diff options
| author | Peter Jones <pjones@redhat.com> | 2017-08-31 13:57:30 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2017-08-31 15:13:58 -0400 |
| commit | 1d39ada8cb336d9e7c156be7526b674851fbdd40 (patch) | |
| tree | dc497e33b1d4830bf58d79dedc3026087f31f044 /Cryptlib/OpenSSL/crypto/x509v3 | |
| parent | eae64276ffe0361d2b4087c48390d12f157f65f0 (diff) | |
| download | efi-boot-shim-1d39ada8cb336d9e7c156be7526b674851fbdd40.tar.gz efi-boot-shim-1d39ada8cb336d9e7c156be7526b674851fbdd40.zip | |
Revert lots of Cryptlib updates.
OpenSSL changes quite a bit of the key validation, and most of the keys
I can find in the wild aren't marked as trusted by the new checker.
Intel noticed this too: https://github.com/vathpela/edk2/commit/f536d7c3ed
but instead of fixing the compatibility error, they switched their test
data to match the bug.
So that's pretty broken.
For now, I'm reverting OpenSSL 1.1.0e, because we need those certs in
the wild to work.
This reverts commit 513cbe2aea689bf968f171f894f3d4cdb43524d5.
This reverts commit e9cc33d6f2b7f35c6f5e349fd83fb9ae0bc66226.
This reverts commit 80d49f758ead0180bfe6161931838e0578248303.
This reverts commit 9bc647e2b23bcfd69a0077c0717fbc454c919a57.
This reverts commit ae75df6232ad30f3e8736e9449692d58a7439260.
This reverts commit e883479f35644d17db7efed710657c8543cfcb68.
This reverts commit 97469449fda5ba933a64280917e776487301a127.
This reverts commit e39692647f78e13d757ddbfdd36f440d5f526050.
This reverts commit 0f3dfc01e2d5e7df882c963dd8dc4a0dfbfc96ad.
This reverts commit 4da6ac819510c7cc4ba21d7a735d69b45daa5873.
This reverts commit d064bd7eef201f26cb926450a76260b5187ac689.
This reverts commit 9bc86cfd6f9387f0da9d5c0102b6aa5627e91c91.
This reverts commit ab9a05a10f16b33f7ee1e9da360c7801eebdb9d2.
Signed-off-by: Peter Jones <pjones@redhat.com>
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/x509v3')
39 files changed, 3465 insertions, 1518 deletions
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h b/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h index c9ede960..09ebbcae 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h +++ b/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h @@ -1,24 +1,138 @@ +/* ext_dat.h */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ +/* This file contains a table of "standard" extensions */ + +extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; +extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; +extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; +extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; +extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; +extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; +extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; +extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; +extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; +extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; +extern X509V3_EXT_METHOD v3_addr, v3_asid; +extern X509V3_EXT_METHOD v3_ct_scts[]; + +/* + * This table will be searched using OBJ_bsearch so it *must* kept in order + * of the ext_nid values. + */ + +static const X509V3_EXT_METHOD *standard_exts[] = { + &v3_nscert, + &v3_ns_ia5_list[0], + &v3_ns_ia5_list[1], + &v3_ns_ia5_list[2], + &v3_ns_ia5_list[3], + &v3_ns_ia5_list[4], + &v3_ns_ia5_list[5], + &v3_ns_ia5_list[6], + &v3_skey_id, + &v3_key_usage, + &v3_pkey_usage_period, + &v3_alt[0], + &v3_alt[1], + &v3_bcons, + &v3_crl_num, + &v3_cpols, + &v3_akey_id, + &v3_crld, + &v3_ext_ku, + &v3_delta_crl, + &v3_crl_reason, +#ifndef OPENSSL_NO_OCSP + &v3_crl_invdate, +#endif + &v3_sxnet, + &v3_info, +#ifndef OPENSSL_NO_RFC3779 + &v3_addr, + &v3_asid, +#endif +#ifndef OPENSSL_NO_OCSP + &v3_ocsp_nonce, + &v3_ocsp_crlid, + &v3_ocsp_accresp, + &v3_ocsp_nocheck, + &v3_ocsp_acutoff, + &v3_ocsp_serviceloc, +#endif + &v3_sinfo, + &v3_policy_constraints, +#ifndef OPENSSL_NO_OCSP + &v3_crl_hold, +#endif + &v3_pci, + &v3_name_constraints, + &v3_policy_mappings, + &v3_inhibit_anyp, + &v3_idp, + &v3_alt[2], + &v3_freshest_crl, +#ifndef OPENSSL_NO_SCT + &v3_ct_scts[0], + &v3_ct_scts[1], +#endif +}; -int name_cmp(const char *name, const char *cmp); +/* Number of standard extensions */ -extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; -extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; -extern const X509V3_EXT_METHOD v3_ns_ia5_list[8], v3_alt[3], v3_skey_id, v3_akey_id; -extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; -extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; -extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; -extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; -extern const X509V3_EXT_METHOD v3_crl_hold, v3_pci; -extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; -extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; -extern const X509V3_EXT_METHOD v3_addr, v3_asid; -extern const X509V3_EXT_METHOD v3_ct_scts[3]; -extern const X509V3_EXT_METHOD v3_tls_feature; +#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c index a9ee30a8..c8f41f24 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c @@ -1,16 +1,65 @@ +/* pcy_cache.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" #include "pcy_int.h" @@ -34,12 +83,12 @@ static int policy_cache_create(X509 *x, if (sk_POLICYINFO_num(policies) == 0) goto bad_policy; cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); - if (cache->data == NULL) + if (!cache->data) goto bad_policy; for (i = 0; i < sk_POLICYINFO_num(policies); i++) { policy = sk_POLICYINFO_value(policies, i); data = policy_data_new(policy, NULL, crit); - if (data == NULL) + if (!data) goto bad_policy; /* * Duplicate policy OIDs are illegal: reject if matches found. @@ -61,7 +110,8 @@ static int policy_cache_create(X509 *x, bad_policy: if (ret == -1) x->ex_flags |= EXFLAG_INVALID_POLICY; - policy_data_free(data); + if (data) + policy_data_free(data); sk_POLICYINFO_pop_free(policies, POLICYINFO_free); if (ret <= 0) { sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); @@ -78,11 +128,8 @@ static int policy_cache_new(X509 *x) CERTIFICATEPOLICIES *ext_cpols = NULL; POLICY_MAPPINGS *ext_pmaps = NULL; int i; - - if (x->policy_cache != NULL) - return 1; - cache = OPENSSL_malloc(sizeof(*cache)); - if (cache == NULL) + cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE)); + if (!cache) return 0; cache->anyPolicy = NULL; cache->data = NULL; @@ -153,14 +200,18 @@ static int policy_cache_new(X509 *x) goto bad_cache; } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) goto bad_cache; - goto just_cleanup; + if (0) { bad_cache: - x->ex_flags |= EXFLAG_INVALID_POLICY; + x->ex_flags |= EXFLAG_INVALID_POLICY; + } + + if (ext_pcons) + POLICY_CONSTRAINTS_free(ext_pcons); + + if (ext_any) + ASN1_INTEGER_free(ext_any); - just_cleanup: - POLICY_CONSTRAINTS_free(ext_pcons); - ASN1_INTEGER_free(ext_any); return 1; } @@ -169,8 +220,10 @@ void policy_cache_free(X509_POLICY_CACHE *cache) { if (!cache) return; - policy_data_free(cache->anyPolicy); - sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); + if (cache->anyPolicy) + policy_data_free(cache->anyPolicy); + if (cache->data) + sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); OPENSSL_free(cache); } @@ -178,9 +231,9 @@ const X509_POLICY_CACHE *policy_cache_set(X509 *x) { if (x->policy_cache == NULL) { - CRYPTO_THREAD_write_lock(x->lock); + CRYPTO_w_lock(CRYPTO_LOCK_X509); policy_cache_new(x); - CRYPTO_THREAD_unlock(x->lock); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); } return x->policy_cache; diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c index cf1d635e..90e9970e 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c @@ -1,13 +1,63 @@ +/* pcy_data.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> @@ -17,8 +67,6 @@ void policy_data_free(X509_POLICY_DATA *data) { - if (!data) - return; ASN1_OBJECT_free(data->valid_policy); /* Don't free qualifiers if shared */ if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) @@ -28,9 +76,9 @@ void policy_data_free(X509_POLICY_DATA *data) } /* - * Create a data based on an existing policy. If 'id' is NULL use the OID in + * Create a data based on an existing policy. If 'id' is NULL use the oid in * the policy, otherwise use 'id'. This behaviour covers the two types of - * data in RFC3280: data with from a CertificatePolicies extension and + * data in RFC3280: data with from a CertificatePolcies extension and * additional data with just the qualifiers of anyPolicy and ID from another * source. */ @@ -48,18 +96,21 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, return NULL; } else id = NULL; - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) + ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); + if (!ret) return NULL; ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); - if (ret->expected_policy_set == NULL) { + if (!ret->expected_policy_set) { OPENSSL_free(ret); - ASN1_OBJECT_free(id); + if (id) + ASN1_OBJECT_free(id); return NULL; } if (crit) ret->flags = POLICY_DATA_FLAG_CRITICAL; + else + ret->flags = 0; if (id) ret->valid_policy = id; @@ -71,7 +122,8 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, if (policy) { ret->qualifier_set = policy->qualifiers; policy->qualifiers = NULL; - } + } else + ret->qualifier_set = NULL; return ret; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h b/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h index 5daf78de..b5075f9e 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h @@ -1,15 +1,65 @@ +/* pcy_int.h */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; -DEFINE_STACK_OF(X509_POLICY_DATA) +DECLARE_STACK_OF(X509_POLICY_DATA) /* Internal structures */ @@ -119,7 +169,7 @@ struct X509_POLICY_TREE_st { * required. */ STACK_OF(X509_POLICY_DATA) *extra_data; - /* This is the authority constrained policy set */ + /* This is the authority constained policy set */ STACK_OF(X509_POLICY_NODE) *auth_policies; STACK_OF(X509_POLICY_NODE) *user_policies; unsigned int flags; @@ -157,7 +207,7 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, const ASN1_OBJECT *id); X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, + const X509_POLICY_DATA *data, X509_POLICY_NODE *parent, X509_POLICY_TREE *tree); void policy_node_free(X509_POLICY_NODE *node); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c index 67f7eafc..dbb29835 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c @@ -1,13 +1,63 @@ +/* pcy_lib.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> @@ -90,6 +140,15 @@ const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node) return node->data->valid_policy; } +#if 0 +int X509_policy_node_get_critical(const X509_POLICY_NODE *node) +{ + if (node_critical(node)) + return 1; + return 0; +} +#endif + STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c index ab9dd21b..b99eb91c 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c @@ -1,16 +1,65 @@ +/* pcy_map.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" #include "pcy_int.h" @@ -42,15 +91,15 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) /* Attempt to find matching policy data */ data = policy_cache_find_data(cache, map->issuerDomainPolicy); /* If we don't have anyPolicy can't map */ - if (data == NULL && !cache->anyPolicy) + if (!data && !cache->anyPolicy) continue; /* Create a NODE from anyPolicy */ - if (data == NULL) { + if (!data) { data = policy_data_new(NULL, map->issuerDomainPolicy, cache->anyPolicy->flags & POLICY_DATA_FLAG_CRITICAL); - if (data == NULL) + if (!data) goto bad_mapping; data->qualifier_set = cache->anyPolicy->qualifier_set; /* diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c index 80443bff..d6c91765 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c @@ -1,10 +1,60 @@ +/* pcy_node.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <openssl/asn1.h> @@ -59,17 +109,17 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, } X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, + const X509_POLICY_DATA *data, X509_POLICY_NODE *parent, X509_POLICY_TREE *tree) { X509_POLICY_NODE *node; - - node = OPENSSL_zalloc(sizeof(*node)); - if (node == NULL) + node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); + if (!node) return NULL; node->data = data; node->parent = parent; + node->nchild = 0; if (level) { if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { if (level->anyPolicy) @@ -77,9 +127,9 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, level->anyPolicy = node; } else { - if (level->nodes == NULL) + if (!level->nodes) level->nodes = policy_node_cmp_new(); - if (level->nodes == NULL) + if (!level->nodes) goto node_error; if (!sk_X509_POLICY_NODE_push(level->nodes, node)) goto node_error; @@ -87,9 +137,9 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, } if (tree) { - if (tree->extra_data == NULL) + if (!tree->extra_data) tree->extra_data = sk_X509_POLICY_DATA_new_null(); - if (tree->extra_data == NULL) + if (!tree->extra_data) goto node_error; if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) goto node_error; @@ -102,7 +152,8 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, node_error: policy_node_free(node); - return NULL; + return 0; + } void policy_node_free(X509_POLICY_NODE *node) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c index 9f9246be..09b8691c 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c @@ -1,13 +1,63 @@ +/* pcy_tree.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> @@ -48,26 +98,22 @@ static void expected_print(BIO *err, X509_POLICY_LEVEL *lev, static void tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) { - BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE); X509_POLICY_LEVEL *plev; - - if (err == NULL) - return; + X509_POLICY_NODE *node; + int i; + BIO *err; + err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!curr) curr = tree->levels + tree->nlevel; else curr++; - BIO_printf(err, "Level print after %s\n", str); BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels); for (plev = tree->levels; plev != curr; plev++) { - int i; - BIO_printf(err, "Level %ld, flags = %x\n", - (long)(plev - tree->levels), plev->flags); + plev - tree->levels, plev->flags); for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) { - X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(plev->nodes, i); - + node = sk_X509_POLICY_NODE_value(plev->nodes, i); X509_POLICY_NODE_print(err, node, 2); expected_print(err, plev, node, 2); BIO_printf(err, " Flags: %x\n", node->data->flags); @@ -75,17 +121,26 @@ static void tree_print(char *str, X509_POLICY_TREE *tree, if (plev->anyPolicy) X509_POLICY_NODE_print(err, plev->anyPolicy, 2); } + BIO_free(err); + } +#else + +# define tree_print(a,b,c) /* */ + #endif /*- - * Return value: <= 0 on error, or positive bit mask: - * - * X509_PCY_TREE_VALID: valid tree - * X509_PCY_TREE_EMPTY: empty tree (including bare TA case) - * X509_PCY_TREE_EXPLICIT: explicit policy required + * Initialize policy tree. Return values: + * 0 Some internal error occurred. + * -1 Inconsistent or invalid extensions in certificates. + * 1 Tree initialized OK. + * 2 Policy tree is empty. + * 5 Tree OK and requireExplicitPolicy true. + * 6 Tree empty and requireExplicitPolicy true. */ + static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, unsigned int flags) { @@ -93,112 +148,114 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, X509_POLICY_LEVEL *level; const X509_POLICY_CACHE *cache; X509_POLICY_DATA *data = NULL; - int ret = X509_PCY_TREE_VALID; - int n = sk_X509_num(certs) - 1; /* RFC5280 paths omit the TA */ - int explicit_policy = (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : n+1; - int any_skip = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : n+1; - int map_skip = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : n+1; - int i; - + X509 *x; + int ret = 1; + int i, n; + int explicit_policy; + int any_skip; + int map_skip; *ptree = NULL; + n = sk_X509_num(certs); - /* Can't do anything with just a trust anchor */ - if (n == 0) - return X509_PCY_TREE_EMPTY; +#if 0 + /* Disable policy mapping for now... */ + flags |= X509_V_FLAG_INHIBIT_MAP; +#endif - /* - * First setup the policy cache in all n non-TA certificates, this will be - * used in X509_verify_cert() which will invoke the verify callback for all - * certificates with invalid policy extensions. - */ - for (i = n - 1; i >= 0; i--) { - X509 *x = sk_X509_value(certs, i); + if (flags & X509_V_FLAG_EXPLICIT_POLICY) + explicit_policy = 0; + else + explicit_policy = n + 1; - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, 0); + if (flags & X509_V_FLAG_INHIBIT_ANY) + any_skip = 0; + else + any_skip = n + 1; - /* If cache is NULL, likely ENOMEM: return immediately */ - if (policy_cache_set(x) == NULL) - return X509_PCY_TREE_INTERNAL; - } + if (flags & X509_V_FLAG_INHIBIT_MAP) + map_skip = 0; + else + map_skip = n + 1; + /* Can't do anything with just a trust anchor */ + if (n == 1) + return 1; /* - * At this point check for invalid policies and required explicit policy. - * Note that the explicit_policy counter is a count-down to zero, with the - * requirement kicking in if and once it does that. The counter is - * decremented for every non-self-issued certificate in the path, but may - * be further reduced by policy constraints in a non-leaf certificate. - * - * The ultimate policy set is the intersection of all the policies along - * the path, if we hit a certificate with an empty policy set, and explicit - * policy is required we're done. + * First setup policy cache in all certificates apart from the trust + * anchor. Note any bad cache results on the way. Also can calculate + * explicit_policy value at this point. */ - for (i = n - 1; - i >= 0 && (explicit_policy > 0 || (ret & X509_PCY_TREE_EMPTY) == 0); - i--) { - X509 *x = sk_X509_value(certs, i); - uint32_t ex_flags = X509_get_extension_flags(x); - - /* All the policies are already cached, we can return early */ - if (ex_flags & EXFLAG_INVALID_POLICY) - return X509_PCY_TREE_INVALID; - - /* Access the cache which we now know exists */ + for (i = n - 2; i >= 0; i--) { + x = sk_X509_value(certs, i); + X509_check_purpose(x, -1, -1); cache = policy_cache_set(x); - - if ((ret & X509_PCY_TREE_VALID) && cache->data == NULL) - ret = X509_PCY_TREE_EMPTY; + /* If cache NULL something bad happened: return immediately */ + if (cache == NULL) + return 0; + /* + * If inconsistent extensions keep a note of it but continue + */ + if (x->ex_flags & EXFLAG_INVALID_POLICY) + ret = -1; + /* + * Otherwise if we have no data (hence no CertificatePolicies) and + * haven't already set an inconsistent code note it. + */ + else if ((ret == 1) && !cache->data) + ret = 2; if (explicit_policy > 0) { - if (!(ex_flags & EXFLAG_SI)) + if (!(x->ex_flags & EXFLAG_SI)) explicit_policy--; - if ((cache->explicit_skip >= 0) + if ((cache->explicit_skip != -1) && (cache->explicit_skip < explicit_policy)) explicit_policy = cache->explicit_skip; } } - if (explicit_policy == 0) - ret |= X509_PCY_TREE_EXPLICIT; - if ((ret & X509_PCY_TREE_VALID) == 0) + if (ret != 1) { + if (ret == 2 && !explicit_policy) + return 6; return ret; + } /* If we get this far initialize the tree */ - if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL) - return X509_PCY_TREE_INTERNAL; - /* - * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. - * - * The top level is implicitly for the trust anchor with valid expected - * policies of anyPolicy. (RFC 5280 has the TA at depth 0 and the leaf at - * depth n, we have the leaf at depth 0 and the TA at depth n). - */ - if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) { + tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE)); + + if (!tree) + return 0; + + tree->flags = 0; + tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n); + tree->nlevel = 0; + tree->extra_data = NULL; + tree->auth_policies = NULL; + tree->user_policies = NULL; + + if (!tree->levels) { OPENSSL_free(tree); - return X509_PCY_TREE_INTERNAL; + return 0; } - tree->nlevel = n+1; + + memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); + + tree->nlevel = n; + level = tree->levels; - if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL) - goto bad_tree; - if (level_add_node(level, data, NULL, tree) == NULL) { - policy_data_free(data); - goto bad_tree; - } - /* - * In this pass initialize all the tree levels and whether anyPolicy and - * policy mapping are inhibited at each level. - */ - for (i = n - 1; i >= 0; i--) { - X509 *x = sk_X509_value(certs, i); - uint32_t ex_flags = X509_get_extension_flags(x); + /* Root data: initialize to anyPolicy */ - /* Access the cache which we now know exists */ - cache = policy_cache_set(x); + data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); - X509_up_ref(x); - (++level)->cert = x; + if (!data || !level_add_node(level, data, NULL, tree)) + goto bad_tree; + + for (i = n - 2; i >= 0; i--) { + level++; + x = sk_X509_value(certs, i); + cache = policy_cache_set(x); + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + level->cert = x; if (!cache->anyPolicy) level->flags |= X509_V_FLAG_INHIBIT_ANY; @@ -206,57 +263,63 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, /* Determine inhibit any and inhibit map flags */ if (any_skip == 0) { /* - * Any matching allowed only if certificate is self issued and not - * the last in the chain. + * Any matching allowed if certificate is self issued and not the + * last in the chain. */ - if (!(ex_flags & EXFLAG_SI) || (i == 0)) + if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) level->flags |= X509_V_FLAG_INHIBIT_ANY; } else { - if (!(ex_flags & EXFLAG_SI)) + if (!(x->ex_flags & EXFLAG_SI)) any_skip--; - if ((cache->any_skip >= 0) && (cache->any_skip < any_skip)) + if ((cache->any_skip >= 0) + && (cache->any_skip < any_skip)) any_skip = cache->any_skip; } if (map_skip == 0) level->flags |= X509_V_FLAG_INHIBIT_MAP; else { - if (!(ex_flags & EXFLAG_SI)) + if (!(x->ex_flags & EXFLAG_SI)) map_skip--; - if ((cache->map_skip >= 0) && (cache->map_skip < map_skip)) + if ((cache->map_skip >= 0) + && (cache->map_skip < map_skip)) map_skip = cache->map_skip; } + } *ptree = tree; - return ret; + + if (explicit_policy) + return 1; + else + return 5; bad_tree: + X509_policy_tree_free(tree); - return X509_PCY_TREE_INTERNAL; + + return 0; + } -/* - * Return value: 1 on success, 0 otherwise - */ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_DATA *data) + const X509_POLICY_DATA *data) { X509_POLICY_LEVEL *last = curr - 1; + X509_POLICY_NODE *node; int i, matched = 0; - /* Iterate through all in nodes linking matches */ for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) { - X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); - + node = sk_X509_POLICY_NODE_value(last->nodes, i); if (policy_node_match(last, node, data->valid_policy)) { - if (level_add_node(curr, data, node, NULL) == NULL) + if (!level_add_node(curr, data, node, NULL)) return 0; matched = 1; } } if (!matched && last->anyPolicy) { - if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL) + if (!level_add_node(curr, data, last->anyPolicy, NULL)) return 0; } return 1; @@ -265,17 +328,29 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, /* * This corresponds to RFC3280 6.1.3(d)(1): link any data from * CertificatePolicies onto matching parent or anyPolicy if no match. - * - * Return value: 1 on success, 0 otherwise. */ + static int tree_link_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache) { int i; + X509_POLICY_DATA *data; for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { - X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); - + data = sk_X509_POLICY_DATA_value(cache->data, i); + /* + * If a node is mapped any it doesn't have a corresponding + * CertificatePolicies entry. However such an identical node would + * be created if anyPolicy matching is enabled because there would be + * no match with the parent valid_policy_set. So we create link + * because then it will have the mapping flags right and we can prune + * it later. + */ +#if 0 + if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) + && !(curr->flags & X509_V_FLAG_INHIBIT_ANY)) + continue; +#endif /* Look for matching nodes in previous level */ if (!tree_link_matching_nodes(curr, data)) return 0; @@ -286,38 +361,35 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, /* * This corresponds to RFC3280 6.1.3(d)(2): Create new data for any unmatched * policies in the parent and link to anyPolicy. - * - * Return value: 1 on success, 0 otherwise. */ + static int tree_add_unmatched(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, const ASN1_OBJECT *id, X509_POLICY_NODE *node, X509_POLICY_TREE *tree) { X509_POLICY_DATA *data; - if (id == NULL) id = node->data->valid_policy; /* * Create a new node with qualifiers from anyPolicy and id from unmatched * node. */ - if ((data = policy_data_new(NULL, id, node_critical(node))) == NULL) - return 0; + data = policy_data_new(NULL, id, node_critical(node)); + if (data == NULL) + return 0; /* Curr may not have anyPolicy */ data->qualifier_set = cache->anyPolicy->qualifier_set; data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; - if (level_add_node(curr, data, node, tree) == NULL) { + if (!level_add_node(curr, data, node, tree)) { policy_data_free(data); return 0; } + return 1; } -/* - * Return value: 1 on success, 0 otherwise. - */ static int tree_link_unmatched(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, X509_POLICY_NODE *node, X509_POLICY_TREE *tree) @@ -348,17 +420,19 @@ static int tree_link_unmatched(X509_POLICY_LEVEL *curr, } } + return 1; + } -/* - * Return value: 1 on success, 0 otherwise - */ static int tree_link_any(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, X509_POLICY_TREE *tree) { int i; + /* + * X509_POLICY_DATA *data; + */ X509_POLICY_NODE *node; X509_POLICY_LEVEL *last = curr - 1; @@ -367,24 +441,50 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, if (!tree_link_unmatched(curr, cache, node, tree)) return 0; + +#if 0 + + /* + * Skip any node with any children: we only want unmathced nodes. + * Note: need something better for policy mapping because each node + * may have multiple children + */ + if (node->nchild) + continue; + + /* + * Create a new node with qualifiers from anyPolicy and id from + * unmatched node. + */ + data = policy_data_new(NULL, node->data->valid_policy, + node_critical(node)); + + if (data == NULL) + return 0; + /* Curr may not have anyPolicy */ + data->qualifier_set = cache->anyPolicy->qualifier_set; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; + if (!level_add_node(curr, data, node, tree)) { + policy_data_free(data); + return 0; + } +#endif + } /* Finally add link to anyPolicy */ - if (last->anyPolicy && - level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL) - return 0; + if (last->anyPolicy) { + if (!level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL)) + return 0; + } return 1; } -/*- - * Prune the tree: delete any child mapped child data on the current level then - * proceed up the tree deleting any data with no children. If we ever have no - * data on a level we can halt because the tree will be empty. - * - * Return value: <= 0 error, otherwise one of: - * - * X509_PCY_TREE_VALID: valid tree - * X509_PCY_TREE_EMPTY: empty tree +/* + * Prune the tree: delete any child mapped child data on the current level + * then proceed up the tree deleting any data with no children. If we ever + * have no data on a level we can halt because the tree will be empty. */ + static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) { STACK_OF(X509_POLICY_NODE) *nodes; @@ -423,43 +523,41 @@ static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) if (curr == tree->levels) { /* If we zapped anyPolicy at top then tree is empty */ if (!curr->anyPolicy) - return X509_PCY_TREE_EMPTY; - break; + return 2; + return 1; } } - return X509_PCY_TREE_VALID; + + return 1; + } -/* - * Return value: 1 on success, 0 otherwise. - */ static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes, X509_POLICY_NODE *pcy) { - if (*pnodes == NULL && - (*pnodes = policy_node_cmp_new()) == NULL) - return 0; - if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) + if (!*pnodes) { + *pnodes = policy_node_cmp_new(); + if (!*pnodes) + return 0; + } else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) return 1; - return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0; -} -#define TREE_CALC_FAILURE 0 -#define TREE_CALC_OK_NOFREE 1 -#define TREE_CALC_OK_DOFREE 2 + if (!sk_X509_POLICY_NODE_push(*pnodes, pcy)) + return 0; -/*- - * Calculate the authority set based on policy tree. The 'pnodes' parameter is - * used as a store for the set of policy nodes used to calculate the user set. - * If the authority set is not anyPolicy then pnodes will just point to the - * authority set. If however the authority set is anyPolicy then the set of - * valid policies (other than anyPolicy) is store in pnodes. - * - * Return value: - * TREE_CALC_FAILURE on failure, - * TREE_CALC_OK_NOFREE on success and pnodes need not be freed, - * TREE_CALC_OK_DOFREE on success and pnodes needs to be freed + return 1; + +} + +/* + * Calculate the authority set based on policy tree. The 'pnodes' parameter + * is used as a store for the set of policy nodes used to calculate the user + * set. If the authority set is not anyPolicy then pnodes will just point to + * the authority set. If however the authority set is anyPolicy then the set + * of valid policies (other than anyPolicy) is store in pnodes. The return + * value of '2' is used in this case to indicate that pnodes should be freed. */ + static int tree_calculate_authority_set(X509_POLICY_TREE *tree, STACK_OF(X509_POLICY_NODE) **pnodes) { @@ -472,7 +570,7 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, /* If last level contains anyPolicy set is anyPolicy */ if (curr->anyPolicy) { if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)) - return TREE_CALC_FAILURE; + return 0; addnodes = pnodes; } else /* Add policies to authority set */ @@ -484,31 +582,25 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, * If no anyPolicy node on this this level it can't appear on lower * levels so end search. */ - if ((anyptr = curr->anyPolicy) == NULL) + if (!(anyptr = curr->anyPolicy)) break; curr++; for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) { node = sk_X509_POLICY_NODE_value(curr->nodes, j); if ((node->parent == anyptr) - && !tree_add_auth_node(addnodes, node)) { - if (addnodes == pnodes) { - sk_X509_POLICY_NODE_free(*pnodes); - *pnodes = NULL; - } - return TREE_CALC_FAILURE; - } + && !tree_add_auth_node(addnodes, node)) + return 0; } } + if (addnodes == pnodes) - return TREE_CALC_OK_DOFREE; + return 2; *pnodes = tree->auth_policies; - return TREE_CALC_OK_NOFREE; + + return 1; } -/* - * Return value: 1 on success, 0 otherwise. - */ static int tree_calculate_user_set(X509_POLICY_TREE *tree, STACK_OF(ASN1_OBJECT) *policy_oids, STACK_OF(X509_POLICY_NODE) *auth_nodes) @@ -516,6 +608,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, int i; X509_POLICY_NODE *node; ASN1_OBJECT *oid; + X509_POLICY_NODE *anyPolicy; X509_POLICY_DATA *extra; @@ -523,6 +616,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, * Check if anyPolicy present in authority constrained policy set: this * will happen if it is a leaf node. */ + if (sk_ASN1_OBJECT_num(policy_oids) <= 0) return 1; @@ -547,7 +641,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, * from anyPolicy. */ extra = policy_data_new(NULL, oid, node_critical(anyPolicy)); - if (extra == NULL) + if (!extra) return 0; extra->qualifier_set = anyPolicy->data->qualifier_set; extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS @@ -563,14 +657,9 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, return 0; } return 1; + } -/*- - * Return value: <= 0 error, otherwise one of: - * X509_PCY_TREE_VALID: valid tree - * X509_PCY_TREE_EMPTY: empty tree - * (see tree_prune()). - */ static int tree_evaluate(X509_POLICY_TREE *tree) { int ret, i; @@ -580,19 +669,19 @@ static int tree_evaluate(X509_POLICY_TREE *tree) for (i = 1; i < tree->nlevel; i++, curr++) { cache = policy_cache_set(curr->cert); if (!tree_link_nodes(curr, cache)) - return X509_PCY_TREE_INTERNAL; + return 0; if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) && !tree_link_any(curr, cache, tree)) - return X509_PCY_TREE_INTERNAL; -#ifdef OPENSSL_POLICY_DEBUG + return 0; tree_print("before tree_prune()", tree, curr); -#endif ret = tree_prune(tree, curr); - if (ret != X509_PCY_TREE_VALID) + if (ret != 1) return ret; } - return X509_PCY_TREE_VALID; + + return 1; + } static void exnode_free(X509_POLICY_NODE *node) @@ -613,12 +702,17 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree) sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) { - X509_free(curr->cert); - sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); - policy_node_free(curr->anyPolicy); + if (curr->cert) + X509_free(curr->cert); + if (curr->nodes) + sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); + if (curr->anyPolicy) + policy_node_free(curr->anyPolicy); } - sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); + if (tree->extra_data) + sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); + OPENSSL_free(tree->levels); OPENSSL_free(tree); @@ -627,70 +721,111 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree) /*- * Application policy checking function. * Return codes: - * X509_PCY_TREE_FAILURE: Failure to satisfy explicit policy - * X509_PCY_TREE_INVALID: Inconsistent or invalid extensions - * X509_PCY_TREE_INTERNAL: Internal error, most likely malloc - * X509_PCY_TREE_VALID: Success (null tree if empty or bare TA) + * 0 Internal Error. + * 1 Successful. + * -1 One or more certificates contain invalid or inconsistent extensions + * -2 User constrained policy set empty and requireExplicit true. */ + int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, STACK_OF(X509) *certs, STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags) { - int init_ret; int ret; X509_POLICY_TREE *tree = NULL; STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; - *ptree = NULL; + *pexplicit_policy = 0; - init_ret = tree_init(&tree, certs, flags); + ret = tree_init(&tree, certs, flags); - if (init_ret <= 0) - return init_ret; + switch (ret) { - if ((init_ret & X509_PCY_TREE_EXPLICIT) == 0) { - if (init_ret & X509_PCY_TREE_EMPTY) { - X509_policy_tree_free(tree); - return X509_PCY_TREE_VALID; - } - } else { + /* Tree empty requireExplicit False: OK */ + case 2: + return 1; + + /* Some internal error */ + case -1: + return -1; + + /* Some internal error */ + case 0: + return 0; + + /* Tree empty requireExplicit True: Error */ + + case 6: *pexplicit_policy = 1; - /* Tree empty and requireExplicit True: Error */ - if (init_ret & X509_PCY_TREE_EMPTY) - return X509_PCY_TREE_FAILURE; + return -2; + + /* Tree OK requireExplicit True: OK and continue */ + case 5: + *pexplicit_policy = 1; + break; + + /* Tree OK: continue */ + + case 1: + if (!tree) + /* + * tree_init() returns success and a null tree + * if it's just looking at a trust anchor. + * I'm not sure that returning success here is + * correct, but I'm sure that reporting this + * as an internal error which our caller + * interprets as a malloc failure is wrong. + */ + return 1; + break; } + if (!tree) + goto error; ret = tree_evaluate(tree); -#ifdef OPENSSL_POLICY_DEBUG + tree_print("tree_evaluate()", tree, NULL); -#endif + if (ret <= 0) goto error; - if (ret == X509_PCY_TREE_EMPTY) { + /* Return value 2 means tree empty */ + if (ret == 2) { X509_policy_tree_free(tree); - if (init_ret & X509_PCY_TREE_EXPLICIT) - return X509_PCY_TREE_FAILURE; - return X509_PCY_TREE_VALID; + if (*pexplicit_policy) + return -2; + else + return 1; } /* Tree is not empty: continue */ - if ((ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0 || - !tree_calculate_user_set(tree, policy_oids, auth_nodes)) + + ret = tree_calculate_authority_set(tree, &auth_nodes); + + if (!ret) goto error; - if (ret == TREE_CALC_OK_DOFREE) + + if (!tree_calculate_user_set(tree, policy_oids, auth_nodes)) + goto error; + + if (ret == 2) sk_X509_POLICY_NODE_free(auth_nodes); - *ptree = tree; + if (tree) + *ptree = tree; - if (init_ret & X509_PCY_TREE_EXPLICIT) { + if (*pexplicit_policy) { nodes = X509_policy_tree_get0_user_policies(tree); if (sk_X509_POLICY_NODE_num(nodes) <= 0) - return X509_PCY_TREE_FAILURE; + return -2; } - return X509_PCY_TREE_VALID; + + return 1; error: + X509_policy_tree_free(tree); - return X509_PCY_TREE_INTERNAL; + + return 0; + } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c index ef1d775a..1290dec9 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c @@ -1,10 +1,58 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Contributed to the OpenSSL Project by the American Registry for + * Internet Numbers ("ARIN"). + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). */ /* @@ -14,14 +62,12 @@ #include <stdio.h> #include <stdlib.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/buffer.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" -#include "ext_dat.h" #ifndef OPENSSL_NO_RFC3779 @@ -52,7 +98,7 @@ ASN1_SEQUENCE(IPAddressFamily) = { ASN1_ITEM_TEMPLATE(IPAddrBlocks) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, IPAddrBlocks, IPAddressFamily) -static_ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) +ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange) IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange) @@ -62,7 +108,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily) /* * How much buffer space do we need for a raw address? */ -#define ADDR_RAW_BUF_LEN 16 +# define ADDR_RAW_BUF_LEN 16 /* * What's the address length associated with this AFI? @@ -82,7 +128,7 @@ static int length_from_afi(const unsigned afi) /* * Extract the AFI from an IPAddressFamily. */ -unsigned int X509v3_addr_get_afi(const IPAddressFamily *f) +unsigned int v3_addr_get_afi(const IPAddressFamily *f) { return ((f != NULL && f->addressFamily != NULL && f->addressFamily->data != NULL) @@ -117,7 +163,7 @@ static int addr_expand(unsigned char *addr, /* * Extract the prefix length from a bitstring. */ -#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) +# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) /* * i2r handler for one address bitstring. @@ -200,7 +246,7 @@ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, int i; for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - const unsigned int afi = X509v3_addr_get_afi(f); + const unsigned int afi = v3_addr_get_afi(f); switch (afi) { case IANA_AFI_IPV4: BIO_printf(out, "%*sIPv4", indent, ""); @@ -312,7 +358,7 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a, /* * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort() - * comparison routines are only allowed two arguments. + * comparision routines are only allowed two arguments. */ static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, const IPAddressOrRange *const *b) @@ -322,7 +368,7 @@ static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, /* * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort() - * comparison routines are only allowed two arguments. + * comparision routines are only allowed two arguments. */ static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a, const IPAddressOrRange *const *b) @@ -482,7 +528,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, { IPAddressFamily *f; unsigned char key[3]; - int keylen; + unsigned keylen; int i; key[0] = (afi >> 8) & 0xFF; @@ -525,8 +571,8 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, /* * Add an inheritance element. */ -int X509v3_addr_add_inherit(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi) +int v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi) { IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); if (f == NULL || @@ -581,10 +627,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, /* * Add a prefix. */ -int X509v3_addr_add_prefix(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi, - unsigned char *a, const int prefixlen) +int v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, + const unsigned *safi, + unsigned char *a, const int prefixlen) { IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); IPAddressOrRange *aor; @@ -599,10 +645,10 @@ int X509v3_addr_add_prefix(IPAddrBlocks *addr, /* * Add a range. */ -int X509v3_addr_add_range(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi, - unsigned char *min, unsigned char *max) +int v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, + const unsigned *safi, + unsigned char *min, unsigned char *max) { IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); IPAddressOrRange *aor; @@ -639,10 +685,10 @@ static int extract_min_max(IPAddressOrRange *aor, /* * Public wrapper for extract_min_max(). */ -int X509v3_addr_get_range(IPAddressOrRange *aor, - const unsigned afi, - unsigned char *min, - unsigned char *max, const int length) +int v3_addr_get_range(IPAddressOrRange *aor, + const unsigned afi, + unsigned char *min, + unsigned char *max, const int length) { int afi_length = length_from_afi(afi); if (aor == NULL || min == NULL || max == NULL || @@ -656,7 +702,7 @@ int X509v3_addr_get_range(IPAddressOrRange *aor, } /* - * Sort comparison function for a sequence of IPAddressFamily. + * Sort comparision function for a sequence of IPAddressFamily. * * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about * the ordering: I can read it as meaning that IPv6 without a SAFI @@ -678,7 +724,7 @@ static int IPAddressFamily_cmp(const IPAddressFamily *const *a_, /* * Check whether an IPAddrBLocks is in canonical form. */ -int X509v3_addr_is_canonical(IPAddrBlocks *addr) +int v3_addr_is_canonical(IPAddrBlocks *addr) { unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; @@ -686,7 +732,7 @@ int X509v3_addr_is_canonical(IPAddrBlocks *addr) int i, j, k; /* - * Empty extension is canonical. + * Empty extension is cannonical. */ if (addr == NULL) return 1; @@ -706,7 +752,7 @@ int X509v3_addr_is_canonical(IPAddrBlocks *addr) */ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - int length = length_from_afi(X509v3_addr_get_afi(f)); + int length = length_from_afi(v3_addr_get_afi(f)); /* * Inheritance is canonical. Anything other than inheritance or @@ -849,8 +895,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); if (a != NULL && a->type == IPAddressOrRange_addressRange) { unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; - if (!extract_min_max(a, a_min, a_max, length)) - return 0; + extract_min_max(a, a_min, a_max, length); if (memcmp(a_min, a_max, length) > 0) return 0; } @@ -862,7 +907,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, /* * Whack an IPAddrBlocks extension into canonical form. */ -int X509v3_addr_canonize(IPAddrBlocks *addr) +int v3_addr_canonize(IPAddrBlocks *addr) { int i; for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { @@ -870,12 +915,12 @@ int X509v3_addr_canonize(IPAddrBlocks *addr) if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && !IPAddressOrRanges_canonize(f->ipAddressChoice-> u.addressesOrRanges, - X509v3_addr_get_afi(f))) + v3_addr_get_afi(f))) return 0; } (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); sk_IPAddressFamily_sort(addr); - OPENSSL_assert(X509v3_addr_is_canonical(addr)); + OPENSSL_assert(v3_addr_is_canonical(addr)); return 1; } @@ -901,7 +946,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, CONF_VALUE *val = sk_CONF_VALUE_value(values, i); unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; unsigned afi, *safi = NULL, safi_; - const char *addr_chars = NULL; + const char *addr_chars; int prefixlen, i1, i2, delim, length; if (!name_cmp(val->name, "IPv4")) { @@ -933,7 +978,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, length = length_from_afi(afi); /* - * Handle SAFI, if any, and OPENSSL_strdup() so we can null-terminate + * Handle SAFI, if any, and BUF_strdup() so we can null-terminate * the other input values. */ if (safi != NULL) { @@ -945,9 +990,9 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, goto err; } t += strspn(t, " \t"); - s = OPENSSL_strdup(t); + s = BUF_strdup(t); } else { - s = OPENSSL_strdup(val->value); + s = BUF_strdup(val->value); } if (s == NULL) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); @@ -958,8 +1003,8 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, * Check for inheritance. Not worth additional complexity to * optimize this (seldom-used) case. */ - if (strcmp(s, "inherit") == 0) { - if (!X509v3_addr_add_inherit(addr, afi, safi)) { + if (!strcmp(s, "inherit")) { + if (!v3_addr_add_inherit(addr, afi, safi)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE); X509V3_conf_err(val); @@ -990,7 +1035,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, X509V3_conf_err(val); goto err; } - if (!X509v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { + if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); goto err; } @@ -1016,13 +1061,13 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, X509V3_conf_err(val); goto err; } - if (!X509v3_addr_add_range(addr, afi, safi, min, max)) { + if (!v3_addr_add_range(addr, afi, safi, min, max)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); goto err; } break; case '\0': - if (!X509v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { + if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); goto err; } @@ -1041,7 +1086,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, /* * Canonize the result, then we're done. */ - if (!X509v3_addr_canonize(addr)) + if (!v3_addr_canonize(addr)) goto err; return addr; @@ -1071,7 +1116,7 @@ const X509V3_EXT_METHOD v3_addr = { /* * Figure out whether extension sues inheritance. */ -int X509v3_addr_inherits(IPAddrBlocks *addr) +int v3_addr_inherits(IPAddrBlocks *addr) { int i; if (addr == NULL) @@ -1124,12 +1169,12 @@ static int addr_contains(IPAddressOrRanges *parent, /* * Test whether a is a subset of b. */ -int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) +int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) { int i; if (a == NULL || a == b) return 1; - if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b)) + if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) return 0; (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); for (i = 0; i < sk_IPAddressFamily_num(a); i++) { @@ -1141,7 +1186,7 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) return 0; if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, fa->ipAddressChoice->u.addressesOrRanges, - length_from_afi(X509v3_addr_get_afi(fb)))) + length_from_afi(v3_addr_get_afi(fb)))) return 0; } return 1; @@ -1150,7 +1195,7 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) /* * Validation error handling via callback. */ -#define validation_err(_err_) \ +# define validation_err(_err_) \ do { \ if (ctx != NULL) { \ ctx->error = _err_; \ @@ -1172,9 +1217,9 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) * When returning 0, ctx->error MUST be set to an appropriate value other than * X509_V_OK. */ -static int addr_validate_path_internal(X509_STORE_CTX *ctx, - STACK_OF(X509) *chain, - IPAddrBlocks *ext) +static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, + STACK_OF(X509) *chain, + IPAddrBlocks *ext) { IPAddrBlocks *child = NULL; int i, j, ret = 1; @@ -1199,11 +1244,11 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, if ((ext = x->rfc3779_addr) == NULL) goto done; } - if (!X509v3_addr_is_canonical(ext)) + if (!v3_addr_is_canonical(ext)) validation_err(X509_V_ERR_INVALID_EXTENSION); (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { - X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL, + X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; ret = 0; @@ -1217,7 +1262,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, for (i++; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); OPENSSL_assert(x != NULL); - if (!X509v3_addr_is_canonical(x->rfc3779_addr)) + if (!v3_addr_is_canonical(x->rfc3779_addr)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (x->rfc3779_addr == NULL) { for (j = 0; j < sk_IPAddressFamily_num(child); j++) { @@ -1249,7 +1294,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, if (fc->ipAddressChoice->type == IPAddressChoice_inherit || addr_contains(fp->ipAddressChoice->u.addressesOrRanges, fc->ipAddressChoice->u.addressesOrRanges, - length_from_afi(X509v3_addr_get_afi(fc)))) + length_from_afi(v3_addr_get_afi(fc)))) sk_IPAddressFamily_set(child, j, fp); else validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -1276,30 +1321,30 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, return ret; } -#undef validation_err +# undef validation_err /* * RFC 3779 2.3 path validation -- called from X509_verify_cert(). */ -int X509v3_addr_validate_path(X509_STORE_CTX *ctx) +int v3_addr_validate_path(X509_STORE_CTX *ctx) { - return addr_validate_path_internal(ctx, ctx->chain, NULL); + return v3_addr_validate_path_internal(ctx, ctx->chain, NULL); } /* * RFC 3779 2.3 path validation of an extension. * Test whether chain covers extension. */ -int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, +int v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, int allow_inheritance) { if (ext == NULL) return 1; if (chain == NULL || sk_X509_num(chain) == 0) return 0; - if (!allow_inheritance && X509v3_addr_inherits(ext)) + if (!allow_inheritance && v3_addr_inherits(ext)) return 0; - return addr_validate_path_internal(NULL, chain, ext); + return v3_addr_validate_path_internal(NULL, chain, ext); } #endif /* OPENSSL_NO_RFC3779 */ diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c index d9f77043..e920270e 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c @@ -1,19 +1,68 @@ +/* v3_akey.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid, @@ -41,14 +90,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, { char *tmp; if (akeyid->keyid) { - tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); + tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); X509V3_add_value("keyid", tmp, &extlist); OPENSSL_free(tmp); } if (akeyid->issuer) extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); if (akeyid->serial) { - tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); + tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length); X509V3_add_value("serial", tmp, &extlist); OPENSSL_free(tmp); } @@ -82,13 +131,13 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, for (i = 0; i < sk_CONF_VALUE_num(values); i++) { cnf = sk_CONF_VALUE_value(values, i); - if (strcmp(cnf->name, "keyid") == 0) { + if (!strcmp(cnf->name, "keyid")) { keyid = 1; - if (cnf->value && strcmp(cnf->value, "always") == 0) + if (cnf->value && !strcmp(cnf->value, "always")) keyid = 2; - } else if (strcmp(cnf->name, "issuer") == 0) { + } else if (!strcmp(cnf->name, "issuer")) { issuer = 1; - if (cnf->value && strcmp(cnf->value, "always") == 0) + if (cnf->value && !strcmp(cnf->value, "always")) issuer = 2; } else { X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION); @@ -120,7 +169,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, if ((issuer && !ikeyid) || (issuer == 2)) { isname = X509_NAME_dup(X509_get_issuer_name(cert)); - serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); if (!isname || !serial) { X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); @@ -128,12 +177,12 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, } } - if ((akeyid = AUTHORITY_KEYID_new()) == NULL) + if (!(akeyid = AUTHORITY_KEYID_new())) goto err; if (isname) { - if ((gens = sk_GENERAL_NAME_new_null()) == NULL - || (gen = GENERAL_NAME_new()) == NULL + if (!(gens = sk_GENERAL_NAME_new_null()) + || !(gen = GENERAL_NAME_new()) || !sk_GENERAL_NAME_push(gens, gen)) { X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); goto err; @@ -143,18 +192,14 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, } akeyid->issuer = gens; - gen = NULL; - gens = NULL; akeyid->serial = serial; akeyid->keyid = ikeyid; return akeyid; err: - sk_GENERAL_NAME_free(gens); - GENERAL_NAME_free(gen); X509_NAME_free(isname); - ASN1_INTEGER_free(serial); - ASN1_OCTET_STRING_free(ikeyid); + M_ASN1_INTEGER_free(serial); + M_ASN1_OCTET_STRING_free(ikeyid); return NULL; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c index d6dd6bcb..2cc85b76 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c @@ -1,14 +1,64 @@ +/* v3_akey_asn1.c */ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c index 0364e336..7f1e71dd 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c @@ -1,17 +1,66 @@ +/* v3_alt.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, @@ -21,10 +70,10 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *nval); static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); -static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); -static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); +static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); +static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); -const X509V3_EXT_METHOD v3_alt[3] = { +const X509V3_EXT_METHOD v3_alt[] = { {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), 0, 0, 0, 0, 0, 0, @@ -158,7 +207,7 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) break; case GEN_DIRNAME: - BIO_printf(out, "DirName:"); + BIO_printf(out, "DirName: "); X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); break; @@ -180,7 +229,7 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) break; case GEN_RID: - BIO_printf(out, "Registered ID:"); + BIO_printf(out, "Registered ID"); i2a_ASN1_OBJECT(out, gen->d.rid); break; } @@ -194,20 +243,19 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - - if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { + if (!(gens = sk_GENERAL_NAME_new_null())) { X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!name_cmp(cnf->name, "issuer") - && cnf->value && strcmp(cnf->value, "copy") == 0) { + if (!name_cmp(cnf->name, "issuer") && cnf->value && + !strcmp(cnf->value, "copy")) { if (!copy_issuer(ctx, gens)) goto err; } else { GENERAL_NAME *gen; - if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; sk_GENERAL_NAME_push(gens, gen); } @@ -226,7 +274,6 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) GENERAL_NAME *gen; X509_EXTENSION *ext; int i; - if (ctx && (ctx->flags == CTX_TEST)) return 1; if (!ctx || !ctx->issuer_cert) { @@ -236,8 +283,8 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); if (i < 0) return 1; - if ((ext = X509_get_ext(ctx->issuer_cert, i)) == NULL - || (ialt = X509V3_EXT_d2i(ext)) == NULL) { + if (!(ext = X509_get_ext(ctx->issuer_cert, i)) || + !(ialt = X509V3_EXT_d2i(ext))) { X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR); goto err; } @@ -265,24 +312,23 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - - if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { + if (!(gens = sk_GENERAL_NAME_new_null())) { X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!name_cmp(cnf->name, "email") - && cnf->value && strcmp(cnf->value, "copy") == 0) { + if (!name_cmp(cnf->name, "email") && cnf->value && + !strcmp(cnf->value, "copy")) { if (!copy_email(ctx, gens, 0)) goto err; - } else if (!name_cmp(cnf->name, "email") - && cnf->value && strcmp(cnf->value, "move") == 0) { + } else if (!name_cmp(cnf->name, "email") && cnf->value && + !strcmp(cnf->value, "move")) { if (!copy_email(ctx, gens, 1)) goto err; } else { GENERAL_NAME *gen; - if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; sk_GENERAL_NAME_push(gens, gen); } @@ -321,13 +367,13 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) while ((i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i)) >= 0) { ne = X509_NAME_get_entry(nm, i); - email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne)); + email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); if (move_p) { X509_NAME_delete_entry(nm, i); X509_NAME_ENTRY_free(ne); i--; } - if (email == NULL || (gen = GENERAL_NAME_new()) == NULL) { + if (!email || !(gen = GENERAL_NAME_new())) { X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE); goto err; } @@ -345,7 +391,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) err: GENERAL_NAME_free(gen); - ASN1_IA5STRING_free(email); + M_ASN1_IA5STRING_free(email); return 0; } @@ -357,14 +403,13 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - - if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { + if (!(gens = sk_GENERAL_NAME_new_null())) { X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; sk_GENERAL_NAME_push(gens, gen); } @@ -382,7 +427,7 @@ GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, int gen_type, const char *value, + X509V3_CTX *ctx, int gen_type, char *value, int is_nc) { char is_string = 0; @@ -413,7 +458,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, case GEN_RID: { ASN1_OBJECT *obj; - if ((obj = OBJ_txt2obj(value, 0)) == NULL) { + if (!(obj = OBJ_txt2obj(value, 0))) { X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_OBJECT); ERR_add_error_data(2, "value=", value); goto err; @@ -453,7 +498,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, } if (is_string) { - if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL || + if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, strlen(value))) { X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE); @@ -511,26 +556,27 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, } -static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) +static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { char *objtmp = NULL, *p; int objlen; - - if ((p = strchr(value, ';')) == NULL) + if (!(p = strchr(value, ';'))) return 0; - if ((gen->d.otherName = OTHERNAME_new()) == NULL) + if (!(gen->d.otherName = OTHERNAME_new())) return 0; /* * Free this up because we will overwrite it. no need to free type_id * because it is static */ ASN1_TYPE_free(gen->d.otherName->value); - if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL) + if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) return 0; objlen = p - value; - objtmp = OPENSSL_strndup(value, objlen); + objtmp = OPENSSL_malloc(objlen + 1); if (objtmp == NULL) return 0; + strncpy(objtmp, value, objlen); + objtmp[objlen] = 0; gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); OPENSSL_free(objtmp); if (!gen->d.otherName->type_id) @@ -538,13 +584,12 @@ static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) return 1; } -static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) +static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { int ret = 0; STACK_OF(CONF_VALUE) *sk = NULL; - X509_NAME *nm; - - if ((nm = X509_NAME_new()) == NULL) + X509_NAME *nm = NULL; + if (!(nm = X509_NAME_new())) goto err; sk = X509V3_get_section(ctx, value); if (!sk) { diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c index af4fcf4c..2a32c9d0 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c @@ -1,10 +1,58 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Contributed to the OpenSSL Project by the American Registry for + * Internet Numbers ("ARIN"). + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). */ /* @@ -13,15 +61,13 @@ #include <stdio.h> #include <string.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> #include <openssl/x509.h> -#include "internal/x509_int.h" #include <openssl/bn.h> -#include "ext_dat.h" #ifndef OPENSSL_NO_RFC3779 @@ -116,7 +162,7 @@ static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method, } /* - * Sort comparison function for a sequence of ASIdOrRange elements. + * Sort comparision function for a sequence of ASIdOrRange elements. */ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, const ASIdOrRange *const *b_) @@ -149,7 +195,7 @@ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, /* * Add an inherit element. */ -int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) +int v3_asid_add_inherit(ASIdentifiers *asid, int which) { ASIdentifierChoice **choice; if (asid == NULL) @@ -178,8 +224,8 @@ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) /* * Add an ID or range to an ASIdentifierChoice. */ -int X509v3_asid_add_id_or_range(ASIdentifiers *asid, - int which, ASN1_INTEGER *min, ASN1_INTEGER *max) +int v3_asid_add_id_or_range(ASIdentifiers *asid, + int which, ASN1_INTEGER *min, ASN1_INTEGER *max) { ASIdentifierChoice **choice; ASIdOrRange *aor; @@ -276,8 +322,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); - ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = - NULL; + ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; extract_min_max(a, &a_min, &a_max); extract_min_max(b, &b_min, &b_max); @@ -335,7 +380,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) /* * Check whether an ASIdentifier extension is in canonical form. */ -int X509v3_asid_is_canonical(ASIdentifiers *asid) +int v3_asid_is_canonical(ASIdentifiers *asid) { return (asid == NULL || (ASIdentifierChoice_is_canonical(asid->asnum) && @@ -379,8 +424,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); - ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = - NULL; + ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; extract_min_max(a, &a_min, &a_max); extract_min_max(b, &b_min, &b_max); @@ -426,7 +470,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) ASRange *r; switch (a->type) { case ASIdOrRange_id: - if ((r = OPENSSL_malloc(sizeof(*r))) == NULL) { + if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) { X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE); goto done; @@ -483,7 +527,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * Whack an ASIdentifier extension into canonical form. */ -int X509v3_asid_canonize(ASIdentifiers *asid) +int v3_asid_canonize(ASIdentifiers *asid) { return (asid == NULL || (ASIdentifierChoice_canonize(asid->asnum) && @@ -508,7 +552,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, for (i = 0; i < sk_CONF_VALUE_num(values); i++) { CONF_VALUE *val = sk_CONF_VALUE_value(values, i); - int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0; + int i1, i2, i3, is_range, which; /* * Figure out whether this is an AS or an RDI. @@ -527,8 +571,8 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, /* * Handle inheritance. */ - if (strcmp(val->value, "inherit") == 0) { - if (X509v3_asid_add_inherit(asid, which)) + if (!strcmp(val->value, "inherit")) { + if (v3_asid_add_inherit(asid, which)) continue; X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE); @@ -571,7 +615,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, goto err; } } else { - char *s = OPENSSL_strdup(val->value); + char *s = BUF_strdup(val->value); if (s == NULL) { X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); goto err; @@ -590,7 +634,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, goto err; } } - if (!X509v3_asid_add_id_or_range(asid, which, min, max)) { + if (!v3_asid_add_id_or_range(asid, which, min, max)) { X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); goto err; } @@ -600,7 +644,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, /* * Canonize the result, then we're done. */ - if (!X509v3_asid_canonize(asid)) + if (!v3_asid_canonize(asid)) goto err; return asid; @@ -631,7 +675,7 @@ const X509V3_EXT_METHOD v3_asid = { /* * Figure out whether extension uses inheritance. */ -int X509v3_asid_inherits(ASIdentifiers *asid) +int v3_asid_inherits(ASIdentifiers *asid) { return (asid != NULL && ((asid->asnum != NULL && @@ -645,7 +689,7 @@ int X509v3_asid_inherits(ASIdentifiers *asid) */ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) { - ASN1_INTEGER *p_min = NULL, *p_max = NULL, *c_min = NULL, *c_max = NULL; + ASN1_INTEGER *p_min, *p_max, *c_min, *c_max; int p, c; if (child == NULL || parent == child) @@ -672,15 +716,15 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) } /* - * Test whether a is a subset of b. + * Test whether a is a subet of b. */ -int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) +int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) { return (a == NULL || a == b || (b != NULL && - !X509v3_asid_inherits(a) && - !X509v3_asid_inherits(b) && + !v3_asid_inherits(a) && + !v3_asid_inherits(b) && asid_contains(b->asnum->u.asIdsOrRanges, a->asnum->u.asIdsOrRanges) && asid_contains(b->rdi->u.asIdsOrRanges, @@ -690,7 +734,7 @@ int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) /* * Validation error handling via callback. */ -#define validation_err(_err_) \ +# define validation_err(_err_) \ do { \ if (ctx != NULL) { \ ctx->error = _err_; \ @@ -707,9 +751,9 @@ int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) /* * Core code for RFC 3779 3.3 path validation. */ -static int asid_validate_path_internal(X509_STORE_CTX *ctx, - STACK_OF(X509) *chain, - ASIdentifiers *ext) +static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, + STACK_OF(X509) *chain, + ASIdentifiers *ext) { ASIdOrRanges *child_as = NULL, *child_rdi = NULL; int i, ret = 1, inherit_as = 0, inherit_rdi = 0; @@ -734,7 +778,7 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, if ((ext = x->rfc3779_asid) == NULL) goto done; } - if (!X509v3_asid_is_canonical(ext)) + if (!v3_asid_is_canonical(ext)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (ext->asnum != NULL) { switch (ext->asnum->type) { @@ -769,7 +813,7 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, validation_err(X509_V_ERR_UNNESTED_RESOURCE); continue; } - if (!X509v3_asid_is_canonical(x->rfc3779_asid)) + if (!v3_asid_is_canonical(x->rfc3779_asid)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -823,30 +867,30 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, return ret; } -#undef validation_err +# undef validation_err /* * RFC 3779 3.3 path validation -- called from X509_verify_cert(). */ -int X509v3_asid_validate_path(X509_STORE_CTX *ctx) +int v3_asid_validate_path(X509_STORE_CTX *ctx) { - return asid_validate_path_internal(ctx, ctx->chain, NULL); + return v3_asid_validate_path_internal(ctx, ctx->chain, NULL); } /* * RFC 3779 3.3 path validation of an extension. * Test whether chain covers extension. */ -int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, - ASIdentifiers *ext, int allow_inheritance) +int v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, int allow_inheritance) { if (ext == NULL) return 1; if (chain == NULL || sk_X509_num(chain) == 0) return 0; - if (!allow_inheritance && X509v3_asid_inherits(ext)) + if (!allow_inheritance && v3_asid_inherits(ext)) return 0; - return asid_validate_path_internal(NULL, chain, ext); + return v3_asid_validate_path_internal(NULL, chain, ext); } #endif /* OPENSSL_NO_RFC3779 */ diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c index 3bbf1555..dc00b9cb 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c @@ -1,19 +1,68 @@ +/* v3_bcons.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, @@ -58,17 +107,16 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons = NULL; CONF_VALUE *val; int i; - - if ((bcons = BASIC_CONSTRAINTS_new()) == NULL) { + if (!(bcons = BASIC_CONSTRAINTS_new())) { X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(values); i++) { val = sk_CONF_VALUE_value(values, i); - if (strcmp(val->name, "CA") == 0) { + if (!strcmp(val->name, "CA")) { if (!X509V3_get_value_bool(val, &bcons->ca)) goto err; - } else if (strcmp(val->name, "pathlen") == 0) { + } else if (!strcmp(val->name, "pathlen")) { if (!X509V3_get_value_int(val, &bcons->pathlen)) goto err; } else { diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c index 4802116b..b7bb3b55 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c @@ -1,17 +1,66 @@ +/* v3_bitst.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static BIT_STRING_BITNAME ns_cert_type_table[] = { {0, "SSL Client", "client"}, @@ -63,19 +112,19 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bs; int i; BIT_STRING_BITNAME *bnam; - if ((bs = ASN1_BIT_STRING_new()) == NULL) { + if (!(bs = M_ASN1_BIT_STRING_new())) { X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); for (bnam = method->usr_data; bnam->lname; bnam++) { - if (strcmp(bnam->sname, val->name) == 0 - || strcmp(bnam->lname, val->name) == 0) { + if (!strcmp(bnam->sname, val->name) || + !strcmp(bnam->lname, val->name)) { if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); - ASN1_BIT_STRING_free(bs); + M_ASN1_BIT_STRING_free(bs); return NULL; } break; @@ -85,7 +134,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); X509V3_conf_err(val); - ASN1_BIT_STRING_free(bs); + M_ASN1_BIT_STRING_free(bs); return NULL; } } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c index f625ff54..c1b4c1a8 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c @@ -1,40 +1,88 @@ +/* v3_conf.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ - /* extension creation utilities */ #include <stdio.h> #include <ctype.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509.h> -#include "internal/x509_int.h" #include <openssl/x509v3.h> -static int v3_check_critical(const char **value); -static int v3_check_generic(const char **value); +static int v3_check_critical(char **value); +static int v3_check_generic(char **value); static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, const char *value); -static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, + int crit, char *value); +static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); -static char *conf_lhash_get_string(void *db, const char *section, const char *value); -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section); +static char *conf_lhash_get_string(void *db, char *section, char *value); +static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc); -static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, +static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); /* CONF *conf: Config file */ /* char *name: Name */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, - const char *value) +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, + char *value) { int crit; int ext_type; @@ -53,7 +101,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, /* CONF *conf: Config file */ /* char *value: Value */ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - const char *value) + char *value) { int crit; int ext_type; @@ -67,18 +115,17 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, /* CONF *conf: Config file */ /* char *value: Value */ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, const char *value) + int crit, char *value) { const X509V3_EXT_METHOD *method; X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; void *ext_struc; - if (ext_nid == NID_undef) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME); return NULL; } - if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { + if (!(method = X509V3_EXT_get_nid(ext_nid))) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); return NULL; } @@ -94,7 +141,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); if (*value != '@') - sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); + sk_CONF_VALUE_free(nval); return NULL; } ext_struc = method->v2i(method, ctx, nval); @@ -103,14 +150,14 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, if (!ext_struc) return NULL; } else if (method->s2i) { - if ((ext_struc = method->s2i(method, ctx, value)) == NULL) + if (!(ext_struc = method->s2i(method, ctx, value))) return NULL; } else if (method->r2i) { if (!ctx->db || !ctx->db_meth) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE); return NULL; } - if ((ext_struc = method->r2i(method, ctx, value)) == NULL) + if (!(ext_struc = method->r2i(method, ctx, value))) return NULL; } else { X509V3err(X509V3_F_DO_EXT_NCONF, @@ -131,9 +178,9 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc) { - unsigned char *ext_der = NULL; + unsigned char *ext_der; int ext_len; - ASN1_OCTET_STRING *ext_oct = NULL; + ASN1_OCTET_STRING *ext_oct; X509_EXTENSION *ext; /* Convert internal representation to DER */ if (method->it) { @@ -144,30 +191,26 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, goto merr; } else { unsigned char *p; - ext_len = method->i2d(ext_struc, NULL); - if ((ext_der = OPENSSL_malloc(ext_len)) == NULL) + if (!(ext_der = OPENSSL_malloc(ext_len))) goto merr; p = ext_der; method->i2d(ext_struc, &p); } - if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL) + if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; ext_oct->data = ext_der; - ext_der = NULL; ext_oct->length = ext_len; ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); if (!ext) goto merr; - ASN1_OCTET_STRING_free(ext_oct); + M_ASN1_OCTET_STRING_free(ext_oct); return ext; merr: X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ext_der); - ASN1_OCTET_STRING_free(ext_oct); return NULL; } @@ -177,8 +220,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) { const X509V3_EXT_METHOD *method; - - if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { + if (!(method = X509V3_EXT_get_nid(ext_nid))) { X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); return NULL; } @@ -186,9 +228,9 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) } /* Check the extension string for critical flag */ -static int v3_check_critical(const char **value) +static int v3_check_critical(char **value) { - const char *p = *value; + char *p = *value; if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; p += 9; @@ -199,14 +241,14 @@ static int v3_check_critical(const char **value) } /* Check extension string for generic extension and return the type */ -static int v3_check_generic(const char **value) +static int v3_check_generic(char **value) { int gen_type = 0; - const char *p = *value; - if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) { + char *p = *value; + if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { p += 4; gen_type = 1; - } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) { + } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { p += 5; gen_type = 2; } else @@ -219,17 +261,16 @@ static int v3_check_generic(const char **value) } /* Create a generic extension: for now just handle DER type */ -static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, +static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int gen_type, X509V3_CTX *ctx) { unsigned char *ext_der = NULL; - long ext_len = 0; + long ext_len; ASN1_OBJECT *obj = NULL; ASN1_OCTET_STRING *oct = NULL; X509_EXTENSION *extension = NULL; - - if ((obj = OBJ_txt2obj(ext, 0)) == NULL) { + if (!(obj = OBJ_txt2obj(ext, 0))) { X509V3err(X509V3_F_V3_GENERIC_EXTENSION, X509V3_R_EXTENSION_NAME_ERROR); ERR_add_error_data(2, "name=", ext); @@ -237,7 +278,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, } if (gen_type == 1) - ext_der = OPENSSL_hexstr2buf(value, &ext_len); + ext_der = string_to_hex(value, &ext_len); else if (gen_type == 2) ext_der = generic_asn1(value, ctx, &ext_len); @@ -248,7 +289,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, goto err; } - if ((oct = ASN1_OCTET_STRING_new()) == NULL) { + if (!(oct = M_ASN1_OCTET_STRING_new())) { X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); goto err; } @@ -261,13 +302,14 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, err: ASN1_OBJECT_free(obj); - ASN1_OCTET_STRING_free(oct); - OPENSSL_free(ext_der); + M_ASN1_OCTET_STRING_free(oct); + if (ext_der) + OPENSSL_free(ext_der); return extension; } -static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, +static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) { ASN1_TYPE *typ; @@ -280,39 +322,24 @@ static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, return ext_der; } -static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext) -{ - int idx; - ASN1_OBJECT *obj; - obj = X509_EXTENSION_get_object(dext); - while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) { - X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx); - X509v3_delete_ext(sk, idx); - X509_EXTENSION_free(tmpext); - } -} - /* * This is the main function: add a bunch of extensions based on a config * file section to an extension STACK. */ -int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk) { X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; CONF_VALUE *val; int i; - - if ((nval = NCONF_get_section(conf, section)) == NULL) + if (!(nval = NCONF_get_section(conf, section))) return 0; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - if ((ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)) == NULL) + if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) return 0; - if (ctx->flags == X509V3_CTX_REPLACE) - delete_ext(*sk, ext); if (sk) X509v3_add_ext(sk, ext, -1); X509_EXTENSION_free(ext); @@ -324,29 +351,29 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, * Convenience functions to add extensions to a certificate, CRL and request */ -int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert) { STACK_OF(X509_EXTENSION) **sk = NULL; if (cert) - sk = &cert->cert_info.extensions; + sk = &cert->cert_info->extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); } /* Same as above but for a CRL */ -int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl) { STACK_OF(X509_EXTENSION) **sk = NULL; if (crl) - sk = &crl->crl.extensions; + sk = &crl->crl->extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); } /* Add extensions to certificate request */ -int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req) { STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; @@ -363,7 +390,7 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, /* Config database functions */ -char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) +char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) { if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED); @@ -374,7 +401,7 @@ char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) return NULL; } -STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section) +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section) { if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { X509V3err(X509V3_F_X509V3_GET_SECTION, @@ -402,12 +429,12 @@ void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) ctx->db_meth->free_section(ctx->db, section); } -static char *nconf_get_string(void *db, const char *section, const char *value) +static char *nconf_get_string(void *db, char *section, char *value) { return NCONF_get_string(db, section, value); } -static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section) +static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) { return NCONF_get_section(db, section); } @@ -438,7 +465,7 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, /* Old conf compatibility functions */ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *name, const char *value) + char *name, char *value) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -448,19 +475,19 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, /* LHASH *conf: Config file */ /* char *value: Value */ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, - X509V3_CTX *ctx, int ext_nid, const char *value) + X509V3_CTX *ctx, int ext_nid, char *value) { CONF ctmp; CONF_set_nconf(&ctmp, conf); return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); } -static char *conf_lhash_get_string(void *db, const char *section, const char *value) +static char *conf_lhash_get_string(void *db, char *section, char *value) { return CONF_get_string(db, section, value); } -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section) +static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) { return CONF_get_section(db, section); } @@ -479,7 +506,7 @@ void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) } int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509 *cert) + char *section, X509 *cert) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -489,7 +516,7 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, /* Same as above but for a CRL */ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_CRL *crl) + char *section, X509_CRL *crl) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -499,7 +526,7 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, /* Add extensions to certificate request */ int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_REQ *req) + char *section, X509_REQ *req) { CONF ctmp; CONF_set_nconf(&ctmp, conf); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c index f717e132..d97f6226 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c @@ -1,28 +1,77 @@ +/* v3_cpols.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> #include "pcy_int.h" -#include "ext_dat.h" /* Certificate policies extension support: this one is a bit complex... */ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *value); + X509V3_CTX *ctx, char *value); static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); static void print_notice(BIO *out, USERNOTICE *notice, int indent); @@ -84,7 +133,7 @@ ASN1_SEQUENCE(NOTICEREF) = { IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *value) + X509V3_CTX *ctx, char *value) { STACK_OF(POLICYINFO) *pols = NULL; char *pstr; @@ -113,7 +162,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, goto err; } pstr = cnf->name; - if (strcmp(pstr, "ia5org") == 0) { + if (!strcmp(pstr, "ia5org")) { ia5org = 1; continue; } else if (*pstr == '@') { @@ -127,10 +176,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, } pol = policy_section(ctx, polsect, ia5org); X509V3_section_free(ctx, polsect); - if (pol == NULL) + if (!pol) goto err; } else { - if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) { + if (!(pobj = OBJ_txt2obj(cnf->name, 0))) { X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); @@ -139,7 +188,6 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, pol = POLICYINFO_new(); if (pol == NULL) { X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); - ASN1_OBJECT_free(pobj); goto err; } pol->policyid = pobj; @@ -165,14 +213,13 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, CONF_VALUE *cnf; POLICYINFO *pol; POLICYQUALINFO *qual; - - if ((pol = POLICYINFO_new()) == NULL) + if (!(pol = POLICYINFO_new())) goto merr; for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { cnf = sk_CONF_VALUE_value(polstrs, i); - if (strcmp(cnf->name, "policyIdentifier") == 0) { + if (!strcmp(cnf->name, "policyIdentifier")) { ASN1_OBJECT *pobj; - if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { + if (!(pobj = OBJ_txt2obj(cnf->value, 0))) { X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); @@ -181,17 +228,17 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, pol->policyid = pobj; } else if (!name_cmp(cnf->name, "CPS")) { - if (pol->qualifiers == NULL) + if (!pol->qualifiers) pol->qualifiers = sk_POLICYQUALINFO_new_null(); - if ((qual = POLICYQUALINFO_new()) == NULL) + if (!(qual = POLICYQUALINFO_new())) goto merr; if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; - if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) { + if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR); goto err; } - if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL) + if (!(qual->d.cpsuri = M_ASN1_IA5STRING_new())) goto merr; if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) @@ -249,28 +296,27 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, CONF_VALUE *cnf; USERNOTICE *not; POLICYQUALINFO *qual; - - if ((qual = POLICYQUALINFO_new()) == NULL) + if (!(qual = POLICYQUALINFO_new())) goto merr; - if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) { + if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR); goto err; } - if ((not = USERNOTICE_new()) == NULL) + if (!(not = USERNOTICE_new())) goto merr; qual->d.usernotice = not; for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); - if (strcmp(cnf->name, "explicitText") == 0) { - if ((not->exptext = ASN1_VISIBLESTRING_new()) == NULL) + if (!strcmp(cnf->name, "explicitText")) { + if (!(not->exptext = M_ASN1_VISIBLESTRING_new())) goto merr; if (!ASN1_STRING_set(not->exptext, cnf->value, strlen(cnf->value))) goto merr; - } else if (strcmp(cnf->name, "organization") == 0) { + } else if (!strcmp(cnf->name, "organization")) { NOTICEREF *nref; if (!not->noticeref) { - if ((nref = NOTICEREF_new()) == NULL) + if (!(nref = NOTICEREF_new())) goto merr; not->noticeref = nref; } else @@ -282,11 +328,11 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if (!ASN1_STRING_set(nref->organization, cnf->value, strlen(cnf->value))) goto merr; - } else if (strcmp(cnf->name, "noticeNumbers") == 0) { + } else if (!strcmp(cnf->name, "noticeNumbers")) { NOTICEREF *nref; STACK_OF(CONF_VALUE) *nos; if (!not->noticeref) { - if ((nref = NOTICEREF_new()) == NULL) + if (!(nref = NOTICEREF_new())) goto merr; not->noticeref = nref; } else @@ -295,7 +341,6 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if (!nos || !sk_CONF_VALUE_num(nos)) { X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS); X509V3_conf_err(cnf); - sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); goto err; } ret = nref_nos(nref->noticenos, nos); @@ -335,7 +380,7 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { cnf = sk_CONF_VALUE_value(nos, i); - if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) { + if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER); goto err; } @@ -345,10 +390,10 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) return 1; merr: - ASN1_INTEGER_free(aint); X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE); err: + sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); return 0; } @@ -439,3 +484,8 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) else BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); } + + +IMPLEMENT_STACK_OF(X509_POLICY_NODE) + +IMPLEMENT_STACK_OF(X509_POLICY_DATA) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c index c4c77f18..d3e1d1b0 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c @@ -1,22 +1,69 @@ +/* v3_crld.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" -#include "ext_dat.h" - static void *v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, @@ -68,17 +115,16 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, { STACK_OF(GENERAL_NAME) *fnm = NULL; STACK_OF(X509_NAME_ENTRY) *rnm = NULL; - - if (strncmp(cnf->name, "fullname", 9) == 0) { + if (!strncmp(cnf->name, "fullname", 9)) { fnm = gnames_from_sectname(ctx, cnf->value); if (!fnm) goto err; - } else if (strcmp(cnf->name, "relativename") == 0) { + } else if (!strcmp(cnf->name, "relativename")) { int ret; STACK_OF(CONF_VALUE) *dnsect; X509_NAME *nm; nm = X509_NAME_new(); - if (nm == NULL) + if (!nm) return -1; dnsect = X509V3_get_section(ctx, cnf->value); if (!dnsect) { @@ -112,7 +158,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, } *pdp = DIST_POINT_NAME_new(); - if (*pdp == NULL) + if (!*pdp) goto err; if (fnm) { (*pdp)->type = 0; @@ -125,8 +171,10 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, return 1; err: - sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); - sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); + if (fnm) + sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); + if (rnm) + sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); return -1; } @@ -150,19 +198,19 @@ static int set_reasons(ASN1_BIT_STRING **preas, char *value) const char *bnam; int i, ret = 0; rsk = X509V3_parse_list(value); - if (rsk == NULL) + if (!rsk) + return 0; + if (*preas) return 0; - if (*preas != NULL) - goto err; for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) { bnam = sk_CONF_VALUE_value(rsk, i)->name; - if (*preas == NULL) { + if (!*preas) { *preas = ASN1_BIT_STRING_new(); - if (*preas == NULL) + if (!*preas) goto err; } for (pbn = reason_flags; pbn->lname; pbn++) { - if (strcmp(pbn->sname, bnam) == 0) { + if (!strcmp(pbn->sname, bnam)) { if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1)) goto err; break; @@ -207,7 +255,7 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, CONF_VALUE *cnf; DIST_POINT *point = NULL; point = DIST_POINT_new(); - if (point == NULL) + if (!point) goto err; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { int ret; @@ -217,10 +265,10 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (strcmp(cnf->name, "reasons") == 0) { + if (!strcmp(cnf->name, "reasons")) { if (!set_reasons(&point->reasons, cnf->value)) goto err; - } else if (strcmp(cnf->name, "CRLissuer") == 0) { + } else if (!strcmp(cnf->name, "CRLissuer")) { point->CRLissuer = gnames_from_sectname(ctx, cnf->value); if (!point->CRLissuer) goto err; @@ -230,7 +278,8 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, return point; err: - DIST_POINT_free(point); + if (point) + DIST_POINT_free(point); return NULL; } @@ -242,8 +291,7 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, GENERAL_NAME *gen = NULL; CONF_VALUE *cnf; int i; - - if ((crld = sk_DIST_POINT_new_null()) == NULL) + if (!(crld = sk_DIST_POINT_new_null())) goto merr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { DIST_POINT *point; @@ -262,20 +310,20 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, goto merr; } } else { - if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; - if ((gens = GENERAL_NAMES_new()) == NULL) + if (!(gens = GENERAL_NAMES_new())) goto merr; if (!sk_GENERAL_NAME_push(gens, gen)) goto merr; gen = NULL; - if ((point = DIST_POINT_new()) == NULL) + if (!(point = DIST_POINT_new())) goto merr; if (!sk_DIST_POINT_push(crld, point)) { DIST_POINT_free(point); goto merr; } - if ((point->distpoint = DIST_POINT_NAME_new()) == NULL) + if (!(point->distpoint = DIST_POINT_NAME_new())) goto merr; point->distpoint->name.fullname = gens; point->distpoint->type = 0; @@ -293,6 +341,10 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, return NULL; } +IMPLEMENT_STACK_OF(DIST_POINT) + +IMPLEMENT_ASN1_SET_OF(DIST_POINT) + static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { @@ -304,7 +356,8 @@ static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_FREE_POST: - X509_NAME_free(dpn->dpname); + if (dpn->dpname) + X509_NAME_free(dpn->dpname); break; } return 1; @@ -368,7 +421,7 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *name, *val; int i, ret; idp = ISSUING_DIST_POINT_new(); - if (idp == NULL) + if (!idp) goto merr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); @@ -379,19 +432,19 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (strcmp(name, "onlyuser") == 0) { + if (!strcmp(name, "onlyuser")) { if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) goto err; - } else if (strcmp(name, "onlyCA") == 0) { + } else if (!strcmp(name, "onlyCA")) { if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) goto err; - } else if (strcmp(name, "onlyAA") == 0) { + } else if (!strcmp(name, "onlyAA")) { if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) goto err; - } else if (strcmp(name, "indirectCRL") == 0) { + } else if (!strcmp(name, "indirectCRL")) { if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) goto err; - } else if (strcmp(name, "onlysomereasons") == 0) { + } else if (!strcmp(name, "onlysomereasons")) { if (!set_reasons(&idp->onlysomereasons, val)) goto err; } else { diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c index f39cb5ac..7678664f 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c @@ -1,16 +1,65 @@ +/* v3_enum.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509v3.h> -#include "ext_dat.h" static ENUMERATED_NAMES crl_reasons[] = { {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, @@ -38,16 +87,14 @@ const X509V3_EXT_METHOD v3_crl_reason = { crl_reasons }; -char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, - const ASN1_ENUMERATED *e) +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *e) { ENUMERATED_NAMES *enam; long strval; - strval = ASN1_ENUMERATED_get(e); for (enam = method->usr_data; enam->lname; enam++) { if (strval == enam->bitnum) - return OPENSSL_strdup(enam->lname); + return BUF_strdup(enam->lname); } return i2s_ASN1_ENUMERATED(method, e); } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c index bae755e3..6092c2e4 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c @@ -1,18 +1,67 @@ +/* v3_extku.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, @@ -76,7 +125,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, CONF_VALUE *val; int i; - if ((extku = sk_ASN1_OBJECT_new_null()) == NULL) { + if (!(extku = sk_ASN1_OBJECT_new_null())) { X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE); return NULL; } @@ -87,7 +136,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, extval = val->value; else extval = val->name; - if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { + if (!(objtmp = OBJ_txt2obj(extval, 0))) { sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, X509V3_R_INVALID_OBJECT_IDENTIFIER); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c index 8d119974..7f40bfab 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c @@ -1,14 +1,64 @@ +/* v3_genn.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> @@ -179,7 +229,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, { OTHERNAME *oth; oth = OTHERNAME_new(); - if (oth == NULL) + if (!oth) return 0; oth->type_id = oid; oth->value = value; diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c index c1170d46..c170a55f 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c @@ -1,20 +1,73 @@ +/* v3_ia5.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1.h> #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" -const X509V3_EXT_METHOD v3_ns_ia5_list[8] = { +static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + ASN1_IA5STRING *ia5); +static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *str); +const X509V3_EXT_METHOD v3_ns_ia5_list[] = { EXT_IA5STRING(NID_netscape_base_url), EXT_IA5STRING(NID_netscape_revocation_url), EXT_IA5STRING(NID_netscape_ca_revocation_url), @@ -25,13 +78,13 @@ const X509V3_EXT_METHOD v3_ns_ia5_list[8] = { EXT_END }; -char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5) +static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + ASN1_IA5STRING *ia5) { char *tmp; - if (!ia5 || !ia5->length) return NULL; - if ((tmp = OPENSSL_malloc(ia5->length + 1)) == NULL) { + if (!(tmp = OPENSSL_malloc(ia5->length + 1))) { X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE); return NULL; } @@ -40,8 +93,8 @@ char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5) return tmp; } -ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str) +static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *str) { ASN1_IA5STRING *ia5; if (!str) { @@ -49,11 +102,12 @@ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_R_INVALID_NULL_ARGUMENT); return NULL; } - if ((ia5 = ASN1_IA5STRING_new()) == NULL) + if (!(ia5 = M_ASN1_IA5STRING_new())) + goto err; + if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str, + strlen(str))) { + M_ASN1_IA5STRING_free(ia5); goto err; - if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) { - ASN1_IA5STRING_free(ia5); - return NULL; } #ifdef CHARSET_EBCDIC ebcdic2ascii(ia5->data, ia5->data, ia5->length); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c index 61ef2138..e052a34b 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c @@ -1,19 +1,68 @@ +/* v3_info.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS @@ -76,14 +125,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); nlen = strlen(objtmp) + strlen(vtmp->name) + 5; ntmp = OPENSSL_malloc(nlen); - if (ntmp == NULL) { + if (!ntmp) { X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); return NULL; } - OPENSSL_strlcpy(ntmp, objtmp, nlen); - OPENSSL_strlcat(ntmp, " - ", nlen); - OPENSSL_strlcat(ntmp, vtmp->name, nlen); + BUF_strlcpy(ntmp, objtmp, nlen); + BUF_strlcat(ntmp, " - ", nlen); + BUF_strlcat(ntmp, vtmp->name, nlen); OPENSSL_free(vtmp->name); vtmp->name = ntmp; @@ -104,14 +153,13 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD ACCESS_DESCRIPTION *acc; int i, objlen; char *objtmp, *ptmp; - - if ((ainfo = sk_ACCESS_DESCRIPTION_new_null()) == NULL) { + if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if ((acc = ACCESS_DESCRIPTION_new()) == NULL + if (!(acc = ACCESS_DESCRIPTION_new()) || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); @@ -128,11 +176,13 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD ctmp.value = cnf->value; if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) goto err; - if ((objtmp = OPENSSL_strndup(cnf->name, objlen)) == NULL) { + if (!(objtmp = OPENSSL_malloc(objlen + 1))) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); goto err; } + strncpy(objtmp, cnf->name, objlen); + objtmp[objlen] = 0; acc->method = OBJ_txt2obj(objtmp, 0); if (!acc->method) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, @@ -150,8 +200,11 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD return NULL; } -int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a) +int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a) { i2a_ASN1_OBJECT(bp, a->method); +#ifdef UNDEF + i2a_GENERAL_NAME(bp, a->location); +#endif return 2; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c index 690c90e8..8bfdb37e 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c @@ -1,16 +1,65 @@ +/* v3_int.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509v3.h> -#include "ext_dat.h" const X509V3_EXT_METHOD v3_crl_num = { NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), @@ -29,7 +78,7 @@ const X509V3_EXT_METHOD v3_delta_crl = { }; static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, - const char *value) + char *value) { return s2i_ASN1_INTEGER(meth, value); } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c index a3ca720f..8350429a 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c @@ -1,16 +1,65 @@ +/* v3_lib.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ - /* X509 v3 extension utilities */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> @@ -24,8 +73,7 @@ static void ext_list_free(X509V3_EXT_METHOD *ext); int X509V3_EXT_add(X509V3_EXT_METHOD *ext) { - if (ext_list == NULL - && (ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp)) == NULL) { + if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE); return 0; } @@ -47,74 +95,6 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *, ext); -/* - * This table will be searched using OBJ_bsearch so it *must* kept in order - * of the ext_nid values. - */ - -static const X509V3_EXT_METHOD *standard_exts[] = { - &v3_nscert, - &v3_ns_ia5_list[0], - &v3_ns_ia5_list[1], - &v3_ns_ia5_list[2], - &v3_ns_ia5_list[3], - &v3_ns_ia5_list[4], - &v3_ns_ia5_list[5], - &v3_ns_ia5_list[6], - &v3_skey_id, - &v3_key_usage, - &v3_pkey_usage_period, - &v3_alt[0], - &v3_alt[1], - &v3_bcons, - &v3_crl_num, - &v3_cpols, - &v3_akey_id, - &v3_crld, - &v3_ext_ku, - &v3_delta_crl, - &v3_crl_reason, -#ifndef OPENSSL_NO_OCSP - &v3_crl_invdate, -#endif - &v3_sxnet, - &v3_info, -#ifndef OPENSSL_NO_RFC3779 - &v3_addr, - &v3_asid, -#endif -#ifndef OPENSSL_NO_OCSP - &v3_ocsp_nonce, - &v3_ocsp_crlid, - &v3_ocsp_accresp, - &v3_ocsp_nocheck, - &v3_ocsp_acutoff, - &v3_ocsp_serviceloc, -#endif - &v3_sinfo, - &v3_policy_constraints, -#ifndef OPENSSL_NO_OCSP - &v3_crl_hold, -#endif - &v3_pci, - &v3_name_constraints, - &v3_policy_mappings, - &v3_inhibit_anyp, - &v3_idp, - &v3_alt[2], - &v3_freshest_crl, -#ifndef OPENSSL_NO_CT - &v3_ct_scts[0], - &v3_ct_scts[1], - &v3_ct_scts[2], -#endif - &v3_tls_feature, -}; - -/* Number of standard extensions */ - -#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) - const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) { X509V3_EXT_METHOD tmp; @@ -137,11 +117,33 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) { int nid; - if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef) + if ((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL; return X509V3_EXT_get_nid(nid); } +int X509V3_EXT_free(int nid, void *ext_data) +{ + const X509V3_EXT_METHOD *ext_method = X509V3_EXT_get_nid(nid); + if (ext_method == NULL) { + X509V3err(X509V3_F_X509V3_EXT_FREE, + X509V3_R_CANNOT_FIND_FREE_FUNCTION); + return 0; + } + + if (ext_method->it != NULL) + ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it)); + else if (ext_method->ext_free != NULL) + ext_method->ext_free(ext_data); + else { + X509V3err(X509V3_F_X509V3_EXT_FREE, + X509V3_R_CANNOT_FIND_FREE_FUNCTION); + return 0; + } + + return 1; +} + int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) { for (; extlist->ext_nid != -1; extlist++) @@ -155,11 +157,14 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from) const X509V3_EXT_METHOD *ext; X509V3_EXT_METHOD *tmpext; - if ((ext = X509V3_EXT_get_nid(nid_from)) == NULL) { - X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, X509V3_R_EXTENSION_NOT_FOUND); + if (!(ext = X509V3_EXT_get_nid(nid_from))) { + X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, + X509V3_R_EXTENSION_NOT_FOUND); return 0; } - if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL) { + if (! + (tmpext = + (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE); return 0; } @@ -197,17 +202,14 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) { const X509V3_EXT_METHOD *method; const unsigned char *p; - ASN1_STRING *extvalue; - int extlen; - if ((method = X509V3_EXT_get(ext)) == NULL) + if (!(method = X509V3_EXT_get(ext))) return NULL; - extvalue = X509_EXTENSION_get_data(ext); - p = ASN1_STRING_get0_data(extvalue); - extlen = ASN1_STRING_length(extvalue); + p = ext->value->data; if (method->it) - return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); - return method->d2i(NULL, &p, extlen); + return ASN1_item_d2i(NULL, &p, ext->value->length, + ASN1_ITEM_ptr(method->it)); + return method->d2i(NULL, &p, ext->value->length); } /*- @@ -226,7 +228,7 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) * -2 extension occurs more than once. */ -void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, +void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) { int lastpos, i; @@ -246,7 +248,7 @@ void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, lastpos = 0; for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) { ex = sk_X509_EXTENSION_value(x, i); - if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == nid) { + if (OBJ_obj2nid(ex->object) == nid) { if (idx) { *idx = i; found_ex = ex; @@ -345,8 +347,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, return 1; } - if (*x == NULL - && (*x = sk_X509_EXTENSION_new_null()) == NULL) + if (!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1; if (!sk_X509_EXTENSION_push(*x, ext)) return -1; @@ -358,3 +359,5 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); return 0; } + +IMPLEMENT_STACK_OF(X509V3_EXT_METHOD) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c index 9b3bb128..28552696 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c @@ -1,22 +1,68 @@ +/* v3_ncons.c */ /* - * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" -#include "internal/asn1_int.h" +#include "cryptlib.h" #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" -#include "ext_dat.h" - static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); @@ -24,7 +70,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind); static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, - int ind, const char *name); + int ind, char *name); static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); @@ -33,7 +79,6 @@ static int nc_dn(X509_NAME *sub, X509_NAME *nm); static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); -static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base); const X509V3_EXT_METHOD v3_name_constraints = { NID_name_constraints, 0, @@ -70,16 +115,15 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, STACK_OF(GENERAL_SUBTREE) **ptree = NULL; NAME_CONSTRAINTS *ncons = NULL; GENERAL_SUBTREE *sub = NULL; - ncons = NAME_CONSTRAINTS_new(); - if (ncons == NULL) + if (!ncons) goto memerr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - if (strncmp(val->name, "permitted", 9) == 0 && val->name[9]) { + if (!strncmp(val->name, "permitted", 9) && val->name[9]) { ptree = &ncons->permittedSubtrees; tval.name = val->name + 10; - } else if (strncmp(val->name, "excluded", 8) == 0 && val->name[8]) { + } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) { ptree = &ncons->excludedSubtrees; tval.name = val->name + 9; } else { @@ -92,9 +136,9 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, goto memerr; if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) goto err; - if (*ptree == NULL) + if (!*ptree) *ptree = sk_GENERAL_SUBTREE_new_null(); - if (*ptree == NULL || !sk_GENERAL_SUBTREE_push(*ptree, sub)) + if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) goto memerr; sub = NULL; } @@ -104,8 +148,10 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, memerr: X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); err: - NAME_CONSTRAINTS_free(ncons); - GENERAL_SUBTREE_free(sub); + if (ncons) + NAME_CONSTRAINTS_free(ncons); + if (sub) + GENERAL_SUBTREE_free(sub); return NULL; } @@ -123,7 +169,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, const char *name) + BIO *bp, int ind, char *name) { GENERAL_SUBTREE *tree; int i; @@ -199,8 +245,7 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) /* Process any email address attributes in subject name */ for (i = -1;;) { - const X509_NAME_ENTRY *ne; - + X509_NAME_ENTRY *ne; i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i); if (i == -1) break; @@ -228,51 +273,6 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) } -int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc) -{ - int r, i; - X509_NAME *nm; - - ASN1_STRING stmp; - GENERAL_NAME gntmp; - stmp.flags = 0; - stmp.type = V_ASN1_IA5STRING; - gntmp.type = GEN_DNS; - gntmp.d.dNSName = &stmp; - - nm = X509_get_subject_name(x); - - /* Process any commonName attributes in subject name */ - - for (i = -1;;) { - X509_NAME_ENTRY *ne; - ASN1_STRING *hn; - i = X509_NAME_get_index_by_NID(nm, NID_commonName, i); - if (i == -1) - break; - ne = X509_NAME_get_entry(nm, i); - hn = X509_NAME_ENTRY_get_data(ne); - /* Only process attributes that look like host names */ - if (asn1_valid_host(hn)) { - unsigned char *h; - int hlen = ASN1_STRING_to_UTF8(&h, hn); - if (hlen <= 0) - return X509_V_ERR_OUT_OF_MEM; - - stmp.length = hlen; - stmp.data = h; - - r = nc_match(&gntmp, nc); - - OPENSSL_free(h); - - if (r != X509_V_OK) - return r; - } - } - return X509_V_OK; -} - static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) { GENERAL_SUBTREE *sub; @@ -341,9 +341,6 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) return nc_uri(gen->d.uniformResourceIdentifier, base->d.uniformResourceIdentifier); - case GEN_IPADD: - return nc_ip(gen->d.iPAddress, base->d.iPAddress); - default: return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; } @@ -403,11 +400,11 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) const char *emlat = strchr(emlptr, '@'); if (!emlat) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - /* Special case: initial '.' is RHS match */ + /* Special case: inital '.' is RHS match */ if (!baseat && (*baseptr == '.')) { if (eml->length > base->length) { emlptr += eml->length - base->length; - if (strcasecmp(baseptr, emlptr) == 0) + if (!strcasecmp(baseptr, emlptr)) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -463,11 +460,11 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) if (hostlen == 0) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - /* Special case: initial '.' is RHS match */ + /* Special case: inital '.' is RHS match */ if (*baseptr == '.') { if (hostlen > base->length) { p = hostptr + hostlen - base->length; - if (strncasecmp(p, baseptr, base->length) == 0) + if (!strncasecmp(p, baseptr, base->length)) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -480,34 +477,3 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) return X509_V_OK; } - -static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base) -{ - int hostlen, baselen, i; - unsigned char *hostptr, *baseptr, *maskptr; - hostptr = ip->data; - hostlen = ip->length; - baseptr = base->data; - baselen = base->length; - - /* Invalid if not IPv4 or IPv6 */ - if (!((hostlen == 4) || (hostlen == 16))) - return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - if (!((baselen == 8) || (baselen == 32))) - return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - - /* Do not match IPv4 with IPv6 */ - if (hostlen * 2 != baselen) - return X509_V_ERR_PERMITTED_VIOLATION; - - maskptr = base->data + hostlen; - - /* Considering possible not aligned base ipAddress */ - /* Not checking for wrong mask definition: i.e.: 255.0.255.0 */ - for (i = 0; i < hostlen; i++) - if ((hostptr[i] & maskptr[i]) != (baseptr[i] & maskptr[i])) - return X509_V_ERR_PERMITTED_VIOLATION; - - return X509_V_OK; - -} diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c new file mode 100644 index 00000000..b151eacc --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c @@ -0,0 +1,312 @@ +/* v3_ocsp.c */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef OPENSSL_NO_OCSP + +# include <stdio.h> +# include "cryptlib.h" +# include <openssl/conf.h> +# include <openssl/asn1.h> +# include <openssl/ocsp.h> +# include <openssl/x509v3.h> + +/* + * OCSP extensions and a couple of CRL entry extensions + */ + +static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); +static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); +static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, + int indent); + +static void *ocsp_nonce_new(void); +static int i2d_ocsp_nonce(void *a, unsigned char **pp); +static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); +static void ocsp_nonce_free(void *a); +static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); + +static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, + void *nocheck, BIO *out, int indent); +static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); +static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, + BIO *bp, int ind); + +const X509V3_EXT_METHOD v3_ocsp_crlid = { + NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_crlid, 0, + NULL +}; + +const X509V3_EXT_METHOD v3_ocsp_acutoff = { + NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_acutoff, 0, + NULL +}; + +const X509V3_EXT_METHOD v3_crl_invdate = { + NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_acutoff, 0, + NULL +}; + +const X509V3_EXT_METHOD v3_crl_hold = { + NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_object, 0, + NULL +}; + +const X509V3_EXT_METHOD v3_ocsp_nonce = { + NID_id_pkix_OCSP_Nonce, 0, NULL, + ocsp_nonce_new, + ocsp_nonce_free, + d2i_ocsp_nonce, + i2d_ocsp_nonce, + 0, 0, + 0, 0, + i2r_ocsp_nonce, 0, + NULL +}; + +const X509V3_EXT_METHOD v3_ocsp_nocheck = { + NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), + 0, 0, 0, 0, + 0, s2i_ocsp_nocheck, + 0, 0, + i2r_ocsp_nocheck, 0, + NULL +}; + +const X509V3_EXT_METHOD v3_ocsp_serviceloc = { + NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_serviceloc, 0, + NULL +}; + +static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, + int ind) +{ + OCSP_CRLID *a = in; + if (a->crlUrl) { + if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) + goto err; + if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (a->crlNum) { + if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) + goto err; + if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (a->crlTime) { + if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) + goto err; + if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + return 1; + err: + return 0; +} + +static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, + BIO *bp, int ind) +{ + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; + if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) + return 0; + return 1; +} + +static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, + int ind) +{ + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; + if (i2a_ASN1_OBJECT(bp, oid) <= 0) + return 0; + return 1; +} + +/* + * OCSP nonce. This is needs special treatment because it doesn't have an + * ASN1 encoding at all: it just contains arbitrary data. + */ + +static void *ocsp_nonce_new(void) +{ + return ASN1_OCTET_STRING_new(); +} + +static int i2d_ocsp_nonce(void *a, unsigned char **pp) +{ + ASN1_OCTET_STRING *os = a; + if (pp) { + memcpy(*pp, os->data, os->length); + *pp += os->length; + } + return os->length; +} + +static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) +{ + ASN1_OCTET_STRING *os, **pos; + pos = a; + if (!pos || !*pos) + os = ASN1_OCTET_STRING_new(); + else + os = *pos; + if (!ASN1_OCTET_STRING_set(os, *pp, length)) + goto err; + + *pp += length; + + if (pos) + *pos = os; + return os; + + err: + if (os && (!pos || (*pos != os))) + M_ASN1_OCTET_STRING_free(os); + OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); + return NULL; +} + +static void ocsp_nonce_free(void *a) +{ + M_ASN1_OCTET_STRING_free(a); +} + +static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent) +{ + if (BIO_printf(out, "%*s", indent, "") <= 0) + return 0; + if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) + return 0; + return 1; +} + +/* Nocheck is just a single NULL. Don't print anything and always set it */ + +static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, + BIO *out, int indent) +{ + return 1; +} + +static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str) +{ + return ASN1_NULL_new(); +} + +static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, + BIO *bp, int ind) +{ + int i; + OCSP_SERVICELOC *a = in; + ACCESS_DESCRIPTION *ad; + + if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) + goto err; + if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) + goto err; + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { + ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); + if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) + goto err; + if (BIO_puts(bp, " - ") <= 0) + goto err; + if (GENERAL_NAME_print(bp, ad->location) <= 0) + goto err; + } + return 1; + err: + return 0; +} +#endif diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c index 2c05edb8..12f12a76 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c @@ -1,12 +1,8 @@ +/* v3_pci.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * Contributed to the OpenSSL Project 2004 by Richard Levitte + * (richard@levitte.org) */ - /* Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. @@ -40,10 +36,9 @@ */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, BIO *out, int indent); @@ -91,7 +86,7 @@ static int process_pci_value(CONF_VALUE *val, X509V3_conf_err(val); return 0; } - if ((*language = OBJ_txt2obj(val->value, 0)) == NULL) { + if (!(*language = OBJ_txt2obj(val->value, 0))) { X509V3err(X509V3_F_PROCESS_PCI_VALUE, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); @@ -115,7 +110,7 @@ static int process_pci_value(CONF_VALUE *val, long val_len; if (!*policy) { *policy = ASN1_OCTET_STRING_new(); - if (*policy == NULL) { + if (!*policy) { X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); X509V3_conf_err(val); return 0; @@ -124,9 +119,11 @@ static int process_pci_value(CONF_VALUE *val, } if (strncmp(val->value, "hex:", 4) == 0) { unsigned char *tmp_data2 = - OPENSSL_hexstr2buf(val->value + 4, &val_len); + string_to_hex(val->value + 4, &val_len); if (!tmp_data2) { + X509V3err(X509V3_F_PROCESS_PCI_VALUE, + X509V3_R_ILLEGAL_HEX_DIGIT); X509V3_conf_err(val); goto err; } @@ -145,7 +142,6 @@ static int process_pci_value(CONF_VALUE *val, * realloc failure implies the original data space is b0rked * too! */ - OPENSSL_free((*policy)->data); (*policy)->data = NULL; (*policy)->length = 0; X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); @@ -153,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val, goto err; } OPENSSL_free(tmp_data2); +#ifndef OPENSSL_NO_STDIO } else if (strncmp(val->value, "file:", 5) == 0) { unsigned char buf[2048]; int n; @@ -170,16 +167,8 @@ static int process_pci_value(CONF_VALUE *val, tmp_data = OPENSSL_realloc((*policy)->data, (*policy)->length + n + 1); - if (!tmp_data) { - OPENSSL_free((*policy)->data); - (*policy)->data = NULL; - (*policy)->length = 0; - X509V3err(X509V3_F_PROCESS_PCI_VALUE, - ERR_R_MALLOC_FAILURE); - X509V3_conf_err(val); - BIO_free_all(b); - goto err; - } + if (!tmp_data) + break; (*policy)->data = tmp_data; memcpy(&(*policy)->data[(*policy)->length], buf, n); @@ -193,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val, X509V3_conf_err(val); goto err; } +#endif /* !OPENSSL_NO_STDIO */ } else if (strncmp(val->value, "text:", 5) == 0) { val_len = strlen(val->value + 5); tmp_data = OPENSSL_realloc((*policy)->data, @@ -208,7 +198,6 @@ static int process_pci_value(CONF_VALUE *val, * realloc failure implies the original data space is b0rked * too! */ - OPENSSL_free((*policy)->data); (*policy)->data = NULL; (*policy)->length = 0; X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); @@ -295,7 +284,7 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, } pci = PROXY_CERT_INFO_EXTENSION_new(); - if (pci == NULL) { + if (!pci) { X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE); goto err; } @@ -308,13 +297,22 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, pathlen = NULL; goto end; err: - ASN1_OBJECT_free(language); - ASN1_INTEGER_free(pathlen); - pathlen = NULL; - ASN1_OCTET_STRING_free(policy); - policy = NULL; - PROXY_CERT_INFO_EXTENSION_free(pci); - pci = NULL; + if (language) { + ASN1_OBJECT_free(language); + language = NULL; + } + if (pathlen) { + ASN1_INTEGER_free(pathlen); + pathlen = NULL; + } + if (policy) { + ASN1_OCTET_STRING_free(policy); + policy = NULL; + } + if (pci) { + PROXY_CERT_INFO_EXTENSION_free(pci); + pci = NULL; + } end: sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pci; diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c index e6f7a917..e53c82e8 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c @@ -1,12 +1,8 @@ +/* v3_pcia.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * Contributed to the OpenSSL Project 2004 by Richard Levitte + * (richard@levitte.org) */ - /* Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c index 24f7ff49..cfccb97d 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c @@ -1,19 +1,68 @@ +/* v3_pcons.c */ /* - * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons, STACK_OF(CONF_VALUE) @@ -59,17 +108,16 @@ static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, POLICY_CONSTRAINTS *pcons = NULL; CONF_VALUE *val; int i; - - if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) { + if (!(pcons = POLICY_CONSTRAINTS_new())) { X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(values); i++) { val = sk_CONF_VALUE_value(values, i); - if (strcmp(val->name, "requireExplicitPolicy") == 0) { + if (!strcmp(val->name, "requireExplicitPolicy")) { if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy)) goto err; - } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) { + } else if (!strcmp(val->name, "inhibitPolicyMapping")) { if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping)) goto err; } else { diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c index ed82bca8..dd01c441 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c @@ -1,18 +1,67 @@ +/* v3_pku.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c index 73f4ec24..a168343b 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c @@ -1,18 +1,67 @@ +/* v3_pmaps.c */ /* - * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); @@ -64,13 +113,13 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - POLICY_MAPPINGS *pmaps = NULL; - POLICY_MAPPING *pmap = NULL; - ASN1_OBJECT *obj1 = NULL, *obj2 = NULL; + POLICY_MAPPINGS *pmaps; + POLICY_MAPPING *pmap; + ASN1_OBJECT *obj1, *obj2; CONF_VALUE *val; int i; - if ((pmaps = sk_POLICY_MAPPING_new_null()) == NULL) { + if (!(pmaps = sk_POLICY_MAPPING_new_null())) { X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); return NULL; } @@ -78,33 +127,30 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); if (!val->value || !val->name) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); - goto err; + return NULL; } obj1 = OBJ_txt2obj(val->name, 0); obj2 = OBJ_txt2obj(val->value, 0); if (!obj1 || !obj2) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); - goto err; + return NULL; } pmap = POLICY_MAPPING_new(); - if (pmap == NULL) { + if (!pmap) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); - goto err; + return NULL; } pmap->issuerDomainPolicy = obj1; pmap->subjectDomainPolicy = obj2; - obj1 = obj2 = NULL; sk_POLICY_MAPPING_push(pmaps, pmap); } return pmaps; - err: - ASN1_OBJECT_free(obj1); - ASN1_OBJECT_free(obj2); - sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); - return NULL; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c index f384c342..acc9c6d9 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c @@ -1,22 +1,71 @@ +/* v3_prn.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ - /* X509 v3 extension utilities */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> /* Extension printing routines */ -static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, +static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported); /* Print out a name+value stack */ @@ -52,7 +101,7 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, char *tmp; len = strlen(nval->value) + 1; tmp = OPENSSL_malloc(len); - if (tmp != NULL) { + if (tmp) { ascii2ebcdic(tmp, nval->value, len); BIO_printf(out, "%s:%s", nval->name, tmp); OPENSSL_free(tmp); @@ -71,29 +120,26 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, { void *ext_str = NULL; char *value = NULL; - ASN1_OCTET_STRING *extoct; const unsigned char *p; - int extlen; const X509V3_EXT_METHOD *method; STACK_OF(CONF_VALUE) *nval = NULL; int ok = 1; - extoct = X509_EXTENSION_get_data(ext); - p = ASN1_STRING_get0_data(extoct); - extlen = ASN1_STRING_length(extoct); - - if ((method = X509V3_EXT_get(ext)) == NULL) - return unknown_ext_print(out, p, extlen, flag, indent, 0); + if (!(method = X509V3_EXT_get(ext))) + return unknown_ext_print(out, ext, flag, indent, 0); + p = ext->value->data; if (method->it) - ext_str = ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); + ext_str = + ASN1_item_d2i(NULL, &p, ext->value->length, + ASN1_ITEM_ptr(method->it)); else - ext_str = method->d2i(NULL, &p, extlen); + ext_str = method->d2i(NULL, &p, ext->value->length); if (!ext_str) - return unknown_ext_print(out, p, extlen, flag, indent, 1); + return unknown_ext_print(out, ext, flag, indent, 1); if (method->i2s) { - if ((value = method->i2s(method, ext_str)) == NULL) { + if (!(value = method->i2s(method, ext_str))) { ok = 0; goto err; } @@ -105,7 +151,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, char *tmp; len = strlen(value) + 1; tmp = OPENSSL_malloc(len); - if (tmp != NULL) { + if (tmp) { ascii2ebcdic(tmp, value, len); BIO_printf(out, "%*s%s", indent, "", tmp); OPENSSL_free(tmp); @@ -113,7 +159,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, } #endif } else if (method->i2v) { - if ((nval = method->i2v(method, ext_str, NULL)) == NULL) { + if (!(nval = method->i2v(method, ext_str, NULL))) { ok = 0; goto err; } @@ -127,7 +173,8 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, err: sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); - OPENSSL_free(value); + if (value) + OPENSSL_free(value); if (method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); else @@ -135,8 +182,8 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, return ok; } -int X509V3_extensions_print(BIO *bp, const char *title, - const STACK_OF(X509_EXTENSION) *exts, +int X509V3_extensions_print(BIO *bp, char *title, + STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent) { int i, j; @@ -162,7 +209,7 @@ int X509V3_extensions_print(BIO *bp, const char *title, return 0; if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) { BIO_printf(bp, "%*s", indent + 4, ""); - ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex)); + M_ASN1_OCTET_STRING_print(bp, ex->value); } if (BIO_write(bp, "\n", 1) <= 0) return 0; @@ -170,7 +217,7 @@ int X509V3_extensions_print(BIO *bp, const char *title, return 1; } -static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, +static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported) { switch (flag & X509V3_EXT_UNKNOWN_MASK) { @@ -186,22 +233,24 @@ static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, return 1; case X509V3_EXT_PARSE_UNKNOWN: - return ASN1_parse_dump(out, ext, extlen, indent, -1); + return ASN1_parse_dump(out, + ext->value->data, ext->value->length, indent, + -1); case X509V3_EXT_DUMP_UNKNOWN: - return BIO_dump_indent(out, (const char *)ext, extlen, indent); + return BIO_dump_indent(out, (char *)ext->value->data, + ext->value->length, indent); default: return 1; } } -#ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_FP_API int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) { BIO *bio_tmp; int ret; - - if ((bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) + if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0; ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); BIO_free(bio_tmp); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c index 451e7f87..845be673 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c @@ -1,18 +1,66 @@ +/* v3_purp.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2001. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" -#include "internal/numbers.h" +#include "cryptlib.h" #include <openssl/x509v3.h> #include <openssl/x509_vfy.h> -#include "internal/x509_int.h" static void x509v3_cache_extensions(X509 *x); @@ -60,7 +108,9 @@ static X509_PURPOSE xstandard[] = { NULL}, }; -#define X509_PURPOSE_COUNT OSSL_NELEM(xstandard) +#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) + +IMPLEMENT_STACK_OF(X509_PURPOSE) static STACK_OF(X509_PURPOSE) *xptable = NULL; @@ -79,11 +129,10 @@ int X509_check_purpose(X509 *x, int id, int ca) int idx; const X509_PURPOSE *pt; if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_THREAD_write_lock(x->lock); + CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(x); - CRYPTO_THREAD_unlock(x->lock); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); } - /* Return if side-effect only call */ if (id == -1) return 1; idx = X509_PURPOSE_get_by_id(id); @@ -119,13 +168,13 @@ X509_PURPOSE *X509_PURPOSE_get0(int idx) return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); } -int X509_PURPOSE_get_by_sname(const char *sname) +int X509_PURPOSE_get_by_sname(char *sname) { int i; X509_PURPOSE *xptmp; for (i = 0; i < X509_PURPOSE_get_count(); i++) { xptmp = X509_PURPOSE_get0(i); - if (strcmp(xptmp->sname, sname) == 0) + if (!strcmp(xptmp->sname, sname)) return i; } return -1; @@ -148,7 +197,7 @@ int X509_PURPOSE_get_by_id(int purpose) int X509_PURPOSE_add(int id, int trust, int flags, int (*ck) (const X509_PURPOSE *, const X509 *, int), - const char *name, const char *sname, void *arg) + char *name, char *sname, void *arg) { int idx; X509_PURPOSE *ptmp; @@ -162,7 +211,7 @@ int X509_PURPOSE_add(int id, int trust, int flags, idx = X509_PURPOSE_get_by_id(id); /* Need a new entry */ if (idx == -1) { - if ((ptmp = OPENSSL_malloc(sizeof(*ptmp))) == NULL) { + if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); return 0; } @@ -176,11 +225,11 @@ int X509_PURPOSE_add(int id, int trust, int flags, OPENSSL_free(ptmp->sname); } /* dup supplied name */ - ptmp->name = OPENSSL_strdup(name); - ptmp->sname = OPENSSL_strdup(sname); + ptmp->name = BUF_strdup(name); + ptmp->sname = BUF_strdup(sname); if (!ptmp->name || !ptmp->sname) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); - goto err; + return 0; } /* Keep the dynamic flag of existing entry */ ptmp->flags &= X509_PURPOSE_DYNAMIC; @@ -194,24 +243,16 @@ int X509_PURPOSE_add(int id, int trust, int flags, /* If its a new entry manage the dynamic table */ if (idx == -1) { - if (xptable == NULL - && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) { + if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); - goto err; + return 0; } if (!sk_X509_PURPOSE_push(xptable, ptmp)) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); - goto err; + return 0; } } return 1; - err: - if (idx == -1) { - OPENSSL_free(ptmp->name); - OPENSSL_free(ptmp->sname); - OPENSSL_free(ptmp); - } - return 0; } static void xptable_free(X509_PURPOSE *p) @@ -229,26 +270,29 @@ static void xptable_free(X509_PURPOSE *p) void X509_PURPOSE_cleanup(void) { + unsigned int i; sk_X509_PURPOSE_pop_free(xptable, xptable_free); + for (i = 0; i < X509_PURPOSE_COUNT; i++) + xptable_free(xstandard + i); xptable = NULL; } -int X509_PURPOSE_get_id(const X509_PURPOSE *xp) +int X509_PURPOSE_get_id(X509_PURPOSE *xp) { return xp->purpose; } -char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp) +char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) { return xp->name; } -char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) +char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) { return xp->sname; } -int X509_PURPOSE_get_trust(const X509_PURPOSE *xp) +int X509_PURPOSE_get_trust(X509_PURPOSE *xp) { return xp->trust; } @@ -294,7 +338,8 @@ int X509_supported_extension(X509_EXTENSION *ex) if (ex_nid == NID_undef) return 0; - if (OBJ_bsearch_nid(&ex_nid, supported_nids, OSSL_NELEM(supported_nids))) + if (OBJ_bsearch_nid(&ex_nid, supported_nids, + sizeof(supported_nids) / sizeof(int))) return 1; return 0; } @@ -355,7 +400,9 @@ static void x509v3_cache_extensions(X509 *x) int i; if (x->ex_flags & EXFLAG_SET) return; +#ifndef OPENSSL_NO_SHA X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); +#endif /* V1 should mean no extensions ... */ if (!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; @@ -528,22 +575,12 @@ static int check_ca(const X509 *x) } } -void X509_set_proxy_flag(X509 *x) -{ - x->ex_flags |= EXFLAG_PROXY; -} - -void X509_set_proxy_pathlen(X509 *x, long l) -{ - x->ex_pcpathlen = l; -} - int X509_check_ca(X509 *x) { if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_THREAD_write_lock(x->lock); + CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(x); - CRYPTO_THREAD_unlock(x->lock); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); } return check_ca(x); @@ -725,7 +762,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, return 0; /* Extended Key Usage MUST be critical */ - i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1); + i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1); if (i_ext >= 0) { X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext); if (!X509_EXTENSION_get_critical(ext)) @@ -813,53 +850,3 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) } return X509_V_OK; } - -uint32_t X509_get_extension_flags(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); - return x->ex_flags; -} - -uint32_t X509_get_key_usage(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); - if (x->ex_flags & EXFLAG_KUSAGE) - return x->ex_kusage; - return UINT32_MAX; -} - -uint32_t X509_get_extended_key_usage(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); - if (x->ex_flags & EXFLAG_XKUSAGE) - return x->ex_xkusage; - return UINT32_MAX; -} - -const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); - return x->skid; -} - -long X509_get_pathlen(X509 *x) -{ - /* Called for side effect of caching extensions */ - if (X509_check_purpose(x, -1, -1) != 1 - || (x->ex_flags & EXFLAG_BCONS) == 0) - return -1; - return x->ex_pathlen; -} - -long X509_get_proxy_pathlen(X509 *x) -{ - /* Called for side effect of caching extensions */ - if (X509_check_purpose(x, -1, -1) != 1 - || (x->ex_flags & EXFLAG_PROXY) == 0) - return -1; - return x->ex_pcpathlen; -} diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c index 39597dc4..1cede047 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c @@ -1,17 +1,65 @@ +/* v3_skey.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509v3.h> -#include "internal/x509_int.h" -#include "ext_dat.h" static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); @@ -24,25 +72,24 @@ const X509V3_EXT_METHOD v3_skey_id = { NULL }; -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - const ASN1_OCTET_STRING *oct) +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) { - return OPENSSL_buf2hexstr(oct->data, oct->length); + return hex_to_string(oct->data, oct->length); } ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str) + X509V3_CTX *ctx, char *str) { ASN1_OCTET_STRING *oct; long length; - if ((oct = ASN1_OCTET_STRING_new()) == NULL) { + if (!(oct = M_ASN1_OCTET_STRING_new())) { X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); return NULL; } - if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) { - ASN1_OCTET_STRING_free(oct); + if (!(oct->data = string_to_hex(str, &length))) { + M_ASN1_OCTET_STRING_free(oct); return NULL; } @@ -56,16 +103,14 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str) { ASN1_OCTET_STRING *oct; - X509_PUBKEY *pubkey; - const unsigned char *pk; - int pklen; + ASN1_BIT_STRING *pk; unsigned char pkey_dig[EVP_MAX_MD_SIZE]; unsigned int diglen; if (strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); - if ((oct = ASN1_OCTET_STRING_new()) == NULL) { + if (!(oct = M_ASN1_OCTET_STRING_new())) { X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); return NULL; } @@ -79,21 +124,20 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, } if (ctx->subject_req) - pubkey = ctx->subject_req->req_info.pubkey; + pk = ctx->subject_req->req_info->pubkey->public_key; else - pubkey = ctx->subject_cert->cert_info.key; + pk = ctx->subject_cert->cert_info->key->public_key; - if (pubkey == NULL) { + if (!pk) { X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY); goto err; } - X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey); - - if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL)) + if (!EVP_Digest + (pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL)) goto err; - if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { + if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); goto err; } @@ -101,6 +145,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, return oct; err: - ASN1_OCTET_STRING_free(oct); + M_ASN1_OCTET_STRING_free(oct); return NULL; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c index 89cda01b..a4e6a93e 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c @@ -1,19 +1,68 @@ +/* v3_sxnet.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> -#include "ext_dat.h" /* Support for Thawte strong extranet extension */ @@ -68,7 +117,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, tmp = i2s_ASN1_INTEGER(NULL, id->zone); BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); OPENSSL_free(tmp); - ASN1_STRING_print(out, id->user); + M_ASN1_OCTET_STRING_print(out, id->user); } return 1; } @@ -101,11 +150,10 @@ static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, /* Add an id given the zone as an ASCII number */ -int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen) +int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) { - ASN1_INTEGER *izone; - - if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { + ASN1_INTEGER *izone = NULL; + if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); return 0; } @@ -114,15 +162,13 @@ int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userle /* Add an id given the zone as an unsigned long */ -int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen) { - ASN1_INTEGER *izone; - - if ((izone = ASN1_INTEGER_new()) == NULL - || !ASN1_INTEGER_set(izone, lzone)) { + ASN1_INTEGER *izone = NULL; + if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE); - ASN1_INTEGER_free(izone); + M_ASN1_INTEGER_free(izone); return 0; } return SXNET_add_id_INTEGER(psx, izone, user, userlen); @@ -134,7 +180,7 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, * passed integer and doesn't make a copy so don't free it up afterwards. */ -int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, int userlen) { SXNET *sx = NULL; @@ -150,8 +196,8 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG); return 0; } - if (*psx == NULL) { - if ((sx = SXNET_new()) == NULL) + if (!*psx) { + if (!(sx = SXNET_new())) goto err; if (!ASN1_INTEGER_set(sx->version, 0)) goto err; @@ -163,12 +209,12 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, return 0; } - if ((id = SXNETID_new()) == NULL) + if (!(id = SXNETID_new())) goto err; if (userlen == -1) userlen = strlen(user); - if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen)) + if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; if (!sk_SXNETID_push(sx->ids, id)) goto err; @@ -183,33 +229,30 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, return 0; } -ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone) +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) { - ASN1_INTEGER *izone; + ASN1_INTEGER *izone = NULL; ASN1_OCTET_STRING *oct; - - if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { + if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); return NULL; } oct = SXNET_get_id_INTEGER(sx, izone); - ASN1_INTEGER_free(izone); + M_ASN1_INTEGER_free(izone); return oct; } ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) { - ASN1_INTEGER *izone; + ASN1_INTEGER *izone = NULL; ASN1_OCTET_STRING *oct; - - if ((izone = ASN1_INTEGER_new()) == NULL - || !ASN1_INTEGER_set(izone, lzone)) { + if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE); - ASN1_INTEGER_free(izone); + M_ASN1_INTEGER_free(izone); return NULL; } oct = SXNET_get_id_INTEGER(sx, izone); - ASN1_INTEGER_free(izone); + M_ASN1_INTEGER_free(izone); return oct; } @@ -219,8 +262,12 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) int i; for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); - if (!ASN1_INTEGER_cmp(id->zone, zone)) + if (!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user; } return NULL; } + +IMPLEMENT_STACK_OF(SXNETID) + +IMPLEMENT_ASN1_SET_OF(SXNETID) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c deleted file mode 100644 index fec67243..00000000 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include "internal/cryptlib.h" -#include "internal/o_str.h" -#include <openssl/asn1t.h> -#include <openssl/conf.h> -#include <openssl/x509v3.h> -#include "ext_dat.h" - -static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, - TLS_FEATURE *tls_feature, - STACK_OF(CONF_VALUE) *ext_list); -static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); - -ASN1_ITEM_TEMPLATE(TLS_FEATURE) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER) -static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE) - -IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) - -const X509V3_EXT_METHOD v3_tls_feature = { - NID_tlsfeature, 0, - ASN1_ITEM_ref(TLS_FEATURE), - 0, 0, 0, 0, - 0, 0, - (X509V3_EXT_I2V)i2v_TLS_FEATURE, - (X509V3_EXT_V2I)v2i_TLS_FEATURE, - 0, 0, - NULL -}; - - -typedef struct { - long num; - const char *name; -} TLS_FEATURE_NAME; - -static TLS_FEATURE_NAME tls_feature_tbl[] = { - { 5, "status_request" }, - { 17, "status_request_v2" } -}; - -/* - * i2v_TLS_FEATURE converts the TLS_FEATURE structure tls_feature into the - * STACK_OF(CONF_VALUE) structure ext_list. STACK_OF(CONF_VALUE) is the format - * used by the CONF library to represent a multi-valued extension. ext_list is - * returned. - */ -static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, - TLS_FEATURE *tls_feature, - STACK_OF(CONF_VALUE) *ext_list) -{ - int i; - size_t j; - ASN1_INTEGER *ai; - long tlsextid; - for (i = 0; i < sk_ASN1_INTEGER_num(tls_feature); i++) { - ai = sk_ASN1_INTEGER_value(tls_feature, i); - tlsextid = ASN1_INTEGER_get(ai); - for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) - if (tlsextid == tls_feature_tbl[j].num) - break; - if (j < OSSL_NELEM(tls_feature_tbl)) - X509V3_add_value(NULL, tls_feature_tbl[j].name, &ext_list); - else - X509V3_add_value_int(NULL, ai, &ext_list); - } - return ext_list; -} - -/* - * v2i_TLS_FEATURE converts the multi-valued extension nval into a TLS_FEATURE - * structure, which is returned if the conversion is successful. In case of - * error, NULL is returned. - */ -static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ - TLS_FEATURE *tlsf; - char *extval, *endptr; - ASN1_INTEGER *ai; - CONF_VALUE *val; - int i; - size_t j; - long tlsextid; - - if ((tlsf = sk_ASN1_INTEGER_new_null()) == NULL) { - X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - if (val->value) - extval = val->value; - else - extval = val->name; - - for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) - if (strcasecmp(extval, tls_feature_tbl[j].name) == 0) - break; - if (j < OSSL_NELEM(tls_feature_tbl)) - tlsextid = tls_feature_tbl[j].num; - else { - tlsextid = strtol(extval, &endptr, 10); - if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) || - (tlsextid > 65535)) { - X509V3err(X509V3_F_V2I_TLS_FEATURE, X509V3_R_INVALID_SYNTAX); - X509V3_conf_err(val); - goto err; - } - } - - ai = ASN1_INTEGER_new(); - if (ai == NULL) { - X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); - goto err; - } - ASN1_INTEGER_set(ai, tlsextid); - sk_ASN1_INTEGER_push(tlsf, ai); - } - return tlsf; - - err: - sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free); - return NULL; -} diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c index 7dc9a453..43b9cb9c 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c @@ -1,29 +1,76 @@ +/* v3_utl.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ - /* X509 v3 extension utilities */ #include <stdio.h> #include <ctype.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" #include <openssl/bn.h> -#include "ext_dat.h" static char *strip_spaces(char *name); static int sk_strcmp(const char *const *a, const char *const *b); static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens); static void str_free(OPENSSL_STRING str); -static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email); +static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email); static int ipv4_from_asc(unsigned char *v4, const char *in); static int ipv6_from_asc(unsigned char *v6, const char *in); @@ -37,14 +84,13 @@ int X509V3_add_value(const char *name, const char *value, { CONF_VALUE *vtmp = NULL; char *tname = NULL, *tvalue = NULL; - - if (name && (tname = OPENSSL_strdup(name)) == NULL) + if (name && !(tname = BUF_strdup(name))) goto err; - if (value && (tvalue = OPENSSL_strdup(value)) == NULL) + if (value && !(tvalue = BUF_strdup(value))) goto err; - if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) + if (!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err; - if (*extlist == NULL && (*extlist = sk_CONF_VALUE_new_null()) == NULL) + if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err; vtmp->section = NULL; vtmp->name = tname; @@ -54,9 +100,12 @@ int X509V3_add_value(const char *name, const char *value, return 1; err: X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE); - OPENSSL_free(vtmp); - OPENSSL_free(tname); - OPENSSL_free(tvalue); + if (vtmp) + OPENSSL_free(vtmp); + if (tname) + OPENSSL_free(tname); + if (tvalue) + OPENSSL_free(tvalue); return 0; } @@ -72,9 +121,12 @@ void X509V3_conf_free(CONF_VALUE *conf) { if (!conf) return; - OPENSSL_free(conf->name); - OPENSSL_free(conf->value); - OPENSSL_free(conf->section); + if (conf->name) + OPENSSL_free(conf->name); + if (conf->value) + OPENSSL_free(conf->value); + if (conf->section) + OPENSSL_free(conf->section); OPENSSL_free(conf); } @@ -86,7 +138,7 @@ int X509V3_add_value_bool(const char *name, int asn1_bool, return X509V3_add_value(name, "FALSE", extlist); } -int X509V3_add_value_bool_nf(const char *name, int asn1_bool, +int X509V3_add_value_bool_nf(char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist) { if (asn1_bool) @@ -94,49 +146,43 @@ int X509V3_add_value_bool_nf(const char *name, int asn1_bool, return 1; } -char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a) +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) { BIGNUM *bntmp = NULL; char *strtmp = NULL; - if (!a) return NULL; - if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL - || (strtmp = BN_bn2dec(bntmp)) == NULL) + if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || + !(strtmp = BN_bn2dec(bntmp))) X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; } -char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a) +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) { BIGNUM *bntmp = NULL; char *strtmp = NULL; - if (!a) return NULL; - if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL - || (strtmp = BN_bn2dec(bntmp)) == NULL) + if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || + !(strtmp = BN_bn2dec(bntmp))) X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; } -ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) { BIGNUM *bn = NULL; ASN1_INTEGER *aint; int isneg, ishex; int ret; - if (value == NULL) { + if (!value) { X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE); - return NULL; + return 0; } bn = BN_new(); - if (bn == NULL) { - X509V3err(X509V3_F_S2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); - return NULL; - } if (value[0] == '-') { value++; isneg = 1; @@ -157,7 +203,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) if (!ret || value[ret]) { BN_free(bn); X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR); - return NULL; + return 0; } if (isneg && BN_is_zero(bn)) @@ -168,49 +214,40 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) if (!aint) { X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_TO_ASN1_INTEGER_ERROR); - return NULL; + return 0; } if (isneg) aint->type |= V_ASN1_NEG; return aint; } -int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, +int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, STACK_OF(CONF_VALUE) **extlist) { char *strtmp; int ret; - if (!aint) return 1; - if ((strtmp = i2s_ASN1_INTEGER(NULL, aint)) == NULL) + if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; ret = X509V3_add_value(name, strtmp, extlist); OPENSSL_free(strtmp); return ret; } -int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) +int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) { - const char *btmp; - - if ((btmp = value->value) == NULL) + char *btmp; + if (!(btmp = value->value)) goto err; - if (strcmp(btmp, "TRUE") == 0 - || strcmp(btmp, "true") == 0 - || strcmp(btmp, "Y") == 0 - || strcmp(btmp, "y") == 0 - || strcmp(btmp, "YES") == 0 - || strcmp(btmp, "yes") == 0) { + if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") + || !strcmp(btmp, "Y") || !strcmp(btmp, "y") + || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { *asn1_bool = 0xff; return 1; - } - if (strcmp(btmp, "FALSE") == 0 - || strcmp(btmp, "false") == 0 - || strcmp(btmp, "N") == 0 - || strcmp(btmp, "n") == 0 - || strcmp(btmp, "NO") == 0 - || strcmp(btmp, "no") == 0) { + } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") + || !strcmp(btmp, "N") || !strcmp(btmp, "n") + || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { *asn1_bool = 0; return 1; } @@ -221,11 +258,10 @@ int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) return 0; } -int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint) +int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) { ASN1_INTEGER *itmp; - - if ((itmp = s2i_ASN1_INTEGER(NULL, value->value)) == NULL) { + if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { X509V3_conf_err(value); return 0; } @@ -248,7 +284,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) char *linebuf; int state; /* We are going to modify the line so copy it first */ - linebuf = OPENSSL_strdup(line); + linebuf = BUF_strdup(line); if (linebuf == NULL) { X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE); goto err; @@ -275,6 +311,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) *p = 0; ntmp = strip_spaces(q); q = p + 1; +#if 0 + printf("%s\n", ntmp); +#endif if (!ntmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); @@ -289,6 +328,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) state = HDR_NAME; *p = 0; vtmp = strip_spaces(q); +#if 0 + printf("%s\n", ntmp); +#endif if (!vtmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); @@ -304,6 +346,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) if (state == HDR_VALUE) { vtmp = strip_spaces(q); +#if 0 + printf("%s=%s\n", ntmp, vtmp); +#endif if (!vtmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); @@ -312,6 +357,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) X509V3_add_value(ntmp, vtmp, &values); } else { ntmp = strip_spaces(q); +#if 0 + printf("%s\n", ntmp); +#endif if (!ntmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); goto err; @@ -348,6 +396,109 @@ static char *strip_spaces(char *name) return p; } +/* hex string utilities */ + +/* + * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its + * hex representation @@@ (Contents of buffer are always kept in ASCII, also + * on EBCDIC machines) + */ + +char *hex_to_string(const unsigned char *buffer, long len) +{ + char *tmp, *q; + const unsigned char *p; + int i; + const static char hexdig[] = "0123456789ABCDEF"; + if (!buffer || !len) + return NULL; + if (!(tmp = OPENSSL_malloc(len * 3 + 1))) { + X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE); + return NULL; + } + q = tmp; + for (i = 0, p = buffer; i < len; i++, p++) { + *q++ = hexdig[(*p >> 4) & 0xf]; + *q++ = hexdig[*p & 0xf]; + *q++ = ':'; + } + q[-1] = 0; +#ifdef CHARSET_EBCDIC + ebcdic2ascii(tmp, tmp, q - tmp - 1); +#endif + + return tmp; +} + +/* + * Give a string of hex digits convert to a buffer + */ + +unsigned char *string_to_hex(const char *str, long *len) +{ + unsigned char *hexbuf, *q; + unsigned char ch, cl, *p; + if (!str) { + X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_INVALID_NULL_ARGUMENT); + return NULL; + } + if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) + goto err; + for (p = (unsigned char *)str, q = hexbuf; *p;) { + ch = *p++; +#ifdef CHARSET_EBCDIC + ch = os_toebcdic[ch]; +#endif + if (ch == ':') + continue; + cl = *p++; +#ifdef CHARSET_EBCDIC + cl = os_toebcdic[cl]; +#endif + if (!cl) { + X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ODD_NUMBER_OF_DIGITS); + OPENSSL_free(hexbuf); + return NULL; + } + if (isupper(ch)) + ch = tolower(ch); + if (isupper(cl)) + cl = tolower(cl); + + if ((ch >= '0') && (ch <= '9')) + ch -= '0'; + else if ((ch >= 'a') && (ch <= 'f')) + ch -= 'a' - 10; + else + goto badhex; + + if ((cl >= '0') && (cl <= '9')) + cl -= '0'; + else if ((cl >= 'a') && (cl <= 'f')) + cl -= 'a' - 10; + else + goto badhex; + + *q++ = (ch << 4) | cl; + } + + if (len) + *len = q - hexbuf; + + return hexbuf; + + err: + if (hexbuf) + OPENSSL_free(hexbuf); + X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE); + return NULL; + + badhex: + OPENSSL_free(hexbuf); + X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT); + return NULL; + +} /* * V2I name comparison function: returns zero if 'name' matches cmp or cmp.* @@ -452,7 +603,7 @@ static void str_free(OPENSSL_STRING str) OPENSSL_free(str); } -static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email) +static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) { char *emtmp; /* First some sanity checks */ @@ -460,16 +611,15 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email return 1; if (!email->data || !email->length) return 1; - if (*sk == NULL) + if (!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp); - if (*sk == NULL) + if (!*sk) return 0; /* Don't add duplicates */ if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1; - emtmp = OPENSSL_strdup((char *)email->data); - if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { - OPENSSL_free(emtmp); /* free on push failure */ + emtmp = BUF_strdup((char *)email->data); + if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { X509_email_free(*sk); *sk = NULL; return 0; @@ -488,7 +638,7 @@ typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len, /* Skip pattern prefix to match "wildcard" subject */ static void skip_prefix(const unsigned char **p, size_t *plen, - size_t subject_len, + const unsigned char *subject, size_t subject_len, unsigned int flags) { const unsigned char *pattern = *p; @@ -523,7 +673,7 @@ static int equal_nocase(const unsigned char *pattern, size_t pattern_len, const unsigned char *subject, size_t subject_len, unsigned int flags) { - skip_prefix(&pattern, &pattern_len, subject_len, flags); + skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); if (pattern_len != subject_len) return 0; while (pattern_len) { @@ -552,7 +702,7 @@ static int equal_case(const unsigned char *pattern, size_t pattern_len, const unsigned char *subject, size_t subject_len, unsigned int flags) { - skip_prefix(&pattern, &pattern_len, subject_len, flags); + skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); if (pattern_len != subject_len) return 0; return !memcmp(pattern, subject, pattern_len); @@ -735,7 +885,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len, * to UTF8. */ -static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, +static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, unsigned int flags, const char *b, size_t blen, char **peername) { @@ -751,7 +901,7 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, else if (a->length == (int)blen && !memcmp(a->data, b, blen)) rv = 1; if (rv > 0 && peername) - *peername = OPENSSL_strndup((char *)a->data, a->length); + *peername = BUF_strndup((char *)a->data, a->length); } else { int astrlen; unsigned char *astr; @@ -765,7 +915,7 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, } rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); if (rv > 0 && peername) - *peername = OPENSSL_strndup((char *)astr, astrlen); + *peername = BUF_strndup((char *)astr, astrlen); OPENSSL_free(astr); } return rv; @@ -830,20 +980,23 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, GENERAL_NAMES_free(gens); if (rv != 0) return rv; - if (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)) + if (cnid == NID_undef + || (san_present + && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))) return 0; } /* We're done if CN-ID is not pertinent */ - if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT)) + if (cnid == NID_undef) return 0; i = -1; name = X509_get_subject_name(x); while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) { - const X509_NAME_ENTRY *ne = X509_NAME_get_entry(name, i); - const ASN1_STRING *str = X509_NAME_ENTRY_get_data(ne); - + X509_NAME_ENTRY *ne; + ASN1_STRING *str; + ne = X509_NAME_get_entry(name, i); + str = X509_NAME_ENTRY_get_data(ne); /* Positive on success, negative on error! */ if ((rv = do_check_string(str, -1, equal, flags, chk, chklen, peername)) != 0) @@ -930,7 +1083,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) return NULL; ret = ASN1_OCTET_STRING_new(); - if (ret == NULL) + if (!ret) return NULL; if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) { ASN1_OCTET_STRING_free(ret); @@ -948,7 +1101,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) p = strchr(ipasc, '/'); if (!p) return NULL; - iptmp = OPENSSL_strdup(ipasc); + iptmp = BUF_strdup(ipasc); if (!iptmp) return NULL; p = iptmp + (p - ipasc); @@ -968,7 +1121,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) goto err; ret = ASN1_OCTET_STRING_new(); - if (ret == NULL) + if (!ret) goto err; if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) goto err; @@ -976,8 +1129,10 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) return ret; err: - OPENSSL_free(iptmp); - ASN1_OCTET_STRING_free(ret); + if (iptmp) + OPENSSL_free(iptmp); + if (ret) + ASN1_OCTET_STRING_free(ret); return NULL; } @@ -1129,17 +1284,19 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen) { unsigned char c; unsigned int num = 0; - int x; - if (inlen > 4) return 0; while (inlen--) { c = *in++; num <<= 4; - x = OPENSSL_hexchar2int(c); - if (x < 0) + if ((c >= '0') && (c <= '9')) + num |= c - '0'; + else if ((c >= 'A') && (c <= 'F')) + num |= c - 'A' + 10; + else if ((c >= 'a') && (c <= 'f')) + num |= c - 'a' + 10; + else return 0; - num |= (char)x; } out[0] = num >> 8; out[1] = num & 0xff; @@ -1150,7 +1307,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, unsigned long chtype) { CONF_VALUE *v; - int i, mval, spec_char, plus_char; + int i, mval; char *p, *type; if (!nm) return 0; @@ -1161,26 +1318,25 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, /* * Skip past any leading X. X: X, etc to allow for multiple instances */ - for (p = type; *p; p++) { + for (p = type; *p; p++) #ifndef CHARSET_EBCDIC - spec_char = ((*p == ':') || (*p == ',') || (*p == '.')); + if ((*p == ':') || (*p == ',') || (*p == '.')) #else - spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[',']) - || (*p == os_toascii['.'])); + if ((*p == os_toascii[':']) || (*p == os_toascii[',']) + || (*p == os_toascii['.'])) #endif - if (spec_char) { + { p++; if (*p) type = p; break; } - } #ifndef CHARSET_EBCDIC - plus_char = (*type == '+'); + if (*type == '+') #else - plus_char = (*type == os_toascii['+']); + if (*type == os_toascii['+']) #endif - if (plus_char) { + { mval = -1; type++; } else diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c index 5d79c8c6..bcc1be72 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c @@ -1,11 +1,62 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/x509v3/v3err.c */ +/* ==================================================================== + * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. */ #include <stdio.h> @@ -20,62 +71,68 @@ static ERR_STRING_DATA X509V3_str_functs[] = { {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "a2i_GENERAL_NAME"}, - {ERR_FUNC(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL), - "addr_validate_path_internal"}, {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), - "ASIdentifierChoice_canonize"}, + "ASIDENTIFIERCHOICE_CANONIZE"}, {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), - "ASIdentifierChoice_is_canonical"}, - {ERR_FUNC(X509V3_F_COPY_EMAIL), "copy_email"}, - {ERR_FUNC(X509V3_F_COPY_ISSUER), "copy_issuer"}, - {ERR_FUNC(X509V3_F_DO_DIRNAME), "do_dirname"}, - {ERR_FUNC(X509V3_F_DO_EXT_I2D), "do_ext_i2d"}, - {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "do_ext_nconf"}, - {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "gnames_from_sectname"}, + "ASIDENTIFIERCHOICE_IS_CANONICAL"}, + {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, + {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, + {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, + {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, + {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, + {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, + {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "GNAMES_FROM_SECTNAME"}, + {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, - {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "i2s_ASN1_IA5STRING"}, + {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), - "i2v_AUTHORITY_INFO_ACCESS"}, - {ERR_FUNC(X509V3_F_NOTICE_SECTION), "notice_section"}, - {ERR_FUNC(X509V3_F_NREF_NOS), "nref_nos"}, - {ERR_FUNC(X509V3_F_POLICY_SECTION), "policy_section"}, - {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "process_pci_value"}, - {ERR_FUNC(X509V3_F_R2I_CERTPOL), "r2i_certpol"}, - {ERR_FUNC(X509V3_F_R2I_PCI), "r2i_pci"}, - {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "s2i_ASN1_IA5STRING"}, + "I2V_AUTHORITY_INFO_ACCESS"}, + {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, + {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, + {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, + {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, + {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, + {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, + {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, - {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "s2i_skey_id"}, - {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "set_dist_point_name"}, + {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, + {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, + {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "SET_DIST_POINT_NAME"}, + {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, - {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "v2i_ASIdentifiers"}, + {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"}, {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), - "v2i_AUTHORITY_INFO_ACCESS"}, - {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "v2i_AUTHORITY_KEYID"}, - {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "v2i_BASIC_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_CRLD), "v2i_crld"}, - {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "v2i_EXTENDED_KEY_USAGE"}, + "V2I_AUTHORITY_INFO_ACCESS"}, + {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, + {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, + {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, - {ERR_FUNC(X509V3_F_V2I_IDP), "v2i_idp"}, - {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "v2i_IPAddrBlocks"}, - {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "v2i_issuer_alt"}, - {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "v2i_NAME_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "v2i_POLICY_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "v2i_POLICY_MAPPINGS"}, - {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "v2i_subject_alt"}, - {ERR_FUNC(X509V3_F_V2I_TLS_FEATURE), "v2i_TLS_FEATURE"}, - {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "v3_generic_extension"}, + {ERR_FUNC(X509V3_F_V2I_IDP), "V2I_IDP"}, + {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, + {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, + {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, + {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, + {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), + "V3_ADDR_VALIDATE_PATH_INTERNAL"}, + {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_FREE), "X509V3_EXT_free"}, {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, @@ -93,6 +150,8 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"}, {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR), "bn to asn1 integer error"}, + {ERR_REASON(X509V3_R_CANNOT_FIND_FREE_FUNCTION), + "cannot find free function"}, {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"}, {ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET), "distpoint already set"}, {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"}, @@ -108,6 +167,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { "extension setting not supported"}, {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"}, {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"}, + {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"}, {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), "incorrect policy syntax tag"}, {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"}, @@ -147,6 +207,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { "no proxy cert policy language defined"}, {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"}, {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"}, + {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"}, {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"}, {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), @@ -154,6 +215,8 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"}, {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), "policy path length already defined"}, + {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED), + "policy syntax not currently supported"}, {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), "policy when proxy language requires no policy"}, {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"}, @@ -174,7 +237,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { #endif -int ERR_load_X509V3_strings(void) +void ERR_load_X509V3_strings(void) { #ifndef OPENSSL_NO_ERR @@ -183,5 +246,4 @@ int ERR_load_X509V3_strings(void) ERR_load_strings(0, X509V3_str_reasons); } #endif - return 1; } |