X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fx509v3%2Fv3_cpols.c;h=1f0798b9468f9c663d9c3c49777f6a1a94723379;hp=c9340046d71f834d4f7cc01bd7c4529ebd17b57a;hb=ad6019d6c0d22f384838b2f9ca339bdabed331a5;hpb=41b731f2f883a583554566d4e702cc51298ee9e1 diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index c9340046d7..1f0798b946 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -1,9 +1,9 @@ /* v3_cpols.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -58,10 +58,12 @@ #include #include "cryptlib.h" -#include "conf.h" -#include "asn1.h" -#include "asn1_mac.h" -#include "x509v3.h" +#include +#include +#include +#include + +#include "pcy_int.h" /* Certificate policies extension support: this one is a bit complex... */ @@ -69,57 +71,97 @@ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value); static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); static void print_notice(BIO *out, USERNOTICE *notice, int indent); -static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs); - -X509V3_EXT_METHOD v3_cpols = { -NID_certificate_policies, 0, -(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new, -CERTIFICATEPOLICIES_free, -(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES, -i2d_CERTIFICATEPOLICIES, -NULL, NULL, -NULL, NULL, +static POLICYINFO *policy_section(X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *polstrs, int ia5org); +static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *unot, int ia5org); +static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); + +const X509V3_EXT_METHOD v3_cpols = { +NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), +0,0,0,0, +0,0, +0,0, (X509V3_EXT_I2R)i2r_certpol, (X509V3_EXT_R2I)r2i_certpol, NULL }; +ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) +ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) -/* - * ASN1err(ASN1_F_POLICYINFO_NEW,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_D2I_POLICYINFO,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_POLICYQUALINFO_NEW,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_D2I_POLICYQUALINFO,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_USERNOTICE_NEW,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_D2I_USERNOTICE,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_NOTICEREF_NEW,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_D2I_NOTICEREF,ERR_R_MALLOC_FAILURE); - */ +IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) + +ASN1_SEQUENCE(POLICYINFO) = { + ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), + ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) +} ASN1_SEQUENCE_END(POLICYINFO) + +IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) + +ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); + +ASN1_ADB(POLICYQUALINFO) = { + ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), + ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) +} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL); + +ASN1_SEQUENCE(POLICYQUALINFO) = { + ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), + ASN1_ADB_OBJECT(POLICYQUALINFO) +} ASN1_SEQUENCE_END(POLICYQUALINFO) + +IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO) + +ASN1_SEQUENCE(USERNOTICE) = { + ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), + ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) +} ASN1_SEQUENCE_END(USERNOTICE) + +IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE) -static STACK_OF(POLICYINFO) *r2i_certpol(method, ctx, value) -X509V3_EXT_METHOD *method; -X509V3_CTX *ctx; -char *value; +ASN1_SEQUENCE(NOTICEREF) = { + ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), + ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) +} ASN1_SEQUENCE_END(NOTICEREF) + +IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) + +static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *value) { STACK_OF(POLICYINFO) *pols = NULL; char *pstr; POLICYINFO *pol; ASN1_OBJECT *pobj; - STACK *vals; + STACK_OF(CONF_VALUE) *vals; CONF_VALUE *cnf; - int i; + int i, ia5org; pols = sk_POLICYINFO_new_null(); + if (pols == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); + return NULL; + } vals = X509V3_parse_list(value); - for(i = 0; i < sk_num(vals); i++) { - cnf = (CONF_VALUE *)sk_value(vals, i); + if (vals == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); + goto err; + } + ia5org = 0; + for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { + cnf = sk_CONF_VALUE_value(vals, i); if(cnf->value || !cnf->name ) { X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER); X509V3_conf_err(cnf); goto err; } pstr = cnf->name; - if(*pstr == '@') { - STACK *polsect; + if(!strcmp(pstr,"ia5org")) { + ia5org = 1; + continue; + } else if(*pstr == '@') { + STACK_OF(CONF_VALUE) *polsect; polsect = X509V3_get_section(ctx, pstr + 1); if(!polsect) { X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION); @@ -127,7 +169,7 @@ char *value; X509V3_conf_err(cnf); goto err; } - pol = policy_section(ctx, polsect); + pol = policy_section(ctx, polsect, ia5org); X509V3_section_free(ctx, polsect); if(!pol) goto err; } else { @@ -139,140 +181,206 @@ char *value; pol = POLICYINFO_new(); pol->policyid = pobj; } - sk_POLICYINFO_push(pols, pol); + if (!sk_POLICYINFO_push(pols, pol)){ + POLICYINFO_free(pol); + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); + goto err; + } } - sk_pop_free(vals, X509V3_conf_free); + sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pols; err: + sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); sk_POLICYINFO_pop_free(pols, POLICYINFO_free); return NULL; } -static POLICYINFO *policy_section(ctx, polstrs) -X509V3_CTX *ctx; -STACK *polstrs; +static POLICYINFO *policy_section(X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *polstrs, int ia5org) { int i; CONF_VALUE *cnf; - for(i = 0; i < sk_num(polstrs); i++) { - cnf = (CONF_VALUE *)sk_value(polstrs, i); - } - return NULL; -} + POLICYINFO *pol; + POLICYQUALINFO *qual; + if(!(pol = POLICYINFO_new())) goto merr; + for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { + cnf = sk_CONF_VALUE_value(polstrs, i); + if(!strcmp(cnf->name, "policyIdentifier")) { + ASN1_OBJECT *pobj; + if(!(pobj = OBJ_txt2obj(cnf->value, 0))) { + X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(cnf); + goto err; + } + pol->policyid = pobj; + } else if(!name_cmp(cnf->name, "CPS")) { + if(!pol->qualifiers) pol->qualifiers = + sk_POLICYQUALINFO_new_null(); + if(!(qual = POLICYQUALINFO_new())) goto merr; + if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) + goto merr; + qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); + qual->d.cpsuri = M_ASN1_IA5STRING_new(); + if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, + strlen(cnf->value))) goto merr; + } else if(!name_cmp(cnf->name, "userNotice")) { + STACK_OF(CONF_VALUE) *unot; + if(*cnf->value != '@') { + X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME); + X509V3_conf_err(cnf); + goto err; + } + unot = X509V3_get_section(ctx, cnf->value + 1); + if(!unot) { + X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION); -static int i2r_certpol(method, pol, out, indent) -X509V3_EXT_METHOD *method; -STACK_OF(POLICYINFO) *pol; -BIO *out; -int indent; -{ - int i; - POLICYINFO *pinfo; - /* First print out the policy OIDs */ - for(i = 0; i < sk_POLICYINFO_num(pol); i++) { - pinfo = sk_POLICYINFO_value(pol, i); - BIO_printf(out, "%*sPolicy: ", indent, ""); - i2a_ASN1_OBJECT(out, pinfo->policyid); - BIO_puts(out, "\n"); - if(pinfo->qualifiers) - print_qualifiers(out, pinfo->qualifiers, indent + 2); - } - return 1; -} + X509V3_conf_err(cnf); + goto err; + } + qual = notice_section(ctx, unot, ia5org); + X509V3_section_free(ctx, unot); + if(!qual) goto err; + if(!pol->qualifiers) pol->qualifiers = + sk_POLICYQUALINFO_new_null(); + if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) + goto merr; + } else { + X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION); + X509V3_conf_err(cnf); + goto err; + } + } + if(!pol->policyid) { + X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER); + goto err; + } -int i2d_CERTIFICATEPOLICIES(a, pp) -STACK_OF(POLICYINFO) *a; -unsigned char **pp; -{ + return pol; -return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL, IS_SEQUENCE);} + merr: + X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE); -STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new() -{ - return sk_POLICYINFO_new_null(); + err: + POLICYINFO_free(pol); + return NULL; + + } -void CERTIFICATEPOLICIES_free(a) -STACK_OF(POLICYINFO) *a; +static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *unot, int ia5org) { - sk_POLICYINFO_pop_free(a, POLICYINFO_free); -} + int i, ret; + CONF_VALUE *cnf; + USERNOTICE *not; + POLICYQUALINFO *qual; + if(!(qual = POLICYQUALINFO_new())) goto merr; + qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); + if(!(not = USERNOTICE_new())) goto merr; + qual->d.usernotice = not; + for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { + cnf = sk_CONF_VALUE_value(unot, i); + if(!strcmp(cnf->name, "explicitText")) { + not->exptext = M_ASN1_VISIBLESTRING_new(); + if(!ASN1_STRING_set(not->exptext, cnf->value, + strlen(cnf->value))) goto merr; + } else if(!strcmp(cnf->name, "organization")) { + NOTICEREF *nref; + if(!not->noticeref) { + if(!(nref = NOTICEREF_new())) goto merr; + not->noticeref = nref; + } else nref = not->noticeref; + if(ia5org) nref->organization->type = V_ASN1_IA5STRING; + else nref->organization->type = V_ASN1_VISIBLESTRING; + if(!ASN1_STRING_set(nref->organization, cnf->value, + strlen(cnf->value))) goto merr; + } else if(!strcmp(cnf->name, "noticeNumbers")) { + NOTICEREF *nref; + STACK_OF(CONF_VALUE) *nos; + if(!not->noticeref) { + if(!(nref = NOTICEREF_new())) goto merr; + not->noticeref = nref; + } else nref = not->noticeref; + nos = X509V3_parse_list(cnf->value); + if(!nos || !sk_CONF_VALUE_num(nos)) { + X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS); + X509V3_conf_err(cnf); + goto err; + } + ret = nref_nos(nref->noticenos, nos); + sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); + if (!ret) + goto err; + } else { + X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); + X509V3_conf_err(cnf); + goto err; + } + } -STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(a,pp,length) -STACK_OF(POLICYINFO) **a; -unsigned char **pp; -long length; -{ -return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO, - POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); + if(not->noticeref && + (!not->noticeref->noticenos || !not->noticeref->organization)) { + X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); + goto err; + } -} + return qual; -IMPLEMENT_STACK_OF(POLICYINFO) -IMPLEMENT_ASN1_SET_OF(POLICYINFO) + merr: + X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); -int i2d_POLICYINFO(a,pp) -POLICYINFO *a; -unsigned char **pp; + err: + POLICYQUALINFO_free(qual); + return NULL; +} + +static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) { - M_ASN1_I2D_vars(a); + CONF_VALUE *cnf; + ASN1_INTEGER *aint; - M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT); - M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers, - i2d_POLICYQUALINFO); + int i; - M_ASN1_I2D_seq_total(); + for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { + cnf = sk_CONF_VALUE_value(nos, i); + if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { + X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); + goto err; + } + if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; + } + return 1; - M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT); - M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers, - i2d_POLICYQUALINFO); + merr: + X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE); - M_ASN1_I2D_finish(); + err: + sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); + return 0; } -POLICYINFO *POLICYINFO_new() -{ - POLICYINFO *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, POLICYINFO); - ret->policyid = NULL; - ret->qualifiers = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW); -} -POLICYINFO *d2i_POLICYINFO(a,pp,length) -POLICYINFO **a; -unsigned char **pp; -long length; +static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, + BIO *out, int indent) { - M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT); - if(!M_ASN1_D2I_end_sequence()) { - M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers, - d2i_POLICYQUALINFO, POLICYQUALINFO_free); + int i; + POLICYINFO *pinfo; + /* First print out the policy OIDs */ + for(i = 0; i < sk_POLICYINFO_num(pol); i++) { + pinfo = sk_POLICYINFO_value(pol, i); + BIO_printf(out, "%*sPolicy: ", indent, ""); + i2a_ASN1_OBJECT(out, pinfo->policyid); + BIO_puts(out, "\n"); + if(pinfo->qualifiers) + print_qualifiers(out, pinfo->qualifiers, indent + 2); } - M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO); -} - -void POLICYINFO_free(a) -POLICYINFO *a; -{ - if (a == NULL) return; - ASN1_OBJECT_free(a->policyid); - sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free); - Free (a); + return 1; } -static void print_qualifiers(out, quals, indent) -BIO *out; -STACK_OF(POLICYQUALINFO) *quals; -int indent; +static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, + int indent) { POLICYQUALINFO *qualinfo; int i; @@ -301,10 +409,7 @@ int indent; } } -static void print_notice(out, notice, indent) -BIO *out; -USERNOTICE *notice; -int indent; +static void print_notice(BIO *out, USERNOTICE *notice, int indent) { int i; if(notice->noticeref) { @@ -313,232 +418,40 @@ int indent; BIO_printf(out, "%*sOrganization: %s\n", indent, "", ref->organization->data); BIO_printf(out, "%*sNumber%s: ", indent, "", - (sk_num(ref->noticenos) > 1) ? "s" : ""); - for(i = 0; i < sk_num(ref->noticenos); i++) { + sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); + for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { ASN1_INTEGER *num; char *tmp; - num = (ASN1_INTEGER *)sk_value(ref->noticenos, i); + num = sk_ASN1_INTEGER_value(ref->noticenos, i); if(i) BIO_puts(out, ", "); tmp = i2s_ASN1_INTEGER(NULL, num); BIO_puts(out, tmp); - Free(tmp); + OPENSSL_free(tmp); } BIO_puts(out, "\n"); } if(notice->exptext) - BIO_printf(out, "%*sNotice Reference: %s\n", indent, "", + BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", notice->exptext->data); } - - - -int i2d_POLICYQUALINFO(a,pp) -POLICYQUALINFO *a; -unsigned char **pp; -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT); - switch(OBJ_obj2nid(a->pqualid)) { - case NID_id_qt_cps: - M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING); - break; - - case NID_id_qt_unotice: - M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE); - break; - - default: - M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE); - break; - } - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT); - switch(OBJ_obj2nid(a->pqualid)) { - case NID_id_qt_cps: - M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING); - break; - - case NID_id_qt_unotice: - M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE); - break; - - default: - M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE); - break; - } - - M_ASN1_I2D_finish(); -} - -POLICYQUALINFO *POLICYQUALINFO_new() -{ - POLICYQUALINFO *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, POLICYQUALINFO); - ret->pqualid = NULL; - ret->d.other = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW); -} -POLICYQUALINFO *d2i_POLICYQUALINFO(a,pp,length) -POLICYQUALINFO **a; -unsigned char **pp; -long length; -{ - M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT); - switch(OBJ_obj2nid(ret->pqualid)) { - case NID_id_qt_cps: - M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING); - break; - - case NID_id_qt_unotice: - M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE); - break; - - default: - M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE); - break; - } - M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO); -} +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) + { + const X509_POLICY_DATA *dat = node->data; -void POLICYQUALINFO_free(a) -POLICYQUALINFO *a; -{ - if (a == NULL) return; - switch(OBJ_obj2nid(a->pqualid)) { - case NID_id_qt_cps: - ASN1_IA5STRING_free(a->d.cpsuri); - break; - - case NID_id_qt_unotice: - USERNOTICE_free(a->d.usernotice); - break; - - default: - ASN1_TYPE_free(a->d.other); - break; + BIO_printf(out, "%*sPolicy: ", indent, ""); + + i2a_ASN1_OBJECT(out, dat->valid_policy); + BIO_puts(out, "\n"); + BIO_printf(out, "%*s%s\n", indent + 2, "", + node_data_critical(dat) ? "Critical" : "Non Critical"); + if (dat->qualifier_set) + print_qualifiers(out, dat->qualifier_set, indent + 2); + else + BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); } - - ASN1_OBJECT_free(a->pqualid); - Free (a); -} - -int i2d_USERNOTICE(a,pp) -USERNOTICE *a; -unsigned char **pp; -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF); - M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT); - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF); - M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT); - - M_ASN1_I2D_finish(); -} - -USERNOTICE *USERNOTICE_new() -{ - USERNOTICE *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, USERNOTICE); - ret->noticeref = NULL; - ret->exptext = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW); -} - -USERNOTICE *d2i_USERNOTICE(a,pp,length) -USERNOTICE **a; -unsigned char **pp; -long length; -{ - M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE); - if (!M_ASN1_D2I_end_sequence()) { - M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT); - } - M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE); -} -void USERNOTICE_free(a) -USERNOTICE *a; -{ - if (a == NULL) return; - NOTICEREF_free(a->noticeref); - DISPLAYTEXT_free(a->exptext); - Free (a); -} - -int i2d_NOTICEREF(a,pp) -NOTICEREF *a; -unsigned char **pp; -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT); - M_ASN1_I2D_len_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT); - M_ASN1_I2D_put_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER); - - M_ASN1_I2D_finish(); -} - -NOTICEREF *NOTICEREF_new() -{ - NOTICEREF *ret=NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, NOTICEREF); - ret->organization = NULL; - ret->noticenos = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW); -} - -NOTICEREF *d2i_NOTICEREF(a,pp,length) -NOTICEREF **a; -unsigned char **pp; -long length; -{ - M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - /* This is to cope with some broken encodings that use IA5STRING for - * the organization field - */ - M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING, - V_ASN1_IA5STRING); - if(!ret->organization) { - M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT); - } - M_ASN1_D2I_get_seq(ret->noticenos, d2i_ASN1_INTEGER, ASN1_STRING_free); - M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF); -} - -void NOTICEREF_free(a) -NOTICEREF *a; -{ - if (a == NULL) return; - DISPLAYTEXT_free(a->organization); - sk_pop_free(a->noticenos, ASN1_STRING_free); - Free (a); -} +IMPLEMENT_STACK_OF(X509_POLICY_NODE) +IMPLEMENT_STACK_OF(X509_POLICY_DATA) -IMPLEMENT_STACK_OF(POLICYQUALINFO) -IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO)