Example #1
0
/*
 * This function adds the TBB extensions to the internal extension list
 * maintained by OpenSSL so they can be used later.
 *
 * It also initializes the methods to print the contents of the extension. If an
 * alias is specified in the TBB extension, we reuse the methods of the alias.
 * Otherwise, only methods for V_ASN1_INTEGER and V_ASN1_OCTET_STRING are
 * provided. Any other type will be printed as a raw ascii string.
 *
 * Return: 0 = success, Otherwise: error
 */
int ext_init(void)
{
	cmd_opt_t cmd_opt;
	ext_t *ext;
	X509V3_EXT_METHOD *m;
	int nid, ret;
	unsigned int i;

	for (i = 0; i < num_extensions; i++) {
		ext = &extensions[i];
		/* Register command line option */
		if (ext->opt) {
			cmd_opt.long_opt.name = ext->opt;
			cmd_opt.long_opt.has_arg = required_argument;
			cmd_opt.long_opt.flag = NULL;
			cmd_opt.long_opt.val = CMD_OPT_EXT;
			cmd_opt.help_msg = ext->help_msg;
			cmd_opt_add(&cmd_opt);
		}
		/* Register the extension OID in OpenSSL */
		if (ext->oid == NULL) {
			continue;
		}
		nid = OBJ_create(ext->oid, ext->sn, ext->ln);
		if (ext->alias) {
			X509V3_EXT_add_alias(nid, ext->alias);
		} else {
			m = &ext->method;
			memset(m, 0x0, sizeof(X509V3_EXT_METHOD));
			switch (ext->asn1_type) {
			case V_ASN1_INTEGER:
				m->it = ASN1_ITEM_ref(ASN1_INTEGER);
				m->i2s = (X509V3_EXT_I2S)i2s_ASN1_INTEGER;
				m->s2i = (X509V3_EXT_S2I)s2i_ASN1_INTEGER;
				break;
			case V_ASN1_OCTET_STRING:
				m->it = ASN1_ITEM_ref(ASN1_OCTET_STRING);
				m->i2s = (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING;
				m->s2i = (X509V3_EXT_S2I)s2i_ASN1_OCTET_STRING;
				break;
			default:
				continue;
			}
			m->ext_nid = nid;
			ret = X509V3_EXT_add(m);
			if (!ret) {
				ERR_print_errors_fp(stdout);
				return 1;
			}
		}
	}
	return 0;
}
Example #2
0
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
#include "ext_dat.h"

static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
                                                 AUTHORITY_KEYID *akeyid,
                                                 STACK_OF(CONF_VALUE)
                                                 *extlist);
static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
                                            X509V3_CTX *ctx,
                                            STACK_OF(CONF_VALUE) *values);

const X509V3_EXT_METHOD v3_akey_id = {
    NID_authority_key_identifier,
    X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
    0, 0, 0, 0,
    0, 0,
    (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID,
    (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
    0, 0,
    NULL
};

static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
                                                 AUTHORITY_KEYID *akeyid,
                                                 STACK_OF(CONF_VALUE)
                                                 *extlist)
{
    char *tmp;
    if (akeyid->keyid) {
Example #3
0
#include <string.h>

#include <openssl/asn1.h>
#include <openssl/conf.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>

static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *str);

const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
	{
		.ext_nid = NID_netscape_base_url,
		.ext_flags = 0,
		.it = ASN1_ITEM_ref(ASN1_IA5STRING),
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
		.s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
		.i2v = NULL,
		.v2i = NULL,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_netscape_revocation_url,
		.ext_flags = 0,
Example #4
0
static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);

static void *ocsp_nonce_new(void);
static int i2d_ocsp_nonce(void *a, unsigned char **pp);
static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
static void ocsp_nonce_free(void *a);
static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);

static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);

X509V3_EXT_METHOD v3_ocsp_crlid = {
  NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
  0,0,0,0,
  0,0,
  0,0,
  i2r_ocsp_crlid,0,
  NULL
};

X509V3_EXT_METHOD v3_ocsp_acutoff = {
  NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
  0,0,0,0,
  0,0,
  0,0,
  i2r_ocsp_acutoff,0,
  NULL
};
Example #5
0
 *
 */

#include <stdio.h>

#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>

static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
                                 PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
/*
static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
*/
const X509V3_EXT_METHOD v3_pkey_usage_period = {
    NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
    0, 0, 0, 0,
    0, 0, 0, 0,
    (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
    NULL
};

ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
    ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
    ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)

IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)

static int
i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage,
Example #6
0
				void *a, BIO *bp, int ind);
static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
				   STACK_OF(GENERAL_SUBTREE) *trees,
				   BIO *bp, int ind, const char *name);
static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);

static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen);
static int nc_dn(X509_NAME *sub, X509_NAME *nm);
static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns);
static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);

CONST_X509V3_EXT_METHOD_item(v3_name_constraints,
	NID_name_constraints, 0,
	ASN1_ITEM_ref(NAME_CONSTRAINTS),
	0,0,0,0,
	0,0,
	0, OPERA_V2I_DECLARE(v2i_NAME_CONSTRAINTS),
	i2r_NAME_CONSTRAINTS,0,
	NULL
)

ASN1_SEQUENCE(GENERAL_SUBTREE) 
	ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME)
	ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0)
	ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1)
ASN1_SEQUENCE_END(GENERAL_SUBTREE)

ASN1_SEQUENCE(NAME_CONSTRAINTS) 
	ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
Example #7
0
#include <string.h>

#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/conf.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>

static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
    BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);

const X509V3_EXT_METHOD v3_bcons = {
	NID_basic_constraints, 0,
	ASN1_ITEM_ref(BASIC_CONSTRAINTS),
	0, 0, 0, 0,
	0, 0,
	(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
	(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
	NULL, NULL,
	NULL
};

ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
	ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
	ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)


BASIC_CONSTRAINTS *
Example #8
0
 */

#include <stdio.h>
#include "cryptlib.h"
#include <openssl/conf.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>

static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
    STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
        X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

X509V3_EXT_METHOD v3_crld = {
NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
0,0,0,0,
0,0,
(X509V3_EXT_I2V)i2v_crld,
(X509V3_EXT_V2I)v2i_crld,
0,0,
NULL
};

static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
      STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
{
  DIST_POINT *point;
  int i;
  for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
    point = sk_DIST_POINT_value(crld, i);
Example #9
0
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/conf.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>

static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
    X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo,
    STACK_OF(CONF_VALUE) *ret);
static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(
    X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

const X509V3_EXT_METHOD v3_info = {
	NID_info_access, X509V3_EXT_MULTILINE,
	ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
	0, 0, 0, 0,
	0, 0,
	(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
	(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
	0, 0,
	NULL
};

const X509V3_EXT_METHOD v3_sinfo = {
	NID_sinfo_access, X509V3_EXT_MULTILINE,
	ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
	0, 0, 0, 0,
	0, 0,
	(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
	(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
Example #10
0
#include <openssl/conf.h>
#include <openssl/x509v3.h>
#include "modules/libopeay/libopeay_arrays.h"

#ifndef OPERA_SMALL_VERSION
static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
#endif
static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);

OPENSSL_PREFIX_CONST_ARRAY(OPENSSL_EXTERN,X509V3_EXT_METHOD, v3_alt, libopeay)

CONST_X509V3_EXT_METHOD_ENTRY( NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
0,0,0,0,
0,0,
(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
OPERA_V2I_DECLARE((X509V3_EXT_V2I)v2i_subject_alt),
NULL, NULL, NULL)

CONST_X509V3_EXT_METHOD_ENTRY( NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
0,0,0,0,
0,0,
(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
OPERA_V2I_DECLARE((X509V3_EXT_V2I)v2i_issuer_alt),
NULL, NULL, NULL)

CONST_X509V3_EXT_METHOD_ENTRY( NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
0,0,0,0,
Example #11
0
/*
 * Usage: d2i_test <type> <file>, e.g.
 * d2i_test generalname bad_generalname.der
 */
int main(int argc, char **argv)
{
    int result = 0;
    const char *test_type_name;
    const char *expected_error_string;
    const char *p = getenv("OPENSSL_DEBUG_MEMORY");

    size_t i;
    static ASN1_ITEM_EXP *items[] = {
        ASN1_ITEM_ref(ASN1_ANY),
        ASN1_ITEM_ref(X509),
        ASN1_ITEM_ref(GENERAL_NAME),
        ASN1_ITEM_ref(ASN1_INTEGER),
#ifndef OPENSSL_NO_CMS
        ASN1_ITEM_ref(CMS_ContentInfo)
#endif
    };

    static error_enum expected_errors[] = {
        {"OK", ASN1_OK},
        {"BIO", ASN1_BIO},
        {"decode", ASN1_DECODE},
        {"encode", ASN1_ENCODE},
        {"compare", ASN1_COMPARE}
    };

    if (p != NULL && strcmp(p, "on") == 0)
        CRYPTO_set_mem_debug(1);
    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

    if (argc != 4) {
        fprintf(stderr,
                "Usage: d2i_test item_name expected_error file.der\n");
        return 1;
    }

    test_type_name = argv[1];
    expected_error_string = argv[2];
    test_file = argv[3];

    for (i = 0; i < OSSL_NELEM(items); i++) {
        const ASN1_ITEM *it = ASN1_ITEM_ptr(items[i]);
        if (strcmp(test_type_name, it->sname) == 0) {
            item_type = it;
            break;
        }
    }
    if (item_type == NULL) {
        fprintf(stderr, "Unknown type %s\n", test_type_name);
        fprintf(stderr, "Supported types:\n");
        for (i = 0; i < OSSL_NELEM(items); i++) {
            const ASN1_ITEM *it = ASN1_ITEM_ptr(items[i]);
            fprintf(stderr, "\t%s\n", it->sname);
        }
        return 1;
    }

    for (i = 0; i < OSSL_NELEM(expected_errors); i++) {
        if (strcmp(expected_errors[i].str, expected_error_string) == 0) {
            expected_error = expected_errors[i].code;
            break;
        }
    }

    if (expected_error == ASN1_UNKNOWN) {
        fprintf(stderr, "Unknown expected error %s\n", expected_error_string);
        return 1;
    }

    ADD_TEST(test_bad_asn1);

    result = run_tests(argv[0]);

#ifndef OPENSSL_NO_CRYPTO_MDEBUG
    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
        result = 1;
#endif

    return result;
}
Example #12
0
    BIO *out, int indent);
static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *value);
static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
    int indent);
static void print_notice(BIO *out, USERNOTICE *notice, int indent);
static POLICYINFO *policy_section(X509V3_CTX *ctx,
    STACK_OF(CONF_VALUE) *polstrs, int ia5org);
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
    STACK_OF(CONF_VALUE) *unot, int ia5org);
static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);

const X509V3_EXT_METHOD v3_cpols = {
	.ext_nid = NID_certificate_policies,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(CERTIFICATEPOLICIES),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = NULL,
	.i2r = (X509V3_EXT_I2R)i2r_certpol,
	.r2i = (X509V3_EXT_R2I)r2i_certpol,
	.usr_data = NULL,
};

static const ASN1_TEMPLATE CERTIFICATEPOLICIES_item_tt = {
	.flags = ASN1_TFLG_SEQUENCE_OF,
Example #13
0
 */

#include <stdio.h>
#include "cryptlib.h"
#include <openssl/conf.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>

static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
			AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
			X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);

X509V3_EXT_METHOD v3_akey_id = {
NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
0,0,0,0,
0,0,
(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
0,0,
NULL
};

static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
	     AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
{
	char *tmp;
	if(akeyid->keyid) {
		tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
		X509V3_add_value("keyid", tmp, &extlist);
Example #14
0
#include <openssl/conf.h>
#include <openssl/x509v3.h>

static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
                                      X509V3_CTX *ctx,
                                      STACK_OF(CONF_VALUE) *nval);
static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
                                     X509V3_CTX *ctx,
                                     STACK_OF(CONF_VALUE) *nval);
static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);

const X509V3_EXT_METHOD v3_alt[] = {
    {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
     0, 0, 0, 0,
     0, 0,
     (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
     (X509V3_EXT_V2I)v2i_subject_alt,
     NULL, NULL, NULL},

    {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
     0, 0, 0, 0,
     0, 0,
     (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
     (X509V3_EXT_V2I)v2i_issuer_alt,
     NULL, NULL, NULL},

    {NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
     0, 0, 0, 0,
Example #15
0
    CUSTOM_EXPECTED_FAILURE,     /* t_8bytes_5_negpad */
    CUSTOM_EXPECTED_FAILURE,     /* t_5bytes_1 */
    CUSTOM_EXPECTED_FAILURE,     /* t_4bytes_1 (too large positive) */
    CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
    CUSTOM_EXPECTED_FAILURE,     /* t_4bytes_3_pad (illegal padding) */
    CUSTOM_EXPECTED_SUCCESS(INT32_MIN, INT32_MIN), /* t_4bytes_4_neg */
    CUSTOM_EXPECTED_FAILURE,     /* t_4bytes_5_negpad (illegal padding) */
};
static ASN1_LONG_DATA long_encdec_data_32bit[] = {
    ENCDEC_ARRAY(LONG_MAX - 1, LONG_MAX, LONG_MIN, LONG_MIN),
    /* Check that default numbers fail */
    { 0, ASN1_LONG_UNDEF, 1 }, { 0, 1, 0 }
};

static TEST_PACKAGE long_test_package_32bit = {
    ASN1_ITEM_ref(ASN1_LONG_DATA), "LONG", sizeof(long) != 4,
    long_expected_32bit,
    sizeof(long_expected_32bit), sizeof(long_expected_32bit[0]),
    long_encdec_data_32bit,
    sizeof(long_encdec_data_32bit), sizeof(long_encdec_data_32bit[0]),
    (i2d_fn *)i2d_ASN1_LONG_DATA, (d2i_fn *)d2i_ASN1_LONG_DATA,
    (ifree_fn *)ASN1_LONG_DATA_free
};

static ASN1_LONG_DATA long_expected_64bit[] = {
    /* The following should fail on the second because it's the default */
    { 0xff, 0, 1 }, { 0, 0, 0 }, /* t_zero */
    { 0, 0, 0 }, { 0xff, 1, 0x7fffffff }, /* t_longundef */
    CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
    CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
    CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */
Example #16
0
#include <openssl/conf.h>
#include <openssl/err.h>
#include <openssl/obj.h>
#include <openssl/x509v3.h>


static STACK_OF(CONF_VALUE) *
i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons,
		       STACK_OF(CONF_VALUE) *extlist);
static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
				    X509V3_CTX *ctx,
				    STACK_OF(CONF_VALUE) *values);

const X509V3_EXT_METHOD v3_policy_constraints = {
NID_policy_constraints, 0,
ASN1_ITEM_ref(POLICY_CONSTRAINTS),
0,0,0,0,
0,0,
i2v_POLICY_CONSTRAINTS,
v2i_POLICY_CONSTRAINTS,
NULL,NULL,
NULL
};

ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
	ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
	ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)

IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
Example #17
0
 * asn1 <data structure>
 */

#include <stdio.h>
#include <string.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/ec.h>
#include <openssl/ocsp.h>
#include <openssl/pkcs12.h>
#include <openssl/ts.h>
#include <openssl/x509v3.h>
#include "fuzzer.h"

static ASN1_ITEM_EXP *item_type[] = {
    ASN1_ITEM_ref(ASN1_SEQUENCE),
    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
    ASN1_ITEM_ref(BIGNUM),
    ASN1_ITEM_ref(ECPARAMETERS),
    ASN1_ITEM_ref(ECPKPARAMETERS),
    ASN1_ITEM_ref(GENERAL_NAME),
    ASN1_ITEM_ref(GENERAL_SUBTREE),
    ASN1_ITEM_ref(NAME_CONSTRAINTS),
    ASN1_ITEM_ref(OCSP_BASICRESP),
    ASN1_ITEM_ref(OCSP_RESPONSE),
    ASN1_ITEM_ref(PKCS12),
    ASN1_ITEM_ref(PKCS12_AUTHSAFES),
    ASN1_ITEM_ref(PKCS12_SAFEBAGS),
    ASN1_ITEM_ref(PKCS7),
    ASN1_ITEM_ref(PKCS7_ATTR_SIGN),
    ASN1_ITEM_ref(PKCS7_ATTR_VERIFY),
static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
    BIO *out, int indent);
static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, char *value);
static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
    int indent);
static void print_notice(BIO *out, USERNOTICE *notice, int indent);
static POLICYINFO *policy_section(X509V3_CTX *ctx,
    STACK_OF(CONF_VALUE) *polstrs, int ia5org);
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
    STACK_OF(CONF_VALUE) *unot, int ia5org);
static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);

const X509V3_EXT_METHOD v3_cpols = {
	NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
	0, 0, 0, 0,
	0, 0,
	0, 0,
	(X509V3_EXT_I2R)i2r_certpol,
	(X509V3_EXT_R2I)r2i_certpol,
	NULL
};

ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES,
	POLICYINFO)
ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)

IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
Example #19
0
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * ([email protected]).  This product includes software written by Tim
 * Hudson ([email protected]).
 *
 */

#include <stdio.h>
#include "cryptlib.h"
#include <openssl/x509v3.h>

X509V3_EXT_METHOD v3_crl_num = { 
	NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
	0,0,0,0,
	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
	0,
	0,0,0,0, NULL};

X509V3_EXT_METHOD v3_delta_crl = { 
	NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
	0,0,0,0,
	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
	0,
	0,0,0,0, NULL};

static void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value)
	{
	return s2i_ASN1_INTEGER(meth, value);
Example #20
0
#include <openssl/conf.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>

/* Support for Thawte strong extranet extension */

#define SXNET_TEST

static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
#ifdef SXNET_TEST
static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
						STACK_OF(CONF_VALUE) *nval);
#endif
const X509V3_EXT_METHOD v3_sxnet = {
NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
0,0,0,0,
0,0,
0, 
#ifdef SXNET_TEST
(X509V3_EXT_V2I)sxnet_v2i,
#else
0,
#endif
(X509V3_EXT_I2R)sxnet_i2r,
0,
NULL
};

ASN1_SEQUENCE(SXNETID) = {
	ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
Example #21
0
    ASN1_OPT(ADMISSION_SYNTAX, admissionAuthority, GENERAL_NAME),
    ASN1_SEQUENCE_OF(ADMISSION_SYNTAX, contentsOfAdmissions, ADMISSIONS),
} ASN1_SEQUENCE_END(ADMISSION_SYNTAX)

IMPLEMENT_ASN1_FUNCTIONS(NAMING_AUTHORITY)
IMPLEMENT_ASN1_FUNCTIONS(PROFESSION_INFO)
IMPLEMENT_ASN1_FUNCTIONS(ADMISSIONS)
IMPLEMENT_ASN1_FUNCTIONS(ADMISSION_SYNTAX)

static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
                                BIO *bp, int ind);

const X509V3_EXT_METHOD v3_ext_admission = {
    NID_x509ExtAdmission,   /* .ext_nid = */
    0,                      /* .ext_flags = */
    ASN1_ITEM_ref(ADMISSION_SYNTAX), /* .it = */
    NULL, NULL, NULL, NULL,
    NULL,                   /* .i2s = */
    NULL,                   /* .s2i = */
    NULL,                   /* .i2v = */
    NULL,                   /* .v2i = */
    &i2r_ADMISSION_SYNTAX,  /* .i2r = */
    NULL,                   /* .r2i = */
    NULL                    /* extension-specific data */
};


static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in,
                                BIO *bp, int ind)
{
    NAMING_AUTHORITY * namingAuthority = (NAMING_AUTHORITY*) in;
Example #22
0
 */

#include <stdio.h>
#include "cryptlib.h"
#include <openssl/conf.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>

static void *v2i_crld(const X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
    int indent);

const X509V3_EXT_METHOD v3_crld = {
	NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
	0, 0, 0, 0,
	0, 0,
	0,
	v2i_crld,
	i2r_crldp, 0,
	NULL
};

const X509V3_EXT_METHOD v3_freshest_crl = {
	NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
	0, 0, 0, 0,
	0, 0,
	0,
	v2i_crld,
	i2r_crldp, 0,
Example #23
0
 * SUCH DAMAGE.
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/conf.h>
#include <openssl/x509v3.h>
#include "ext_dat.h"

static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
                   BIO *out, int indent);
static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
                                          X509V3_CTX *ctx, char *str);

const X509V3_EXT_METHOD v3_pci =
    { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
    0, 0, 0, 0,
    0, 0,
    NULL, NULL,
    (X509V3_EXT_I2R)i2r_pci,
    (X509V3_EXT_R2I)r2i_pci,
    NULL,
};

static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
                   BIO *out, int indent)
{
    BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
    if (pci->pcPathLengthConstraint)
        i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
    else
Example #24
0
{CRL_REASON_SUPERSEDED, 	 "Superseded", "superseded"},
{CRL_REASON_CESSATION_OF_OPERATION,
			"Cessation Of Operation", "cessationOfOperation"},
{CRL_REASON_CERTIFICATE_HOLD,	 "Certificate Hold", "certificateHold"},
{CRL_REASON_REMOVE_FROM_CRL,	 "Remove From CRL", "removeFromCRL"},
{CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn", "privilegeWithdrawn"},
{CRL_REASON_AA_COMPROMISE,	 "AA Compromise", "AACompromise"},
{-1, NULL, NULL}
};

#ifdef  __cplusplus
	extern "C" {
#endif

extern X509V3_EXT_METHOD v3_crl_reason = { 
NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
0,0,0,0,
(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
0,
0,0,0,0,
crl_reasons};


char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
	     ASN1_ENUMERATED *e)
{
	ENUMERATED_NAMES *enam;
	long strval;
	strval = ASN1_ENUMERATED_get(e);
	for(enam = (ENUMERATED_NAMES*)method->usr_data; enam->lname; enam++) {
		if(strval == enam->bitnum) return BUF_strdup(enam->lname);
Example #25
0
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/conf.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>

static void *v2i_crld(const X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
    int indent);

const X509V3_EXT_METHOD v3_crld = {
	.ext_nid = NID_crl_distribution_points,
	.ext_flags = 0,
	.it = ASN1_ITEM_ref(CRL_DIST_POINTS),
	.ext_new = NULL,
	.ext_free = NULL,
	.d2i = NULL,
	.i2d = NULL,
	.i2s = NULL,
	.s2i = NULL,
	.i2v = NULL,
	.v2i = v2i_crld,
	.i2r = i2r_crldp,
	.r2i = NULL,
	.usr_data = NULL,
};

const X509V3_EXT_METHOD v3_freshest_crl = {
	.ext_nid = NID_freshest_crl,
Example #26
0
 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>

#include <openssl/err.h>
#include <openssl/x509v3.h>

static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
const X509V3_EXT_METHOD v3_skey_id = {
    NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
    0, 0, 0, 0,
    (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
    (X509V3_EXT_S2I)s2i_skey_id,
    0, 0, 0, 0,
    NULL
};

char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
                            ASN1_OCTET_STRING *oct)
{
    return hex_to_string(oct->data, oct->length);
}

ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
                                         X509V3_CTX *ctx, char *str)
Example #27
0
#include <openssl/x509v3.h>

static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);

const X509V3_EXT_METHOD v3_alt[] = {
	{
		.ext_nid = NID_subject_alt_name,
		.ext_flags = 0,
		.it = ASN1_ITEM_ref(GENERAL_NAMES),
		.ext_new = NULL,
		.ext_free = NULL,
		.d2i = NULL,
		.i2d = NULL,
		.i2s = NULL,
		.s2i = NULL,
		.i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
		.v2i = (X509V3_EXT_V2I)v2i_subject_alt,
		.i2r = NULL,
		.r2i = NULL,
		.usr_data = NULL,
	},
	{
		.ext_nid = NID_issuer_alt_name,
		.ext_flags = 0,