diff options
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/x509v3')
39 files changed, 1528 insertions, 3465 deletions
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h b/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h index 09ebbcae..c9ede960 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h +++ b/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h @@ -1,138 +1,24 @@ -/* ext_dat.h */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -/* This file contains a table of "standard" extensions */ - -extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; -extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; -extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; -extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; -extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; -extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; -extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; -extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; -extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; -extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; -extern X509V3_EXT_METHOD v3_addr, v3_asid; -extern X509V3_EXT_METHOD v3_ct_scts[]; - -/* - * This table will be searched using OBJ_bsearch so it *must* kept in order - * of the ext_nid values. - */ - -static const X509V3_EXT_METHOD *standard_exts[] = { - &v3_nscert, - &v3_ns_ia5_list[0], - &v3_ns_ia5_list[1], - &v3_ns_ia5_list[2], - &v3_ns_ia5_list[3], - &v3_ns_ia5_list[4], - &v3_ns_ia5_list[5], - &v3_ns_ia5_list[6], - &v3_skey_id, - &v3_key_usage, - &v3_pkey_usage_period, - &v3_alt[0], - &v3_alt[1], - &v3_bcons, - &v3_crl_num, - &v3_cpols, - &v3_akey_id, - &v3_crld, - &v3_ext_ku, - &v3_delta_crl, - &v3_crl_reason, -#ifndef OPENSSL_NO_OCSP - &v3_crl_invdate, -#endif - &v3_sxnet, - &v3_info, -#ifndef OPENSSL_NO_RFC3779 - &v3_addr, - &v3_asid, -#endif -#ifndef OPENSSL_NO_OCSP - &v3_ocsp_nonce, - &v3_ocsp_crlid, - &v3_ocsp_accresp, - &v3_ocsp_nocheck, - &v3_ocsp_acutoff, - &v3_ocsp_serviceloc, -#endif - &v3_sinfo, - &v3_policy_constraints, -#ifndef OPENSSL_NO_OCSP - &v3_crl_hold, -#endif - &v3_pci, - &v3_name_constraints, - &v3_policy_mappings, - &v3_inhibit_anyp, - &v3_idp, - &v3_alt[2], - &v3_freshest_crl, -#ifndef OPENSSL_NO_SCT - &v3_ct_scts[0], - &v3_ct_scts[1], -#endif -}; -/* Number of standard extensions */ +int name_cmp(const char *name, const char *cmp); -#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) +extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; +extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; +extern const X509V3_EXT_METHOD v3_ns_ia5_list[8], v3_alt[3], v3_skey_id, v3_akey_id; +extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; +extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; +extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; +extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; +extern const X509V3_EXT_METHOD v3_crl_hold, v3_pci; +extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; +extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; +extern const X509V3_EXT_METHOD v3_addr, v3_asid; +extern const X509V3_EXT_METHOD v3_ct_scts[3]; +extern const X509V3_EXT_METHOD v3_tls_feature; diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c index c8f41f24..a9ee30a8 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c @@ -1,65 +1,16 @@ -/* pcy_cache.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> +#include "internal/x509_int.h" #include "pcy_int.h" @@ -83,12 +34,12 @@ static int policy_cache_create(X509 *x, if (sk_POLICYINFO_num(policies) == 0) goto bad_policy; cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); - if (!cache->data) + if (cache->data == NULL) goto bad_policy; for (i = 0; i < sk_POLICYINFO_num(policies); i++) { policy = sk_POLICYINFO_value(policies, i); data = policy_data_new(policy, NULL, crit); - if (!data) + if (data == NULL) goto bad_policy; /* * Duplicate policy OIDs are illegal: reject if matches found. @@ -110,8 +61,7 @@ static int policy_cache_create(X509 *x, bad_policy: if (ret == -1) x->ex_flags |= EXFLAG_INVALID_POLICY; - if (data) - policy_data_free(data); + policy_data_free(data); sk_POLICYINFO_pop_free(policies, POLICYINFO_free); if (ret <= 0) { sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); @@ -128,8 +78,11 @@ static int policy_cache_new(X509 *x) CERTIFICATEPOLICIES *ext_cpols = NULL; POLICY_MAPPINGS *ext_pmaps = NULL; int i; - cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE)); - if (!cache) + + if (x->policy_cache != NULL) + return 1; + cache = OPENSSL_malloc(sizeof(*cache)); + if (cache == NULL) return 0; cache->anyPolicy = NULL; cache->data = NULL; @@ -200,18 +153,14 @@ static int policy_cache_new(X509 *x) goto bad_cache; } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) goto bad_cache; + goto just_cleanup; - if (0) { bad_cache: - x->ex_flags |= EXFLAG_INVALID_POLICY; - } - - if (ext_pcons) - POLICY_CONSTRAINTS_free(ext_pcons); - - if (ext_any) - ASN1_INTEGER_free(ext_any); + x->ex_flags |= EXFLAG_INVALID_POLICY; + just_cleanup: + POLICY_CONSTRAINTS_free(ext_pcons); + ASN1_INTEGER_free(ext_any); return 1; } @@ -220,10 +169,8 @@ void policy_cache_free(X509_POLICY_CACHE *cache) { if (!cache) return; - if (cache->anyPolicy) - policy_data_free(cache->anyPolicy); - if (cache->data) - sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); + policy_data_free(cache->anyPolicy); + sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); OPENSSL_free(cache); } @@ -231,9 +178,9 @@ const X509_POLICY_CACHE *policy_cache_set(X509 *x) { if (x->policy_cache == NULL) { - CRYPTO_w_lock(CRYPTO_LOCK_X509); + CRYPTO_THREAD_write_lock(x->lock); policy_cache_new(x); - CRYPTO_w_unlock(CRYPTO_LOCK_X509); + CRYPTO_THREAD_unlock(x->lock); } return x->policy_cache; diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c index 90e9970e..cf1d635e 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c @@ -1,63 +1,13 @@ -/* pcy_data.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> @@ -67,6 +17,8 @@ void policy_data_free(X509_POLICY_DATA *data) { + if (!data) + return; ASN1_OBJECT_free(data->valid_policy); /* Don't free qualifiers if shared */ if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) @@ -76,9 +28,9 @@ void policy_data_free(X509_POLICY_DATA *data) } /* - * Create a data based on an existing policy. If 'id' is NULL use the oid in + * Create a data based on an existing policy. If 'id' is NULL use the OID in * the policy, otherwise use 'id'. This behaviour covers the two types of - * data in RFC3280: data with from a CertificatePolcies extension and + * data in RFC3280: data with from a CertificatePolicies extension and * additional data with just the qualifiers of anyPolicy and ID from another * source. */ @@ -96,21 +48,18 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, return NULL; } else id = NULL; - ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); - if (!ret) + ret = OPENSSL_zalloc(sizeof(*ret)); + if (ret == NULL) return NULL; ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); - if (!ret->expected_policy_set) { + if (ret->expected_policy_set == NULL) { OPENSSL_free(ret); - if (id) - ASN1_OBJECT_free(id); + ASN1_OBJECT_free(id); return NULL; } if (crit) ret->flags = POLICY_DATA_FLAG_CRITICAL; - else - ret->flags = 0; if (id) ret->valid_policy = id; @@ -122,8 +71,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, if (policy) { ret->qualifier_set = policy->qualifiers; policy->qualifiers = NULL; - } else - ret->qualifier_set = NULL; + } return ret; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h b/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h index b5075f9e..5daf78de 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h @@ -1,65 +1,15 @@ -/* pcy_int.h */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; -DECLARE_STACK_OF(X509_POLICY_DATA) +DEFINE_STACK_OF(X509_POLICY_DATA) /* Internal structures */ @@ -169,7 +119,7 @@ struct X509_POLICY_TREE_st { * required. */ STACK_OF(X509_POLICY_DATA) *extra_data; - /* This is the authority constained policy set */ + /* This is the authority constrained policy set */ STACK_OF(X509_POLICY_NODE) *auth_policies; STACK_OF(X509_POLICY_NODE) *user_policies; unsigned int flags; @@ -207,7 +157,7 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, const ASN1_OBJECT *id); X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - const X509_POLICY_DATA *data, + X509_POLICY_DATA *data, X509_POLICY_NODE *parent, X509_POLICY_TREE *tree); void policy_node_free(X509_POLICY_NODE *node); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c index dbb29835..67f7eafc 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c @@ -1,63 +1,13 @@ -/* pcy_lib.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> @@ -140,15 +90,6 @@ const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node) return node->data->valid_policy; } -#if 0 -int X509_policy_node_get_critical(const X509_POLICY_NODE *node) -{ - if (node_critical(node)) - return 1; - return 0; -} -#endif - STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c index b99eb91c..ab9dd21b 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c @@ -1,65 +1,16 @@ -/* pcy_map.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> +#include "internal/x509_int.h" #include "pcy_int.h" @@ -91,15 +42,15 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) /* Attempt to find matching policy data */ data = policy_cache_find_data(cache, map->issuerDomainPolicy); /* If we don't have anyPolicy can't map */ - if (!data && !cache->anyPolicy) + if (data == NULL && !cache->anyPolicy) continue; /* Create a NODE from anyPolicy */ - if (!data) { + if (data == NULL) { data = policy_data_new(NULL, map->issuerDomainPolicy, cache->anyPolicy->flags & POLICY_DATA_FLAG_CRITICAL); - if (!data) + if (data == NULL) goto bad_mapping; data->qualifier_set = cache->anyPolicy->qualifier_set; /* diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c index d6c91765..80443bff 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c @@ -1,60 +1,10 @@ -/* pcy_node.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <openssl/asn1.h> @@ -109,17 +59,17 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, } X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - const X509_POLICY_DATA *data, + X509_POLICY_DATA *data, X509_POLICY_NODE *parent, X509_POLICY_TREE *tree) { X509_POLICY_NODE *node; - node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); - if (!node) + + node = OPENSSL_zalloc(sizeof(*node)); + if (node == NULL) return NULL; node->data = data; node->parent = parent; - node->nchild = 0; if (level) { if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { if (level->anyPolicy) @@ -127,9 +77,9 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, level->anyPolicy = node; } else { - if (!level->nodes) + if (level->nodes == NULL) level->nodes = policy_node_cmp_new(); - if (!level->nodes) + if (level->nodes == NULL) goto node_error; if (!sk_X509_POLICY_NODE_push(level->nodes, node)) goto node_error; @@ -137,9 +87,9 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, } if (tree) { - if (!tree->extra_data) + if (tree->extra_data == NULL) tree->extra_data = sk_X509_POLICY_DATA_new_null(); - if (!tree->extra_data) + if (tree->extra_data == NULL) goto node_error; if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) goto node_error; @@ -152,8 +102,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, node_error: policy_node_free(node); - return 0; - + return NULL; } void policy_node_free(X509_POLICY_NODE *node) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c index 09b8691c..9f9246be 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c @@ -1,63 +1,13 @@ -/* pcy_tree.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> @@ -98,22 +48,26 @@ static void expected_print(BIO *err, X509_POLICY_LEVEL *lev, static void tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) { + BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE); X509_POLICY_LEVEL *plev; - X509_POLICY_NODE *node; - int i; - BIO *err; - err = BIO_new_fp(stderr, BIO_NOCLOSE); + + if (err == NULL) + return; if (!curr) curr = tree->levels + tree->nlevel; else curr++; + BIO_printf(err, "Level print after %s\n", str); BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels); for (plev = tree->levels; plev != curr; plev++) { + int i; + BIO_printf(err, "Level %ld, flags = %x\n", - plev - tree->levels, plev->flags); + (long)(plev - tree->levels), plev->flags); for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) { - node = sk_X509_POLICY_NODE_value(plev->nodes, i); + X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(plev->nodes, i); + X509_POLICY_NODE_print(err, node, 2); expected_print(err, plev, node, 2); BIO_printf(err, " Flags: %x\n", node->data->flags); @@ -121,26 +75,17 @@ static void tree_print(char *str, X509_POLICY_TREE *tree, if (plev->anyPolicy) X509_POLICY_NODE_print(err, plev->anyPolicy, 2); } - BIO_free(err); - } -#else - -# define tree_print(a,b,c) /* */ - #endif /*- - * Initialize policy tree. Return values: - * 0 Some internal error occurred. - * -1 Inconsistent or invalid extensions in certificates. - * 1 Tree initialized OK. - * 2 Policy tree is empty. - * 5 Tree OK and requireExplicitPolicy true. - * 6 Tree empty and requireExplicitPolicy true. + * Return value: <= 0 on error, or positive bit mask: + * + * X509_PCY_TREE_VALID: valid tree + * X509_PCY_TREE_EMPTY: empty tree (including bare TA case) + * X509_PCY_TREE_EXPLICIT: explicit policy required */ - static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, unsigned int flags) { @@ -148,114 +93,112 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, X509_POLICY_LEVEL *level; const X509_POLICY_CACHE *cache; X509_POLICY_DATA *data = NULL; - X509 *x; - int ret = 1; - int i, n; - int explicit_policy; - int any_skip; - int map_skip; + int ret = X509_PCY_TREE_VALID; + int n = sk_X509_num(certs) - 1; /* RFC5280 paths omit the TA */ + int explicit_policy = (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : n+1; + int any_skip = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : n+1; + int map_skip = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : n+1; + int i; + *ptree = NULL; - n = sk_X509_num(certs); -#if 0 - /* Disable policy mapping for now... */ - flags |= X509_V_FLAG_INHIBIT_MAP; -#endif + /* Can't do anything with just a trust anchor */ + if (n == 0) + return X509_PCY_TREE_EMPTY; - if (flags & X509_V_FLAG_EXPLICIT_POLICY) - explicit_policy = 0; - else - explicit_policy = n + 1; + /* + * First setup the policy cache in all n non-TA certificates, this will be + * used in X509_verify_cert() which will invoke the verify callback for all + * certificates with invalid policy extensions. + */ + for (i = n - 1; i >= 0; i--) { + X509 *x = sk_X509_value(certs, i); - if (flags & X509_V_FLAG_INHIBIT_ANY) - any_skip = 0; - else - any_skip = n + 1; + /* Call for side-effect of computing hash and caching extensions */ + X509_check_purpose(x, -1, 0); - if (flags & X509_V_FLAG_INHIBIT_MAP) - map_skip = 0; - else - map_skip = n + 1; + /* If cache is NULL, likely ENOMEM: return immediately */ + if (policy_cache_set(x) == NULL) + return X509_PCY_TREE_INTERNAL; + } - /* Can't do anything with just a trust anchor */ - if (n == 1) - return 1; /* - * First setup policy cache in all certificates apart from the trust - * anchor. Note any bad cache results on the way. Also can calculate - * explicit_policy value at this point. + * At this point check for invalid policies and required explicit policy. + * Note that the explicit_policy counter is a count-down to zero, with the + * requirement kicking in if and once it does that. The counter is + * decremented for every non-self-issued certificate in the path, but may + * be further reduced by policy constraints in a non-leaf certificate. + * + * The ultimate policy set is the intersection of all the policies along + * the path, if we hit a certificate with an empty policy set, and explicit + * policy is required we're done. */ - for (i = n - 2; i >= 0; i--) { - x = sk_X509_value(certs, i); - X509_check_purpose(x, -1, -1); + for (i = n - 1; + i >= 0 && (explicit_policy > 0 || (ret & X509_PCY_TREE_EMPTY) == 0); + i--) { + X509 *x = sk_X509_value(certs, i); + uint32_t ex_flags = X509_get_extension_flags(x); + + /* All the policies are already cached, we can return early */ + if (ex_flags & EXFLAG_INVALID_POLICY) + return X509_PCY_TREE_INVALID; + + /* Access the cache which we now know exists */ cache = policy_cache_set(x); - /* If cache NULL something bad happened: return immediately */ - if (cache == NULL) - return 0; - /* - * If inconsistent extensions keep a note of it but continue - */ - if (x->ex_flags & EXFLAG_INVALID_POLICY) - ret = -1; - /* - * Otherwise if we have no data (hence no CertificatePolicies) and - * haven't already set an inconsistent code note it. - */ - else if ((ret == 1) && !cache->data) - ret = 2; + + if ((ret & X509_PCY_TREE_VALID) && cache->data == NULL) + ret = X509_PCY_TREE_EMPTY; if (explicit_policy > 0) { - if (!(x->ex_flags & EXFLAG_SI)) + if (!(ex_flags & EXFLAG_SI)) explicit_policy--; - if ((cache->explicit_skip != -1) + if ((cache->explicit_skip >= 0) && (cache->explicit_skip < explicit_policy)) explicit_policy = cache->explicit_skip; } } - if (ret != 1) { - if (ret == 2 && !explicit_policy) - return 6; + if (explicit_policy == 0) + ret |= X509_PCY_TREE_EXPLICIT; + if ((ret & X509_PCY_TREE_VALID) == 0) return ret; - } /* If we get this far initialize the tree */ + if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL) + return X509_PCY_TREE_INTERNAL; - tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE)); - - if (!tree) - return 0; - - tree->flags = 0; - tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n); - tree->nlevel = 0; - tree->extra_data = NULL; - tree->auth_policies = NULL; - tree->user_policies = NULL; - - if (!tree->levels) { + /* + * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. + * + * The top level is implicitly for the trust anchor with valid expected + * policies of anyPolicy. (RFC 5280 has the TA at depth 0 and the leaf at + * depth n, we have the leaf at depth 0 and the TA at depth n). + */ + if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) { OPENSSL_free(tree); - return 0; + return X509_PCY_TREE_INTERNAL; } - - memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); - - tree->nlevel = n; - + tree->nlevel = n+1; level = tree->levels; - - /* Root data: initialize to anyPolicy */ - - data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); - - if (!data || !level_add_node(level, data, NULL, tree)) + if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL) + goto bad_tree; + if (level_add_node(level, data, NULL, tree) == NULL) { + policy_data_free(data); goto bad_tree; + } - for (i = n - 2; i >= 0; i--) { - level++; - x = sk_X509_value(certs, i); + /* + * In this pass initialize all the tree levels and whether anyPolicy and + * policy mapping are inhibited at each level. + */ + for (i = n - 1; i >= 0; i--) { + X509 *x = sk_X509_value(certs, i); + uint32_t ex_flags = X509_get_extension_flags(x); + + /* Access the cache which we now know exists */ cache = policy_cache_set(x); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - level->cert = x; + + X509_up_ref(x); + (++level)->cert = x; if (!cache->anyPolicy) level->flags |= X509_V_FLAG_INHIBIT_ANY; @@ -263,63 +206,57 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, /* Determine inhibit any and inhibit map flags */ if (any_skip == 0) { /* - * Any matching allowed if certificate is self issued and not the - * last in the chain. + * Any matching allowed only if certificate is self issued and not + * the last in the chain. */ - if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) + if (!(ex_flags & EXFLAG_SI) || (i == 0)) level->flags |= X509_V_FLAG_INHIBIT_ANY; } else { - if (!(x->ex_flags & EXFLAG_SI)) + if (!(ex_flags & EXFLAG_SI)) any_skip--; - if ((cache->any_skip >= 0) - && (cache->any_skip < any_skip)) + if ((cache->any_skip >= 0) && (cache->any_skip < any_skip)) any_skip = cache->any_skip; } if (map_skip == 0) level->flags |= X509_V_FLAG_INHIBIT_MAP; else { - if (!(x->ex_flags & EXFLAG_SI)) + if (!(ex_flags & EXFLAG_SI)) map_skip--; - if ((cache->map_skip >= 0) - && (cache->map_skip < map_skip)) + if ((cache->map_skip >= 0) && (cache->map_skip < map_skip)) map_skip = cache->map_skip; } - } *ptree = tree; - - if (explicit_policy) - return 1; - else - return 5; + return ret; bad_tree: - X509_policy_tree_free(tree); - - return 0; - + return X509_PCY_TREE_INTERNAL; } +/* + * Return value: 1 on success, 0 otherwise + */ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - const X509_POLICY_DATA *data) + X509_POLICY_DATA *data) { X509_POLICY_LEVEL *last = curr - 1; - X509_POLICY_NODE *node; int i, matched = 0; + /* Iterate through all in nodes linking matches */ for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) { - node = sk_X509_POLICY_NODE_value(last->nodes, i); + X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); + if (policy_node_match(last, node, data->valid_policy)) { - if (!level_add_node(curr, data, node, NULL)) + if (level_add_node(curr, data, node, NULL) == NULL) return 0; matched = 1; } } if (!matched && last->anyPolicy) { - if (!level_add_node(curr, data, last->anyPolicy, NULL)) + if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL) return 0; } return 1; @@ -328,29 +265,17 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, /* * This corresponds to RFC3280 6.1.3(d)(1): link any data from * CertificatePolicies onto matching parent or anyPolicy if no match. + * + * Return value: 1 on success, 0 otherwise. */ - static int tree_link_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache) { int i; - X509_POLICY_DATA *data; for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { - data = sk_X509_POLICY_DATA_value(cache->data, i); - /* - * If a node is mapped any it doesn't have a corresponding - * CertificatePolicies entry. However such an identical node would - * be created if anyPolicy matching is enabled because there would be - * no match with the parent valid_policy_set. So we create link - * because then it will have the mapping flags right and we can prune - * it later. - */ -#if 0 - if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) - && !(curr->flags & X509_V_FLAG_INHIBIT_ANY)) - continue; -#endif + X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); + /* Look for matching nodes in previous level */ if (!tree_link_matching_nodes(curr, data)) return 0; @@ -361,35 +286,38 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, /* * This corresponds to RFC3280 6.1.3(d)(2): Create new data for any unmatched * policies in the parent and link to anyPolicy. + * + * Return value: 1 on success, 0 otherwise. */ - static int tree_add_unmatched(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, const ASN1_OBJECT *id, X509_POLICY_NODE *node, X509_POLICY_TREE *tree) { X509_POLICY_DATA *data; + if (id == NULL) id = node->data->valid_policy; /* * Create a new node with qualifiers from anyPolicy and id from unmatched * node. */ - data = policy_data_new(NULL, id, node_critical(node)); - - if (data == NULL) + if ((data = policy_data_new(NULL, id, node_critical(node))) == NULL) return 0; + /* Curr may not have anyPolicy */ data->qualifier_set = cache->anyPolicy->qualifier_set; data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; - if (!level_add_node(curr, data, node, tree)) { + if (level_add_node(curr, data, node, tree) == NULL) { policy_data_free(data); return 0; } - return 1; } +/* + * Return value: 1 on success, 0 otherwise. + */ static int tree_link_unmatched(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, X509_POLICY_NODE *node, X509_POLICY_TREE *tree) @@ -420,19 +348,17 @@ static int tree_link_unmatched(X509_POLICY_LEVEL *curr, } } - return 1; - } +/* + * Return value: 1 on success, 0 otherwise + */ static int tree_link_any(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, X509_POLICY_TREE *tree) { int i; - /* - * X509_POLICY_DATA *data; - */ X509_POLICY_NODE *node; X509_POLICY_LEVEL *last = curr - 1; @@ -441,50 +367,24 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, if (!tree_link_unmatched(curr, cache, node, tree)) return 0; - -#if 0 - - /* - * Skip any node with any children: we only want unmathced nodes. - * Note: need something better for policy mapping because each node - * may have multiple children - */ - if (node->nchild) - continue; - - /* - * Create a new node with qualifiers from anyPolicy and id from - * unmatched node. - */ - data = policy_data_new(NULL, node->data->valid_policy, - node_critical(node)); - - if (data == NULL) - return 0; - /* Curr may not have anyPolicy */ - data->qualifier_set = cache->anyPolicy->qualifier_set; - data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; - if (!level_add_node(curr, data, node, tree)) { - policy_data_free(data); - return 0; - } -#endif - } /* Finally add link to anyPolicy */ - if (last->anyPolicy) { - if (!level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL)) - return 0; - } + if (last->anyPolicy && + level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL) + return 0; return 1; } -/* - * Prune the tree: delete any child mapped child data on the current level - * then proceed up the tree deleting any data with no children. If we ever - * have no data on a level we can halt because the tree will be empty. +/*- + * Prune the tree: delete any child mapped child data on the current level then + * proceed up the tree deleting any data with no children. If we ever have no + * data on a level we can halt because the tree will be empty. + * + * Return value: <= 0 error, otherwise one of: + * + * X509_PCY_TREE_VALID: valid tree + * X509_PCY_TREE_EMPTY: empty tree */ - static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) { STACK_OF(X509_POLICY_NODE) *nodes; @@ -523,41 +423,43 @@ static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) if (curr == tree->levels) { /* If we zapped anyPolicy at top then tree is empty */ if (!curr->anyPolicy) - return 2; - return 1; + return X509_PCY_TREE_EMPTY; + break; } } - - return 1; - + return X509_PCY_TREE_VALID; } +/* + * Return value: 1 on success, 0 otherwise. + */ static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes, X509_POLICY_NODE *pcy) { - if (!*pnodes) { - *pnodes = policy_node_cmp_new(); - if (!*pnodes) - return 0; - } else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) - return 1; - - if (!sk_X509_POLICY_NODE_push(*pnodes, pcy)) + if (*pnodes == NULL && + (*pnodes = policy_node_cmp_new()) == NULL) return 0; - - return 1; - + if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) + return 1; + return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0; } -/* - * Calculate the authority set based on policy tree. The 'pnodes' parameter - * is used as a store for the set of policy nodes used to calculate the user - * set. If the authority set is not anyPolicy then pnodes will just point to - * the authority set. If however the authority set is anyPolicy then the set - * of valid policies (other than anyPolicy) is store in pnodes. The return - * value of '2' is used in this case to indicate that pnodes should be freed. - */ +#define TREE_CALC_FAILURE 0 +#define TREE_CALC_OK_NOFREE 1 +#define TREE_CALC_OK_DOFREE 2 +/*- + * Calculate the authority set based on policy tree. The 'pnodes' parameter is + * used as a store for the set of policy nodes used to calculate the user set. + * If the authority set is not anyPolicy then pnodes will just point to the + * authority set. If however the authority set is anyPolicy then the set of + * valid policies (other than anyPolicy) is store in pnodes. + * + * Return value: + * TREE_CALC_FAILURE on failure, + * TREE_CALC_OK_NOFREE on success and pnodes need not be freed, + * TREE_CALC_OK_DOFREE on success and pnodes needs to be freed + */ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, STACK_OF(X509_POLICY_NODE) **pnodes) { @@ -570,7 +472,7 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, /* If last level contains anyPolicy set is anyPolicy */ if (curr->anyPolicy) { if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)) - return 0; + return TREE_CALC_FAILURE; addnodes = pnodes; } else /* Add policies to authority set */ @@ -582,25 +484,31 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, * If no anyPolicy node on this this level it can't appear on lower * levels so end search. */ - if (!(anyptr = curr->anyPolicy)) + if ((anyptr = curr->anyPolicy) == NULL) break; curr++; for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) { node = sk_X509_POLICY_NODE_value(curr->nodes, j); if ((node->parent == anyptr) - && !tree_add_auth_node(addnodes, node)) - return 0; + && !tree_add_auth_node(addnodes, node)) { + if (addnodes == pnodes) { + sk_X509_POLICY_NODE_free(*pnodes); + *pnodes = NULL; + } + return TREE_CALC_FAILURE; + } } } - if (addnodes == pnodes) - return 2; + return TREE_CALC_OK_DOFREE; *pnodes = tree->auth_policies; - - return 1; + return TREE_CALC_OK_NOFREE; } +/* + * Return value: 1 on success, 0 otherwise. + */ static int tree_calculate_user_set(X509_POLICY_TREE *tree, STACK_OF(ASN1_OBJECT) *policy_oids, STACK_OF(X509_POLICY_NODE) *auth_nodes) @@ -608,7 +516,6 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, int i; X509_POLICY_NODE *node; ASN1_OBJECT *oid; - X509_POLICY_NODE *anyPolicy; X509_POLICY_DATA *extra; @@ -616,7 +523,6 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, * Check if anyPolicy present in authority constrained policy set: this * will happen if it is a leaf node. */ - if (sk_ASN1_OBJECT_num(policy_oids) <= 0) return 1; @@ -641,7 +547,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, * from anyPolicy. */ extra = policy_data_new(NULL, oid, node_critical(anyPolicy)); - if (!extra) + if (extra == NULL) return 0; extra->qualifier_set = anyPolicy->data->qualifier_set; extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS @@ -657,9 +563,14 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, return 0; } return 1; - } +/*- + * Return value: <= 0 error, otherwise one of: + * X509_PCY_TREE_VALID: valid tree + * X509_PCY_TREE_EMPTY: empty tree + * (see tree_prune()). + */ static int tree_evaluate(X509_POLICY_TREE *tree) { int ret, i; @@ -669,19 +580,19 @@ static int tree_evaluate(X509_POLICY_TREE *tree) for (i = 1; i < tree->nlevel; i++, curr++) { cache = policy_cache_set(curr->cert); if (!tree_link_nodes(curr, cache)) - return 0; + return X509_PCY_TREE_INTERNAL; if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) && !tree_link_any(curr, cache, tree)) - return 0; + return X509_PCY_TREE_INTERNAL; +#ifdef OPENSSL_POLICY_DEBUG tree_print("before tree_prune()", tree, curr); +#endif ret = tree_prune(tree, curr); - if (ret != 1) + if (ret != X509_PCY_TREE_VALID) return ret; } - - return 1; - + return X509_PCY_TREE_VALID; } static void exnode_free(X509_POLICY_NODE *node) @@ -702,17 +613,12 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree) sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) { - if (curr->cert) - X509_free(curr->cert); - if (curr->nodes) - sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); - if (curr->anyPolicy) - policy_node_free(curr->anyPolicy); + X509_free(curr->cert); + sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); + policy_node_free(curr->anyPolicy); } - if (tree->extra_data) - sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); - + sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); OPENSSL_free(tree->levels); OPENSSL_free(tree); @@ -721,111 +627,70 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree) /*- * Application policy checking function. * Return codes: - * 0 Internal Error. - * 1 Successful. - * -1 One or more certificates contain invalid or inconsistent extensions - * -2 User constrained policy set empty and requireExplicit true. + * X509_PCY_TREE_FAILURE: Failure to satisfy explicit policy + * X509_PCY_TREE_INVALID: Inconsistent or invalid extensions + * X509_PCY_TREE_INTERNAL: Internal error, most likely malloc + * X509_PCY_TREE_VALID: Success (null tree if empty or bare TA) */ - int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, STACK_OF(X509) *certs, STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags) { + int init_ret; int ret; X509_POLICY_TREE *tree = NULL; STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; - *ptree = NULL; + *ptree = NULL; *pexplicit_policy = 0; - ret = tree_init(&tree, certs, flags); - - switch (ret) { - - /* Tree empty requireExplicit False: OK */ - case 2: - return 1; + init_ret = tree_init(&tree, certs, flags); - /* Some internal error */ - case -1: - return -1; + if (init_ret <= 0) + return init_ret; - /* Some internal error */ - case 0: - return 0; - - /* Tree empty requireExplicit True: Error */ - - case 6: - *pexplicit_policy = 1; - return -2; - - /* Tree OK requireExplicit True: OK and continue */ - case 5: + if ((init_ret & X509_PCY_TREE_EXPLICIT) == 0) { + if (init_ret & X509_PCY_TREE_EMPTY) { + X509_policy_tree_free(tree); + return X509_PCY_TREE_VALID; + } + } else { *pexplicit_policy = 1; - break; - - /* Tree OK: continue */ - - case 1: - if (!tree) - /* - * tree_init() returns success and a null tree - * if it's just looking at a trust anchor. - * I'm not sure that returning success here is - * correct, but I'm sure that reporting this - * as an internal error which our caller - * interprets as a malloc failure is wrong. - */ - return 1; - break; + /* Tree empty and requireExplicit True: Error */ + if (init_ret & X509_PCY_TREE_EMPTY) + return X509_PCY_TREE_FAILURE; } - if (!tree) - goto error; ret = tree_evaluate(tree); - +#ifdef OPENSSL_POLICY_DEBUG tree_print("tree_evaluate()", tree, NULL); - +#endif if (ret <= 0) goto error; - /* Return value 2 means tree empty */ - if (ret == 2) { + if (ret == X509_PCY_TREE_EMPTY) { X509_policy_tree_free(tree); - if (*pexplicit_policy) - return -2; - else - return 1; + if (init_ret & X509_PCY_TREE_EXPLICIT) + return X509_PCY_TREE_FAILURE; + return X509_PCY_TREE_VALID; } /* Tree is not empty: continue */ - - ret = tree_calculate_authority_set(tree, &auth_nodes); - - if (!ret) + if ((ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0 || + !tree_calculate_user_set(tree, policy_oids, auth_nodes)) goto error; - - if (!tree_calculate_user_set(tree, policy_oids, auth_nodes)) - goto error; - - if (ret == 2) + if (ret == TREE_CALC_OK_DOFREE) sk_X509_POLICY_NODE_free(auth_nodes); - if (tree) - *ptree = tree; + *ptree = tree; - if (*pexplicit_policy) { + if (init_ret & X509_PCY_TREE_EXPLICIT) { nodes = X509_policy_tree_get0_user_policies(tree); if (sk_X509_POLICY_NODE_num(nodes) <= 0) - return -2; + return X509_PCY_TREE_FAILURE; } - - return 1; + return X509_PCY_TREE_VALID; error: - X509_policy_tree_free(tree); - - return 0; - + return X509_PCY_TREE_INTERNAL; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c index 94cfed05..ef1d775a 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c @@ -1,58 +1,10 @@ /* - * Contributed to the OpenSSL Project by the American Registry for - * Internet Numbers ("ARIN"). - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ /* @@ -62,12 +14,14 @@ #include <stdio.h> #include <stdlib.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/buffer.h> #include <openssl/x509v3.h> +#include "internal/x509_int.h" +#include "ext_dat.h" #ifndef OPENSSL_NO_RFC3779 @@ -98,7 +52,7 @@ ASN1_SEQUENCE(IPAddressFamily) = { ASN1_ITEM_TEMPLATE(IPAddrBlocks) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, IPAddrBlocks, IPAddressFamily) -ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) +static_ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange) IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange) @@ -108,7 +62,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily) /* * How much buffer space do we need for a raw address? */ -# define ADDR_RAW_BUF_LEN 16 +#define ADDR_RAW_BUF_LEN 16 /* * What's the address length associated with this AFI? @@ -128,7 +82,7 @@ static int length_from_afi(const unsigned afi) /* * Extract the AFI from an IPAddressFamily. */ -unsigned int v3_addr_get_afi(const IPAddressFamily *f) +unsigned int X509v3_addr_get_afi(const IPAddressFamily *f) { return ((f != NULL && f->addressFamily != NULL && f->addressFamily->data != NULL) @@ -163,7 +117,7 @@ static int addr_expand(unsigned char *addr, /* * Extract the prefix length from a bitstring. */ -# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) +#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) /* * i2r handler for one address bitstring. @@ -246,7 +200,7 @@ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, int i; for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - const unsigned int afi = v3_addr_get_afi(f); + const unsigned int afi = X509v3_addr_get_afi(f); switch (afi) { case IANA_AFI_IPV4: BIO_printf(out, "%*sIPv4", indent, ""); @@ -358,7 +312,7 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a, /* * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort() - * comparision routines are only allowed two arguments. + * comparison routines are only allowed two arguments. */ static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, const IPAddressOrRange *const *b) @@ -368,7 +322,7 @@ static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, /* * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort() - * comparision routines are only allowed two arguments. + * comparison routines are only allowed two arguments. */ static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a, const IPAddressOrRange *const *b) @@ -528,7 +482,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, { IPAddressFamily *f; unsigned char key[3]; - unsigned keylen; + int keylen; int i; key[0] = (afi >> 8) & 0xFF; @@ -571,8 +525,8 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, /* * Add an inheritance element. */ -int v3_addr_add_inherit(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi) +int X509v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi) { IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); if (f == NULL || @@ -627,10 +581,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, /* * Add a prefix. */ -int v3_addr_add_prefix(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi, - unsigned char *a, const int prefixlen) +int X509v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, + const unsigned *safi, + unsigned char *a, const int prefixlen) { IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); IPAddressOrRange *aor; @@ -645,10 +599,10 @@ int v3_addr_add_prefix(IPAddrBlocks *addr, /* * Add a range. */ -int v3_addr_add_range(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi, - unsigned char *min, unsigned char *max) +int X509v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, + const unsigned *safi, + unsigned char *min, unsigned char *max) { IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); IPAddressOrRange *aor; @@ -685,10 +639,10 @@ static int extract_min_max(IPAddressOrRange *aor, /* * Public wrapper for extract_min_max(). */ -int v3_addr_get_range(IPAddressOrRange *aor, - const unsigned afi, - unsigned char *min, - unsigned char *max, const int length) +int X509v3_addr_get_range(IPAddressOrRange *aor, + const unsigned afi, + unsigned char *min, + unsigned char *max, const int length) { int afi_length = length_from_afi(afi); if (aor == NULL || min == NULL || max == NULL || @@ -702,7 +656,7 @@ int v3_addr_get_range(IPAddressOrRange *aor, } /* - * Sort comparision function for a sequence of IPAddressFamily. + * Sort comparison function for a sequence of IPAddressFamily. * * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about * the ordering: I can read it as meaning that IPv6 without a SAFI @@ -724,7 +678,7 @@ static int IPAddressFamily_cmp(const IPAddressFamily *const *a_, /* * Check whether an IPAddrBLocks is in canonical form. */ -int v3_addr_is_canonical(IPAddrBlocks *addr) +int X509v3_addr_is_canonical(IPAddrBlocks *addr) { unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; @@ -732,7 +686,7 @@ int v3_addr_is_canonical(IPAddrBlocks *addr) int i, j, k; /* - * Empty extension is cannonical. + * Empty extension is canonical. */ if (addr == NULL) return 1; @@ -752,7 +706,7 @@ int v3_addr_is_canonical(IPAddrBlocks *addr) */ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - int length = length_from_afi(v3_addr_get_afi(f)); + int length = length_from_afi(X509v3_addr_get_afi(f)); /* * Inheritance is canonical. Anything other than inheritance or @@ -895,7 +849,8 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); if (a != NULL && a->type == IPAddressOrRange_addressRange) { unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; - extract_min_max(a, a_min, a_max, length); + if (!extract_min_max(a, a_min, a_max, length)) + return 0; if (memcmp(a_min, a_max, length) > 0) return 0; } @@ -907,7 +862,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, /* * Whack an IPAddrBlocks extension into canonical form. */ -int v3_addr_canonize(IPAddrBlocks *addr) +int X509v3_addr_canonize(IPAddrBlocks *addr) { int i; for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { @@ -915,12 +870,12 @@ int v3_addr_canonize(IPAddrBlocks *addr) if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && !IPAddressOrRanges_canonize(f->ipAddressChoice-> u.addressesOrRanges, - v3_addr_get_afi(f))) + X509v3_addr_get_afi(f))) return 0; } (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); sk_IPAddressFamily_sort(addr); - OPENSSL_assert(v3_addr_is_canonical(addr)); + OPENSSL_assert(X509v3_addr_is_canonical(addr)); return 1; } @@ -946,7 +901,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, CONF_VALUE *val = sk_CONF_VALUE_value(values, i); unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; unsigned afi, *safi = NULL, safi_; - const char *addr_chars; + const char *addr_chars = NULL; int prefixlen, i1, i2, delim, length; if (!name_cmp(val->name, "IPv4")) { @@ -978,7 +933,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, length = length_from_afi(afi); /* - * Handle SAFI, if any, and BUF_strdup() so we can null-terminate + * Handle SAFI, if any, and OPENSSL_strdup() so we can null-terminate * the other input values. */ if (safi != NULL) { @@ -990,9 +945,9 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, goto err; } t += strspn(t, " \t"); - s = BUF_strdup(t); + s = OPENSSL_strdup(t); } else { - s = BUF_strdup(val->value); + s = OPENSSL_strdup(val->value); } if (s == NULL) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); @@ -1003,8 +958,8 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, * Check for inheritance. Not worth additional complexity to * optimize this (seldom-used) case. */ - if (!strcmp(s, "inherit")) { - if (!v3_addr_add_inherit(addr, afi, safi)) { + if (strcmp(s, "inherit") == 0) { + if (!X509v3_addr_add_inherit(addr, afi, safi)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE); X509V3_conf_err(val); @@ -1035,7 +990,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, X509V3_conf_err(val); goto err; } - if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { + if (!X509v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); goto err; } @@ -1061,13 +1016,13 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, X509V3_conf_err(val); goto err; } - if (!v3_addr_add_range(addr, afi, safi, min, max)) { + if (!X509v3_addr_add_range(addr, afi, safi, min, max)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); goto err; } break; case '\0': - if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { + if (!X509v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); goto err; } @@ -1086,7 +1041,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, /* * Canonize the result, then we're done. */ - if (!v3_addr_canonize(addr)) + if (!X509v3_addr_canonize(addr)) goto err; return addr; @@ -1116,7 +1071,7 @@ const X509V3_EXT_METHOD v3_addr = { /* * Figure out whether extension sues inheritance. */ -int v3_addr_inherits(IPAddrBlocks *addr) +int X509v3_addr_inherits(IPAddrBlocks *addr) { int i; if (addr == NULL) @@ -1169,12 +1124,12 @@ static int addr_contains(IPAddressOrRanges *parent, /* * Test whether a is a subset of b. */ -int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) +int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) { int i; if (a == NULL || a == b) return 1; - if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) + if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b)) return 0; (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); for (i = 0; i < sk_IPAddressFamily_num(a); i++) { @@ -1186,7 +1141,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) return 0; if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, fa->ipAddressChoice->u.addressesOrRanges, - length_from_afi(v3_addr_get_afi(fb)))) + length_from_afi(X509v3_addr_get_afi(fb)))) return 0; } return 1; @@ -1195,7 +1150,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) /* * Validation error handling via callback. */ -# define validation_err(_err_) \ +#define validation_err(_err_) \ do { \ if (ctx != NULL) { \ ctx->error = _err_; \ @@ -1211,10 +1166,15 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) /* * Core code for RFC 3779 2.3 path validation. + * + * Returns 1 for success, 0 on error. + * + * When returning 0, ctx->error MUST be set to an appropriate value other than + * X509_V_OK. */ -static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, - STACK_OF(X509) *chain, - IPAddrBlocks *ext) +static int addr_validate_path_internal(X509_STORE_CTX *ctx, + STACK_OF(X509) *chain, + IPAddrBlocks *ext) { IPAddrBlocks *child = NULL; int i, j, ret = 1; @@ -1239,12 +1199,13 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, if ((ext = x->rfc3779_addr) == NULL) goto done; } - if (!v3_addr_is_canonical(ext)) + if (!X509v3_addr_is_canonical(ext)) validation_err(X509_V_ERR_INVALID_EXTENSION); (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { - X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, + X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; ret = 0; goto done; } @@ -1256,7 +1217,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, for (i++; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); OPENSSL_assert(x != NULL); - if (!v3_addr_is_canonical(x->rfc3779_addr)) + if (!X509v3_addr_is_canonical(x->rfc3779_addr)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (x->rfc3779_addr == NULL) { for (j = 0; j < sk_IPAddressFamily_num(child); j++) { @@ -1288,7 +1249,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, if (fc->ipAddressChoice->type == IPAddressChoice_inherit || addr_contains(fp->ipAddressChoice->u.addressesOrRanges, fc->ipAddressChoice->u.addressesOrRanges, - length_from_afi(v3_addr_get_afi(fc)))) + length_from_afi(X509v3_addr_get_afi(fc)))) sk_IPAddressFamily_set(child, j, fp); else validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -1315,30 +1276,30 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, return ret; } -# undef validation_err +#undef validation_err /* * RFC 3779 2.3 path validation -- called from X509_verify_cert(). */ -int v3_addr_validate_path(X509_STORE_CTX *ctx) +int X509v3_addr_validate_path(X509_STORE_CTX *ctx) { - return v3_addr_validate_path_internal(ctx, ctx->chain, NULL); + return addr_validate_path_internal(ctx, ctx->chain, NULL); } /* * RFC 3779 2.3 path validation of an extension. * Test whether chain covers extension. */ -int v3_addr_validate_resource_set(STACK_OF(X509) *chain, +int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, int allow_inheritance) { if (ext == NULL) return 1; if (chain == NULL || sk_X509_num(chain) == 0) return 0; - if (!allow_inheritance && v3_addr_inherits(ext)) + if (!allow_inheritance && X509v3_addr_inherits(ext)) return 0; - return v3_addr_validate_path_internal(NULL, chain, ext); + return addr_validate_path_internal(NULL, chain, ext); } #endif /* OPENSSL_NO_RFC3779 */ diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c index e920270e..d9f77043 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c @@ -1,68 +1,19 @@ -/* v3_akey.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> +#include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid, @@ -90,14 +41,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, { char *tmp; if (akeyid->keyid) { - tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); + tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); X509V3_add_value("keyid", tmp, &extlist); OPENSSL_free(tmp); } if (akeyid->issuer) extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); if (akeyid->serial) { - tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length); + tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); X509V3_add_value("serial", tmp, &extlist); OPENSSL_free(tmp); } @@ -131,13 +82,13 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, for (i = 0; i < sk_CONF_VALUE_num(values); i++) { cnf = sk_CONF_VALUE_value(values, i); - if (!strcmp(cnf->name, "keyid")) { + if (strcmp(cnf->name, "keyid") == 0) { keyid = 1; - if (cnf->value && !strcmp(cnf->value, "always")) + if (cnf->value && strcmp(cnf->value, "always") == 0) keyid = 2; - } else if (!strcmp(cnf->name, "issuer")) { + } else if (strcmp(cnf->name, "issuer") == 0) { issuer = 1; - if (cnf->value && !strcmp(cnf->value, "always")) + if (cnf->value && strcmp(cnf->value, "always") == 0) issuer = 2; } else { X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION); @@ -169,7 +120,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, if ((issuer && !ikeyid) || (issuer == 2)) { isname = X509_NAME_dup(X509_get_issuer_name(cert)); - serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); if (!isname || !serial) { X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); @@ -177,12 +128,12 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, } } - if (!(akeyid = AUTHORITY_KEYID_new())) + if ((akeyid = AUTHORITY_KEYID_new()) == NULL) goto err; if (isname) { - if (!(gens = sk_GENERAL_NAME_new_null()) - || !(gen = GENERAL_NAME_new()) + if ((gens = sk_GENERAL_NAME_new_null()) == NULL + || (gen = GENERAL_NAME_new()) == NULL || !sk_GENERAL_NAME_push(gens, gen)) { X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); goto err; @@ -192,14 +143,18 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, } akeyid->issuer = gens; + gen = NULL; + gens = NULL; akeyid->serial = serial; akeyid->keyid = ikeyid; return akeyid; err: + sk_GENERAL_NAME_free(gens); + GENERAL_NAME_free(gen); X509_NAME_free(isname); - M_ASN1_INTEGER_free(serial); - M_ASN1_OCTET_STRING_free(ikeyid); + ASN1_INTEGER_free(serial); + ASN1_OCTET_STRING_free(ikeyid); return NULL; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c index 2cc85b76..d6dd6bcb 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c @@ -1,64 +1,14 @@ -/* v3_akey_asn1.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c index 22ec2028..0364e336 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c @@ -1,66 +1,17 @@ -/* v3_alt.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> +#include "ext_dat.h" static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, @@ -70,10 +21,10 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *nval); static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); -static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); -static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); +static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); +static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); -const X509V3_EXT_METHOD v3_alt[] = { +const X509V3_EXT_METHOD v3_alt[3] = { {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), 0, 0, 0, 0, 0, 0, @@ -207,7 +158,7 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) break; case GEN_DIRNAME: - BIO_printf(out, "DirName: "); + BIO_printf(out, "DirName:"); X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); break; @@ -229,7 +180,7 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) break; case GEN_RID: - BIO_printf(out, "Registered ID"); + BIO_printf(out, "Registered ID:"); i2a_ASN1_OBJECT(out, gen->d.rid); break; } @@ -243,19 +194,20 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - if (!(gens = sk_GENERAL_NAME_new_null())) { + + if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!name_cmp(cnf->name, "issuer") && cnf->value && - !strcmp(cnf->value, "copy")) { + if (!name_cmp(cnf->name, "issuer") + && cnf->value && strcmp(cnf->value, "copy") == 0) { if (!copy_issuer(ctx, gens)) goto err; } else { GENERAL_NAME *gen; - if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; sk_GENERAL_NAME_push(gens, gen); } @@ -274,6 +226,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) GENERAL_NAME *gen; X509_EXTENSION *ext; int i; + if (ctx && (ctx->flags == CTX_TEST)) return 1; if (!ctx || !ctx->issuer_cert) { @@ -283,8 +236,8 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); if (i < 0) return 1; - if (!(ext = X509_get_ext(ctx->issuer_cert, i)) || - !(ialt = X509V3_EXT_d2i(ext))) { + if ((ext = X509_get_ext(ctx->issuer_cert, i)) == NULL + || (ialt = X509V3_EXT_d2i(ext)) == NULL) { X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR); goto err; } @@ -312,23 +265,24 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - if (!(gens = sk_GENERAL_NAME_new_null())) { + + if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!name_cmp(cnf->name, "email") && cnf->value && - !strcmp(cnf->value, "copy")) { + if (!name_cmp(cnf->name, "email") + && cnf->value && strcmp(cnf->value, "copy") == 0) { if (!copy_email(ctx, gens, 0)) goto err; - } else if (!name_cmp(cnf->name, "email") && cnf->value && - !strcmp(cnf->value, "move")) { + } else if (!name_cmp(cnf->name, "email") + && cnf->value && strcmp(cnf->value, "move") == 0) { if (!copy_email(ctx, gens, 1)) goto err; } else { GENERAL_NAME *gen; - if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; sk_GENERAL_NAME_push(gens, gen); } @@ -367,13 +321,13 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) while ((i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i)) >= 0) { ne = X509_NAME_get_entry(nm, i); - email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); + email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne)); if (move_p) { X509_NAME_delete_entry(nm, i); X509_NAME_ENTRY_free(ne); i--; } - if (!email || !(gen = GENERAL_NAME_new())) { + if (email == NULL || (gen = GENERAL_NAME_new()) == NULL) { X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE); goto err; } @@ -391,7 +345,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) err: GENERAL_NAME_free(gen); - M_ASN1_IA5STRING_free(email); + ASN1_IA5STRING_free(email); return 0; } @@ -403,13 +357,14 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - if (!(gens = sk_GENERAL_NAME_new_null())) { + + if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; sk_GENERAL_NAME_push(gens, gen); } @@ -427,7 +382,7 @@ GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, int gen_type, char *value, + X509V3_CTX *ctx, int gen_type, const char *value, int is_nc) { char is_string = 0; @@ -458,7 +413,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, case GEN_RID: { ASN1_OBJECT *obj; - if (!(obj = OBJ_txt2obj(value, 0))) { + if ((obj = OBJ_txt2obj(value, 0)) == NULL) { X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_OBJECT); ERR_add_error_data(2, "value=", value); goto err; @@ -498,7 +453,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, } if (is_string) { - if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || + if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL || !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, strlen(value))) { X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE); @@ -556,25 +511,26 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, } -static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) +static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) { char *objtmp = NULL, *p; int objlen; - if (!(p = strchr(value, ';'))) + + if ((p = strchr(value, ';')) == NULL) return 0; - if (!(gen->d.otherName = OTHERNAME_new())) + if ((gen->d.otherName = OTHERNAME_new()) == NULL) return 0; /* * Free this up because we will overwrite it. no need to free type_id * because it is static */ ASN1_TYPE_free(gen->d.otherName->value); - if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) + if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL) return 0; objlen = p - value; - objtmp = OPENSSL_malloc(objlen + 1); - strncpy(objtmp, value, objlen); - objtmp[objlen] = 0; + objtmp = OPENSSL_strndup(value, objlen); + if (objtmp == NULL) + return 0; gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); OPENSSL_free(objtmp); if (!gen->d.otherName->type_id) @@ -582,12 +538,13 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) return 1; } -static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) +static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) { int ret = 0; STACK_OF(CONF_VALUE) *sk = NULL; - X509_NAME *nm = NULL; - if (!(nm = X509_NAME_new())) + X509_NAME *nm; + + if ((nm = X509_NAME_new()) == NULL) goto err; sk = X509V3_get_section(ctx, value); if (!sk) { diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c index 2a32c9d0..af4fcf4c 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c @@ -1,58 +1,10 @@ /* - * Contributed to the OpenSSL Project by the American Registry for - * Internet Numbers ("ARIN"). - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ /* @@ -61,13 +13,15 @@ #include <stdio.h> #include <string.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> #include <openssl/x509.h> +#include "internal/x509_int.h" #include <openssl/bn.h> +#include "ext_dat.h" #ifndef OPENSSL_NO_RFC3779 @@ -162,7 +116,7 @@ static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method, } /* - * Sort comparision function for a sequence of ASIdOrRange elements. + * Sort comparison function for a sequence of ASIdOrRange elements. */ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, const ASIdOrRange *const *b_) @@ -195,7 +149,7 @@ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, /* * Add an inherit element. */ -int v3_asid_add_inherit(ASIdentifiers *asid, int which) +int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) { ASIdentifierChoice **choice; if (asid == NULL) @@ -224,8 +178,8 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which) /* * Add an ID or range to an ASIdentifierChoice. */ -int v3_asid_add_id_or_range(ASIdentifiers *asid, - int which, ASN1_INTEGER *min, ASN1_INTEGER *max) +int X509v3_asid_add_id_or_range(ASIdentifiers *asid, + int which, ASN1_INTEGER *min, ASN1_INTEGER *max) { ASIdentifierChoice **choice; ASIdOrRange *aor; @@ -322,7 +276,8 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); - ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; + ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = + NULL; extract_min_max(a, &a_min, &a_max); extract_min_max(b, &b_min, &b_max); @@ -380,7 +335,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) /* * Check whether an ASIdentifier extension is in canonical form. */ -int v3_asid_is_canonical(ASIdentifiers *asid) +int X509v3_asid_is_canonical(ASIdentifiers *asid) { return (asid == NULL || (ASIdentifierChoice_is_canonical(asid->asnum) && @@ -424,7 +379,8 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); - ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; + ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = + NULL; extract_min_max(a, &a_min, &a_max); extract_min_max(b, &b_min, &b_max); @@ -470,7 +426,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) ASRange *r; switch (a->type) { case ASIdOrRange_id: - if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) { + if ((r = OPENSSL_malloc(sizeof(*r))) == NULL) { X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE); goto done; @@ -527,7 +483,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * Whack an ASIdentifier extension into canonical form. */ -int v3_asid_canonize(ASIdentifiers *asid) +int X509v3_asid_canonize(ASIdentifiers *asid) { return (asid == NULL || (ASIdentifierChoice_canonize(asid->asnum) && @@ -552,7 +508,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, for (i = 0; i < sk_CONF_VALUE_num(values); i++) { CONF_VALUE *val = sk_CONF_VALUE_value(values, i); - int i1, i2, i3, is_range, which; + int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0; /* * Figure out whether this is an AS or an RDI. @@ -571,8 +527,8 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, /* * Handle inheritance. */ - if (!strcmp(val->value, "inherit")) { - if (v3_asid_add_inherit(asid, which)) + if (strcmp(val->value, "inherit") == 0) { + if (X509v3_asid_add_inherit(asid, which)) continue; X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE); @@ -615,7 +571,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, goto err; } } else { - char *s = BUF_strdup(val->value); + char *s = OPENSSL_strdup(val->value); if (s == NULL) { X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); goto err; @@ -634,7 +590,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, goto err; } } - if (!v3_asid_add_id_or_range(asid, which, min, max)) { + if (!X509v3_asid_add_id_or_range(asid, which, min, max)) { X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); goto err; } @@ -644,7 +600,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, /* * Canonize the result, then we're done. */ - if (!v3_asid_canonize(asid)) + if (!X509v3_asid_canonize(asid)) goto err; return asid; @@ -675,7 +631,7 @@ const X509V3_EXT_METHOD v3_asid = { /* * Figure out whether extension uses inheritance. */ -int v3_asid_inherits(ASIdentifiers *asid) +int X509v3_asid_inherits(ASIdentifiers *asid) { return (asid != NULL && ((asid->asnum != NULL && @@ -689,7 +645,7 @@ int v3_asid_inherits(ASIdentifiers *asid) */ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) { - ASN1_INTEGER *p_min, *p_max, *c_min, *c_max; + ASN1_INTEGER *p_min = NULL, *p_max = NULL, *c_min = NULL, *c_max = NULL; int p, c; if (child == NULL || parent == child) @@ -716,15 +672,15 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) } /* - * Test whether a is a subet of b. + * Test whether a is a subset of b. */ -int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) +int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) { return (a == NULL || a == b || (b != NULL && - !v3_asid_inherits(a) && - !v3_asid_inherits(b) && + !X509v3_asid_inherits(a) && + !X509v3_asid_inherits(b) && asid_contains(b->asnum->u.asIdsOrRanges, a->asnum->u.asIdsOrRanges) && asid_contains(b->rdi->u.asIdsOrRanges, @@ -734,7 +690,7 @@ int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) /* * Validation error handling via callback. */ -# define validation_err(_err_) \ +#define validation_err(_err_) \ do { \ if (ctx != NULL) { \ ctx->error = _err_; \ @@ -751,9 +707,9 @@ int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) /* * Core code for RFC 3779 3.3 path validation. */ -static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, - STACK_OF(X509) *chain, - ASIdentifiers *ext) +static int asid_validate_path_internal(X509_STORE_CTX *ctx, + STACK_OF(X509) *chain, + ASIdentifiers *ext) { ASIdOrRanges *child_as = NULL, *child_rdi = NULL; int i, ret = 1, inherit_as = 0, inherit_rdi = 0; @@ -778,7 +734,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, if ((ext = x->rfc3779_asid) == NULL) goto done; } - if (!v3_asid_is_canonical(ext)) + if (!X509v3_asid_is_canonical(ext)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (ext->asnum != NULL) { switch (ext->asnum->type) { @@ -813,7 +769,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, validation_err(X509_V_ERR_UNNESTED_RESOURCE); continue; } - if (!v3_asid_is_canonical(x->rfc3779_asid)) + if (!X509v3_asid_is_canonical(x->rfc3779_asid)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -867,30 +823,30 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, return ret; } -# undef validation_err +#undef validation_err /* * RFC 3779 3.3 path validation -- called from X509_verify_cert(). */ -int v3_asid_validate_path(X509_STORE_CTX *ctx) +int X509v3_asid_validate_path(X509_STORE_CTX *ctx) { - return v3_asid_validate_path_internal(ctx, ctx->chain, NULL); + return asid_validate_path_internal(ctx, ctx->chain, NULL); } /* * RFC 3779 3.3 path validation of an extension. * Test whether chain covers extension. */ -int v3_asid_validate_resource_set(STACK_OF(X509) *chain, - ASIdentifiers *ext, int allow_inheritance) +int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, int allow_inheritance) { if (ext == NULL) return 1; if (chain == NULL || sk_X509_num(chain) == 0) return 0; - if (!allow_inheritance && v3_asid_inherits(ext)) + if (!allow_inheritance && X509v3_asid_inherits(ext)) return 0; - return v3_asid_validate_path_internal(NULL, chain, ext); + return asid_validate_path_internal(NULL, chain, ext); } #endif /* OPENSSL_NO_RFC3779 */ diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c index dc00b9cb..3bbf1555 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c @@ -1,68 +1,19 @@ -/* v3_bcons.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> +#include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, @@ -107,16 +58,17 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons = NULL; CONF_VALUE *val; int i; - if (!(bcons = BASIC_CONSTRAINTS_new())) { + + if ((bcons = BASIC_CONSTRAINTS_new()) == NULL) { X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(values); i++) { val = sk_CONF_VALUE_value(values, i); - if (!strcmp(val->name, "CA")) { + if (strcmp(val->name, "CA") == 0) { if (!X509V3_get_value_bool(val, &bcons->ca)) goto err; - } else if (!strcmp(val->name, "pathlen")) { + } else if (strcmp(val->name, "pathlen") == 0) { if (!X509V3_get_value_int(val, &bcons->pathlen)) goto err; } else { diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c index b7bb3b55..4802116b 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c @@ -1,66 +1,17 @@ -/* v3_bitst.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> +#include "ext_dat.h" static BIT_STRING_BITNAME ns_cert_type_table[] = { {0, "SSL Client", "client"}, @@ -112,19 +63,19 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bs; int i; BIT_STRING_BITNAME *bnam; - if (!(bs = M_ASN1_BIT_STRING_new())) { + if ((bs = ASN1_BIT_STRING_new()) == NULL) { X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); for (bnam = method->usr_data; bnam->lname; bnam++) { - if (!strcmp(bnam->sname, val->name) || - !strcmp(bnam->lname, val->name)) { + if (strcmp(bnam->sname, val->name) == 0 + || strcmp(bnam->lname, val->name) == 0) { if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); - M_ASN1_BIT_STRING_free(bs); + ASN1_BIT_STRING_free(bs); return NULL; } break; @@ -134,7 +85,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); X509V3_conf_err(val); - M_ASN1_BIT_STRING_free(bs); + ASN1_BIT_STRING_free(bs); return NULL; } } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c index eeff8bd1..f625ff54 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c @@ -1,88 +1,40 @@ -/* v3_conf.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + /* extension creation utilities */ #include <stdio.h> #include <ctype.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/x509.h> +#include "internal/x509_int.h" #include <openssl/x509v3.h> -static int v3_check_critical(char **value); -static int v3_check_generic(char **value); +static int v3_check_critical(const char **value); +static int v3_check_generic(const char **value); static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, char *value); -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, + int crit, const char *value); +static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, int crit, int type, X509V3_CTX *ctx); -static char *conf_lhash_get_string(void *db, char *section, char *value); -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); +static char *conf_lhash_get_string(void *db, const char *section, const char *value); +static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section); static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc); -static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, +static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len); /* CONF *conf: Config file */ /* char *name: Name */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, - char *value) +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value) { int crit; int ext_type; @@ -101,7 +53,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, /* CONF *conf: Config file */ /* char *value: Value */ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - char *value) + const char *value) { int crit; int ext_type; @@ -115,17 +67,18 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, /* CONF *conf: Config file */ /* char *value: Value */ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, char *value) + int crit, const char *value) { const X509V3_EXT_METHOD *method; X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; void *ext_struc; + if (ext_nid == NID_undef) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME); return NULL; } - if (!(method = X509V3_EXT_get_nid(ext_nid))) { + if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); return NULL; } @@ -135,11 +88,13 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, nval = NCONF_get_section(conf, value + 1); else nval = X509V3_parse_list(value); - if (sk_CONF_VALUE_num(nval) <= 0) { + if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_INVALID_EXTENSION_STRING); ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); + if (*value != '@') + sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); return NULL; } ext_struc = method->v2i(method, ctx, nval); @@ -148,14 +103,14 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, if (!ext_struc) return NULL; } else if (method->s2i) { - if (!(ext_struc = method->s2i(method, ctx, value))) + if ((ext_struc = method->s2i(method, ctx, value)) == NULL) return NULL; } else if (method->r2i) { if (!ctx->db || !ctx->db_meth) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE); return NULL; } - if (!(ext_struc = method->r2i(method, ctx, value))) + if ((ext_struc = method->r2i(method, ctx, value)) == NULL) return NULL; } else { X509V3err(X509V3_F_DO_EXT_NCONF, @@ -176,9 +131,9 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc) { - unsigned char *ext_der; + unsigned char *ext_der = NULL; int ext_len; - ASN1_OCTET_STRING *ext_oct; + ASN1_OCTET_STRING *ext_oct = NULL; X509_EXTENSION *ext; /* Convert internal representation to DER */ if (method->it) { @@ -189,26 +144,30 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, goto merr; } else { unsigned char *p; + ext_len = method->i2d(ext_struc, NULL); - if (!(ext_der = OPENSSL_malloc(ext_len))) + if ((ext_der = OPENSSL_malloc(ext_len)) == NULL) goto merr; p = ext_der; method->i2d(ext_struc, &p); } - if (!(ext_oct = M_ASN1_OCTET_STRING_new())) + if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL) goto merr; ext_oct->data = ext_der; + ext_der = NULL; ext_oct->length = ext_len; ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); if (!ext) goto merr; - M_ASN1_OCTET_STRING_free(ext_oct); + ASN1_OCTET_STRING_free(ext_oct); return ext; merr: X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); + OPENSSL_free(ext_der); + ASN1_OCTET_STRING_free(ext_oct); return NULL; } @@ -218,7 +177,8 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) { const X509V3_EXT_METHOD *method; - if (!(method = X509V3_EXT_get_nid(ext_nid))) { + + if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); return NULL; } @@ -226,9 +186,9 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) } /* Check the extension string for critical flag */ -static int v3_check_critical(char **value) +static int v3_check_critical(const char **value) { - char *p = *value; + const char *p = *value; if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; p += 9; @@ -239,14 +199,14 @@ static int v3_check_critical(char **value) } /* Check extension string for generic extension and return the type */ -static int v3_check_generic(char **value) +static int v3_check_generic(const char **value) { int gen_type = 0; - char *p = *value; - if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { + const char *p = *value; + if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) { p += 4; gen_type = 1; - } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { + } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) { p += 5; gen_type = 2; } else @@ -259,16 +219,17 @@ static int v3_check_generic(char **value) } /* Create a generic extension: for now just handle DER type */ -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, +static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, int crit, int gen_type, X509V3_CTX *ctx) { unsigned char *ext_der = NULL; - long ext_len; + long ext_len = 0; ASN1_OBJECT *obj = NULL; ASN1_OCTET_STRING *oct = NULL; X509_EXTENSION *extension = NULL; - if (!(obj = OBJ_txt2obj(ext, 0))) { + + if ((obj = OBJ_txt2obj(ext, 0)) == NULL) { X509V3err(X509V3_F_V3_GENERIC_EXTENSION, X509V3_R_EXTENSION_NAME_ERROR); ERR_add_error_data(2, "name=", ext); @@ -276,7 +237,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, } if (gen_type == 1) - ext_der = string_to_hex(value, &ext_len); + ext_der = OPENSSL_hexstr2buf(value, &ext_len); else if (gen_type == 2) ext_der = generic_asn1(value, ctx, &ext_len); @@ -287,7 +248,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, goto err; } - if (!(oct = M_ASN1_OCTET_STRING_new())) { + if ((oct = ASN1_OCTET_STRING_new()) == NULL) { X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); goto err; } @@ -300,14 +261,13 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, err: ASN1_OBJECT_free(obj); - M_ASN1_OCTET_STRING_free(oct); - if (ext_der) - OPENSSL_free(ext_der); + ASN1_OCTET_STRING_free(oct); + OPENSSL_free(ext_der); return extension; } -static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, +static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len) { ASN1_TYPE *typ; @@ -320,24 +280,39 @@ static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, return ext_der; } +static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext) +{ + int idx; + ASN1_OBJECT *obj; + obj = X509_EXTENSION_get_object(dext); + while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) { + X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx); + X509v3_delete_ext(sk, idx); + X509_EXTENSION_free(tmpext); + } +} + /* * This is the main function: add a bunch of extensions based on a config * file section to an extension STACK. */ -int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, STACK_OF(X509_EXTENSION) **sk) { X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; CONF_VALUE *val; int i; - if (!(nval = NCONF_get_section(conf, section))) + + if ((nval = NCONF_get_section(conf, section)) == NULL) return 0; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) + if ((ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)) == NULL) return 0; + if (ctx->flags == X509V3_CTX_REPLACE) + delete_ext(*sk, ext); if (sk) X509v3_add_ext(sk, ext, -1); X509_EXTENSION_free(ext); @@ -349,29 +324,29 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, * Convenience functions to add extensions to a certificate, CRL and request */ -int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, X509 *cert) { STACK_OF(X509_EXTENSION) **sk = NULL; if (cert) - sk = &cert->cert_info->extensions; + sk = &cert->cert_info.extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); } /* Same as above but for a CRL */ -int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, X509_CRL *crl) { STACK_OF(X509_EXTENSION) **sk = NULL; if (crl) - sk = &crl->crl->extensions; + sk = &crl->crl.extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); } /* Add extensions to certificate request */ -int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, X509_REQ *req) { STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; @@ -388,7 +363,7 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, /* Config database functions */ -char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) { if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED); @@ -399,7 +374,7 @@ char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) return NULL; } -STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section) +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section) { if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { X509V3err(X509V3_F_X509V3_GET_SECTION, @@ -427,12 +402,12 @@ void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) ctx->db_meth->free_section(ctx->db, section); } -static char *nconf_get_string(void *db, char *section, char *value) +static char *nconf_get_string(void *db, const char *section, const char *value) { return NCONF_get_string(db, section, value); } -static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) +static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section) { return NCONF_get_section(db, section); } @@ -463,7 +438,7 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, /* Old conf compatibility functions */ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *name, char *value) + const char *name, const char *value) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -473,19 +448,19 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, /* LHASH *conf: Config file */ /* char *value: Value */ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, - X509V3_CTX *ctx, int ext_nid, char *value) + X509V3_CTX *ctx, int ext_nid, const char *value) { CONF ctmp; CONF_set_nconf(&ctmp, conf); return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); } -static char *conf_lhash_get_string(void *db, char *section, char *value) +static char *conf_lhash_get_string(void *db, const char *section, const char *value) { return CONF_get_string(db, section, value); } -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) +static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section) { return CONF_get_section(db, section); } @@ -504,7 +479,7 @@ void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) } int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509 *cert) + const char *section, X509 *cert) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -514,7 +489,7 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, /* Same as above but for a CRL */ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509_CRL *crl) + const char *section, X509_CRL *crl) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -524,7 +499,7 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, /* Add extensions to certificate request */ int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509_REQ *req) + const char *section, X509_REQ *req) { CONF ctmp; CONF_set_nconf(&ctmp, conf); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c index d97f6226..f717e132 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c @@ -1,77 +1,28 @@ -/* v3_cpols.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> #include "pcy_int.h" +#include "ext_dat.h" /* Certificate policies extension support: this one is a bit complex... */ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *value); + X509V3_CTX *ctx, const char *value); static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); static void print_notice(BIO *out, USERNOTICE *notice, int indent); @@ -133,7 +84,7 @@ ASN1_SEQUENCE(NOTICEREF) = { IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *value) + X509V3_CTX *ctx, const char *value) { STACK_OF(POLICYINFO) *pols = NULL; char *pstr; @@ -162,7 +113,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, goto err; } pstr = cnf->name; - if (!strcmp(pstr, "ia5org")) { + if (strcmp(pstr, "ia5org") == 0) { ia5org = 1; continue; } else if (*pstr == '@') { @@ -176,10 +127,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, } pol = policy_section(ctx, polsect, ia5org); X509V3_section_free(ctx, polsect); - if (!pol) + if (pol == NULL) goto err; } else { - if (!(pobj = OBJ_txt2obj(cnf->name, 0))) { + if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) { X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); @@ -188,6 +139,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, pol = POLICYINFO_new(); if (pol == NULL) { X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); + ASN1_OBJECT_free(pobj); goto err; } pol->policyid = pobj; @@ -213,13 +165,14 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, CONF_VALUE *cnf; POLICYINFO *pol; POLICYQUALINFO *qual; - if (!(pol = POLICYINFO_new())) + + if ((pol = POLICYINFO_new()) == NULL) goto merr; for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { cnf = sk_CONF_VALUE_value(polstrs, i); - if (!strcmp(cnf->name, "policyIdentifier")) { + if (strcmp(cnf->name, "policyIdentifier") == 0) { ASN1_OBJECT *pobj; - if (!(pobj = OBJ_txt2obj(cnf->value, 0))) { + if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); @@ -228,17 +181,17 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, pol->policyid = pobj; } else if (!name_cmp(cnf->name, "CPS")) { - if (!pol->qualifiers) + if (pol->qualifiers == NULL) pol->qualifiers = sk_POLICYQUALINFO_new_null(); - if (!(qual = POLICYQUALINFO_new())) + if ((qual = POLICYQUALINFO_new()) == NULL) goto merr; if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; - if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { + if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) { X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR); goto err; } - if (!(qual->d.cpsuri = M_ASN1_IA5STRING_new())) + if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL) goto merr; if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) @@ -296,27 +249,28 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, CONF_VALUE *cnf; USERNOTICE *not; POLICYQUALINFO *qual; - if (!(qual = POLICYQUALINFO_new())) + + if ((qual = POLICYQUALINFO_new()) == NULL) goto merr; - if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { + if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) { X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR); goto err; } - if (!(not = USERNOTICE_new())) + if ((not = USERNOTICE_new()) == NULL) goto merr; qual->d.usernotice = not; for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); - if (!strcmp(cnf->name, "explicitText")) { - if (!(not->exptext = M_ASN1_VISIBLESTRING_new())) + if (strcmp(cnf->name, "explicitText") == 0) { + if ((not->exptext = ASN1_VISIBLESTRING_new()) == NULL) goto merr; if (!ASN1_STRING_set(not->exptext, cnf->value, strlen(cnf->value))) goto merr; - } else if (!strcmp(cnf->name, "organization")) { + } else if (strcmp(cnf->name, "organization") == 0) { NOTICEREF *nref; if (!not->noticeref) { - if (!(nref = NOTICEREF_new())) + if ((nref = NOTICEREF_new()) == NULL) goto merr; not->noticeref = nref; } else @@ -328,11 +282,11 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if (!ASN1_STRING_set(nref->organization, cnf->value, strlen(cnf->value))) goto merr; - } else if (!strcmp(cnf->name, "noticeNumbers")) { + } else if (strcmp(cnf->name, "noticeNumbers") == 0) { NOTICEREF *nref; STACK_OF(CONF_VALUE) *nos; if (!not->noticeref) { - if (!(nref = NOTICEREF_new())) + if ((nref = NOTICEREF_new()) == NULL) goto merr; not->noticeref = nref; } else @@ -341,6 +295,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if (!nos || !sk_CONF_VALUE_num(nos)) { X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS); X509V3_conf_err(cnf); + sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); goto err; } ret = nref_nos(nref->noticenos, nos); @@ -380,7 +335,7 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { cnf = sk_CONF_VALUE_value(nos, i); - if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { + if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) { X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER); goto err; } @@ -390,10 +345,10 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) return 1; merr: + ASN1_INTEGER_free(aint); X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE); err: - sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); return 0; } @@ -484,8 +439,3 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) else BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); } - - -IMPLEMENT_STACK_OF(X509_POLICY_NODE) - -IMPLEMENT_STACK_OF(X509_POLICY_DATA) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c index d3e1d1b0..c4c77f18 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c @@ -1,69 +1,22 @@ -/* v3_crld.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> +#include "internal/x509_int.h" +#include "ext_dat.h" + static void *v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, @@ -115,16 +68,17 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, { STACK_OF(GENERAL_NAME) *fnm = NULL; STACK_OF(X509_NAME_ENTRY) *rnm = NULL; - if (!strncmp(cnf->name, "fullname", 9)) { + + if (strncmp(cnf->name, "fullname", 9) == 0) { fnm = gnames_from_sectname(ctx, cnf->value); if (!fnm) goto err; - } else if (!strcmp(cnf->name, "relativename")) { + } else if (strcmp(cnf->name, "relativename") == 0) { int ret; STACK_OF(CONF_VALUE) *dnsect; X509_NAME *nm; nm = X509_NAME_new(); - if (!nm) + if (nm == NULL) return -1; dnsect = X509V3_get_section(ctx, cnf->value); if (!dnsect) { @@ -158,7 +112,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, } *pdp = DIST_POINT_NAME_new(); - if (!*pdp) + if (*pdp == NULL) goto err; if (fnm) { (*pdp)->type = 0; @@ -171,10 +125,8 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, return 1; err: - if (fnm) - sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); - if (rnm) - sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); + sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); + sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); return -1; } @@ -198,19 +150,19 @@ static int set_reasons(ASN1_BIT_STRING **preas, char *value) const char *bnam; int i, ret = 0; rsk = X509V3_parse_list(value); - if (!rsk) - return 0; - if (*preas) + if (rsk == NULL) return 0; + if (*preas != NULL) + goto err; for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) { bnam = sk_CONF_VALUE_value(rsk, i)->name; - if (!*preas) { + if (*preas == NULL) { *preas = ASN1_BIT_STRING_new(); - if (!*preas) + if (*preas == NULL) goto err; } for (pbn = reason_flags; pbn->lname; pbn++) { - if (!strcmp(pbn->sname, bnam)) { + if (strcmp(pbn->sname, bnam) == 0) { if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1)) goto err; break; @@ -255,7 +207,7 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, CONF_VALUE *cnf; DIST_POINT *point = NULL; point = DIST_POINT_new(); - if (!point) + if (point == NULL) goto err; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { int ret; @@ -265,10 +217,10 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (!strcmp(cnf->name, "reasons")) { + if (strcmp(cnf->name, "reasons") == 0) { if (!set_reasons(&point->reasons, cnf->value)) goto err; - } else if (!strcmp(cnf->name, "CRLissuer")) { + } else if (strcmp(cnf->name, "CRLissuer") == 0) { point->CRLissuer = gnames_from_sectname(ctx, cnf->value); if (!point->CRLissuer) goto err; @@ -278,8 +230,7 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, return point; err: - if (point) - DIST_POINT_free(point); + DIST_POINT_free(point); return NULL; } @@ -291,7 +242,8 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, GENERAL_NAME *gen = NULL; CONF_VALUE *cnf; int i; - if (!(crld = sk_DIST_POINT_new_null())) + + if ((crld = sk_DIST_POINT_new_null()) == NULL) goto merr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { DIST_POINT *point; @@ -310,20 +262,20 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, goto merr; } } else { - if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; - if (!(gens = GENERAL_NAMES_new())) + if ((gens = GENERAL_NAMES_new()) == NULL) goto merr; if (!sk_GENERAL_NAME_push(gens, gen)) goto merr; gen = NULL; - if (!(point = DIST_POINT_new())) + if ((point = DIST_POINT_new()) == NULL) goto merr; if (!sk_DIST_POINT_push(crld, point)) { DIST_POINT_free(point); goto merr; } - if (!(point->distpoint = DIST_POINT_NAME_new())) + if ((point->distpoint = DIST_POINT_NAME_new()) == NULL) goto merr; point->distpoint->name.fullname = gens; point->distpoint->type = 0; @@ -341,10 +293,6 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, return NULL; } -IMPLEMENT_STACK_OF(DIST_POINT) - -IMPLEMENT_ASN1_SET_OF(DIST_POINT) - static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { @@ -356,8 +304,7 @@ static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_FREE_POST: - if (dpn->dpname) - X509_NAME_free(dpn->dpname); + X509_NAME_free(dpn->dpname); break; } return 1; @@ -421,7 +368,7 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *name, *val; int i, ret; idp = ISSUING_DIST_POINT_new(); - if (!idp) + if (idp == NULL) goto merr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); @@ -432,19 +379,19 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (!strcmp(name, "onlyuser")) { + if (strcmp(name, "onlyuser") == 0) { if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) goto err; - } else if (!strcmp(name, "onlyCA")) { + } else if (strcmp(name, "onlyCA") == 0) { if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) goto err; - } else if (!strcmp(name, "onlyAA")) { + } else if (strcmp(name, "onlyAA") == 0) { if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) goto err; - } else if (!strcmp(name, "indirectCRL")) { + } else if (strcmp(name, "indirectCRL") == 0) { if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) goto err; - } else if (!strcmp(name, "onlysomereasons")) { + } else if (strcmp(name, "onlysomereasons") == 0) { if (!set_reasons(&idp->onlysomereasons, val)) goto err; } else { diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c index 7678664f..f39cb5ac 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c @@ -1,65 +1,16 @@ -/* v3_enum.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/x509v3.h> +#include "ext_dat.h" static ENUMERATED_NAMES crl_reasons[] = { {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, @@ -87,14 +38,16 @@ const X509V3_EXT_METHOD v3_crl_reason = { crl_reasons }; -char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *e) +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, + const ASN1_ENUMERATED *e) { ENUMERATED_NAMES *enam; long strval; + strval = ASN1_ENUMERATED_get(e); for (enam = method->usr_data; enam->lname; enam++) { if (strval == enam->bitnum) - return BUF_strdup(enam->lname); + return OPENSSL_strdup(enam->lname); } return i2s_ASN1_ENUMERATED(method, e); } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c index 6092c2e4..bae755e3 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c @@ -1,67 +1,18 @@ -/* v3_extku.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> +#include "ext_dat.h" static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, @@ -125,7 +76,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, CONF_VALUE *val; int i; - if (!(extku = sk_ASN1_OBJECT_new_null())) { + if ((extku = sk_ASN1_OBJECT_new_null()) == NULL) { X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE); return NULL; } @@ -136,7 +87,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, extval = val->value; else extval = val->name; - if (!(objtmp = OBJ_txt2obj(extval, 0))) { + if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, X509V3_R_INVALID_OBJECT_IDENTIFIER); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c index 7f40bfab..8d119974 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c @@ -1,64 +1,14 @@ -/* v3_genn.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> @@ -229,7 +179,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, { OTHERNAME *oth; oth = OTHERNAME_new(); - if (!oth) + if (oth == NULL) return 0; oth->type_id = oid; oth->value = value; diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c index c170a55f..c1170d46 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c @@ -1,73 +1,20 @@ -/* v3_ia5.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1.h> #include <openssl/conf.h> #include <openssl/x509v3.h> +#include "ext_dat.h" -static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - ASN1_IA5STRING *ia5); -static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str); -const X509V3_EXT_METHOD v3_ns_ia5_list[] = { +const X509V3_EXT_METHOD v3_ns_ia5_list[8] = { EXT_IA5STRING(NID_netscape_base_url), EXT_IA5STRING(NID_netscape_revocation_url), EXT_IA5STRING(NID_netscape_ca_revocation_url), @@ -78,13 +25,13 @@ const X509V3_EXT_METHOD v3_ns_ia5_list[] = { EXT_END }; -static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - ASN1_IA5STRING *ia5) +char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5) { char *tmp; + if (!ia5 || !ia5->length) return NULL; - if (!(tmp = OPENSSL_malloc(ia5->length + 1))) { + if ((tmp = OPENSSL_malloc(ia5->length + 1)) == NULL) { X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE); return NULL; } @@ -93,8 +40,8 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, return tmp; } -static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str) +ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str) { ASN1_IA5STRING *ia5; if (!str) { @@ -102,12 +49,11 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_R_INVALID_NULL_ARGUMENT); return NULL; } - if (!(ia5 = M_ASN1_IA5STRING_new())) - goto err; - if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str, - strlen(str))) { - M_ASN1_IA5STRING_free(ia5); + if ((ia5 = ASN1_IA5STRING_new()) == NULL) goto err; + if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) { + ASN1_IA5STRING_free(ia5); + return NULL; } #ifdef CHARSET_EBCDIC ebcdic2ascii(ia5->data, ia5->data, ia5->length); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c index e052a34b..61ef2138 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c @@ -1,68 +1,19 @@ -/* v3_info.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> +#include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS @@ -125,14 +76,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); nlen = strlen(objtmp) + strlen(vtmp->name) + 5; ntmp = OPENSSL_malloc(nlen); - if (!ntmp) { + if (ntmp == NULL) { X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); return NULL; } - BUF_strlcpy(ntmp, objtmp, nlen); - BUF_strlcat(ntmp, " - ", nlen); - BUF_strlcat(ntmp, vtmp->name, nlen); + OPENSSL_strlcpy(ntmp, objtmp, nlen); + OPENSSL_strlcat(ntmp, " - ", nlen); + OPENSSL_strlcat(ntmp, vtmp->name, nlen); OPENSSL_free(vtmp->name); vtmp->name = ntmp; @@ -153,13 +104,14 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD ACCESS_DESCRIPTION *acc; int i, objlen; char *objtmp, *ptmp; - if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { + + if ((ainfo = sk_ACCESS_DESCRIPTION_new_null()) == NULL) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!(acc = ACCESS_DESCRIPTION_new()) + if ((acc = ACCESS_DESCRIPTION_new()) == NULL || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); @@ -176,13 +128,11 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD ctmp.value = cnf->value; if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) goto err; - if (!(objtmp = OPENSSL_malloc(objlen + 1))) { + if ((objtmp = OPENSSL_strndup(cnf->name, objlen)) == NULL) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); goto err; } - strncpy(objtmp, cnf->name, objlen); - objtmp[objlen] = 0; acc->method = OBJ_txt2obj(objtmp, 0); if (!acc->method) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, @@ -200,11 +150,8 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD return NULL; } -int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a) +int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a) { i2a_ASN1_OBJECT(bp, a->method); -#ifdef UNDEF - i2a_GENERAL_NAME(bp, a->location); -#endif return 2; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c index 8bfdb37e..690c90e8 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c @@ -1,65 +1,16 @@ -/* v3_int.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/x509v3.h> +#include "ext_dat.h" const X509V3_EXT_METHOD v3_crl_num = { NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), @@ -78,7 +29,7 @@ const X509V3_EXT_METHOD v3_delta_crl = { }; static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, - char *value) + const char *value) { return s2i_ASN1_INTEGER(meth, value); } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c index 8350429a..a3ca720f 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c @@ -1,65 +1,16 @@ -/* v3_lib.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + /* X509 v3 extension utilities */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> @@ -73,7 +24,8 @@ static void ext_list_free(X509V3_EXT_METHOD *ext); int X509V3_EXT_add(X509V3_EXT_METHOD *ext) { - if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { + if (ext_list == NULL + && (ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp)) == NULL) { X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE); return 0; } @@ -95,6 +47,74 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *, ext); +/* + * This table will be searched using OBJ_bsearch so it *must* kept in order + * of the ext_nid values. + */ + +static const X509V3_EXT_METHOD *standard_exts[] = { + &v3_nscert, + &v3_ns_ia5_list[0], + &v3_ns_ia5_list[1], + &v3_ns_ia5_list[2], + &v3_ns_ia5_list[3], + &v3_ns_ia5_list[4], + &v3_ns_ia5_list[5], + &v3_ns_ia5_list[6], + &v3_skey_id, + &v3_key_usage, + &v3_pkey_usage_period, + &v3_alt[0], + &v3_alt[1], + &v3_bcons, + &v3_crl_num, + &v3_cpols, + &v3_akey_id, + &v3_crld, + &v3_ext_ku, + &v3_delta_crl, + &v3_crl_reason, +#ifndef OPENSSL_NO_OCSP + &v3_crl_invdate, +#endif + &v3_sxnet, + &v3_info, +#ifndef OPENSSL_NO_RFC3779 + &v3_addr, + &v3_asid, +#endif +#ifndef OPENSSL_NO_OCSP + &v3_ocsp_nonce, + &v3_ocsp_crlid, + &v3_ocsp_accresp, + &v3_ocsp_nocheck, + &v3_ocsp_acutoff, + &v3_ocsp_serviceloc, +#endif + &v3_sinfo, + &v3_policy_constraints, +#ifndef OPENSSL_NO_OCSP + &v3_crl_hold, +#endif + &v3_pci, + &v3_name_constraints, + &v3_policy_mappings, + &v3_inhibit_anyp, + &v3_idp, + &v3_alt[2], + &v3_freshest_crl, +#ifndef OPENSSL_NO_CT + &v3_ct_scts[0], + &v3_ct_scts[1], + &v3_ct_scts[2], +#endif + &v3_tls_feature, +}; + +/* Number of standard extensions */ + +#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) + const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) { X509V3_EXT_METHOD tmp; @@ -117,33 +137,11 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) { int nid; - if ((nid = OBJ_obj2nid(ext->object)) == NID_undef) + if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef) return NULL; return X509V3_EXT_get_nid(nid); } -int X509V3_EXT_free(int nid, void *ext_data) -{ - const X509V3_EXT_METHOD *ext_method = X509V3_EXT_get_nid(nid); - if (ext_method == NULL) { - X509V3err(X509V3_F_X509V3_EXT_FREE, - X509V3_R_CANNOT_FIND_FREE_FUNCTION); - return 0; - } - - if (ext_method->it != NULL) - ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it)); - else if (ext_method->ext_free != NULL) - ext_method->ext_free(ext_data); - else { - X509V3err(X509V3_F_X509V3_EXT_FREE, - X509V3_R_CANNOT_FIND_FREE_FUNCTION); - return 0; - } - - return 1; -} - int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) { for (; extlist->ext_nid != -1; extlist++) @@ -157,14 +155,11 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from) const X509V3_EXT_METHOD *ext; X509V3_EXT_METHOD *tmpext; - if (!(ext = X509V3_EXT_get_nid(nid_from))) { - X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, - X509V3_R_EXTENSION_NOT_FOUND); + if ((ext = X509V3_EXT_get_nid(nid_from)) == NULL) { + X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, X509V3_R_EXTENSION_NOT_FOUND); return 0; } - if (! - (tmpext = - (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { + if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL) { X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE); return 0; } @@ -202,14 +197,17 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) { const X509V3_EXT_METHOD *method; const unsigned char *p; + ASN1_STRING *extvalue; + int extlen; - if (!(method = X509V3_EXT_get(ext))) + if ((method = X509V3_EXT_get(ext)) == NULL) return NULL; - p = ext->value->data; + extvalue = X509_EXTENSION_get_data(ext); + p = ASN1_STRING_get0_data(extvalue); + extlen = ASN1_STRING_length(extvalue); if (method->it) - return ASN1_item_d2i(NULL, &p, ext->value->length, - ASN1_ITEM_ptr(method->it)); - return method->d2i(NULL, &p, ext->value->length); + return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); + return method->d2i(NULL, &p, extlen); } /*- @@ -228,7 +226,7 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) * -2 extension occurs more than once. */ -void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, +void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) { int lastpos, i; @@ -248,7 +246,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, lastpos = 0; for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) { ex = sk_X509_EXTENSION_value(x, i); - if (OBJ_obj2nid(ex->object) == nid) { + if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == nid) { if (idx) { *idx = i; found_ex = ex; @@ -347,7 +345,8 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, return 1; } - if (!*x && !(*x = sk_X509_EXTENSION_new_null())) + if (*x == NULL + && (*x = sk_X509_EXTENSION_new_null()) == NULL) return -1; if (!sk_X509_EXTENSION_push(*x, ext)) return -1; @@ -359,5 +358,3 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); return 0; } - -IMPLEMENT_STACK_OF(X509V3_EXT_METHOD) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c index 28552696..9b3bb128 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c @@ -1,68 +1,22 @@ -/* v3_ncons.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2003 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" +#include "internal/asn1_int.h" #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> +#include "internal/x509_int.h" +#include "ext_dat.h" + static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); @@ -70,7 +24,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind); static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, - int ind, char *name); + int ind, const char *name); static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); @@ -79,6 +33,7 @@ static int nc_dn(X509_NAME *sub, X509_NAME *nm); static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); +static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base); const X509V3_EXT_METHOD v3_name_constraints = { NID_name_constraints, 0, @@ -115,15 +70,16 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, STACK_OF(GENERAL_SUBTREE) **ptree = NULL; NAME_CONSTRAINTS *ncons = NULL; GENERAL_SUBTREE *sub = NULL; + ncons = NAME_CONSTRAINTS_new(); - if (!ncons) + if (ncons == NULL) goto memerr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - if (!strncmp(val->name, "permitted", 9) && val->name[9]) { + if (strncmp(val->name, "permitted", 9) == 0 && val->name[9]) { ptree = &ncons->permittedSubtrees; tval.name = val->name + 10; - } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) { + } else if (strncmp(val->name, "excluded", 8) == 0 && val->name[8]) { ptree = &ncons->excludedSubtrees; tval.name = val->name + 9; } else { @@ -136,9 +92,9 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, goto memerr; if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) goto err; - if (!*ptree) + if (*ptree == NULL) *ptree = sk_GENERAL_SUBTREE_new_null(); - if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) + if (*ptree == NULL || !sk_GENERAL_SUBTREE_push(*ptree, sub)) goto memerr; sub = NULL; } @@ -148,10 +104,8 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, memerr: X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); err: - if (ncons) - NAME_CONSTRAINTS_free(ncons); - if (sub) - GENERAL_SUBTREE_free(sub); + NAME_CONSTRAINTS_free(ncons); + GENERAL_SUBTREE_free(sub); return NULL; } @@ -169,7 +123,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, char *name) + BIO *bp, int ind, const char *name) { GENERAL_SUBTREE *tree; int i; @@ -245,7 +199,8 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) /* Process any email address attributes in subject name */ for (i = -1;;) { - X509_NAME_ENTRY *ne; + const X509_NAME_ENTRY *ne; + i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i); if (i == -1) break; @@ -273,6 +228,51 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) } +int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc) +{ + int r, i; + X509_NAME *nm; + + ASN1_STRING stmp; + GENERAL_NAME gntmp; + stmp.flags = 0; + stmp.type = V_ASN1_IA5STRING; + gntmp.type = GEN_DNS; + gntmp.d.dNSName = &stmp; + + nm = X509_get_subject_name(x); + + /* Process any commonName attributes in subject name */ + + for (i = -1;;) { + X509_NAME_ENTRY *ne; + ASN1_STRING *hn; + i = X509_NAME_get_index_by_NID(nm, NID_commonName, i); + if (i == -1) + break; + ne = X509_NAME_get_entry(nm, i); + hn = X509_NAME_ENTRY_get_data(ne); + /* Only process attributes that look like host names */ + if (asn1_valid_host(hn)) { + unsigned char *h; + int hlen = ASN1_STRING_to_UTF8(&h, hn); + if (hlen <= 0) + return X509_V_ERR_OUT_OF_MEM; + + stmp.length = hlen; + stmp.data = h; + + r = nc_match(&gntmp, nc); + + OPENSSL_free(h); + + if (r != X509_V_OK) + return r; + } + } + return X509_V_OK; +} + static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) { GENERAL_SUBTREE *sub; @@ -341,6 +341,9 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) return nc_uri(gen->d.uniformResourceIdentifier, base->d.uniformResourceIdentifier); + case GEN_IPADD: + return nc_ip(gen->d.iPAddress, base->d.iPAddress); + default: return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; } @@ -400,11 +403,11 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) const char *emlat = strchr(emlptr, '@'); if (!emlat) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - /* Special case: inital '.' is RHS match */ + /* Special case: initial '.' is RHS match */ if (!baseat && (*baseptr == '.')) { if (eml->length > base->length) { emlptr += eml->length - base->length; - if (!strcasecmp(baseptr, emlptr)) + if (strcasecmp(baseptr, emlptr) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -460,11 +463,11 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) if (hostlen == 0) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - /* Special case: inital '.' is RHS match */ + /* Special case: initial '.' is RHS match */ if (*baseptr == '.') { if (hostlen > base->length) { p = hostptr + hostlen - base->length; - if (!strncasecmp(p, baseptr, base->length)) + if (strncasecmp(p, baseptr, base->length) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -477,3 +480,34 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) return X509_V_OK; } + +static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base) +{ + int hostlen, baselen, i; + unsigned char *hostptr, *baseptr, *maskptr; + hostptr = ip->data; + hostlen = ip->length; + baseptr = base->data; + baselen = base->length; + + /* Invalid if not IPv4 or IPv6 */ + if (!((hostlen == 4) || (hostlen == 16))) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + if (!((baselen == 8) || (baselen == 32))) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + + /* Do not match IPv4 with IPv6 */ + if (hostlen * 2 != baselen) + return X509_V_ERR_PERMITTED_VIOLATION; + + maskptr = base->data + hostlen; + + /* Considering possible not aligned base ipAddress */ + /* Not checking for wrong mask definition: i.e.: 255.0.255.0 */ + for (i = 0; i < hostlen; i++) + if ((hostptr[i] & maskptr[i]) != (baseptr[i] & maskptr[i])) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; + +} diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c deleted file mode 100644 index b151eacc..00000000 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c +++ /dev/null @@ -1,312 +0,0 @@ -/* v3_ocsp.c */ -/* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef OPENSSL_NO_OCSP - -# include <stdio.h> -# include "cryptlib.h" -# include <openssl/conf.h> -# include <openssl/asn1.h> -# include <openssl/ocsp.h> -# include <openssl/x509v3.h> - -/* - * OCSP extensions and a couple of CRL entry extensions - */ - -static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); -static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); -static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, - int indent); - -static void *ocsp_nonce_new(void); -static int i2d_ocsp_nonce(void *a, unsigned char **pp); -static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); -static void ocsp_nonce_free(void *a); -static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); - -static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, - void *nocheck, BIO *out, int indent); -static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str); -static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, - BIO *bp, int ind); - -const X509V3_EXT_METHOD v3_ocsp_crlid = { - NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), - 0, 0, 0, 0, - 0, 0, - 0, 0, - i2r_ocsp_crlid, 0, - NULL -}; - -const X509V3_EXT_METHOD v3_ocsp_acutoff = { - NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), - 0, 0, 0, 0, - 0, 0, - 0, 0, - i2r_ocsp_acutoff, 0, - NULL -}; - -const X509V3_EXT_METHOD v3_crl_invdate = { - NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), - 0, 0, 0, 0, - 0, 0, - 0, 0, - i2r_ocsp_acutoff, 0, - NULL -}; - -const X509V3_EXT_METHOD v3_crl_hold = { - NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), - 0, 0, 0, 0, - 0, 0, - 0, 0, - i2r_object, 0, - NULL -}; - -const X509V3_EXT_METHOD v3_ocsp_nonce = { - NID_id_pkix_OCSP_Nonce, 0, NULL, - ocsp_nonce_new, - ocsp_nonce_free, - d2i_ocsp_nonce, - i2d_ocsp_nonce, - 0, 0, - 0, 0, - i2r_ocsp_nonce, 0, - NULL -}; - -const X509V3_EXT_METHOD v3_ocsp_nocheck = { - NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), - 0, 0, 0, 0, - 0, s2i_ocsp_nocheck, - 0, 0, - i2r_ocsp_nocheck, 0, - NULL -}; - -const X509V3_EXT_METHOD v3_ocsp_serviceloc = { - NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), - 0, 0, 0, 0, - 0, 0, - 0, 0, - i2r_ocsp_serviceloc, 0, - NULL -}; - -static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, - int ind) -{ - OCSP_CRLID *a = in; - if (a->crlUrl) { - if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) - goto err; - if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) - goto err; - if (BIO_write(bp, "\n", 1) <= 0) - goto err; - } - if (a->crlNum) { - if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) - goto err; - if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) - goto err; - if (BIO_write(bp, "\n", 1) <= 0) - goto err; - } - if (a->crlTime) { - if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) - goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) - goto err; - if (BIO_write(bp, "\n", 1) <= 0) - goto err; - } - return 1; - err: - return 0; -} - -static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, - BIO *bp, int ind) -{ - if (BIO_printf(bp, "%*s", ind, "") <= 0) - return 0; - if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) - return 0; - return 1; -} - -static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, - int ind) -{ - if (BIO_printf(bp, "%*s", ind, "") <= 0) - return 0; - if (i2a_ASN1_OBJECT(bp, oid) <= 0) - return 0; - return 1; -} - -/* - * OCSP nonce. This is needs special treatment because it doesn't have an - * ASN1 encoding at all: it just contains arbitrary data. - */ - -static void *ocsp_nonce_new(void) -{ - return ASN1_OCTET_STRING_new(); -} - -static int i2d_ocsp_nonce(void *a, unsigned char **pp) -{ - ASN1_OCTET_STRING *os = a; - if (pp) { - memcpy(*pp, os->data, os->length); - *pp += os->length; - } - return os->length; -} - -static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) -{ - ASN1_OCTET_STRING *os, **pos; - pos = a; - if (!pos || !*pos) - os = ASN1_OCTET_STRING_new(); - else - os = *pos; - if (!ASN1_OCTET_STRING_set(os, *pp, length)) - goto err; - - *pp += length; - - if (pos) - *pos = os; - return os; - - err: - if (os && (!pos || (*pos != os))) - M_ASN1_OCTET_STRING_free(os); - OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); - return NULL; -} - -static void ocsp_nonce_free(void *a) -{ - M_ASN1_OCTET_STRING_free(a); -} - -static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent) -{ - if (BIO_printf(out, "%*s", indent, "") <= 0) - return 0; - if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) - return 0; - return 1; -} - -/* Nocheck is just a single NULL. Don't print anything and always set it */ - -static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, - BIO *out, int indent) -{ - return 1; -} - -static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str) -{ - return ASN1_NULL_new(); -} - -static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, - BIO *bp, int ind) -{ - int i; - OCSP_SERVICELOC *a = in; - ACCESS_DESCRIPTION *ad; - - if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) - goto err; - if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) - goto err; - for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { - ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); - if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) - goto err; - if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) - goto err; - if (BIO_puts(bp, " - ") <= 0) - goto err; - if (GENERAL_NAME_print(bp, ad->location) <= 0) - goto err; - } - return 1; - err: - return 0; -} -#endif diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c index 12f12a76..2c05edb8 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c @@ -1,8 +1,12 @@ -/* v3_pci.c */ /* - * Contributed to the OpenSSL Project 2004 by Richard Levitte - * (richard@levitte.org) + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + /* Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. @@ -36,9 +40,10 @@ */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> +#include "ext_dat.h" static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, BIO *out, int indent); @@ -86,7 +91,7 @@ static int process_pci_value(CONF_VALUE *val, X509V3_conf_err(val); return 0; } - if (!(*language = OBJ_txt2obj(val->value, 0))) { + if ((*language = OBJ_txt2obj(val->value, 0)) == NULL) { X509V3err(X509V3_F_PROCESS_PCI_VALUE, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); @@ -110,7 +115,7 @@ static int process_pci_value(CONF_VALUE *val, long val_len; if (!*policy) { *policy = ASN1_OCTET_STRING_new(); - if (!*policy) { + if (*policy == NULL) { X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); X509V3_conf_err(val); return 0; @@ -119,11 +124,9 @@ static int process_pci_value(CONF_VALUE *val, } if (strncmp(val->value, "hex:", 4) == 0) { unsigned char *tmp_data2 = - string_to_hex(val->value + 4, &val_len); + OPENSSL_hexstr2buf(val->value + 4, &val_len); if (!tmp_data2) { - X509V3err(X509V3_F_PROCESS_PCI_VALUE, - X509V3_R_ILLEGAL_HEX_DIGIT); X509V3_conf_err(val); goto err; } @@ -142,6 +145,7 @@ static int process_pci_value(CONF_VALUE *val, * realloc failure implies the original data space is b0rked * too! */ + OPENSSL_free((*policy)->data); (*policy)->data = NULL; (*policy)->length = 0; X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); @@ -149,7 +153,6 @@ static int process_pci_value(CONF_VALUE *val, goto err; } OPENSSL_free(tmp_data2); -#ifndef OPENSSL_NO_STDIO } else if (strncmp(val->value, "file:", 5) == 0) { unsigned char buf[2048]; int n; @@ -167,8 +170,16 @@ static int process_pci_value(CONF_VALUE *val, tmp_data = OPENSSL_realloc((*policy)->data, (*policy)->length + n + 1); - if (!tmp_data) - break; + if (!tmp_data) { + OPENSSL_free((*policy)->data); + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE, + ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + BIO_free_all(b); + goto err; + } (*policy)->data = tmp_data; memcpy(&(*policy)->data[(*policy)->length], buf, n); @@ -182,7 +193,6 @@ static int process_pci_value(CONF_VALUE *val, X509V3_conf_err(val); goto err; } -#endif /* !OPENSSL_NO_STDIO */ } else if (strncmp(val->value, "text:", 5) == 0) { val_len = strlen(val->value + 5); tmp_data = OPENSSL_realloc((*policy)->data, @@ -198,6 +208,7 @@ static int process_pci_value(CONF_VALUE *val, * realloc failure implies the original data space is b0rked * too! */ + OPENSSL_free((*policy)->data); (*policy)->data = NULL; (*policy)->length = 0; X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); @@ -284,7 +295,7 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, } pci = PROXY_CERT_INFO_EXTENSION_new(); - if (!pci) { + if (pci == NULL) { X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE); goto err; } @@ -297,22 +308,13 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, pathlen = NULL; goto end; err: - if (language) { - ASN1_OBJECT_free(language); - language = NULL; - } - if (pathlen) { - ASN1_INTEGER_free(pathlen); - pathlen = NULL; - } - if (policy) { - ASN1_OCTET_STRING_free(policy); - policy = NULL; - } - if (pci) { - PROXY_CERT_INFO_EXTENSION_free(pci); - pci = NULL; - } + ASN1_OBJECT_free(language); + ASN1_INTEGER_free(pathlen); + pathlen = NULL; + ASN1_OCTET_STRING_free(policy); + policy = NULL; + PROXY_CERT_INFO_EXTENSION_free(pci); + pci = NULL; end: sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pci; diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c index e53c82e8..e6f7a917 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c @@ -1,8 +1,12 @@ -/* v3_pcia.c */ /* - * Contributed to the OpenSSL Project 2004 by Richard Levitte - * (richard@levitte.org) + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + /* Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c index cfccb97d..24f7ff49 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c @@ -1,68 +1,19 @@ -/* v3_pcons.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2003 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> +#include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons, STACK_OF(CONF_VALUE) @@ -108,16 +59,17 @@ static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, POLICY_CONSTRAINTS *pcons = NULL; CONF_VALUE *val; int i; - if (!(pcons = POLICY_CONSTRAINTS_new())) { + + if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) { X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(values); i++) { val = sk_CONF_VALUE_value(values, i); - if (!strcmp(val->name, "requireExplicitPolicy")) { + if (strcmp(val->name, "requireExplicitPolicy") == 0) { if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy)) goto err; - } else if (!strcmp(val->name, "inhibitPolicyMapping")) { + } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) { if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping)) goto err; } else { diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c index dd01c441..ed82bca8 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c @@ -1,67 +1,18 @@ -/* v3_pku.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> +#include "ext_dat.h" static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c index a168343b..73f4ec24 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c @@ -1,67 +1,18 @@ -/* v3_pmaps.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2003 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> +#include "ext_dat.h" static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); @@ -113,13 +64,13 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - POLICY_MAPPINGS *pmaps; - POLICY_MAPPING *pmap; - ASN1_OBJECT *obj1, *obj2; + POLICY_MAPPINGS *pmaps = NULL; + POLICY_MAPPING *pmap = NULL; + ASN1_OBJECT *obj1 = NULL, *obj2 = NULL; CONF_VALUE *val; int i; - if (!(pmaps = sk_POLICY_MAPPING_new_null())) { + if ((pmaps = sk_POLICY_MAPPING_new_null()) == NULL) { X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); return NULL; } @@ -127,30 +78,33 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); if (!val->value || !val->name) { - sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); - return NULL; + goto err; } obj1 = OBJ_txt2obj(val->name, 0); obj2 = OBJ_txt2obj(val->value, 0); if (!obj1 || !obj2) { - sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); - return NULL; + goto err; } pmap = POLICY_MAPPING_new(); - if (!pmap) { - sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + if (pmap == NULL) { X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } pmap->issuerDomainPolicy = obj1; pmap->subjectDomainPolicy = obj2; + obj1 = obj2 = NULL; sk_POLICY_MAPPING_push(pmaps, pmap); } return pmaps; + err: + ASN1_OBJECT_free(obj1); + ASN1_OBJECT_free(obj2); + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + return NULL; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c index acc9c6d9..f384c342 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c @@ -1,71 +1,22 @@ -/* v3_prn.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + /* X509 v3 extension utilities */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> /* Extension printing routines */ -static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, +static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, unsigned long flag, int indent, int supported); /* Print out a name+value stack */ @@ -101,7 +52,7 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, char *tmp; len = strlen(nval->value) + 1; tmp = OPENSSL_malloc(len); - if (tmp) { + if (tmp != NULL) { ascii2ebcdic(tmp, nval->value, len); BIO_printf(out, "%s:%s", nval->name, tmp); OPENSSL_free(tmp); @@ -120,26 +71,29 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, { void *ext_str = NULL; char *value = NULL; + ASN1_OCTET_STRING *extoct; const unsigned char *p; + int extlen; const X509V3_EXT_METHOD *method; STACK_OF(CONF_VALUE) *nval = NULL; int ok = 1; - if (!(method = X509V3_EXT_get(ext))) - return unknown_ext_print(out, ext, flag, indent, 0); - p = ext->value->data; + extoct = X509_EXTENSION_get_data(ext); + p = ASN1_STRING_get0_data(extoct); + extlen = ASN1_STRING_length(extoct); + + if ((method = X509V3_EXT_get(ext)) == NULL) + return unknown_ext_print(out, p, extlen, flag, indent, 0); if (method->it) - ext_str = - ASN1_item_d2i(NULL, &p, ext->value->length, - ASN1_ITEM_ptr(method->it)); + ext_str = ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); else - ext_str = method->d2i(NULL, &p, ext->value->length); + ext_str = method->d2i(NULL, &p, extlen); if (!ext_str) - return unknown_ext_print(out, ext, flag, indent, 1); + return unknown_ext_print(out, p, extlen, flag, indent, 1); if (method->i2s) { - if (!(value = method->i2s(method, ext_str))) { + if ((value = method->i2s(method, ext_str)) == NULL) { ok = 0; goto err; } @@ -151,7 +105,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, char *tmp; len = strlen(value) + 1; tmp = OPENSSL_malloc(len); - if (tmp) { + if (tmp != NULL) { ascii2ebcdic(tmp, value, len); BIO_printf(out, "%*s%s", indent, "", tmp); OPENSSL_free(tmp); @@ -159,7 +113,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, } #endif } else if (method->i2v) { - if (!(nval = method->i2v(method, ext_str, NULL))) { + if ((nval = method->i2v(method, ext_str, NULL)) == NULL) { ok = 0; goto err; } @@ -173,8 +127,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, err: sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); - if (value) - OPENSSL_free(value); + OPENSSL_free(value); if (method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); else @@ -182,8 +135,8 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, return ok; } -int X509V3_extensions_print(BIO *bp, char *title, - STACK_OF(X509_EXTENSION) *exts, +int X509V3_extensions_print(BIO *bp, const char *title, + const STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent) { int i, j; @@ -209,7 +162,7 @@ int X509V3_extensions_print(BIO *bp, char *title, return 0; if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) { BIO_printf(bp, "%*s", indent + 4, ""); - M_ASN1_OCTET_STRING_print(bp, ex->value); + ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex)); } if (BIO_write(bp, "\n", 1) <= 0) return 0; @@ -217,7 +170,7 @@ int X509V3_extensions_print(BIO *bp, char *title, return 1; } -static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, +static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, unsigned long flag, int indent, int supported) { switch (flag & X509V3_EXT_UNKNOWN_MASK) { @@ -233,24 +186,22 @@ static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, return 1; case X509V3_EXT_PARSE_UNKNOWN: - return ASN1_parse_dump(out, - ext->value->data, ext->value->length, indent, - -1); + return ASN1_parse_dump(out, ext, extlen, indent, -1); case X509V3_EXT_DUMP_UNKNOWN: - return BIO_dump_indent(out, (char *)ext->value->data, - ext->value->length, indent); + return BIO_dump_indent(out, (const char *)ext, extlen, indent); default: return 1; } } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) { BIO *bio_tmp; int ret; - if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) + + if ((bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) return 0; ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); BIO_free(bio_tmp); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c index 845be673..451e7f87 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c @@ -1,66 +1,18 @@ -/* v3_purp.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2001. - */ -/* ==================================================================== - * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" +#include "internal/numbers.h" #include <openssl/x509v3.h> #include <openssl/x509_vfy.h> +#include "internal/x509_int.h" static void x509v3_cache_extensions(X509 *x); @@ -108,9 +60,7 @@ static X509_PURPOSE xstandard[] = { NULL}, }; -#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) - -IMPLEMENT_STACK_OF(X509_PURPOSE) +#define X509_PURPOSE_COUNT OSSL_NELEM(xstandard) static STACK_OF(X509_PURPOSE) *xptable = NULL; @@ -129,10 +79,11 @@ int X509_check_purpose(X509 *x, int id, int ca) int idx; const X509_PURPOSE *pt; if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_w_lock(CRYPTO_LOCK_X509); + CRYPTO_THREAD_write_lock(x->lock); x509v3_cache_extensions(x); - CRYPTO_w_unlock(CRYPTO_LOCK_X509); + CRYPTO_THREAD_unlock(x->lock); } + /* Return if side-effect only call */ if (id == -1) return 1; idx = X509_PURPOSE_get_by_id(id); @@ -168,13 +119,13 @@ X509_PURPOSE *X509_PURPOSE_get0(int idx) return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); } -int X509_PURPOSE_get_by_sname(char *sname) +int X509_PURPOSE_get_by_sname(const char *sname) { int i; X509_PURPOSE *xptmp; for (i = 0; i < X509_PURPOSE_get_count(); i++) { xptmp = X509_PURPOSE_get0(i); - if (!strcmp(xptmp->sname, sname)) + if (strcmp(xptmp->sname, sname) == 0) return i; } return -1; @@ -197,7 +148,7 @@ int X509_PURPOSE_get_by_id(int purpose) int X509_PURPOSE_add(int id, int trust, int flags, int (*ck) (const X509_PURPOSE *, const X509 *, int), - char *name, char *sname, void *arg) + const char *name, const char *sname, void *arg) { int idx; X509_PURPOSE *ptmp; @@ -211,7 +162,7 @@ int X509_PURPOSE_add(int id, int trust, int flags, idx = X509_PURPOSE_get_by_id(id); /* Need a new entry */ if (idx == -1) { - if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { + if ((ptmp = OPENSSL_malloc(sizeof(*ptmp))) == NULL) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); return 0; } @@ -225,11 +176,11 @@ int X509_PURPOSE_add(int id, int trust, int flags, OPENSSL_free(ptmp->sname); } /* dup supplied name */ - ptmp->name = BUF_strdup(name); - ptmp->sname = BUF_strdup(sname); + ptmp->name = OPENSSL_strdup(name); + ptmp->sname = OPENSSL_strdup(sname); if (!ptmp->name || !ptmp->sname) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } /* Keep the dynamic flag of existing entry */ ptmp->flags &= X509_PURPOSE_DYNAMIC; @@ -243,16 +194,24 @@ int X509_PURPOSE_add(int id, int trust, int flags, /* If its a new entry manage the dynamic table */ if (idx == -1) { - if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { + if (xptable == NULL + && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } if (!sk_X509_PURPOSE_push(xptable, ptmp)) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } } return 1; + err: + if (idx == -1) { + OPENSSL_free(ptmp->name); + OPENSSL_free(ptmp->sname); + OPENSSL_free(ptmp); + } + return 0; } static void xptable_free(X509_PURPOSE *p) @@ -270,29 +229,26 @@ static void xptable_free(X509_PURPOSE *p) void X509_PURPOSE_cleanup(void) { - unsigned int i; sk_X509_PURPOSE_pop_free(xptable, xptable_free); - for (i = 0; i < X509_PURPOSE_COUNT; i++) - xptable_free(xstandard + i); xptable = NULL; } -int X509_PURPOSE_get_id(X509_PURPOSE *xp) +int X509_PURPOSE_get_id(const X509_PURPOSE *xp) { return xp->purpose; } -char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) +char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp) { return xp->name; } -char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) +char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) { return xp->sname; } -int X509_PURPOSE_get_trust(X509_PURPOSE *xp) +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp) { return xp->trust; } @@ -338,8 +294,7 @@ int X509_supported_extension(X509_EXTENSION *ex) if (ex_nid == NID_undef) return 0; - if (OBJ_bsearch_nid(&ex_nid, supported_nids, - sizeof(supported_nids) / sizeof(int))) + if (OBJ_bsearch_nid(&ex_nid, supported_nids, OSSL_NELEM(supported_nids))) return 1; return 0; } @@ -400,9 +355,7 @@ static void x509v3_cache_extensions(X509 *x) int i; if (x->ex_flags & EXFLAG_SET) return; -#ifndef OPENSSL_NO_SHA X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); -#endif /* V1 should mean no extensions ... */ if (!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; @@ -575,12 +528,22 @@ static int check_ca(const X509 *x) } } +void X509_set_proxy_flag(X509 *x) +{ + x->ex_flags |= EXFLAG_PROXY; +} + +void X509_set_proxy_pathlen(X509 *x, long l) +{ + x->ex_pcpathlen = l; +} + int X509_check_ca(X509 *x) { if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_w_lock(CRYPTO_LOCK_X509); + CRYPTO_THREAD_write_lock(x->lock); x509v3_cache_extensions(x); - CRYPTO_w_unlock(CRYPTO_LOCK_X509); + CRYPTO_THREAD_unlock(x->lock); } return check_ca(x); @@ -762,7 +725,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, return 0; /* Extended Key Usage MUST be critical */ - i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1); + i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1); if (i_ext >= 0) { X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext); if (!X509_EXTENSION_get_critical(ext)) @@ -850,3 +813,53 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) } return X509_V_OK; } + +uint32_t X509_get_extension_flags(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + X509_check_purpose(x, -1, -1); + return x->ex_flags; +} + +uint32_t X509_get_key_usage(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + X509_check_purpose(x, -1, -1); + if (x->ex_flags & EXFLAG_KUSAGE) + return x->ex_kusage; + return UINT32_MAX; +} + +uint32_t X509_get_extended_key_usage(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + X509_check_purpose(x, -1, -1); + if (x->ex_flags & EXFLAG_XKUSAGE) + return x->ex_xkusage; + return UINT32_MAX; +} + +const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + X509_check_purpose(x, -1, -1); + return x->skid; +} + +long X509_get_pathlen(X509 *x) +{ + /* Called for side effect of caching extensions */ + if (X509_check_purpose(x, -1, -1) != 1 + || (x->ex_flags & EXFLAG_BCONS) == 0) + return -1; + return x->ex_pathlen; +} + +long X509_get_proxy_pathlen(X509 *x) +{ + /* Called for side effect of caching extensions */ + if (X509_check_purpose(x, -1, -1) != 1 + || (x->ex_flags & EXFLAG_PROXY) == 0) + return -1; + return x->ex_pcpathlen; +} diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c index 1cede047..39597dc4 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c @@ -1,65 +1,17 @@ -/* v3_skey.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/x509v3.h> +#include "internal/x509_int.h" +#include "ext_dat.h" static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); @@ -72,24 +24,25 @@ const X509V3_EXT_METHOD v3_skey_id = { NULL }; -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + const ASN1_OCTET_STRING *oct) { - return hex_to_string(oct->data, oct->length); + return OPENSSL_buf2hexstr(oct->data, oct->length); } ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str) + X509V3_CTX *ctx, const char *str) { ASN1_OCTET_STRING *oct; long length; - if (!(oct = M_ASN1_OCTET_STRING_new())) { + if ((oct = ASN1_OCTET_STRING_new()) == NULL) { X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); return NULL; } - if (!(oct->data = string_to_hex(str, &length))) { - M_ASN1_OCTET_STRING_free(oct); + if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) { + ASN1_OCTET_STRING_free(oct); return NULL; } @@ -103,14 +56,16 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str) { ASN1_OCTET_STRING *oct; - ASN1_BIT_STRING *pk; + X509_PUBKEY *pubkey; + const unsigned char *pk; + int pklen; unsigned char pkey_dig[EVP_MAX_MD_SIZE]; unsigned int diglen; if (strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); - if (!(oct = M_ASN1_OCTET_STRING_new())) { + if ((oct = ASN1_OCTET_STRING_new()) == NULL) { X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); return NULL; } @@ -124,20 +79,21 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, } if (ctx->subject_req) - pk = ctx->subject_req->req_info->pubkey->public_key; + pubkey = ctx->subject_req->req_info.pubkey; else - pk = ctx->subject_cert->cert_info->key->public_key; + pubkey = ctx->subject_cert->cert_info.key; - if (!pk) { + if (pubkey == NULL) { X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY); goto err; } - if (!EVP_Digest - (pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL)) + X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey); + + if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL)) goto err; - if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { + if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); goto err; } @@ -145,6 +101,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, return oct; err: - M_ASN1_OCTET_STRING_free(oct); + ASN1_OCTET_STRING_free(oct); return NULL; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c index a4e6a93e..89cda01b 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c @@ -1,68 +1,19 @@ -/* v3_sxnet.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> +#include "ext_dat.h" /* Support for Thawte strong extranet extension */ @@ -117,7 +68,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, tmp = i2s_ASN1_INTEGER(NULL, id->zone); BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); OPENSSL_free(tmp); - M_ASN1_OCTET_STRING_print(out, id->user); + ASN1_STRING_print(out, id->user); } return 1; } @@ -150,10 +101,11 @@ static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, /* Add an id given the zone as an ASCII number */ -int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) +int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen) { - ASN1_INTEGER *izone = NULL; - if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { + ASN1_INTEGER *izone; + + if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); return 0; } @@ -162,13 +114,15 @@ int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) /* Add an id given the zone as an unsigned long */ -int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, int userlen) { - ASN1_INTEGER *izone = NULL; - if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { + ASN1_INTEGER *izone; + + if ((izone = ASN1_INTEGER_new()) == NULL + || !ASN1_INTEGER_set(izone, lzone)) { X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free(izone); + ASN1_INTEGER_free(izone); return 0; } return SXNET_add_id_INTEGER(psx, izone, user, userlen); @@ -180,7 +134,7 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, * passed integer and doesn't make a copy so don't free it up afterwards. */ -int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, int userlen) { SXNET *sx = NULL; @@ -196,8 +150,8 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG); return 0; } - if (!*psx) { - if (!(sx = SXNET_new())) + if (*psx == NULL) { + if ((sx = SXNET_new()) == NULL) goto err; if (!ASN1_INTEGER_set(sx->version, 0)) goto err; @@ -209,12 +163,12 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, return 0; } - if (!(id = SXNETID_new())) + if ((id = SXNETID_new()) == NULL) goto err; if (userlen == -1) userlen = strlen(user); - if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) + if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen)) goto err; if (!sk_SXNETID_push(sx->ids, id)) goto err; @@ -229,30 +183,33 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, return 0; } -ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone) { - ASN1_INTEGER *izone = NULL; + ASN1_INTEGER *izone; ASN1_OCTET_STRING *oct; - if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { + + if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); return NULL; } oct = SXNET_get_id_INTEGER(sx, izone); - M_ASN1_INTEGER_free(izone); + ASN1_INTEGER_free(izone); return oct; } ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) { - ASN1_INTEGER *izone = NULL; + ASN1_INTEGER *izone; ASN1_OCTET_STRING *oct; - if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { + + if ((izone = ASN1_INTEGER_new()) == NULL + || !ASN1_INTEGER_set(izone, lzone)) { X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free(izone); + ASN1_INTEGER_free(izone); return NULL; } oct = SXNET_get_id_INTEGER(sx, izone); - M_ASN1_INTEGER_free(izone); + ASN1_INTEGER_free(izone); return oct; } @@ -262,12 +219,8 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) int i; for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); - if (!M_ASN1_INTEGER_cmp(id->zone, zone)) + if (!ASN1_INTEGER_cmp(id->zone, zone)) return id->user; } return NULL; } - -IMPLEMENT_STACK_OF(SXNETID) - -IMPLEMENT_ASN1_SET_OF(SXNETID) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c new file mode 100644 index 00000000..fec67243 --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c @@ -0,0 +1,137 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" +#include "internal/o_str.h" +#include <openssl/asn1t.h> +#include <openssl/conf.h> +#include <openssl/x509v3.h> +#include "ext_dat.h" + +static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, + TLS_FEATURE *tls_feature, + STACK_OF(CONF_VALUE) *ext_list); +static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); + +ASN1_ITEM_TEMPLATE(TLS_FEATURE) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER) +static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE) + +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) + +const X509V3_EXT_METHOD v3_tls_feature = { + NID_tlsfeature, 0, + ASN1_ITEM_ref(TLS_FEATURE), + 0, 0, 0, 0, + 0, 0, + (X509V3_EXT_I2V)i2v_TLS_FEATURE, + (X509V3_EXT_V2I)v2i_TLS_FEATURE, + 0, 0, + NULL +}; + + +typedef struct { + long num; + const char *name; +} TLS_FEATURE_NAME; + +static TLS_FEATURE_NAME tls_feature_tbl[] = { + { 5, "status_request" }, + { 17, "status_request_v2" } +}; + +/* + * i2v_TLS_FEATURE converts the TLS_FEATURE structure tls_feature into the + * STACK_OF(CONF_VALUE) structure ext_list. STACK_OF(CONF_VALUE) is the format + * used by the CONF library to represent a multi-valued extension. ext_list is + * returned. + */ +static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, + TLS_FEATURE *tls_feature, + STACK_OF(CONF_VALUE) *ext_list) +{ + int i; + size_t j; + ASN1_INTEGER *ai; + long tlsextid; + for (i = 0; i < sk_ASN1_INTEGER_num(tls_feature); i++) { + ai = sk_ASN1_INTEGER_value(tls_feature, i); + tlsextid = ASN1_INTEGER_get(ai); + for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) + if (tlsextid == tls_feature_tbl[j].num) + break; + if (j < OSSL_NELEM(tls_feature_tbl)) + X509V3_add_value(NULL, tls_feature_tbl[j].name, &ext_list); + else + X509V3_add_value_int(NULL, ai, &ext_list); + } + return ext_list; +} + +/* + * v2i_TLS_FEATURE converts the multi-valued extension nval into a TLS_FEATURE + * structure, which is returned if the conversion is successful. In case of + * error, NULL is returned. + */ +static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +{ + TLS_FEATURE *tlsf; + char *extval, *endptr; + ASN1_INTEGER *ai; + CONF_VALUE *val; + int i; + size_t j; + long tlsextid; + + if ((tlsf = sk_ASN1_INTEGER_new_null()) == NULL) { + X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); + return NULL; + } + + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); + if (val->value) + extval = val->value; + else + extval = val->name; + + for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) + if (strcasecmp(extval, tls_feature_tbl[j].name) == 0) + break; + if (j < OSSL_NELEM(tls_feature_tbl)) + tlsextid = tls_feature_tbl[j].num; + else { + tlsextid = strtol(extval, &endptr, 10); + if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) || + (tlsextid > 65535)) { + X509V3err(X509V3_F_V2I_TLS_FEATURE, X509V3_R_INVALID_SYNTAX); + X509V3_conf_err(val); + goto err; + } + } + + ai = ASN1_INTEGER_new(); + if (ai == NULL) { + X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); + goto err; + } + ASN1_INTEGER_set(ai, tlsextid); + sk_ASN1_INTEGER_push(tlsf, ai); + } + return tlsf; + + err: + sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free); + return NULL; +} diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c index 43b9cb9c..7dc9a453 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c @@ -1,76 +1,29 @@ -/* v3_utl.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + /* X509 v3 extension utilities */ #include <stdio.h> #include <ctype.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> +#include "internal/x509_int.h" #include <openssl/bn.h> +#include "ext_dat.h" static char *strip_spaces(char *name); static int sk_strcmp(const char *const *a, const char *const *b); static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens); static void str_free(OPENSSL_STRING str); -static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email); +static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email); static int ipv4_from_asc(unsigned char *v4, const char *in); static int ipv6_from_asc(unsigned char *v6, const char *in); @@ -84,13 +37,14 @@ int X509V3_add_value(const char *name, const char *value, { CONF_VALUE *vtmp = NULL; char *tname = NULL, *tvalue = NULL; - if (name && !(tname = BUF_strdup(name))) + + if (name && (tname = OPENSSL_strdup(name)) == NULL) goto err; - if (value && !(tvalue = BUF_strdup(value))) + if (value && (tvalue = OPENSSL_strdup(value)) == NULL) goto err; - if (!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) + if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) goto err; - if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) + if (*extlist == NULL && (*extlist = sk_CONF_VALUE_new_null()) == NULL) goto err; vtmp->section = NULL; vtmp->name = tname; @@ -100,12 +54,9 @@ int X509V3_add_value(const char *name, const char *value, return 1; err: X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE); - if (vtmp) - OPENSSL_free(vtmp); - if (tname) - OPENSSL_free(tname); - if (tvalue) - OPENSSL_free(tvalue); + OPENSSL_free(vtmp); + OPENSSL_free(tname); + OPENSSL_free(tvalue); return 0; } @@ -121,12 +72,9 @@ void X509V3_conf_free(CONF_VALUE *conf) { if (!conf) return; - if (conf->name) - OPENSSL_free(conf->name); - if (conf->value) - OPENSSL_free(conf->value); - if (conf->section) - OPENSSL_free(conf->section); + OPENSSL_free(conf->name); + OPENSSL_free(conf->value); + OPENSSL_free(conf->section); OPENSSL_free(conf); } @@ -138,7 +86,7 @@ int X509V3_add_value_bool(const char *name, int asn1_bool, return X509V3_add_value(name, "FALSE", extlist); } -int X509V3_add_value_bool_nf(char *name, int asn1_bool, +int X509V3_add_value_bool_nf(const char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist) { if (asn1_bool) @@ -146,43 +94,49 @@ int X509V3_add_value_bool_nf(char *name, int asn1_bool, return 1; } -char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a) { BIGNUM *bntmp = NULL; char *strtmp = NULL; + if (!a) return NULL; - if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || - !(strtmp = BN_bn2dec(bntmp))) + if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL + || (strtmp = BN_bn2dec(bntmp)) == NULL) X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; } -char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a) { BIGNUM *bntmp = NULL; char *strtmp = NULL; + if (!a) return NULL; - if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || - !(strtmp = BN_bn2dec(bntmp))) + if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL + || (strtmp = BN_bn2dec(bntmp)) == NULL) X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; } -ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) { BIGNUM *bn = NULL; ASN1_INTEGER *aint; int isneg, ishex; int ret; - if (!value) { + if (value == NULL) { X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE); - return 0; + return NULL; } bn = BN_new(); + if (bn == NULL) { + X509V3err(X509V3_F_S2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); + return NULL; + } if (value[0] == '-') { value++; isneg = 1; @@ -203,7 +157,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) if (!ret || value[ret]) { BN_free(bn); X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR); - return 0; + return NULL; } if (isneg && BN_is_zero(bn)) @@ -214,40 +168,49 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) if (!aint) { X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_TO_ASN1_INTEGER_ERROR); - return 0; + return NULL; } if (isneg) aint->type |= V_ASN1_NEG; return aint; } -int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, STACK_OF(CONF_VALUE) **extlist) { char *strtmp; int ret; + if (!aint) return 1; - if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) + if ((strtmp = i2s_ASN1_INTEGER(NULL, aint)) == NULL) return 0; ret = X509V3_add_value(name, strtmp, extlist); OPENSSL_free(strtmp); return ret; } -int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) { - char *btmp; - if (!(btmp = value->value)) + const char *btmp; + + if ((btmp = value->value) == NULL) goto err; - if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") - || !strcmp(btmp, "Y") || !strcmp(btmp, "y") - || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { + if (strcmp(btmp, "TRUE") == 0 + || strcmp(btmp, "true") == 0 + || strcmp(btmp, "Y") == 0 + || strcmp(btmp, "y") == 0 + || strcmp(btmp, "YES") == 0 + || strcmp(btmp, "yes") == 0) { *asn1_bool = 0xff; return 1; - } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") - || !strcmp(btmp, "N") || !strcmp(btmp, "n") - || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { + } + if (strcmp(btmp, "FALSE") == 0 + || strcmp(btmp, "false") == 0 + || strcmp(btmp, "N") == 0 + || strcmp(btmp, "n") == 0 + || strcmp(btmp, "NO") == 0 + || strcmp(btmp, "no") == 0) { *asn1_bool = 0; return 1; } @@ -258,10 +221,11 @@ int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) return 0; } -int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint) { ASN1_INTEGER *itmp; - if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { + + if ((itmp = s2i_ASN1_INTEGER(NULL, value->value)) == NULL) { X509V3_conf_err(value); return 0; } @@ -284,7 +248,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) char *linebuf; int state; /* We are going to modify the line so copy it first */ - linebuf = BUF_strdup(line); + linebuf = OPENSSL_strdup(line); if (linebuf == NULL) { X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE); goto err; @@ -311,9 +275,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) *p = 0; ntmp = strip_spaces(q); q = p + 1; -#if 0 - printf("%s\n", ntmp); -#endif if (!ntmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); @@ -328,9 +289,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) state = HDR_NAME; *p = 0; vtmp = strip_spaces(q); -#if 0 - printf("%s\n", ntmp); -#endif if (!vtmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); @@ -346,9 +304,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) if (state == HDR_VALUE) { vtmp = strip_spaces(q); -#if 0 - printf("%s=%s\n", ntmp, vtmp); -#endif if (!vtmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); @@ -357,9 +312,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) X509V3_add_value(ntmp, vtmp, &values); } else { ntmp = strip_spaces(q); -#if 0 - printf("%s\n", ntmp); -#endif if (!ntmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); goto err; @@ -396,109 +348,6 @@ static char *strip_spaces(char *name) return p; } -/* hex string utilities */ - -/* - * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its - * hex representation @@@ (Contents of buffer are always kept in ASCII, also - * on EBCDIC machines) - */ - -char *hex_to_string(const unsigned char *buffer, long len) -{ - char *tmp, *q; - const unsigned char *p; - int i; - const static char hexdig[] = "0123456789ABCDEF"; - if (!buffer || !len) - return NULL; - if (!(tmp = OPENSSL_malloc(len * 3 + 1))) { - X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE); - return NULL; - } - q = tmp; - for (i = 0, p = buffer; i < len; i++, p++) { - *q++ = hexdig[(*p >> 4) & 0xf]; - *q++ = hexdig[*p & 0xf]; - *q++ = ':'; - } - q[-1] = 0; -#ifdef CHARSET_EBCDIC - ebcdic2ascii(tmp, tmp, q - tmp - 1); -#endif - - return tmp; -} - -/* - * Give a string of hex digits convert to a buffer - */ - -unsigned char *string_to_hex(const char *str, long *len) -{ - unsigned char *hexbuf, *q; - unsigned char ch, cl, *p; - if (!str) { - X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_INVALID_NULL_ARGUMENT); - return NULL; - } - if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) - goto err; - for (p = (unsigned char *)str, q = hexbuf; *p;) { - ch = *p++; -#ifdef CHARSET_EBCDIC - ch = os_toebcdic[ch]; -#endif - if (ch == ':') - continue; - cl = *p++; -#ifdef CHARSET_EBCDIC - cl = os_toebcdic[cl]; -#endif - if (!cl) { - X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ODD_NUMBER_OF_DIGITS); - OPENSSL_free(hexbuf); - return NULL; - } - if (isupper(ch)) - ch = tolower(ch); - if (isupper(cl)) - cl = tolower(cl); - - if ((ch >= '0') && (ch <= '9')) - ch -= '0'; - else if ((ch >= 'a') && (ch <= 'f')) - ch -= 'a' - 10; - else - goto badhex; - - if ((cl >= '0') && (cl <= '9')) - cl -= '0'; - else if ((cl >= 'a') && (cl <= 'f')) - cl -= 'a' - 10; - else - goto badhex; - - *q++ = (ch << 4) | cl; - } - - if (len) - *len = q - hexbuf; - - return hexbuf; - - err: - if (hexbuf) - OPENSSL_free(hexbuf); - X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE); - return NULL; - - badhex: - OPENSSL_free(hexbuf); - X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT); - return NULL; - -} /* * V2I name comparison function: returns zero if 'name' matches cmp or cmp.* @@ -603,7 +452,7 @@ static void str_free(OPENSSL_STRING str) OPENSSL_free(str); } -static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) +static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email) { char *emtmp; /* First some sanity checks */ @@ -611,15 +460,16 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) return 1; if (!email->data || !email->length) return 1; - if (!*sk) + if (*sk == NULL) *sk = sk_OPENSSL_STRING_new(sk_strcmp); - if (!*sk) + if (*sk == NULL) return 0; /* Don't add duplicates */ if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1; - emtmp = BUF_strdup((char *)email->data); - if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { + emtmp = OPENSSL_strdup((char *)email->data); + if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { + OPENSSL_free(emtmp); /* free on push failure */ X509_email_free(*sk); *sk = NULL; return 0; @@ -638,7 +488,7 @@ typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len, /* Skip pattern prefix to match "wildcard" subject */ static void skip_prefix(const unsigned char **p, size_t *plen, - const unsigned char *subject, size_t subject_len, + size_t subject_len, unsigned int flags) { const unsigned char *pattern = *p; @@ -673,7 +523,7 @@ static int equal_nocase(const unsigned char *pattern, size_t pattern_len, const unsigned char *subject, size_t subject_len, unsigned int flags) { - skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); + skip_prefix(&pattern, &pattern_len, subject_len, flags); if (pattern_len != subject_len) return 0; while (pattern_len) { @@ -702,7 +552,7 @@ static int equal_case(const unsigned char *pattern, size_t pattern_len, const unsigned char *subject, size_t subject_len, unsigned int flags) { - skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); + skip_prefix(&pattern, &pattern_len, subject_len, flags); if (pattern_len != subject_len) return 0; return !memcmp(pattern, subject, pattern_len); @@ -885,7 +735,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len, * to UTF8. */ -static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, +static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, unsigned int flags, const char *b, size_t blen, char **peername) { @@ -901,7 +751,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, else if (a->length == (int)blen && !memcmp(a->data, b, blen)) rv = 1; if (rv > 0 && peername) - *peername = BUF_strndup((char *)a->data, a->length); + *peername = OPENSSL_strndup((char *)a->data, a->length); } else { int astrlen; unsigned char *astr; @@ -915,7 +765,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, } rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); if (rv > 0 && peername) - *peername = BUF_strndup((char *)astr, astrlen); + *peername = OPENSSL_strndup((char *)astr, astrlen); OPENSSL_free(astr); } return rv; @@ -980,23 +830,20 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, GENERAL_NAMES_free(gens); if (rv != 0) return rv; - if (cnid == NID_undef - || (san_present - && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))) + if (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)) return 0; } /* We're done if CN-ID is not pertinent */ - if (cnid == NID_undef) + if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT)) return 0; i = -1; name = X509_get_subject_name(x); while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) { - X509_NAME_ENTRY *ne; - ASN1_STRING *str; - ne = X509_NAME_get_entry(name, i); - str = X509_NAME_ENTRY_get_data(ne); + const X509_NAME_ENTRY *ne = X509_NAME_get_entry(name, i); + const ASN1_STRING *str = X509_NAME_ENTRY_get_data(ne); + /* Positive on success, negative on error! */ if ((rv = do_check_string(str, -1, equal, flags, chk, chklen, peername)) != 0) @@ -1083,7 +930,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) return NULL; ret = ASN1_OCTET_STRING_new(); - if (!ret) + if (ret == NULL) return NULL; if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) { ASN1_OCTET_STRING_free(ret); @@ -1101,7 +948,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) p = strchr(ipasc, '/'); if (!p) return NULL; - iptmp = BUF_strdup(ipasc); + iptmp = OPENSSL_strdup(ipasc); if (!iptmp) return NULL; p = iptmp + (p - ipasc); @@ -1121,7 +968,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) goto err; ret = ASN1_OCTET_STRING_new(); - if (!ret) + if (ret == NULL) goto err; if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) goto err; @@ -1129,10 +976,8 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) return ret; err: - if (iptmp) - OPENSSL_free(iptmp); - if (ret) - ASN1_OCTET_STRING_free(ret); + OPENSSL_free(iptmp); + ASN1_OCTET_STRING_free(ret); return NULL; } @@ -1284,19 +1129,17 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen) { unsigned char c; unsigned int num = 0; + int x; + if (inlen > 4) return 0; while (inlen--) { c = *in++; num <<= 4; - if ((c >= '0') && (c <= '9')) - num |= c - '0'; - else if ((c >= 'A') && (c <= 'F')) - num |= c - 'A' + 10; - else if ((c >= 'a') && (c <= 'f')) - num |= c - 'a' + 10; - else + x = OPENSSL_hexchar2int(c); + if (x < 0) return 0; + num |= (char)x; } out[0] = num >> 8; out[1] = num & 0xff; @@ -1307,7 +1150,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, unsigned long chtype) { CONF_VALUE *v; - int i, mval; + int i, mval, spec_char, plus_char; char *p, *type; if (!nm) return 0; @@ -1318,25 +1161,26 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, /* * Skip past any leading X. X: X, etc to allow for multiple instances */ - for (p = type; *p; p++) + for (p = type; *p; p++) { #ifndef CHARSET_EBCDIC - if ((*p == ':') || (*p == ',') || (*p == '.')) + spec_char = ((*p == ':') || (*p == ',') || (*p == '.')); #else - if ((*p == os_toascii[':']) || (*p == os_toascii[',']) - || (*p == os_toascii['.'])) + spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[',']) + || (*p == os_toascii['.'])); #endif - { + if (spec_char) { p++; if (*p) type = p; break; } + } #ifndef CHARSET_EBCDIC - if (*type == '+') + plus_char = (*type == '+'); #else - if (*type == os_toascii['+']) + plus_char = (*type == os_toascii['+']); #endif - { + if (plus_char) { mval = -1; type++; } else diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c index bcc1be72..5d79c8c6 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c @@ -1,62 +1,11 @@ -/* crypto/x509v3/v3err.c */ -/* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - /* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> @@ -71,68 +20,62 @@ static ERR_STRING_DATA X509V3_str_functs[] = { {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "a2i_GENERAL_NAME"}, + {ERR_FUNC(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL), + "addr_validate_path_internal"}, {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), - "ASIDENTIFIERCHOICE_CANONIZE"}, + "ASIdentifierChoice_canonize"}, {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), - "ASIDENTIFIERCHOICE_IS_CANONICAL"}, - {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, - {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, - {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, - {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, - {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, - {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, - {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "GNAMES_FROM_SECTNAME"}, - {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, + "ASIdentifierChoice_is_canonical"}, + {ERR_FUNC(X509V3_F_COPY_EMAIL), "copy_email"}, + {ERR_FUNC(X509V3_F_COPY_ISSUER), "copy_issuer"}, + {ERR_FUNC(X509V3_F_DO_DIRNAME), "do_dirname"}, + {ERR_FUNC(X509V3_F_DO_EXT_I2D), "do_ext_i2d"}, + {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "do_ext_nconf"}, + {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "gnames_from_sectname"}, {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, - {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, + {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "i2s_ASN1_IA5STRING"}, {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), - "I2V_AUTHORITY_INFO_ACCESS"}, - {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, - {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, - {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, - {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, - {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, - {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, - {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, + "i2v_AUTHORITY_INFO_ACCESS"}, + {ERR_FUNC(X509V3_F_NOTICE_SECTION), "notice_section"}, + {ERR_FUNC(X509V3_F_NREF_NOS), "nref_nos"}, + {ERR_FUNC(X509V3_F_POLICY_SECTION), "policy_section"}, + {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "process_pci_value"}, + {ERR_FUNC(X509V3_F_R2I_CERTPOL), "r2i_certpol"}, + {ERR_FUNC(X509V3_F_R2I_PCI), "r2i_pci"}, + {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "s2i_ASN1_IA5STRING"}, {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, - {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, - {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, - {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "SET_DIST_POINT_NAME"}, - {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, + {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "s2i_skey_id"}, + {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "set_dist_point_name"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, - {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"}, + {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "v2i_ASIdentifiers"}, {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), - "V2I_AUTHORITY_INFO_ACCESS"}, - {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, - {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, - {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, + "v2i_AUTHORITY_INFO_ACCESS"}, + {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "v2i_AUTHORITY_KEYID"}, + {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "v2i_BASIC_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_CRLD), "v2i_crld"}, + {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "v2i_EXTENDED_KEY_USAGE"}, {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, - {ERR_FUNC(X509V3_F_V2I_IDP), "V2I_IDP"}, - {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, - {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, - {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, - {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, - {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), - "V3_ADDR_VALIDATE_PATH_INTERNAL"}, - {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, + {ERR_FUNC(X509V3_F_V2I_IDP), "v2i_idp"}, + {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "v2i_IPAddrBlocks"}, + {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "v2i_issuer_alt"}, + {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "v2i_NAME_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "v2i_POLICY_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "v2i_POLICY_MAPPINGS"}, + {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "v2i_subject_alt"}, + {ERR_FUNC(X509V3_F_V2I_TLS_FEATURE), "v2i_TLS_FEATURE"}, + {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "v3_generic_extension"}, {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, - {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, - {ERR_FUNC(X509V3_F_X509V3_EXT_FREE), "X509V3_EXT_free"}, {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, @@ -150,8 +93,6 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"}, {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR), "bn to asn1 integer error"}, - {ERR_REASON(X509V3_R_CANNOT_FIND_FREE_FUNCTION), - "cannot find free function"}, {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"}, {ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET), "distpoint already set"}, {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"}, @@ -167,7 +108,6 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { "extension setting not supported"}, {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"}, {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"}, - {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"}, {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), "incorrect policy syntax tag"}, {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"}, @@ -207,7 +147,6 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { "no proxy cert policy language defined"}, {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"}, {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"}, - {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"}, {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"}, {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), @@ -215,8 +154,6 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"}, {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), "policy path length already defined"}, - {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED), - "policy syntax not currently supported"}, {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), "policy when proxy language requires no policy"}, {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"}, @@ -237,7 +174,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { #endif -void ERR_load_X509V3_strings(void) +int ERR_load_X509V3_strings(void) { #ifndef OPENSSL_NO_ERR @@ -246,4 +183,5 @@ void ERR_load_X509V3_strings(void) ERR_load_strings(0, X509V3_str_reasons); } #endif + return 1; } |