diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2000-12-08 19:09:35 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2000-12-08 19:09:35 +0000 |
commit | 9d6b1ce6441c7cc6aed344f02d9f676ab5e04217 (patch) | |
tree | 7329435a21d3289cb3caad6d3d6c065f484373e1 /crypto/x509v3 | |
parent | 66ebbb6a56bc1688fa37878e4feec985b0c260d7 (diff) |
Merge from the ASN1 branch of new ASN1 code
to main trunk.
Lets see if the makes it to openssl-cvs :-)
Diffstat (limited to 'crypto/x509v3')
-rw-r--r-- | crypto/x509v3/Makefile.ssl | 42 | ||||
-rw-r--r-- | crypto/x509v3/v3_akey.c | 64 | ||||
-rw-r--r-- | crypto/x509v3/v3_alt.c | 28 | ||||
-rw-r--r-- | crypto/x509v3/v3_bcons.c | 50 | ||||
-rw-r--r-- | crypto/x509v3/v3_cpols.c | 317 | ||||
-rw-r--r-- | crypto/x509v3/v3_crld.c | 169 | ||||
-rw-r--r-- | crypto/x509v3/v3_extku.c | 57 | ||||
-rw-r--r-- | crypto/x509v3/v3_genn.c | 264 | ||||
-rw-r--r-- | crypto/x509v3/v3_info.c | 98 | ||||
-rw-r--r-- | crypto/x509v3/v3_pku.c | 52 | ||||
-rw-r--r-- | crypto/x509v3/v3_purp.c | 4 | ||||
-rw-r--r-- | crypto/x509v3/v3_sxnet.c | 97 | ||||
-rw-r--r-- | crypto/x509v3/v3_utl.c | 8 | ||||
-rw-r--r-- | crypto/x509v3/v3conf.c | 1 | ||||
-rw-r--r-- | crypto/x509v3/v3prin.c | 2 | ||||
-rw-r--r-- | crypto/x509v3/x509v3.h | 178 |
16 files changed, 281 insertions, 1150 deletions
diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 5db86b9bef..0c59c84041 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -83,7 +83,7 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h @@ -126,7 +126,7 @@ v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h -v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h @@ -191,7 +191,7 @@ v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h -v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h @@ -213,7 +213,7 @@ v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_cpols.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_cpols.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h v3_cpols.o: ../cryptlib.h -v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h @@ -256,19 +256,19 @@ v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h -v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3_extku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -v3_extku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_extku.o: ../../include/openssl/des.h ../../include/openssl/dh.h -v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h -v3_extku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h -v3_extku.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_extku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -v3_extku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_extku.o: ../../include/openssl/opensslconf.h +v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +v3_extku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +v3_extku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_extku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h +v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +v3_extku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_extku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h +v3_extku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +v3_extku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h +v3_extku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h v3_extku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h v3_extku.o: ../../include/openssl/rc5.h ../../include/openssl/rd_fst.h @@ -278,7 +278,7 @@ v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_extku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_extku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h v3_extku.o: ../cryptlib.h -v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h @@ -321,7 +321,7 @@ v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h -v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h @@ -385,7 +385,7 @@ v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h -v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h v3_pku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h @@ -470,7 +470,7 @@ v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h -v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c index 0889a18993..9ca3c88cd4 100644 --- a/crypto/x509v3/v3_akey.c +++ b/crypto/x509v3/v3_akey.c @@ -60,7 +60,7 @@ #include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> -#include <openssl/asn1_mac.h> +#include <openssl/asn1t.h> #include <openssl/x509v3.h> static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, @@ -81,59 +81,13 @@ NULL,NULL, NULL }; +ASN1_SEQUENCE(AUTHORITY_KEYID) = { + ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0), + ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1), + ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2) +} ASN1_SEQUENCE_END(AUTHORITY_KEYID); -int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING); - M_ASN1_I2D_len_IMP_opt (a->issuer, i2d_GENERAL_NAMES); - M_ASN1_I2D_len_IMP_opt (a->serial, i2d_ASN1_INTEGER); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING, 0); - M_ASN1_I2D_put_IMP_opt (a->issuer, i2d_GENERAL_NAMES, 1); - M_ASN1_I2D_put_IMP_opt (a->serial, i2d_ASN1_INTEGER, 2); - - M_ASN1_I2D_finish(); -} - -AUTHORITY_KEYID *AUTHORITY_KEYID_new(void) -{ - AUTHORITY_KEYID *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, AUTHORITY_KEYID); - ret->keyid = NULL; - ret->issuer = NULL; - ret->serial = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_AUTHORITY_KEYID_NEW); -} - -AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, - long length) -{ - M_ASN1_D2I_vars(a,AUTHORITY_KEYID *,AUTHORITY_KEYID_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_IMP_opt (ret->keyid, d2i_ASN1_OCTET_STRING, 0, - V_ASN1_OCTET_STRING); - M_ASN1_D2I_get_IMP_opt (ret->issuer, d2i_GENERAL_NAMES, 1, - V_ASN1_SEQUENCE); - M_ASN1_D2I_get_IMP_opt (ret->serial, d2i_ASN1_INTEGER, 2, - V_ASN1_INTEGER); - M_ASN1_D2I_Finish(a, AUTHORITY_KEYID_free, ASN1_F_D2I_AUTHORITY_KEYID); -} - -void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a) -{ - if (a == NULL) return; - M_ASN1_OCTET_STRING_free(a->keyid); - sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free); - M_ASN1_INTEGER_free (a->serial); - OPENSSL_free (a); -} +IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID) static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) @@ -171,7 +125,7 @@ int i; CONF_VALUE *cnf; ASN1_OCTET_STRING *ikeyid = NULL; X509_NAME *isname = NULL; -STACK_OF(GENERAL_NAME) * gens = NULL; +GENERAL_NAMES * gens = NULL; GENERAL_NAME *gen = NULL; ASN1_INTEGER *serial = NULL; X509_EXTENSION *ext; @@ -192,8 +146,6 @@ for(i = 0; i < sk_CONF_VALUE_num(values); i++) { } } - - if(!ctx || !ctx->issuer_cert) { if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new(); X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 733919f250..52c4f54679 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -61,10 +61,10 @@ #include <openssl/conf.h> #include <openssl/x509v3.h> -static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens); -static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens); +static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens); +static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); X509V3_EXT_METHOD v3_alt[] = { { NID_subject_alt_name, 0, (X509V3_EXT_NEW)GENERAL_NAMES_new, @@ -87,7 +87,7 @@ NULL, NULL, NULL}, }; STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_NAME) *gens, STACK_OF(CONF_VALUE) *ret) + GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret) { int i; GENERAL_NAME *gen; @@ -154,10 +154,10 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, return ret; } -static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, +static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - STACK_OF(GENERAL_NAME) *gens = NULL; + GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; if(!(gens = sk_GENERAL_NAME_new_null())) { @@ -184,9 +184,9 @@ static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, /* Append subject altname of issuer to issuer alt name of subject */ -static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) +static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) { - STACK_OF(GENERAL_NAME) *ialt; + GENERAL_NAMES *ialt; GENERAL_NAME *gen; X509_EXTENSION *ext; int i; @@ -219,10 +219,10 @@ static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) } -static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, +static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - STACK_OF(GENERAL_NAME) *gens = NULL; + GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; if(!(gens = sk_GENERAL_NAME_new_null())) { @@ -251,7 +251,7 @@ static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, * GENERAL_NAMES */ -static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) +static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens) { X509_NAME *nm; ASN1_IA5STRING *email = NULL; @@ -297,11 +297,11 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) } -STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, +GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { GENERAL_NAME *gen; - STACK_OF(GENERAL_NAME) *gens = NULL; + GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; if(!(gens = sk_GENERAL_NAME_new_null())) { diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c index c576b8e955..7dc866db7e 100644 --- a/crypto/x509v3/v3_bcons.c +++ b/crypto/x509v3/v3_bcons.c @@ -60,7 +60,7 @@ #include <stdio.h> #include "cryptlib.h" #include <openssl/asn1.h> -#include <openssl/asn1_mac.h> +#include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> @@ -80,51 +80,13 @@ NULL,NULL, NULL }; +ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { + ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN), + ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER) +} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS); -int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN); - M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER); - - M_ASN1_I2D_seq_total(); - - if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN); - M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER); - M_ASN1_I2D_finish(); -} - -BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void) -{ - BASIC_CONSTRAINTS *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS); - ret->ca = 0; - ret->pathlen = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW); -} +IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) -BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, - unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == - (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) { - M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN); - } - M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER); - M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS); -} - -void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a) -{ - if (a == NULL) return; - M_ASN1_INTEGER_free (a->pathlen); - OPENSSL_free (a); -} static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist) diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 8203ed7571..47e08c8fb8 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -60,7 +60,7 @@ #include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> -#include <openssl/asn1_mac.h> +#include <openssl/asn1t.h> #include <openssl/x509v3.h> /* Certificate policies extension support: this one is a bit complex... */ @@ -88,6 +88,46 @@ NULL, NULL, NULL }; +ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) +ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES); + +IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) + +ASN1_SEQUENCE(POLICYINFO) = { + ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), + ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) +} ASN1_SEQUENCE_END(POLICYINFO); + +IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) + +ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); + +ASN1_ADB(POLICYQUALINFO) = { + ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), + ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) +} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL); + +ASN1_SEQUENCE(POLICYQUALINFO) = { + ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), + ASN1_ADB_OBJECT(POLICYQUALINFO) +} ASN1_SEQUENCE_END(POLICYQUALINFO); + +IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO) + +ASN1_SEQUENCE(USERNOTICE) = { + ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), + ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) +} ASN1_SEQUENCE_END(USERNOTICE); + +IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE) + +ASN1_SEQUENCE(NOTICEREF) = { + ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), + ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) +} ASN1_SEQUENCE_END(NOTICEREF); + +IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value) @@ -327,83 +367,6 @@ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, return 1; } - -int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp) -{ - -return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL, IS_SEQUENCE);} - -STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void) -{ - return sk_POLICYINFO_new_null(); -} - -void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a) -{ - sk_POLICYINFO_pop_free(a, POLICYINFO_free); -} - -STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a, - unsigned char **pp,long length) -{ -return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO, - POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); - -} - -IMPLEMENT_STACK_OF(POLICYINFO) -IMPLEMENT_ASN1_SET_OF(POLICYINFO) - -int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT); - M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers, - i2d_POLICYQUALINFO); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT); - M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers, - i2d_POLICYQUALINFO); - - M_ASN1_I2D_finish(); -} - -POLICYINFO *POLICYINFO_new(void) -{ - POLICYINFO *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, POLICYINFO); - ret->policyid = NULL; - ret->qualifiers = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW); -} - -POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp,long length) -{ - M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT); - if(!M_ASN1_D2I_end_sequence()) { - M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers, - d2i_POLICYQUALINFO, POLICYQUALINFO_free); - } - M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO); -} - -void POLICYINFO_free(POLICYINFO *a) -{ - if (a == NULL) return; - ASN1_OBJECT_free(a->policyid); - sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free); - OPENSSL_free (a); -} - static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent) { @@ -459,202 +422,4 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", notice->exptext->data); } - - - -int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT); - switch(OBJ_obj2nid(a->pqualid)) { - case NID_id_qt_cps: - M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING); - break; - - case NID_id_qt_unotice: - M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE); - break; - - default: - M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE); - break; - } - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT); - switch(OBJ_obj2nid(a->pqualid)) { - case NID_id_qt_cps: - M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING); - break; - - case NID_id_qt_unotice: - M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE); - break; - - default: - M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE); - break; - } - - M_ASN1_I2D_finish(); -} - -POLICYQUALINFO *POLICYQUALINFO_new(void) -{ - POLICYQUALINFO *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, POLICYQUALINFO); - ret->pqualid = NULL; - ret->d.other = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW); -} - -POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp, - long length) -{ - M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT); - switch(OBJ_obj2nid(ret->pqualid)) { - case NID_id_qt_cps: - M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING); - break; - - case NID_id_qt_unotice: - M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE); - break; - - default: - M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE); - break; - } - M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO); -} - -void POLICYQUALINFO_free(POLICYQUALINFO *a) -{ - if (a == NULL) return; - switch(OBJ_obj2nid(a->pqualid)) { - case NID_id_qt_cps: - M_ASN1_IA5STRING_free(a->d.cpsuri); - break; - - case NID_id_qt_unotice: - USERNOTICE_free(a->d.usernotice); - break; - - default: - ASN1_TYPE_free(a->d.other); - break; - } - - ASN1_OBJECT_free(a->pqualid); - OPENSSL_free (a); -} - -int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF); - M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF); - M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT); - - M_ASN1_I2D_finish(); -} - -USERNOTICE *USERNOTICE_new(void) -{ - USERNOTICE *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, USERNOTICE); - ret->noticeref = NULL; - ret->exptext = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW); -} - -USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp,long length) -{ - M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE); - if (!M_ASN1_D2I_end_sequence()) { - M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT); - } - M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE); -} - -void USERNOTICE_free(USERNOTICE *a) -{ - if (a == NULL) return; - NOTICEREF_free(a->noticeref); - M_DISPLAYTEXT_free(a->exptext); - OPENSSL_free (a); -} - -int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT); - M_ASN1_I2D_len_SEQUENCE_type(ASN1_INTEGER, a->noticenos, - i2d_ASN1_INTEGER); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT); - M_ASN1_I2D_put_SEQUENCE_type(ASN1_INTEGER, a->noticenos, - i2d_ASN1_INTEGER); - - M_ASN1_I2D_finish(); -} - -NOTICEREF *NOTICEREF_new(void) -{ - NOTICEREF *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, NOTICEREF); - ret->organization = NULL; - ret->noticenos = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW); -} - -NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length) -{ - M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - /* This is to cope with some broken encodings that use IA5STRING for - * the organization field - */ - M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING, - V_ASN1_IA5STRING); - if(!ret->organization) { - M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT); - } - M_ASN1_D2I_get_seq_type(ASN1_INTEGER, ret->noticenos, d2i_ASN1_INTEGER, - ASN1_STRING_free); - M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF); -} - -void NOTICEREF_free(NOTICEREF *a) -{ - if (a == NULL) return; - M_DISPLAYTEXT_free(a->organization); - sk_ASN1_INTEGER_pop_free(a->noticenos, ASN1_STRING_free); - OPENSSL_free (a); -} -IMPLEMENT_STACK_OF(POLICYQUALINFO) -IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO) diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 67feea4017..b1963a26e4 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -60,7 +60,7 @@ #include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> -#include <openssl/asn1_mac.h> +#include <openssl/asn1t.h> #include <openssl/x509v3.h> static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, @@ -87,16 +87,16 @@ static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, int i; for(i = 0; i < sk_DIST_POINT_num(crld); i++) { point = sk_DIST_POINT_value(crld, i); - if(point->distpoint && point->distpoint->fullname) { - exts = i2v_GENERAL_NAMES(NULL, - point->distpoint->fullname, exts); + if(point->distpoint) { + if(point->distpoint->type == 0) + exts = i2v_GENERAL_NAMES(NULL, + point->distpoint->name.fullname, exts); + else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts); } if(point->reasons) X509V3_add_value("reasons","<UNSUPPORTED>", &exts); if(point->CRLissuer) X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts); - if(point->distpoint && point->distpoint->relativename) - X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts); } return exts; } @@ -105,7 +105,7 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { STACK_OF(DIST_POINT) *crld = NULL; - STACK_OF(GENERAL_NAME) *gens = NULL; + GENERAL_NAMES *gens = NULL; GENERAL_NAME *gen = NULL; CONF_VALUE *cnf; int i; @@ -123,7 +123,8 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, goto merr; } if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr; - point->distpoint->fullname = gens; + point->distpoint->name.fullname = gens; + point->distpoint->type = 0; gens = NULL; } return crld; @@ -137,149 +138,27 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, return NULL; } -int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp) -{ - -return i2d_ASN1_SET_OF_DIST_POINT(a, pp, i2d_DIST_POINT, V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL, IS_SEQUENCE);} - -STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void) -{ - return sk_DIST_POINT_new_null(); -} - -void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a) -{ - sk_DIST_POINT_pop_free(a, DIST_POINT_free); -} - -STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a, - unsigned char **pp,long length) -{ -return d2i_ASN1_SET_OF_DIST_POINT(a, pp, length, d2i_DIST_POINT, - DIST_POINT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); - -} - IMPLEMENT_STACK_OF(DIST_POINT) IMPLEMENT_ASN1_SET_OF(DIST_POINT) -int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp) -{ - int v = 0; - M_ASN1_I2D_vars(a); - /* NB: underlying type is a CHOICE so need EXPLICIT tagging */ - M_ASN1_I2D_len_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v); - M_ASN1_I2D_len_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING); - M_ASN1_I2D_len_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES); - M_ASN1_I2D_seq_total(); +ASN1_CHOICE(DIST_POINT_NAME) = { + ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0), + ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1) +} ASN1_CHOICE_END(DIST_POINT_NAME); - M_ASN1_I2D_put_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v); - M_ASN1_I2D_put_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING, 1); - M_ASN1_I2D_put_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES, 2); +IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME) - M_ASN1_I2D_finish(); -} +ASN1_SEQUENCE(DIST_POINT) = { + ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0), + ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1), + ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, distpoint, GENERAL_NAME, 2) +} ASN1_SEQUENCE_END(DIST_POINT); -DIST_POINT *DIST_POINT_new(void) -{ - DIST_POINT *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, DIST_POINT); - ret->distpoint = NULL; - ret->reasons = NULL; - ret->CRLissuer = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_DIST_POINT_NEW); -} +IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) -DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a,DIST_POINT *,DIST_POINT_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_EXP_opt (ret->distpoint, d2i_DIST_POINT_NAME, 0); - M_ASN1_D2I_get_IMP_opt (ret->reasons, d2i_ASN1_BIT_STRING, 1, - V_ASN1_BIT_STRING); - M_ASN1_D2I_get_IMP_opt (ret->CRLissuer, d2i_GENERAL_NAMES, 2, - V_ASN1_SEQUENCE); - M_ASN1_D2I_Finish(a, DIST_POINT_free, ASN1_F_D2I_DIST_POINT); -} +ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT) +ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS); |