Initial addition of new X509 V3 files, tidy of old files.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 24 Jan 1999 00:50:01 +0000 (00:50 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 24 Jan 1999 00:50:01 +0000 (00:50 +0000)
21 files changed:
CHANGES
crypto/x509v3/Makefile.ssl [new file with mode: 0644]
crypto/x509v3/README [new file with mode: 0644]
crypto/x509v3/format [deleted file]
crypto/x509v3/header [deleted file]
crypto/x509v3/old-v3/format [new file with mode: 0644]
crypto/x509v3/old-v3/header [new file with mode: 0644]
crypto/x509v3/old-v3/v3_ku.c [new file with mode: 0644]
crypto/x509v3/old-v3/x509v3.h [new file with mode: 0644]
crypto/x509v3/v3_bcons.c [new file with mode: 0644]
crypto/x509v3/v3_bitstr.c [new file with mode: 0644]
crypto/x509v3/v3_conf.c [new file with mode: 0644]
crypto/x509v3/v3_extku.c [new file with mode: 0644]
crypto/x509v3/v3_ia5.c [new file with mode: 0644]
crypto/x509v3/v3_lib.c [new file with mode: 0644]
crypto/x509v3/v3_prn.c [new file with mode: 0644]
crypto/x509v3/v3_utl.c [new file with mode: 0644]
crypto/x509v3/v3conf.c [new file with mode: 0644]
crypto/x509v3/v3err.c [new file with mode: 0644]
crypto/x509v3/v3prin.c [new file with mode: 0644]
crypto/x509v3/x509v3.h

diff --git a/CHANGES b/CHANGES
index ec02d06569236fb4f06c55f71b3b2cfba1ea2459..07321a2596b8ef78e6e3976268b9ec4d980c9d25 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,11 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Takes a deep breath and start addding X509 V3 extension support code. Add
+     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
+     stuff is currently isolated and isn't even compiled yet.
+     [Steve Henson]
+
   *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
      ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
      Removed the versions check from X509 routines when loading extensions:
diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl
new file mode 100644 (file)
index 0000000..3cc99ea
--- /dev/null
@@ -0,0 +1,88 @@
+#
+# SSLeay/crypto/x509v3/Makefile
+#
+
+DIR=   x509v3
+TOP=   ../..
+CC=    cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALLTOP=/usr/local/ssl
+MAKE=          make -f Makefile.ssl
+MAKEDEPEND=    $(TOP)/util/domd $(TOP)
+MAKEFILE=      Makefile.ssl
+AR=            ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=x509v3
+ERRC=v3err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=        v3_bcons.c v3_bitstr.c v3_conf.c v3_extku.c v3_ia5.c \
+v3_lib.c v3_prn.c v3_utl.c v3err.c 
+LIBOBJ= v3_bcons.o v3_bitstr.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
+v3_prn.o v3_utl.o v3err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509v3.h
+HEADER=        $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+       (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:   lib
+
+lib:   $(LIBOBJ)
+       $(AR) $(LIB) $(LIBOBJ)
+       sh $(TOP)/util/ranlib.sh $(LIB)
+       @touch lib
+
+files:
+       perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+       /bin/rm -f Makefile
+       $(TOP)/util/point.sh Makefile.ssl Makefile ;
+       $(TOP)/util/mklink.sh ../../include $(EXHEADER)
+       $(TOP)/util/mklink.sh ../../test $(TEST)
+       $(TOP)/util/mklink.sh ../../apps $(APPS)
+
+install:
+       @for i in $(EXHEADER) ; \
+       do  \
+       (cp $$i $(INSTALLTOP)/include/$$i; \
+       chmod 644 $(INSTALLTOP)/include/$$i ); \
+       done;
+
+tags:
+       ctags $(SRC)
+
+tests:
+
+lint:
+       lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+       $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+       perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+       mv -f Makefile.new $(MAKEFILE)
+
+clean:
+       /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors: $(ERRC).c
+
+$(ERRC).c: $(ERR).err
+       perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
+       perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/x509v3/README b/crypto/x509v3/README
new file mode 100644 (file)
index 0000000..3b2cc04
--- /dev/null
@@ -0,0 +1,4 @@
+WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+
+This is ***VERY*** new experimental code and is likely to change
+considerably or vanish altogether.
diff --git a/crypto/x509v3/format b/crypto/x509v3/format
deleted file mode 100644 (file)
index 3307978..0000000
+++ /dev/null
@@ -1,92 +0,0 @@
-AuthorityKeyIdentifier
-       {
-       keyIdentifier           [0] OCTET_STRING        OPTIONAL
-       authorityCertIssuer     [1] GeneralNames        OPTIONAL
-       authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
-       }
-
-SubjectKeyIdentifier   OCTET_STRING
-
-KeyUsage
-       {
-       BIT_STRING
-               digitalSignature        0
-               nonRepudiation          1
-               keyEncipherment         2
-               dataEncipherment        3
-               keyAgreement            4
-               keyCertSign             5
-               cRLSign                 6
-               encipherOnly            7
-               decipherOnly            8
-       }
-
-extKeyUsage
-       {
-       SEQUENCE of OBJECT_IDENTIFIER
-       }
-
-privateKeyUsagePeriod
-       {
-       notBefore       [0]     GeneralizedTime OPTIONAL
-       notAfter        [1]     GeneralizedTime OPTIONAL
-       }
-
-certificatePoliciesSyntax
-       SEQUENCE of PoliciesInformation
-
-PoliciesInformation    XXX
-policyMappings         XXX
-supportedAlgorithms    XXX
-
-subjectAltName
-       GeneralNames sequence of GeneralName
-
-GeneralName
-       {
-       otherName       [0] INSTANCE OF OTHER-NAME
-       rfc882Name      [1] IA5String
-       dNSName         [2] IA5String
-       x400Address     [3] ORAddress
-       directoryName   [4] Name
-       ediPartyName    [5] 
-                               {
-                               nameAssigner    [0] DirectoryString OPTIONAL
-                               partyName       [1] DirectoryString
-                               }
-       uniformResourceIdentifier [6] IA5String
-       iPAddress       [7] OCTET_STRING
-       registeredID    [8] OBJECT_IDENTIFIER
-       }
-
-issuerAltName
-       GeneralNames sequence of GeneralName
-
-subjectDirectoryAttribute SEQUENCE of Attribute
-
-basicConstraints
-       {
-       cA                      BOOLEAN default FALSE
-       pathLenConstraint       INTEGER OPTIONAL
-       }
-
-nameConstraints
-       {
-       permittedSubtrees [0] sequence of GeneralSubtree OPTIONAL
-       excludedSubtrees [1] sequence of GeneralSubtree OPTIONAL
-       }
-
-GeneralSubtree
-       {
-       base    GeneralName
-       minimum [0] BaseDistance DEFAULT 0
-       maximum [1] BaseDistance OPTIONAL
-       }
-
-PolicyConstraints
-       {
-       requiredExplicitPolicy  [0] SkipCerts OPTIONAL
-       inhibitPolicyMapping    [1] SkipCerts OPTIONAL
-       }
-SkipCerts == INTEGER
-
diff --git a/crypto/x509v3/header b/crypto/x509v3/header
deleted file mode 100644 (file)
index 3d791ca..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-int            a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size)
-int            i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
-int            i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp)
-ASN1_INTEGER * d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,long length)
-
-
diff --git a/crypto/x509v3/old-v3/format b/crypto/x509v3/old-v3/format
new file mode 100644 (file)
index 0000000..3307978
--- /dev/null
@@ -0,0 +1,92 @@
+AuthorityKeyIdentifier
+       {
+       keyIdentifier           [0] OCTET_STRING        OPTIONAL
+       authorityCertIssuer     [1] GeneralNames        OPTIONAL
+       authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
+       }
+
+SubjectKeyIdentifier   OCTET_STRING
+
+KeyUsage
+       {
+       BIT_STRING
+               digitalSignature        0
+               nonRepudiation          1
+               keyEncipherment         2
+               dataEncipherment        3
+               keyAgreement            4
+               keyCertSign             5
+               cRLSign                 6
+               encipherOnly            7
+               decipherOnly            8
+       }
+
+extKeyUsage
+       {
+       SEQUENCE of OBJECT_IDENTIFIER
+       }
+
+privateKeyUsagePeriod
+       {
+       notBefore       [0]     GeneralizedTime OPTIONAL
+       notAfter        [1]     GeneralizedTime OPTIONAL
+       }
+
+certificatePoliciesSyntax
+       SEQUENCE of PoliciesInformation
+
+PoliciesInformation    XXX
+policyMappings         XXX
+supportedAlgorithms    XXX
+
+subjectAltName
+       GeneralNames sequence of GeneralName
+
+GeneralName
+       {
+       otherName       [0] INSTANCE OF OTHER-NAME
+       rfc882Name      [1] IA5String
+       dNSName         [2] IA5String
+       x400Address     [3] ORAddress
+       directoryName   [4] Name
+       ediPartyName    [5] 
+                               {
+                               nameAssigner    [0] DirectoryString OPTIONAL
+                               partyName       [1] DirectoryString
+                               }
+       uniformResourceIdentifier [6] IA5String
+       iPAddress       [7] OCTET_STRING
+       registeredID    [8] OBJECT_IDENTIFIER
+       }
+
+issuerAltName
+       GeneralNames sequence of GeneralName
+
+subjectDirectoryAttribute SEQUENCE of Attribute
+
+basicConstraints
+       {
+       cA                      BOOLEAN default FALSE
+       pathLenConstraint       INTEGER OPTIONAL
+       }
+
+nameConstraints
+       {
+       permittedSubtrees [0] sequence of GeneralSubtree OPTIONAL
+       excludedSubtrees [1] sequence of GeneralSubtree OPTIONAL
+       }
+
+GeneralSubtree
+       {
+       base    GeneralName
+       minimum [0] BaseDistance DEFAULT 0
+       maximum [1] BaseDistance OPTIONAL
+       }
+
+PolicyConstraints
+       {
+       requiredExplicitPolicy  [0] SkipCerts OPTIONAL
+       inhibitPolicyMapping    [1] SkipCerts OPTIONAL
+       }
+SkipCerts == INTEGER
+
diff --git a/crypto/x509v3/old-v3/header b/crypto/x509v3/old-v3/header
new file mode 100644 (file)
index 0000000..3d791ca
--- /dev/null
@@ -0,0 +1,6 @@
+int            a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size)
+int            i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
+int            i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp)
+ASN1_INTEGER * d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,long length)
+
+
diff --git a/crypto/x509v3/old-v3/v3_ku.c b/crypto/x509v3/old-v3/v3_ku.c
new file mode 100644 (file)
index 0000000..87c7402
--- /dev/null
@@ -0,0 +1,318 @@
+/* crypto/x509v3/v3_ku.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "stack.h"
+#include "cryptlib.h"
+#include "bio.h"
+#include "asn1.h"
+#include "objects.h"
+#include "x509.h"
+
+X509_EXTENSION_METHOD X509v3_key_usage_method=
+       {
+       NID_key_usage,
+       ku_clear,
+       ex_get_bool,
+       ex_set_bool,
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       ku_a2i,
+       ku_i2a,
+       };
+
+static void ku_clear(a)
+X509_EXTENSION *a;
+       {
+       }
+
+static int ku_expand(a)
+X509_EXTENSION *a;
+       {
+       ASN1_BIT_STRING *bs;
+
+       if (a->argp == NULL)
+               {
+               bs=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,value);
+               if (bs == NULL) return(0);
+               a->argp=(char *)bs;
+               a->ex_free=ASN1_STRING_free;
+               }
+       return(1);
+       }
+
+static int ku_get_bool(a,num)
+X509_EXTENSION *a;
+int num;
+       {
+       int ret;
+       ASN1_BIT_STRING *bs;
+
+       if ((a->argp == NULL) && !ku_expand(a))
+               return(-1);
+       bs=(ASN1_BIT_STRING *)a->argp;
+       ret=ASN1_BIT_STRING_get_bit(bs,num);
+       return(ret);
+       }
+
+static int ku_set_bool(a,num,value)
+X509_EXTENSION *a;
+int num;
+int value;
+       {
+       ASN1_BIT_STRING *a;
+
+       if ((a->argp == NULL) && !ku_expand(a))
+               return(0);
+       bs=(ASN1_BIT_STRING *)a->argp;
+       ret=ASN1_BIT_STRING_set_bit(bs,num,value);
+       }
+
+static int ku_a2i(bio,a,buf,len)
+BIO *bio;
+X509_EXTENSION *a;
+char *buf;
+int len;
+       {
+       get token
+       }
+
+static char ku_names[X509v3_N_KU_NUM]={
+       X509v3_S_KU_digitalSignature,
+       X509v3_S_KU_nonRepudiation,
+       X509v3_S_KU_keyEncipherment,
+       X509v3_S_KU_dataEncipherment,
+       X509v3_S_KU_keyAgreement,
+       X509v3_S_KU_keyCertSign,
+       X509v3_S_KU_cRLSign,
+       X509v3_S_KU_encipherOnly,
+       X509v3_S_KU_decipherOnly,
+       };
+
+static int ku_i2a(bio,a);
+BIO *bio;
+X509_EXTENSION *a;
+       {
+       int i,first=1;
+       char *c;
+
+       for (i=0; i<X509v3_N_KU_NUM; i++)
+               {
+               if (ku_get_bool(a,i) > 0)
+                       {
+                       BIO_printf(bio,"%s%s",((first)?"":" "),ku_names[i]);
+                       first=0;
+                       }
+               }
+       }
+
+/***********************/
+
+int X509v3_get_key_usage(x,ret)
+STACK *x;
+unsigned long *ret;
+       {
+       X509_EXTENSION *ext;
+       ASN1_STRING *st;
+       char *p;
+       int i;
+
+       i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+       if (i < 0) return(X509v3_KU_UNDEF);
+       ext=X509_get_ext(x,i);
+       st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,
+               X509_EXTENSION_get_data(X509_get_ext(x,i)));
+
+       p=ASN1_STRING_data(st);
+       if (ASN1_STRING_length(st) == 1)
+               i=p[0];
+       else if (ASN1_STRING_length(st) == 2)
+               i=p[0]|(p[1]<<8);
+       else
+               i=0;
+       return(i);
+       }
+
+static struct
+       {
+       char *name;
+       unsigned int value;
+       } key_usage_data[] ={
+       {"digitalSignature",    X509v3_KU_DIGITAL_SIGNATURE},
+       {"nonRepudiation",      X509v3_KU_NON_REPUDIATION},
+       {"keyEncipherment",     X509v3_KU_KEY_ENCIPHERMENT},
+       {"dataEncipherment",    X509v3_KU_DATA_ENCIPHERMENT},
+       {"keyAgreement",        X509v3_KU_KEY_AGREEMENT},
+       {"keyCertSign",         X509v3_KU_KEY_CERT_SIGN},
+       {"cRLSign",             X509v3_KU_CRL_SIGN},
+       {"encipherOnly",        X509v3_KU_ENCIPHER_ONLY},
+       {"decipherOnly",        X509v3_KU_DECIPHER_ONLY},
+       {NULL,0},
+       };
+
+#if 0
+static int a2i_key_usage(x,str,len)
+X509 *x;
+char *str;
+int len;
+       {
+       return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str)));
+       }
+
+static int i2a_key_usage(bp,x)
+BIO *bp;
+X509 *x;
+       {
+       return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x)));
+       }
+#endif
+
+int i2a_X509v3_key_usage(bp,use)
+BIO *bp;
+unsigned int use;
+       {
+       int i=0,first=1;
+
+       for (;;)
+               {
+               if (use | key_usage_data[i].value)
+                       {
+                       BIO_printf(bp,"%s%s",((first)?"":" "),
+                               key_usage_data[i].name);
+                       first=0;
+                       }
+               }
+       return(1);
+       }
+
+unsigned int a2i_X509v3_key_usage(p)
+char *p;
+       {
+       unsigned int ret=0;
+       char *q,*s;
+       int i,n;
+
+       q=p;
+       for (;;)
+               {
+               while ((*q != '\0') && isalnum(*q))
+                       q++;
+               if (*q == '\0') break;
+               s=q++;
+               while (isalnum(*q))
+                       q++;
+               n=q-s;
+               i=0;
+               for (;;)
+                       {
+                       if (strncmp(key_usage_data[i].name,s,n) == 0)
+                               {
+                               ret|=key_usage_data[i].value;
+                               break;
+                               }
+                       i++;
+                       if (key_usage_data[i].name == NULL)
+                               return(X509v3_KU_UNDEF);
+                       }
+               }
+       return(ret);
+       }
+
+int X509v3_set_key_usage(x,use)
+X509 *x;
+unsigned int use;
+       {
+       ASN1_OCTET_STRING *os;
+       X509_EXTENSION *ext;
+       int i;
+       unsigned char data[4];
+
+       i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+       if (i < 0)
+               {
+               i=X509_get_ext_count(x)+1;
+               if ((ext=X509_EXTENSION_new()) == NULL) return(0);
+               if (!X509_add_ext(x,ext,i))
+                       {
+                       X509_EXTENSION_free(ext);
+                       return(0);
+                       }
+               }
+       else
+               ext=X509_get_ext(x,i);
+
+       /* fill in 'ext' */
+       os=X509_EXTENSION_get_data(ext);
+
+       i=0;
+       if (use > 0)
+               {
+               i=1;
+               data[0]=use&0xff;
+               }
+       if (use > 0xff)
+               {
+               i=2;
+               data[1]=(use>>8)&0xff;
+               }
+       return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1);
+       }
+
diff --git a/crypto/x509v3/old-v3/x509v3.h b/crypto/x509v3/old-v3/x509v3.h
new file mode 100644 (file)
index 0000000..d7945bc
--- /dev/null
@@ -0,0 +1,87 @@
+/* crypto/x509v3/x509v3.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#define X509v3_N_KU_digitalSignature   0
+#define X509v3_N_KU_nonRepudiation     1
+#define X509v3_N_KU_keyEncipherment    2
+#define X509v3_N_KU_dataEncipherment   3
+#define X509v3_N_KU_keyAgreement       4
+#define X509v3_N_KU_keyCertSign                5
+#define X509v3_N_KU_cRLSign            6
+#define X509v3_N_KU_encipherOnly       7
+#define X509v3_N_KU_decipherOnly       8
+#define X509v3_N_KU_NUM                        9
+#define X509v3_S_KU_digitalSignature   "digitalSignature"
+#define X509v3_S_KU_nonRepudiation     "nonRepudiation"
+#define X509v3_S_KU_keyEncipherment    "keyEncipherment"
+#define X509v3_S_KU_dataEncipherment   "dataEncipherment"
+#define X509v3_S_KU_keyAgreement       "keyAgreement"
+#define X509v3_S_KU_keyCertSign                "keyCertSign"
+#define X509v3_S_KU_cRLSign            "cRLSign"
+#define X509v3_S_KU_encipherOnly       "encipherOnly"
+#define X509v3_S_KU_decipherOnly       "decipherOnly"
+
+
+void X509_ex_clear(X509_EXTENSION *a);
+int X509_ex_get_bool(X509_EXTENSION *a,int num);
+int X509_ex_set_bool(X509_EXTENSION *a,int num,int value);
+int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len);
+int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len);
+char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p);
+int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p);
+int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len);
+int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a);
diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c
new file mode 100644 (file)
index 0000000..f7ad3e8
--- /dev/null
@@ -0,0 +1,187 @@
+/* v3_bcons.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static STACK *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons);
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *values);
+
+#else
+
+static STACK *i2v_BASIC_CONSTRAINTS();
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS();
+
+#endif
+
+X509V3_EXT_METHOD v3_bcons = {
+NID_basic_constraints, 0,
+(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new,
+BASIC_CONSTRAINTS_free,
+(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS,
+i2d_BASIC_CONSTRAINTS,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
+(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+NULL,
+NULL
+};
+
+
+/*
+ * ASN1err(ASN1_F_BASIC_CONSTRAINTS_NEW,ERR_R_MALLOC_FAILURE);
+ * ASN1err(ASN1_F_D2I_BASIC_CONSTRAINTS,ERR_R_MALLOC_FAILURE);
+ */
+
+int i2d_BASIC_CONSTRAINTS(a,pp)
+BASIC_CONSTRAINTS *a;
+unsigned char **pp;
+{
+       M_ASN1_I2D_vars(a);
+       if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN);
+       M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER);
+
+       M_ASN1_I2D_seq_total();
+
+       if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN);
+       M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER);
+       M_ASN1_I2D_finish();
+}
+
+BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new()
+{
+       BASIC_CONSTRAINTS *ret=NULL;
+       ASN1_CTX c;
+       M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS);
+       ret->ca = 0;
+       ret->pathlen = NULL;
+       return (ret);
+       M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW);
+}
+
+BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(a,pp,length)
+BASIC_CONSTRAINTS **a;
+unsigned char **pp;
+long length;
+{
+       M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new);
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) ==
+                (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) {
+                       M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN);
+       }
+       M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
+       M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS);
+}
+
+void BASIC_CONSTRAINTS_free(a)
+BASIC_CONSTRAINTS *a;
+{
+       if (a == NULL) return;
+       ASN1_INTEGER_free (a->pathlen);
+       Free ((char *)a);
+}
+
+static STACK *i2v_BASIC_CONSTRAINTS(method, bcons)
+X509V3_EXT_METHOD *method;
+BASIC_CONSTRAINTS *bcons;
+{
+       STACK *extlist = NULL;
+       X509V3_add_value_bool("CA", bcons->ca, &extlist);
+       X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
+       return extlist;
+}
+
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(method, ctx, values)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK *values;
+{
+       BASIC_CONSTRAINTS *bcons=NULL;
+       CONF_VALUE *val;
+       int i;
+       if(!(bcons = BASIC_CONSTRAINTS_new())) {
+               X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
+       for(i = 0; i < sk_num(values); i++) {
+               val = (CONF_VALUE *)sk_value(values, i);
+               if(!strcmp(val->name, "CA")) {
+                       if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
+               } else if(!strcmp(val->name, "pathlen")) {
+                       if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
+               } else {
+                       X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
+                       X509V3_conf_err(val);
+                       goto err;
+               }
+       }
+       return bcons;
+       err:
+       BASIC_CONSTRAINTS_free(bcons);
+       return NULL;
+}
+
diff --git a/crypto/x509v3/v3_bitstr.c b/crypto/x509v3/v3_bitstr.c
new file mode 100644 (file)
index 0000000..46d8836
--- /dev/null
@@ -0,0 +1,159 @@
+/* v3_bitstr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static ASN1_BIT_STRING *asn1_bit_string_new(void);
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
+static STACK *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits);
+#else
+static ASN1_BIT_STRING *asn1_bit_string_new();
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING();
+static STACK *i2v_ASN1_BIT_STRING();
+#endif
+
+static BIT_STRING_BITNAME ns_cert_type_table[] = {
+{0, "SSL Client", "client"},
+{1, "SSL Server", "server"},
+{2, "S/MIME", "email"},
+{3, "Object Signing", "objsign"},
+{4, "Unused", "reserved"},
+{5, "SSL CA", "sslCA"},
+{6, "S/MIME CA", "emailCA"},
+{7, "Object Signing CA", "objCA"},
+{-1, NULL, NULL}
+};
+
+static BIT_STRING_BITNAME key_usage_type_table[] = {
+{0, "Digital Signature", "digitalSignature"},
+{1, "Non Repudiation", "nonRepudiation"},
+{2, "Key Encipherment", "keyEncipherment"},
+{3, "Data Encipherment", "dataEncipherment"},
+{4, "Key Agreement", "keyAgreement"},
+{5, "Certificate Sign", "keyCertSign"},
+{6, "CRL Sign", "cRLCertSign"},
+{7, "Encipher Only", "encipherOnly"},
+{8, "Decipher Only", "decipherOnly"},
+{-1, NULL, NULL}
+};
+
+
+
+X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+
+static ASN1_BIT_STRING *asn1_bit_string_new()
+{
+       return ASN1_BIT_STRING_new();
+}
+
+static STACK *i2v_ASN1_BIT_STRING(method, bits)
+X509V3_EXT_METHOD *method;
+ASN1_BIT_STRING *bits;
+{
+       BIT_STRING_BITNAME *bnam;
+       STACK *ret = NULL;
+       for(bnam =(BIT_STRING_BITNAME *)method->usr_data; bnam->lname; bnam++) {
+               if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) 
+                       X509V3_add_value(bnam->lname, NULL, &ret);
+       }
+       return ret;
+}
+       
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(method, ctx, nval)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK *nval;
+{
+       CONF_VALUE *val;
+       ASN1_BIT_STRING *bs;
+       int i;
+       BIT_STRING_BITNAME *bnam;
+       if(!(bs = ASN1_BIT_STRING_new())) {
+               X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
+       for(i = 0; i < sk_num(nval); i++) {
+               val = (CONF_VALUE *)sk_value(nval, i);
+               for(bnam = (BIT_STRING_BITNAME *)method->usr_data; bnam->lname;
+                                                                      bnam++) {
+                       if(!strcmp(bnam->sname, val->name) ||
+                               !strcmp(bnam->lname, val->name) ) {
+                               ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1);
+                               break;
+                       }
+               }
+               if(!bnam->lname) {
+                       X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+                       X509V3_conf_err(val);
+                       ASN1_BIT_STRING_free(bs);
+                       return NULL;
+               }
+       }
+       return bs;
+}
+       
+
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
new file mode 100644 (file)
index 0000000..afe2ae2
--- /dev/null
@@ -0,0 +1,165 @@
+/* v3_conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* config file utilities */
+
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <pem.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+X509_EXTENSION *X509V3_EXT_conf(conf, ctx, name, value)
+LHASH *conf;   /* Config file */
+X509V3_CTX *ctx;
+char *name;    /* Name */
+char *value;   /* Value */
+{
+       return X509V3_EXT_conf_nid(conf, ctx, OBJ_sn2nid(name), value);
+}
+
+
+X509_EXTENSION *X509V3_EXT_conf_nid(conf, ctx, ext_nid, value)
+LHASH *conf;   /* Config file */
+X509V3_CTX *ctx;
+int ext_nid;
+char *value;   /* Value */
+{
+       X509_EXTENSION *ext = NULL;
+       X509V3_EXT_METHOD *method;
+       STACK *nval;
+       char *ext_struc;
+       char *ext_der, *p;
+       int ext_len;
+       int crit = 0;
+       ASN1_OCTET_STRING *ext_oct;
+       if(ext_nid == NID_undef) return NULL;
+       if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+               /* Add generic extension support here */
+               return NULL;
+       }
+       /* Check for critical */
+       if((strlen(value) >= 9) && !strncmp(value, "critical,", 9)) {
+               crit = 1;
+               value+=9;
+       }
+       /* Skip over spaces */
+       while(isspace(*value)) value++;
+       /* Now get internal extension representation based on type */
+       if(method->v2i) {
+               if(*value == '@') nval = CONF_get_section(conf, value + 1);
+               else nval = X509V3_parse_list(value);
+               if(!nval) {
+                       X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
+                       ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
+                       return NULL;
+               }
+               ext_struc = method->v2i(method, ctx, nval);
+               if(*value != '@') sk_pop_free(nval, X509V3_conf_free);
+               if(!ext_struc) return NULL;
+       } else if(method->s2i) {
+               if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
+       } else {
+               X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+               ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
+               return NULL;
+       }
+
+       /* We've now got the internal representation: convert to DER */
+       ext_len = method->i2d(ext_struc, NULL);
+       ext_der = Malloc(ext_len);
+       p = ext_der;
+       method->i2d(ext_struc, &p);
+       method->ext_free(ext_struc);
+       ext_oct = ASN1_OCTET_STRING_new();
+       ext_oct->data = ext_der;
+       ext_oct->length = ext_len;
+       
+       ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+       ASN1_OCTET_STRING_free(ext_oct);
+
+       return ext;
+
+}
+
+/* This is the main function: add a bunch of extensions based on a config file
+ * section
+ */
+
+int X509V3_EXT_add_conf(conf, ctx, section, cert)
+LHASH *conf;
+X509V3_CTX *ctx;
+char *section;
+X509 *cert;
+{
+       X509_EXTENSION *ext;
+       STACK *nval;
+       CONF_VALUE *val;        
+       int i;
+       if(!(nval = CONF_get_section(conf, section))) return 0;
+       for(i = 0; i < sk_num(nval); i++) {
+               val = (CONF_VALUE *)sk_value(nval, i);
+               if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+                                                               return 0;
+               if(cert) X509_add_ext(cert, ext, -1);
+               X509_EXTENSION_free(ext);
+       }
+       return 1;
+}
+
diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c
new file mode 100644 (file)
index 0000000..8f22385
--- /dev/null
@@ -0,0 +1,165 @@
+/* v3_extku.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static STACK *v2i_ext_ku(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
+static STACK *i2v_ext_ku(X509V3_EXT_METHOD *method, STACK *eku);
+#else
+static STACK *v2i_ext_ku();
+static STACK *i2v_ext_ku();
+#endif
+
+X509V3_EXT_METHOD v3_ext_ku = {
+NID_ext_key_usage, 0,
+(X509V3_EXT_NEW)ext_ku_new,
+ext_ku_free,
+(X509V3_EXT_D2I)d2i_ext_ku,
+i2d_ext_ku,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_ext_ku,
+(X509V3_EXT_V2I)v2i_ext_ku,
+NULL,
+NULL
+};
+
+STACK *ext_ku_new()
+{
+       return sk_new_null();
+}
+
+void ext_ku_free(eku)
+STACK *eku;
+{
+       sk_pop_free(eku, ASN1_OBJECT_free);
+       return;
+}
+
+int i2d_ext_ku(a,pp)
+STACK *a;
+unsigned char **pp;
+{
+       return i2d_ASN1_SET(a, pp, i2d_ASN1_OBJECT, V_ASN1_SEQUENCE,
+                                                V_ASN1_UNIVERSAL, IS_SEQUENCE);
+}
+
+STACK *d2i_ext_ku(a,pp,length)
+STACK **a;
+unsigned char **pp;
+long length;
+{
+       return d2i_ASN1_SET(a, pp, length, (char *(*)())(d2i_ASN1_OBJECT),
+                        ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+
+
+static STACK *i2v_ext_ku(method, eku)
+X509V3_EXT_METHOD *method;
+STACK  *eku;
+{
+int i;
+ASN1_OBJECT *obj;
+char obj_tmp[80];
+STACK *ext_list = NULL;
+for(i = 0; i < sk_num(eku); i++) {
+       obj = (ASN1_OBJECT *)sk_value(eku, i);
+       i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+       X509V3_add_value(NULL, obj_tmp, &ext_list);
+}
+return ext_list;
+}
+
+static STACK *v2i_ext_ku(method, ctx, nval)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK *nval;
+{
+STACK *extku;
+char *extval;
+ASN1_OBJECT *objtmp;
+CONF_VALUE *val;
+int i;
+
+if(!(extku = sk_new(NULL))) {
+       X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
+       return NULL;
+}
+
+for(i = 0; i < sk_num(nval); i++) {
+       val = (CONF_VALUE *)sk_value(nval, i);
+       if(val->value) extval = val->value;
+       else extval = val->name;
+       if(!(objtmp = OBJ_txt2obj(extval, 0))) {
+               sk_pop_free(extku, ASN1_OBJECT_free);
+               X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+               X509V3_conf_err(val);
+               return NULL;
+       }
+       sk_push(extku, (char *)objtmp);
+}
+return extku;
+}
diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c
new file mode 100644 (file)
index 0000000..13a1137
--- /dev/null
@@ -0,0 +1,127 @@
+/* v3_ia5.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <pem.h>
+#include <asn1_mac.h>
+#include <err.h>
+#include <objects.h>
+#include <conf.h>
+#include "x509v3.h"
+
+#ifndef NOPROTO
+static ASN1_IA5STRING *ia5string_new(void);
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+#else
+static ASN1_IA5STRING *ia5string_new();
+static char *i2s_ASN1_IA5STRING();
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING();
+#endif
+
+X509V3_EXT_METHOD v3_ns_ia5_list[] = { 
+EXT_IA5STRING(NID_netscape_base_url),
+EXT_IA5STRING(NID_netscape_revocation_url),
+EXT_IA5STRING(NID_netscape_ca_revocation_url),
+EXT_IA5STRING(NID_netscape_renewal_url),
+EXT_IA5STRING(NID_netscape_ca_policy_url),
+EXT_IA5STRING(NID_netscape_ssl_server_name),
+EXT_IA5STRING(NID_netscape_comment),
+EXT_END
+};
+
+
+static ASN1_IA5STRING *ia5string_new(void)
+{
+       return ASN1_IA5STRING_new();
+}
+
+static char *i2s_ASN1_IA5STRING(method, ia5)
+X509V3_EXT_METHOD *method;
+ASN1_IA5STRING *ia5;
+{
+       char *tmp;
+       if(!ia5 || !ia5->length) return NULL;
+       tmp = Malloc(ia5->length + 1);
+       memcpy(tmp, ia5->data, ia5->length);
+       tmp[ia5->length] = 0;
+       return tmp;
+}
+
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(method, ctx, str)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+char *str;
+{
+       ASN1_IA5STRING *ia5;
+       if(!str) {
+               X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
+               return NULL;
+       }
+       if(!(ia5 = ASN1_IA5STRING_new())) goto err;
+       if(!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) {
+               ASN1_IA5STRING_free(ia5);
+               goto err;
+       }
+       return ia5;
+       err:
+       X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
+       return NULL;
+}
+
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
new file mode 100644 (file)
index 0000000..bc159b4
--- /dev/null
@@ -0,0 +1,158 @@
+/* v3_lib.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdlib.h>
+#include <pem.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+static STACK *ext_list = NULL;
+
+static ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b);
+static void ext_list_free(X509V3_EXT_METHOD *ext);
+
+int X509V3_EXT_add(ext)
+X509V3_EXT_METHOD *ext;
+{
+       if(!ext_list && !(ext_list = sk_new(ext_cmp))) {
+               X509V3err(X509V3_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
+               return 0;
+       }
+       if(!sk_push(ext_list, (char *)ext)) {
+               X509V3err(X509V3_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
+               return 0;
+       }
+       return 1;
+}
+
+static int ext_cmp(a, b)
+X509V3_EXT_METHOD **a, **b;
+{
+       return ((*a)->ext_nid - (*b)->ext_nid);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(nid)
+int nid;
+{
+       X509V3_EXT_METHOD tmp;
+       int idx;
+       tmp.ext_nid = nid;
+       if(!ext_list || (tmp.ext_nid < 0) ) return NULL;
+       idx = sk_find(ext_list, (char *)&tmp);
+       if(idx == -1) return NULL;
+       return (X509V3_EXT_METHOD *)sk_value(ext_list, idx);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get(ext)
+X509_EXTENSION *ext;
+{
+       int nid;
+       if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
+       return X509V3_EXT_get_nid(nid);
+}
+
+extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku, v3_ns_ia5_list[];
+
+int X509V3_EXT_add_list(extlist)
+X509V3_EXT_METHOD *extlist;
+{
+       for(;extlist->ext_nid!=-1;extlist++) 
+                       if(!X509V3_EXT_add(extlist)) return 0;
+       return 1;
+}
+
+int X509V3_EXT_add_alias(nid_to, nid_from)
+int nid_to, nid_from;
+{
+       X509V3_EXT_METHOD *ext, *tmpext;
+       if(!(ext = X509V3_EXT_get_nid(nid_from))) {
+               X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
+               return 0;
+       }
+       if(!(tmpext = (X509V3_EXT_METHOD *)Malloc(sizeof(X509V3_EXT_METHOD)))) {
+               X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
+               return 0;
+       }
+       *tmpext = *ext;
+       tmpext->ext_nid = nid_to;
+       tmpext->ext_flags = X509V3_EXT_DYNAMIC;
+       return 1;
+}
+
+void X509V3_EXT_cleanup()
+{
+       sk_pop_free(ext_list, ext_list_free);
+}
+
+static void ext_list_free(ext)
+X509V3_EXT_METHOD *ext;
+{
+       if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext);
+}
+
+int X509V3_add_standard_extensions()
+{
+       X509V3_EXT_add_list(v3_ns_ia5_list);
+       X509V3_EXT_add(&v3_bcons);
+       X509V3_EXT_add(&v3_nscert);
+       X509V3_EXT_add(&v3_key_usage);
+       X509V3_EXT_add(&v3_ext_ku);
+       return 1;
+}
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
new file mode 100644 (file)
index 0000000..c975558
--- /dev/null
@@ -0,0 +1,134 @@
+/* v3_prn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdlib.h>
+#include <pem.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+/* Extension printing routines */
+
+/* Print out a name+value stack */
+
+void X509V3_EXT_val_prn(out, val)
+BIO *out;
+STACK *val;
+{
+       int i;
+       CONF_VALUE *nval;
+       if(!val) return;
+       for(i = 0; i < sk_num(val); i++) {
+               if(i > 0) BIO_printf(out, ", ");
+               nval = (CONF_VALUE *)sk_value(val, i);
+               if(!nval->name) BIO_printf(out, "%s", nval->value);
+               else if(!nval->value) BIO_printf(out, "%s", nval->name);
+               else BIO_printf(out, "%s:%s", nval->name, nval->value);
+       }
+}
+
+/* Main routine: print out a general extension */
+
+int X509V3_EXT_print(out, ext, flag)
+BIO *out;
+X509_EXTENSION *ext;
+int flag;
+{
+       char *ext_str = NULL, *p, *value = NULL;
+       X509V3_EXT_METHOD *method;      
+       STACK *nval = NULL;
+       int ok = 1;
+       if(!(method = X509V3_EXT_get(ext))) return 0;
+       p = ext->value->data;
+       if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0;
+       if(method->i2s) {
+               if(!(value = method->i2s(method, ext_str))) {
+                       ok = 0;
+                       goto err;
+               }
+               BIO_printf(out, value);
+       } else if(method->i2v) {
+               if(!(nval = method->i2v(method, ext_str))) {
+                       ok = 0;
+                       goto err;
+               }
+               X509V3_EXT_val_prn(out, nval);
+       } else if(method->i2r) {
+               if(!method->i2r(method, ext_str, out)) ok = 0;
+       } else ok = 0;
+
+       err:
+               sk_pop_free(nval, X509V3_conf_free);
+               if(value) Free(value);
+               method->ext_free(ext_str);
+               return ok;
+}
+
+int X509V3_EXT_print_fp(fp, ext, flag)
+FILE *fp;
+X509_EXTENSION *ext;
+int flag;
+{
+       BIO *bio_tmp;
+       int ret;
+       if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
+       ret = X509V3_EXT_print(bio_tmp, ext, flag);
+       BIO_free(bio_tmp);
+       return ret;
+}
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
new file mode 100644 (file)
index 0000000..a9068a2
--- /dev/null
@@ -0,0 +1,312 @@
+/* v3_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdlib.h>
+#include <ctype.h>
+#include <pem.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+static char * str_dup(char *str);
+static char *strip_spaces(char *name);
+
+static char *str_dup(str)
+char *str;
+{
+       char *tmp;
+       if(!(tmp = Malloc(strlen(str) + 1))) return NULL;
+       strcpy(tmp, str);
+       return tmp;
+}
+
+/* Add a CONF_VALUE name value pair to stack */
+
+int X509V3_add_value(name, value, extlist)
+char *name;
+char *value;
+STACK **extlist;
+{
+       CONF_VALUE *vtmp = NULL;
+       char *tname = NULL, *tvalue = NULL;
+       if(name && !(tname = str_dup(name))) goto err;
+       if(value && !(tvalue = str_dup(value))) goto err;;
+       if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err;
+       if(!*extlist && !(*extlist = sk_new(NULL))) goto err;
+       vtmp->section = NULL;
+       vtmp->name = tname;
+       vtmp->value = tvalue;
+       if(!sk_push(*extlist, (char *)vtmp)) goto err;
+       return 1;
+       err:
+       X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
+       if(vtmp) Free(vtmp);
+       if(tname) Free(tname);
+       if(tvalue) Free(tvalue);
+       return 0;
+}
+
+/* Free function for STACK of CONF_VALUE */
+
+void X509V3_conf_free(conf)
+CONF_VALUE *conf;
+{
+       if(!conf) return;
+       if(conf->name) Free(conf->name);
+       if(conf->value) Free(conf->value);
+       if(conf->section) Free(conf->section);
+       Free((char *)conf);
+}
+
+int X509V3_add_value_bool(name, asn1_bool, extlist)
+char *name;
+int asn1_bool;
+STACK **extlist;
+{
+       if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+       return X509V3_add_value(name, "FALSE", extlist);
+}
+
+int X509V3_add_value_bool_nf(name, asn1_bool, extlist)
+char *name;
+int asn1_bool;
+STACK **extlist;
+{
+       if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+       return 1;
+}
+
+int X509V3_add_value_int(name, aint, extlist)
+char *name;
+ASN1_INTEGER *aint;
+STACK **extlist;
+{
+       BIGNUM *bntmp;
+       char *strtmp;
+       int ret;
+       if(!aint) return 1;
+       bntmp = ASN1_INTEGER_to_BN(aint, NULL);
+       strtmp = BN_bn2dec(bntmp);
+       ret = X509V3_add_value(name, strtmp, extlist);
+       BN_free(bntmp);
+       Free(strtmp);
+       return ret;
+}
+
+int X509V3_get_value_bool(value, asn1_bool)
+CONF_VALUE *value;
+int *asn1_bool;
+{
+       char *btmp;
+       if(!(btmp = value->value)) goto err;
+       if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
+                || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
+               || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
+               *asn1_bool = 0xff;
+               return 1;
+       } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
+                || !strcmp(btmp, "N") || !strcmp(btmp, "n")
+               || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
+               *asn1_bool = 0;
+               return 1;
+       }
+       err:
+       X509V3err(X509V3_F_X509V3_VALUE_GET_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
+       X509V3_conf_err(value);
+       return 0;
+}
+
+int X509V3_get_value_int(value, aint)
+CONF_VALUE *value;
+ASN1_INTEGER **aint;
+{
+       BIGNUM *bn = NULL;
+       bn = BN_new();
+       if(!value->value) {
+               X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_INVALID_NULL_VALUE);
+               X509V3_conf_err(value);
+               return 0;
+       }
+       if(!BN_dec2bn(&bn, value->value)) {
+               X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_BN_DEC2BN_ERROR);
+               X509V3_conf_err(value);
+               return 0;
+       }
+
+       if(!(*aint = BN_to_ASN1_INTEGER(bn, NULL))) {
+               X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+               X509V3_conf_err(value);
+               return 0;
+       }
+       BN_free(bn);
+       return 1;
+}
+
+#define HDR_NAME       1
+#define HDR_VALUE      2
+
+/*#define DEBUG*/
+
+STACK *X509V3_parse_list(line)
+char *line;
+{
+       char *p, *q, c;
+       char *ntmp, *vtmp;
+       STACK *values = NULL;
+       char *linebuf;
+       int state;
+       /* We are going to modify the line so copy it first */
+       linebuf = str_dup(line);
+       state = HDR_NAME;
+       ntmp = NULL;
+       /* Go through all characters */
+       for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+               switch(state) {
+                       case HDR_NAME:
+                       if(c == ':') {
+                               state = HDR_VALUE;
+                               *p = 0;
+                               ntmp = strip_spaces(q);
+                               if(!ntmp) {
+                                       X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+                                       goto err;
+                               }
+                               q = p + 1;
+                       } else if(c == ',') {
+                               *p = 0;
+                               ntmp = strip_spaces(q);
+                               q = p + 1;
+#ifdef DEBUG
+                               printf("%s\n", ntmp);
+#endif
+                               if(!ntmp) {
+                                       X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+                                       goto err;
+                               }
+                               X509V3_add_value(ntmp, NULL, &values);
+                       }
+                       break ;
+
+                       case HDR_VALUE:
+                       if(c == ',') {
+                               state = HDR_NAME;
+                               *p = 0;
+                               vtmp = strip_spaces(q);
+#ifdef DEBUG
+                               printf("%s\n", ntmp);
+#endif
+                               if(!vtmp) {
+                                       X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+                                       goto err;
+                               }
+                               X509V3_add_value(ntmp, vtmp, &values);
+                               ntmp = NULL;
+                               q = p + 1;
+                       }
+
+               }
+       }
+
+       if(state == HDR_VALUE) {
+               vtmp = strip_spaces(q);
+#ifdef DEBUG
+               printf("%s=%s\n", ntmp, vtmp);
+#endif
+               if(!vtmp) {
+                       X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+                       goto err;
+               }
+               X509V3_add_value(ntmp, vtmp, &values);
+       } else {
+               ntmp = strip_spaces(q);
+#ifdef DEBUG
+               printf("%s\n", ntmp);
+#endif
+               if(!ntmp) {
+                       X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+                       goto err;
+               }
+               X509V3_add_value(ntmp, NULL, &values);
+       }
+Free(linebuf);
+return values;
+
+err:
+Free(linebuf);
+sk_pop_free(values, X509V3_conf_free);
+return NULL;
+
+}
+
+/* Delete leading and trailing spaces from a string */
+static char *strip_spaces(name)
+char *name;
+{
+       char *p, *q;
+       /* Skip over leading spaces */
+       p = name;
+       while(*p && isspace(*p)) p++;
+       if(!*p) return NULL;
+       q = p + strlen(p) - 1;
+       while((q != p) && isspace(*q)) q--;
+       if(p != q) q[1] = 0;
+       if(!*p) return NULL;
+       return p;
+}
diff --git a/crypto/x509v3/v3conf.c b/crypto/x509v3/v3conf.c
new file mode 100644 (file)
index 0000000..e0b097b
--- /dev/null
@@ -0,0 +1,127 @@
+/* v3conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <pem.h>
+#include <objects.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+/* Test application to add extensions from a config file */
+
+int main(argc, argv)
+int argc;
+char **argv;
+{
+       LHASH *conf;
+       X509 *cert;
+       FILE *inf;
+       char *conf_file;
+       int i;
+       int count;
+       X509_EXTENSION *ext;
+       X509V3_add_standard_extensions();
+       ERR_load_crypto_strings();
+       if(!argv[1]) {
+               fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
+               exit(1);
+       }
+       conf_file = argv[2];
+       if(!conf_file) conf_file = "test.cnf";
+       conf = CONF_load(NULL, "test.cnf", NULL);
+       if(!conf) {
+               fprintf(stderr, "Error opening Config file %s\n", conf_file);
+               ERR_print_errors_fp(stderr);
+               exit(1);
+       }
+
+       inf = fopen(argv[1], "r");
+       if(!inf) {
+               fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
+               exit(1);
+       }
+       cert = PEM_read_X509(inf, NULL, NULL);
+       if(!cert) {
+               fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
+               exit(1);
+       }
+       fclose(inf);
+
+       sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
+       cert->cert_info->extensions = NULL;
+
+       if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
+               fprintf(stderr, "Error adding extensions\n");
+               ERR_print_errors_fp(stderr);
+               exit(1);
+       }
+
+       count = X509_get_ext_count(cert);
+       printf("%d extensions\n", count);
+       for(i = 0; i < count; i++) {
+               ext = X509_get_ext(cert, i);
+               printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+               if(ext->critical) printf(",critical:\n");
+               else printf(":\n");
+               X509V3_EXT_print_fp(stdout, ext, 0);
+               printf("\n");
+               
+       }
+       return 0;
+}
+
diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c
new file mode 100644 (file)
index 0000000..b250953
--- /dev/null
@@ -0,0 +1,112 @@
+/* lib/x509v3/x509v3_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "x509v3.h"
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA X509V3_str_functs[]=
+       {
+{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0),    "S2I_ASN1_IA5STRING"},
+{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0),   "V2I_ASN1_BIT_STRING"},
+{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"},
+{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0),    "V2I_EXT_KU"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_EXT,0),        "X509V3_ADD_EXT"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0),      "X509V3_add_value"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0),  "X509V3_EXT_add_alias"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0),       "X509V3_EXT_conf"},
+{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_INT,0),  "X509V3_get_value_int"},
+{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0),     "X509V3_parse_list"},
+{ERR_PACK(0,X509V3_F_X509V3_VALUE_GET_BOOL,0), "X509V3_VALUE_GET_BOOL"},
+{0,NULL},
+       };
+
+static ERR_STRING_DATA X509V3_str_reasons[]=
+       {
+{X509V3_R_BN_DEC2BN_ERROR                ,"bn dec2bn error"},
+{X509V3_R_BN_TO_ASN1_INTEGER_ERROR       ,"bn to asn1 integer error"},
+{X509V3_R_EXTENSION_NOT_FOUND            ,"extension not found"},
+{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
+{X509V3_R_INVALID_BOOLEAN_STRING         ,"invalid boolean string"},
+{X509V3_R_INVALID_EXTENSION_STRING       ,"invalid extension string"},
+{X509V3_R_INVALID_NAME                   ,"invalid name"},
+{X509V3_R_INVALID_NULL_ARGUMENT          ,"invalid null argument"},
+{X509V3_R_INVALID_NULL_NAME              ,"invalid null name"},
+{X509V3_R_INVALID_NULL_VALUE             ,"invalid null value"},
+{X509V3_R_INVALID_OBJECT_IDENTIFIER      ,"invalid object identifier"},
+{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT    ,"unknown bit string argument"},
+{0,NULL},
+       };
+
+#endif
+
+void ERR_load_X509V3_strings()
+       {
+       static int init=1;
+
+       if (init)
+               {
+               init=0;
+#ifndef NO_ERR
+               ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
+               ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
+#endif
+
+               }
+       }
diff --git a/crypto/x509v3/v3prin.c b/crypto/x509v3/v3prin.c
new file mode 100644 (file)
index 0000000..6475fb9
--- /dev/null
@@ -0,0 +1,97 @@
+/* v3prin.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <pem.h>
+#include <objects.h>
+#include <conf.h>
+#include <err.h>
+#include "x509v3.h"
+
+int main(argc, argv)
+int argc;
+char **argv;
+{
+       X509 *cert;
+       FILE *inf;
+       int i, count;
+       X509_EXTENSION *ext;
+       X509V3_add_standard_extensions();
+       if(!argv[1]) {
+               fprintf(stderr, "Usage v3prin cert.pem\n");
+               exit(1);
+       }
+       if(!(inf = fopen(argv[1], "r"))) {
+               fprintf(stderr, "Can't open %s\n", argv[1]);
+               exit(1);
+       }
+       if(!(cert = PEM_read_X509(inf, NULL, NULL))) {
+               fprintf(stderr, "Can't read certificate %s\n", argv[1]);
+               ERR_print_errors_fp(stderr);
+               exit(1);
+       }
+       fclose(inf);
+       count = X509_get_ext_count(cert);
+       printf("%d extensions\n", count);
+       for(i = 0; i < count; i++) {
+               ext = X509_get_ext(cert, i);
+               printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+               X509V3_EXT_print_fp(stdout, ext, 0);
+               printf("\n");
+               
+       }
+       return 0;
+}
index d7945bc9cdd196962b0fadb10a3f519c664c7b7a..79bb903ccfcf54800e5eac0d9a8203045a6aebbe 100644 (file)
-/* crypto/x509v3/x509v3.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* x509v3.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
-#define X509v3_N_KU_digitalSignature   0
-#define X509v3_N_KU_nonRepudiation     1
-#define X509v3_N_KU_keyEncipherment    2
-#define X509v3_N_KU_dataEncipherment   3
-#define X509v3_N_KU_keyAgreement       4
-#define X509v3_N_KU_keyCertSign                5
-#define X509v3_N_KU_cRLSign            6
-#define X509v3_N_KU_encipherOnly       7
-#define X509v3_N_KU_decipherOnly       8
-#define X509v3_N_KU_NUM                        9
-#define X509v3_S_KU_digitalSignature   "digitalSignature"
-#define X509v3_S_KU_nonRepudiation     "nonRepudiation"
-#define X509v3_S_KU_keyEncipherment    "keyEncipherment"
-#define X509v3_S_KU_dataEncipherment   "dataEncipherment"
-#define X509v3_S_KU_keyAgreement       "keyAgreement"
-#define X509v3_S_KU_keyCertSign                "keyCertSign"
-#define X509v3_S_KU_cRLSign            "cRLSign"
-#define X509v3_S_KU_encipherOnly       "encipherOnly"
-#define X509v3_S_KU_decipherOnly       "decipherOnly"
-
-
-void X509_ex_clear(X509_EXTENSION *a);
-int X509_ex_get_bool(X509_EXTENSION *a,int num);
-int X509_ex_set_bool(X509_EXTENSION *a,int num,int value);
-int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len);
-int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len);
-char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p);
-int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p);
-int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len);
-int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a);
+#ifndef HEADER_X509V3_H
+#define HEADER_X509V3_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "bio.h"
+#include "x509.h"
+
+/* Forward reference */
+struct v3_ext_method;
+struct v3_ext_ctx;
+
+/* Useful typedefs */
+
+typedef char * (*X509V3_EXT_NEW)();
+typedef void (*X509V3_EXT_FREE)();
+typedef char * (*X509V3_EXT_D2I)();
+typedef int (*X509V3_EXT_I2D)();
+typedef STACK * (*X509V3_EXT_I2V)(struct v3_ext_method *method, char *ext);
+typedef char * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK *values);
+typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, char *ext);
+typedef char * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out);
+
+/* V3 extension structure */
+
+struct v3_ext_method {
+int ext_nid;
+int ext_flags;
+X509V3_EXT_NEW ext_new;
+X509V3_EXT_FREE ext_free;
+X509V3_EXT_D2I d2i;
+X509V3_EXT_I2D i2d;
+
+/* The following pair is used for string extensions */
+X509V3_EXT_I2S i2s;
+X509V3_EXT_S2I s2i;
+
+/* The following pair is used for multi-valued extensions */
+X509V3_EXT_I2V i2v;
+X509V3_EXT_V2I v2i;
+
+/* The following is used for raw extensions */
+X509V3_EXT_I2R i2r;
+
+char *usr_data;        /* Any extension specific data */
+};
+
+/* Context specific info */
+struct v3_ctx_struct {
+X509 *issuer_cert;
+X509 *subject_cert;
+X509_REQ *subject_req;
+/* Maybe more here */
+};
+
+typedef struct v3_ext_method X509V3_EXT_METHOD;
+typedef struct v3_ext_ctx X509V3_CTX;
+
+/* ext_flags values */
+#define X509V3_EXT_DYNAMIC 0x1
+
+typedef struct {
+int bitnum;
+char *lname;
+char *sname;
+} BIT_STRING_BITNAME;
+
+typedef struct {
+int ca;
+ASN1_INTEGER *pathlen;
+} BASIC_CONSTRAINTS;
+
+#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
+",name:", val->name, ",value:", val->value);
+
+#define EXT_BITSTRING(nid, table) { nid, 0, \
+                       (X509V3_EXT_NEW)asn1_bit_string_new, ASN1_STRING_free, \
+                       (X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
+                       i2d_ASN1_BIT_STRING, \
+                       NULL, NULL, \
+                       (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
+                       (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
+                       NULL, \
+                       (char *)table}
+
+#define EXT_IA5STRING(nid) { nid, 0, \
+                       (X509V3_EXT_NEW)ia5string_new, ASN1_STRING_free, \
+                       (X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \
+                       i2d_ASN1_IA5STRING, \
+                       (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
+                       (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
+                       NULL, NULL, NULL, \
+                       NULL}
+
+#define EXT_END { -1, 0, NULL, NULL, NULL, NULL, NULL, NULL, \
+                        NULL, NULL, NULL, \
+                        NULL}
+
+#ifndef NOPROTO
+void ERR_load_X509V3_strings(void);
+void ERR_X509V3_error(int function, int reason, char *file, int line);
+int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp);
+BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length);
+BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
+void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
+
+int i2d_ext_ku(STACK *a, unsigned char **pp);
+STACK *d2i_ext_ku(STACK **a, unsigned char **pp, long length);
+void ext_ku_free(STACK *a);
+STACK *ext_ku_new(void);
+
+#ifdef HEADER_CONF_H
+void X509V3_conf_free(CONF_VALUE *val);
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+#endif
+
+int X509V3_add_value(char *name, char *value, STACK **extlist);
+int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist);
+int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist);
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+void X509V3_EXT_cleanup(void);
+
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+int X509V3_add_standard_extensions(void);
+STACK *X509V3_parse_list(char *line);
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag);
+
+#else
+
+void ERR_load_X509V3_strings();
+void ERR_X509V3_error();
+int i2d_BASIC_CONSTRAINTS();
+BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS();
+BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new();
+void BASIC_CONSTRAINTS_free();
+
+int i2d_ext_ku();
+STACK *d2i_ext_ku();
+void ext_ku_free();
+STACK *ext_ku_new();
+
+#ifdef HEADER_CONF_H
+void X509V3_conf_free();
+X509_EXTENSION *X509V3_EXT_conf_nid();
+X509_EXTENSION *X509V3_EXT_conf();
+int X509V3_EXT_add_conf();
+int X509V3_get_value_bool();
+int X509V3_get_value_int();
+#endif
+
+int X509V3_add_value();
+int X509V3_add_value_bool();
+int X509V3_add_value_int();
+int X509V3_EXT_add();
+int X509V3_EXT_add_alias();
+void X509V3_EXT_cleanup();
+
+X509V3_EXT_METHOD *X509V3_EXT_get();
+X509V3_EXT_METHOD *X509V3_EXT_get_nid();
+int X509V3_add_standard_extensions();
+STACK *X509V3_parse_list();
+
+int X509V3_EXT_print();
+int X509V3_EXT_print_fp();
+#endif
+
+/* BEGIN ERROR CODES */
+/* Error codes for the X509V3 functions. */
+
+/* Function codes. */
+#define X509V3_F_S2I_ASN1_IA5STRING                     100
+#define X509V3_F_V2I_ASN1_BIT_STRING                    101
+#define X509V3_F_V2I_BASIC_CONSTRAINTS                  102
+#define X509V3_F_V2I_EXT_KU                             103
+#define X509V3_F_X509V3_ADD_EXT                                 104
+#define X509V3_F_X509V3_ADD_VALUE                       105
+#define X509V3_F_X509V3_EXT_ADD_ALIAS                   106
+#define X509V3_F_X509V3_EXT_CONF                        107
+#define X509V3_F_X509V3_GET_VALUE_INT                   108
+#define X509V3_F_X509V3_PARSE_LIST                      109
+#define X509V3_F_X509V3_VALUE_GET_BOOL                  110
+
+/* Reason codes. */
+#define X509V3_R_BN_DEC2BN_ERROR                        100
+#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR               101
+#define X509V3_R_EXTENSION_NOT_FOUND                    102
+#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED        103
+#define X509V3_R_INVALID_BOOLEAN_STRING                         104
+#define X509V3_R_INVALID_EXTENSION_STRING               105
+#define X509V3_R_INVALID_NAME                           106
+#define X509V3_R_INVALID_NULL_ARGUMENT                  107
+#define X509V3_R_INVALID_NULL_NAME                      108
+#define X509V3_R_INVALID_NULL_VALUE                     109
+#define X509V3_R_INVALID_OBJECT_IDENTIFIER              110
+#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT            111
+#ifdef  __cplusplus
+}
+#endif
+#endif
+