Loading CHANGES +3 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,9 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] *) Support for nameConstraints certificate extension. [Steve Henson] *) Support for policyConstraints certificate extension. [Steve Henson] Loading crypto/stack/safestack.h +20 −0 Original line number Diff line number Diff line Loading @@ -544,6 +544,26 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) #define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) #define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) #define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) #define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) #define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) #define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) #define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) #define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) #define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) #define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) #define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) Loading crypto/x509v3/Makefile.ssl +2 −2 Original line number Diff line number Diff line Loading @@ -26,11 +26,11 @@ LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \ v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \ v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o SRC= $(LIBSRC) Loading crypto/x509v3/ext_dat.h +3 −1 Original line number Diff line number Diff line Loading @@ -65,6 +65,7 @@ extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; extern X509V3_EXT_METHOD v3_crl_hold; extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; extern X509V3_EXT_METHOD v3_name_constraints; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. Loading Loading @@ -109,7 +110,8 @@ static X509V3_EXT_METHOD *standard_exts[] = { #ifndef OPENSSL_NO_OCSP &v3_crl_hold, #endif &v3_policy_mappings &v3_policy_mappings, &v3_name_constraints }; /* Number of standard extensions */ Loading crypto/x509v3/v3_alt.c +104 −67 Original line number Diff line number Diff line Loading @@ -408,6 +408,13 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf) { return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); } GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) { char is_string = 0; int type; GENERAL_NAME *gen = NULL; Loading @@ -417,66 +424,96 @@ char *name, *value; name = cnf->name; value = cnf->value; if(!value) { if(!value) { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); return NULL; } if(!(gen = GENERAL_NAME_new())) { if (out) gen = out; else { gen = GENERAL_NAME_new(); if(gen == NULL) { X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); return NULL; } } if(!name_cmp(name, "email")) { if(!name_cmp(name, "email")) { is_string = 1; type = GEN_EMAIL; } else if(!name_cmp(name, "URI")) { } else if(!name_cmp(name, "URI")) { is_string = 1; type = GEN_URI; } else if(!name_cmp(name, "DNS")) { } else if(!name_cmp(name, "DNS")) { is_string = 1; type = GEN_DNS; } else if(!name_cmp(name, "RID")) { } else if(!name_cmp(name, "RID")) { ASN1_OBJECT *obj; if(!(obj = OBJ_txt2obj(value,0))) { if(!(obj = OBJ_txt2obj(value,0))) { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); ERR_add_error_data(2, "value=", value); goto err; } gen->d.rid = obj; type = GEN_RID; } else if(!name_cmp(name, "IP")) { if(!(gen->d.ip = a2i_IPADDRESS(value))) } else if(!name_cmp(name, "IP")) { if (is_nc) gen->d.ip = a2i_IPADDRESS_NC(value); else gen->d.ip = a2i_IPADDRESS(value); if(gen->d.ip == NULL) { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); ERR_add_error_data(2, "value=", value); goto err; } type = GEN_IPADD; } else if(!name_cmp(name, "dirName")) { } else if(!name_cmp(name, "dirName")) { type = GEN_DIRNAME; if (!do_dirname(gen, value, ctx)) { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR); goto err; } } else if(!name_cmp(name, "otherName")) { } else if(!name_cmp(name, "otherName")) { if (!do_othername(gen, value, ctx)) { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR); goto err; } type = GEN_OTHERNAME; } else { } else { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION); ERR_add_error_data(2, "name=", name); goto err; } if(is_string) { if(is_string) { if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, strlen(value))) { strlen(value))) { X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); goto err; } Loading Loading
CHANGES +3 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,9 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] *) Support for nameConstraints certificate extension. [Steve Henson] *) Support for policyConstraints certificate extension. [Steve Henson] Loading
crypto/stack/safestack.h +20 −0 Original line number Diff line number Diff line Loading @@ -544,6 +544,26 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) #define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) #define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) #define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) #define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) #define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) #define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) #define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) #define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) #define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) #define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) #define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) Loading
crypto/x509v3/Makefile.ssl +2 −2 Original line number Diff line number Diff line Loading @@ -26,11 +26,11 @@ LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \ v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \ v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o SRC= $(LIBSRC) Loading
crypto/x509v3/ext_dat.h +3 −1 Original line number Diff line number Diff line Loading @@ -65,6 +65,7 @@ extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; extern X509V3_EXT_METHOD v3_crl_hold; extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; extern X509V3_EXT_METHOD v3_name_constraints; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. Loading Loading @@ -109,7 +110,8 @@ static X509V3_EXT_METHOD *standard_exts[] = { #ifndef OPENSSL_NO_OCSP &v3_crl_hold, #endif &v3_policy_mappings &v3_policy_mappings, &v3_name_constraints }; /* Number of standard extensions */ Loading
crypto/x509v3/v3_alt.c +104 −67 Original line number Diff line number Diff line Loading @@ -408,6 +408,13 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf) { return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); } GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) { char is_string = 0; int type; GENERAL_NAME *gen = NULL; Loading @@ -417,66 +424,96 @@ char *name, *value; name = cnf->name; value = cnf->value; if(!value) { if(!value) { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); return NULL; } if(!(gen = GENERAL_NAME_new())) { if (out) gen = out; else { gen = GENERAL_NAME_new(); if(gen == NULL) { X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); return NULL; } } if(!name_cmp(name, "email")) { if(!name_cmp(name, "email")) { is_string = 1; type = GEN_EMAIL; } else if(!name_cmp(name, "URI")) { } else if(!name_cmp(name, "URI")) { is_string = 1; type = GEN_URI; } else if(!name_cmp(name, "DNS")) { } else if(!name_cmp(name, "DNS")) { is_string = 1; type = GEN_DNS; } else if(!name_cmp(name, "RID")) { } else if(!name_cmp(name, "RID")) { ASN1_OBJECT *obj; if(!(obj = OBJ_txt2obj(value,0))) { if(!(obj = OBJ_txt2obj(value,0))) { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); ERR_add_error_data(2, "value=", value); goto err; } gen->d.rid = obj; type = GEN_RID; } else if(!name_cmp(name, "IP")) { if(!(gen->d.ip = a2i_IPADDRESS(value))) } else if(!name_cmp(name, "IP")) { if (is_nc) gen->d.ip = a2i_IPADDRESS_NC(value); else gen->d.ip = a2i_IPADDRESS(value); if(gen->d.ip == NULL) { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); ERR_add_error_data(2, "value=", value); goto err; } type = GEN_IPADD; } else if(!name_cmp(name, "dirName")) { } else if(!name_cmp(name, "dirName")) { type = GEN_DIRNAME; if (!do_dirname(gen, value, ctx)) { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR); goto err; } } else if(!name_cmp(name, "otherName")) { } else if(!name_cmp(name, "otherName")) { if (!do_othername(gen, value, ctx)) { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR); goto err; } type = GEN_OTHERNAME; } else { } else { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION); ERR_add_error_data(2, "name=", name); goto err; } if(is_string) { if(is_string) { if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, strlen(value))) { strlen(value))) { X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); goto err; } Loading
