X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fasn1%2Fx_x509.c;h=73f61e1eb9f894d1d7686a079a1a3c1bb7513717;hp=d6938f7da0ef3c5ba5df1a1bf83f8c9cc72199b8;hb=edc540211c4852c57c01743a068aecc0e0a97b5c;hpb=ec577822f95a8bca0023c5c77cef1a4916822d4a diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index d6938f7da0..73f61e1eb9 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -59,97 +59,126 @@ #include #include "cryptlib.h" #include -#include +#include +#include +#include + +ASN1_SEQUENCE(X509_CINF) = { + ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), + ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), + ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), + ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), + ASN1_SIMPLE(X509_CINF, validity, X509_VAL), + ASN1_SIMPLE(X509_CINF, subject, X509_NAME), + ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), + ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), + ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), + ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) +} ASN1_SEQUENCE_END(X509_CINF) + +IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) +/* X509 top level structure needs a bit of customisation */ + +extern void policy_cache_free(X509_POLICY_CACHE *cache); + +static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) +{ + X509 *ret = (X509 *)*pval; + + switch(operation) { + + case ASN1_OP_NEW_POST: + ret->valid=0; + ret->name = NULL; + ret->ex_flags = 0; + ret->ex_pathlen = -1; + ret->skid = NULL; + ret->akid = NULL; + ret->aux = NULL; + ret->crldp = NULL; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); + break; + + case ASN1_OP_D2I_POST: + if (ret->name != NULL) OPENSSL_free(ret->name); + ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0); + break; + + case ASN1_OP_FREE_POST: + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); + X509_CERT_AUX_free(ret->aux); + ASN1_OCTET_STRING_free(ret->skid); + AUTHORITY_KEYID_free(ret->akid); + CRL_DIST_POINTS_free(ret->crldp); + policy_cache_free(ret->policy_cache); + + if (ret->name != NULL) OPENSSL_free(ret->name); + break; -/* - * ASN1err(ASN1_F_D2I_X509,ERR_R_ASN1_LENGTH_MISMATCH); - * ASN1err(ASN1_F_X509_NEW,ERR_R_BAD_GET_ASN1_OBJECT_CALL); - */ - -static ASN1_METHOD meth={ - (int (*)()) i2d_X509, - (char *(*)())d2i_X509, - (char *(*)())X509_new, - (void (*)()) X509_free}; - -ASN1_METHOD *X509_asn1_meth(void) - { - return(&meth); } -int i2d_X509(X509 *a, unsigned char **pp) - { - M_ASN1_I2D_vars(a); + return 1; - M_ASN1_I2D_len(a->cert_info, i2d_X509_CINF); - M_ASN1_I2D_len(a->sig_alg, i2d_X509_ALGOR); - M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING); +} - M_ASN1_I2D_seq_total(); +ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { + ASN1_SIMPLE(X509, cert_info, X509_CINF), + ASN1_SIMPLE(X509, sig_alg, X509_ALGOR), + ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END_ref(X509, X509) - M_ASN1_I2D_put(a->cert_info, i2d_X509_CINF); - M_ASN1_I2D_put(a->sig_alg, i2d_X509_ALGOR); - M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING); +IMPLEMENT_ASN1_FUNCTIONS(X509) +IMPLEMENT_ASN1_DUP_FUNCTION(X509) - M_ASN1_I2D_finish(); - } +int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, + new_func, dup_func, free_func); + } -X509 *d2i_X509(X509 **a, unsigned char **pp, long length) +int X509_set_ex_data(X509 *r, int idx, void *arg) { - M_ASN1_D2I_vars(a,X509 *,X509_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF); - M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR); - M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING); - if (ret->name != NULL) Free(ret->name); - ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0); - - M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509); + return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); } -X509 *X509_new(void) +void *X509_get_ex_data(X509 *r, int idx) { - X509 *ret=NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret,X509); - ret->references=1; - ret->valid=0; - ret->name=NULL; - M_ASN1_New(ret->cert_info,X509_CINF_new); - M_ASN1_New(ret->sig_alg,X509_ALGOR_new); - M_ASN1_New(ret->signature,ASN1_BIT_STRING_new); - return(ret); - M_ASN1_New_Error(ASN1_F_X509_NEW); + return(CRYPTO_get_ex_data(&r->ex_data,idx)); } -void X509_free(X509 *a) - { - int i; - - if (a == NULL) return; - - i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509); -#ifdef REF_PRINT - REF_PRINT("X509",a); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"X509_free, bad reference count\n"); - abort(); - } -#endif - - /* CRYPTO_free_ex_data(bio_meth,(char *)a,&a->ex_data); */ - X509_CINF_free(a->cert_info); - X509_ALGOR_free(a->sig_alg); - ASN1_BIT_STRING_free(a->signature); - - if (a->name != NULL) Free(a->name); - Free((char *)a); - } +/* X509_AUX ASN1 routines. X509_AUX is the name given to + * a certificate with extra info tagged on the end. Since these + * functions set how a certificate is trusted they should only + * be used when the certificate comes from a reliable source + * such as local storage. + * + */ +X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) +{ + const unsigned char *q; + X509 *ret; + /* Save start position */ + q = *pp; + ret = d2i_X509(a, pp, length); + /* If certificate unreadable then forget it */ + if(!ret) return NULL; + /* update length */ + length -= *pp - q; + if(!length) return ret; + if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err; + return ret; + err: + X509_free(ret); + return NULL; +} + +int i2d_X509_AUX(X509 *a, unsigned char **pp) +{ + int length; + length = i2d_X509(a, pp); + if(a) length += i2d_X509_CERT_AUX(a->aux, pp); + return length; +}