Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
520b76ff
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
520b76ff
编写于
3月 24, 2003
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Support for name constraints.
上级
1c2d1412
变更
10
隐藏空白更改
内联
并排
Showing
10 changed file
with
449 addition
and
85 deletion
+449
-85
CHANGES
CHANGES
+3
-0
crypto/stack/safestack.h
crypto/stack/safestack.h
+20
-0
crypto/x509v3/Makefile.ssl
crypto/x509v3/Makefile.ssl
+2
-2
crypto/x509v3/ext_dat.h
crypto/x509v3/ext_dat.h
+3
-1
crypto/x509v3/v3_alt.c
crypto/x509v3/v3_alt.c
+104
-67
crypto/x509v3/v3_info.c
crypto/x509v3/v3_info.c
+1
-2
crypto/x509v3/v3_ncons.c
crypto/x509v3/v3_ncons.c
+220
-0
crypto/x509v3/v3_utl.c
crypto/x509v3/v3_utl.c
+68
-12
crypto/x509v3/v3err.c
crypto/x509v3/v3err.c
+2
-0
crypto/x509v3/x509v3.h
crypto/x509v3/x509v3.h
+26
-1
未找到文件。
CHANGES
浏览文件 @
520b76ff
...
...
@@ -4,6 +4,9 @@
Changes between 0.9.7a and 0.9.8 [xx XXX xxxx]
*) Support for nameConstraints certificate extension.
[Steve Henson]
*) Support for policyConstraints certificate extension.
[Steve Henson]
...
...
crypto/stack/safestack.h
浏览文件 @
520b76ff
...
...
@@ -544,6 +544,26 @@ STACK_OF(type) \
#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))
#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st))
#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE)
#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))
#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st))
#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i))
#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val))
#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st))
#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val))
#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val))
#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val))
#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i))
#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr))
#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i))
#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp))
#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st)
#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func))
#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st))
#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st))
#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st))
#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))
#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
...
...
crypto/x509v3/Makefile.ssl
浏览文件 @
520b76ff
...
...
@@ -26,11 +26,11 @@ LIB=$(TOP)/libcrypto.a
LIBSRC
=
v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c
\
v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c
\
v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c
\
v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c
v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c
v3_ncons.c
LIBOBJ
=
v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o
\
v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o
\
v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o
\
v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o
v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o
v3_ncons.o
SRC
=
$(LIBSRC)
...
...
crypto/x509v3/ext_dat.h
浏览文件 @
520b76ff
...
...
@@ -65,6 +65,7 @@ extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
extern
X509V3_EXT_METHOD
v3_ocsp_crlid
,
v3_ocsp_nocheck
,
v3_ocsp_serviceloc
;
extern
X509V3_EXT_METHOD
v3_crl_hold
;
extern
X509V3_EXT_METHOD
v3_policy_mappings
,
v3_policy_constraints
;
extern
X509V3_EXT_METHOD
v3_name_constraints
;
/* This table will be searched using OBJ_bsearch so it *must* kept in
* order of the ext_nid values.
...
...
@@ -109,7 +110,8 @@ static X509V3_EXT_METHOD *standard_exts[] = {
#ifndef OPENSSL_NO_OCSP
&
v3_crl_hold
,
#endif
&
v3_policy_mappings
&
v3_policy_mappings
,
&
v3_name_constraints
};
/* Number of standard extensions */
...
...
crypto/x509v3/v3_alt.c
浏览文件 @
520b76ff
...
...
@@ -407,89 +407,126 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
GENERAL_NAME
*
v2i_GENERAL_NAME
(
X509V3_EXT_METHOD
*
method
,
X509V3_CTX
*
ctx
,
CONF_VALUE
*
cnf
)
{
char
is_string
=
0
;
int
type
;
GENERAL_NAME
*
gen
=
NULL
;
{
return
v2i_GENERAL_NAME_ex
(
NULL
,
method
,
ctx
,
cnf
,
0
);
}
char
*
name
,
*
value
;
GENERAL_NAME
*
v2i_GENERAL_NAME_ex
(
GENERAL_NAME
*
out
,
X509V3_EXT_METHOD
*
method
,
X509V3_CTX
*
ctx
,
CONF_VALUE
*
cnf
,
int
is_nc
)
{
char
is_string
=
0
;
int
type
;
GENERAL_NAME
*
gen
=
NULL
;
name
=
cnf
->
name
;
value
=
cnf
->
value
;
char
*
name
,
*
value
;
if
(
!
value
)
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
X509V3_R_MISSING_VALUE
);
return
NULL
;
}
name
=
cnf
->
name
;
value
=
cnf
->
value
;
if
(
!
(
gen
=
GENERAL_NAME_new
()))
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
ERR_R_MALLOC_FAILURE
);
return
NULL
;
}
if
(
!
value
)
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
X509V3_R_MISSING_VALUE
);
return
NULL
;
}
if
(
!
name_cmp
(
name
,
"email"
))
{
is_string
=
1
;
type
=
GEN_EMAIL
;
}
else
if
(
!
name_cmp
(
name
,
"URI"
))
{
is_string
=
1
;
type
=
GEN_URI
;
}
else
if
(
!
name_cmp
(
name
,
"DNS"
))
{
is_string
=
1
;
type
=
GEN_DNS
;
}
else
if
(
!
name_cmp
(
name
,
"RID"
))
{
ASN1_OBJECT
*
obj
;
if
(
!
(
obj
=
OBJ_txt2obj
(
value
,
0
)))
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
X509V3_R_BAD_OBJECT
);
ERR_add_error_data
(
2
,
"value="
,
value
);
goto
err
;
}
gen
->
d
.
rid
=
obj
;
type
=
GEN_RID
;
}
else
if
(
!
name_cmp
(
name
,
"IP"
))
{
if
(
!
(
gen
->
d
.
ip
=
a2i_IPADDRESS
(
value
)))
if
(
out
)
gen
=
out
;
else
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
X509V3_R_BAD_IP_ADDRESS
);
ERR_add_error_data
(
2
,
"value="
,
value
);
goto
err
;
gen
=
GENERAL_NAME_new
();
if
(
gen
==
NULL
)
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
ERR_R_MALLOC_FAILURE
);
return
NULL
;
}
}
type
=
GEN_IPADD
;
}
else
if
(
!
name_cmp
(
name
,
"dirName"
))
{
type
=
GEN_DIRNAME
;
if
(
!
do_dirname
(
gen
,
value
,
ctx
))
if
(
!
name_cmp
(
name
,
"email"
))
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
X509V3_R_DIRNAME_ERROR
);
goto
err
;
is_string
=
1
;
type
=
GEN_EMAIL
;
}
else
if
(
!
name_cmp
(
name
,
"URI"
))
{
is_string
=
1
;
type
=
GEN_URI
;
}
else
if
(
!
name_cmp
(
name
,
"DNS"
))
{
is_string
=
1
;
type
=
GEN_DNS
;
}
else
if
(
!
name_cmp
(
name
,
"RID"
))
{
ASN1_OBJECT
*
obj
;
if
(
!
(
obj
=
OBJ_txt2obj
(
value
,
0
)))
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
X509V3_R_BAD_OBJECT
);
ERR_add_error_data
(
2
,
"value="
,
value
);
goto
err
;
}
gen
->
d
.
rid
=
obj
;
type
=
GEN_RID
;
}
else
if
(
!
name_cmp
(
name
,
"IP"
))
{
if
(
is_nc
)
gen
->
d
.
ip
=
a2i_IPADDRESS_NC
(
value
);
else
gen
->
d
.
ip
=
a2i_IPADDRESS
(
value
);
if
(
gen
->
d
.
ip
==
NULL
)
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
X509V3_R_BAD_IP_ADDRESS
);
ERR_add_error_data
(
2
,
"value="
,
value
);
goto
err
;
}
type
=
GEN_IPADD
;
}
else
if
(
!
name_cmp
(
name
,
"dirName"
))
{
type
=
GEN_DIRNAME
;
if
(
!
do_dirname
(
gen
,
value
,
ctx
))
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
X509V3_R_DIRNAME_ERROR
);
goto
err
;
}
}
else
if
(
!
name_cmp
(
name
,
"otherName"
))
{
if
(
!
do_othername
(
gen
,
value
,
ctx
))
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
X509V3_R_OTHERNAME_ERROR
);
goto
err
;
}
type
=
GEN_OTHERNAME
;
}
}
else
if
(
!
name_cmp
(
name
,
"otherName"
))
{
if
(
!
do_othername
(
gen
,
value
,
ctx
))
else
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
X509V3_R_OTHERNAME_ERROR
);
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
X509V3_R_UNSUPPORTED_OPTION
);
ERR_add_error_data
(
2
,
"name="
,
name
);
goto
err
;
}
type
=
GEN_OTHERNAME
;
}
else
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
X509V3_R_UNSUPPORTED_OPTION
);
ERR_add_error_data
(
2
,
"name="
,
name
);
goto
err
;
}
if
(
is_string
)
{
if
(
!
(
gen
->
d
.
ia5
=
M_ASN1_IA5STRING_new
())
||
!
ASN1_STRING_set
(
gen
->
d
.
ia5
,
(
unsigned
char
*
)
value
,
strlen
(
value
)))
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
}
if
(
is_string
)
{
if
(
!
(
gen
->
d
.
ia5
=
M_ASN1_IA5STRING_new
())
||
!
ASN1_STRING_set
(
gen
->
d
.
ia5
,
(
unsigned
char
*
)
value
,
strlen
(
value
)))
{
X509V3err
(
X509V3_F_V2I_GENERAL_NAME
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
}
gen
->
type
=
type
;
gen
->
type
=
type
;
return
gen
;
return
gen
;
err:
GENERAL_NAME_free
(
gen
);
return
NULL
;
}
err:
GENERAL_NAME_free
(
gen
);
return
NULL
;
}
static
int
do_othername
(
GENERAL_NAME
*
gen
,
char
*
value
,
X509V3_CTX
*
ctx
)
{
...
...
crypto/x509v3/v3_info.c
浏览文件 @
520b76ff
...
...
@@ -158,8 +158,7 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *metho
objlen
=
ptmp
-
cnf
->
name
;
ctmp
.
name
=
ptmp
+
1
;
ctmp
.
value
=
cnf
->
value
;
GENERAL_NAME_free
(
acc
->
location
);
if
(
!
(
acc
->
location
=
v2i_GENERAL_NAME
(
method
,
ctx
,
&
ctmp
)))
if
(
!
v2i_GENERAL_NAME_ex
(
acc
->
location
,
method
,
ctx
,
&
ctmp
,
0
))
goto
err
;
if
(
!
(
objtmp
=
OPENSSL_malloc
(
objlen
+
1
)))
{
X509V3err
(
X509V3_F_V2I_ACCESS_DESCRIPTION
,
ERR_R_MALLOC_FAILURE
);
...
...
crypto/x509v3/v3_ncons.c
0 → 100644
浏览文件 @
520b76ff
/* v3_ncons.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
static
void
*
v2i_NAME_CONSTRAINTS
(
X509V3_EXT_METHOD
*
method
,
X509V3_CTX
*
ctx
,
STACK_OF
(
CONF_VALUE
)
*
nval
);
static
int
i2r_NAME_CONSTRAINTS
(
X509V3_EXT_METHOD
*
method
,
void
*
a
,
BIO
*
bp
,
int
ind
);
static
int
do_i2r_name_constraints
(
X509V3_EXT_METHOD
*
method
,
STACK_OF
(
GENERAL_SUBTREE
)
*
trees
,
BIO
*
bp
,
int
ind
,
char
*
name
);
static
int
print_nc_ipadd
(
BIO
*
bp
,
ASN1_OCTET_STRING
*
ip
);
X509V3_EXT_METHOD
v3_name_constraints
=
{
NID_name_constraints
,
0
,
ASN1_ITEM_ref
(
NAME_CONSTRAINTS
),
0
,
0
,
0
,
0
,
0
,
0
,
0
,
v2i_NAME_CONSTRAINTS
,
i2r_NAME_CONSTRAINTS
,
0
,
NULL
};
ASN1_SEQUENCE
(
GENERAL_SUBTREE
)
=
{
ASN1_SIMPLE
(
GENERAL_SUBTREE
,
base
,
GENERAL_NAME
),
ASN1_IMP_OPT
(
GENERAL_SUBTREE
,
minimum
,
ASN1_INTEGER
,
0
),
ASN1_IMP_OPT
(
GENERAL_SUBTREE
,
maximum
,
ASN1_INTEGER
,
1
)
}
ASN1_SEQUENCE_END
(
GENERAL_SUBTREE
)
ASN1_SEQUENCE
(
NAME_CONSTRAINTS
)
=
{
ASN1_IMP_SEQUENCE_OF_OPT
(
NAME_CONSTRAINTS
,
permittedSubtrees
,
GENERAL_SUBTREE
,
0
),
ASN1_IMP_SEQUENCE_OF_OPT
(
NAME_CONSTRAINTS
,
excludedSubtrees
,
GENERAL_SUBTREE
,
1
),
}
ASN1_SEQUENCE_END
(
NAME_CONSTRAINTS
)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS
(
GENERAL_SUBTREE
)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS
(
NAME_CONSTRAINTS
)
static
void
*
v2i_NAME_CONSTRAINTS
(
X509V3_EXT_METHOD
*
method
,
X509V3_CTX
*
ctx
,
STACK_OF
(
CONF_VALUE
)
*
nval
)
{
int
i
;
CONF_VALUE
tval
,
*
val
;
STACK_OF
(
GENERAL_SUBTREE
)
**
ptree
=
NULL
;
NAME_CONSTRAINTS
*
ncons
=
NULL
;
GENERAL_SUBTREE
*
sub
=
NULL
;
ncons
=
NAME_CONSTRAINTS_new
();
if
(
!
ncons
)
goto
memerr
;
for
(
i
=
0
;
i
<
sk_CONF_VALUE_num
(
nval
);
i
++
)
{
val
=
sk_CONF_VALUE_value
(
nval
,
i
);
if
(
!
strncmp
(
val
->
name
,
"permitted"
,
9
)
&&
val
->
name
[
9
])
{
ptree
=
&
ncons
->
permittedSubtrees
;
tval
.
name
=
val
->
name
+
10
;
}
else
if
(
!
strncmp
(
val
->
name
,
"excluded"
,
8
)
&&
val
->
name
[
8
])
{
ptree
=
&
ncons
->
excludedSubtrees
;
tval
.
name
=
val
->
name
+
9
;
}
else
{
X509V3err
(
X509V3_F_V2I_NAME_CONSTRAINTS
,
X509V3_R_INVALID_SYNTAX
);
goto
err
;
}
tval
.
value
=
val
->
value
;
sub
=
GENERAL_SUBTREE_new
();
if
(
!
v2i_GENERAL_NAME_ex
(
sub
->
base
,
method
,
ctx
,
&
tval
,
1
))
goto
err
;
if
(
!*
ptree
)
*
ptree
=
sk_GENERAL_SUBTREE_new_null
();
if
(
!*
ptree
||
!
sk_GENERAL_SUBTREE_push
(
*
ptree
,
sub
))
goto
memerr
;
sub
=
NULL
;
}
return
ncons
;
memerr:
X509V3err
(
X509V3_F_V2I_NAME_CONSTRAINTS
,
ERR_R_MALLOC_FAILURE
);
err:
if
(
ncons
)
NAME_CONSTRAINTS_free
(
ncons
);
if
(
sub
)
GENERAL_SUBTREE_free
(
sub
);
return
NULL
;
}
static
int
i2r_NAME_CONSTRAINTS
(
X509V3_EXT_METHOD
*
method
,
void
*
a
,
BIO
*
bp
,
int
ind
)
{
NAME_CONSTRAINTS
*
ncons
=
a
;
do_i2r_name_constraints
(
method
,
ncons
->
permittedSubtrees
,
bp
,
ind
,
"Permitted"
);
do_i2r_name_constraints
(
method
,
ncons
->
excludedSubtrees
,
bp
,
ind
,
"Excluded"
);
return
1
;
}
static
int
do_i2r_name_constraints
(
X509V3_EXT_METHOD
*
method
,
STACK_OF
(
GENERAL_SUBTREE
)
*
trees
,
BIO
*
bp
,
int
ind
,
char
*
name
)
{
GENERAL_SUBTREE
*
tree
;
int
i
;
if
(
sk_GENERAL_SUBTREE_num
(
trees
)
>
0
)
BIO_printf
(
bp
,
"%*s%s:
\n
"
,
ind
,
""
,
name
);
for
(
i
=
0
;
i
<
sk_GENERAL_SUBTREE_num
(
trees
);
i
++
)
{
tree
=
sk_GENERAL_SUBTREE_value
(
trees
,
i
);
BIO_printf
(
bp
,
"%*s"
,
ind
+
2
,
""
);
if
(
tree
->
base
->
type
==
GEN_IPADD
)
print_nc_ipadd
(
bp
,
tree
->
base
->
d
.
ip
);
else
GENERAL_NAME_print
(
bp
,
tree
->
base
);
tree
=
sk_GENERAL_SUBTREE_value
(
trees
,
i
);
BIO_puts
(
bp
,
"
\n
"
);
}
return
1
;
}
static
int
print_nc_ipadd
(
BIO
*
bp
,
ASN1_OCTET_STRING
*
ip
)
{
int
i
,
len
;
unsigned
char
*
p
;
p
=
ip
->
data
;
len
=
ip
->
length
;
BIO_puts
(
bp
,
"IP:"
);
if
(
len
==
8
)
{
BIO_printf
(
bp
,
"%d.%d.%d.%d/%d.%d.%d.%d"
,
p
[
0
],
p
[
1
],
p
[
2
],
p
[
3
],
p
[
4
],
p
[
5
],
p
[
6
],
p
[
7
]);
}
else
if
(
len
==
32
)
{
for
(
i
=
0
;
i
<
16
;
i
++
)
{
BIO_printf
(
bp
,
"%X"
,
p
[
0
]
<<
8
|
p
[
1
]);
p
+=
2
;
if
(
i
==
7
)
BIO_puts
(
bp
,
"/"
);
else
if
(
i
!=
15
)
BIO_puts
(
bp
,
":"
);
}
}
else
BIO_printf
(
bp
,
"IP Address:<invalid>"
);
return
1
;
}
crypto/x509v3/v3_utl.c
浏览文件 @
520b76ff
...
...
@@ -70,6 +70,7 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
static
void
str_free
(
void
*
str
);
static
int
append_ia5
(
STACK
**
sk
,
ASN1_IA5STRING
*
email
);
static
int
a2i_ipadd
(
unsigned
char
*
ipout
,
const
char
*
ipasc
);
static
int
ipv4_from_asc
(
unsigned
char
*
v4
,
const
char
*
in
);
static
int
ipv6_from_asc
(
unsigned
char
*
v6
,
const
char
*
in
);
static
int
ipv6_cb
(
const
char
*
elem
,
int
len
,
void
*
usr
);
...
...
@@ -552,18 +553,10 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
/* If string contains a ':' assume IPv6 */
if
(
strchr
(
ipasc
,
':'
))
{
if
(
!
ipv6_from_asc
(
ipout
,
ipasc
))
return
NULL
;
iplen
=
16
;
}
else
{
if
(
!
ipv4_from_asc
(
ipout
,
ipasc
))
return
NULL
;
iplen
=
4
;
}
iplen
=
a2i_ipadd
(
ipout
,
ipasc
);
if
(
!
iplen
)
return
NULL
;
ret
=
ASN1_OCTET_STRING_new
();
if
(
!
ret
)
...
...
@@ -576,6 +569,69 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
return
ret
;
}
ASN1_OCTET_STRING
*
a2i_IPADDRESS_NC
(
const
char
*
ipasc
)
{
ASN1_OCTET_STRING
*
ret
=
NULL
;
unsigned
char
ipout
[
32
];
char
*
iptmp
=
NULL
,
*
p
;
int
iplen1
,
iplen2
;
p
=
strchr
(
ipasc
,
'/'
);
if
(
!
p
)
return
NULL
;
iptmp
=
BUF_strdup
(
ipasc
);
if
(
!
iptmp
)
return
NULL
;
p
=
iptmp
+
(
p
-
ipasc
);
*
p
++
=
0
;
iplen1
=
a2i_ipadd
(
ipout
,
iptmp
);
if
(
!
iplen1
)
goto
err
;
iplen2
=
a2i_ipadd
(
ipout
+
iplen1
,
p
);
OPENSSL_free
(
iptmp
);
iptmp
=
NULL
;
if
(
!
iplen2
||
(
iplen1
!=
iplen2
))
goto
err
;
ret
=
ASN1_OCTET_STRING_new
();
if
(
!
ret
)
goto
err
;
if
(
!
ASN1_OCTET_STRING_set
(
ret
,
ipout
,
iplen1
+
iplen2
))
goto
err
;
return
ret
;
err:
if
(
iptmp
)
OPENSSL_free
(
iptmp
);
if
(
ret
)
ASN1_OCTET_STRING_free
(
ret
);
return
NULL
;
}
static
int
a2i_ipadd
(
unsigned
char
*
ipout
,
const
char
*
ipasc
)
{
/* If string contains a ':' assume IPv6 */
if
(
strchr
(
ipasc
,
':'
))
{
if
(
!
ipv6_from_asc
(
ipout
,
ipasc
))
return
0
;
return
16
;
}
else
{
if
(
!
ipv4_from_asc
(
ipout
,
ipasc
))
return
0
;
return
4
;
}
}
static
int
ipv4_from_asc
(
unsigned
char
*
v4
,
const
char
*
in
)
{
int
a0
,
a1
,
a2
,
a3
;
...
...
crypto/x509v3/v3err.c
浏览文件 @
520b76ff
...
...
@@ -71,6 +71,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
{
ERR_PACK
(
0
,
X509V3_F_DO_DIRNAME
,
0
),
"DO_DIRNAME"
},
{
ERR_PACK
(
0
,
X509V3_F_DO_EXT_CONF
,
0
),
"DO_EXT_CONF"
},
{
ERR_PACK
(
0
,
X509V3_F_DO_EXT_I2D
,
0
),
"DO_EXT_I2D"
},
{
ERR_PACK
(
0
,
X509V3_F_DO_I2V_NAME_CONSTRAINTS
,
0
),
"DO_I2V_NAME_CONSTRAINTS"
},
{
ERR_PACK
(
0
,
X509V3_F_HEX_TO_STRING
,
0
),
"hex_to_string"
},
{
ERR_PACK
(
0
,
X509V3_F_I2S_ASN1_ENUMERATED
,
0
),
"i2s_ASN1_ENUMERATED"
},
{
ERR_PACK
(
0
,
X509V3_F_I2S_ASN1_INTEGER
,
0
),
"i2s_ASN1_INTEGER"
},
...
...
@@ -98,6 +99,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
{
ERR_PACK
(
0
,
X509V3_F_V2I_EXT_KU
,
0
),
"V2I_EXT_KU"
},
{
ERR_PACK
(
0
,
X509V3_F_V2I_GENERAL_NAME
,
0
),
"v2i_GENERAL_NAME"
},
{
ERR_PACK
(
0
,
X509V3_F_V2I_GENERAL_NAMES
,
0
),
"v2i_GENERAL_NAMES"
},
{
ERR_PACK
(
0
,
X509V3_F_V2I_NAME_CONSTRAINTS
,
0
),
"V2I_NAME_CONSTRAINTS"
},
{
ERR_PACK
(
0
,
X509V3_F_V2I_POLICY_CONSTRAINTS
,
0
),
"V2I_POLICY_CONSTRAINTS"
},
{
ERR_PACK
(
0
,
X509V3_F_V2I_POLICY_MAPPINGS
,
0
),
"V2I_POLICY_MAPPINGS"
},
{
ERR_PACK
(
0
,
X509V3_F_V3_GENERIC_EXTENSION
,
0
),
"V3_GENERIC_EXTENSION"
},
...
...
crypto/x509v3/x509v3.h
浏览文件 @
520b76ff
...
...
@@ -295,6 +295,19 @@ DECLARE_STACK_OF(POLICY_MAPPING)
typedef
STACK_OF
(
POLICY_MAPPING
)
POLICY_MAPPINGS
;
typedef
struct
GENERAL_SUBTREE_st
{
GENERAL_NAME
*
base
;
ASN1_INTEGER
*
minimum
;
ASN1_INTEGER
*
maximum
;
}
GENERAL_SUBTREE
;
DECLARE_STACK_OF
(
GENERAL_SUBTREE
)
typedef
struct
NAME_CONSTRAINTS_st
{
STACK_OF
(
GENERAL_SUBTREE
)
*
permittedSubtrees
;
STACK_OF
(
GENERAL_SUBTREE
)
*
excludedSubtrees
;
}
NAME_CONSTRAINTS
;
typedef
struct
POLICY_CONSTRAINTS_st
{
ASN1_INTEGER
*
requireExplicitPolicy
;
ASN1_INTEGER
*
inhibitPolicyMapping
;
...
...
@@ -473,11 +486,20 @@ DECLARE_ASN1_ITEM(POLICY_MAPPING)
DECLARE_ASN1_ALLOC_FUNCTIONS
(
POLICY_MAPPING
)
DECLARE_ASN1_ITEM
(
POLICY_MAPPINGS
)
DECLARE_ASN1_ITEM
(
GENERAL_SUBTREE
)
DECLARE_ASN1_ALLOC_FUNCTIONS
(
GENERAL_SUBTREE
)
DECLARE_ASN1_ITEM
(
NAME_CONSTRAINTS
)
DECLARE_ASN1_ALLOC_FUNCTIONS
(
NAME_CONSTRAINTS
)
DECLARE_ASN1_ALLOC_FUNCTIONS
(
POLICY_CONSTRAINTS
)
DECLARE_ASN1_ITEM
(
POLICY_CONSTRAINTS
)
#ifdef HEADER_CONF_H
GENERAL_NAME
*
v2i_GENERAL_NAME
(
X509V3_EXT_METHOD
*
method
,
X509V3_CTX
*
ctx
,
CONF_VALUE
*
cnf
);
GENERAL_NAME
*
v2i_GENERAL_NAME
(
X509V3_EXT_METHOD
*
method
,
X509V3_CTX
*
ctx
,
CONF_VALUE
*
cnf
);
GENERAL_NAME
*
v2i_GENERAL_NAME_ex
(
GENERAL_NAME
*
out
,
X509V3_EXT_METHOD
*
method
,
X509V3_CTX
*
ctx
,
CONF_VALUE
*
cnf
,
int
is_nc
);
void
X509V3_conf_free
(
CONF_VALUE
*
val
);
X509_EXTENSION
*
X509V3_EXT_nconf_nid
(
CONF
*
conf
,
X509V3_CTX
*
ctx
,
int
ext_nid
,
char
*
value
);
...
...
@@ -569,6 +591,7 @@ STACK *X509_REQ_get1_email(X509_REQ *x);
void
X509_email_free
(
STACK
*
sk
);
ASN1_OCTET_STRING
*
a2i_IPADDRESS
(
const
char
*
ipasc
);
ASN1_OCTET_STRING
*
a2i_IPADDRESS_NC
(
const
char
*
ipasc
);
int
X509V3_NAME_from_section
(
X509_NAME
*
nm
,
STACK_OF
(
CONF_VALUE
)
*
dn_sk
,
unsigned
long
chtype
);
...
...
@@ -586,6 +609,7 @@ void ERR_load_X509V3_strings(void);
#define X509V3_F_DO_DIRNAME 144
#define X509V3_F_DO_EXT_CONF 124
#define X509V3_F_DO_EXT_I2D 135
#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148
#define X509V3_F_HEX_TO_STRING 111
#define X509V3_F_I2S_ASN1_ENUMERATED 121
#define X509V3_F_I2S_ASN1_INTEGER 120
...
...
@@ -613,6 +637,7 @@ void ERR_load_X509V3_strings(void);
#define X509V3_F_V2I_EXT_KU 103
#define X509V3_F_V2I_GENERAL_NAME 117
#define X509V3_F_V2I_GENERAL_NAMES 118
#define X509V3_F_V2I_NAME_CONSTRAINTS 147
#define X509V3_F_V2I_POLICY_CONSTRAINTS 146
#define X509V3_F_V2I_POLICY_MAPPINGS 145
#define X509V3_F_V3_GENERIC_EXTENSION 116
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录