Delete bundled copy of OpenSSL and replace with README.

openssl/crypto/x509v3/v3_crld.c

Index: openssl/crypto/x509v3/v3_crld.c
diff --git a/openssl/crypto/x509v3/v3_crld.c b/openssl/crypto/x509v3/v3_crld.c
deleted file mode 100644
index 790a6dd03280868366303cf209433ac040d693cc..0000000000000000000000000000000000000000
--- a/openssl/crypto/x509v3/v3_crld.c
+++ /dev/null
@@ -1,616 +0,0 @@
-/* v3_crld.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-static void *v2i_crld(const X509V3_EXT_METHOD *method,
-		      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
-		     int indent);
-
-const X509V3_EXT_METHOD v3_crld =
-	{
-	NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
-	0,0,0,0,
-	0,0,
-	0,
-	v2i_crld,
-	i2r_crldp,0,
-	NULL
-	};
-
-const X509V3_EXT_METHOD v3_freshest_crl =
-	{
-	NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
-	0,0,0,0,
-	0,0,
-	0,
-	v2i_crld,
-	i2r_crldp,0,
-	NULL
-	};
-
-static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
-	{
-	STACK_OF(CONF_VALUE) *gnsect;
-	STACK_OF(GENERAL_NAME) *gens;
-	if (*sect == '@')
-		gnsect = X509V3_get_section(ctx, sect + 1);
-	else
-		gnsect = X509V3_parse_list(sect);
-	if (!gnsect)
-		{
-		X509V3err(X509V3_F_GNAMES_FROM_SECTNAME,
-						X509V3_R_SECTION_NOT_FOUND);
-		return NULL;
-		}
-	gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
-	if (*sect == '@')
-		X509V3_section_free(ctx, gnsect);
-	else
-		sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
-	return gens;
-	}
-
-static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
-							CONF_VALUE *cnf)
-	{
-	STACK_OF(GENERAL_NAME) *fnm = NULL;
-	STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
-	if (!strncmp(cnf->name, "fullname", 9))
-		{
-		fnm = gnames_from_sectname(ctx, cnf->value);
-		if (!fnm)
-			goto err;
-		}
-	else if (!strcmp(cnf->name, "relativename"))
-		{
-		int ret;
-		STACK_OF(CONF_VALUE) *dnsect;
-		X509_NAME *nm;
-		nm = X509_NAME_new();
-		if (!nm)
-			return -1;
-		dnsect = X509V3_get_section(ctx, cnf->value);
-		if (!dnsect)
-			{
-			X509V3err(X509V3_F_SET_DIST_POINT_NAME,
-						X509V3_R_SECTION_NOT_FOUND);
-			return -1;
-			}
-		ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
-		X509V3_section_free(ctx, dnsect);
-		rnm = nm->entries;
-		nm->entries = NULL;
-		X509_NAME_free(nm);
-		if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)
-			goto err;
-		/* Since its a name fragment can't have more than one
-		 * RDNSequence
-		 */
-		if (sk_X509_NAME_ENTRY_value(rnm,
-				sk_X509_NAME_ENTRY_num(rnm) - 1)->set)
-			{
-			X509V3err(X509V3_F_SET_DIST_POINT_NAME,
-						X509V3_R_INVALID_MULTIPLE_RDNS);
-			goto err;
-			}
-		}
-	else
-		return 0;
-
-	if (*pdp)
-		{
-		X509V3err(X509V3_F_SET_DIST_POINT_NAME,
-						X509V3_R_DISTPOINT_ALREADY_SET);
-		goto err;
-		}
-
-	*pdp = DIST_POINT_NAME_new();
-	if (!*pdp)
-		goto err;
-	if (fnm)
-		{
-		(*pdp)->type = 0;
-		(*pdp)->name.fullname = fnm;
-		}
-	else
-		{
-		(*pdp)->type = 1;
-		(*pdp)->name.relativename = rnm;
-		}
-
-	return 1;
-		
-	err:
-	if (fnm)
-		sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
-	if (rnm)
-		sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
-	return -1;
-	}
-
-static const BIT_STRING_BITNAME reason_flags[] = {
-{0, "Unused", "unused"},
-{1, "Key Compromise", "keyCompromise"},
-{2, "CA Compromise", "CACompromise"},
-{3, "Affiliation Changed", "affiliationChanged"},
-{4, "Superseded", "superseded"},
-{5, "Cessation Of Operation", "cessationOfOperation"},
-{6, "Certificate Hold", "certificateHold"},
-{7, "Privilege Withdrawn", "privilegeWithdrawn"},
-{8, "AA Compromise", "AACompromise"},
-{-1, NULL, NULL}
-};
-
-static int set_reasons(ASN1_BIT_STRING **preas, char *value)
-	{
-	STACK_OF(CONF_VALUE) *rsk = NULL;
-	const BIT_STRING_BITNAME *pbn;
-	const char *bnam;
-	int i, ret = 0;
-	rsk = X509V3_parse_list(value);
-	if (!rsk)
-		return 0;
-	if (*preas)
-		return 0;
-	for (i = 0; i < sk_CONF_VALUE_num(rsk); i++)
-		{
-		bnam = sk_CONF_VALUE_value(rsk, i)->name;
-		if (!*preas)
-			{
-			*preas = ASN1_BIT_STRING_new();
-			if (!*preas)
-				goto err;
-			}
-		for (pbn = reason_flags; pbn->lname; pbn++)
-			{
-			if (!strcmp(pbn->sname, bnam))
-				{
-				if (!ASN1_BIT_STRING_set_bit(*preas,
-							pbn->bitnum, 1))
-					goto err;
-				break;
-				}
-			}
-		if (!pbn->lname)
-			goto err;
-		}
-	ret = 1;
-
-	err:
-	sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);
-	return ret;
-	}
-
-static int print_reasons(BIO *out, const char *rname,
-			ASN1_BIT_STRING *rflags, int indent)
-	{
-	int first = 1;
-	const BIT_STRING_BITNAME *pbn;
-	BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
-	for (pbn = reason_flags; pbn->lname; pbn++)
-		{
-		if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum))
-			{
-			if (first)
-				first = 0;
-			else
-				BIO_puts(out, ", ");
-			BIO_puts(out, pbn->lname);
-			}
-		}
-	if (first)
-		BIO_puts(out, "<EMPTY>\n");
-	else
-		BIO_puts(out, "\n");
-	return 1;
-	}
-
-static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
-						STACK_OF(CONF_VALUE) *nval)
-	{
-	int i;
-	CONF_VALUE *cnf;
-	DIST_POINT *point = NULL;
-	point = DIST_POINT_new();
-	if (!point)
-		goto err;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
-		{
-		int ret;
-		cnf = sk_CONF_VALUE_value(nval, i);
-		ret = set_dist_point_name(&point->distpoint, ctx, cnf);
-		if (ret > 0)
-			continue;
-		if (ret < 0)
-			goto err;
-		if (!strcmp(cnf->name, "reasons"))
-			{
-			if (!set_reasons(&point->reasons, cnf->value))
-				goto err;
-			}
-		else if (!strcmp(cnf->name, "CRLissuer"))
-			{
-			point->CRLissuer =
-				gnames_from_sectname(ctx, cnf->value);
-			if (!point->CRLissuer)
-				goto err;
-			}
-		}
-
-	return point;
-			
-
-	err:
-	if (point)
-		DIST_POINT_free(point);
-	return NULL;
-	}
-
-static void *v2i_crld(const X509V3_EXT_METHOD *method,
-		      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-	{
-	STACK_OF(DIST_POINT) *crld = NULL;
-	GENERAL_NAMES *gens = NULL;
-	GENERAL_NAME *gen = NULL;
-	CONF_VALUE *cnf;
-	int i;
-	if(!(crld = sk_DIST_POINT_new_null())) goto merr;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		DIST_POINT *point;
-		cnf = sk_CONF_VALUE_value(nval, i);
-		if (!cnf->value)
-			{
-			STACK_OF(CONF_VALUE) *dpsect;
-			dpsect = X509V3_get_section(ctx, cnf->name);
-			if (!dpsect)
-				goto err;
-			point = crldp_from_section(ctx, dpsect);
-			X509V3_section_free(ctx, dpsect);
-			if (!point)
-				goto err;
-			if(!sk_DIST_POINT_push(crld, point))
-				{
-				DIST_POINT_free(point);
-				goto merr;
-				}
-			}
-		else
-			{
-			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
-				goto err; 
-			if(!(gens = GENERAL_NAMES_new()))
-				goto merr;
-			if(!sk_GENERAL_NAME_push(gens, gen))
-				goto merr;
-			gen = NULL;
-			if(!(point = DIST_POINT_new()))
-				goto merr;
-			if(!sk_DIST_POINT_push(crld, point))
-				{
-				DIST_POINT_free(point);
-				goto merr;
-				}
-			if(!(point->distpoint = DIST_POINT_NAME_new()))
-				goto merr;
-			point->distpoint->name.fullname = gens;
-			point->distpoint->type = 0;
-			gens = NULL;
-			}
-	}
-	return crld;
-
-	merr:
-	X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
-	err:
-	GENERAL_NAME_free(gen);
-	GENERAL_NAMES_free(gens);
-	sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
-	return NULL;
-}
-
-IMPLEMENT_STACK_OF(DIST_POINT)
-IMPLEMENT_ASN1_SET_OF(DIST_POINT)
-
-static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-								void *exarg)
-	{
-	DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval;
-
-	switch(operation)
-		{
-		case ASN1_OP_NEW_POST:
-		dpn->dpname = NULL;
-		break;
-
-		case ASN1_OP_FREE_POST:
-		if (dpn->dpname)
-			X509_NAME_free(dpn->dpname);
-		break;
-		}
-	return 1;
-	}
-
-
-ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {
-	ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
-	ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
-} ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type)
-
-
-IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
-
-ASN1_SEQUENCE(DIST_POINT) = {
-	ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
-	ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
-	ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
-} ASN1_SEQUENCE_END(DIST_POINT)
-
-IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
-
-ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
-ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
-
-IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
-
-ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
-	ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0),
-	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1),
-	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2),
-	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3),
-	ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4),
-	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)
-} ASN1_SEQUENCE_END(ISSUING_DIST_POINT)
-
-IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
-
-static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
-		   int indent);
-static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-		     STACK_OF(CONF_VALUE) *nval);
-
-const X509V3_EXT_METHOD v3_idp =
-	{
-	NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
-	ASN1_ITEM_ref(ISSUING_DIST_POINT),
-	0,0,0,0,
-	0,0,
-	0,
-	v2i_idp,
-	i2r_idp,0,
-	NULL
-	};
-
-static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-		     STACK_OF(CONF_VALUE) *nval)
-	{
-	ISSUING_DIST_POINT *idp = NULL;
-	CONF_VALUE *cnf;
-	char *name, *val;
-	int i, ret;
-	idp = ISSUING_DIST_POINT_new();
-	if (!idp)
-		goto merr;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
-		{
-		cnf = sk_CONF_VALUE_value(nval, i);
-		name = cnf->name;
-		val = cnf->value;
-		ret = set_dist_point_name(&idp->distpoint, ctx, cnf);
-		if (ret > 0)
-			continue;
-		if (ret < 0)
-			goto err;
-		if (!strcmp(name, "onlyuser"))
-			{
-			if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
-				goto err;
-			}
-		else if (!strcmp(name, "onlyCA"))
-			{
-			if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
-				goto err;
-			}
-		else if (!strcmp(name, "onlyAA"))
-			{
-			if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
-				goto err;
-			}
-		else if (!strcmp(name, "indirectCRL"))
-			{
-			if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
-				goto err;
-			}
-		else if (!strcmp(name, "onlysomereasons"))
-			{
-			if (!set_reasons(&idp->onlysomereasons, val))
-				goto err;
-			}
-		else
-			{
-                        X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
-                        X509V3_conf_err(cnf);
-                        goto err;
-			}
-		}
-	return idp;
-
-	merr:
-	X509V3err(X509V3_F_V2I_IDP,ERR_R_MALLOC_FAILURE);
-	err:
-	ISSUING_DIST_POINT_free(idp);
-	return NULL;
-	}
-
-static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
-	{
-	int i;
-	for (i = 0; i < sk_GENERAL_NAME_num(gens); i++)
-		{
-		BIO_printf(out, "%*s", indent + 2, "");
-		GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
-		BIO_puts(out, "\n");
-		}
-	return 1;
-	}
-
-static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
-	{
-	if (dpn->type == 0)
-		{
-		BIO_printf(out, "%*sFull Name:\n", indent, "");
-		print_gens(out, dpn->name.fullname, indent);
-		}
-	else
-		{
-		X509_NAME ntmp;
-		ntmp.entries = dpn->name.relativename;
-		BIO_printf(out, "%*sRelative Name:\n%*s",
-						indent, "", indent + 2, "");
-		X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
-		BIO_puts(out, "\n");
-		}
-	return 1;
-	}
-
-static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
-		   int indent)
-	{
-	ISSUING_DIST_POINT *idp = pidp;
-	if (idp->distpoint)
-		print_distpoint(out, idp->distpoint, indent);
-	if (idp->onlyuser > 0)
-		BIO_printf(out, "%*sOnly User Certificates\n", indent, "");
-	if (idp->onlyCA > 0)
-		BIO_printf(out, "%*sOnly CA Certificates\n", indent, "");
-	if (idp->indirectCRL > 0)
-		BIO_printf(out, "%*sIndirect CRL\n", indent, "");
-	if (idp->onlysomereasons)
-		print_reasons(out, "Only Some Reasons", 
-				idp->onlysomereasons, indent);
-	if (idp->onlyattr > 0)
-		BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
-	if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0)
-		&& (idp->indirectCRL <= 0) && !idp->onlysomereasons
-		&& (idp->onlyattr <= 0))
-		BIO_printf(out, "%*s<EMPTY>\n", indent, "");
-		
-	return 1;
-	}
-
-static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
-		     int indent)
-	{
-	STACK_OF(DIST_POINT) *crld = pcrldp;
-	DIST_POINT *point;
-	int i;
-	for(i = 0; i < sk_DIST_POINT_num(crld); i++)
-		{
-		BIO_puts(out, "\n");
-		point = sk_DIST_POINT_value(crld, i);
-		if(point->distpoint)
-			print_distpoint(out, point->distpoint, indent);
-		if(point->reasons) 
-			print_reasons(out, "Reasons", point->reasons,
-								indent);
-		if(point->CRLissuer)
-			{
-			BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
-			print_gens(out, point->CRLissuer, indent);
-			}
-		}
-	return 1;
-	}
-
-int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname)
-	{
-	int i;
-	STACK_OF(X509_NAME_ENTRY) *frag;
-	X509_NAME_ENTRY *ne;
-	if (!dpn || (dpn->type != 1))
-		return 1;
-	frag = dpn->name.relativename;
-	dpn->dpname = X509_NAME_dup(iname);
-	if (!dpn->dpname)
-		return 0;
-	for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++)
-		{
-		ne = sk_X509_NAME_ENTRY_value(frag, i);
-		if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1))
-			{
-			X509_NAME_free(dpn->dpname);
-			dpn->dpname = NULL;
-			return 0;
-			}
-		}
-	/* generate cached encoding of name */
-	if (i2d_X509_NAME(dpn->dpname, NULL) < 0)
-		{
-		X509_NAME_free(dpn->dpname);
-		dpn->dpname = NULL;
-		return 0;
-		}
-	return 1;
-	}