
+
+typedef struct {
+int bitnum;
+char *lname;
+char *sname;
+} BIT_STRING_BITNAME;
+
+typedef struct {
+int ca;
+ASN1_INTEGER *pathlen;
+} BASIC_CONSTRAINTS;
+
+#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
+",name:", val->name, ",value:", val->value);
+
+#define EXT_BITSTRING(nid, table) { nid, 0, \
+ (X509V3_EXT_NEW)asn1_bit_string_new, ASN1_STRING_free, \
+ (X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
+ i2d_ASN1_BIT_STRING, \
+ NULL, NULL, \
+ (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
+ (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
+ NULL, \
+ (char *)table}
+
+#define EXT_IA5STRING(nid) { nid, 0, \
+ (X509V3_EXT_NEW)ia5string_new, ASN1_STRING_free, \
+ (X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \
+ i2d_ASN1_IA5STRING, \
+ (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
+ (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
+ NULL, NULL, NULL, \
+ NULL}
+
+#define EXT_END { -1, 0, NULL, NULL, NULL, NULL, NULL, NULL, \
+ NULL, NULL, NULL, \
+ NULL}
+
+#ifndef NOPROTO
+void ERR_load_X509V3_strings(void);
+void ERR_X509V3_error(int function, int reason, char *file, int line);
+int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp);
+BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length);
+BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
+void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
+
+int i2d_ext_ku(STACK *a, unsigned char **pp);
+STACK *d2i_ext_ku(STACK **a, unsigned char **pp, long length);
+void ext_ku_free(STACK *a);
+STACK *ext_ku_new(void);
+
+#ifdef HEADER_CONF_H
+void X509V3_conf_free(CONF_VALUE *val);
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+#endif
+
+int X509V3_add_value(char *name, char *value, STACK **extlist);
+int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist);
+int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist);
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+void X509V3_EXT_cleanup(void);
+
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+int X509V3_add_standard_extensions(void);
+STACK *X509V3_parse_list(char *line);
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag);
+
+#else
+
+void ERR_load_X509V3_strings();
+void ERR_X509V3_error();
+int i2d_BASIC_CONSTRAINTS();
+BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS();
+BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new();
+void BASIC_CONSTRAINTS_free();
+
+int i2d_ext_ku();
+STACK *d2i_ext_ku();
+void ext_ku_free();
+STACK *ext_ku_new();
+
+#ifdef HEADER_CONF_H
+void X509V3_conf_free();
+X509_EXTENSION *X509V3_EXT_conf_nid();
+X509_EXTENSION *X509V3_EXT_conf();
+int X509V3_EXT_add_conf();
+int X509V3_get_value_bool();
+int X509V3_get_value_int();
+#endif
+
+int X509V3_add_value();
+int X509V3_add_value_bool();
+int X509V3_add_value_int();
+int X509V3_EXT_add();
+int X509V3_EXT_add_alias();
+void X509V3_EXT_cleanup();
+
+X509V3_EXT_METHOD *X509V3_EXT_get();
+X509V3_EXT_METHOD *X509V3_EXT_get_nid();
+int X509V3_add_standard_extensions();
+STACK *X509V3_parse_list();
+
+int X509V3_EXT_print();
+int X509V3_EXT_print_fp();
+#endif
+
+/* BEGIN ERROR CODES */
+/* Error codes for the X509V3 functions. */
+
+/* Function codes. */
+#define X509V3_F_S2I_ASN1_IA5STRING 100
+#define X509V3_F_V2I_ASN1_BIT_STRING 101
+#define X509V3_F_V2I_BASIC_CONSTRAINTS 102
+#define X509V3_F_V2I_EXT_KU 103
+#define X509V3_F_X509V3_ADD_EXT 104
+#define X509V3_F_X509V3_ADD_VALUE 105
+#define X509V3_F_X509V3_EXT_ADD_ALIAS 106
+#define X509V3_F_X509V3_EXT_CONF 107
+#define X509V3_F_X509V3_GET_VALUE_INT 108
+#define X509V3_F_X509V3_PARSE_LIST 109
+#define X509V3_F_X509V3_VALUE_GET_BOOL 110
+
+/* Reason codes. */
+#define X509V3_R_BN_DEC2BN_ERROR 100
+#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101
+#define X509V3_R_EXTENSION_NOT_FOUND 102
+#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103
+#define X509V3_R_INVALID_BOOLEAN_STRING 104
+#define X509V3_R_INVALID_EXTENSION_STRING 105
+#define X509V3_R_INVALID_NAME 106
+#define X509V3_R_INVALID_NULL_ARGUMENT 107
+#define X509V3_R_INVALID_NULL_NAME 108
+#define X509V3_R_INVALID_NULL_VALUE 109
+#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
+#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+