OLD | NEW |
1 /* v3_utl.c */ | 1 /* v3_utl.c */ |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 * project. | 3 * project. |
4 */ | 4 */ |
5 /* ==================================================================== | 5 /* ==================================================================== |
6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
60 | 60 |
61 #include <stdio.h> | 61 #include <stdio.h> |
62 #include <ctype.h> | 62 #include <ctype.h> |
63 #include "cryptlib.h" | 63 #include "cryptlib.h" |
64 #include <openssl/conf.h> | 64 #include <openssl/conf.h> |
65 #include <openssl/x509v3.h> | 65 #include <openssl/x509v3.h> |
66 #include <openssl/bn.h> | 66 #include <openssl/bn.h> |
67 | 67 |
68 static char *strip_spaces(char *name); | 68 static char *strip_spaces(char *name); |
69 static int sk_strcmp(const char * const *a, const char * const *b); | 69 static int sk_strcmp(const char * const *a, const char * const *b); |
70 static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); | 70 static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens)
; |
71 static void str_free(void *str); | 71 static void str_free(OPENSSL_STRING str); |
72 static int append_ia5(STACK **sk, ASN1_IA5STRING *email); | 72 static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email); |
73 | 73 |
74 static int ipv4_from_asc(unsigned char *v4, const char *in); | 74 static int ipv4_from_asc(unsigned char *v4, const char *in); |
75 static int ipv6_from_asc(unsigned char *v6, const char *in); | 75 static int ipv6_from_asc(unsigned char *v6, const char *in); |
76 static int ipv6_cb(const char *elem, int len, void *usr); | 76 static int ipv6_cb(const char *elem, int len, void *usr); |
77 static int ipv6_hex(unsigned char *out, const char *in, int inlen); | 77 static int ipv6_hex(unsigned char *out, const char *in, int inlen); |
78 | 78 |
79 /* Add a CONF_VALUE name value pair to stack */ | 79 /* Add a CONF_VALUE name value pair to stack */ |
80 | 80 |
81 int X509V3_add_value(const char *name, const char *value, | 81 int X509V3_add_value(const char *name, const char *value, |
82 STACK_OF(CONF_VALUE) **extlist) | 82 STACK_OF(CONF_VALUE) **extlist) |
(...skipping 270 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
353 return p; | 353 return p; |
354 } | 354 } |
355 | 355 |
356 /* hex string utilities */ | 356 /* hex string utilities */ |
357 | 357 |
358 /* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its | 358 /* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its |
359 * hex representation | 359 * hex representation |
360 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines) | 360 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines) |
361 */ | 361 */ |
362 | 362 |
363 char *hex_to_string(unsigned char *buffer, long len) | 363 char *hex_to_string(const unsigned char *buffer, long len) |
364 { | 364 { |
365 char *tmp, *q; | 365 char *tmp, *q; |
366 » unsigned char *p; | 366 » const unsigned char *p; |
367 int i; | 367 int i; |
368 const static char hexdig[] = "0123456789ABCDEF"; | 368 const static char hexdig[] = "0123456789ABCDEF"; |
369 if(!buffer || !len) return NULL; | 369 if(!buffer || !len) return NULL; |
370 if(!(tmp = OPENSSL_malloc(len * 3 + 1))) { | 370 if(!(tmp = OPENSSL_malloc(len * 3 + 1))) { |
371 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); | 371 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); |
372 return NULL; | 372 return NULL; |
373 } | 373 } |
374 q = tmp; | 374 q = tmp; |
375 for(i = 0, p = buffer; i < len; i++,p++) { | 375 for(i = 0, p = buffer; i < len; i++,p++) { |
376 *q++ = hexdig[(*p >> 4) & 0xf]; | 376 *q++ = hexdig[(*p >> 4) & 0xf]; |
377 *q++ = hexdig[*p & 0xf]; | 377 *q++ = hexdig[*p & 0xf]; |
378 *q++ = ':'; | 378 *q++ = ':'; |
379 } | 379 } |
380 q[-1] = 0; | 380 q[-1] = 0; |
381 #ifdef CHARSET_EBCDIC | 381 #ifdef CHARSET_EBCDIC |
382 ebcdic2ascii(tmp, tmp, q - tmp - 1); | 382 ebcdic2ascii(tmp, tmp, q - tmp - 1); |
383 #endif | 383 #endif |
384 | 384 |
385 return tmp; | 385 return tmp; |
386 } | 386 } |
387 | 387 |
388 /* Give a string of hex digits convert to | 388 /* Give a string of hex digits convert to |
389 * a buffer | 389 * a buffer |
390 */ | 390 */ |
391 | 391 |
392 unsigned char *string_to_hex(char *str, long *len) | 392 unsigned char *string_to_hex(const char *str, long *len) |
393 { | 393 { |
394 unsigned char *hexbuf, *q; | 394 unsigned char *hexbuf, *q; |
395 unsigned char ch, cl, *p; | 395 unsigned char ch, cl, *p; |
396 if(!str) { | 396 if(!str) { |
397 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT)
; | 397 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT)
; |
398 return NULL; | 398 return NULL; |
399 } | 399 } |
400 if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err; | 400 if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err; |
401 for(p = (unsigned char *)str, q = hexbuf; *p;) { | 401 for(p = (unsigned char *)str, q = hexbuf; *p;) { |
402 ch = *p++; | 402 ch = *p++; |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
456 c = name[len]; | 456 c = name[len]; |
457 if(!c || (c=='.')) return 0; | 457 if(!c || (c=='.')) return 0; |
458 return 1; | 458 return 1; |
459 } | 459 } |
460 | 460 |
461 static int sk_strcmp(const char * const *a, const char * const *b) | 461 static int sk_strcmp(const char * const *a, const char * const *b) |
462 { | 462 { |
463 return strcmp(*a, *b); | 463 return strcmp(*a, *b); |
464 } | 464 } |
465 | 465 |
466 STACK *X509_get1_email(X509 *x) | 466 STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x) |
467 { | 467 { |
468 GENERAL_NAMES *gens; | 468 GENERAL_NAMES *gens; |
469 » STACK *ret; | 469 » STACK_OF(OPENSSL_STRING) *ret; |
| 470 |
470 gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); | 471 gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); |
471 ret = get_email(X509_get_subject_name(x), gens); | 472 ret = get_email(X509_get_subject_name(x), gens); |
472 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); | 473 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); |
473 return ret; | 474 return ret; |
474 } | 475 } |
475 | 476 |
476 STACK *X509_get1_ocsp(X509 *x) | 477 STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x) |
477 { | 478 { |
478 AUTHORITY_INFO_ACCESS *info; | 479 AUTHORITY_INFO_ACCESS *info; |
479 » STACK *ret = NULL; | 480 » STACK_OF(OPENSSL_STRING) *ret = NULL; |
480 int i; | 481 int i; |
| 482 |
481 info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); | 483 info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); |
482 if (!info) | 484 if (!info) |
483 return NULL; | 485 return NULL; |
484 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) | 486 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) |
485 { | 487 { |
486 ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); | 488 ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); |
487 if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) | 489 if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) |
488 { | 490 { |
489 if (ad->location->type == GEN_URI) | 491 if (ad->location->type == GEN_URI) |
490 { | 492 { |
491 if (!append_ia5(&ret, ad->location->d.uniformRes
ourceIdentifier)) | 493 if (!append_ia5(&ret, ad->location->d.uniformRes
ourceIdentifier)) |
492 break; | 494 break; |
493 } | 495 } |
494 } | 496 } |
495 } | 497 } |
496 AUTHORITY_INFO_ACCESS_free(info); | 498 AUTHORITY_INFO_ACCESS_free(info); |
497 return ret; | 499 return ret; |
498 } | 500 } |
499 | 501 |
500 STACK *X509_REQ_get1_email(X509_REQ *x) | 502 STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x) |
501 { | 503 { |
502 GENERAL_NAMES *gens; | 504 GENERAL_NAMES *gens; |
503 STACK_OF(X509_EXTENSION) *exts; | 505 STACK_OF(X509_EXTENSION) *exts; |
504 » STACK *ret; | 506 » STACK_OF(OPENSSL_STRING) *ret; |
| 507 |
505 exts = X509_REQ_get_extensions(x); | 508 exts = X509_REQ_get_extensions(x); |
506 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); | 509 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); |
507 ret = get_email(X509_REQ_get_subject_name(x), gens); | 510 ret = get_email(X509_REQ_get_subject_name(x), gens); |
508 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); | 511 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); |
509 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); | 512 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); |
510 return ret; | 513 return ret; |
511 } | 514 } |
512 | 515 |
513 | 516 |
514 static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens) | 517 static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens) |
515 { | 518 { |
516 » STACK *ret = NULL; | 519 » STACK_OF(OPENSSL_STRING) *ret = NULL; |
517 X509_NAME_ENTRY *ne; | 520 X509_NAME_ENTRY *ne; |
518 ASN1_IA5STRING *email; | 521 ASN1_IA5STRING *email; |
519 GENERAL_NAME *gen; | 522 GENERAL_NAME *gen; |
520 int i; | 523 int i; |
521 /* Now add any email address(es) to STACK */ | 524 /* Now add any email address(es) to STACK */ |
522 i = -1; | 525 i = -1; |
523 /* First supplied X509_NAME */ | 526 /* First supplied X509_NAME */ |
524 while((i = X509_NAME_get_index_by_NID(name, | 527 while((i = X509_NAME_get_index_by_NID(name, |
525 NID_pkcs9_emailAddress, i)) >= 0) { | 528 NID_pkcs9_emailAddress, i)) >= 0) { |
526 ne = X509_NAME_get_entry(name, i); | 529 ne = X509_NAME_get_entry(name, i); |
527 email = X509_NAME_ENTRY_get_data(ne); | 530 email = X509_NAME_ENTRY_get_data(ne); |
528 if(!append_ia5(&ret, email)) return NULL; | 531 if(!append_ia5(&ret, email)) return NULL; |
529 } | 532 } |
530 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) | 533 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) |
531 { | 534 { |
532 gen = sk_GENERAL_NAME_value(gens, i); | 535 gen = sk_GENERAL_NAME_value(gens, i); |
533 if(gen->type != GEN_EMAIL) continue; | 536 if(gen->type != GEN_EMAIL) continue; |
534 if(!append_ia5(&ret, gen->d.ia5)) return NULL; | 537 if(!append_ia5(&ret, gen->d.ia5)) return NULL; |
535 } | 538 } |
536 return ret; | 539 return ret; |
537 } | 540 } |
538 | 541 |
539 static void str_free(void *str) | 542 static void str_free(OPENSSL_STRING str) |
540 { | 543 { |
541 OPENSSL_free(str); | 544 OPENSSL_free(str); |
542 } | 545 } |
543 | 546 |
544 static int append_ia5(STACK **sk, ASN1_IA5STRING *email) | 547 static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) |
545 { | 548 { |
546 char *emtmp; | 549 char *emtmp; |
547 /* First some sanity checks */ | 550 /* First some sanity checks */ |
548 if(email->type != V_ASN1_IA5STRING) return 1; | 551 if(email->type != V_ASN1_IA5STRING) return 1; |
549 if(!email->data || !email->length) return 1; | 552 if(!email->data || !email->length) return 1; |
550 » if(!*sk) *sk = sk_new(sk_strcmp); | 553 » if(!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp); |
551 if(!*sk) return 0; | 554 if(!*sk) return 0; |
552 /* Don't add duplicates */ | 555 /* Don't add duplicates */ |
553 » if(sk_find(*sk, (char *)email->data) != -1) return 1; | 556 » if(sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1; |
554 emtmp = BUF_strdup((char *)email->data); | 557 emtmp = BUF_strdup((char *)email->data); |
555 » if(!emtmp || !sk_push(*sk, emtmp)) { | 558 » if(!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { |
556 X509_email_free(*sk); | 559 X509_email_free(*sk); |
557 *sk = NULL; | 560 *sk = NULL; |
558 return 0; | 561 return 0; |
559 } | 562 } |
560 return 1; | 563 return 1; |
561 } | 564 } |
562 | 565 |
563 void X509_email_free(STACK *sk) | 566 void X509_email_free(STACK_OF(OPENSSL_STRING) *sk) |
564 { | 567 { |
565 » sk_pop_free(sk, str_free); | 568 » sk_OPENSSL_STRING_pop_free(sk, str_free); |
566 } | 569 } |
567 | 570 |
568 /* Convert IP addresses both IPv4 and IPv6 into an | 571 /* Convert IP addresses both IPv4 and IPv6 into an |
569 * OCTET STRING compatible with RFC3280. | 572 * OCTET STRING compatible with RFC3280. |
570 */ | 573 */ |
571 | 574 |
572 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) | 575 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) |
573 { | 576 { |
574 unsigned char ipout[16]; | 577 unsigned char ipout[16]; |
575 ASN1_OCTET_STRING *ret; | 578 ASN1_OCTET_STRING *ret; |
(...skipping 286 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
862 } | 865 } |
863 else | 866 else |
864 mval = 0; | 867 mval = 0; |
865 if (!X509_NAME_add_entry_by_txt(nm,type, chtype, | 868 if (!X509_NAME_add_entry_by_txt(nm,type, chtype, |
866 (unsigned char *) v->value,-1,-1,mval)) | 869 (unsigned char *) v->value,-1,-1,mval)) |
867 return 0; | 870 return 0; |
868 | 871 |
869 } | 872 } |
870 return 1; | 873 return 1; |
871 } | 874 } |
OLD | NEW |