| OLD | NEW |
|---|
| 1 /* v3_utl.c */ | 1 /* v3_utl.c */ |
| 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 * project. | 3 * project. |
| 4 */ | 4 */ |
| 5 /* ==================================================================== | 5 /* ==================================================================== |
| 6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. |
| 7 * | 7 * |
| 8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
| 9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
| 10 * are met: | 10 * are met: |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 60 | 60 |
| 61 #include <stdio.h> | 61 #include <stdio.h> |
| 62 #include <ctype.h> | 62 #include <ctype.h> |
| 63 #include "cryptlib.h" | 63 #include "cryptlib.h" |
| 64 #include <openssl/conf.h> | 64 #include <openssl/conf.h> |
| 65 #include <openssl/x509v3.h> | 65 #include <openssl/x509v3.h> |
| 66 #include <openssl/bn.h> | 66 #include <openssl/bn.h> |
| 67 | 67 |
| 68 static char *strip_spaces(char *name); | 68 static char *strip_spaces(char *name); |
| 69 static int sk_strcmp(const char * const *a, const char * const *b); | 69 static int sk_strcmp(const char * const *a, const char * const *b); |
| 70 static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); | 70 static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens)
; |
| 71 static void str_free(void *str); | 71 static void str_free(OPENSSL_STRING str); |
| 72 static int append_ia5(STACK **sk, ASN1_IA5STRING *email); | 72 static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email); |
| 73 | 73 |
| 74 static int ipv4_from_asc(unsigned char *v4, const char *in); | 74 static int ipv4_from_asc(unsigned char *v4, const char *in); |
| 75 static int ipv6_from_asc(unsigned char *v6, const char *in); | 75 static int ipv6_from_asc(unsigned char *v6, const char *in); |
| 76 static int ipv6_cb(const char *elem, int len, void *usr); | 76 static int ipv6_cb(const char *elem, int len, void *usr); |
| 77 static int ipv6_hex(unsigned char *out, const char *in, int inlen); | 77 static int ipv6_hex(unsigned char *out, const char *in, int inlen); |
| 78 | 78 |
| 79 /* Add a CONF_VALUE name value pair to stack */ | 79 /* Add a CONF_VALUE name value pair to stack */ |
| 80 | 80 |
| 81 int X509V3_add_value(const char *name, const char *value, | 81 int X509V3_add_value(const char *name, const char *value, |
| 82 STACK_OF(CONF_VALUE) **extlist) | 82 STACK_OF(CONF_VALUE) **extlist) |
| (...skipping 270 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 353 return p; | 353 return p; |
| 354 } | 354 } |
| 355 | 355 |
| 356 /* hex string utilities */ | 356 /* hex string utilities */ |
| 357 | 357 |
| 358 /* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its | 358 /* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its |
| 359 * hex representation | 359 * hex representation |
| 360 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines) | 360 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines) |
| 361 */ | 361 */ |
| 362 | 362 |
| 363 char *hex_to_string(unsigned char *buffer, long len) | 363 char *hex_to_string(const unsigned char *buffer, long len) |
| 364 { | 364 { |
| 365 char *tmp, *q; | 365 char *tmp, *q; |
| 366 » unsigned char *p; | 366 » const unsigned char *p; |
| 367 int i; | 367 int i; |
| 368 const static char hexdig[] = "0123456789ABCDEF"; | 368 const static char hexdig[] = "0123456789ABCDEF"; |
| 369 if(!buffer || !len) return NULL; | 369 if(!buffer || !len) return NULL; |
| 370 if(!(tmp = OPENSSL_malloc(len * 3 + 1))) { | 370 if(!(tmp = OPENSSL_malloc(len * 3 + 1))) { |
| 371 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); | 371 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); |
| 372 return NULL; | 372 return NULL; |
| 373 } | 373 } |
| 374 q = tmp; | 374 q = tmp; |
| 375 for(i = 0, p = buffer; i < len; i++,p++) { | 375 for(i = 0, p = buffer; i < len; i++,p++) { |
| 376 *q++ = hexdig[(*p >> 4) & 0xf]; | 376 *q++ = hexdig[(*p >> 4) & 0xf]; |
| 377 *q++ = hexdig[*p & 0xf]; | 377 *q++ = hexdig[*p & 0xf]; |
| 378 *q++ = ':'; | 378 *q++ = ':'; |
| 379 } | 379 } |
| 380 q[-1] = 0; | 380 q[-1] = 0; |
| 381 #ifdef CHARSET_EBCDIC | 381 #ifdef CHARSET_EBCDIC |
| 382 ebcdic2ascii(tmp, tmp, q - tmp - 1); | 382 ebcdic2ascii(tmp, tmp, q - tmp - 1); |
| 383 #endif | 383 #endif |
| 384 | 384 |
| 385 return tmp; | 385 return tmp; |
| 386 } | 386 } |
| 387 | 387 |
| 388 /* Give a string of hex digits convert to | 388 /* Give a string of hex digits convert to |
| 389 * a buffer | 389 * a buffer |
| 390 */ | 390 */ |
| 391 | 391 |
| 392 unsigned char *string_to_hex(char *str, long *len) | 392 unsigned char *string_to_hex(const char *str, long *len) |
| 393 { | 393 { |
| 394 unsigned char *hexbuf, *q; | 394 unsigned char *hexbuf, *q; |
| 395 unsigned char ch, cl, *p; | 395 unsigned char ch, cl, *p; |
| 396 if(!str) { | 396 if(!str) { |
| 397 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT)
; | 397 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT)
; |
| 398 return NULL; | 398 return NULL; |
| 399 } | 399 } |
| 400 if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err; | 400 if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err; |
| 401 for(p = (unsigned char *)str, q = hexbuf; *p;) { | 401 for(p = (unsigned char *)str, q = hexbuf; *p;) { |
| 402 ch = *p++; | 402 ch = *p++; |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 456 c = name[len]; | 456 c = name[len]; |
| 457 if(!c || (c=='.')) return 0; | 457 if(!c || (c=='.')) return 0; |
| 458 return 1; | 458 return 1; |
| 459 } | 459 } |
| 460 | 460 |
| 461 static int sk_strcmp(const char * const *a, const char * const *b) | 461 static int sk_strcmp(const char * const *a, const char * const *b) |
| 462 { | 462 { |
| 463 return strcmp(*a, *b); | 463 return strcmp(*a, *b); |
| 464 } | 464 } |
| 465 | 465 |
| 466 STACK *X509_get1_email(X509 *x) | 466 STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x) |
| 467 { | 467 { |
| 468 GENERAL_NAMES *gens; | 468 GENERAL_NAMES *gens; |
| 469 » STACK *ret; | 469 » STACK_OF(OPENSSL_STRING) *ret; |
| 470 |
| 470 gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); | 471 gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); |
| 471 ret = get_email(X509_get_subject_name(x), gens); | 472 ret = get_email(X509_get_subject_name(x), gens); |
| 472 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); | 473 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); |
| 473 return ret; | 474 return ret; |
| 474 } | 475 } |
| 475 | 476 |
| 476 STACK *X509_get1_ocsp(X509 *x) | 477 STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x) |
| 477 { | 478 { |
| 478 AUTHORITY_INFO_ACCESS *info; | 479 AUTHORITY_INFO_ACCESS *info; |
| 479 » STACK *ret = NULL; | 480 » STACK_OF(OPENSSL_STRING) *ret = NULL; |
| 480 int i; | 481 int i; |
| 482 |
| 481 info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); | 483 info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); |
| 482 if (!info) | 484 if (!info) |
| 483 return NULL; | 485 return NULL; |
| 484 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) | 486 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) |
| 485 { | 487 { |
| 486 ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); | 488 ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); |
| 487 if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) | 489 if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) |
| 488 { | 490 { |
| 489 if (ad->location->type == GEN_URI) | 491 if (ad->location->type == GEN_URI) |
| 490 { | 492 { |
| 491 if (!append_ia5(&ret, ad->location->d.uniformRes
ourceIdentifier)) | 493 if (!append_ia5(&ret, ad->location->d.uniformRes
ourceIdentifier)) |
| 492 break; | 494 break; |
| 493 } | 495 } |
| 494 } | 496 } |
| 495 } | 497 } |
| 496 AUTHORITY_INFO_ACCESS_free(info); | 498 AUTHORITY_INFO_ACCESS_free(info); |
| 497 return ret; | 499 return ret; |
| 498 } | 500 } |
| 499 | 501 |
| 500 STACK *X509_REQ_get1_email(X509_REQ *x) | 502 STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x) |
| 501 { | 503 { |
| 502 GENERAL_NAMES *gens; | 504 GENERAL_NAMES *gens; |
| 503 STACK_OF(X509_EXTENSION) *exts; | 505 STACK_OF(X509_EXTENSION) *exts; |
| 504 » STACK *ret; | 506 » STACK_OF(OPENSSL_STRING) *ret; |
| 507 |
| 505 exts = X509_REQ_get_extensions(x); | 508 exts = X509_REQ_get_extensions(x); |
| 506 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); | 509 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); |
| 507 ret = get_email(X509_REQ_get_subject_name(x), gens); | 510 ret = get_email(X509_REQ_get_subject_name(x), gens); |
| 508 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); | 511 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); |
| 509 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); | 512 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); |
| 510 return ret; | 513 return ret; |
| 511 } | 514 } |
| 512 | 515 |
| 513 | 516 |
| 514 static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens) | 517 static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens) |
| 515 { | 518 { |
| 516 » STACK *ret = NULL; | 519 » STACK_OF(OPENSSL_STRING) *ret = NULL; |
| 517 X509_NAME_ENTRY *ne; | 520 X509_NAME_ENTRY *ne; |
| 518 ASN1_IA5STRING *email; | 521 ASN1_IA5STRING *email; |
| 519 GENERAL_NAME *gen; | 522 GENERAL_NAME *gen; |
| 520 int i; | 523 int i; |
| 521 /* Now add any email address(es) to STACK */ | 524 /* Now add any email address(es) to STACK */ |
| 522 i = -1; | 525 i = -1; |
| 523 /* First supplied X509_NAME */ | 526 /* First supplied X509_NAME */ |
| 524 while((i = X509_NAME_get_index_by_NID(name, | 527 while((i = X509_NAME_get_index_by_NID(name, |
| 525 NID_pkcs9_emailAddress, i)) >= 0) { | 528 NID_pkcs9_emailAddress, i)) >= 0) { |
| 526 ne = X509_NAME_get_entry(name, i); | 529 ne = X509_NAME_get_entry(name, i); |
| 527 email = X509_NAME_ENTRY_get_data(ne); | 530 email = X509_NAME_ENTRY_get_data(ne); |
| 528 if(!append_ia5(&ret, email)) return NULL; | 531 if(!append_ia5(&ret, email)) return NULL; |
| 529 } | 532 } |
| 530 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) | 533 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) |
| 531 { | 534 { |
| 532 gen = sk_GENERAL_NAME_value(gens, i); | 535 gen = sk_GENERAL_NAME_value(gens, i); |
| 533 if(gen->type != GEN_EMAIL) continue; | 536 if(gen->type != GEN_EMAIL) continue; |
| 534 if(!append_ia5(&ret, gen->d.ia5)) return NULL; | 537 if(!append_ia5(&ret, gen->d.ia5)) return NULL; |
| 535 } | 538 } |
| 536 return ret; | 539 return ret; |
| 537 } | 540 } |
| 538 | 541 |
| 539 static void str_free(void *str) | 542 static void str_free(OPENSSL_STRING str) |
| 540 { | 543 { |
| 541 OPENSSL_free(str); | 544 OPENSSL_free(str); |
| 542 } | 545 } |
| 543 | 546 |
| 544 static int append_ia5(STACK **sk, ASN1_IA5STRING *email) | 547 static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) |
| 545 { | 548 { |
| 546 char *emtmp; | 549 char *emtmp; |
| 547 /* First some sanity checks */ | 550 /* First some sanity checks */ |
| 548 if(email->type != V_ASN1_IA5STRING) return 1; | 551 if(email->type != V_ASN1_IA5STRING) return 1; |
| 549 if(!email->data || !email->length) return 1; | 552 if(!email->data || !email->length) return 1; |
| 550 » if(!*sk) *sk = sk_new(sk_strcmp); | 553 » if(!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp); |
| 551 if(!*sk) return 0; | 554 if(!*sk) return 0; |
| 552 /* Don't add duplicates */ | 555 /* Don't add duplicates */ |
| 553 » if(sk_find(*sk, (char *)email->data) != -1) return 1; | 556 » if(sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1; |
| 554 emtmp = BUF_strdup((char *)email->data); | 557 emtmp = BUF_strdup((char *)email->data); |
| 555 » if(!emtmp || !sk_push(*sk, emtmp)) { | 558 » if(!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { |
| 556 X509_email_free(*sk); | 559 X509_email_free(*sk); |
| 557 *sk = NULL; | 560 *sk = NULL; |
| 558 return 0; | 561 return 0; |
| 559 } | 562 } |
| 560 return 1; | 563 return 1; |
| 561 } | 564 } |
| 562 | 565 |
| 563 void X509_email_free(STACK *sk) | 566 void X509_email_free(STACK_OF(OPENSSL_STRING) *sk) |
| 564 { | 567 { |
| 565 » sk_pop_free(sk, str_free); | 568 » sk_OPENSSL_STRING_pop_free(sk, str_free); |
| 566 } | 569 } |
| 567 | 570 |
| 568 /* Convert IP addresses both IPv4 and IPv6 into an | 571 /* Convert IP addresses both IPv4 and IPv6 into an |
| 569 * OCTET STRING compatible with RFC3280. | 572 * OCTET STRING compatible with RFC3280. |
| 570 */ | 573 */ |
| 571 | 574 |
| 572 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) | 575 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) |
| 573 { | 576 { |
| 574 unsigned char ipout[16]; | 577 unsigned char ipout[16]; |
| 575 ASN1_OCTET_STRING *ret; | 578 ASN1_OCTET_STRING *ret; |
| (...skipping 286 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 862 } | 865 } |
| 863 else | 866 else |
| 864 mval = 0; | 867 mval = 0; |
| 865 if (!X509_NAME_add_entry_by_txt(nm,type, chtype, | 868 if (!X509_NAME_add_entry_by_txt(nm,type, chtype, |
| 866 (unsigned char *) v->value,-1,-1,mval)) | 869 (unsigned char *) v->value,-1,-1,mval)) |
| 867 return 0; | 870 return 0; |
| 868 | 871 |
| 869 } | 872 } |
| 870 return 1; | 873 return 1; |
| 871 } | 874 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/