From 41b731f2f883a583554566d4e702cc51298ee9e1 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 18 Apr 1999 23:21:03 +0000 Subject: [PATCH] Initial support for Certificate Policies extension: print out works but setting isn't fully implemented (yet). --- CHANGES | 5 + apps/ca.c | 10 +- apps/req.c | 5 +- crypto/asn1/asn1.err | 8 + crypto/asn1/asn1.h | 8 + crypto/asn1/asn1_err.c | 8 + crypto/x509v3/Makefile.ssl | 4 +- crypto/x509v3/v3_conf.c | 21 +- crypto/x509v3/v3_cpols.c | 544 +++++++++++++++++++++++++++++++++++++ crypto/x509v3/v3_lib.c | 3 +- crypto/x509v3/v3err.c | 8 +- crypto/x509v3/x509v3.err | 8 +- crypto/x509v3/x509v3.h | 78 +++++- 13 files changed, 679 insertions(+), 31 deletions(-) create mode 100644 crypto/x509v3/v3_cpols.c diff --git a/CHANGES b/CHANGES index 597a6f3a17..a5c6aa0717 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,11 @@ Changes between 0.9.2b and 0.9.3 + *) Initial support for Certificate Policies extension: print works but + setting doesn't work fully (yet). Also various additions to support + the r2i method this extension will use. + [Steve Henson] + *) A lot of constification, and fix a bug in X509_NAME_oneline() that could return a const string when you are expecting an allocated buffer. [Ben Laurie] diff --git a/apps/ca.c b/apps/ca.c index 4225158dfa..467188079a 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -712,7 +712,10 @@ bad: extensions=CONF_get_string(conf,section,ENV_EXTENSIONS); if(extensions) { /* Check syntax of file */ - if(!X509V3_EXT_check_conf(conf, extensions)) { + X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); + X509V3_set_conf_lhash(&ctx, conf); + if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", extensions); @@ -984,7 +987,10 @@ bad: crl_ext=CONF_get_string(conf,section,ENV_CRLEXT); if(crl_ext) { /* Check syntax of file */ - if(!X509V3_EXT_check_conf(conf, crl_ext)) { + X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); + X509V3_set_conf_lhash(&ctx, conf); + if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) { BIO_printf(bio_err, "Error Loading CRL extension section %s\n", crl_ext); diff --git a/apps/req.c b/apps/req.c index 0cfed93878..bb3a65a5bc 100644 --- a/apps/req.c +++ b/apps/req.c @@ -438,7 +438,10 @@ bad: extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS); if(extensions) { /* Check syntax of file */ - if(!X509V3_EXT_check_conf(req_conf, extensions)) { + X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); + X509V3_set_conf_lhash(&ctx, req_conf); + if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", extensions); goto end; diff --git a/crypto/asn1/asn1.err b/crypto/asn1/asn1.err index 62dbd717c9..e03227067f 100644 --- a/crypto/asn1/asn1.err +++ b/crypto/asn1/asn1.err @@ -67,6 +67,7 @@ #define ASN1_F_D2I_NETSCAPE_RSA_2 142 #define ASN1_F_D2I_NETSCAPE_SPKAC 143 #define ASN1_F_D2I_NETSCAPE_SPKI 144 +#define ASN1_F_D2I_NOTICEREF 268 #define ASN1_F_D2I_PBE2PARAM 262 #define ASN1_F_D2I_PBEPARAM 249 #define ASN1_F_D2I_PBKDF2PARAM 263 @@ -86,12 +87,15 @@ #define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE 154 #define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO 250 #define ASN1_F_D2I_PKEY_USAGE_PERIOD 239 +#define ASN1_F_D2I_POLICYINFO 269 +#define ASN1_F_D2I_POLICYQUALINFO 270 #define ASN1_F_D2I_PRIVATEKEY 155 #define ASN1_F_D2I_PUBLICKEY 156 #define ASN1_F_D2I_RSAPRIVATEKEY 157 #define ASN1_F_D2I_RSAPUBLICKEY 158 #define ASN1_F_D2I_SXNET 241 #define ASN1_F_D2I_SXNETID 243 +#define ASN1_F_D2I_USERNOTICE 271 #define ASN1_F_D2I_X509 159 #define ASN1_F_D2I_X509_ALGOR 160 #define ASN1_F_D2I_X509_ATTRIBUTE 161 @@ -128,6 +132,7 @@ #define ASN1_F_NETSCAPE_PKEY_NEW 189 #define ASN1_F_NETSCAPE_SPKAC_NEW 190 #define ASN1_F_NETSCAPE_SPKI_NEW 191 +#define ASN1_F_NOTICEREF_NEW 272 #define ASN1_F_PBE2PARAM_NEW 264 #define ASN1_F_PBEPARAM_NEW 251 #define ASN1_F_PBKDF2PARAM_NEW 265 @@ -147,8 +152,11 @@ #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 201 #define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW 252 #define ASN1_F_PKEY_USAGE_PERIOD_NEW 240 +#define ASN1_F_POLICYINFO_NEW 273 +#define ASN1_F_POLICYQUALINFO_NEW 274 #define ASN1_F_SXNETID_NEW 244 #define ASN1_F_SXNET_NEW 242 +#define ASN1_F_USERNOTICE_NEW 275 #define ASN1_F_X509_ALGOR_NEW 202 #define ASN1_F_X509_ATTRIBUTE_NEW 203 #define ASN1_F_X509_CINF_NEW 204 diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 3dc6edaad1..04174cdedb 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -874,6 +874,7 @@ ASN1_STRING *ASN1_pack_string(); #define ASN1_F_D2I_NETSCAPE_RSA_2 142 #define ASN1_F_D2I_NETSCAPE_SPKAC 143 #define ASN1_F_D2I_NETSCAPE_SPKI 144 +#define ASN1_F_D2I_NOTICEREF 268 #define ASN1_F_D2I_PBE2PARAM 262 #define ASN1_F_D2I_PBEPARAM 249 #define ASN1_F_D2I_PBKDF2PARAM 263 @@ -893,12 +894,15 @@ ASN1_STRING *ASN1_pack_string(); #define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE 154 #define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO 250 #define ASN1_F_D2I_PKEY_USAGE_PERIOD 239 +#define ASN1_F_D2I_POLICYINFO 269 +#define ASN1_F_D2I_POLICYQUALINFO 270 #define ASN1_F_D2I_PRIVATEKEY 155 #define ASN1_F_D2I_PUBLICKEY 156 #define ASN1_F_D2I_RSAPRIVATEKEY 157 #define ASN1_F_D2I_RSAPUBLICKEY 158 #define ASN1_F_D2I_SXNET 241 #define ASN1_F_D2I_SXNETID 243 +#define ASN1_F_D2I_USERNOTICE 271 #define ASN1_F_D2I_X509 159 #define ASN1_F_D2I_X509_ALGOR 160 #define ASN1_F_D2I_X509_ATTRIBUTE 161 @@ -935,6 +939,7 @@ ASN1_STRING *ASN1_pack_string(); #define ASN1_F_NETSCAPE_PKEY_NEW 189 #define ASN1_F_NETSCAPE_SPKAC_NEW 190 #define ASN1_F_NETSCAPE_SPKI_NEW 191 +#define ASN1_F_NOTICEREF_NEW 272 #define ASN1_F_PBE2PARAM_NEW 264 #define ASN1_F_PBEPARAM_NEW 251 #define ASN1_F_PBKDF2PARAM_NEW 265 @@ -954,8 +959,11 @@ ASN1_STRING *ASN1_pack_string(); #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 201 #define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW 252 #define ASN1_F_PKEY_USAGE_PERIOD_NEW 240 +#define ASN1_F_POLICYINFO_NEW 273 +#define ASN1_F_POLICYQUALINFO_NEW 274 #define ASN1_F_SXNETID_NEW 244 #define ASN1_F_SXNET_NEW 242 +#define ASN1_F_USERNOTICE_NEW 275 #define ASN1_F_X509_ALGOR_NEW 202 #define ASN1_F_X509_ATTRIBUTE_NEW 203 #define ASN1_F_X509_CINF_NEW 204 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 682e70237d..c5a898f02d 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -129,6 +129,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "D2I_NETSCAPE_RSA_2"}, {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0), "D2I_NETSCAPE_SPKAC"}, {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0), "D2I_NETSCAPE_SPKI"}, +{ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0), "D2I_NOTICEREF"}, {ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0), "D2I_PBE2PARAM"}, {ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0), "D2I_PBEPARAM"}, {ERR_PACK(0,ASN1_F_D2I_PBKDF2PARAM,0), "D2I_PBKDF2PARAM"}, @@ -148,12 +149,15 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0), "D2I_PKCS7_SIGN_ENVELOPE"}, {ERR_PACK(0,ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,0), "D2I_PKCS8_PRIV_KEY_INFO"}, {ERR_PACK(0,ASN1_F_D2I_PKEY_USAGE_PERIOD,0), "D2I_PKEY_USAGE_PERIOD"}, +{ERR_PACK(0,ASN1_F_D2I_POLICYINFO,0), "D2I_POLICYINFO"}, +{ERR_PACK(0,ASN1_F_D2I_POLICYQUALINFO,0), "D2I_POLICYQUALINFO"}, {ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "D2I_PRIVATEKEY"}, {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "D2I_PUBLICKEY"}, {ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0), "D2I_RSAPRIVATEKEY"}, {ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0), "D2I_RSAPUBLICKEY"}, {ERR_PACK(0,ASN1_F_D2I_SXNET,0), "D2I_SXNET"}, {ERR_PACK(0,ASN1_F_D2I_SXNETID,0), "D2I_SXNETID"}, +{ERR_PACK(0,ASN1_F_D2I_USERNOTICE,0), "D2I_USERNOTICE"}, {ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"}, {ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0), "D2I_X509_ALGOR"}, {ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0), "D2I_X509_ATTRIBUTE"}, @@ -190,6 +194,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0), "NETSCAPE_PKEY_NEW"}, {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0), "NETSCAPE_SPKAC_NEW"}, {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0), "NETSCAPE_SPKI_NEW"}, +{ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0), "NOTICEREF_NEW"}, {ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0), "PBE2PARAM_NEW"}, {ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0), "PBEPARAM_NEW"}, {ERR_PACK(0,ASN1_F_PBKDF2PARAM_NEW,0), "PBKDF2PARAM_NEW"}, @@ -209,8 +214,11 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0), "PKCS7_SIGN_ENVELOPE_NEW"}, {ERR_PACK(0,ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,0), "PKCS8_PRIV_KEY_INFO_NEW"}, {ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0), "PKEY_USAGE_PERIOD_NEW"}, +{ERR_PACK(0,ASN1_F_POLICYINFO_NEW,0), "POLICYINFO_NEW"}, +{ERR_PACK(0,ASN1_F_POLICYQUALINFO_NEW,0), "POLICYQUALINFO_NEW"}, {ERR_PACK(0,ASN1_F_SXNETID_NEW,0), "SXNETID_NEW"}, {ERR_PACK(0,ASN1_F_SXNET_NEW,0), "SXNET_NEW"}, +{ERR_PACK(0,ASN1_F_USERNOTICE_NEW,0), "USERNOTICE_NEW"}, {ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0), "X509_ALGOR_NEW"}, {ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0), "X509_ATTRIBUTE_NEW"}, {ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_NEW"}, diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index ac8690b12e..4ab659e134 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -24,10 +24,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \ v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \ -v3_pku.c v3_int.c v3_enum.c v3_sxnet.c +v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ -v3_int.o v3_enum.o v3_sxnet.o +v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o SRC= $(LIBSRC) diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 0427a3071e..54ee2a53ca 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -149,6 +149,12 @@ char *value; /* Value */ if(!ext_struc) return NULL; } else if(method->s2i) { if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; + } else if(method->r2i) { + if(!ctx->db) { + X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); + return NULL; + } + if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; } else { X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); @@ -287,15 +293,6 @@ X509_CRL *crl; return 1; } -/* Just check syntax of config file as far as possible */ -int X509V3_EXT_check_conf(conf, section) -LHASH *conf; -char *section; -{ - static X509V3_CTX ctx_tst = { CTX_TEST, NULL, NULL, NULL, NULL }; - return X509V3_EXT_add_conf(conf, &ctx_tst, section, NULL); -} - /* Config database functions */ char * X509V3_get_string(ctx, name, section) @@ -317,18 +314,20 @@ char *section; return NULL; } -void X509V3_free_string(ctx, str) +void X509V3_string_free(ctx, str) X509V3_CTX *ctx; char *str; { + if(!str) return; if(ctx->db_meth->free_string) return ctx->db_meth->free_string(ctx->db, str); } -void X509V3_free_section(ctx, section) +void X509V3_section_free(ctx, section) X509V3_CTX *ctx; STACK *section; { + if(!section) return; if(ctx->db_meth->free_section) return ctx->db_meth->free_section(ctx->db, section); } diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c new file mode 100644 index 0000000000..c9340046d7 --- /dev/null +++ b/crypto/x509v3/v3_cpols.c @@ -0,0 +1,544 @@ +/* v3_cpols.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include "conf.h" +#include "asn1.h" +#include "asn1_mac.h" +#include "x509v3.h" + +/* Certificate policies extension support: this one is a bit complex... */ + +static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); +static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value); +static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); +static void print_notice(BIO *out, USERNOTICE *notice, int indent); +static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs); + +X509V3_EXT_METHOD v3_cpols = { +NID_certificate_policies, 0, +(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new, +CERTIFICATEPOLICIES_free, +(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES, +i2d_CERTIFICATEPOLICIES, +NULL, NULL, +NULL, NULL, +(X509V3_EXT_I2R)i2r_certpol, +(X509V3_EXT_R2I)r2i_certpol, +NULL +}; + + +/* + * ASN1err(ASN1_F_POLICYINFO_NEW,ERR_R_MALLOC_FAILURE); + * ASN1err(ASN1_F_D2I_POLICYINFO,ERR_R_MALLOC_FAILURE); + * ASN1err(ASN1_F_POLICYQUALINFO_NEW,ERR_R_MALLOC_FAILURE); + * ASN1err(ASN1_F_D2I_POLICYQUALINFO,ERR_R_MALLOC_FAILURE); + * ASN1err(ASN1_F_USERNOTICE_NEW,ERR_R_MALLOC_FAILURE); + * ASN1err(ASN1_F_D2I_USERNOTICE,ERR_R_MALLOC_FAILURE); + * ASN1err(ASN1_F_NOTICEREF_NEW,ERR_R_MALLOC_FAILURE); + * ASN1err(ASN1_F_D2I_NOTICEREF,ERR_R_MALLOC_FAILURE); + */ + +static STACK_OF(POLICYINFO) *r2i_certpol(method, ctx, value) +X509V3_EXT_METHOD *method; +X509V3_CTX *ctx; +char *value; +{ + STACK_OF(POLICYINFO) *pols = NULL; + char *pstr; + POLICYINFO *pol; + ASN1_OBJECT *pobj; + STACK *vals; + CONF_VALUE *cnf; + int i; + pols = sk_POLICYINFO_new_null(); + vals = X509V3_parse_list(value); + for(i = 0; i < sk_num(vals); i++) { + cnf = (CONF_VALUE *)sk_value(vals, i); + if(cnf->value || !cnf->name ) { + X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER); + X509V3_conf_err(cnf); + goto err; + } + pstr = cnf->name; + if(*pstr == '@') { + STACK *polsect; + polsect = X509V3_get_section(ctx, pstr + 1); + if(!polsect) { + X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION); + + X509V3_conf_err(cnf); + goto err; + } + pol = policy_section(ctx, polsect); + X509V3_section_free(ctx, polsect); + if(!pol) goto err; + } else { + if(!(pobj = OBJ_txt2obj(cnf->name, 0))) { + X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(cnf); + goto err; + } + pol = POLICYINFO_new(); + pol->policyid = pobj; + } + sk_POLICYINFO_push(pols, pol); + } + sk_pop_free(vals, X509V3_conf_free); + return pols; + err: + sk_POLICYINFO_pop_free(pols, POLICYINFO_free); + return NULL; +} + +static POLICYINFO *policy_section(ctx, polstrs) +X509V3_CTX *ctx; +STACK *polstrs; +{ + int i; + CONF_VALUE *cnf; + for(i = 0; i < sk_num(polstrs); i++) { + cnf = (CONF_VALUE *)sk_value(polstrs, i); + } + return NULL; +} + + +static int i2r_certpol(method, pol, out, indent) +X509V3_EXT_METHOD *method; +STACK_OF(POLICYINFO) *pol; +BIO *out; +int indent; +{ + int i; + POLICYINFO *pinfo; + /* First print out the policy OIDs */ + for(i = 0; i < sk_POLICYINFO_num(pol); i++) { + pinfo = sk_POLICYINFO_value(pol, i); + BIO_printf(out, "%*sPolicy: ", indent, ""); + i2a_ASN1_OBJECT(out, pinfo->policyid); + BIO_puts(out, "\n"); + if(pinfo->qualifiers) + print_qualifiers(out, pinfo->qualifiers, indent + 2); + } + return 1; +} + + +int i2d_CERTIFICATEPOLICIES(a, pp) +STACK_OF(POLICYINFO) *a; +unsigned char **pp; +{ + +return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE);} + +STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new() +{ + return sk_POLICYINFO_new_null(); +} + +void CERTIFICATEPOLICIES_free(a) +STACK_OF(POLICYINFO) *a; +{ + sk_POLICYINFO_pop_free(a, POLICYINFO_free); +} + +STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(a,pp,length) +STACK_OF(POLICYINFO) **a; +unsigned char **pp; +long length; +{ +return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO, + POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); + +} + +IMPLEMENT_STACK_OF(POLICYINFO) +IMPLEMENT_ASN1_SET_OF(POLICYINFO) + +int i2d_POLICYINFO(a,pp) +POLICYINFO *a; +unsigned char **pp; +{ + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT); + M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers, + i2d_POLICYQUALINFO); + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT); + M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers, + i2d_POLICYQUALINFO); + + M_ASN1_I2D_finish(); +} + +POLICYINFO *POLICYINFO_new() +{ + POLICYINFO *ret=NULL; + ASN1_CTX c; + M_ASN1_New_Malloc(ret, POLICYINFO); + ret->policyid = NULL; + ret->qualifiers = NULL; + return (ret); + M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW); +} + +POLICYINFO *d2i_POLICYINFO(a,pp,length) +POLICYINFO **a; +unsigned char **pp; +long length; +{ + M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new); + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT); + if(!M_ASN1_D2I_end_sequence()) { + M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers, + d2i_POLICYQUALINFO, POLICYQUALINFO_free); + } + M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO); +} + +void POLICYINFO_free(a) +POLICYINFO *a; +{ + if (a == NULL) return; + ASN1_OBJECT_free(a->policyid); + sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free); + Free (a); +} + +static void print_qualifiers(out, quals, indent) +BIO *out; +STACK_OF(POLICYQUALINFO) *quals; +int indent; +{ + POLICYQUALINFO *qualinfo; + int i; + for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { + qualinfo = sk_POLICYQUALINFO_value(quals, i); + switch(OBJ_obj2nid(qualinfo->pqualid)) + { + case NID_id_qt_cps: + BIO_printf(out, "%*sCPS: %s\n", indent, "", + qualinfo->d.cpsuri->data); + break; + + case NID_id_qt_unotice: + BIO_printf(out, "%*sUser Notice:\n", indent, ""); + print_notice(out, qualinfo->d.usernotice, indent + 2); + break; + + default: + BIO_printf(out, "%*sUnknown Qualifier: ", + indent + 2, ""); + + i2a_ASN1_OBJECT(out, qualinfo->pqualid); + BIO_puts(out, "\n"); + break; + } + } +} + +static void print_notice(out, notice, indent) +BIO *out; +USERNOTICE *notice; +int indent; +{ + int i; + if(notice->noticeref) { + NOTICEREF *ref; + ref = notice->noticeref; + BIO_printf(out, "%*sOrganization: %s\n", indent, "", + ref->organization->data); + BIO_printf(out, "%*sNumber%s: ", indent, "", + (sk_num(ref->noticenos) > 1) ? "s" : ""); + for(i = 0; i < sk_num(ref->noticenos); i++) { + ASN1_INTEGER *num; + char *tmp; + num = (ASN1_INTEGER *)sk_value(ref->noticenos, i); + if(i) BIO_puts(out, ", "); + tmp = i2s_ASN1_INTEGER(NULL, num); + BIO_puts(out, tmp); + Free(tmp); + } + BIO_puts(out, "\n"); + } + if(notice->exptext) + BIO_printf(out, "%*sNotice Reference: %s\n", indent, "", + notice->exptext->data); +} + + + +int i2d_POLICYQUALINFO(a,pp) +POLICYQUALINFO *a; +unsigned char **pp; +{ + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT); + switch(OBJ_obj2nid(a->pqualid)) { + case NID_id_qt_cps: + M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING); + break; + + case NID_id_qt_unotice: + M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE); + break; + + default: + M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE); + break; + } + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT); + switch(OBJ_obj2nid(a->pqualid)) { + case NID_id_qt_cps: + M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING); + break; + + case NID_id_qt_unotice: + M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE); + break; + + default: + M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE); + break; + } + + M_ASN1_I2D_finish(); +} + +POLICYQUALINFO *POLICYQUALINFO_new() +{ + POLICYQUALINFO *ret=NULL; + ASN1_CTX c; + M_ASN1_New_Malloc(ret, POLICYQUALINFO); + ret->pqualid = NULL; + ret->d.other = NULL; + return (ret); + M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW); +} + +POLICYQUALINFO *d2i_POLICYQUALINFO(a,pp,length) +POLICYQUALINFO **a; +unsigned char **pp; +long length; +{ + M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new); + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT); + switch(OBJ_obj2nid(ret->pqualid)) { + case NID_id_qt_cps: + M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING); + break; + + case NID_id_qt_unotice: + M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE); + break; + + default: + M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE); + break; + } + M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO); +} + +void POLICYQUALINFO_free(a) +POLICYQUALINFO *a; +{ + if (a == NULL) return; + switch(OBJ_obj2nid(a->pqualid)) { + case NID_id_qt_cps: + ASN1_IA5STRING_free(a->d.cpsuri); + break; + + case NID_id_qt_unotice: + USERNOTICE_free(a->d.usernotice); + break; + + default: + ASN1_TYPE_free(a->d.other); + break; + } + + ASN1_OBJECT_free(a->pqualid); + Free (a); +} + +int i2d_USERNOTICE(a,pp) +USERNOTICE *a; +unsigned char **pp; +{ + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF); + M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT); + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF); + M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT); + + M_ASN1_I2D_finish(); +} + +USERNOTICE *USERNOTICE_new() +{ + USERNOTICE *ret=NULL; + ASN1_CTX c; + M_ASN1_New_Malloc(ret, USERNOTICE); + ret->noticeref = NULL; + ret->exptext = NULL; + return (ret); + M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW); +} + +USERNOTICE *d2i_USERNOTICE(a,pp,length) +USERNOTICE **a; +unsigned char **pp; +long length; +{ + M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new); + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE); + if (!M_ASN1_D2I_end_sequence()) { + M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT); + } + M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE); +} + +void USERNOTICE_free(a) +USERNOTICE *a; +{ + if (a == NULL) return; + NOTICEREF_free(a->noticeref); + DISPLAYTEXT_free(a->exptext); + Free (a); +} + +int i2d_NOTICEREF(a,pp) +NOTICEREF *a; +unsigned char **pp; +{ + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT); + M_ASN1_I2D_len_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER); + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT); + M_ASN1_I2D_put_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER); + + M_ASN1_I2D_finish(); +} + +NOTICEREF *NOTICEREF_new() +{ + NOTICEREF *ret=NULL; + ASN1_CTX c; + M_ASN1_New_Malloc(ret, NOTICEREF); + ret->organization = NULL; + ret->noticenos = NULL; + return (ret); + M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW); +} + +NOTICEREF *d2i_NOTICEREF(a,pp,length) +NOTICEREF **a; +unsigned char **pp; +long length; +{ + M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new); + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + /* This is to cope with some broken encodings that use IA5STRING for + * the organization field + */ + M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING, + V_ASN1_IA5STRING); + if(!ret->organization) { + M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT); + } + M_ASN1_D2I_get_seq(ret->noticenos, d2i_ASN1_INTEGER, ASN1_STRING_free); + M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF); +} + +void NOTICEREF_free(a) +NOTICEREF *a; +{ + if (a == NULL) return; + DISPLAYTEXT_free(a->organization); + sk_pop_free(a->noticenos, ASN1_STRING_free); + Free (a); +} + +IMPLEMENT_STACK_OF(POLICYQUALINFO) +IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO) diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index f5dda420d1..e3686b6275 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -149,7 +149,7 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet; extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; -extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason; +extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols; int X509V3_add_standard_extensions() { @@ -165,6 +165,7 @@ int X509V3_add_standard_extensions() X509V3_EXT_add(&v3_crl_num); X509V3_EXT_add(&v3_sxnet); X509V3_EXT_add(&v3_crl_reason); + X509V3_EXT_add(&v3_cpols); return 1; } diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index ac7ac48af1..4a8297ceb3 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -69,6 +69,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, +{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"}, {ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"}, {ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"}, {ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"}, @@ -87,12 +88,12 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, {ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, -{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"}, {ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"}, +{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"}, {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, {ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"}, -{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, +{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, {0,NULL}, }; @@ -117,8 +118,11 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {X509V3_R_INVALID_NULL_NAME ,"invalid null name"}, {X509V3_R_INVALID_NULL_VALUE ,"invalid null value"}, {X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"}, +{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, +{X509V3_R_INVALID_SECTION ,"invalid section"}, {X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, {X509V3_R_MISSING_VALUE ,"missing value"}, +{X509V3_R_NO_CONFIG_DATABASE ,"no config database"}, {X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"}, {X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"}, {X509V3_R_NO_PUBLIC_KEY ,"no public key"}, diff --git a/crypto/x509v3/x509v3.err b/crypto/x509v3/x509v3.err index 9358d44b3b..2c027813fe 100644 --- a/crypto/x509v3/x509v3.err +++ b/crypto/x509v3/x509v3.err @@ -7,6 +7,7 @@ #define X509V3_F_HEX_TO_STRING 111 #define X509V3_F_I2S_ASN1_ENUMERATED 121 #define X509V3_F_I2S_ASN1_INTEGER 120 +#define X509V3_F_R2I_CERTPOL 130 #define X509V3_F_S2I_ASN1_IA5STRING 100 #define X509V3_F_S2I_ASN1_INTEGER 108 #define X509V3_F_S2I_ASN1_OCTET_STRING 112 @@ -25,12 +26,12 @@ #define X509V3_F_V2I_GENERAL_NAME 117 #define X509V3_F_V2I_GENERAL_NAMES 118 #define X509V3_F_V3_GENERIC_EXTENSION 116 -#define X509V3_F_X509V3_EXT_ADD 104 #define X509V3_F_X509V3_ADD_VALUE 105 +#define X509V3_F_X509V3_EXT_ADD 104 #define X509V3_F_X509V3_EXT_ADD_ALIAS 106 #define X509V3_F_X509V3_EXT_CONF 107 -#define X509V3_F_X509V3_PARSE_LIST 109 #define X509V3_F_X509V3_GET_VALUE_BOOL 110 +#define X509V3_F_X509V3_PARSE_LIST 109 /* Reason codes. */ #define X509V3_R_BAD_IP_ADDRESS 118 @@ -52,8 +53,11 @@ #define X509V3_R_INVALID_NULL_NAME 108 #define X509V3_R_INVALID_NULL_VALUE 109 #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +#define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +#define X509V3_R_INVALID_SECTION 135 #define X509V3_R_ISSUER_DECODE_ERROR 126 #define X509V3_R_MISSING_VALUE 124 +#define X509V3_R_NO_CONFIG_DATABASE 136 #define X509V3_R_NO_ISSUER_CERTIFICATE 121 #define X509V3_R_NO_ISSUER_DETAILS 127 #define X509V3_R_NO_PUBLIC_KEY 114 diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index d44aad7be4..d63630160a 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -203,7 +203,7 @@ typedef struct NOTICEREF_st { } NOTICEREF; typedef struct USERNOTICE_st { - NOTICEREF *notref; + NOTICEREF *noticeref; ASN1_STRING *exptext; } USERNOTICE; @@ -217,10 +217,11 @@ typedef struct POLICYQUALINFO_st { } POLICYQUALINFO; DECLARE_STACK_OF(POLICYQUALINFO) +DECLARE_ASN1_SET_OF(POLICYQUALINFO) typedef struct POLICYINFO_st { ASN1_OBJECT *policyid; - STACK_OF(POLICYQUALINFO) qualifiers; + STACK_OF(POLICYQUALINFO) *qualifiers; } POLICYINFO; DECLARE_STACK_OF(POLICYINFO); @@ -229,6 +230,10 @@ DECLARE_ASN1_SET_OF(POLICYINFO); #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ ",name:", val->name, ",value:", val->value); +#define X509V3_set_ctx_test(ctx) \ + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) +#define X509V3_set_ctx_nodb(ctx) ctx->db = NULL; + #define EXT_BITSTRING(nid, table) { nid, 0, \ (X509V3_EXT_NEW)asn1_bit_string_new, ASN1_STRING_free, \ (X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \ @@ -308,6 +313,32 @@ STACK *d2i_ext_ku(STACK **a, unsigned char **pp, long length); void ext_ku_free(STACK *a); STACK *ext_ku_new(void); +int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp); +STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void); +void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a); +STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a, unsigned char **pp, long length); + +int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp); +POLICYINFO *POLICYINFO_new(void); +POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp, long length); +void POLICYINFO_free(POLICYINFO *a); + +int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp); +POLICYQUALINFO *POLICYQUALINFO_new(void); +POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp, + long length); +void POLICYQUALINFO_free(POLICYQUALINFO *a); + +int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp); +USERNOTICE *USERNOTICE_new(void); +USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp, long length); +void USERNOTICE_free(USERNOTICE *a); + +int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp); +NOTICEREF *NOTICEREF_new(void); +NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp, long length); +void NOTICEREF_free(NOTICEREF *a); + #ifdef HEADER_CONF_H GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); void X509V3_conf_free(CONF_VALUE *val); @@ -315,7 +346,6 @@ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, c X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); -int X509V3_EXT_check_conf(LHASH *conf, char *section); int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); @@ -323,8 +353,8 @@ void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); STACK * X509V3_get_section(X509V3_CTX *ctx, char *section); -void X509V3_free_string(X509V3_CTX *ctx, char *str); -void X509V3_free_section( X509V3_CTX *ctx, STACK *section); +void X509V3_string_free(X509V3_CTX *ctx, char *str); +void X509V3_section_free( X509V3_CTX *ctx, STACK *section); void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, X509_REQ *req, X509_CRL *crl, int flags); @@ -413,16 +443,40 @@ void X509V3_conf_free(); X509_EXTENSION *X509V3_EXT_conf_nid(); X509_EXTENSION *X509V3_EXT_conf(); int X509V3_EXT_add_conf(); -int X509V3_EXT_check_conf(); int X509V3_get_value_bool(); int X509V3_get_value_int(); void X509V3_set_conf_lhash(); #endif +int i2d_CERTIFICATEPOLICIES(); +STACK *CERTIFICATEPOLICIES_new(); +void CERTIFICATEPOLICIES_free(); +STACK *d2i_CERTIFICATEPOLICIES(); + +int i2d_POLICYINFO(); +POLICYINFO *POLICYINFO_new(); +POLICYINFO *d2i_POLICYINFO(); +void POLICYINFO_free(); + +int i2d_POLICYQUALINFO(); +POLICYQUALINFO *POLICYQUALINFO_new(); +POLICYQUALINFO *d2i_POLICYQUALINFO(); +void POLICYQUALINFO_free(); + +int i2d_USERNOTICE(); +USERNOTICE *USERNOTICE_new(); +USERNOTICE *d2i_USERNOTICE(); +void USERNOTICE_free(); + +int i2d_NOTICEREF(); +NOTICEREF *NOTICEREF_new(); +NOTICEREF *d2i_NOTICEREF(); +void NOTICEREF_free(); + char * X509V3_get_string(); STACK * X509V3_get_section(); -void X509V3_free_string(); -void X509V3_free_section(); +void X509V3_string_free(); +void X509V3_section_free(); void X509V3_set_ctx(); int X509V3_add_value(); @@ -461,6 +515,7 @@ int X509V3_EXT_print_fp(); #define X509V3_F_HEX_TO_STRING 111 #define X509V3_F_I2S_ASN1_ENUMERATED 121 #define X509V3_F_I2S_ASN1_INTEGER 120 +#define X509V3_F_R2I_CERTPOL 130 #define X509V3_F_S2I_ASN1_IA5STRING 100 #define X509V3_F_S2I_ASN1_INTEGER 108 #define X509V3_F_S2I_ASN1_OCTET_STRING 112 @@ -479,12 +534,12 @@ int X509V3_EXT_print_fp(); #define X509V3_F_V2I_GENERAL_NAME 117 #define X509V3_F_V2I_GENERAL_NAMES 118 #define X509V3_F_V3_GENERIC_EXTENSION 116 -#define X509V3_F_X509V3_EXT_ADD 104 #define X509V3_F_X509V3_ADD_VALUE 105 +#define X509V3_F_X509V3_EXT_ADD 104 #define X509V3_F_X509V3_EXT_ADD_ALIAS 106 #define X509V3_F_X509V3_EXT_CONF 107 -#define X509V3_F_X509V3_PARSE_LIST 109 #define X509V3_F_X509V3_GET_VALUE_BOOL 110 +#define X509V3_F_X509V3_PARSE_LIST 109 /* Reason codes. */ #define X509V3_R_BAD_IP_ADDRESS 118 @@ -506,8 +561,11 @@ int X509V3_EXT_print_fp(); #define X509V3_R_INVALID_NULL_NAME 108 #define X509V3_R_INVALID_NULL_VALUE 109 #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +#define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +#define X509V3_R_INVALID_SECTION 135 #define X509V3_R_ISSUER_DECODE_ERROR 126 #define X509V3_R_MISSING_VALUE 124 +#define X509V3_R_NO_CONFIG_DATABASE 136 #define X509V3_R_NO_ISSUER_CERTIFICATE 121 #define X509V3_R_NO_ISSUER_DETAILS 127 #define X509V3_R_NO_PUBLIC_KEY 114