diff options
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/x509v3')
39 files changed, 3465 insertions, 1518 deletions
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h b/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h index c9ede960..09ebbcae 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h +++ b/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h @@ -1,24 +1,138 @@ +/* ext_dat.h */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ +/* This file contains a table of "standard" extensions */ + +extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; +extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; +extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; +extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; +extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; +extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; +extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; +extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; +extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; +extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; +extern X509V3_EXT_METHOD v3_addr, v3_asid; +extern X509V3_EXT_METHOD v3_ct_scts[]; + +/* + * This table will be searched using OBJ_bsearch so it *must* kept in order + * of the ext_nid values. + */ + +static const X509V3_EXT_METHOD *standard_exts[] = { + &v3_nscert, + &v3_ns_ia5_list[0], + &v3_ns_ia5_list[1], + &v3_ns_ia5_list[2], + &v3_ns_ia5_list[3], + &v3_ns_ia5_list[4], + &v3_ns_ia5_list[5], + &v3_ns_ia5_list[6], + &v3_skey_id, + &v3_key_usage, + &v3_pkey_usage_period, + &v3_alt[0], + &v3_alt[1], + &v3_bcons, + &v3_crl_num, + &v3_cpols, + &v3_akey_id, + &v3_crld, + &v3_ext_ku, + &v3_delta_crl, + &v3_crl_reason, +#ifndef OPENSSL_NO_OCSP + &v3_crl_invdate, +#endif + &v3_sxnet, + &v3_info, +#ifndef OPENSSL_NO_RFC3779 + &v3_addr, + &v3_asid, +#endif +#ifndef OPENSSL_NO_OCSP + &v3_ocsp_nonce, + &v3_ocsp_crlid, + &v3_ocsp_accresp, + &v3_ocsp_nocheck, + &v3_ocsp_acutoff, + &v3_ocsp_serviceloc, +#endif + &v3_sinfo, + &v3_policy_constraints, +#ifndef OPENSSL_NO_OCSP + &v3_crl_hold, +#endif + &v3_pci, + &v3_name_constraints, + &v3_policy_mappings, + &v3_inhibit_anyp, + &v3_idp, + &v3_alt[2], + &v3_freshest_crl, +#ifndef OPENSSL_NO_SCT + &v3_ct_scts[0], + &v3_ct_scts[1], +#endif +}; -int name_cmp(const char *name, const char *cmp); +/* Number of standard extensions */ -extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; -extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; -extern const X509V3_EXT_METHOD v3_ns_ia5_list[8], v3_alt[3], v3_skey_id, v3_akey_id; -extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; -extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; -extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; -extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; -extern const X509V3_EXT_METHOD v3_crl_hold, v3_pci; -extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; -extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; -extern const X509V3_EXT_METHOD v3_addr, v3_asid; -extern const X509V3_EXT_METHOD v3_ct_scts[3]; -extern const X509V3_EXT_METHOD v3_tls_feature; +#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c index a9ee30a8..c8f41f24 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c @@ -1,16 +1,65 @@ +/* pcy_cache.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" #include "pcy_int.h" @@ -34,12 +83,12 @@ static int policy_cache_create(X509 *x, if (sk_POLICYINFO_num(policies) == 0) goto bad_policy; cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); - if (cache->data == NULL) + if (!cache->data) goto bad_policy; for (i = 0; i < sk_POLICYINFO_num(policies); i++) { policy = sk_POLICYINFO_value(policies, i); data = policy_data_new(policy, NULL, crit); - if (data == NULL) + if (!data) goto bad_policy; /* * Duplicate policy OIDs are illegal: reject if matches found. @@ -61,7 +110,8 @@ static int policy_cache_create(X509 *x, bad_policy: if (ret == -1) x->ex_flags |= EXFLAG_INVALID_POLICY; - policy_data_free(data); + if (data) + policy_data_free(data); sk_POLICYINFO_pop_free(policies, POLICYINFO_free); if (ret <= 0) { sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); @@ -78,11 +128,8 @@ static int policy_cache_new(X509 *x) CERTIFICATEPOLICIES *ext_cpols = NULL; POLICY_MAPPINGS *ext_pmaps = NULL; int i; - - if (x->policy_cache != NULL) - return 1; - cache = OPENSSL_malloc(sizeof(*cache)); - if (cache == NULL) + cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE)); + if (!cache) return 0; cache->anyPolicy = NULL; cache->data = NULL; @@ -153,14 +200,18 @@ static int policy_cache_new(X509 *x) goto bad_cache; } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) goto bad_cache; - goto just_cleanup; + if (0) { bad_cache: - x->ex_flags |= EXFLAG_INVALID_POLICY; + x->ex_flags |= EXFLAG_INVALID_POLICY; + } + + if (ext_pcons) + POLICY_CONSTRAINTS_free(ext_pcons); + + if (ext_any) + ASN1_INTEGER_free(ext_any); - just_cleanup: - POLICY_CONSTRAINTS_free(ext_pcons); - ASN1_INTEGER_free(ext_any); return 1; } @@ -169,8 +220,10 @@ void policy_cache_free(X509_POLICY_CACHE *cache) { if (!cache) return; - policy_data_free(cache->anyPolicy); - sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); + if (cache->anyPolicy) + policy_data_free(cache->anyPolicy); + if (cache->data) + sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); OPENSSL_free(cache); } @@ -178,9 +231,9 @@ const X509_POLICY_CACHE *policy_cache_set(X509 *x) { if (x->policy_cache == NULL) { - CRYPTO_THREAD_write_lock(x->lock); + CRYPTO_w_lock(CRYPTO_LOCK_X509); policy_cache_new(x); - CRYPTO_THREAD_unlock(x->lock); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); } return x->policy_cache; diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c index cf1d635e..90e9970e 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c @@ -1,13 +1,63 @@ +/* pcy_data.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> @@ -17,8 +67,6 @@ void policy_data_free(X509_POLICY_DATA *data) { - if (!data) - return; ASN1_OBJECT_free(data->valid_policy); /* Don't free qualifiers if shared */ if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) @@ -28,9 +76,9 @@ void policy_data_free(X509_POLICY_DATA *data) } /* - * Create a data based on an existing policy. If 'id' is NULL use the OID in + * Create a data based on an existing policy. If 'id' is NULL use the oid in * the policy, otherwise use 'id'. This behaviour covers the two types of - * data in RFC3280: data with from a CertificatePolicies extension and + * data in RFC3280: data with from a CertificatePolcies extension and * additional data with just the qualifiers of anyPolicy and ID from another * source. */ @@ -48,18 +96,21 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, return NULL; } else id = NULL; - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) + ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); + if (!ret) return NULL; ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); - if (ret->expected_policy_set == NULL) { + if (!ret->expected_policy_set) { OPENSSL_free(ret); - ASN1_OBJECT_free(id); + if (id) + ASN1_OBJECT_free(id); return NULL; } if (crit) ret->flags = POLICY_DATA_FLAG_CRITICAL; + else + ret->flags = 0; if (id) ret->valid_policy = id; @@ -71,7 +122,8 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, if (policy) { ret->qualifier_set = policy->qualifiers; policy->qualifiers = NULL; - } + } else + ret->qualifier_set = NULL; return ret; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h b/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h index 5daf78de..b5075f9e 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h @@ -1,15 +1,65 @@ +/* pcy_int.h */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; -DEFINE_STACK_OF(X509_POLICY_DATA) +DECLARE_STACK_OF(X509_POLICY_DATA) /* Internal structures */ @@ -119,7 +169,7 @@ struct X509_POLICY_TREE_st { * required. */ STACK_OF(X509_POLICY_DATA) *extra_data; - /* This is the authority constrained policy set */ + /* This is the authority constained policy set */ STACK_OF(X509_POLICY_NODE) *auth_policies; STACK_OF(X509_POLICY_NODE) *user_policies; unsigned int flags; @@ -157,7 +207,7 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, const ASN1_OBJECT *id); X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, + const X509_POLICY_DATA *data, X509_POLICY_NODE *parent, X509_POLICY_TREE *tree); void policy_node_free(X509_POLICY_NODE *node); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c index 67f7eafc..dbb29835 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c @@ -1,13 +1,63 @@ +/* pcy_lib.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> @@ -90,6 +140,15 @@ const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node) return node->data->valid_policy; } +#if 0 +int X509_policy_node_get_critical(const X509_POLICY_NODE *node) +{ + if (node_critical(node)) + return 1; + return 0; +} +#endif + STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c index ab9dd21b..b99eb91c 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c @@ -1,16 +1,65 @@ +/* pcy_map.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" #include "pcy_int.h" @@ -42,15 +91,15 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) /* Attempt to find matching policy data */ data = policy_cache_find_data(cache, map->issuerDomainPolicy); /* If we don't have anyPolicy can't map */ - if (data == NULL && !cache->anyPolicy) + if (!data && !cache->anyPolicy) continue; /* Create a NODE from anyPolicy */ - if (data == NULL) { + if (!data) { data = policy_data_new(NULL, map->issuerDomainPolicy, cache->anyPolicy->flags & POLICY_DATA_FLAG_CRITICAL); - if (data == NULL) + if (!data) goto bad_mapping; data->qualifier_set = cache->anyPolicy->qualifier_set; /* diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c index 80443bff..d6c91765 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c @@ -1,10 +1,60 @@ +/* pcy_node.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <openssl/asn1.h> @@ -59,17 +109,17 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, } X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, + const X509_POLICY_DATA *data, X509_POLICY_NODE *parent, X509_POLICY_TREE *tree) { X509_POLICY_NODE *node; - - node = OPENSSL_zalloc(sizeof(*node)); - if (node == NULL) + node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); + if (!node) return NULL; node->data = data; node->parent = parent; + node->nchild = 0; if (level) { if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { if (level->anyPolicy) @@ -77,9 +127,9 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, level->anyPolicy = node; } else { - if (level->nodes == NULL) + if (!level->nodes) level->nodes = policy_node_cmp_new(); - if (level->nodes == NULL) + if (!level->nodes) goto node_error; if (!sk_X509_POLICY_NODE_push(level->nodes, node)) goto node_error; @@ -87,9 +137,9 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, } if (tree) { - if (tree->extra_data == NULL) + if (!tree->extra_data) tree->extra_data = sk_X509_POLICY_DATA_new_null(); - if (tree->extra_data == NULL) + if (!tree->extra_data) goto node_error; if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) goto node_error; @@ -102,7 +152,8 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, node_error: policy_node_free(node); - return NULL; + return 0; + } void policy_node_free(X509_POLICY_NODE *node) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c index 9f9246be..09b8691c 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c @@ -1,13 +1,63 @@ +/* pcy_tree.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> @@ -48,26 +98,22 @@ static void expected_print(BIO *err, X509_POLICY_LEVEL *lev, static void tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) { - BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE); X509_POLICY_LEVEL *plev; - - if (err == NULL) - return; + X509_POLICY_NODE *node; + int i; + BIO *err; + err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!curr) curr = tree->levels + tree->nlevel; else curr++; - BIO_printf(err, "Level print after %s\n", str); BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels); for (plev = tree->levels; plev != curr; plev++) { - int i; - BIO_printf(err, "Level %ld, flags = %x\n", - (long)(plev - tree->levels), plev->flags); + plev - tree->levels, plev->flags); for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) { - X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(plev->nodes, i); - + node = sk_X509_POLICY_NODE_value(plev->nodes, i); X509_POLICY_NODE_print(err, node, 2); expected_print(err, plev, node, 2); BIO_printf(err, " Flags: %x\n", node->data->flags); @@ -75,17 +121,26 @@ static void tree_print(char *str, X509_POLICY_TREE *tree, if (plev->anyPolicy) X509_POLICY_NODE_print(err, plev->anyPolicy, 2); } + BIO_free(err); + } +#else + +# define tree_print(a,b,c) /* */ + #endif /*- - * Return value: <= 0 on error, or positive bit mask: - * - * X509_PCY_TREE_VALID: valid tree - * X509_PCY_TREE_EMPTY: empty tree (including bare TA case) - * X509_PCY_TREE_EXPLICIT: explicit policy required + * Initialize policy tree. Return values: + * 0 Some internal error occurred. + * -1 Inconsistent or invalid extensions in certificates. + * 1 Tree initialized OK. + * 2 Policy tree is empty. + * 5 Tree OK and requireExplicitPolicy true. + * 6 Tree empty and requireExplicitPolicy true. */ + static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, unsigned int flags) { @@ -93,112 +148,114 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, X509_POLICY_LEVEL *level; const X509_POLICY_CACHE *cache; X509_POLICY_DATA *data = NULL; - int ret = X509_PCY_TREE_VALID; - int n = sk_X509_num(certs) - 1; /* RFC5280 paths omit the TA */ - int explicit_policy = (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : n+1; - int any_skip = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : n+1; - int map_skip = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : n+1; - int i; - + X509 *x; + int ret = 1; + int i, n; + int explicit_policy; + int any_skip; + int map_skip; *ptree = NULL; + n = sk_X509_num(certs); - /* Can't do anything with just a trust anchor */ - if (n == 0) - return X509_PCY_TREE_EMPTY; +#if 0 + /* Disable policy mapping for now... */ + flags |= X509_V_FLAG_INHIBIT_MAP; +#endif - /* - * First setup the policy cache in all n non-TA certificates, this will be - * used in X509_verify_cert() which will invoke the verify callback for all - * certificates with invalid policy extensions. - */ - for (i = n - 1; i >= 0; i--) { - X509 *x = sk_X509_value(certs, i); + if (flags & X509_V_FLAG_EXPLICIT_POLICY) + explicit_policy = 0; + else + explicit_policy = n + 1; - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, 0); + if (flags & X509_V_FLAG_INHIBIT_ANY) + any_skip = 0; + else + any_skip = n + 1; - /* If cache is NULL, likely ENOMEM: return immediately */ - if (policy_cache_set(x) == NULL) - return X509_PCY_TREE_INTERNAL; - } + if (flags & X509_V_FLAG_INHIBIT_MAP) + map_skip = 0; + else + map_skip = n + 1; + /* Can't do anything with just a trust anchor */ + if (n == 1) + return 1; /* - * At this point check for invalid policies and required explicit policy. - * Note that the explicit_policy counter is a count-down to zero, with the - * requirement kicking in if and once it does that. The counter is - * decremented for every non-self-issued certificate in the path, but may - * be further reduced by policy constraints in a non-leaf certificate. - * - * The ultimate policy set is the intersection of all the policies along - * the path, if we hit a certificate with an empty policy set, and explicit - * policy is required we're done. + * First setup policy cache in all certificates apart from the trust + * anchor. Note any bad cache results on the way. Also can calculate + * explicit_policy value at this point. */ - for (i = n - 1; - i >= 0 && (explicit_policy > 0 || (ret & X509_PCY_TREE_EMPTY) == 0); - i--) { - X509 *x = sk_X509_value(certs, i); - uint32_t ex_flags = X509_get_extension_flags(x); - - /* All the policies are already cached, we can return early */ - if (ex_flags & EXFLAG_INVALID_POLICY) - return X509_PCY_TREE_INVALID; - - /* Access the cache which we now know exists */ + for (i = n - 2; i >= 0; i--) { + x = sk_X509_value(certs, i); + X509_check_purpose(x, -1, -1); cache = policy_cache_set(x); - - if ((ret & X509_PCY_TREE_VALID) && cache->data == NULL) - ret = X509_PCY_TREE_EMPTY; + /* If cache NULL something bad happened: return immediately */ + if (cache == NULL) + return 0; + /* + * If inconsistent extensions keep a note of it but continue + */ + if (x->ex_flags & EXFLAG_INVALID_POLICY) + ret = -1; + /* + * Otherwise if we have no data (hence no CertificatePolicies) and + * haven't already set an inconsistent code note it. + */ + else if ((ret == 1) && !cache->data) + ret = 2; if (explicit_policy > 0) { - if (!(ex_flags & EXFLAG_SI)) + if (!(x->ex_flags & EXFLAG_SI)) explicit_policy--; - if ((cache->explicit_skip >= 0) + if ((cache->explicit_skip != -1) && (cache->explicit_skip < explicit_policy)) explicit_policy = cache->explicit_skip; } } - if (explicit_policy == 0) - ret |= X509_PCY_TREE_EXPLICIT; - if ((ret & X509_PCY_TREE_VALID) == 0) + if (ret != 1) { + if (ret == 2 && !explicit_policy) + return 6; return ret; + } /* If we get this far initialize the tree */ - if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL) - return X509_PCY_TREE_INTERNAL; - /* - * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. - * - * The top level is implicitly for the trust anchor with valid expected - * policies of anyPolicy. (RFC 5280 has the TA at depth 0 and the leaf at - * depth n, we have the leaf at depth 0 and the TA at depth n). - */ - if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) { + tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE)); + + if (!tree) + return 0; + + tree->flags = 0; + tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n); + tree->nlevel = 0; + tree->extra_data = NULL; + tree->auth_policies = NULL; + tree->user_policies = NULL; + + if (!tree->levels) { OPENSSL_free(tree); - return X509_PCY_TREE_INTERNAL; + return 0; } - tree->nlevel = n+1; + + memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); + + tree->nlevel = n; + level = tree->levels; - if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL) - goto bad_tree; - if (level_add_node(level, data, NULL, tree) == NULL) { - policy_data_free(data); - goto bad_tree; - } - /* - * In this pass initialize all the tree levels and whether anyPolicy and - * policy mapping are inhibited at each level. - */ - for (i = n - 1; i >= 0; i--) { - X509 *x = sk_X509_value(certs, i); - uint32_t ex_flags = X509_get_extension_flags(x); + /* Root data: initialize to anyPolicy */ - /* Access the cache which we now know exists */ - cache = policy_cache_set(x); + data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); - X509_up_ref(x); - (++level)->cert = x; + if (!data || !level_add_node(level, data, NULL, tree)) + goto bad_tree; + + for (i = n - 2; i >= 0; i--) { + level++; + x = sk_X509_value(certs, i); + cache = policy_cache_set(x); + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + level->cert = x; if (!cache->anyPolicy) level->flags |= X509_V_FLAG_INHIBIT_ANY; @@ -206,57 +263,63 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, /* Determine inhibit any and inhibit map flags */ if (any_skip == 0) { /* - * Any matching allowed only if certificate is self issued and not - * the last in the chain. + * Any matching allowed if certificate is self issued and not the + * last in the chain. */ - if (!(ex_flags & EXFLAG_SI) || (i == 0)) + if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) level->flags |= X509_V_FLAG_INHIBIT_ANY; } else { - if (!(ex_flags & EXFLAG_SI)) + if (!(x->ex_flags & EXFLAG_SI)) any_skip--; - if ((cache->any_skip >= 0) && (cache->any_skip < any_skip)) + if ((cache->any_skip >= 0) + && (cache->any_skip < any_skip)) any_skip = cache->any_skip; } if (map_skip == 0) level->flags |= X509_V_FLAG_INHIBIT_MAP; else { - if (!(ex_flags & EXFLAG_SI)) + if (!(x->ex_flags & EXFLAG_SI)) map_skip--; - if ((cache->map_skip >= 0) && (cache->map_skip < map_skip)) + if ((cache->map_skip >= 0) + && (cache->map_skip < map_skip)) map_skip = cache->map_skip; } + } *ptree = tree; - return ret; + + if (explicit_policy) + return 1; + else + return 5; bad_tree: + X509_policy_tree_free(tree); - return X509_PCY_TREE_INTERNAL; + + return 0; + } -/* - * Return value: 1 on success, 0 otherwise - */ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_DATA *data) + const X509_POLICY_DATA *data) { X509_POLICY_LEVEL *last = curr - 1; + X509_POLICY_NODE *node; int i, matched = 0; - /* Iterate through all in nodes linking matches */ for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) { - X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); - + node = sk_X509_POLICY_NODE_value(last->nodes, i); if (policy_node_match(last, node, data->valid_policy)) { - if (level_add_node(curr, data, node, NULL) == NULL) + if (!level_add_node(curr, data, node, NULL)) return 0; matched = 1; } } if (!matched && last->anyPolicy) { - if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL) + if (!level_add_node(curr, data, last->anyPolicy, NULL)) return 0; } return 1; @@ -265,17 +328,29 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, /* * This corresponds to RFC3280 6.1.3(d)(1): link any data from * CertificatePolicies onto matching parent or anyPolicy if no match. - * - * Return value: 1 on success, 0 otherwise. */ + static int tree_link_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache) { int i; + X509_POLICY_DATA *data; for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { - X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); - + data = sk_X509_POLICY_DATA_value(cache->data, i); + /* + * If a node is mapped any it doesn't have a corresponding + * CertificatePolicies entry. However such an identical node would + * be created if anyPolicy matching is enabled because there would be + * no match with the parent valid_policy_set. So we create link + * because then it will have the mapping flags right and we can prune + * it later. + */ +#if 0 + if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) + && !(curr->flags & X509_V_FLAG_INHIBIT_ANY)) + continue; +#endif /* Look for matching nodes in previous level */ if (!tree_link_matching_nodes(curr, data)) return 0; @@ -286,38 +361,35 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, /* * This corresponds to RFC3280 6.1.3(d)(2): Create new data for any unmatched * policies in the parent and link to anyPolicy. - * - * Return value: 1 on success, 0 otherwise. */ + static int tree_add_unmatched(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, const ASN1_OBJECT *id, X509_POLICY_NODE *node, X509_POLICY_TREE *tree) { X509_POLICY_DATA *data; - if (id == NULL) id = node->data->valid_policy; /* * Create a new node with qualifiers from anyPolicy and id from unmatched * node. */ - if ((data = policy_data_new(NULL, id, node_critical(node))) == NULL) - return 0; + data = policy_data_new(NULL, id, node_critical(node)); + if (data == NULL) + return 0; /* Curr may not have anyPolicy */ data->qualifier_set = cache->anyPolicy->qualifier_set; data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; - if (level_add_node(curr, data, node, tree) == NULL) { + if (!level_add_node(curr, data, node, tree)) { policy_data_free(data); return 0; } + return 1; } -/* - * Return value: 1 on success, 0 otherwise. - */ static int tree_link_unmatched(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, X509_POLICY_NODE *node, X509_POLICY_TREE *tree) @@ -348,17 +420,19 @@ static int tree_link_unmatched(X509_POLICY_LEVEL *curr, } } + return 1; + } -/* - * Return value: 1 on success, 0 otherwise - */ static int tree_link_any(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, X509_POLICY_TREE *tree) { int i; + /* + * X509_POLICY_DATA *data; + */ X509_POLICY_NODE *node; X509_POLICY_LEVEL *last = curr - 1; @@ -367,24 +441,50 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, if (!tree_link_unmatched(curr, cache, node, tree)) return 0; + +#if 0 + + /* + * Skip any node with any children: we only want unmathced nodes. + * Note: need something better for policy mapping because each node + * may have multiple children + */ + if (node->nchild) + continue; + + /* + * Create a new node with qualifiers from anyPolicy and id from + * unmatched node. + */ + data = policy_data_new(NULL, node->data->valid_policy, + node_critical(node)); + + if (data == NULL) + return 0; + /* Curr may not have anyPolicy */ + data->qualifier_set = cache->anyPolicy->qualifier_set; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; + if (!level_add_node(curr, data, node, tree)) { + policy_data_free(data); + return 0; + } +#endif + } /* Finally add link to anyPolicy */ - if (last->anyPolicy && - level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL) - return 0; + if (last->anyPolicy) { + if (!level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL)) + return 0; + } return 1; } -/*- - * Prune the tree: delete any child mapped child data on the current level then - * proceed up the tree deleting any data with no children. If we ever have no - * data on a level we can halt because the tree will be empty. - * - * Return value: <= 0 error, otherwise one of: - * - * X509_PCY_TREE_VALID: valid tree - * X509_PCY_TREE_EMPTY: empty tree +/* + * Prune the tree: delete any child mapped child data on the current level + * then proceed up the tree deleting any data with no children. If we ever + * have no data on a level we can halt because the tree will be empty. */ + static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) { STACK_OF(X509_POLICY_NODE) *nodes; @@ -423,43 +523,41 @@ static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) if (curr == tree->levels) { /* If we zapped anyPolicy at top then tree is empty */ if (!curr->anyPolicy) - return X509_PCY_TREE_EMPTY; - break; + return 2; + return 1; } } - return X509_PCY_TREE_VALID; + + return 1; + } -/* - * Return value: 1 on success, 0 otherwise. - */ static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes, X509_POLICY_NODE *pcy) { - if (*pnodes == NULL && - (*pnodes = policy_node_cmp_new()) == NULL) - return 0; - if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) + if (!*pnodes) { + *pnodes = policy_node_cmp_new(); + if (!*pnodes) + return 0; + } else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) return 1; - return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0; -} -#define TREE_CALC_FAILURE 0 -#define TREE_CALC_OK_NOFREE 1 -#define TREE_CALC_OK_DOFREE 2 + if (!sk_X509_POLICY_NODE_push(*pnodes, pcy)) + return 0; -/*- - * Calculate the authority set based on policy tree. The 'pnodes' parameter is - * used as a store for the set of policy nodes used to calculate the user set. - * If the authority set is not anyPolicy then pnodes will just point to the - * authority set. If however the authority set is anyPolicy then the set of - * valid policies (other than anyPolicy) is store in pnodes. - * - * Return value: - * TREE_CALC_FAILURE on failure, - * TREE_CALC_OK_NOFREE on success and pnodes need not be freed, - * TREE_CALC_OK_DOFREE on success and pnodes needs to be freed + return 1; + +} + +/* + * Calculate the authority set based on policy tree. The 'pnodes' parameter + * is used as a store for the set of policy nodes used to calculate the user + * set. If the authority set is not anyPolicy then pnodes will just point to + * the authority set. If however the authority set is anyPolicy then the set + * of valid policies (other than anyPolicy) is store in pnodes. The return + * value of '2' is used in this case to indicate that pnodes should be freed. */ + static int tree_calculate_authority_set(X509_POLICY_TREE *tree, STACK_OF(X509_POLICY_NODE) **pnodes) { @@ -472,7 +570,7 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, /* If last level contains anyPolicy set is anyPolicy */ if (curr->anyPolicy) { if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)) - return TREE_CALC_FAILURE; + return 0; addnodes = pnodes; } else /* Add policies to authority set */ @@ -484,31 +582,25 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, * If no anyPolicy node on this this level it can't appear on lower * levels so end search. */ - if ((anyptr = curr->anyPolicy) == NULL) + if (!(anyptr = curr->anyPolicy)) break; curr++; for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) { node = sk_X509_POLICY_NODE_value(curr->nodes, j); if ((node->parent == anyptr) - && !tree_add_auth_node(addnodes, node)) { - if (addnodes == pnodes) { - sk_X509_POLICY_NODE_free(*pnodes); - *pnodes = NULL; - } - return TREE_CALC_FAILURE; - } + && !tree_add_auth_node(addnodes, node)) + return 0; } } + if (addnodes == pnodes) - return TREE_CALC_OK_DOFREE; + return 2; *pnodes = tree->auth_policies; - return TREE_CALC_OK_NOFREE; + + return 1; } -/* - * Return value: 1 on success, 0 otherwise. - */ static int tree_calculate_user_set(X509_POLICY_TREE *tree, STACK_OF(ASN1_OBJECT) *policy_oids, STACK_OF(X509_POLICY_NODE) *auth_nodes) @@ -516,6 +608,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, int i; X509_POLICY_NODE *node; ASN1_OBJECT *oid; + X509_POLICY_NODE *anyPolicy; X509_POLICY_DATA *extra; @@ -523,6 +616,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, * Check if anyPolicy present in authority constrained policy set: this * will happen if it is a leaf node. */ + if (sk_ASN1_OBJECT_num(policy_oids) <= 0) return 1; @@ -547,7 +641,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, * from anyPolicy. */ extra = policy_data_new(NULL, oid, node_critical(anyPolicy)); - if (extra == NULL) + if (!extra) return 0; extra->qualifier_set = anyPolicy->data->qualifier_set; extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS @@ -563,14 +657,9 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, return 0; } return 1; + } -/*- - * Return value: <= 0 error, otherwise one of: - * X509_PCY_TREE_VALID: valid tree - * X509_PCY_TREE_EMPTY: empty tree - * (see tree_prune()). - */ static int tree_evaluate(X509_POLICY_TREE *tree) { int ret, i; @@ -580,19 +669,19 @@ static int tree_evaluate(X509_POLICY_TREE *tree) for (i = 1; i < tree->nlevel; i++, curr++) { cache = policy_cache_set(curr->cert); if (!tree_link_nodes(curr, cache)) - return X509_PCY_TREE_INTERNAL; + return 0; if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) && !tree_link_any(curr, cache, tree)) - return X509_PCY_TREE_INTERNAL; -#ifdef OPENSSL_POLICY_DEBUG + return 0; tree_print("before tree_prune()", tree, curr); -#endif ret = tree_prune(tree, curr); - if (ret != X509_PCY_TREE_VALID) + if (ret != 1) return ret; } - return X509_PCY_TREE_VALID; + + return 1; + } static void exnode_free(X509_POLICY_NODE *node) @@ -613,12 +702,17 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree) sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) { - X509_free(curr->cert); - sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); - policy_node_free(curr->anyPolicy); + if (curr->cert) + X509_free(curr->cert); + if (curr->nodes) + sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); + if (curr->anyPolicy) + policy_node_free(curr->anyPolicy); } - sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); + if (tree->extra_data) + sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); + OPENSSL_free(tree->levels); OPENSSL_free(tree); @@ -627,70 +721,111 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree) /*- * Application policy checking function. * Return codes: - * X509_PCY_TREE_FAILURE: Failure to satisfy explicit policy - * X509_PCY_TREE_INVALID: Inconsistent or invalid extensions - * X509_PCY_TREE_INTERNAL: Internal error, most likely malloc - * X509_PCY_TREE_VALID: Success (null tree if empty or bare TA) + * 0 Internal Error. + * 1 Successful. + * -1 One or more certificates contain invalid or inconsistent extensions + * -2 User constrained policy set empty and requireExplicit true. */ + int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, STACK_OF(X509) *certs, STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags) { - int init_ret; int ret; X509_POLICY_TREE *tree = NULL; STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; - *ptree = NULL; + *pexplicit_policy = 0; - init_ret = tree_init(&tree, certs, flags); + ret = tree_init(&tree, certs, flags); - if (init_ret <= 0) - return init_ret; + switch (ret) { - if ((init_ret & X509_PCY_TREE_EXPLICIT) == 0) { - if (init_ret & X509_PCY_TREE_EMPTY) { - X509_policy_tree_free(tree); - return X509_PCY_TREE_VALID; - } - } else { + /* Tree empty requireExplicit False: OK */ + case 2: + return 1; + + /* Some internal error */ + case -1: + return -1; + + /* Some internal error */ + case 0: + return 0; + + /* Tree empty requireExplicit True: Error */ + + case 6: *pexplicit_policy = 1; - /* Tree empty and requireExplicit True: Error */ - if (init_ret & X509_PCY_TREE_EMPTY) - return X509_PCY_TREE_FAILURE; + return -2; + + /* Tree OK requireExplicit True: OK and continue */ + case 5: + *pexplicit_policy = 1; + break; + + /* Tree OK: continue */ + + case 1: + if (!tree) + /* + * tree_init() returns success and a null tree + * if it's just looking at a trust anchor. + * I'm not sure that returning success here is + * correct, but I'm sure that reporting this + * as an internal error which our caller + * interprets as a malloc failure is wrong. + */ + return 1; + break; } + if (!tree) + goto error; ret = tree_evaluate(tree); -#ifdef OPENSSL_POLICY_DEBUG + tree_print("tree_evaluate()", tree, NULL); -#endif + if (ret <= 0) goto error; - if (ret == X509_PCY_TREE_EMPTY) { + /* Return value 2 means tree empty */ + if (ret == 2) { X509_policy_tree_free(tree); - if (init_ret & X509_PCY_TREE_EXPLICIT) - return X509_PCY_TREE_FAILURE; - return X509_PCY_TREE_VALID; + if (*pexplicit_policy) + return -2; + else + return 1; } /* Tree is not empty: continue */ - if ((ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0 || - !tree_calculate_user_set(tree, policy_oids, auth_nodes)) + + ret = tree_calculate_authority_set(tree, &auth_nodes); + + if (!ret) goto error; - if (ret == TREE_CALC_OK_DOFREE) + + if (!tree_calculate_user_set(tree, policy_oids, auth_nodes)) + goto error; + + if (ret == 2) sk_X509_POLICY_NODE_free(auth_nodes); - *ptree = tree; + if (tree) + *ptree = tree; - if (init_ret & X509_PCY_TREE_EXPLICIT) { + if (*pexplicit_policy) { nodes = X509_policy_tree_get0_user_policies(tree); if (sk_X509_POLICY_NODE_num(nodes) <= 0) - return X509_PCY_TREE_FAILURE; + return -2; } - return X509_PCY_TREE_VALID; + + return 1; error: + X509_policy_tree_free(tree); - return X509_PCY_TREE_INTERNAL; + + return 0; + } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c index ef1d775a..1290dec9 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c @@ -1,10 +1,58 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Contributed to the OpenSSL Project by the American Registry for + * Internet Numbers ("ARIN"). + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). */ /* @@ -14,14 +62,12 @@ #include <stdio.h> #include <stdlib.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/buffer.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" -#include "ext_dat.h" #ifndef OPENSSL_NO_RFC3779 @@ -52,7 +98,7 @@ ASN1_SEQUENCE(IPAddressFamily) = { ASN1_ITEM_TEMPLATE(IPAddrBlocks) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, IPAddrBlocks, IPAddressFamily) -static_ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) +ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange) IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange) @@ -62,7 +108,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily) /* * How much buffer space do we need for a raw address? */ -#define ADDR_RAW_BUF_LEN 16 +# define ADDR_RAW_BUF_LEN 16 /* * What's the address length associated with this AFI? @@ -82,7 +128,7 @@ static int length_from_afi(const unsigned afi) /* * Extract the AFI from an IPAddressFamily. */ -unsigned int X509v3_addr_get_afi(const IPAddressFamily *f) +unsigned int v3_addr_get_afi(const IPAddressFamily *f) { return ((f != NULL && f->addressFamily != NULL && f->addressFamily->data != NULL) @@ -117,7 +163,7 @@ static int addr_expand(unsigned char *addr, /* * Extract the prefix length from a bitstring. */ -#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) +# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) /* * i2r handler for one address bitstring. @@ -200,7 +246,7 @@ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, int i; for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - const unsigned int afi = X509v3_addr_get_afi(f); + const unsigned int afi = v3_addr_get_afi(f); switch (afi) { case IANA_AFI_IPV4: BIO_printf(out, "%*sIPv4", indent, ""); @@ -312,7 +358,7 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a, /* * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort() - * comparison routines are only allowed two arguments. + * comparision routines are only allowed two arguments. */ static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, const IPAddressOrRange *const *b) @@ -322,7 +368,7 @@ static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, /* * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort() - * comparison routines are only allowed two arguments. + * comparision routines are only allowed two arguments. */ static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a, const IPAddressOrRange *const *b) @@ -482,7 +528,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, { IPAddressFamily *f; unsigned char key[3]; - int keylen; + unsigned keylen; int i; key[0] = (afi >> 8) & 0xFF; @@ -525,8 +571,8 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, /* * Add an inheritance element. */ -int X509v3_addr_add_inherit(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi) +int v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi) { IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); if (f == NULL || @@ -581,10 +627,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, /* * Add a prefix. */ -int X509v3_addr_add_prefix(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi, - unsigned char *a, const int prefixlen) +int v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, + const unsigned *safi, + unsigned char *a, const int prefixlen) { IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); IPAddressOrRange *aor; @@ -599,10 +645,10 @@ int X509v3_addr_add_prefix(IPAddrBlocks *addr, /* * Add a range. */ -int X509v3_addr_add_range(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi, - unsigned char *min, unsigned char *max) +int v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, + const unsigned *safi, + unsigned char *min, unsigned char *max) { IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); IPAddressOrRange *aor; @@ -639,10 +685,10 @@ static int extract_min_max(IPAddressOrRange *aor, /* * Public wrapper for extract_min_max(). */ -int X509v3_addr_get_range(IPAddressOrRange *aor, - const unsigned afi, - unsigned char *min, - unsigned char *max, const int length) +int v3_addr_get_range(IPAddressOrRange *aor, + const unsigned afi, + unsigned char *min, + unsigned char *max, const int length) { int afi_length = length_from_afi(afi); if (aor == NULL || min == NULL || max == NULL || @@ -656,7 +702,7 @@ int X509v3_addr_get_range(IPAddressOrRange *aor, } /* - * Sort comparison function for a sequence of IPAddressFamily. + * Sort comparision function for a sequence of IPAddressFamily. * * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about * the ordering: I can read it as meaning that IPv6 without a SAFI @@ -678,7 +724,7 @@ static int IPAddressFamily_cmp(const IPAddressFamily *const *a_, /* * Check whether an IPAddrBLocks is in canonical form. */ -int X509v3_addr_is_canonical(IPAddrBlocks *addr) +int v3_addr_is_canonical(IPAddrBlocks *addr) { unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; @@ -686,7 +732,7 @@ int X509v3_addr_is_canonical(IPAddrBlocks *addr) int i, j, k; /* - * Empty extension is canonical. + * Empty extension is cannonical. */ if (addr == NULL) return 1; @@ -706,7 +752,7 @@ int X509v3_addr_is_canonical(IPAddrBlocks *addr) */ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - int length = length_from_afi(X509v3_addr_get_afi(f)); + int length = length_from_afi(v3_addr_get_afi(f)); /* * Inheritance is canonical. Anything other than inheritance or @@ -849,8 +895,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); if (a != NULL && a->type == IPAddressOrRange_addressRange) { unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; - if (!extract_min_max(a, a_min, a_max, length)) - return 0; + extract_min_max(a, a_min, a_max, length); if (memcmp(a_min, a_max, length) > 0) return 0; } @@ -862,7 +907,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, /* * Whack an IPAddrBlocks extension into canonical form. */ -int X509v3_addr_canonize(IPAddrBlocks *addr) +int v3_addr_canonize(IPAddrBlocks *addr) { int i; for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { @@ -870,12 +915,12 @@ int X509v3_addr_canonize(IPAddrBlocks *addr) if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && !IPAddressOrRanges_canonize(f->ipAddressChoice-> u.addressesOrRanges, - X509v3_addr_get_afi(f))) + v3_addr_get_afi(f))) return 0; } (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); sk_IPAddressFamily_sort(addr); - OPENSSL_assert(X509v3_addr_is_canonical(addr)); + OPENSSL_assert(v3_addr_is_canonical(addr)); return 1; } @@ -901,7 +946,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, CONF_VALUE *val = sk_CONF_VALUE_value(values, i); unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; unsigned afi, *safi = NULL, safi_; - const char *addr_chars = NULL; + const char *addr_chars; int prefixlen, i1, i2, delim, length; if (!name_cmp(val->name, "IPv4")) { @@ -933,7 +978,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, length = length_from_afi(afi); /* - * Handle SAFI, if any, and OPENSSL_strdup() so we can null-terminate + * Handle SAFI, if any, and BUF_strdup() so we can null-terminate * the other input values. */ if (safi != NULL) { @@ -945,9 +990,9 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, goto err; } t += strspn(t, " \t"); - s = OPENSSL_strdup(t); + s = BUF_strdup(t); } else { - s = OPENSSL_strdup(val->value); + s = BUF_strdup(val->value); } if (s == NULL) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); @@ -958,8 +1003,8 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, * Check for inheritance. Not worth additional complexity to * optimize this (seldom-used) case. */ - if (strcmp(s, "inherit") == 0) { - if (!X509v3_addr_add_inherit(addr, afi, safi)) { + if (!strcmp(s, "inherit")) { + if (!v3_addr_add_inherit(addr, afi, safi)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE); X509V3_conf_err(val); @@ -990,7 +1035,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, X509V3_conf_err(val); goto err; } - if (!X509v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { + if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); goto err; } @@ -1016,13 +1061,13 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, X509V3_conf_err(val); goto err; } - if (!X509v3_addr_add_range(addr, afi, safi, min, max)) { + if (!v3_addr_add_range(addr, afi, safi, min, max)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); goto err; } break; case '\0': - if (!X509v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { + if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); goto err; } @@ -1041,7 +1086,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, /* * Canonize the result, then we're done. */ - if (!X509v3_addr_canonize(addr)) + if (!v3_addr_canonize(addr)) goto err; return addr; @@ -1071,7 +1116,7 @@ const X509V3_EXT_METHOD v3_addr = { /* * Figure out whether extension sues inheritance. */ -int X509v3_addr_inherits(IPAddrBlocks *addr) +int v3_addr_inherits(IPAddrBlocks *addr) { int i; if (addr == NULL) @@ -1124,12 +1169,12 @@ static int addr_contains(IPAddressOrRanges *parent, /* * Test whether a is a subset of b. */ -int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) +int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) { int i; if (a == NULL || a == b) return 1; - if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b)) + if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) return 0; (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); for (i = 0; i < sk_IPAddressFamily_num(a); i++) { @@ -1141,7 +1186,7 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) return 0; if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, fa->ipAddressChoice->u.addressesOrRanges, - length_from_afi(X509v3_addr_get_afi(fb)))) + length_from_afi(v3_addr_get_afi(fb)))) return 0; } return 1; @@ -1150,7 +1195,7 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) /* * Validation error handling via callback. */ -#define validation_err(_err_) \ +# define validation_err(_err_) \ do { \ if (ctx != NULL) { \ ctx->error = _err_; \ @@ -1172,9 +1217,9 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) * When returning 0, ctx->error MUST be set to an appropriate value other than * X509_V_OK. */ -static int addr_validate_path_internal(X509_STORE_CTX *ctx, - STACK_OF(X509) *chain, - IPAddrBlocks *ext) +static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, + STACK_OF(X509) *chain, + IPAddrBlocks *ext) { IPAddrBlocks *child = NULL; int i, j, ret = 1; @@ -1199,11 +1244,11 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, if ((ext = x->rfc3779_addr) == NULL) goto done; } - if (!X509v3_addr_is_canonical(ext)) + if (!v3_addr_is_canonical(ext)) validation_err(X509_V_ERR_INVALID_EXTENSION); (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { - X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL, + X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; ret = 0; @@ -1217,7 +1262,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, for (i++; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); OPENSSL_assert(x != NULL); - if (!X509v3_addr_is_canonical(x->rfc3779_addr)) + if (!v3_addr_is_canonical(x->rfc3779_addr)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (x->rfc3779_addr == NULL) { for (j = 0; j < sk_IPAddressFamily_num(child); j++) { @@ -1249,7 +1294,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, if (fc->ipAddressChoice->type == IPAddressChoice_inherit || addr_contains(fp->ipAddressChoice->u.addressesOrRanges, fc->ipAddressChoice->u.addressesOrRanges, - length_from_afi(X509v3_addr_get_afi(fc)))) + length_from_afi(v3_addr_get_afi(fc)))) sk_IPAddressFamily_set(child, j, fp); else validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -1276,30 +1321,30 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, return ret; } -#undef validation_err +# undef validation_err /* * RFC 3779 2.3 path validation -- called from X509_verify_cert(). */ -int X509v3_addr_validate_path(X509_STORE_CTX *ctx) +int v3_addr_validate_path(X509_STORE_CTX *ctx) { - return addr_validate_path_internal(ctx, ctx->chain, NULL); + return v3_addr_validate_path_internal(ctx, ctx->chain, NULL); } /* * RFC 3779 2.3 path validation of an extension. * Test whether chain covers extension. */ -int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, +int v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, int allow_inheritance) { if (ext == NULL) return 1; if (chain == NULL || sk_X509_num(chain) == 0) return 0; - if (!allow_inheritance && X509v3_addr_inherits(ext)) + if (!allow_inheritance && v3_addr_inherits(ext)) return 0; - return addr_validate_path_internal(NULL, chain, ext); + return v3_addr_validate_path_internal(NULL, chain, ext); } #endif /* OPENSSL_NO_RFC3779 */ diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c index d9f77043..e920270e 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c @@ -1,19 +1,68 @@ +/* v3_akey.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid, @@ -41,14 +90,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, { char *tmp; if (akeyid->keyid) { - tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); + tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); X509V3_add_value("keyid", tmp, &extlist); OPENSSL_free(tmp); } if (akeyid->issuer) extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); if (akeyid->serial) { - tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); + tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length); X509V3_add_value("serial", tmp, &extlist); OPENSSL_free(tmp); } @@ -82,13 +131,13 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, for (i = 0; i < sk_CONF_VALUE_num(values); i++) { cnf = sk_CONF_VALUE_value(values, i); - if (strcmp(cnf->name, "keyid") == 0) { + if (!strcmp(cnf->name, "keyid")) { keyid = 1; - if (cnf->value && strcmp(cnf->value, "always") == 0) + if (cnf->value && !strcmp(cnf->value, "always")) keyid = 2; - } else if (strcmp(cnf->name, "issuer") == 0) { + } else if (!strcmp(cnf->name, "issuer")) { issuer = 1; - if (cnf->value && strcmp(cnf->value, "always") == 0) + if (cnf->value && !strcmp(cnf->value, "always")) issuer = 2; } else { X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION); @@ -120,7 +169,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, if ((issuer && !ikeyid) || (issuer == 2)) { isname = X509_NAME_dup(X509_get_issuer_name(cert)); - serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); if (!isname || !serial) { X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); @@ -128,12 +177,12 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, } } - if ((akeyid = AUTHORITY_KEYID_new()) == NULL) + if (!(akeyid = AUTHORITY_KEYID_new())) goto err; if (isname) { - if ((gens = sk_GENERAL_NAME_new_null()) == NULL - || (gen = GENERAL_NAME_new()) == NULL + if (!(gens = sk_GENERAL_NAME_new_null()) + || !(gen = GENERAL_NAME_new()) || !sk_GENERAL_NAME_push(gens, gen)) { X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); goto err; @@ -143,18 +192,14 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, } akeyid->issuer = gens; - gen = NULL; - gens = NULL; akeyid->serial = serial; akeyid->keyid = ikeyid; return akeyid; err: - sk_GENERAL_NAME_free(gens); - GENERAL_NAME_free(gen); X509_NAME_free(isname); - ASN1_INTEGER_free(serial); - ASN1_OCTET_STRING_free(ikeyid); + M_ASN1_INTEGER_free(serial); + M_ASN1_OCTET_STRING_free(ikeyid); return NULL; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c index d6dd6bcb..2cc85b76 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c @@ -1,14 +1,64 @@ +/* v3_akey_asn1.c */ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c index 0364e336..7f1e71dd 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c @@ -1,17 +1,66 @@ +/* v3_alt.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, @@ -21,10 +70,10 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *nval); static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); -static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); -static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); +static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); +static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); -const X509V3_EXT_METHOD v3_alt[3] = { +const X509V3_EXT_METHOD v3_alt[] = { {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), 0, 0, 0, 0, 0, 0, @@ -158,7 +207,7 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) break; case GEN_DIRNAME: - BIO_printf(out, "DirName:"); + BIO_printf(out, "DirName: "); X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); break; @@ -180,7 +229,7 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) break; case GEN_RID: - BIO_printf(out, "Registered ID:"); + BIO_printf(out, "Registered ID"); i2a_ASN1_OBJECT(out, gen->d.rid); break; } @@ -194,20 +243,19 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - - if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { + if (!(gens = sk_GENERAL_NAME_new_null())) { X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!name_cmp(cnf->name, "issuer") - && cnf->value && strcmp(cnf->value, "copy") == 0) { + if (!name_cmp(cnf->name, "issuer") && cnf->value && + !strcmp(cnf->value, "copy")) { if (!copy_issuer(ctx, gens)) goto err; } else { GENERAL_NAME *gen; - if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; sk_GENERAL_NAME_push(gens, gen); } @@ -226,7 +274,6 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) GENERAL_NAME *gen; X509_EXTENSION *ext; int i; - if (ctx && (ctx->flags == CTX_TEST)) return 1; if (!ctx || !ctx->issuer_cert) { @@ -236,8 +283,8 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); if (i < 0) return 1; - if ((ext = X509_get_ext(ctx->issuer_cert, i)) == NULL - || (ialt = X509V3_EXT_d2i(ext)) == NULL) { + if (!(ext = X509_get_ext(ctx->issuer_cert, i)) || + !(ialt = X509V3_EXT_d2i(ext))) { X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR); goto err; } @@ -265,24 +312,23 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - - if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { + if (!(gens = sk_GENERAL_NAME_new_null())) { X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!name_cmp(cnf->name, "email") - && cnf->value && strcmp(cnf->value, "copy") == 0) { + if (!name_cmp(cnf->name, "email") && cnf->value && + !strcmp(cnf->value, "copy")) { if (!copy_email(ctx, gens, 0)) goto err; - } else if (!name_cmp(cnf->name, "email") - && cnf->value && strcmp(cnf->value, "move") == 0) { + } else if (!name_cmp(cnf->name, "email") && cnf->value && + !strcmp(cnf->value, "move")) { if (!copy_email(ctx, gens, 1)) goto err; } else { GENERAL_NAME *gen; - if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; sk_GENERAL_NAME_push(gens, gen); } @@ -321,13 +367,13 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) while ((i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i)) >= 0) { ne = X509_NAME_get_entry(nm, i); - email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne)); + email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); if (move_p) { X509_NAME_delete_entry(nm, i); X509_NAME_ENTRY_free(ne); i--; } - if (email == NULL || (gen = GENERAL_NAME_new()) == NULL) { + if (!email || !(gen = GENERAL_NAME_new())) { X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE); goto err; } @@ -345,7 +391,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) err: GENERAL_NAME_free(gen); - ASN1_IA5STRING_free(email); + M_ASN1_IA5STRING_free(email); return 0; } @@ -357,14 +403,13 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - - if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { + if (!(gens = sk_GENERAL_NAME_new_null())) { X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; sk_GENERAL_NAME_push(gens, gen); } @@ -382,7 +427,7 @@ GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, int gen_type, const char *value, + X509V3_CTX *ctx, int gen_type, char *value, int is_nc) { char is_string = 0; @@ -413,7 +458,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, case GEN_RID: { ASN1_OBJECT *obj; - if ((obj = OBJ_txt2obj(value, 0)) == NULL) { + if (!(obj = OBJ_txt2obj(value, 0))) { X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_OBJECT); ERR_add_error_data(2, "value=", value); goto err; @@ -453,7 +498,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, } if (is_string) { - if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL || + if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, strlen(value))) { X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE); @@ -511,26 +556,27 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, } -static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) +static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { char *objtmp = NULL, *p; int objlen; - - if ((p = strchr(value, ';')) == NULL) + if (!(p = strchr(value, ';'))) return 0; - if ((gen->d.otherName = OTHERNAME_new()) == NULL) + if (!(gen->d.otherName = OTHERNAME_new())) return 0; /* * Free this up because we will overwrite it. no need to free type_id * because it is static */ ASN1_TYPE_free(gen->d.otherName->value); - if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL) + if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) return 0; objlen = p - value; - objtmp = OPENSSL_strndup(value, objlen); + objtmp = OPENSSL_malloc(objlen + 1); if (objtmp == NULL) return 0; + strncpy(objtmp, value, objlen); + objtmp[objlen] = 0; gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); OPENSSL_free(objtmp); if (!gen->d.otherName->type_id) @@ -538,13 +584,12 @@ static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) return 1; } -static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) +static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { int ret = 0; STACK_OF(CONF_VALUE) *sk = NULL; - X509_NAME *nm; - - if ((nm = X509_NAME_new()) == NULL) + X509_NAME *nm = NULL; + if (!(nm = X509_NAME_new())) goto err; sk = X509V3_get_section(ctx, value); if (!sk) { diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c index af4fcf4c..2a32c9d0 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c @@ -1,10 +1,58 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Contributed to the OpenSSL Project by the American Registry for + * Internet Numbers ("ARIN"). + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). */ /* @@ -13,15 +61,13 @@ #include <stdio.h> #include <string.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> #include <openssl/x509.h> -#include "internal/x509_int.h" #include <openssl/bn.h> -#include "ext_dat.h" #ifndef OPENSSL_NO_RFC3779 @@ -116,7 +162,7 @@ static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method, } /* - * Sort comparison function for a sequence of ASIdOrRange elements. + * Sort comparision function for a sequence of ASIdOrRange elements. */ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, const ASIdOrRange *const *b_) @@ -149,7 +195,7 @@ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, /* * Add an inherit element. */ -int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) +int v3_asid_add_inherit(ASIdentifiers *asid, int which) { ASIdentifierChoice **choice; if (asid == NULL) @@ -178,8 +224,8 @@ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) /* * Add an ID or range to an ASIdentifierChoice. */ -int X509v3_asid_add_id_or_range(ASIdentifiers *asid, - int which, ASN1_INTEGER *min, ASN1_INTEGER *max) +int v3_asid_add_id_or_range(ASIdentifiers *asid, + int which, ASN1_INTEGER *min, ASN1_INTEGER *max) { ASIdentifierChoice **choice; ASIdOrRange *aor; @@ -276,8 +322,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); - ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = - NULL; + ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; extract_min_max(a, &a_min, &a_max); extract_min_max(b, &b_min, &b_max); @@ -335,7 +380,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) /* * Check whether an ASIdentifier extension is in canonical form. */ -int X509v3_asid_is_canonical(ASIdentifiers *asid) +int v3_asid_is_canonical(ASIdentifiers *asid) { return (asid == NULL || (ASIdentifierChoice_is_canonical(asid->asnum) && @@ -379,8 +424,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); - ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = - NULL; + ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; extract_min_max(a, &a_min, &a_max); extract_min_max(b, &b_min, &b_max); @@ -426,7 +470,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) ASRange *r; switch (a->type) { case ASIdOrRange_id: - if ((r = OPENSSL_malloc(sizeof(*r))) == NULL) { + if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) { X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE); goto done; @@ -483,7 +527,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * Whack an ASIdentifier extension into canonical form. */ -int X509v3_asid_canonize(ASIdentifiers *asid) +int v3_asid_canonize(ASIdentifiers *asid) { return (asid == NULL || (ASIdentifierChoice_canonize(asid->asnum) && @@ -508,7 +552,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, for (i = 0; i < sk_CONF_VALUE_num(values); i++) { CONF_VALUE *val = sk_CONF_VALUE_value(values, i); - int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0; + int i1, i2, i3, is_range, which; /* * Figure out whether this is an AS or an RDI. @@ -527,8 +571,8 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, /* * Handle inheritance. */ - if (strcmp(val->value, "inherit") == 0) { - if (X509v3_asid_add_inherit(asid, which)) + if (!strcmp(val->value, "inherit")) { + if (v3_asid_add_inherit(asid, which)) continue; X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE); @@ -571,7 +615,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, goto err; } } else { - char *s = OPENSSL_strdup(val->value); + char *s = BUF_strdup(val->value); if (s == NULL) { X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); goto err; @@ -590,7 +634,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, goto err; } } - if (!X509v3_asid_add_id_or_range(asid, which, min, max)) { + if (!v3_asid_add_id_or_range(asid, which, min, max)) { X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); goto err; } @@ -600,7 +644,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, /* * Canonize the result, then we're done. */ - if (!X509v3_asid_canonize(asid)) + if (!v3_asid_canonize(asid)) goto err; return asid; @@ -631,7 +675,7 @@ const X509V3_EXT_METHOD v3_asid = { /* * Figure out whether extension uses inheritance. */ -int X509v3_asid_inherits(ASIdentifiers *asid) +int v3_asid_inherits(ASIdentifiers *asid) { return (asid != NULL && ((asid->asnum != NULL && @@ -645,7 +689,7 @@ int X509v3_asid_inherits(ASIdentifiers *asid) */ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) { - ASN1_INTEGER *p_min = NULL, *p_max = NULL, *c_min = NULL, *c_max = NULL; + ASN1_INTEGER *p_min, *p_max, *c_min, *c_max; int p, c; if (child == NULL || parent == child) @@ -672,15 +716,15 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) } /* - * Test whether a is a subset of b. + * Test whether a is a subet of b. */ -int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) +int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) { return (a == NULL || a == b || (b != NULL && - !X509v3_asid_inherits(a) && - !X509v3_asid_inherits(b) && + !v3_asid_inherits(a) && + !v3_asid_inherits(b) && asid_contains(b->asnum->u.asIdsOrRanges, a->asnum->u.asIdsOrRanges) && asid_contains(b->rdi->u.asIdsOrRanges, @@ -690,7 +734,7 @@ int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) /* * Validation error handling via callback. */ -#define validation_err(_err_) \ +# define validation_err(_err_) \ do { \ if (ctx != NULL) { \ ctx->error = _err_; \ @@ -707,9 +751,9 @@ int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) /* * Core code for RFC 3779 3.3 path validation. */ -static int asid_validate_path_internal(X509_STORE_CTX *ctx, - STACK_OF(X509) *chain, - ASIdentifiers *ext) +static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, + STACK_OF(X509) *chain, + ASIdentifiers *ext) { ASIdOrRanges *child_as = NULL, *child_rdi = NULL; int i, ret = 1, inherit_as = 0, inherit_rdi = 0; @@ -734,7 +778,7 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, if ((ext = x->rfc3779_asid) == NULL) goto done; } - if (!X509v3_asid_is_canonical(ext)) + if (!v3_asid_is_canonical(ext)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (ext->asnum != NULL) { switch (ext->asnum->type) { @@ -769,7 +813,7 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, validation_err(X509_V_ERR_UNNESTED_RESOURCE); continue; } - if (!X509v3_asid_is_canonical(x->rfc3779_asid)) + if (!v3_asid_is_canonical(x->rfc3779_asid)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -823,30 +867,30 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, return ret; } -#undef validation_err +# undef validation_err /* * RFC 3779 3.3 path validation -- called from X509_verify_cert(). */ -int X509v3_asid_validate_path(X509_STORE_CTX *ctx) +int v3_asid_validate_path(X509_STORE_CTX *ctx) { - return asid_validate_path_internal(ctx, ctx->chain, NULL); + return v3_asid_validate_path_internal(ctx, ctx->chain, NULL); } /* * RFC 3779 3.3 path validation of an extension. * Test whether chain covers extension. */ -int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, - ASIdentifiers *ext, int allow_inheritance) +int v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, int allow_inheritance) { if (ext == NULL) return 1; if (chain == NULL || sk_X509_num(chain) == 0) return 0; - if (!allow_inheritance && X509v3_asid_inherits(ext)) + if (!allow_inheritance && v3_asid_inherits(ext)) return 0; - return asid_validate_path_internal(NULL, chain, ext); + return v3_asid_validate_path_internal(NULL, chain, ext); } #endif /* OPENSSL_NO_RFC3779 */ diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c index 3bbf1555..dc00b9cb 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c @@ -1,19 +1,68 @@ +/* v3_bcons.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, @@ -58,17 +107,16 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons = NULL; CONF_VALUE *val; int i; - - if ((bcons = BASIC_CONSTRAINTS_new()) == NULL) { + if (!(bcons = BASIC_CONSTRAINTS_new())) { X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(values); i++) { val = sk_CONF_VALUE_value(values, i); - if (strcmp(val->name, "CA") == 0) { + if (!strcmp(val->name, "CA")) { if (!X509V3_get_value_bool(val, &bcons->ca)) goto err; - } else if (strcmp(val->name, "pathlen") == 0) { + } else if (!strcmp(val->name, "pathlen")) { if (!X509V3_get_value_int(val, &bcons->pathlen)) goto err; } else { diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c index 4802116b..b7bb3b55 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c @@ -1,17 +1,66 @@ +/* v3_bitst.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static BIT_STRING_BITNAME ns_cert_type_table[] = { {0, "SSL Client", "client"}, @@ -63,19 +112,19 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bs; int i; BIT_STRING_BITNAME *bnam; - if ((bs = ASN1_BIT_STRING_new()) == NULL) { + if (!(bs = M_ASN1_BIT_STRING_new())) { X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); for (bnam = method->usr_data; bnam->lname; bnam++) { - if (strcmp(bnam->sname, val->name) == 0 - || strcmp(bnam->lname, val->name) == 0) { + if (!strcmp(bnam->sname, val->name) || + !strcmp(bnam->lname, val->name)) { if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); - ASN1_BIT_STRING_free(bs); + M_ASN1_BIT_STRING_free(bs); return NULL; } break; @@ -85,7 +134,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); X509V3_conf_err(val); - ASN1_BIT_STRING_free(bs); + M_ASN1_BIT_STRING_free(bs); return NULL; } } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c index f625ff54..c1b4c1a8 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c @@ -1,40 +1,88 @@ +/* v3_conf.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ - /* extension creation utilities */ #include <stdio.h> #include <ctype.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509.h> -#include "internal/x509_int.h" #include <openssl/x509v3.h> -static int v3_check_critical(const char **value); -static int v3_check_generic(const char **value); +static int v3_check_critical(char **value); +static int v3_check_generic(char **value); static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, const char *value); -static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, + int crit, char *value); +static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); -static char *conf_lhash_get_string(void *db, const char *section, const char *value); -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section); +static char *conf_lhash_get_string(void *db, char *section, char *value); +static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc); -static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, +static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); /* CONF *conf: Config file */ /* char *name: Name */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, - const char *value) +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, + char *value) { int crit; int ext_type; @@ -53,7 +101,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, /* CONF *conf: Config file */ /* char *value: Value */ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - const char *value) + char *value) { int crit; int ext_type; @@ -67,18 +115,17 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, /* CONF *conf: Config file */ /* char *value: Value */ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, const char *value) + int crit, char *value) { const X509V3_EXT_METHOD *method; X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; void *ext_struc; - if (ext_nid == NID_undef) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME); return NULL; } - if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { + if (!(method = X509V3_EXT_get_nid(ext_nid))) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); return NULL; } @@ -94,7 +141,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); if (*value != '@') - sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); + sk_CONF_VALUE_free(nval); return NULL; } ext_struc = method->v2i(method, ctx, nval); @@ -103,14 +150,14 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, if (!ext_struc) return NULL; } else if (method->s2i) { - if ((ext_struc = method->s2i(method, ctx, value)) == NULL) + if (!(ext_struc = method->s2i(method, ctx, value))) return NULL; } else if (method->r2i) { if (!ctx->db || !ctx->db_meth) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE); return NULL; } - if ((ext_struc = method->r2i(method, ctx, value)) == NULL) + if (!(ext_struc = method->r2i(method, ctx, value))) return NULL; } else { X509V3err(X509V3_F_DO_EXT_NCONF, @@ -131,9 +178,9 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc) { - unsigned char *ext_der = NULL; + unsigned char *ext_der; int ext_len; - ASN1_OCTET_STRING *ext_oct = NULL; + ASN1_OCTET_STRING *ext_oct; X509_EXTENSION *ext; /* Convert internal representation to DER */ if (method->it) { @@ -144,30 +191,26 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, goto merr; } else { unsigned char *p; - ext_len = method->i2d(ext_struc, NULL); - if ((ext_der = OPENSSL_malloc(ext_len)) == NULL) + if (!(ext_der = OPENSSL_malloc(ext_len))) goto merr; p = ext_der; method->i2d(ext_struc, &p); } - if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL) + if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; ext_oct->data = ext_der; - ext_der = NULL; ext_oct->length = ext_len; ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); if (!ext) goto merr; - ASN1_OCTET_STRING_free(ext_oct); + M_ASN1_OCTET_STRING_free(ext_oct); return ext; merr: X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ext_der); - ASN1_OCTET_STRING_free(ext_oct); return NULL; } @@ -177,8 +220,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) { const X509V3_EXT_METHOD *method; - - if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { + if (!(method = X509V3_EXT_get_nid(ext_nid))) { X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); return NULL; } @@ -186,9 +228,9 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) } /* Check the extension string for critical flag */ -static int v3_check_critical(const char **value) +static int v3_check_critical(char **value) { - const char *p = *value; + char *p = *value; if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; p += 9; @@ -199,14 +241,14 @@ static int v3_check_critical(const char **value) } /* Check extension string for generic extension and return the type */ -static int v3_check_generic(const char **value) +static int v3_check_generic(char **value) { int gen_type = 0; - const char *p = *value; - if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) { + char *p = *value; + if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { p += 4; gen_type = 1; - } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) { + } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { p += 5; gen_type = 2; } else @@ -219,17 +261,16 @@ static int v3_check_generic(const char **value) } /* Create a generic extension: for now just handle DER type */ -static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, +static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int gen_type, X509V3_CTX *ctx) { unsigned char *ext_der = NULL; - long ext_len = 0; + long ext_len; ASN1_OBJECT *obj = NULL; ASN1_OCTET_STRING *oct = NULL; X509_EXTENSION *extension = NULL; - - if ((obj = OBJ_txt2obj(ext, 0)) == NULL) { + if (!(obj = OBJ_txt2obj(ext, 0))) { X509V3err(X509V3_F_V3_GENERIC_EXTENSION, X509V3_R_EXTENSION_NAME_ERROR); ERR_add_error_data(2, "name=", ext); @@ -237,7 +278,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, } if (gen_type == 1) - ext_der = OPENSSL_hexstr2buf(value, &ext_len); + ext_der = string_to_hex(value, &ext_len); else if (gen_type == 2) ext_der = generic_asn1(value, ctx, &ext_len); @@ -248,7 +289,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, goto err; } - if ((oct = ASN1_OCTET_STRING_new()) == NULL) { + if (!(oct = M_ASN1_OCTET_STRING_new())) { X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); goto err; } @@ -261,13 +302,14 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, err: ASN1_OBJECT_free(obj); - ASN1_OCTET_STRING_free(oct); - OPENSSL_free(ext_der); + M_ASN1_OCTET_STRING_free(oct); + if (ext_der) + OPENSSL_free(ext_der); return extension; } -static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, +static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) { ASN1_TYPE *typ; @@ -280,39 +322,24 @@ static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, return ext_der; } -static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext) -{ - int idx; - ASN1_OBJECT *obj; - obj = X509_EXTENSION_get_object(dext); - while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) { - X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx); - X509v3_delete_ext(sk, idx); - X509_EXTENSION_free(tmpext); - } -} - /* * This is the main function: add a bunch of extensions based on a config * file section to an extension STACK. */ -int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk) { X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; CONF_VALUE *val; int i; - - if ((nval = NCONF_get_section(conf, section)) == NULL) + if (!(nval = NCONF_get_section(conf, section))) return 0; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - if ((ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)) == NULL) + if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) return 0; - if (ctx->flags == X509V3_CTX_REPLACE) - delete_ext(*sk, ext); if (sk) X509v3_add_ext(sk, ext, -1); X509_EXTENSION_free(ext); @@ -324,29 +351,29 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, * Convenience functions to add extensions to a certificate, CRL and request */ -int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert) { STACK_OF(X509_EXTENSION) **sk = NULL; if (cert) - sk = &cert->cert_info.extensions; + sk = &cert->cert_info->extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); } /* Same as above but for a CRL */ -int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl) { STACK_OF(X509_EXTENSION) **sk = NULL; if (crl) - sk = &crl->crl.extensions; + sk = &crl->crl->extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); } /* Add extensions to certificate request */ -int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req) { STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; @@ -363,7 +390,7 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, /* Config database functions */ -char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) +char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) { if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED); @@ -374,7 +401,7 @@ char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) return NULL; } -STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section) +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section) { if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { X509V3err(X509V3_F_X509V3_GET_SECTION, @@ -402,12 +429,12 @@ void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) ctx->db_meth->free_section(ctx->db, section); } -static char *nconf_get_string(void *db, const char *section, const char *value) +static char *nconf_get_string(void *db, char *section, char *value) { return NCONF_get_string(db, section, value); } -static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section) +static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) { return NCONF_get_section(db, section); } @@ -438,7 +465,7 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, /* Old conf compatibility functions */ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *name, const char *value) + char *name, char *value) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -448,19 +475,19 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, /* LHASH *conf: Config file */ /* char *value: Value */ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, - X509V3_CTX *ctx, int ext_nid, const char *value) + X509V3_CTX *ctx, int ext_nid, char *value) { CONF ctmp; CONF_set_nconf(&ctmp, conf); return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); } -static char *conf_lhash_get_string(void *db, const char *section, const char *value) +static char *conf_lhash_get_string(void *db, char *section, char *value) { return CONF_get_string(db, section, value); } -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section) +static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) { return CONF_get_section(db, section); } @@ -479,7 +506,7 @@ void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) } int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509 *cert) + char *section, X509 *cert) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -489,7 +516,7 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, /* Same as above but for a CRL */ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_CRL *crl) + char *section, X509_CRL *crl) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -499,7 +526,7 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, /* Add extensions to certificate request */ int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_REQ *req) + char *section, X509_REQ *req) { CONF ctmp; CONF_set_nconf(&ctmp, conf); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c index f717e132..d97f6226 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c @@ -1,28 +1,77 @@ +/* v3_cpols.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> #include "pcy_int.h" -#include "ext_dat.h" /* Certificate policies extension support: this one is a bit complex... */ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *value); + X509V3_CTX *ctx, char *value); static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); static void print_notice(BIO *out, USERNOTICE *notice, int indent); @@ -84,7 +133,7 @@ ASN1_SEQUENCE(NOTICEREF) = { IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *value) + X509V3_CTX *ctx, char *value) { STACK_OF(POLICYINFO) *pols = NULL; char *pstr; @@ -113,7 +162,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, goto err; } pstr = cnf->name; - if (strcmp(pstr, "ia5org") == 0) { + if (!strcmp(pstr, "ia5org")) { ia5org = 1; continue; } else if (*pstr == '@') { @@ -127,10 +176,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, } pol = policy_section(ctx, polsect, ia5org); X509V3_section_free(ctx, polsect); - if (pol == NULL) + if (!pol) goto err; } else { - if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) { + if (!(pobj = OBJ_txt2obj(cnf->name, 0))) { X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); @@ -139,7 +188,6 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, pol = POLICYINFO_new(); if (pol == NULL) { X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); - ASN1_OBJECT_free(pobj); goto err; } pol->policyid = pobj; @@ -165,14 +213,13 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, CONF_VALUE *cnf; POLICYINFO *pol; POLICYQUALINFO *qual; - - if ((pol = POLICYINFO_new()) == NULL) + if (!(pol = POLICYINFO_new())) goto merr; for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { cnf = sk_CONF_VALUE_value(polstrs, i); - if (strcmp(cnf->name, "policyIdentifier") == 0) { + if (!strcmp(cnf->name, "policyIdentifier")) { ASN1_OBJECT *pobj; - if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { + if (!(pobj = OBJ_txt2obj(cnf->value, 0))) { X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); @@ -181,17 +228,17 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, pol->policyid = pobj; } else if (!name_cmp(cnf->name, "CPS")) { - if (pol->qualifiers == NULL) + if (!pol->qualifiers) pol->qualifiers = sk_POLICYQUALINFO_new_null(); - if ((qual = POLICYQUALINFO_new()) == NULL) + if (!(qual = POLICYQUALINFO_new())) goto merr; if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; - if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) { + if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR); goto err; } - if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL) + if (!(qual->d.cpsuri = M_ASN1_IA5STRING_new())) goto merr; if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) @@ -249,28 +296,27 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, CONF_VALUE *cnf; USERNOTICE *not; POLICYQUALINFO *qual; - - if ((qual = POLICYQUALINFO_new()) == NULL) + if (!(qual = POLICYQUALINFO_new())) goto merr; - if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) { + if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR); goto err; } - if ((not = USERNOTICE_new()) == NULL) + if (!(not = USERNOTICE_new())) goto merr; qual->d.usernotice = not; for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); - if (strcmp(cnf->name, "explicitText") == 0) { - if ((not->exptext = ASN1_VISIBLESTRING_new()) == NULL) + if (!strcmp(cnf->name, "explicitText")) { + if (!(not->exptext = M_ASN1_VISIBLESTRING_new())) goto merr; if (!ASN1_STRING_set(not->exptext, cnf->value, strlen(cnf->value))) goto merr; - } else if (strcmp(cnf->name, "organization") == 0) { + } else if (!strcmp(cnf->name, "organization")) { NOTICEREF *nref; if (!not->noticeref) { - if ((nref = NOTICEREF_new()) == NULL) + if (!(nref = NOTICEREF_new())) goto merr; not->noticeref = nref; } else @@ -282,11 +328,11 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if (!ASN1_STRING_set(nref->organization, cnf->value, strlen(cnf->value))) goto merr; - } else if (strcmp(cnf->name, "noticeNumbers") == 0) { + } else if (!strcmp(cnf->name, "noticeNumbers")) { NOTICEREF *nref; STACK_OF(CONF_VALUE) *nos; if (!not->noticeref) { - if ((nref = NOTICEREF_new()) == NULL) + if (!(nref = NOTICEREF_new())) goto merr; not->noticeref = nref; } else @@ -295,7 +341,6 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if (!nos || !sk_CONF_VALUE_num(nos)) { X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS); X509V3_conf_err(cnf); - sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); goto err; } ret = nref_nos(nref->noticenos, nos); @@ -335,7 +380,7 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { cnf = sk_CONF_VALUE_value(nos, i); - if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) { + if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER); goto err; } @@ -345,10 +390,10 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) return 1; merr: - ASN1_INTEGER_free(aint); X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE); err: + sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); return 0; } @@ -439,3 +484,8 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) else BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); } + + +IMPLEMENT_STACK_OF(X509_POLICY_NODE) + +IMPLEMENT_STACK_OF(X509_POLICY_DATA) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c index c4c77f18..d3e1d1b0 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c @@ -1,22 +1,69 @@ +/* v3_crld.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" -#include "ext_dat.h" - static void *v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, @@ -68,17 +115,16 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, { STACK_OF(GENERAL_NAME) *fnm = NULL; STACK_OF(X509_NAME_ENTRY) *rnm = NULL; - - if (strncmp(cnf->name, "fullname", 9) == 0) { + if (!strncmp(cnf->name, "fullname", 9)) { fnm = gnames_from_sectname(ctx, cnf->value); if (!fnm) goto err; - } else if (strcmp(cnf->name, "relativename") == 0) { + } else if (!strcmp(cnf->name, "relativename")) { int ret; STACK_OF(CONF_VALUE) *dnsect; X509_NAME *nm; nm = X509_NAME_new(); - if (nm == NULL) + if (!nm) return -1; dnsect = X509V3_get_section(ctx, cnf->value); if (!dnsect) { @@ -112,7 +158,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, } *pdp = DIST_POINT_NAME_new(); - if (*pdp == NULL) + if (!*pdp) goto err; if (fnm) { (*pdp)->type = 0; @@ -125,8 +171,10 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, return 1; err: - sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); - sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); + if (fnm) + sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); + if (rnm) + sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); return -1; } @@ -150,19 +198,19 @@ static int set_reasons(ASN1_BIT_STRING **preas, char *value) const char *bnam; int i, ret = 0; rsk = X509V3_parse_list(value); - if (rsk == NULL) + if (!rsk) + return 0; + if (*preas) return 0; - if (*preas != NULL) - goto err; for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) { bnam = sk_CONF_VALUE_value(rsk, i)->name; - if (*preas == NULL) { + if (!*preas) { *preas = ASN1_BIT_STRING_new(); - if (*preas == NULL) + if (!*preas) goto err; } for (pbn = reason_flags; pbn->lname; pbn++) { - if (strcmp(pbn->sname, bnam) == 0) { + if (!strcmp(pbn->sname, bnam)) { if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1)) goto err; break; @@ -207,7 +255,7 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, CONF_VALUE *cnf; DIST_POINT *point = NULL; point = DIST_POINT_new(); - if (point == NULL) + if (!point) goto err; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { int ret; @@ -217,10 +265,10 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (strcmp(cnf->name, "reasons") == 0) { + if (!strcmp(cnf->name, "reasons")) { if (!set_reasons(&point->reasons, cnf->value)) goto err; - } else if (strcmp(cnf->name, "CRLissuer") == 0) { + } else if (!strcmp(cnf->name, "CRLissuer")) { point->CRLissuer = gnames_from_sectname(ctx, cnf->value); if (!point->CRLissuer) goto err; @@ -230,7 +278,8 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, return point; err: - DIST_POINT_free(point); + if (point) + DIST_POINT_free(point); return NULL; } @@ -242,8 +291,7 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, GENERAL_NAME *gen = NULL; CONF_VALUE *cnf; int i; - - if ((crld = sk_DIST_POINT_new_null()) == NULL) + if (!(crld = sk_DIST_POINT_new_null())) goto merr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { DIST_POINT *point; @@ -262,20 +310,20 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, goto merr; } } else { - if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; - if ((gens = GENERAL_NAMES_new()) == NULL) + if (!(gens = GENERAL_NAMES_new())) goto merr; if (!sk_GENERAL_NAME_push(gens, gen)) goto merr; gen = NULL; - if ((point = DIST_POINT_new()) == NULL) + if (!(point = DIST_POINT_new())) goto merr; if (!sk_DIST_POINT_push(crld, point)) { DIST_POINT_free(point); goto merr; } - if ((point->distpoint = DIST_POINT_NAME_new()) == NULL) + if (!(point->distpoint = DIST_POINT_NAME_new())) goto merr; point->distpoint->name.fullname = gens; point->distpoint->type = 0; @@ -293,6 +341,10 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, return NULL; } +IMPLEMENT_STACK_OF(DIST_POINT) + +IMPLEMENT_ASN1_SET_OF(DIST_POINT) + static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { @@ -304,7 +356,8 @@ static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_FREE_POST: - X509_NAME_free(dpn->dpname); + if (dpn->dpname) + X509_NAME_free(dpn->dpname); break; } return 1; @@ -368,7 +421,7 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *name, *val; int i, ret; idp = ISSUING_DIST_POINT_new(); - if (idp == NULL) + if (!idp) goto merr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); @@ -379,19 +432,19 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (strcmp(name, "onlyuser") == 0) { + if (!strcmp(name, "onlyuser")) { if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) goto err; - } else if (strcmp(name, "onlyCA") == 0) { + } else if (!strcmp(name, "onlyCA")) { if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) goto err; - } else if (strcmp(name, "onlyAA") == 0) { + } else if (!strcmp(name, "onlyAA")) { if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) goto err; - } else if (strcmp(name, "indirectCRL") == 0) { + } else if (!strcmp(name, "indirectCRL")) { if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) goto err; - } else if (strcmp(name, "onlysomereasons") == 0) { + } else if (!strcmp(name, "onlysomereasons")) { if (!set_reasons(&idp->onlysomereasons, val)) goto err; } else { diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c index f39cb5ac..7678664f 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c @@ -1,16 +1,65 @@ +/* v3_enum.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509v3.h> -#include "ext_dat.h" static ENUMERATED_NAMES crl_reasons[] = { {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, @@ -38,16 +87,14 @@ const X509V3_EXT_METHOD v3_crl_reason = { crl_reasons }; -char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, - const ASN1_ENUMERATED *e) +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *e) { ENUMERATED_NAMES *enam; long strval; - strval = ASN1_ENUMERATED_get(e); for (enam = method->usr_data; enam->lname; enam++) { if (strval == enam->bitnum) - return OPENSSL_strdup(enam->lname); + return BUF_strdup(enam->lname); } return i2s_ASN1_ENUMERATED(method, e); } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c index bae755e3..6092c2e4 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c @@ -1,18 +1,67 @@ +/* v3_extku.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, @@ -76,7 +125,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, CONF_VALUE *val; int i; - if ((extku = sk_ASN1_OBJECT_new_null()) == NULL) { + if (!(extku = sk_ASN1_OBJECT_new_null())) { X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE); return NULL; } @@ -87,7 +136,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, extval = val->value; else extval = val->name; - if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { + if (!(objtmp = OBJ_txt2obj(extval, 0))) { sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, X509V3_R_INVALID_OBJECT_IDENTIFIER); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c index 8d119974..7f40bfab 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c @@ -1,14 +1,64 @@ +/* v3_genn.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> @@ -179,7 +229,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, { OTHERNAME *oth; oth = OTHERNAME_new(); - if (oth == NULL) + if (!oth) return 0; oth->type_id = oid; oth->value = value; diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c index c1170d46..c170a55f 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c @@ -1,20 +1,73 @@ +/* v3_ia5.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1.h> #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" -const X509V3_EXT_METHOD v3_ns_ia5_list[8] = { +static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + ASN1_IA5STRING *ia5); +static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *str); +const X509V3_EXT_METHOD v3_ns_ia5_list[] = { EXT_IA5STRING(NID_netscape_base_url), EXT_IA5STRING(NID_netscape_revocation_url), EXT_IA5STRING(NID_netscape_ca_revocation_url), @@ -25,13 +78,13 @@ const X509V3_EXT_METHOD v3_ns_ia5_list[8] = { EXT_END }; -char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5) +static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + ASN1_IA5STRING *ia5) { char *tmp; - if (!ia5 || !ia5->length) return NULL; - if ((tmp = OPENSSL_malloc(ia5->length + 1)) == NULL) { + if (!(tmp = OPENSSL_malloc(ia5->length + 1))) { X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE); return NULL; } @@ -40,8 +93,8 @@ char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5) return tmp; } -ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str) +static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *str) { ASN1_IA5STRING *ia5; if (!str) { @@ -49,11 +102,12 @@ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_R_INVALID_NULL_ARGUMENT); return NULL; } - if ((ia5 = ASN1_IA5STRING_new()) == NULL) + if (!(ia5 = M_ASN1_IA5STRING_new())) + goto err; + if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str, + strlen(str))) { + M_ASN1_IA5STRING_free(ia5); goto err; - if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) { - ASN1_IA5STRING_free(ia5); - return NULL; } #ifdef CHARSET_EBCDIC ebcdic2ascii(ia5->data, ia5->data, ia5->length); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c index 61ef2138..e052a34b 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c @@ -1,19 +1,68 @@ +/* v3_info.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS @@ -76,14 +125,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); nlen = strlen(objtmp) + strlen(vtmp->name) + 5; ntmp = OPENSSL_malloc(nlen); - if (ntmp == NULL) { + if (!ntmp) { X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); return NULL; } - OPENSSL_strlcpy(ntmp, objtmp, nlen); - OPENSSL_strlcat(ntmp, " - ", nlen); - OPENSSL_strlcat(ntmp, vtmp->name, nlen); + BUF_strlcpy(ntmp, objtmp, nlen); + BUF_strlcat(ntmp, " - ", nlen); + BUF_strlcat(ntmp, vtmp->name, nlen); OPENSSL_free(vtmp->name); vtmp->name = ntmp; @@ -104,14 +153,13 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD ACCESS_DESCRIPTION *acc; int i, objlen; char *objtmp, *ptmp; - - if ((ainfo = sk_ACCESS_DESCRIPTION_new_null()) == NULL) { + if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if ((acc = ACCESS_DESCRIPTION_new()) == NULL + if (!(acc = ACCESS_DESCRIPTION_new()) || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); @@ -128,11 +176,13 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD ctmp.value = cnf->value; if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) goto err; - if ((objtmp = OPENSSL_strndup(cnf->name, objlen)) == NULL) { + if (!(objtmp = OPENSSL_malloc(objlen + 1))) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); goto err; } + strncpy(objtmp, cnf->name, objlen); + objtmp[objlen] = 0; acc->method = OBJ_txt2obj(objtmp, 0); if (!acc->method) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, @@ -150,8 +200,11 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD return NULL; } -int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a) +int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a) { i2a_ASN1_OBJECT(bp, a->method); +#ifdef UNDEF + i2a_GENERAL_NAME(bp, a->location); +#endif return 2; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c index 690c90e8..8bfdb37e 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c @@ -1,16 +1,65 @@ +/* v3_int.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509v3.h> -#include "ext_dat.h" const X509V3_EXT_METHOD v3_crl_num = { NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), @@ -29,7 +78,7 @@ const X509V3_EXT_METHOD v3_delta_crl = { }; static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, - const char *value) + char *value) { return s2i_ASN1_INTEGER(meth, value); } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c index a3ca720f..8350429a 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c @@ -1,16 +1,65 @@ +/* v3_lib.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ - /* X509 v3 extension utilities */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> @@ -24,8 +73,7 @@ static void ext_list_free(X509V3_EXT_METHOD *ext); int X509V3_EXT_add(X509V3_EXT_METHOD *ext) { - if (ext_list == NULL - && (ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp)) == NULL) { + if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE); return 0; } @@ -47,74 +95,6 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *, ext); -/* - * This table will be searched using OBJ_bsearch so it *must* kept in order - * of the ext_nid values. - */ - -static const X509V3_EXT_METHOD *standard_exts[] = { - &v3_nscert, - &v3_ns_ia5_list[0], - &v3_ns_ia5_list[1], - &v3_ns_ia5_list[2], - &v3_ns_ia5_list[3], - &v3_ns_ia5_list[4], - &v3_ns_ia5_list[5], - &v3_ns_ia5_list[6], - &v3_skey_id, - &v3_key_usage, - &v3_pkey_usage_period, - &v3_alt[0], - &v3_alt[1], - &v3_bcons, - &v3_crl_num, - &v3_cpols, - &v3_akey_id, - &v3_crld, - &v3_ext_ku, - &v3_delta_crl, - &v3_crl_reason, -#ifndef OPENSSL_NO_OCSP - &v3_crl_invdate, -#endif - &v3_sxnet, - &v3_info, -#ifndef OPENSSL_NO_RFC3779 - &v3_addr, - &v3_asid, -#endif -#ifndef OPENSSL_NO_OCSP - &v3_ocsp_nonce, - &v3_ocsp_crlid, - &v3_ocsp_accresp, - &v3_ocsp_nocheck, - &v3_ocsp_acutoff, - &v3_ocsp_serviceloc, -#endif - &v3_sinfo, - &v3_policy_constraints, -#ifndef OPENSSL_NO_OCSP - &v3_crl_hold, -#endif - &v3_pci, - &v3_name_constraints, - &v3_policy_mappings, - &v3_inhibit_anyp, - &v3_idp, - &v3_alt[2], - &v3_freshest_crl, -#ifndef OPENSSL_NO_CT - &v3_ct_scts[0], - &v3_ct_scts[1], - &v3_ct_scts[2], -#endif - &v3_tls_feature, -}; - -/* Number of standard extensions */ - -#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) - const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) { X509V3_EXT_METHOD tmp; @@ -137,11 +117,33 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) { int nid; - if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef) + if ((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL; return X509V3_EXT_get_nid(nid); } +int X509V3_EXT_free(int nid, void *ext_data) +{ + const X509V3_EXT_METHOD *ext_method = X509V3_EXT_get_nid(nid); + if (ext_method == NULL) { + X509V3err(X509V3_F_X509V3_EXT_FREE, + X509V3_R_CANNOT_FIND_FREE_FUNCTION); + return 0; + } + + if (ext_method->it != NULL) + ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it)); + else if (ext_method->ext_free != NULL) + ext_method->ext_free(ext_data); + else { + X509V3err(X509V3_F_X509V3_EXT_FREE, + X509V3_R_CANNOT_FIND_FREE_FUNCTION); + return 0; + } + + return 1; +} + int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) { for (; extlist->ext_nid != -1; extlist++) @@ -155,11 +157,14 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from) const X509V3_EXT_METHOD *ext; X509V3_EXT_METHOD *tmpext; - if ((ext = X509V3_EXT_get_nid(nid_from)) == NULL) { - X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, X509V3_R_EXTENSION_NOT_FOUND); + if (!(ext = X509V3_EXT_get_nid(nid_from))) { + X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, + X509V3_R_EXTENSION_NOT_FOUND); return 0; } - if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL) { + if (! + (tmpext = + (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE); return 0; } @@ -197,17 +202,14 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) { const X509V3_EXT_METHOD *method; const unsigned char *p; - ASN1_STRING *extvalue; - int extlen; - if ((method = X509V3_EXT_get(ext)) == NULL) + if (!(method = X509V3_EXT_get(ext))) return NULL; - extvalue = X509_EXTENSION_get_data(ext); - p = ASN1_STRING_get0_data(extvalue); - extlen = ASN1_STRING_length(extvalue); + p = ext->value->data; if (method->it) - return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); - return method->d2i(NULL, &p, extlen); + return ASN1_item_d2i(NULL, &p, ext->value->length, + ASN1_ITEM_ptr(method->it)); + return method->d2i(NULL, &p, ext->value->length); } /*- @@ -226,7 +228,7 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) * -2 extension occurs more than once. */ -void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, +void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) { int lastpos, i; @@ -246,7 +248,7 @@ void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, lastpos = 0; for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) { ex = sk_X509_EXTENSION_value(x, i); - if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == nid) { + if (OBJ_obj2nid(ex->object) == nid) { if (idx) { *idx = i; found_ex = ex; @@ -345,8 +347,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, return 1; } - if (*x == NULL - && (*x = sk_X509_EXTENSION_new_null()) == NULL) + if (!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1; if (!sk_X509_EXTENSION_push(*x, ext)) return -1; @@ -358,3 +359,5 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); return 0; } + +IMPLEMENT_STACK_OF(X509V3_EXT_METHOD) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c index 9b3bb128..28552696 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c @@ -1,22 +1,68 @@ +/* v3_ncons.c */ /* - * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" -#include "internal/asn1_int.h" +#include "cryptlib.h" #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" -#include "ext_dat.h" - static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); @@ -24,7 +70,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind); static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, - int ind, const char *name); + int ind, char *name); static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); @@ -33,7 +79,6 @@ static int nc_dn(X509_NAME *sub, X509_NAME *nm); static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); -static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base); const X509V3_EXT_METHOD v3_name_constraints = { NID_name_constraints, 0, @@ -70,16 +115,15 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, STACK_OF(GENERAL_SUBTREE) **ptree = NULL; NAME_CONSTRAINTS *ncons = NULL; GENERAL_SUBTREE *sub = NULL; - ncons = NAME_CONSTRAINTS_new(); - if (ncons == NULL) + if (!ncons) goto memerr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - if (strncmp(val->name, "permitted", 9) == 0 && val->name[9]) { + if (!strncmp(val->name, "permitted", 9) && val->name[9]) { ptree = &ncons->permittedSubtrees; tval.name = val->name + 10; - } else if (strncmp(val->name, "excluded", 8) == 0 && val->name[8]) { + } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) { ptree = &ncons->excludedSubtrees; tval.name = val->name + 9; } else { @@ -92,9 +136,9 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, goto memerr; if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) goto err; - if (*ptree == NULL) + if (!*ptree) *ptree = sk_GENERAL_SUBTREE_new_null(); - if (*ptree == NULL || !sk_GENERAL_SUBTREE_push(*ptree, sub)) + if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) goto memerr; sub = NULL; } @@ -104,8 +148,10 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, memerr: X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); err: - NAME_CONSTRAINTS_free(ncons); - GENERAL_SUBTREE_free(sub); + if (ncons) + NAME_CONSTRAINTS_free(ncons); + if (sub) + GENERAL_SUBTREE_free(sub); return NULL; } @@ -123,7 +169,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, const char *name) + BIO *bp, int ind, char *name) { GENERAL_SUBTREE *tree; int i; @@ -199,8 +245,7 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) /* Process any email address attributes in subject name */ for (i = -1;;) { - const X509_NAME_ENTRY *ne; - + X509_NAME_ENTRY *ne; i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i); if (i == -1) break; @@ -228,51 +273,6 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) } -int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc) -{ - int r, i; - X509_NAME *nm; - - ASN1_STRING stmp; - GENERAL_NAME gntmp; - stmp.flags = 0; - stmp.type = V_ASN1_IA5STRING; - gntmp.type = GEN_DNS; - gntmp.d.dNSName = &stmp; - - nm = X509_get_subject_name(x); - - /* Process any commonName attributes in subject name */ - - for (i = -1;;) { - X509_NAME_ENTRY *ne; - ASN1_STRING *hn; - i = X509_NAME_get_index_by_NID(nm, NID_commonName, i); - if (i == -1) - break; - ne = X509_NAME_get_entry(nm, i); - hn = X509_NAME_ENTRY_get_data(ne); - /* Only process attributes that look like host names */ - if (asn1_valid_host(hn)) { - unsigned char *h; - int hlen = ASN1_STRING_to_UTF8(&h, hn); - if (hlen <= 0) - return X509_V_ERR_OUT_OF_MEM; - - stmp.length = hlen; - stmp.data = h; - - r = nc_match(&gntmp, nc); - - OPENSSL_free(h); - - if (r != X509_V_OK) - return r; - } - } - return X509_V_OK; -} - static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) { GENERAL_SUBTREE *sub; @@ -341,9 +341,6 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) return nc_uri(gen->d.uniformResourceIdentifier, base->d.uniformResourceIdentifier); - case GEN_IPADD: - return nc_ip(gen->d.iPAddress, base->d.iPAddress); - default: return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; } @@ -403,11 +400,11 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) const char *emlat = strchr(emlptr, '@'); if (!emlat) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - /* Special case: initial '.' is RHS match */ + /* Special case: inital '.' is RHS match */ if (!baseat && (*baseptr == '.')) { if (eml->length > base->length) { emlptr += eml->length - base->length; - if (strcasecmp(baseptr, emlptr) == 0) + if (!strcasecmp(baseptr, emlptr)) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -463,11 +460,11 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) if (hostlen == 0) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - /* Special case: initial '.' is RHS match */ + /* Special case: inital '.' is RHS match */ if (*baseptr == '.') { if (hostlen > base->length) { p = hostptr + hostlen - base->length; - if (strncasecmp(p, baseptr, base->length) == 0) + if (!strncasecmp(p, baseptr, base->length)) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -480,34 +477,3 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) return X509_V_OK; } - -static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base) -{ - int hostlen, baselen, i; - unsigned char *hostptr, *baseptr, *maskptr; - hostptr = ip->data; - hostlen = ip->length; - baseptr = base->data; - baselen = base->length; - - /* Invalid if not IPv4 or IPv6 */ - if (!((hostlen == 4) || (hostlen == 16))) - return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - if (!((baselen == 8) || (baselen == 32))) - return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - - /* Do not match IPv4 with IPv6 */ - if (hostlen * 2 != baselen) - return X509_V_ERR_PERMITTED_VIOLATION; - - maskptr = base->data + hostlen; - - /* Considering possible not aligned base ipAddress */ - /* Not checking for wrong mask definition: i.e.: 255.0.255.0 */ - for (i = 0; i < hostlen; i++) - if ((hostptr[i] & maskptr[i]) != (baseptr[i] & maskptr[i])) - return X509_V_ERR_PERMITTED_VIOLATION; - - return X509_V_OK; - -} diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c new file mode 100644 index 00000000..b151eacc --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c @@ -0,0 +1,312 @@ +/* v3_ocsp.c */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef OPENSSL_NO_OCSP + +# include <stdio.h> +# include "cryptlib.h" +# include <openssl/conf.h> +# include <openssl/asn1.h> +# include <openssl/ocsp.h> +# include <openssl/x509v3.h> + +/* + * OCSP extensions and a couple of CRL entry extensions + */ + +static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); +static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); +static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, + int indent); + +static void *ocsp_nonce_new(void); +static int i2d_ocsp_nonce(void *a, unsigned char **pp); +static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); +static void ocsp_nonce_free(void *a); +static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); + +static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, + void *nocheck, BIO *out, int indent); +static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); +static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, + BIO *bp, int ind); + +const X509V3_EXT_METHOD v3_ocsp_crlid = { + NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_crlid, 0, + NULL +}; + +const X509V3_EXT_METHOD v3_ocsp_acutoff = { + NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_acutoff, 0, + NULL +}; + +const X509V3_EXT_METHOD v3_crl_invdate = { + NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_acutoff, 0, + NULL +}; + +const X509V3_EXT_METHOD v3_crl_hold = { + NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_object, 0, + NULL +}; + +const X509V3_EXT_METHOD v3_ocsp_nonce = { + NID_id_pkix_OCSP_Nonce, 0, NULL, + ocsp_nonce_new, + ocsp_nonce_free, + d2i_ocsp_nonce, + i2d_ocsp_nonce, + 0, 0, + 0, 0, + i2r_ocsp_nonce, 0, + NULL +}; + +const X509V3_EXT_METHOD v3_ocsp_nocheck = { + NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), + 0, 0, 0, 0, + 0, s2i_ocsp_nocheck, + 0, 0, + i2r_ocsp_nocheck, 0, + NULL +}; + +const X509V3_EXT_METHOD v3_ocsp_serviceloc = { + NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_serviceloc, 0, + NULL +}; + +static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, + int ind) +{ + OCSP_CRLID *a = in; + if (a->crlUrl) { + if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) + goto err; + if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (a->crlNum) { + if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) + goto err; + if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (a->crlTime) { + if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) + goto err; + if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + return 1; + err: + return 0; +} + +static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, + BIO *bp, int ind) +{ + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; + if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) + return 0; + return 1; +} + +static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, + int ind) +{ + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; + if (i2a_ASN1_OBJECT(bp, oid) <= 0) + return 0; + return 1; +} + +/* + * OCSP nonce. This is needs special treatment because it doesn't have an + * ASN1 encoding at all: it just contains arbitrary data. + */ + +static void *ocsp_nonce_new(void) +{ + return ASN1_OCTET_STRING_new(); +} + +static int i2d_ocsp_nonce(void *a, unsigned char **pp) +{ + ASN1_OCTET_STRING *os = a; + if (pp) { + memcpy(*pp, os->data, os->length); + *pp += os->length; + } + return os->length; +} + +static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) +{ + ASN1_OCTET_STRING *os, **pos; + pos = a; + if (!pos || !*pos) + os = ASN1_OCTET_STRING_new(); + else + os = *pos; + if (!ASN1_OCTET_STRING_set(os, *pp, length)) + goto err; + + *pp += length; + + if (pos) + *pos = os; + return os; + + err: + if (os && (!pos || (*pos != os))) + M_ASN1_OCTET_STRING_free(os); + OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); + return NULL; +} + +static void ocsp_nonce_free(void *a) +{ + M_ASN1_OCTET_STRING_free(a); +} + +static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent) +{ + if (BIO_printf(out, "%*s", indent, "") <= 0) + return 0; + if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) + return 0; + return 1; +} + +/* Nocheck is just a single NULL. Don't print anything and always set it */ + +static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, + BIO *out, int indent) +{ + return 1; +} + +static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str) +{ + return ASN1_NULL_new(); +} + +static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, + BIO *bp, int ind) +{ + int i; + OCSP_SERVICELOC *a = in; + ACCESS_DESCRIPTION *ad; + + if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) + goto err; + if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) + goto err; + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { + ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); + if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) + goto err; + if (BIO_puts(bp, " - ") <= 0) + goto err; + if (GENERAL_NAME_print(bp, ad->location) <= 0) + goto err; + } + return 1; + err: + return 0; +} +#endif diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c index 2c05edb8..12f12a76 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c @@ -1,12 +1,8 @@ +/* v3_pci.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * Contributed to the OpenSSL Project 2004 by Richard Levitte + * (richard@levitte.org) */ - /* Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. @@ -40,10 +36,9 @@ */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, BIO *out, int indent); @@ -91,7 +86,7 @@ static int process_pci_value(CONF_VALUE *val, X509V3_conf_err(val); return 0; } - if ((*language = OBJ_txt2obj(val->value, 0)) == NULL) { + if (!(*language = OBJ_txt2obj(val->value, 0))) { X509V3err(X509V3_F_PROCESS_PCI_VALUE, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); @@ -115,7 +110,7 @@ static int process_pci_value(CONF_VALUE *val, long val_len; if (!*policy) { *policy = ASN1_OCTET_STRING_new(); - if (*policy == NULL) { + if (!*policy) { X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); X509V3_conf_err(val); return 0; @@ -124,9 +119,11 @@ static int process_pci_value(CONF_VALUE *val, } if (strncmp(val->value, "hex:", 4) == 0) { unsigned char *tmp_data2 = - OPENSSL_hexstr2buf(val->value + 4, &val_len); + string_to_hex(val->value + 4, &val_len); if (!tmp_data2) { + X509V3err(X509V3_F_PROCESS_PCI_VALUE, + X509V3_R_ILLEGAL_HEX_DIGIT); X509V3_conf_err(val); goto err; } @@ -145,7 +142,6 @@ static int process_pci_value(CONF_VALUE *val, * realloc failure implies the original data space is b0rked * too! */ - OPENSSL_free((*policy)->data); (*policy)->data = NULL; (*policy)->length = 0; X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); @@ -153,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val, goto err; } OPENSSL_free(tmp_data2); +#ifndef OPENSSL_NO_STDIO } else if (strncmp(val->value, "file:", 5) == 0) { unsigned char buf[2048]; int n; @@ -170,16 +167,8 @@ static int process_pci_value(CONF_VALUE *val, tmp_data = OPENSSL_realloc((*policy)->data, (*policy)->length + n + 1); - if (!tmp_data) { - OPENSSL_free((*policy)->data); - (*policy)->data = NULL; - (*policy)->length = 0; - X509V3err(X509V3_F_PROCESS_PCI_VALUE, - ERR_R_MALLOC_FAILURE); - X509V3_conf_err(val); - BIO_free_all(b); - goto err; - } + if (!tmp_data) + break; (*policy)->data = tmp_data; memcpy(&(*policy)->data[(*policy)->length], buf, n); @@ -193,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val, X509V3_conf_err(val); goto err; } +#endif /* !OPENSSL_NO_STDIO */ } else if (strncmp(val->value, "text:", 5) == 0) { val_len = strlen(val->value + 5); tmp_data = OPENSSL_realloc((*policy)->data, @@ -208,7 +198,6 @@ static int process_pci_value(CONF_VALUE *val, * realloc failure implies the original data space is b0rked * too! */ - OPENSSL_free((*policy)->data); (*policy)->data = NULL; (*policy)->length = 0; X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); @@ -295,7 +284,7 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, } pci = PROXY_CERT_INFO_EXTENSION_new(); - if (pci == NULL) { + if (!pci) { X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE); goto err; } @@ -308,13 +297,22 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, pathlen = NULL; goto end; err: - ASN1_OBJECT_free(language); - ASN1_INTEGER_free(pathlen); - pathlen = NULL; - ASN1_OCTET_STRING_free(policy); - policy = NULL; - PROXY_CERT_INFO_EXTENSION_free(pci); - pci = NULL; + if (language) { + ASN1_OBJECT_free(language); + language = NULL; + } + if (pathlen) { + ASN1_INTEGER_free(pathlen); + pathlen = NULL; + } + if (policy) { + ASN1_OCTET_STRING_free(policy); + policy = NULL; + } + if (pci) { + PROXY_CERT_INFO_EXTENSION_free(pci); + pci = NULL; + } end: sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pci; diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c index e6f7a917..e53c82e8 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c @@ -1,12 +1,8 @@ +/* v3_pcia.c */ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * Contributed to the OpenSSL Project 2004 by Richard Levitte + * (richard@levitte.org) */ - /* Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c index 24f7ff49..cfccb97d 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c @@ -1,19 +1,68 @@ +/* v3_pcons.c */ /* - * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons, STACK_OF(CONF_VALUE) @@ -59,17 +108,16 @@ static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, POLICY_CONSTRAINTS *pcons = NULL; CONF_VALUE *val; int i; - - if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) { + if (!(pcons = POLICY_CONSTRAINTS_new())) { X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(values); i++) { val = sk_CONF_VALUE_value(values, i); - if (strcmp(val->name, "requireExplicitPolicy") == 0) { + if (!strcmp(val->name, "requireExplicitPolicy")) { if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy)) goto err; - } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) { + } else if (!strcmp(val->name, "inhibitPolicyMapping")) { if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping)) goto err; } else { diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c index ed82bca8..dd01c441 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c @@ -1,18 +1,67 @@ +/* v3_pku.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c index 73f4ec24..a168343b 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c @@ -1,18 +1,67 @@ +/* v3_pmaps.c */ /* - * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "ext_dat.h" static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); @@ -64,13 +113,13 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - POLICY_MAPPINGS *pmaps = NULL; - POLICY_MAPPING *pmap = NULL; - ASN1_OBJECT *obj1 = NULL, *obj2 = NULL; + POLICY_MAPPINGS *pmaps; + POLICY_MAPPING *pmap; + ASN1_OBJECT *obj1, *obj2; CONF_VALUE *val; int i; - if ((pmaps = sk_POLICY_MAPPING_new_null()) == NULL) { + if (!(pmaps = sk_POLICY_MAPPING_new_null())) { X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); return NULL; } @@ -78,33 +127,30 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); if (!val->value || !val->name) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); - goto err; + return NULL; } obj1 = OBJ_txt2obj(val->name, 0); obj2 = OBJ_txt2obj(val->value, 0); if (!obj1 || !obj2) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); - goto err; + return NULL; } pmap = POLICY_MAPPING_new(); - if (pmap == NULL) { + if (!pmap) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); - goto err; + return NULL; } pmap->issuerDomainPolicy = obj1; pmap->subjectDomainPolicy = obj2; - obj1 = obj2 = NULL; sk_POLICY_MAPPING_push(pmaps, pmap); } return pmaps; - err: - ASN1_OBJECT_free(obj1); - ASN1_OBJECT_free(obj2); - sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); - return NULL; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c index f384c342..acc9c6d9 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c @@ -1,22 +1,71 @@ +/* v3_prn.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ - /* X509 v3 extension utilities */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> /* Extension printing routines */ -static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, +static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported); /* Print out a name+value stack */ @@ -52,7 +101,7 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, char *tmp; len = strlen(nval->value) + 1; tmp = OPENSSL_malloc(len); - if (tmp != NULL) { + if (tmp) { ascii2ebcdic(tmp, nval->value, len); BIO_printf(out, "%s:%s", nval->name, tmp); OPENSSL_free(tmp); @@ -71,29 +120,26 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, { void *ext_str = NULL; char *value = NULL; - ASN1_OCTET_STRING *extoct; const unsigned char *p; - int extlen; const X509V3_EXT_METHOD *method; STACK_OF(CONF_VALUE) *nval = NULL; int ok = 1; - extoct = X509_EXTENSION_get_data(ext); - p = ASN1_STRING_get0_data(extoct); - extlen = ASN1_STRING_length(extoct); - - if ((method = X509V3_EXT_get(ext)) == NULL) - return unknown_ext_print(out, p, extlen, flag, indent, 0); + if (!(method = X509V3_EXT_get(ext))) + return unknown_ext_print(out, ext, flag, indent, 0); + p = ext->value->data; if (method->it) - ext_str = ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); + ext_str = + ASN1_item_d2i(NULL, &p, ext->value->length, + ASN1_ITEM_ptr(method->it)); else - ext_str = method->d2i(NULL, &p, extlen); + ext_str = method->d2i(NULL, &p, ext->value->length); if (!ext_str) - return unknown_ext_print(out, p, extlen, flag, indent, 1); + return unknown_ext_print(out, ext, flag, indent, 1); if (method->i2s) { - if ((value = method->i2s(method, ext_str)) == NULL) { + if (!(value = method->i2s(method, ext_str))) { ok = 0; goto err; } @@ -105,7 +151,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, char *tmp; len = strlen(value) + 1; tmp = OPENSSL_malloc(len); - if (tmp != NULL) { + if (tmp) { ascii2ebcdic(tmp, value, len); BIO_printf(out, "%*s%s", indent, "", tmp); OPENSSL_free(tmp); @@ -113,7 +159,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, } #endif } else if (method->i2v) { - if ((nval = method->i2v(method, ext_str, NULL)) == NULL) { + if (!(nval = method->i2v(method, ext_str, NULL))) { ok = 0; goto err; } @@ -127,7 +173,8 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, err: sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); - OPENSSL_free(value); + if (value) + OPENSSL_free(value); if (method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); else @@ -135,8 +182,8 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, return ok; } -int X509V3_extensions_print(BIO *bp, const char *title, - const STACK_OF(X509_EXTENSION) *exts, +int X509V3_extensions_print(BIO *bp, char *title, + STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent) { int i, j; @@ -162,7 +209,7 @@ int X509V3_extensions_print(BIO *bp, const char *title, return 0; if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) { BIO_printf(bp, "%*s", indent + 4, ""); - ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex)); + M_ASN1_OCTET_STRING_print(bp, ex->value); } if (BIO_write(bp, "\n", 1) <= 0) return 0; @@ -170,7 +217,7 @@ int X509V3_extensions_print(BIO *bp, const char *title, return 1; } -static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, +static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported) { switch (flag & X509V3_EXT_UNKNOWN_MASK) { @@ -186,22 +233,24 @@ static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, return 1; case X509V3_EXT_PARSE_UNKNOWN: - return ASN1_parse_dump(out, ext, extlen, indent, -1); + return ASN1_parse_dump(out, + ext->value->data, ext->value->length, indent, + -1); case X509V3_EXT_DUMP_UNKNOWN: - return BIO_dump_indent(out, (const char *)ext, extlen, indent); + return BIO_dump_indent(out, (char *)ext->value->data, + ext->value->length, indent); default: return 1; } } -#ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_FP_API int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) { BIO *bio_tmp; int ret; - - if ((bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) + if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0; ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); BIO_free(bio_tmp); diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c index 451e7f87..845be673 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c @@ -1,18 +1,66 @@ +/* v3_purp.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2001. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" -#include "internal/numbers.h" +#include "cryptlib.h" #include <openssl/x509v3.h> #include <openssl/x509_vfy.h> -#include "internal/x509_int.h" static void x509v3_cache_extensions(X509 *x); @@ -60,7 +108,9 @@ static X509_PURPOSE xstandard[] = { NULL}, }; -#define X509_PURPOSE_COUNT OSSL_NELEM(xstandard) +#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) + +IMPLEMENT_STACK_OF(X509_PURPOSE) static STACK_OF(X509_PURPOSE) *xptable = NULL; @@ -79,11 +129,10 @@ int X509_check_purpose(X509 *x, int id, int ca) int idx; const X509_PURPOSE *pt; if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_THREAD_write_lock(x->lock); + CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(x); - CRYPTO_THREAD_unlock(x->lock); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); } - /* Return if side-effect only call */ if (id == -1) return 1; idx = X509_PURPOSE_get_by_id(id); @@ -119,13 +168,13 @@ X509_PURPOSE *X509_PURPOSE_get0(int idx) return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); } -int X509_PURPOSE_get_by_sname(const char *sname) +int X509_PURPOSE_get_by_sname(char *sname) { int i; X509_PURPOSE *xptmp; for (i = 0; i < X509_PURPOSE_get_count(); i++) { xptmp = X509_PURPOSE_get0(i); - if (strcmp(xptmp->sname, sname) == 0) + if (!strcmp(xptmp->sname, sname)) return i; } return -1; @@ -148,7 +197,7 @@ int X509_PURPOSE_get_by_id(int purpose) int X509_PURPOSE_add(int id, int trust, int flags, int (*ck) (const X509_PURPOSE *, const X509 *, int), - const char *name, const char *sname, void *arg) + char *name, char *sname, void *arg) { int idx; X509_PURPOSE *ptmp; @@ -162,7 +211,7 @@ int X509_PURPOSE_add(int id, int trust, int flags, idx = X509_PURPOSE_get_by_id(id); /* Need a new entry */ if (idx == -1) { - if ((ptmp = OPENSSL_malloc(sizeof(*ptmp))) == NULL) { + if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); return 0; } @@ -176,11 +225,11 @@ int X509_PURPOSE_add(int id, int trust, int flags, OPENSSL_free(ptmp->sname); } /* dup supplied name */ - ptmp->name = OPENSSL_strdup(name); - ptmp->sname = OPENSSL_strdup(sname); + ptmp->name = BUF_strdup(name); + ptmp->sname = BUF_strdup(sname); if (!ptmp->name || !ptmp->sname) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); - goto err; + return 0; } /* Keep the dynamic flag of existing entry */ ptmp->flags &= X509_PURPOSE_DYNAMIC; @@ -194,24 +243,16 @@ int X509_PURPOSE_add(int id, int trust, int flags, /* If its a new entry manage the dynamic table */ if (idx == -1) { - if (xptable == NULL - && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) { + if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); - goto err; + return 0; } if (!sk_X509_PURPOSE_push(xptable, ptmp)) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); - goto err; + return 0; } } return 1; - err: - if (idx == -1) { - OPENSSL_free(ptmp->name); - OPENSSL_free(ptmp->sname); - OPENSSL_free(ptmp); - } - return 0; } static void xptable_free(X509_PURPOSE *p) @@ -229,26 +270,29 @@ static void xptable_free(X509_PURPOSE *p) void X509_PURPOSE_cleanup(void) { + unsigned int i; sk_X509_PURPOSE_pop_free(xptable, xptable_free); + for (i = 0; i < X509_PURPOSE_COUNT; i++) + xptable_free(xstandard + i); xptable = NULL; } -int X509_PURPOSE_get_id(const X509_PURPOSE *xp) +int X509_PURPOSE_get_id(X509_PURPOSE *xp) { return xp->purpose; } -char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp) +char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) { return xp->name; } -char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) +char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) { return xp->sname; } -int X509_PURPOSE_get_trust(const X509_PURPOSE *xp) +int X509_PURPOSE_get_trust(X509_PURPOSE *xp) { return xp->trust; } @@ -294,7 +338,8 @@ int X509_supported_extension(X509_EXTENSION *ex) if (ex_nid == NID_undef) return 0; - if (OBJ_bsearch_nid(&ex_nid, supported_nids, OSSL_NELEM(supported_nids))) + if (OBJ_bsearch_nid(&ex_nid, supported_nids, + sizeof(supported_nids) / sizeof(int))) return 1; return 0; } @@ -355,7 +400,9 @@ static void x509v3_cache_extensions(X509 *x) int i; if (x->ex_flags & EXFLAG_SET) return; +#ifndef OPENSSL_NO_SHA X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); +#endif /* V1 should mean no extensions ... */ if (!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; @@ -528,22 +575,12 @@ static int check_ca(const X509 *x) } } -void X509_set_proxy_flag(X509 *x) -{ - x->ex_flags |= EXFLAG_PROXY; -} - -void X509_set_proxy_pathlen(X509 *x, long l) -{ - x->ex_pcpathlen = l; -} - int X509_check_ca(X509 *x) { if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_THREAD_write_lock(x->lock); + CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(x); - CRYPTO_THREAD_unlock(x->lock); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); } return check_ca(x); @@ -725,7 +762,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, return 0; /* Extended Key Usage MUST be critical */ - i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1); + i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1); if (i_ext >= 0) { X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext); if (!X509_EXTENSION_get_critical(ext)) @@ -813,53 +850,3 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) } return X509_V_OK; } - -uint32_t X509_get_extension_flags(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); - return x->ex_flags; -} - -uint32_t X509_get_key_usage(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); - if (x->ex_flags & EXFLAG_KUSAGE) - return x->ex_kusage; - return UINT32_MAX; -} - -uint32_t X509_get_extended_key_usage(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); - if (x->ex_flags & EXFLAG_XKUSAGE) - return x->ex_xkusage; - return UINT32_MAX; -} - -const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); - return x->skid; -} - -long X509_get_pathlen(X509 *x) -{ - /* Called for side effect of caching extensions */ - if (X509_check_purpose(x, -1, -1) != 1 - || (x->ex_flags & EXFLAG_BCONS) == 0) - return -1; - return x->ex_pathlen; -} - -long X509_get_proxy_pathlen(X509 *x) -{ - /* Called for side effect of caching extensions */ - if (X509_check_purpose(x, -1, -1) != 1 - || (x->ex_flags & EXFLAG_PROXY) == 0) - return -1; - return x->ex_pcpathlen; -} diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c index 39597dc4..1cede047 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c @@ -1,17 +1,65 @@ +/* v3_skey.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/x509v3.h> -#include "internal/x509_int.h" -#include "ext_dat.h" static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); @@ -24,25 +72,24 @@ const X509V3_EXT_METHOD v3_skey_id = { NULL }; -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - const ASN1_OCTET_STRING *oct) +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) { - return OPENSSL_buf2hexstr(oct->data, oct->length); + return hex_to_string(oct->data, oct->length); } ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str) + X509V3_CTX *ctx, char *str) { ASN1_OCTET_STRING *oct; long length; - if ((oct = ASN1_OCTET_STRING_new()) == NULL) { + if (!(oct = M_ASN1_OCTET_STRING_new())) { X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); return NULL; } - if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) { - ASN1_OCTET_STRING_free(oct); + if (!(oct->data = string_to_hex(str, &length))) { + M_ASN1_OCTET_STRING_free(oct); return NULL; } @@ -56,16 +103,14 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str) { ASN1_OCTET_STRING *oct; - X509_PUBKEY *pubkey; - const unsigned char *pk; - int pklen; + ASN1_BIT_STRING *pk; unsigned char pkey_dig[EVP_MAX_MD_SIZE]; unsigned int diglen; if (strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); - if ((oct = ASN1_OCTET_STRING_new()) == NULL) { + if (!(oct = M_ASN1_OCTET_STRING_new())) { X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); return NULL; } @@ -79,21 +124,20 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, } if (ctx->subject_req) - pubkey = ctx->subject_req->req_info.pubkey; + pk = ctx->subject_req->req_info->pubkey->public_key; else - pubkey = ctx->subject_cert->cert_info.key; + pk = ctx->subject_cert->cert_info->key->public_key; - if (pubkey == NULL) { + if (!pk) { X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY); goto err; } - X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey); - - if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL)) + if (!EVP_Digest + (pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL)) goto err; - if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { + if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); goto err; } @@ -101,6 +145,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, return oct; err: - ASN1_OCTET_STRING_free(oct); + M_ASN1_OCTET_STRING_free(oct); return NULL; } diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c index 89cda01b..a4e6a93e 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c @@ -1,19 +1,68 @@ +/* v3_sxnet.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509v3.h> -#include "ext_dat.h" /* Support for Thawte strong extranet extension */ @@ -68,7 +117,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, tmp = i2s_ASN1_INTEGER(NULL, id->zone); BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); OPENSSL_free(tmp); - ASN1_STRING_print(out, id->user); + M_ASN1_OCTET_STRING_print(out, id->user); } return 1; } @@ -101,11 +150,10 @@ static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, /* Add an id given the zone as an ASCII number */ -int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen) +int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) { - ASN1_INTEGER *izone; - - if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { + ASN1_INTEGER *izone = NULL; + if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); return 0; } @@ -114,15 +162,13 @@ int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userle /* Add an id given the zone as an unsigned long */ -int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen) { - ASN1_INTEGER *izone; - - if ((izone = ASN1_INTEGER_new()) == NULL - || !ASN1_INTEGER_set(izone, lzone)) { + ASN1_INTEGER *izone = NULL; + if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE); - ASN1_INTEGER_free(izone); + M_ASN1_INTEGER_free(izone); return 0; } return SXNET_add_id_INTEGER(psx, izone, user, userlen); @@ -134,7 +180,7 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, * passed integer and doesn't make a copy so don't free it up afterwards. */ -int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, int userlen) { SXNET *sx = NULL; @@ -150,8 +196,8 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG); return 0; } - if (*psx == NULL) { - if ((sx = SXNET_new()) == NULL) + if (!*psx) { + if (!(sx = SXNET_new())) goto err; if (!ASN1_INTEGER_set(sx->version, 0)) goto err; @@ -163,12 +209,12 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, return 0; } - if ((id = SXNETID_new()) == NULL) + if (!(id = SXNETID_new())) goto err; if (userlen == -1) userlen = strlen(user); - if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen)) + if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; if (!sk_SXNETID_push(sx->ids, id)) goto err; @@ -183,33 +229,30 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, return 0; } -ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone) +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) { - ASN1_INTEGER *izone; + ASN1_INTEGER *izone = NULL; ASN1_OCTET_STRING *oct; - - if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { + if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); return NULL; } oct = SXNET_get_id_INTEGER(sx, izone); - ASN1_INTEGER_free(izone); + M_ASN1_INTEGER_free(izone); return oct; } ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) { - ASN1_INTEGER *izone; + ASN1_INTEGER *izone = NULL; ASN1_OCTET_STRING *oct; - - if ((izone = ASN1_INTEGER_new()) == NULL - || !ASN1_INTEGER_set(izone, lzone)) { + if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE); - ASN1_INTEGER_free(izone); + M_ASN1_INTEGER_free(izone); return NULL; } oct = SXNET_get_id_INTEGER(sx, izone); - ASN1_INTEGER_free(izone); + M_ASN1_INTEGER_free(izone); return oct; } @@ -219,8 +262,12 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) int i; for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); - if (!ASN1_INTEGER_cmp(id->zone, zone)) + if (!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user; } return NULL; } + +IMPLEMENT_STACK_OF(SXNETID) + +IMPLEMENT_ASN1_SET_OF(SXNETID) diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c deleted file mode 100644 index fec67243..00000000 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include "internal/cryptlib.h" -#include "internal/o_str.h" -#include <openssl/asn1t.h> -#include <openssl/conf.h> -#include <openssl/x509v3.h> -#include "ext_dat.h" - -static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, - TLS_FEATURE *tls_feature, - STACK_OF(CONF_VALUE) *ext_list); -static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); - -ASN1_ITEM_TEMPLATE(TLS_FEATURE) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER) -static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE) - -IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) - -const X509V3_EXT_METHOD v3_tls_feature = { - NID_tlsfeature, 0, - ASN1_ITEM_ref(TLS_FEATURE), - 0, 0, 0, 0, - 0, 0, - (X509V3_EXT_I2V)i2v_TLS_FEATURE, - (X509V3_EXT_V2I)v2i_TLS_FEATURE, - 0, 0, - NULL -}; - - -typedef struct { - long num; - const char *name; -} TLS_FEATURE_NAME; - -static TLS_FEATURE_NAME tls_feature_tbl[] = { - { 5, "status_request" }, - { 17, "status_request_v2" } -}; - -/* - * i2v_TLS_FEATURE converts the TLS_FEATURE structure tls_feature into the - * STACK_OF(CONF_VALUE) structure ext_list. STACK_OF(CONF_VALUE) is the format - * used by the CONF library to represent a multi-valued extension. ext_list is - * returned. - */ -static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, - TLS_FEATURE *tls_feature, - STACK_OF(CONF_VALUE) *ext_list) -{ - int i; - size_t j; - ASN1_INTEGER *ai; - long tlsextid; - for (i = 0; i < sk_ASN1_INTEGER_num(tls_feature); i++) { - ai = sk_ASN1_INTEGER_value(tls_feature, i); - tlsextid = ASN1_INTEGER_get(ai); - for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) - if (tlsextid == tls_feature_tbl[j].num) - break; - if (j < OSSL_NELEM(tls_feature_tbl)) - X509V3_add_value(NULL, tls_feature_tbl[j].name, &ext_list); - else - X509V3_add_value_int(NULL, ai, &ext_list); - } - return ext_list; -} - -/* - * v2i_TLS_FEATURE converts the multi-valued extension nval into a TLS_FEATURE - * structure, which is returned if the conversion is successful. In case of - * error, NULL is returned. - */ -static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ - TLS_FEATURE *tlsf; - char *extval, *endptr; - ASN1_INTEGER *ai; - CONF_VALUE *val; - int i; - size_t j; - long tlsextid; - - if ((tlsf = sk_ASN1_INTEGER_new_null()) == NULL) { - X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - if (val->value) - extval = val->value; - else - extval = val->name; - - for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) - if (strcasecmp(extval, tls_feature_tbl[j].name) == 0) - break; - if (j < OSSL_NELEM(tls_feature_tbl)) - tlsextid = tls_feature_tbl[j].num; - else { - tlsextid = strtol(extval, &endptr, 10); - if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) || - (tlsextid > 65535)) { - X509V3err(X509V3_F_V2I_TLS_FEATURE, X509V3_R_INVALID_SYNTAX); - X509V3_conf_err(val); - goto err; - } - } - - ai = ASN1_INTEGER_new(); - if (ai == NULL) { - X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); - goto err; - } - ASN1_INTEGER_set(ai, tlsextid); - sk_ASN1_INTEGER_push(tlsf, ai); - } - return tlsf; - - err: - sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free); - return NULL; -} diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c index 7dc9a453..43b9cb9c 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c @@ -1,29 +1,76 @@ +/* v3_utl.c */ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ - /* X509 v3 extension utilities */ #include <stdio.h> #include <ctype.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" #include <openssl/bn.h> -#include "ext_dat.h" static char *strip_spaces(char *name); static int sk_strcmp(const char *const *a, const char *const *b); static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens); static void str_free(OPENSSL_STRING str); -static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email); +static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email); static int ipv4_from_asc(unsigned char *v4, const char *in); static int ipv6_from_asc(unsigned char *v6, const char *in); @@ -37,14 +84,13 @@ int X509V3_add_value(const char *name, const char *value, { CONF_VALUE *vtmp = NULL; char *tname = NULL, *tvalue = NULL; - - if (name && (tname = OPENSSL_strdup(name)) == NULL) + if (name && !(tname = BUF_strdup(name))) goto err; - if (value && (tvalue = OPENSSL_strdup(value)) == NULL) + if (value && !(tvalue = BUF_strdup(value))) goto err; - if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) + if (!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err; - if (*extlist == NULL && (*extlist = sk_CONF_VALUE_new_null()) == NULL) + if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err; vtmp->section = NULL; vtmp->name = tname; @@ -54,9 +100,12 @@ int X509V3_add_value(const char *name, const char *value, return 1; err: X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE); - OPENSSL_free(vtmp); - OPENSSL_free(tname); - OPENSSL_free(tvalue); + if (vtmp) + OPENSSL_free(vtmp); + if (tname) + OPENSSL_free(tname); + if (tvalue) + OPENSSL_free(tvalue); return 0; } @@ -72,9 +121,12 @@ void X509V3_conf_free(CONF_VALUE *conf) { if (!conf) return; - OPENSSL_free(conf->name); - OPENSSL_free(conf->value); - OPENSSL_free(conf->section); + if (conf->name) + OPENSSL_free(conf->name); + if (conf->value) + OPENSSL_free(conf->value); + if (conf->section) + OPENSSL_free(conf->section); OPENSSL_free(conf); } @@ -86,7 +138,7 @@ int X509V3_add_value_bool(const char *name, int asn1_bool, return X509V3_add_value(name, "FALSE", extlist); } -int X509V3_add_value_bool_nf(const char *name, int asn1_bool, +int X509V3_add_value_bool_nf(char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist) { if (asn1_bool) @@ -94,49 +146,43 @@ int X509V3_add_value_bool_nf(const char *name, int asn1_bool, return 1; } -char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a) +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) { BIGNUM *bntmp = NULL; char *strtmp = NULL; - if (!a) return NULL; - if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL - || (strtmp = BN_bn2dec(bntmp)) == NULL) + if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || + !(strtmp = BN_bn2dec(bntmp))) X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; } -char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a) +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) { BIGNUM *bntmp = NULL; char *strtmp = NULL; - if (!a) return NULL; - if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL - || (strtmp = BN_bn2dec(bntmp)) == NULL) + if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || + !(strtmp = BN_bn2dec(bntmp))) X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; } -ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) { BIGNUM *bn = NULL; ASN1_INTEGER *aint; int isneg, ishex; int ret; - if (value == NULL) { + if (!value) { X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE); - return NULL; + return 0; } bn = BN_new(); - if (bn == NULL) { - X509V3err(X509V3_F_S2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); - return NULL; - } if (value[0] == '-') { value++; isneg = 1; @@ -157,7 +203,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) if (!ret || value[ret]) { BN_free(bn); X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR); - return NULL; + return 0; } if (isneg && BN_is_zero(bn)) @@ -168,49 +214,40 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) if (!aint) { X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_TO_ASN1_INTEGER_ERROR); - return NULL; + return 0; } if (isneg) aint->type |= V_ASN1_NEG; return aint; } -int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, +int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, STACK_OF(CONF_VALUE) **extlist) { char *strtmp; int ret; - if (!aint) return 1; - if ((strtmp = i2s_ASN1_INTEGER(NULL, aint)) == NULL) + if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; ret = X509V3_add_value(name, strtmp, extlist); OPENSSL_free(strtmp); return ret; } -int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) +int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) { - const char *btmp; - - if ((btmp = value->value) == NULL) + char *btmp; + if (!(btmp = value->value)) goto err; - if (strcmp(btmp, "TRUE") == 0 - || strcmp(btmp, "true") == 0 - || strcmp(btmp, "Y") == 0 - || strcmp(btmp, "y") == 0 - || strcmp(btmp, "YES") == 0 - || strcmp(btmp, "yes") == 0) { + if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") + || !strcmp(btmp, "Y") || !strcmp(btmp, "y") + || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { *asn1_bool = 0xff; return 1; - } - if (strcmp(btmp, "FALSE") == 0 - || strcmp(btmp, "false") == 0 - || strcmp(btmp, "N") == 0 - || strcmp(btmp, "n") == 0 - || strcmp(btmp, "NO") == 0 - || strcmp(btmp, "no") == 0) { + } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") + || !strcmp(btmp, "N") || !strcmp(btmp, "n") + || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { *asn1_bool = 0; return 1; } @@ -221,11 +258,10 @@ int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) return 0; } -int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint) +int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) { ASN1_INTEGER *itmp; - - if ((itmp = s2i_ASN1_INTEGER(NULL, value->value)) == NULL) { + if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { X509V3_conf_err(value); return 0; } @@ -248,7 +284,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) char *linebuf; int state; /* We are going to modify the line so copy it first */ - linebuf = OPENSSL_strdup(line); + linebuf = BUF_strdup(line); if (linebuf == NULL) { X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE); goto err; @@ -275,6 +311,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) *p = 0; ntmp = strip_spaces(q); q = p + 1; +#if 0 + printf("%s\n", ntmp); +#endif if (!ntmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); @@ -289,6 +328,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) state = HDR_NAME; *p = 0; vtmp = strip_spaces(q); +#if 0 + printf("%s\n", ntmp); +#endif if (!vtmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); @@ -304,6 +346,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) if (state == HDR_VALUE) { vtmp = strip_spaces(q); +#if 0 + printf("%s=%s\n", ntmp, vtmp); +#endif if (!vtmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); @@ -312,6 +357,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) X509V3_add_value(ntmp, vtmp, &values); } else { ntmp = strip_spaces(q); +#if 0 + printf("%s\n", ntmp); +#endif if (!ntmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); goto err; @@ -348,6 +396,109 @@ static char *strip_spaces(char *name) return p; } +/* hex string utilities */ + +/* + * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its + * hex representation @@@ (Contents of buffer are always kept in ASCII, also + * on EBCDIC machines) + */ + +char *hex_to_string(const unsigned char *buffer, long len) +{ + char *tmp, *q; + const unsigned char *p; + int i; + const static char hexdig[] = "0123456789ABCDEF"; + if (!buffer || !len) + return NULL; + if (!(tmp = OPENSSL_malloc(len * 3 + 1))) { + X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE); + return NULL; + } + q = tmp; + for (i = 0, p = buffer; i < len; i++, p++) { + *q++ = hexdig[(*p >> 4) & 0xf]; + *q++ = hexdig[*p & 0xf]; + *q++ = ':'; + } + q[-1] = 0; +#ifdef CHARSET_EBCDIC + ebcdic2ascii(tmp, tmp, q - tmp - 1); +#endif + + return tmp; +} + +/* + * Give a string of hex digits convert to a buffer + */ + +unsigned char *string_to_hex(const char *str, long *len) +{ + unsigned char *hexbuf, *q; + unsigned char ch, cl, *p; + if (!str) { + X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_INVALID_NULL_ARGUMENT); + return NULL; + } + if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) + goto err; + for (p = (unsigned char *)str, q = hexbuf; *p;) { + ch = *p++; +#ifdef CHARSET_EBCDIC + ch = os_toebcdic[ch]; +#endif + if (ch == ':') + continue; + cl = *p++; +#ifdef CHARSET_EBCDIC + cl = os_toebcdic[cl]; +#endif + if (!cl) { + X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ODD_NUMBER_OF_DIGITS); + OPENSSL_free(hexbuf); + return NULL; + } + if (isupper(ch)) + ch = tolower(ch); + if (isupper(cl)) + cl = tolower(cl); + + if ((ch >= '0') && (ch <= '9')) + ch -= '0'; + else if ((ch >= 'a') && (ch <= 'f')) + ch -= 'a' - 10; + else + goto badhex; + + if ((cl >= '0') && (cl <= '9')) + cl -= '0'; + else if ((cl >= 'a') && (cl <= 'f')) + cl -= 'a' - 10; + else + goto badhex; + + *q++ = (ch << 4) | cl; + } + + if (len) + *len = q - hexbuf; + + return hexbuf; + + err: + if (hexbuf) + OPENSSL_free(hexbuf); + X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE); + return NULL; + + badhex: + OPENSSL_free(hexbuf); + X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT); + return NULL; + +} /* * V2I name comparison function: returns zero if 'name' matches cmp or cmp.* @@ -452,7 +603,7 @@ static void str_free(OPENSSL_STRING str) OPENSSL_free(str); } -static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email) +static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) { char *emtmp; /* First some sanity checks */ @@ -460,16 +611,15 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email return 1; if (!email->data || !email->length) return 1; - if (*sk == NULL) + if (!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp); - if (*sk == NULL) + if (!*sk) return 0; /* Don't add duplicates */ if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1; - emtmp = OPENSSL_strdup((char *)email->data); - if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { - OPENSSL_free(emtmp); /* free on push failure */ + emtmp = BUF_strdup((char *)email->data); + if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { X509_email_free(*sk); *sk = NULL; return 0; @@ -488,7 +638,7 @@ typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len, /* Skip pattern prefix to match "wildcard" subject */ static void skip_prefix(const unsigned char **p, size_t *plen, - size_t subject_len, + const unsigned char *subject, size_t subject_len, unsigned int flags) { const unsigned char *pattern = *p; @@ -523,7 +673,7 @@ static int equal_nocase(const unsigned char *pattern, size_t pattern_len, const unsigned char *subject, size_t subject_len, unsigned int flags) { - skip_prefix(&pattern, &pattern_len, subject_len, flags); + skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); if (pattern_len != subject_len) return 0; while (pattern_len) { @@ -552,7 +702,7 @@ static int equal_case(const unsigned char *pattern, size_t pattern_len, const unsigned char *subject, size_t subject_len, unsigned int flags) { - skip_prefix(&pattern, &pattern_len, subject_len, flags); + skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); if (pattern_len != subject_len) return 0; return !memcmp(pattern, subject, pattern_len); @@ -735,7 +885,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len, * to UTF8. */ -static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, +static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, unsigned int flags, const char *b, size_t blen, char **peername) { @@ -751,7 +901,7 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, else if (a->length == (int)blen && !memcmp(a->data, b, blen)) rv = 1; if (rv > 0 && peername) - *peername = OPENSSL_strndup((char *)a->data, a->length); + *peername = BUF_strndup((char *)a->data, a->length); } else { int astrlen; unsigned char *astr; @@ -765,7 +915,7 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, } rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); if (rv > 0 && peername) - *peername = OPENSSL_strndup((char *)astr, astrlen); + *peername = BUF_strndup((char *)astr, astrlen); OPENSSL_free(astr); } return rv; @@ -830,20 +980,23 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, GENERAL_NAMES_free(gens); if (rv != 0) return rv; - if (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)) + if (cnid == NID_undef + || (san_present + && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))) return 0; } /* We're done if CN-ID is not pertinent */ - if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT)) + if (cnid == NID_undef) return 0; i = -1; name = X509_get_subject_name(x); while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) { - const X509_NAME_ENTRY *ne = X509_NAME_get_entry(name, i); - const ASN1_STRING *str = X509_NAME_ENTRY_get_data(ne); - + X509_NAME_ENTRY *ne; + ASN1_STRING *str; + ne = X509_NAME_get_entry(name, i); + str = X509_NAME_ENTRY_get_data(ne); /* Positive on success, negative on error! */ if ((rv = do_check_string(str, -1, equal, flags, chk, chklen, peername)) != 0) @@ -930,7 +1083,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) return NULL; ret = ASN1_OCTET_STRING_new(); - if (ret == NULL) + if (!ret) return NULL; if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) { ASN1_OCTET_STRING_free(ret); @@ -948,7 +1101,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) p = strchr(ipasc, '/'); if (!p) return NULL; - iptmp = OPENSSL_strdup(ipasc); + iptmp = BUF_strdup(ipasc); if (!iptmp) return NULL; p = iptmp + (p - ipasc); @@ -968,7 +1121,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) goto err; ret = ASN1_OCTET_STRING_new(); - if (ret == NULL) + if (!ret) goto err; if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) goto err; @@ -976,8 +1129,10 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) return ret; err: - OPENSSL_free(iptmp); - ASN1_OCTET_STRING_free(ret); + if (iptmp) + OPENSSL_free(iptmp); + if (ret) + ASN1_OCTET_STRING_free(ret); return NULL; } @@ -1129,17 +1284,19 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen) { unsigned char c; unsigned int num = 0; - int x; - if (inlen > 4) return 0; while (inlen--) { c = *in++; num <<= 4; - x = OPENSSL_hexchar2int(c); - if (x < 0) + if ((c >= '0') && (c <= '9')) + num |= c - '0'; + else if ((c >= 'A') && (c <= 'F')) + num |= c - 'A' + 10; + else if ((c >= 'a') && (c <= 'f')) + num |= c - 'a' + 10; + else return 0; - num |= (char)x; } out[0] = num >> 8; out[1] = num & 0xff; @@ -1150,7 +1307,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, unsigned long chtype) { CONF_VALUE *v; - int i, mval, spec_char, plus_char; + int i, mval; char *p, *type; if (!nm) return 0; @@ -1161,26 +1318,25 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, /* * Skip past any leading X. X: X, etc to allow for multiple instances */ - for (p = type; *p; p++) { + for (p = type; *p; p++) #ifndef CHARSET_EBCDIC - spec_char = ((*p == ':') || (*p == ',') || (*p == '.')); + if ((*p == ':') || (*p == ',') || (*p == '.')) #else - spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[',']) - || (*p == os_toascii['.'])); + if ((*p == os_toascii[':']) || (*p == os_toascii[',']) + || (*p == os_toascii['.'])) #endif - if (spec_char) { + { p++; if (*p) type = p; break; } - } #ifndef CHARSET_EBCDIC - plus_char = (*type == '+'); + if (*type == '+') #else - plus_char = (*type == os_toascii['+']); + if (*type == os_toascii['+']) #endif - if (plus_char) { + { mval = -1; type++; } else diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c index 5d79c8c6..bcc1be72 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c @@ -1,11 +1,62 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/x509v3/v3err.c */ +/* ==================================================================== + * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. */ #include <stdio.h> @@ -20,62 +71,68 @@ static ERR_STRING_DATA X509V3_str_functs[] = { {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "a2i_GENERAL_NAME"}, - {ERR_FUNC(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL), - "addr_validate_path_internal"}, {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), - "ASIdentifierChoice_canonize"}, + "ASIDENTIFIERCHOICE_CANONIZE"}, {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), - "ASIdentifierChoice_is_canonical"}, - {ERR_FUNC(X509V3_F_COPY_EMAIL), "copy_email"}, - {ERR_FUNC(X509V3_F_COPY_ISSUER), "copy_issuer"}, - {ERR_FUNC(X509V3_F_DO_DIRNAME), "do_dirname"}, - {ERR_FUNC(X509V3_F_DO_EXT_I2D), "do_ext_i2d"}, - {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "do_ext_nconf"}, - {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "gnames_from_sectname"}, + "ASIDENTIFIERCHOICE_IS_CANONICAL"}, + {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, + {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, + {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, + {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, + {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, + {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, + {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "GNAMES_FROM_SECTNAME"}, + {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, - {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "i2s_ASN1_IA5STRING"}, + {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), - "i2v_AUTHORITY_INFO_ACCESS"}, - {ERR_FUNC(X509V3_F_NOTICE_SECTION), "notice_section"}, - {ERR_FUNC(X509V3_F_NREF_NOS), "nref_nos"}, - {ERR_FUNC(X509V3_F_POLICY_SECTION), "policy_section"}, - {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "process_pci_value"}, - {ERR_FUNC(X509V3_F_R2I_CERTPOL), "r2i_certpol"}, - {ERR_FUNC(X509V3_F_R2I_PCI), "r2i_pci"}, - {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "s2i_ASN1_IA5STRING"}, + "I2V_AUTHORITY_INFO_ACCESS"}, + {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, + {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, + {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, + {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, + {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, + {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, + {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, - {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "s2i_skey_id"}, - {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "set_dist_point_name"}, + {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, + {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, + {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "SET_DIST_POINT_NAME"}, + {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, - {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "v2i_ASIdentifiers"}, + {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"}, {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), - "v2i_AUTHORITY_INFO_ACCESS"}, - {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "v2i_AUTHORITY_KEYID"}, - {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "v2i_BASIC_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_CRLD), "v2i_crld"}, - {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "v2i_EXTENDED_KEY_USAGE"}, + "V2I_AUTHORITY_INFO_ACCESS"}, + {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, + {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, + {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, - {ERR_FUNC(X509V3_F_V2I_IDP), "v2i_idp"}, - {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "v2i_IPAddrBlocks"}, - {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "v2i_issuer_alt"}, - {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "v2i_NAME_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "v2i_POLICY_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "v2i_POLICY_MAPPINGS"}, - {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "v2i_subject_alt"}, - {ERR_FUNC(X509V3_F_V2I_TLS_FEATURE), "v2i_TLS_FEATURE"}, - {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "v3_generic_extension"}, + {ERR_FUNC(X509V3_F_V2I_IDP), "V2I_IDP"}, + {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, + {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, + {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, + {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, + {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), + "V3_ADDR_VALIDATE_PATH_INTERNAL"}, + {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_FREE), "X509V3_EXT_free"}, {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, @@ -93,6 +150,8 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"}, {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR), "bn to asn1 integer error"}, + {ERR_REASON(X509V3_R_CANNOT_FIND_FREE_FUNCTION), + "cannot find free function"}, {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"}, {ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET), "distpoint already set"}, {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"}, @@ -108,6 +167,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { "extension setting not supported"}, {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"}, {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"}, + {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"}, {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), "incorrect policy syntax tag"}, {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"}, @@ -147,6 +207,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { "no proxy cert policy language defined"}, {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"}, {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"}, + {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"}, {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"}, {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), @@ -154,6 +215,8 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"}, {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), "policy path length already defined"}, + {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED), + "policy syntax not currently supported"}, {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), "policy when proxy language requires no policy"}, {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"}, @@ -174,7 +237,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { #endif -int ERR_load_X509V3_strings(void) +void ERR_load_X509V3_strings(void) { #ifndef OPENSSL_NO_ERR @@ -183,5 +246,4 @@ int ERR_load_X509V3_strings(void) ERR_load_strings(0, X509V3_str_reasons); } #endif - return 1; } |