X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fx509v3%2Fv3_cpols.c;h=5c09d4ce85a816001ed76616ddcde7e8ff7e2f9a;hp=7785047025cfd8476eff6f6896d5791b7d4b587b;hb=0e1c06128adbfd2d88dc304db2262140bad045fd;hpb=6b691a5c85ddc4e407e32781841fee5c029506cd diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 7785047025..5c09d4ce85 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -58,10 +58,10 @@ #include #include "cryptlib.h" -#include "conf.h" -#include "asn1.h" -#include "asn1_mac.h" -#include "x509v3.h" +#include +#include +#include +#include /* Certificate policies extension support: this one is a bit complex... */ @@ -69,16 +69,18 @@ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value); static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); static void print_notice(BIO *out, USERNOTICE *notice, int indent); -static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs); -static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot); -static STACK *nref_nos(STACK *nos); +static POLICYINFO *policy_section(X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *polstrs, int ia5org); +static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *unot, int ia5org); +static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos); X509V3_EXT_METHOD v3_cpols = { NID_certificate_policies, 0, (X509V3_EXT_NEW)CERTIFICATEPOLICIES_new, -CERTIFICATEPOLICIES_free, +(X509V3_EXT_FREE)CERTIFICATEPOLICIES_free, (X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES, -i2d_CERTIFICATEPOLICIES, +(X509V3_EXT_I2D)i2d_CERTIFICATEPOLICIES, NULL, NULL, NULL, NULL, (X509V3_EXT_I2R)i2r_certpol, @@ -87,17 +89,6 @@ NULL }; -/* - * ASN1err(ASN1_F_POLICYINFO_NEW,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_D2I_POLICYINFO,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_POLICYQUALINFO_NEW,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_D2I_POLICYQUALINFO,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_USERNOTICE_NEW,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_D2I_USERNOTICE,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_NOTICEREF_NEW,ERR_R_MALLOC_FAILURE); - * ASN1err(ASN1_F_D2I_NOTICEREF,ERR_R_MALLOC_FAILURE); - */ - static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value) { @@ -105,21 +96,25 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, char *pstr; POLICYINFO *pol; ASN1_OBJECT *pobj; - STACK *vals; + STACK_OF(CONF_VALUE) *vals; CONF_VALUE *cnf; - int i; + int i, ia5org; pols = sk_POLICYINFO_new_null(); vals = X509V3_parse_list(value); - for(i = 0; i < sk_num(vals); i++) { - cnf = (CONF_VALUE *)sk_value(vals, i); + ia5org = 0; + for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { + cnf = sk_CONF_VALUE_value(vals, i); if(cnf->value || !cnf->name ) { X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER); X509V3_conf_err(cnf); goto err; } pstr = cnf->name; - if(*pstr == '@') { - STACK *polsect; + if(!strcmp(pstr,"ia5org")) { + ia5org = 1; + continue; + } else if(*pstr == '@') { + STACK_OF(CONF_VALUE) *polsect; polsect = X509V3_get_section(ctx, pstr + 1); if(!polsect) { X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION); @@ -127,7 +122,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_conf_err(cnf); goto err; } - pol = policy_section(ctx, polsect); + pol = policy_section(ctx, polsect, ia5org); X509V3_section_free(ctx, polsect); if(!pol) goto err; } else { @@ -141,22 +136,23 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, } sk_POLICYINFO_push(pols, pol); } - sk_pop_free(vals, X509V3_conf_free); + sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pols; err: sk_POLICYINFO_pop_free(pols, POLICYINFO_free); return NULL; } -static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs) +static POLICYINFO *policy_section(X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *polstrs, int ia5org) { int i; CONF_VALUE *cnf; POLICYINFO *pol; POLICYQUALINFO *qual; if(!(pol = POLICYINFO_new())) goto merr; - for(i = 0; i < sk_num(polstrs); i++) { - cnf = (CONF_VALUE *)sk_value(polstrs, i); + for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { + cnf = sk_CONF_VALUE_value(polstrs, i); if(!strcmp(cnf->name, "policyIdentifier")) { ASN1_OBJECT *pobj; if(!(pobj = OBJ_txt2obj(cnf->value, 0))) { @@ -173,11 +169,11 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs) if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); - qual->d.cpsuri = ASN1_IA5STRING_new(); + qual->d.cpsuri = M_ASN1_IA5STRING_new(); if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) goto merr; } else if(!name_cmp(cnf->name, "userNotice")) { - STACK *unot; + STACK_OF(CONF_VALUE) *unot; if(*cnf->value != '@') { X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME); X509V3_conf_err(cnf); @@ -190,7 +186,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs) X509V3_conf_err(cnf); goto err; } - qual = notice_section(ctx, unot); + qual = notice_section(ctx, unot, ia5org); X509V3_section_free(ctx, unot); if(!qual) goto err; if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) @@ -209,18 +205,18 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs) return pol; - err: - POLICYINFO_free(pol); - return NULL; - merr: X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE); + + err: POLICYINFO_free(pol); return NULL; + } -static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot) +static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *unot, int ia5org) { int i; CONF_VALUE *cnf; @@ -230,10 +226,10 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot) qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); if(!(not = USERNOTICE_new())) goto merr; qual->d.usernotice = not; - for(i = 0; i < sk_num(unot); i++) { - cnf = (CONF_VALUE *)sk_value(unot, i); + for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { + cnf = sk_CONF_VALUE_value(unot, i); if(!strcmp(cnf->name, "explicitText")) { - not->exptext = ASN1_VISIBLESTRING_new(); + not->exptext = M_ASN1_VISIBLESTRING_new(); if(!ASN1_STRING_set(not->exptext, cnf->value, strlen(cnf->value))) goto merr; } else if(!strcmp(cnf->name, "organization")) { @@ -242,24 +238,25 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot) if(!(nref = NOTICEREF_new())) goto merr; not->noticeref = nref; } else nref = not->noticeref; - nref->organization = ASN1_VISIBLESTRING_new(); + if(ia5org) nref->organization = M_ASN1_IA5STRING_new(); + else nref->organization = M_ASN1_VISIBLESTRING_new(); if(!ASN1_STRING_set(nref->organization, cnf->value, strlen(cnf->value))) goto merr; } else if(!strcmp(cnf->name, "noticeNumbers")) { NOTICEREF *nref; - STACK *nos; + STACK_OF(CONF_VALUE) *nos; if(!not->noticeref) { if(!(nref = NOTICEREF_new())) goto merr; not->noticeref = nref; } else nref = not->noticeref; nos = X509V3_parse_list(cnf->value); - if(!nos || !sk_num(nos)) { + if(!nos || !sk_CONF_VALUE_num(nos)) { X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS); X509V3_conf_err(cnf); goto err; } nref->noticenos = nref_nos(nos); - sk_pop_free(nos, X509V3_conf_free); + sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); if(!nref->noticenos) goto err; } else { X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); @@ -277,25 +274,23 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot) return qual; - err: - POLICYQUALINFO_free(qual); - return NULL; - merr: X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); + + err: POLICYQUALINFO_free(qual); return NULL; } -static STACK *nref_nos(STACK *nos) +static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos) { STACK *nnums; CONF_VALUE *cnf; ASN1_INTEGER *aint; int i; if(!(nnums = sk_new_null())) goto merr; - for(i = 0; i < sk_num(nos); i++) { - cnf = (CONF_VALUE *)sk_value(nos, i); + for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { + cnf = sk_CONF_VALUE_value(nos, i); if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); goto err; @@ -304,13 +299,11 @@ static STACK *nref_nos(STACK *nos) } return nnums; - err: - sk_pop_free(nnums, ASN1_STRING_free); - return NULL; - merr: X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); - sk_pop_free(nnums, ASN1_STRING_free); + + err: + sk_pop_free(nnums, (void(*)(void *))ASN1_STRING_free); return NULL; } @@ -545,7 +538,7 @@ void POLICYQUALINFO_free(POLICYQUALINFO *a) if (a == NULL) return; switch(OBJ_obj2nid(a->pqualid)) { case NID_id_qt_cps: - ASN1_IA5STRING_free(a->d.cpsuri); + M_ASN1_IA5STRING_free(a->d.cpsuri); break; case NID_id_qt_unotice: @@ -603,7 +596,7 @@ void USERNOTICE_free(USERNOTICE *a) { if (a == NULL) return; NOTICEREF_free(a->noticeref); - DISPLAYTEXT_free(a->exptext); + M_DISPLAYTEXT_free(a->exptext); Free (a); } @@ -653,8 +646,8 @@ NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length) void NOTICEREF_free(NOTICEREF *a) { if (a == NULL) return; - DISPLAYTEXT_free(a->organization); - sk_pop_free(a->noticenos, ASN1_STRING_free); + M_DISPLAYTEXT_free(a->organization); + sk_pop_free(a->noticenos, (void(*)(void *)) ASN1_STRING_free); Free (a); }