#include <stdio.h>
#include "cryptlib.h"
-#include "conf.h"
-#include "asn1.h"
-#include "asn1_mac.h"
-#include "x509v3.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509v3.h>
/* Certificate policies extension support: this one is a bit complex... */
static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
static void print_notice(BIO *out, USERNOTICE *notice, int indent);
-static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs);
-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot);
-static STACK *nref_nos(STACK *nos);
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *polstrs, int ia5org);
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *unot, int ia5org);
+static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos);
X509V3_EXT_METHOD v3_cpols = {
NID_certificate_policies, 0,
(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new,
-CERTIFICATEPOLICIES_free,
+(X509V3_EXT_FREE)CERTIFICATEPOLICIES_free,
(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES,
-i2d_CERTIFICATEPOLICIES,
+(X509V3_EXT_I2D)i2d_CERTIFICATEPOLICIES,
NULL, NULL,
NULL, NULL,
(X509V3_EXT_I2R)i2r_certpol,
};
-/*
- * ASN1err(ASN1_F_POLICYINFO_NEW,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_D2I_POLICYINFO,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_POLICYQUALINFO_NEW,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_D2I_POLICYQUALINFO,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_USERNOTICE_NEW,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_D2I_USERNOTICE,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_NOTICEREF_NEW,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_D2I_NOTICEREF,ERR_R_MALLOC_FAILURE);
- */
-
-static STACK_OF(POLICYINFO) *r2i_certpol(method, ctx, value)
-X509V3_EXT_METHOD *method;
-X509V3_CTX *ctx;
-char *value;
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, char *value)
{
STACK_OF(POLICYINFO) *pols = NULL;
char *pstr;
POLICYINFO *pol;
ASN1_OBJECT *pobj;
- STACK *vals;
+ STACK_OF(CONF_VALUE) *vals;
CONF_VALUE *cnf;
- int i;
+ int i, ia5org;
pols = sk_POLICYINFO_new_null();
vals = X509V3_parse_list(value);
- for(i = 0; i < sk_num(vals); i++) {
- cnf = (CONF_VALUE *)sk_value(vals, i);
+ ia5org = 0;
+ for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+ cnf = sk_CONF_VALUE_value(vals, i);
if(cnf->value || !cnf->name ) {
X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
X509V3_conf_err(cnf);
goto err;
}
pstr = cnf->name;
- if(*pstr == '@') {
- STACK *polsect;
+ if(!strcmp(pstr,"ia5org")) {
+ ia5org = 1;
+ continue;
+ } else if(*pstr == '@') {
+ STACK_OF(CONF_VALUE) *polsect;
polsect = X509V3_get_section(ctx, pstr + 1);
if(!polsect) {
X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
X509V3_conf_err(cnf);
goto err;
}
- pol = policy_section(ctx, polsect);
+ pol = policy_section(ctx, polsect, ia5org);
X509V3_section_free(ctx, polsect);
if(!pol) goto err;
} else {
}
sk_POLICYINFO_push(pols, pol);
}
- sk_pop_free(vals, X509V3_conf_free);
+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
return pols;
err:
sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
return NULL;
}
-static POLICYINFO *policy_section(ctx, polstrs)
-X509V3_CTX *ctx;
-STACK *polstrs;
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *polstrs, int ia5org)
{
int i;
CONF_VALUE *cnf;
POLICYINFO *pol;
POLICYQUALINFO *qual;
if(!(pol = POLICYINFO_new())) goto merr;
- for(i = 0; i < sk_num(polstrs); i++) {
- cnf = (CONF_VALUE *)sk_value(polstrs, i);
+ for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
+ cnf = sk_CONF_VALUE_value(polstrs, i);
if(!strcmp(cnf->name, "policyIdentifier")) {
ASN1_OBJECT *pobj;
if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
goto merr;
qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
- qual->d.cpsuri = ASN1_IA5STRING_new();
+ qual->d.cpsuri = M_ASN1_IA5STRING_new();
if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
strlen(cnf->value))) goto merr;
} else if(!name_cmp(cnf->name, "userNotice")) {
- STACK *unot;
+ STACK_OF(CONF_VALUE) *unot;
if(*cnf->value != '@') {
X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
X509V3_conf_err(cnf);
X509V3_conf_err(cnf);
goto err;
}
- qual = notice_section(ctx, unot);
+ qual = notice_section(ctx, unot, ia5org);
X509V3_section_free(ctx, unot);
if(!qual) goto err;
if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
return pol;
- err:
- POLICYINFO_free(pol);
- return NULL;
-
merr:
X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
+
+ err:
POLICYINFO_free(pol);
return NULL;
+
}
-static POLICYQUALINFO *notice_section(ctx, unot)
-X509V3_CTX *ctx;
-STACK *unot;
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *unot, int ia5org)
{
int i;
CONF_VALUE *cnf;
qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
if(!(not = USERNOTICE_new())) goto merr;
qual->d.usernotice = not;
- for(i = 0; i < sk_num(unot); i++) {
- cnf = (CONF_VALUE *)sk_value(unot, i);
+ for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
+ cnf = sk_CONF_VALUE_value(unot, i);
if(!strcmp(cnf->name, "explicitText")) {
- not->exptext = ASN1_VISIBLESTRING_new();
+ not->exptext = M_ASN1_VISIBLESTRING_new();
if(!ASN1_STRING_set(not->exptext, cnf->value,
strlen(cnf->value))) goto merr;
} else if(!strcmp(cnf->name, "organization")) {
if(!(nref = NOTICEREF_new())) goto merr;
not->noticeref = nref;
} else nref = not->noticeref;
- nref->organization = ASN1_VISIBLESTRING_new();
+ if(ia5org) nref->organization = M_ASN1_IA5STRING_new();
+ else nref->organization = M_ASN1_VISIBLESTRING_new();
if(!ASN1_STRING_set(nref->organization, cnf->value,
strlen(cnf->value))) goto merr;
} else if(!strcmp(cnf->name, "noticeNumbers")) {
NOTICEREF *nref;
- STACK *nos;
+ STACK_OF(CONF_VALUE) *nos;
if(!not->noticeref) {
if(!(nref = NOTICEREF_new())) goto merr;
not->noticeref = nref;
} else nref = not->noticeref;
nos = X509V3_parse_list(cnf->value);
- if(!nos || !sk_num(nos)) {
+ if(!nos || !sk_CONF_VALUE_num(nos)) {
X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
X509V3_conf_err(cnf);
goto err;
}
nref->noticenos = nref_nos(nos);
- sk_pop_free(nos, X509V3_conf_free);
+ sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
if(!nref->noticenos) goto err;
} else {
X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
return qual;
- err:
- POLICYQUALINFO_free(qual);
- return NULL;
-
merr:
X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
+
+ err:
POLICYQUALINFO_free(qual);
return NULL;
}
-static STACK *nref_nos(nos)
-STACK *nos;
+static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos)
{
STACK *nnums;
CONF_VALUE *cnf;
ASN1_INTEGER *aint;
int i;
if(!(nnums = sk_new_null())) goto merr;
- for(i = 0; i < sk_num(nos); i++) {
- cnf = (CONF_VALUE *)sk_value(nos, i);
+ for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
+ cnf = sk_CONF_VALUE_value(nos, i);
if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
goto err;
}
return nnums;
- err:
- sk_pop_free(nnums, ASN1_STRING_free);
- return NULL;
-
merr:
X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
+
+ err:
sk_pop_free(nnums, ASN1_STRING_free);
return NULL;
}
-static int i2r_certpol(method, pol, out, indent)
-X509V3_EXT_METHOD *method;
-STACK_OF(POLICYINFO) *pol;
-BIO *out;
-int indent;
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+ BIO *out, int indent)
{
int i;
POLICYINFO *pinfo;
}
-int i2d_CERTIFICATEPOLICIES(a, pp)
-STACK_OF(POLICYINFO) *a;
-unsigned char **pp;
+int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp)
{
return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE,
V_ASN1_UNIVERSAL, IS_SEQUENCE);}
-STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new()
+STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void)
{
return sk_POLICYINFO_new_null();
}
-void CERTIFICATEPOLICIES_free(a)
-STACK_OF(POLICYINFO) *a;
+void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a)
{
sk_POLICYINFO_pop_free(a, POLICYINFO_free);
}
-STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(a,pp,length)
-STACK_OF(POLICYINFO) **a;
-unsigned char **pp;
-long length;
+STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a,
+ unsigned char **pp,long length)
{
return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO,
POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
IMPLEMENT_STACK_OF(POLICYINFO)
IMPLEMENT_ASN1_SET_OF(POLICYINFO)
-int i2d_POLICYINFO(a,pp)
-POLICYINFO *a;
-unsigned char **pp;
+int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp)
{
M_ASN1_I2D_vars(a);
M_ASN1_I2D_finish();
}
-POLICYINFO *POLICYINFO_new()
+POLICYINFO *POLICYINFO_new(void)
{
POLICYINFO *ret=NULL;
ASN1_CTX c;
M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW);
}
-POLICYINFO *d2i_POLICYINFO(a,pp,length)
-POLICYINFO **a;
-unsigned char **pp;
-long length;
+POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp,long length)
{
M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO);
}
-void POLICYINFO_free(a)
-POLICYINFO *a;
+void POLICYINFO_free(POLICYINFO *a)
{
if (a == NULL) return;
ASN1_OBJECT_free(a->policyid);
Free (a);
}
-static void print_qualifiers(out, quals, indent)
-BIO *out;
-STACK_OF(POLICYQUALINFO) *quals;
-int indent;
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+ int indent)
{
POLICYQUALINFO *qualinfo;
int i;
}
}
-static void print_notice(out, notice, indent)
-BIO *out;
-USERNOTICE *notice;
-int indent;
+static void print_notice(BIO *out, USERNOTICE *notice, int indent)
{
int i;
if(notice->noticeref) {
-int i2d_POLICYQUALINFO(a,pp)
-POLICYQUALINFO *a;
-unsigned char **pp;
+int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp)
{
M_ASN1_I2D_vars(a);
M_ASN1_I2D_finish();
}
-POLICYQUALINFO *POLICYQUALINFO_new()
+POLICYQUALINFO *POLICYQUALINFO_new(void)
{
POLICYQUALINFO *ret=NULL;
ASN1_CTX c;
M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW);
}
-POLICYQUALINFO *d2i_POLICYQUALINFO(a,pp,length)
-POLICYQUALINFO **a;
-unsigned char **pp;
-long length;
+POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
+ long length)
{
M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO);
}
-void POLICYQUALINFO_free(a)
-POLICYQUALINFO *a;
+void POLICYQUALINFO_free(POLICYQUALINFO *a)
{
if (a == NULL) return;
switch(OBJ_obj2nid(a->pqualid)) {
case NID_id_qt_cps:
- ASN1_IA5STRING_free(a->d.cpsuri);
+ M_ASN1_IA5STRING_free(a->d.cpsuri);
break;
case NID_id_qt_unotice:
Free (a);
}
-int i2d_USERNOTICE(a,pp)
-USERNOTICE *a;
-unsigned char **pp;
+int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp)
{
M_ASN1_I2D_vars(a);
M_ASN1_I2D_finish();
}
-USERNOTICE *USERNOTICE_new()
+USERNOTICE *USERNOTICE_new(void)
{
USERNOTICE *ret=NULL;
ASN1_CTX c;
M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW);
}
-USERNOTICE *d2i_USERNOTICE(a,pp,length)
-USERNOTICE **a;
-unsigned char **pp;
-long length;
+USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp,long length)
{
M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE);
}
-void USERNOTICE_free(a)
-USERNOTICE *a;
+void USERNOTICE_free(USERNOTICE *a)
{
if (a == NULL) return;
NOTICEREF_free(a->noticeref);
- DISPLAYTEXT_free(a->exptext);
+ M_DISPLAYTEXT_free(a->exptext);
Free (a);
}
-int i2d_NOTICEREF(a,pp)
-NOTICEREF *a;
-unsigned char **pp;
+int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp)
{
M_ASN1_I2D_vars(a);
M_ASN1_I2D_finish();
}
-NOTICEREF *NOTICEREF_new()
+NOTICEREF *NOTICEREF_new(void)
{
NOTICEREF *ret=NULL;
ASN1_CTX c;
M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW);
}
-NOTICEREF *d2i_NOTICEREF(a,pp,length)
-NOTICEREF **a;
-unsigned char **pp;
-long length;
+NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length)
{
M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF);
}
-void NOTICEREF_free(a)
-NOTICEREF *a;
+void NOTICEREF_free(NOTICEREF *a)
{
if (a == NULL) return;
- DISPLAYTEXT_free(a->organization);
+ M_DISPLAYTEXT_free(a->organization);
sk_pop_free(a->noticenos, ASN1_STRING_free);
Free (a);
}