From 9aeaf1b4a7924cabf829bf57d0ca87d311cd2dfe Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 24 Jan 1999 00:50:01 +0000 Subject: [PATCH] Initial addition of new X509 V3 files, tidy of old files. --- CHANGES | 5 + crypto/x509v3/Makefile.ssl | 88 ++++++++ crypto/x509v3/README | 4 + crypto/x509v3/{ => old-v3}/format | 0 crypto/x509v3/{ => old-v3}/header | 0 crypto/x509v3/old-v3/v3_ku.c | 318 +++++++++++++++++++++++++++ crypto/x509v3/old-v3/x509v3.h | 87 ++++++++ crypto/x509v3/v3_bcons.c | 187 ++++++++++++++++ crypto/x509v3/v3_bitstr.c | 159 ++++++++++++++ crypto/x509v3/v3_conf.c | 165 ++++++++++++++ crypto/x509v3/v3_extku.c | 165 ++++++++++++++ crypto/x509v3/v3_ia5.c | 127 +++++++++++ crypto/x509v3/v3_lib.c | 158 ++++++++++++++ crypto/x509v3/v3_prn.c | 134 ++++++++++++ crypto/x509v3/v3_utl.c | 312 +++++++++++++++++++++++++++ crypto/x509v3/v3conf.c | 127 +++++++++++ crypto/x509v3/v3err.c | 112 ++++++++++ crypto/x509v3/v3prin.c | 97 +++++++++ crypto/x509v3/x509v3.h | 344 +++++++++++++++++++++++------- 19 files changed, 2508 insertions(+), 81 deletions(-) create mode 100644 crypto/x509v3/Makefile.ssl create mode 100644 crypto/x509v3/README rename crypto/x509v3/{ => old-v3}/format (100%) rename crypto/x509v3/{ => old-v3}/header (100%) create mode 100644 crypto/x509v3/old-v3/v3_ku.c create mode 100644 crypto/x509v3/old-v3/x509v3.h create mode 100644 crypto/x509v3/v3_bcons.c create mode 100644 crypto/x509v3/v3_bitstr.c create mode 100644 crypto/x509v3/v3_conf.c create mode 100644 crypto/x509v3/v3_extku.c create mode 100644 crypto/x509v3/v3_ia5.c create mode 100644 crypto/x509v3/v3_lib.c create mode 100644 crypto/x509v3/v3_prn.c create mode 100644 crypto/x509v3/v3_utl.c create mode 100644 crypto/x509v3/v3conf.c create mode 100644 crypto/x509v3/v3err.c create mode 100644 crypto/x509v3/v3prin.c diff --git a/CHANGES b/CHANGES index ec02d06569..07321a2596 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,11 @@ Changes between 0.9.1c and 0.9.2 + *) Takes a deep breath and start addding X509 V3 extension support code. Add + files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this + stuff is currently isolated and isn't even compiled yet. + [Steve Henson] + *) Continuing patches for GeneralizedTime. Fix up certificate and CRL ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print. Removed the versions check from X509 routines when loading extensions: diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl new file mode 100644 index 0000000000..3cc99ea296 --- /dev/null +++ b/crypto/x509v3/Makefile.ssl @@ -0,0 +1,88 @@ +# +# SSLeay/crypto/x509v3/Makefile +# + +DIR= x509v3 +TOP= ../.. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG=-g +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= $(TOP)/util/domd $(TOP) +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +ERR=x509v3 +ERRC=v3err +GENERAL=Makefile README +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= v3_bcons.c v3_bitstr.c v3_conf.c v3_extku.c v3_ia5.c \ +v3_lib.c v3_prn.c v3_utl.c v3err.c +LIBOBJ= v3_bcons.o v3_bitstr.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ +v3_prn.o v3_utl.o v3err.o + +SRC= $(LIBSRC) + +EXHEADER= x509v3.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + sh $(TOP)/util/ranlib.sh $(LIB) + @touch lib + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + $(TOP)/util/mklink.sh ../../include $(EXHEADER) + $(TOP)/util/mklink.sh ../../test $(TEST) + $(TOP)/util/mklink.sh ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALLTOP)/include/$$i; \ + chmod 644 $(INSTALLTOP)/include/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: $(ERRC).c + +$(ERRC).c: $(ERR).err + perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h + perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/x509v3/README b/crypto/x509v3/README new file mode 100644 index 0000000000..3b2cc047be --- /dev/null +++ b/crypto/x509v3/README @@ -0,0 +1,4 @@ +WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + +This is ***VERY*** new experimental code and is likely to change +considerably or vanish altogether. diff --git a/crypto/x509v3/format b/crypto/x509v3/old-v3/format similarity index 100% rename from crypto/x509v3/format rename to crypto/x509v3/old-v3/format diff --git a/crypto/x509v3/header b/crypto/x509v3/old-v3/header similarity index 100% rename from crypto/x509v3/header rename to crypto/x509v3/old-v3/header diff --git a/crypto/x509v3/old-v3/v3_ku.c b/crypto/x509v3/old-v3/v3_ku.c new file mode 100644 index 0000000000..87c7402f43 --- /dev/null +++ b/crypto/x509v3/old-v3/v3_ku.c @@ -0,0 +1,318 @@ +/* crypto/x509v3/v3_ku.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "stack.h" +#include "cryptlib.h" +#include "bio.h" +#include "asn1.h" +#include "objects.h" +#include "x509.h" + +X509_EXTENSION_METHOD X509v3_key_usage_method= + { + NID_key_usage, + ku_clear, + ex_get_bool, + ex_set_bool, + NULL, + NULL, + NULL, + NULL, + ku_a2i, + ku_i2a, + }; + +static void ku_clear(a) +X509_EXTENSION *a; + { + } + +static int ku_expand(a) +X509_EXTENSION *a; + { + ASN1_BIT_STRING *bs; + + if (a->argp == NULL) + { + bs=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,value); + if (bs == NULL) return(0); + a->argp=(char *)bs; + a->ex_free=ASN1_STRING_free; + } + return(1); + } + +static int ku_get_bool(a,num) +X509_EXTENSION *a; +int num; + { + int ret; + ASN1_BIT_STRING *bs; + + if ((a->argp == NULL) && !ku_expand(a)) + return(-1); + bs=(ASN1_BIT_STRING *)a->argp; + ret=ASN1_BIT_STRING_get_bit(bs,num); + return(ret); + } + +static int ku_set_bool(a,num,value) +X509_EXTENSION *a; +int num; +int value; + { + ASN1_BIT_STRING *a; + + if ((a->argp == NULL) && !ku_expand(a)) + return(0); + bs=(ASN1_BIT_STRING *)a->argp; + ret=ASN1_BIT_STRING_set_bit(bs,num,value); + } + +static int ku_a2i(bio,a,buf,len) +BIO *bio; +X509_EXTENSION *a; +char *buf; +int len; + { + get token + } + +static char ku_names[X509v3_N_KU_NUM]={ + X509v3_S_KU_digitalSignature, + X509v3_S_KU_nonRepudiation, + X509v3_S_KU_keyEncipherment, + X509v3_S_KU_dataEncipherment, + X509v3_S_KU_keyAgreement, + X509v3_S_KU_keyCertSign, + X509v3_S_KU_cRLSign, + X509v3_S_KU_encipherOnly, + X509v3_S_KU_decipherOnly, + }; + +static int ku_i2a(bio,a); +BIO *bio; +X509_EXTENSION *a; + { + int i,first=1; + char *c; + + for (i=0; i 0) + { + BIO_printf(bio,"%s%s",((first)?"":" "),ku_names[i]); + first=0; + } + } + } + +/***********************/ + +int X509v3_get_key_usage(x,ret) +STACK *x; +unsigned long *ret; + { + X509_EXTENSION *ext; + ASN1_STRING *st; + char *p; + int i; + + i=X509_get_ext_by_NID(x,NID_key_usage,-1); + if (i < 0) return(X509v3_KU_UNDEF); + ext=X509_get_ext(x,i); + st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING, + X509_EXTENSION_get_data(X509_get_ext(x,i))); + + p=ASN1_STRING_data(st); + if (ASN1_STRING_length(st) == 1) + i=p[0]; + else if (ASN1_STRING_length(st) == 2) + i=p[0]|(p[1]<<8); + else + i=0; + return(i); + } + +static struct + { + char *name; + unsigned int value; + } key_usage_data[] ={ + {"digitalSignature", X509v3_KU_DIGITAL_SIGNATURE}, + {"nonRepudiation", X509v3_KU_NON_REPUDIATION}, + {"keyEncipherment", X509v3_KU_KEY_ENCIPHERMENT}, + {"dataEncipherment", X509v3_KU_DATA_ENCIPHERMENT}, + {"keyAgreement", X509v3_KU_KEY_AGREEMENT}, + {"keyCertSign", X509v3_KU_KEY_CERT_SIGN}, + {"cRLSign", X509v3_KU_CRL_SIGN}, + {"encipherOnly", X509v3_KU_ENCIPHER_ONLY}, + {"decipherOnly", X509v3_KU_DECIPHER_ONLY}, + {NULL,0}, + }; + +#if 0 +static int a2i_key_usage(x,str,len) +X509 *x; +char *str; +int len; + { + return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str))); + } + +static int i2a_key_usage(bp,x) +BIO *bp; +X509 *x; + { + return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x))); + } +#endif + +int i2a_X509v3_key_usage(bp,use) +BIO *bp; +unsigned int use; + { + int i=0,first=1; + + for (;;) + { + if (use | key_usage_data[i].value) + { + BIO_printf(bp,"%s%s",((first)?"":" "), + key_usage_data[i].name); + first=0; + } + } + return(1); + } + +unsigned int a2i_X509v3_key_usage(p) +char *p; + { + unsigned int ret=0; + char *q,*s; + int i,n; + + q=p; + for (;;) + { + while ((*q != '\0') && isalnum(*q)) + q++; + if (*q == '\0') break; + s=q++; + while (isalnum(*q)) + q++; + n=q-s; + i=0; + for (;;) + { + if (strncmp(key_usage_data[i].name,s,n) == 0) + { + ret|=key_usage_data[i].value; + break; + } + i++; + if (key_usage_data[i].name == NULL) + return(X509v3_KU_UNDEF); + } + } + return(ret); + } + +int X509v3_set_key_usage(x,use) +X509 *x; +unsigned int use; + { + ASN1_OCTET_STRING *os; + X509_EXTENSION *ext; + int i; + unsigned char data[4]; + + i=X509_get_ext_by_NID(x,NID_key_usage,-1); + if (i < 0) + { + i=X509_get_ext_count(x)+1; + if ((ext=X509_EXTENSION_new()) == NULL) return(0); + if (!X509_add_ext(x,ext,i)) + { + X509_EXTENSION_free(ext); + return(0); + } + } + else + ext=X509_get_ext(x,i); + + /* fill in 'ext' */ + os=X509_EXTENSION_get_data(ext); + + i=0; + if (use > 0) + { + i=1; + data[0]=use&0xff; + } + if (use > 0xff) + { + i=2; + data[1]=(use>>8)&0xff; + } + return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1); + } + diff --git a/crypto/x509v3/old-v3/x509v3.h b/crypto/x509v3/old-v3/x509v3.h new file mode 100644 index 0000000000..d7945bc9cd --- /dev/null +++ b/crypto/x509v3/old-v3/x509v3.h @@ -0,0 +1,87 @@ +/* crypto/x509v3/x509v3.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#define X509v3_N_KU_digitalSignature 0 +#define X509v3_N_KU_nonRepudiation 1 +#define X509v3_N_KU_keyEncipherment 2 +#define X509v3_N_KU_dataEncipherment 3 +#define X509v3_N_KU_keyAgreement 4 +#define X509v3_N_KU_keyCertSign 5 +#define X509v3_N_KU_cRLSign 6 +#define X509v3_N_KU_encipherOnly 7 +#define X509v3_N_KU_decipherOnly 8 +#define X509v3_N_KU_NUM 9 +#define X509v3_S_KU_digitalSignature "digitalSignature" +#define X509v3_S_KU_nonRepudiation "nonRepudiation" +#define X509v3_S_KU_keyEncipherment "keyEncipherment" +#define X509v3_S_KU_dataEncipherment "dataEncipherment" +#define X509v3_S_KU_keyAgreement "keyAgreement" +#define X509v3_S_KU_keyCertSign "keyCertSign" +#define X509v3_S_KU_cRLSign "cRLSign" +#define X509v3_S_KU_encipherOnly "encipherOnly" +#define X509v3_S_KU_decipherOnly "decipherOnly" + + +void X509_ex_clear(X509_EXTENSION *a); +int X509_ex_get_bool(X509_EXTENSION *a,int num); +int X509_ex_set_bool(X509_EXTENSION *a,int num,int value); +int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len); +int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len); +char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p); +int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p); +int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len); +int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a); diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c new file mode 100644 index 0000000000..f7ad3e884c --- /dev/null +++ b/crypto/x509v3/v3_bcons.c @@ -0,0 +1,187 @@ +/* v3_bcons.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include "x509v3.h" + +#ifndef NOPROTO +static STACK *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons); +static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *values); + +#else + +static STACK *i2v_BASIC_CONSTRAINTS(); +static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(); + +#endif + +X509V3_EXT_METHOD v3_bcons = { +NID_basic_constraints, 0, +(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new, +BASIC_CONSTRAINTS_free, +(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS, +i2d_BASIC_CONSTRAINTS, +NULL, NULL, +(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, +(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, +NULL, +NULL +}; + + +/* + * ASN1err(ASN1_F_BASIC_CONSTRAINTS_NEW,ERR_R_MALLOC_FAILURE); + * ASN1err(ASN1_F_D2I_BASIC_CONSTRAINTS,ERR_R_MALLOC_FAILURE); + */ + +int i2d_BASIC_CONSTRAINTS(a,pp) +BASIC_CONSTRAINTS *a; +unsigned char **pp; +{ + M_ASN1_I2D_vars(a); + if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN); + M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER); + + M_ASN1_I2D_seq_total(); + + if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN); + M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER); + M_ASN1_I2D_finish(); +} + +BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new() +{ + BASIC_CONSTRAINTS *ret=NULL; + ASN1_CTX c; + M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS); + ret->ca = 0; + ret->pathlen = NULL; + return (ret); + M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW); +} + +BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(a,pp,length) +BASIC_CONSTRAINTS **a; +unsigned char **pp; +long length; +{ + M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new); + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == + (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) { + M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN); + } + M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER); + M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS); +} + +void BASIC_CONSTRAINTS_free(a) +BASIC_CONSTRAINTS *a; +{ + if (a == NULL) return; + ASN1_INTEGER_free (a->pathlen); + Free ((char *)a); +} + +static STACK *i2v_BASIC_CONSTRAINTS(method, bcons) +X509V3_EXT_METHOD *method; +BASIC_CONSTRAINTS *bcons; +{ + STACK *extlist = NULL; + X509V3_add_value_bool("CA", bcons->ca, &extlist); + X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); + return extlist; +} + +static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(method, ctx, values) +X509V3_EXT_METHOD *method; +X509V3_CTX *ctx; +STACK *values; +{ + BASIC_CONSTRAINTS *bcons=NULL; + CONF_VALUE *val; + int i; + if(!(bcons = BASIC_CONSTRAINTS_new())) { + X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + return NULL; + } + for(i = 0; i < sk_num(values); i++) { + val = (CONF_VALUE *)sk_value(values, i); + if(!strcmp(val->name, "CA")) { + if(!X509V3_get_value_bool(val, &bcons->ca)) goto err; + } else if(!strcmp(val->name, "pathlen")) { + if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err; + } else { + X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME); + X509V3_conf_err(val); + goto err; + } + } + return bcons; + err: + BASIC_CONSTRAINTS_free(bcons); + return NULL; +} + diff --git a/crypto/x509v3/v3_bitstr.c b/crypto/x509v3/v3_bitstr.c new file mode 100644 index 0000000000..46d8836cd6 --- /dev/null +++ b/crypto/x509v3/v3_bitstr.c @@ -0,0 +1,159 @@ +/* v3_bitstr.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include "x509v3.h" + +#ifndef NOPROTO +static ASN1_BIT_STRING *asn1_bit_string_new(void); +static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval); +static STACK *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits); +#else +static ASN1_BIT_STRING *asn1_bit_string_new(); +static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(); +static STACK *i2v_ASN1_BIT_STRING(); +#endif + +static BIT_STRING_BITNAME ns_cert_type_table[] = { +{0, "SSL Client", "client"}, +{1, "SSL Server", "server"}, +{2, "S/MIME", "email"}, +{3, "Object Signing", "objsign"}, +{4, "Unused", "reserved"}, +{5, "SSL CA", "sslCA"}, +{6, "S/MIME CA", "emailCA"}, +{7, "Object Signing CA", "objCA"}, +{-1, NULL, NULL} +}; + +static BIT_STRING_BITNAME key_usage_type_table[] = { +{0, "Digital Signature", "digitalSignature"}, +{1, "Non Repudiation", "nonRepudiation"}, +{2, "Key Encipherment", "keyEncipherment"}, +{3, "Data Encipherment", "dataEncipherment"}, +{4, "Key Agreement", "keyAgreement"}, +{5, "Certificate Sign", "keyCertSign"}, +{6, "CRL Sign", "cRLCertSign"}, +{7, "Encipher Only", "encipherOnly"}, +{8, "Decipher Only", "decipherOnly"}, +{-1, NULL, NULL} +}; + + + +X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); +X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); + +static ASN1_BIT_STRING *asn1_bit_string_new() +{ + return ASN1_BIT_STRING_new(); +} + +static STACK *i2v_ASN1_BIT_STRING(method, bits) +X509V3_EXT_METHOD *method; +ASN1_BIT_STRING *bits; +{ + BIT_STRING_BITNAME *bnam; + STACK *ret = NULL; + for(bnam =(BIT_STRING_BITNAME *)method->usr_data; bnam->lname; bnam++) { + if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) + X509V3_add_value(bnam->lname, NULL, &ret); + } + return ret; +} + +static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(method, ctx, nval) +X509V3_EXT_METHOD *method; +X509V3_CTX *ctx; +STACK *nval; +{ + CONF_VALUE *val; + ASN1_BIT_STRING *bs; + int i; + BIT_STRING_BITNAME *bnam; + if(!(bs = ASN1_BIT_STRING_new())) { + X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); + return NULL; + } + for(i = 0; i < sk_num(nval); i++) { + val = (CONF_VALUE *)sk_value(nval, i); + for(bnam = (BIT_STRING_BITNAME *)method->usr_data; bnam->lname; + bnam++) { + if(!strcmp(bnam->sname, val->name) || + !strcmp(bnam->lname, val->name) ) { + ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1); + break; + } + } + if(!bnam->lname) { + X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); + X509V3_conf_err(val); + ASN1_BIT_STRING_free(bs); + return NULL; + } + } + return bs; +} + + diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c new file mode 100644 index 0000000000..afe2ae249e --- /dev/null +++ b/crypto/x509v3/v3_conf.c @@ -0,0 +1,165 @@ +/* v3_conf.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* config file utilities */ + +#include +#include +#include +#include +#include +#include +#include "x509v3.h" + +X509_EXTENSION *X509V3_EXT_conf(conf, ctx, name, value) +LHASH *conf; /* Config file */ +X509V3_CTX *ctx; +char *name; /* Name */ +char *value; /* Value */ +{ + return X509V3_EXT_conf_nid(conf, ctx, OBJ_sn2nid(name), value); +} + + +X509_EXTENSION *X509V3_EXT_conf_nid(conf, ctx, ext_nid, value) +LHASH *conf; /* Config file */ +X509V3_CTX *ctx; +int ext_nid; +char *value; /* Value */ +{ + X509_EXTENSION *ext = NULL; + X509V3_EXT_METHOD *method; + STACK *nval; + char *ext_struc; + char *ext_der, *p; + int ext_len; + int crit = 0; + ASN1_OCTET_STRING *ext_oct; + if(ext_nid == NID_undef) return NULL; + if(!(method = X509V3_EXT_get_nid(ext_nid))) { + /* Add generic extension support here */ + return NULL; + } + /* Check for critical */ + if((strlen(value) >= 9) && !strncmp(value, "critical,", 9)) { + crit = 1; + value+=9; + } + /* Skip over spaces */ + while(isspace(*value)) value++; + /* Now get internal extension representation based on type */ + if(method->v2i) { + if(*value == '@') nval = CONF_get_section(conf, value + 1); + else nval = X509V3_parse_list(value); + if(!nval) { + X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); + ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); + return NULL; + } + ext_struc = method->v2i(method, ctx, nval); + if(*value != '@') sk_pop_free(nval, X509V3_conf_free); + if(!ext_struc) return NULL; + } else if(method->s2i) { + if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; + } else { + X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); + ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); + return NULL; + } + + /* We've now got the internal representation: convert to DER */ + ext_len = method->i2d(ext_struc, NULL); + ext_der = Malloc(ext_len); + p = ext_der; + method->i2d(ext_struc, &p); + method->ext_free(ext_struc); + ext_oct = ASN1_OCTET_STRING_new(); + ext_oct->data = ext_der; + ext_oct->length = ext_len; + + ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); + ASN1_OCTET_STRING_free(ext_oct); + + return ext; + +} + +/* This is the main function: add a bunch of extensions based on a config file + * section + */ + +int X509V3_EXT_add_conf(conf, ctx, section, cert) +LHASH *conf; +X509V3_CTX *ctx; +char *section; +X509 *cert; +{ + X509_EXTENSION *ext; + STACK *nval; + CONF_VALUE *val; + int i; + if(!(nval = CONF_get_section(conf, section))) return 0; + for(i = 0; i < sk_num(nval); i++) { + val = (CONF_VALUE *)sk_value(nval, i); + if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) + return 0; + if(cert) X509_add_ext(cert, ext, -1); + X509_EXTENSION_free(ext); + } + return 1; +} + diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c new file mode 100644 index 0000000000..8f22385859 --- /dev/null +++ b/crypto/x509v3/v3_extku.c @@ -0,0 +1,165 @@ +/* v3_extku.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include "x509v3.h" + +#ifndef NOPROTO +static STACK *v2i_ext_ku(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval); +static STACK *i2v_ext_ku(X509V3_EXT_METHOD *method, STACK *eku); +#else +static STACK *v2i_ext_ku(); +static STACK *i2v_ext_ku(); +#endif + +X509V3_EXT_METHOD v3_ext_ku = { +NID_ext_key_usage, 0, +(X509V3_EXT_NEW)ext_ku_new, +ext_ku_free, +(X509V3_EXT_D2I)d2i_ext_ku, +i2d_ext_ku, +NULL, NULL, +(X509V3_EXT_I2V)i2v_ext_ku, +(X509V3_EXT_V2I)v2i_ext_ku, +NULL, +NULL +}; + +STACK *ext_ku_new() +{ + return sk_new_null(); +} + +void ext_ku_free(eku) +STACK *eku; +{ + sk_pop_free(eku, ASN1_OBJECT_free); + return; +} + +int i2d_ext_ku(a,pp) +STACK *a; +unsigned char **pp; +{ + return i2d_ASN1_SET(a, pp, i2d_ASN1_OBJECT, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE); +} + +STACK *d2i_ext_ku(a,pp,length) +STACK **a; +unsigned char **pp; +long length; +{ + return d2i_ASN1_SET(a, pp, length, (char *(*)())(d2i_ASN1_OBJECT), + ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); +} + + + +static STACK *i2v_ext_ku(method, eku) +X509V3_EXT_METHOD *method; +STACK *eku; +{ +int i; +ASN1_OBJECT *obj; +char obj_tmp[80]; +STACK *ext_list = NULL; +for(i = 0; i < sk_num(eku); i++) { + obj = (ASN1_OBJECT *)sk_value(eku, i); + i2t_ASN1_OBJECT(obj_tmp, 80, obj); + X509V3_add_value(NULL, obj_tmp, &ext_list); +} +return ext_list; +} + +static STACK *v2i_ext_ku(method, ctx, nval) +X509V3_EXT_METHOD *method; +X509V3_CTX *ctx; +STACK *nval; +{ +STACK *extku; +char *extval; +ASN1_OBJECT *objtmp; +CONF_VALUE *val; +int i; + +if(!(extku = sk_new(NULL))) { + X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE); + return NULL; +} + +for(i = 0; i < sk_num(nval); i++) { + val = (CONF_VALUE *)sk_value(nval, i); + if(val->value) extval = val->value; + else extval = val->name; + if(!(objtmp = OBJ_txt2obj(extval, 0))) { + sk_pop_free(extku, ASN1_OBJECT_free); + X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); + return NULL; + } + sk_push(extku, (char *)objtmp); +} +return extku; +} diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c new file mode 100644 index 0000000000..13a1137288 --- /dev/null +++ b/crypto/x509v3/v3_ia5.c @@ -0,0 +1,127 @@ +/* v3_ia5.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include "x509v3.h" + +#ifndef NOPROTO +static ASN1_IA5STRING *ia5string_new(void); +static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); +#else +static ASN1_IA5STRING *ia5string_new(); +static char *i2s_ASN1_IA5STRING(); +static ASN1_IA5STRING *s2i_ASN1_IA5STRING(); +#endif + +X509V3_EXT_METHOD v3_ns_ia5_list[] = { +EXT_IA5STRING(NID_netscape_base_url), +EXT_IA5STRING(NID_netscape_revocation_url), +EXT_IA5STRING(NID_netscape_ca_revocation_url), +EXT_IA5STRING(NID_netscape_renewal_url), +EXT_IA5STRING(NID_netscape_ca_policy_url), +EXT_IA5STRING(NID_netscape_ssl_server_name), +EXT_IA5STRING(NID_netscape_comment), +EXT_END +}; + + +static ASN1_IA5STRING *ia5string_new(void) +{ + return ASN1_IA5STRING_new(); +} + +static char *i2s_ASN1_IA5STRING(method, ia5) +X509V3_EXT_METHOD *method; +ASN1_IA5STRING *ia5; +{ + char *tmp; + if(!ia5 || !ia5->length) return NULL; + tmp = Malloc(ia5->length + 1); + memcpy(tmp, ia5->data, ia5->length); + tmp[ia5->length] = 0; + return tmp; +} + +static ASN1_IA5STRING *s2i_ASN1_IA5STRING(method, ctx, str) +X509V3_EXT_METHOD *method; +X509V3_CTX *ctx; +char *str; +{ + ASN1_IA5STRING *ia5; + if(!str) { + X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT); + return NULL; + } + if(!(ia5 = ASN1_IA5STRING_new())) goto err; + if(!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) { + ASN1_IA5STRING_free(ia5); + goto err; + } + return ia5; + err: + X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); + return NULL; +} + diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c new file mode 100644 index 0000000000..bc159b4432 --- /dev/null +++ b/crypto/x509v3/v3_lib.c @@ -0,0 +1,158 @@ +/* v3_lib.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* X509 v3 extension utilities */ + +#include +#include +#include +#include +#include "x509v3.h" + +static STACK *ext_list = NULL; + +static ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b); +static void ext_list_free(X509V3_EXT_METHOD *ext); + +int X509V3_EXT_add(ext) +X509V3_EXT_METHOD *ext; +{ + if(!ext_list && !(ext_list = sk_new(ext_cmp))) { + X509V3err(X509V3_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE); + return 0; + } + if(!sk_push(ext_list, (char *)ext)) { + X509V3err(X509V3_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; +} + +static int ext_cmp(a, b) +X509V3_EXT_METHOD **a, **b; +{ + return ((*a)->ext_nid - (*b)->ext_nid); +} + +X509V3_EXT_METHOD *X509V3_EXT_get_nid(nid) +int nid; +{ + X509V3_EXT_METHOD tmp; + int idx; + tmp.ext_nid = nid; + if(!ext_list || (tmp.ext_nid < 0) ) return NULL; + idx = sk_find(ext_list, (char *)&tmp); + if(idx == -1) return NULL; + return (X509V3_EXT_METHOD *)sk_value(ext_list, idx); +} + +X509V3_EXT_METHOD *X509V3_EXT_get(ext) +X509_EXTENSION *ext; +{ + int nid; + if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL; + return X509V3_EXT_get_nid(nid); +} + +extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku, v3_ns_ia5_list[]; + +int X509V3_EXT_add_list(extlist) +X509V3_EXT_METHOD *extlist; +{ + for(;extlist->ext_nid!=-1;extlist++) + if(!X509V3_EXT_add(extlist)) return 0; + return 1; +} + +int X509V3_EXT_add_alias(nid_to, nid_from) +int nid_to, nid_from; +{ + X509V3_EXT_METHOD *ext, *tmpext; + if(!(ext = X509V3_EXT_get_nid(nid_from))) { + X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND); + return 0; + } + if(!(tmpext = (X509V3_EXT_METHOD *)Malloc(sizeof(X509V3_EXT_METHOD)))) { + X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE); + return 0; + } + *tmpext = *ext; + tmpext->ext_nid = nid_to; + tmpext->ext_flags = X509V3_EXT_DYNAMIC; + return 1; +} + +void X509V3_EXT_cleanup() +{ + sk_pop_free(ext_list, ext_list_free); +} + +static void ext_list_free(ext) +X509V3_EXT_METHOD *ext; +{ + if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext); +} + +int X509V3_add_standard_extensions() +{ + X509V3_EXT_add_list(v3_ns_ia5_list); + X509V3_EXT_add(&v3_bcons); + X509V3_EXT_add(&v3_nscert); + X509V3_EXT_add(&v3_key_usage); + X509V3_EXT_add(&v3_ext_ku); + return 1; +} diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c new file mode 100644 index 0000000000..c9755582ae --- /dev/null +++ b/crypto/x509v3/v3_prn.c @@ -0,0 +1,134 @@ +/* v3_prn.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* X509 v3 extension utilities */ + +#include +#include +#include +#include +#include "x509v3.h" + +/* Extension printing routines */ + +/* Print out a name+value stack */ + +void X509V3_EXT_val_prn(out, val) +BIO *out; +STACK *val; +{ + int i; + CONF_VALUE *nval; + if(!val) return; + for(i = 0; i < sk_num(val); i++) { + if(i > 0) BIO_printf(out, ", "); + nval = (CONF_VALUE *)sk_value(val, i); + if(!nval->name) BIO_printf(out, "%s", nval->value); + else if(!nval->value) BIO_printf(out, "%s", nval->name); + else BIO_printf(out, "%s:%s", nval->name, nval->value); + } +} + +/* Main routine: print out a general extension */ + +int X509V3_EXT_print(out, ext, flag) +BIO *out; +X509_EXTENSION *ext; +int flag; +{ + char *ext_str = NULL, *p, *value = NULL; + X509V3_EXT_METHOD *method; + STACK *nval = NULL; + int ok = 1; + if(!(method = X509V3_EXT_get(ext))) return 0; + p = ext->value->data; + if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0; + if(method->i2s) { + if(!(value = method->i2s(method, ext_str))) { + ok = 0; + goto err; + } + BIO_printf(out, value); + } else if(method->i2v) { + if(!(nval = method->i2v(method, ext_str))) { + ok = 0; + goto err; + } + X509V3_EXT_val_prn(out, nval); + } else if(method->i2r) { + if(!method->i2r(method, ext_str, out)) ok = 0; + } else ok = 0; + + err: + sk_pop_free(nval, X509V3_conf_free); + if(value) Free(value); + method->ext_free(ext_str); + return ok; +} + +int X509V3_EXT_print_fp(fp, ext, flag) +FILE *fp; +X509_EXTENSION *ext; +int flag; +{ + BIO *bio_tmp; + int ret; + if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0; + ret = X509V3_EXT_print(bio_tmp, ext, flag); + BIO_free(bio_tmp); + return ret; +} diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c new file mode 100644 index 0000000000..a9068a2f0d --- /dev/null +++ b/crypto/x509v3/v3_utl.c @@ -0,0 +1,312 @@ +/* v3_utl.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* X509 v3 extension utilities */ + +#include +#include +#include +#include +#include +#include "x509v3.h" + +static char * str_dup(char *str); +static char *strip_spaces(char *name); + +static char *str_dup(str) +char *str; +{ + char *tmp; + if(!(tmp = Malloc(strlen(str) + 1))) return NULL; + strcpy(tmp, str); + return tmp; +} + +/* Add a CONF_VALUE name value pair to stack */ + +int X509V3_add_value(name, value, extlist) +char *name; +char *value; +STACK **extlist; +{ + CONF_VALUE *vtmp = NULL; + char *tname = NULL, *tvalue = NULL; + if(name && !(tname = str_dup(name))) goto err; + if(value && !(tvalue = str_dup(value))) goto err;; + if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err; + if(!*extlist && !(*extlist = sk_new(NULL))) goto err; + vtmp->section = NULL; + vtmp->name = tname; + vtmp->value = tvalue; + if(!sk_push(*extlist, (char *)vtmp)) goto err; + return 1; + err: + X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE); + if(vtmp) Free(vtmp); + if(tname) Free(tname); + if(tvalue) Free(tvalue); + return 0; +} + +/* Free function for STACK of CONF_VALUE */ + +void X509V3_conf_free(conf) +CONF_VALUE *conf; +{ + if(!conf) return; + if(conf->name) Free(conf->name); + if(conf->value) Free(conf->value); + if(conf->section) Free(conf->section); + Free((char *)conf); +} + +int X509V3_add_value_bool(name, asn1_bool, extlist) +char *name; +int asn1_bool; +STACK **extlist; +{ + if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); + return X509V3_add_value(name, "FALSE", extlist); +} + +int X509V3_add_value_bool_nf(name, asn1_bool, extlist) +char *name; +int asn1_bool; +STACK **extlist; +{ + if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); + return 1; +} + +int X509V3_add_value_int(name, aint, extlist) +char *name; +ASN1_INTEGER *aint; +STACK **extlist; +{ + BIGNUM *bntmp; + char *strtmp; + int ret; + if(!aint) return 1; + bntmp = ASN1_INTEGER_to_BN(aint, NULL); + strtmp = BN_bn2dec(bntmp); + ret = X509V3_add_value(name, strtmp, extlist); + BN_free(bntmp); + Free(strtmp); + return ret; +} + +int X509V3_get_value_bool(value, asn1_bool) +CONF_VALUE *value; +int *asn1_bool; +{ + char *btmp; + if(!(btmp = value->value)) goto err; + if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") + || !strcmp(btmp, "Y") || !strcmp(btmp, "y") + || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { + *asn1_bool = 0xff; + return 1; + } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") + || !strcmp(btmp, "N") || !strcmp(btmp, "n") + || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { + *asn1_bool = 0; + return 1; + } + err: + X509V3err(X509V3_F_X509V3_VALUE_GET_BOOL,X509V3_R_INVALID_BOOLEAN_STRING); + X509V3_conf_err(value); + return 0; +} + +int X509V3_get_value_int(value, aint) +CONF_VALUE *value; +ASN1_INTEGER **aint; +{ + BIGNUM *bn = NULL; + bn = BN_new(); + if(!value->value) { + X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_INVALID_NULL_VALUE); + X509V3_conf_err(value); + return 0; + } + if(!BN_dec2bn(&bn, value->value)) { + X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_BN_DEC2BN_ERROR); + X509V3_conf_err(value); + return 0; + } + + if(!(*aint = BN_to_ASN1_INTEGER(bn, NULL))) { + X509V3err(X509V3_F_X509V3_GET_VALUE_INT,X509V3_R_BN_TO_ASN1_INTEGER_ERROR); + X509V3_conf_err(value); + return 0; + } + BN_free(bn); + return 1; +} + +#define HDR_NAME 1 +#define HDR_VALUE 2 + +/*#define DEBUG*/ + +STACK *X509V3_parse_list(line) +char *line; +{ + char *p, *q, c; + char *ntmp, *vtmp; + STACK *values = NULL; + char *linebuf; + int state; + /* We are going to modify the line so copy it first */ + linebuf = str_dup(line); + state = HDR_NAME; + ntmp = NULL; + /* Go through all characters */ + for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { + + switch(state) { + case HDR_NAME: + if(c == ':') { + state = HDR_VALUE; + *p = 0; + ntmp = strip_spaces(q); + if(!ntmp) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); + goto err; + } + q = p + 1; + } else if(c == ',') { + *p = 0; + ntmp = strip_spaces(q); + q = p + 1; +#ifdef DEBUG + printf("%s\n", ntmp); +#endif + if(!ntmp) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); + goto err; + } + X509V3_add_value(ntmp, NULL, &values); + } + break ; + + case HDR_VALUE: + if(c == ',') { + state = HDR_NAME; + *p = 0; + vtmp = strip_spaces(q); +#ifdef DEBUG + printf("%s\n", ntmp); +#endif + if(!vtmp) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); + goto err; + } + X509V3_add_value(ntmp, vtmp, &values); + ntmp = NULL; + q = p + 1; + } + + } + } + + if(state == HDR_VALUE) { + vtmp = strip_spaces(q); +#ifdef DEBUG + printf("%s=%s\n", ntmp, vtmp); +#endif + if(!vtmp) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); + goto err; + } + X509V3_add_value(ntmp, vtmp, &values); + } else { + ntmp = strip_spaces(q); +#ifdef DEBUG + printf("%s\n", ntmp); +#endif + if(!ntmp) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); + goto err; + } + X509V3_add_value(ntmp, NULL, &values); + } +Free(linebuf); +return values; + +err: +Free(linebuf); +sk_pop_free(values, X509V3_conf_free); +return NULL; + +} + +/* Delete leading and trailing spaces from a string */ +static char *strip_spaces(name) +char *name; +{ + char *p, *q; + /* Skip over leading spaces */ + p = name; + while(*p && isspace(*p)) p++; + if(!*p) return NULL; + q = p + strlen(p) - 1; + while((q != p) && isspace(*q)) q--; + if(p != q) q[1] = 0; + if(!*p) return NULL; + return p; +} diff --git a/crypto/x509v3/v3conf.c b/crypto/x509v3/v3conf.c new file mode 100644 index 0000000000..e0b097b335 --- /dev/null +++ b/crypto/x509v3/v3conf.c @@ -0,0 +1,127 @@ +/* v3conf.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#include +#include +#include +#include +#include +#include "x509v3.h" + +/* Test application to add extensions from a config file */ + +int main(argc, argv) +int argc; +char **argv; +{ + LHASH *conf; + X509 *cert; + FILE *inf; + char *conf_file; + int i; + int count; + X509_EXTENSION *ext; + X509V3_add_standard_extensions(); + ERR_load_crypto_strings(); + if(!argv[1]) { + fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n"); + exit(1); + } + conf_file = argv[2]; + if(!conf_file) conf_file = "test.cnf"; + conf = CONF_load(NULL, "test.cnf", NULL); + if(!conf) { + fprintf(stderr, "Error opening Config file %s\n", conf_file); + ERR_print_errors_fp(stderr); + exit(1); + } + + inf = fopen(argv[1], "r"); + if(!inf) { + fprintf(stderr, "Can't open certificate file %s\n", argv[1]); + exit(1); + } + cert = PEM_read_X509(inf, NULL, NULL); + if(!cert) { + fprintf(stderr, "Error reading certificate file %s\n", argv[1]); + exit(1); + } + fclose(inf); + + sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free); + cert->cert_info->extensions = NULL; + + if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) { + fprintf(stderr, "Error adding extensions\n"); + ERR_print_errors_fp(stderr); + exit(1); + } + + count = X509_get_ext_count(cert); + printf("%d extensions\n", count); + for(i = 0; i < count; i++) { + ext = X509_get_ext(cert, i); + printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object))); + if(ext->critical) printf(",critical:\n"); + else printf(":\n"); + X509V3_EXT_print_fp(stdout, ext, 0); + printf("\n"); + + } + return 0; +} + diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c new file mode 100644 index 0000000000..b250953083 --- /dev/null +++ b/crypto/x509v3/v3err.c @@ -0,0 +1,112 @@ +/* lib/x509v3/x509v3_err.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#include +#include "err.h" +#include "x509v3.h" + +/* BEGIN ERROR CODES */ +#ifndef NO_ERR +static ERR_STRING_DATA X509V3_str_functs[]= + { +{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"}, +{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, +{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, +{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"}, +{ERR_PACK(0,X509V3_F_X509V3_ADD_EXT,0), "X509V3_ADD_EXT"}, +{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"}, +{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, +{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"}, +{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_INT,0), "X509V3_get_value_int"}, +{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, +{ERR_PACK(0,X509V3_F_X509V3_VALUE_GET_BOOL,0), "X509V3_VALUE_GET_BOOL"}, +{0,NULL}, + }; + +static ERR_STRING_DATA X509V3_str_reasons[]= + { +{X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"}, +{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"}, +{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"}, +{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"}, +{X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"}, +{X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"}, +{X509V3_R_INVALID_NAME ,"invalid name"}, +{X509V3_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, +{X509V3_R_INVALID_NULL_NAME ,"invalid null name"}, +{X509V3_R_INVALID_NULL_VALUE ,"invalid null value"}, +{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"}, +{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"}, +{0,NULL}, + }; + +#endif + +void ERR_load_X509V3_strings() + { + static int init=1; + + if (init) + { + init=0; +#ifndef NO_ERR + ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs); + ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons); +#endif + + } + } diff --git a/crypto/x509v3/v3prin.c b/crypto/x509v3/v3prin.c new file mode 100644 index 0000000000..6475fb97b1 --- /dev/null +++ b/crypto/x509v3/v3prin.c @@ -0,0 +1,97 @@ +/* v3prin.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#include +#include +#include +#include +#include "x509v3.h" + +int main(argc, argv) +int argc; +char **argv; +{ + X509 *cert; + FILE *inf; + int i, count; + X509_EXTENSION *ext; + X509V3_add_standard_extensions(); + if(!argv[1]) { + fprintf(stderr, "Usage v3prin cert.pem\n"); + exit(1); + } + if(!(inf = fopen(argv[1], "r"))) { + fprintf(stderr, "Can't open %s\n", argv[1]); + exit(1); + } + if(!(cert = PEM_read_X509(inf, NULL, NULL))) { + fprintf(stderr, "Can't read certificate %s\n", argv[1]); + ERR_print_errors_fp(stderr); + exit(1); + } + fclose(inf); + count = X509_get_ext_count(cert); + printf("%d extensions\n", count); + for(i = 0; i < count; i++) { + ext = X509_get_ext(cert, i); + printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object))); + X509V3_EXT_print_fp(stdout, ext, 0); + printf("\n"); + + } + return 0; +} diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index d7945bc9cd..79bb903ccf 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -1,87 +1,269 @@ -/* crypto/x509v3/x509v3.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* x509v3.h */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * */ -#define X509v3_N_KU_digitalSignature 0 -#define X509v3_N_KU_nonRepudiation 1 -#define X509v3_N_KU_keyEncipherment 2 -#define X509v3_N_KU_dataEncipherment 3 -#define X509v3_N_KU_keyAgreement 4 -#define X509v3_N_KU_keyCertSign 5 -#define X509v3_N_KU_cRLSign 6 -#define X509v3_N_KU_encipherOnly 7 -#define X509v3_N_KU_decipherOnly 8 -#define X509v3_N_KU_NUM 9 -#define X509v3_S_KU_digitalSignature "digitalSignature" -#define X509v3_S_KU_nonRepudiation "nonRepudiation" -#define X509v3_S_KU_keyEncipherment "keyEncipherment" -#define X509v3_S_KU_dataEncipherment "dataEncipherment" -#define X509v3_S_KU_keyAgreement "keyAgreement" -#define X509v3_S_KU_keyCertSign "keyCertSign" -#define X509v3_S_KU_cRLSign "cRLSign" -#define X509v3_S_KU_encipherOnly "encipherOnly" -#define X509v3_S_KU_decipherOnly "decipherOnly" - - -void X509_ex_clear(X509_EXTENSION *a); -int X509_ex_get_bool(X509_EXTENSION *a,int num); -int X509_ex_set_bool(X509_EXTENSION *a,int num,int value); -int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len); -int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len); -char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p); -int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p); -int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len); -int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a); +#ifndef HEADER_X509V3_H +#define HEADER_X509V3_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "bio.h" +#include "x509.h" + +/* Forward reference */ +struct v3_ext_method; +struct v3_ext_ctx; + +/* Useful typedefs */ + +typedef char * (*X509V3_EXT_NEW)(); +typedef void (*X509V3_EXT_FREE)(); +typedef char * (*X509V3_EXT_D2I)(); +typedef int (*X509V3_EXT_I2D)(); +typedef STACK * (*X509V3_EXT_I2V)(struct v3_ext_method *method, char *ext); +typedef char * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK *values); +typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, char *ext); +typedef char * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); +typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out); + +/* V3 extension structure */ + +struct v3_ext_method { +int ext_nid; +int ext_flags; +X509V3_EXT_NEW ext_new; +X509V3_EXT_FREE ext_free; +X509V3_EXT_D2I d2i; +X509V3_EXT_I2D i2d; + +/* The following pair is used for string extensions */ +X509V3_EXT_I2S i2s; +X509V3_EXT_S2I s2i; + +/* The following pair is used for multi-valued extensions */ +X509V3_EXT_I2V i2v; +X509V3_EXT_V2I v2i; + +/* The following is used for raw extensions */ +X509V3_EXT_I2R i2r; + +char *usr_data; /* Any extension specific data */ +}; + +/* Context specific info */ +struct v3_ctx_struct { +X509 *issuer_cert; +X509 *subject_cert; +X509_REQ *subject_req; +/* Maybe more here */ +}; + +typedef struct v3_ext_method X509V3_EXT_METHOD; +typedef struct v3_ext_ctx X509V3_CTX; + +/* ext_flags values */ +#define X509V3_EXT_DYNAMIC 0x1 + +typedef struct { +int bitnum; +char *lname; +char *sname; +} BIT_STRING_BITNAME; + +typedef struct { +int ca; +ASN1_INTEGER *pathlen; +} BASIC_CONSTRAINTS; + +#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ +",name:", val->name, ",value:", val->value); + +#define EXT_BITSTRING(nid, table) { nid, 0, \ + (X509V3_EXT_NEW)asn1_bit_string_new, ASN1_STRING_free, \ + (X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \ + i2d_ASN1_BIT_STRING, \ + NULL, NULL, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ + NULL, \ + (char *)table} + +#define EXT_IA5STRING(nid) { nid, 0, \ + (X509V3_EXT_NEW)ia5string_new, ASN1_STRING_free, \ + (X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \ + i2d_ASN1_IA5STRING, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ + NULL, NULL, NULL, \ + NULL} + +#define EXT_END { -1, 0, NULL, NULL, NULL, NULL, NULL, NULL, \ + NULL, NULL, NULL, \ + NULL} + +#ifndef NOPROTO +void ERR_load_X509V3_strings(void); +void ERR_X509V3_error(int function, int reason, char *file, int line); +int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp); +BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length); +BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void); +void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a); + +int i2d_ext_ku(STACK *a, unsigned char **pp); +STACK *d2i_ext_ku(STACK **a, unsigned char **pp, long length); +void ext_ku_free(STACK *a); +STACK *ext_ku_new(void); + +#ifdef HEADER_CONF_H +void X509V3_conf_free(CONF_VALUE *val); +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); +int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); +int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); +#endif + +int X509V3_add_value(char *name, char *value, STACK **extlist); +int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist); +int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist); +int X509V3_EXT_add(X509V3_EXT_METHOD *ext); +int X509V3_EXT_add_alias(int nid_to, int nid_from); +void X509V3_EXT_cleanup(void); + +X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +int X509V3_add_standard_extensions(void); +STACK *X509V3_parse_list(char *line); + +int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag); +int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag); + +#else + +void ERR_load_X509V3_strings(); +void ERR_X509V3_error(); +int i2d_BASIC_CONSTRAINTS(); +BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(); +BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(); +void BASIC_CONSTRAINTS_free(); + +int i2d_ext_ku(); +STACK *d2i_ext_ku(); +void ext_ku_free(); +STACK *ext_ku_new(); + +#ifdef HEADER_CONF_H +void X509V3_conf_free(); +X509_EXTENSION *X509V3_EXT_conf_nid(); +X509_EXTENSION *X509V3_EXT_conf(); +int X509V3_EXT_add_conf(); +int X509V3_get_value_bool(); +int X509V3_get_value_int(); +#endif + +int X509V3_add_value(); +int X509V3_add_value_bool(); +int X509V3_add_value_int(); +int X509V3_EXT_add(); +int X509V3_EXT_add_alias(); +void X509V3_EXT_cleanup(); + +X509V3_EXT_METHOD *X509V3_EXT_get(); +X509V3_EXT_METHOD *X509V3_EXT_get_nid(); +int X509V3_add_standard_extensions(); +STACK *X509V3_parse_list(); + +int X509V3_EXT_print(); +int X509V3_EXT_print_fp(); +#endif + +/* BEGIN ERROR CODES */ +/* Error codes for the X509V3 functions. */ + +/* Function codes. */ +#define X509V3_F_S2I_ASN1_IA5STRING 100 +#define X509V3_F_V2I_ASN1_BIT_STRING 101 +#define X509V3_F_V2I_BASIC_CONSTRAINTS 102 +#define X509V3_F_V2I_EXT_KU 103 +#define X509V3_F_X509V3_ADD_EXT 104 +#define X509V3_F_X509V3_ADD_VALUE 105 +#define X509V3_F_X509V3_EXT_ADD_ALIAS 106 +#define X509V3_F_X509V3_EXT_CONF 107 +#define X509V3_F_X509V3_GET_VALUE_INT 108 +#define X509V3_F_X509V3_PARSE_LIST 109 +#define X509V3_F_X509V3_VALUE_GET_BOOL 110 + +/* Reason codes. */ +#define X509V3_R_BN_DEC2BN_ERROR 100 +#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +#define X509V3_R_EXTENSION_NOT_FOUND 102 +#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +#define X509V3_R_INVALID_BOOLEAN_STRING 104 +#define X509V3_R_INVALID_EXTENSION_STRING 105 +#define X509V3_R_INVALID_NAME 106 +#define X509V3_R_INVALID_NULL_ARGUMENT 107 +#define X509V3_R_INVALID_NULL_NAME 108 +#define X509V3_R_INVALID_NULL_VALUE 109 +#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 + +#ifdef __cplusplus +} +#endif +#endif + -- 2.25.1