kris
/
boringssl
1
0
Креирај огранак 0
Код Дискусије 0 Захтеви за спајање 0 Издања 0 Вики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3295 Комити
12 Гране
38 MiB
Дрво: f99f2448bd
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from 'f99f2448bd'
${ noResults }
boringssl/crypto/x509v3/v3_conf.c

v3_conf.c 14 KiB
Датотека Normal View Историја

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
Remove string.h from base.h. Including string.h in base.h causes any file that includes a BoringSSL header to include string.h. Generally this wouldn't be a problem, although string.h might slow down the compile if it wasn't otherwise needed. However, it also causes problems for ipsec-tools in Android because OpenSSL didn't have this behaviour. This change removes string.h from base.h and, instead, adds it to each .c file that requires it. Change-Id: I5968e50b0e230fd3adf9b72dd2836e6f52d6fb37 Reviewed-on: https://boringssl-review.googlesource.com/3200 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 9 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
Enable MSVC warning C4701, use of potentially uninitialized variable. C4701 is "potentially uninitialized local variable 'buf' used". It sometimes results in false positives, which can now be suppressed using the macro OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS. Change-Id: I15068b5a48e1c704702e7752982b9ead855e7633 Reviewed-on: https://boringssl-review.googlesource.com/3160 Reviewed-by: Adam Langley <agl@google.com>
пре 9 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Fix an error path leak in do_ext_nconf() (Imported from upstream's 4457017587efae316ac10b159f2e5b0cc81d9921. This also applies the change in https://github.com/openssl/openssl/pull/1351.) Change-Id: Ief4e4b282f5e987981922d127b5345d374d009cf Reviewed-on: https://boringssl-review.googlesource.com/8941 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
пре 8 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Fix an error path leak in do_ext_nconf() (Imported from upstream's 4457017587efae316ac10b159f2e5b0cc81d9921. This also applies the change in https://github.com/openssl/openssl/pull/1351.) Change-Id: Ief4e4b282f5e987981922d127b5345d374d009cf Reviewed-on: https://boringssl-review.googlesource.com/8941 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
пре 8 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Fix build when using Visual Studio 2015 Update 1. Many of the compatibility issues are described at https://msdn.microsoft.com/en-us/library/mt612856.aspx. The macros that suppressed warnings on a per-function basis no longer work in Update 1, so replace them with #pragmas. Update 1 warns when |size_t| arguments to |printf| are casted, so stop doing that casting. Unfortunately, this requires an ugly hack to continue working in MSVC 2013 as MSVC 2013 doesn't support "%zu". Finally, Update 1 has new warnings, some of which need to be suppressed. --- Updated by davidben to give up on suppressing warnings in crypto/x509 and crypto/x509v3 as those directories aren't changed much from upstream. In each of these cases, upstream opted just blindly initialize the variable, so do the same. Also switch C4265 to level 4, per Microsoft's recommendation and work around a bug in limits.h that happens to get fixed by Google include order style. (limits.h is sensitive to whether corecrt.h, pulled in by stddef.h and some other headers, is included before it. The reason it affected just one file is we often put the file's header first, which means base.h is pulling in stddef.h. Relying on this is ugly, but it's no worse than what everything else is doing and this doesn't seem worth making something as tame as limits.h so messy to use.) Change-Id: I02d1f935356899f424d3525d03eca401bfa3e6cd Reviewed-on: https://boringssl-review.googlesource.com/7480 Reviewed-by: David Benjamin <davidben@google.com>
пре 8 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
Tag a number of globals as const. Change-Id: I6f334911f153395a2e5e26adfd08912a1d8c558b Reviewed-on: https://boringssl-review.googlesource.com/2847 Reviewed-by: Adam Langley <agl@google.com>
пре 9 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
пре 10 година
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462 
  1. /* v3_conf.c */

  2. /*

  3.  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project

  4.  * 1999.

  5.  */

  6. /* ====================================================================

  7.  * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.

  8.  *

  9.  * Redistribution and use in source and binary forms, with or without

  10.  * modification, are permitted provided that the following conditions

  11.  * are met:

  12.  *

  13.  * 1. Redistributions of source code must retain the above copyright

  14.  *    notice, this list of conditions and the following disclaimer.

  15.  *

  16.  * 2. Redistributions in binary form must reproduce the above copyright

  17.  *    notice, this list of conditions and the following disclaimer in

  18.  *    the documentation and/or other materials provided with the

  19.  *    distribution.

  20.  *

  21.  * 3. All advertising materials mentioning features or use of this

  22.  *    software must display the following acknowledgment:

  23.  *    "This product includes software developed by the OpenSSL Project

  24.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  25.  *

  26.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  27.  *    endorse or promote products derived from this software without

  28.  *    prior written permission. For written permission, please contact

  29.  *    licensing@OpenSSL.org.

  30.  *

  31.  * 5. Products derived from this software may not be called "OpenSSL"

  32.  *    nor may "OpenSSL" appear in their names without prior written

  33.  *    permission of the OpenSSL Project.

  34.  *

  35.  * 6. Redistributions of any form whatsoever must retain the following

  36.  *    acknowledgment:

  37.  *    "This product includes software developed by the OpenSSL Project

  38.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  41.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  43.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  44.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  45.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  46.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  47.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  49.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  50.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  51.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  52.  * ====================================================================

  53.  *

  54.  * This product includes cryptographic software written by Eric Young

  55.  * (eay@cryptsoft.com).  This product includes software written by Tim

  56.  * Hudson (tjh@cryptsoft.com). */

  57. 

  58. /* extension creation utilities */

  59. 

  60. #include <ctype.h>

  61. #include <stdio.h>

  62. #include <string.h>

  63. 

  64. #include <openssl/conf.h>

  65. #include <openssl/err.h>

  66. #include <openssl/mem.h>

  67. #include <openssl/obj.h>

  68. #include <openssl/x509.h>

  69. #include <openssl/x509v3.h>

  70. 

  71. #include "../internal.h"

  72. 

  73. static int v3_check_critical(char **value);

  74. static int v3_check_generic(char **value);

  75. static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,

  76.                                     int crit, char *value);

  77. static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,

  78.                                             int crit, int type,

  79.                                             X509V3_CTX *ctx);

  80. static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,

  81.                                   int ext_nid, int crit, void *ext_struc);

  82. static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,

  83.                                    long *ext_len);

  84. /* CONF *conf:  Config file    */

  85. /* char *name:  Name    */

  86. /* char *value:  Value    */

  87. X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,

  88.                                  char *value)

  89. {

  90.     int crit;

  91.     int ext_type;

  92.     X509_EXTENSION *ret;

  93.     crit = v3_check_critical(&value);

  94.     if ((ext_type = v3_check_generic(&value)))

  95.         return v3_generic_extension(name, value, crit, ext_type, ctx);

  96.     ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);

  97.     if (!ret) {

  98.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_IN_EXTENSION);

  99.         ERR_add_error_data(4, "name=", name, ", value=", value);

  100.     }

  101.     return ret;

  102. }

  103. 

  104. /* CONF *conf:  Config file    */

  105. /* char *value:  Value    */

  106. X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,

  107.                                      char *value)

  108. {

  109.     int crit;

  110.     int ext_type;

  111.     crit = v3_check_critical(&value);

  112.     if ((ext_type = v3_check_generic(&value)))

  113.         return v3_generic_extension(OBJ_nid2sn(ext_nid),

  114.                                     value, crit, ext_type, ctx);

  115.     return do_ext_nconf(conf, ctx, ext_nid, crit, value);

  116. }

  117. 

  118. /* CONF *conf:  Config file    */

  119. /* char *value:  Value    */

  120. static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,

  121.                                     int crit, char *value)

  122. {

  123.     const X509V3_EXT_METHOD *method;

  124.     X509_EXTENSION *ext;

  125.     STACK_OF(CONF_VALUE) *nval;

  126.     void *ext_struc;

  127.     if (ext_nid == NID_undef) {

  128.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_EXTENSION_NAME);

  129.         return NULL;

  130.     }

  131.     if (!(method = X509V3_EXT_get_nid(ext_nid))) {

  132.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_EXTENSION);

  133.         return NULL;

  134.     }

  135.     /* Now get internal extension representation based on type */

  136.     if (method->v2i) {

  137.         if (*value == '@')

  138.             nval = NCONF_get_section(conf, value + 1);

  139.         else

  140.             nval = X509V3_parse_list(value);

  141.         if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {

  142.             OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_EXTENSION_STRING);

  143.             ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",

  144.                                value);

  145.             if (*value != '@')

  146.                 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);

  147.             return NULL;

  148.         }

  149.         ext_struc = method->v2i(method, ctx, nval);

  150.         if (*value != '@')

  151.             sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);

  152.         if (!ext_struc)

  153.             return NULL;

  154.     } else if (method->s2i) {

  155.         if (!(ext_struc = method->s2i(method, ctx, value)))

  156.             return NULL;

  157.     } else if (method->r2i) {

  158.         if (!ctx->db || !ctx->db_meth) {

  159.             OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_CONFIG_DATABASE);

  160.             return NULL;

  161.         }

  162.         if (!(ext_struc = method->r2i(method, ctx, value)))

  163.             return NULL;

  164.     } else {

  165.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);

  166.         ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));

  167.         return NULL;

  168.     }

  169. 

  170.     ext = do_ext_i2d(method, ext_nid, crit, ext_struc);

  171.     if (method->it)

  172.         ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));

  173.     else

  174.         method->ext_free(ext_struc);

  175.     return ext;

  176. 

  177. }

  178. 

  179. static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,

  180.                                   int ext_nid, int crit, void *ext_struc)

  181. {

  182.     unsigned char *ext_der;

  183.     int ext_len;

  184.     ASN1_OCTET_STRING *ext_oct;

  185.     X509_EXTENSION *ext;

  186.     /* Convert internal representation to DER */

  187.     if (method->it) {

  188.         ext_der = NULL;

  189.         ext_len =

  190.             ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));

  191.         if (ext_len < 0)

  192.             goto merr;

  193.     } else {

  194.         unsigned char *p;

  195.         ext_len = method->i2d(ext_struc, NULL);

  196.         if (!(ext_der = OPENSSL_malloc(ext_len)))

  197.             goto merr;

  198.         p = ext_der;

  199.         method->i2d(ext_struc, &p);

  200.     }

  201.     if (!(ext_oct = M_ASN1_OCTET_STRING_new()))

  202.         goto merr;

  203.     ext_oct->data = ext_der;

  204.     ext_oct->length = ext_len;

  205. 

  206.     ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);

  207.     if (!ext)

  208.         goto merr;

  209.     M_ASN1_OCTET_STRING_free(ext_oct);

  210. 

  211.     return ext;

  212. 

  213.  merr:

  214.     OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);

  215.     return NULL;

  216. 

  217. }

  218. 

  219. /* Given an internal structure, nid and critical flag create an extension */

  220. 

  221. X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)

  222. {

  223.     const X509V3_EXT_METHOD *method;

  224.     if (!(method = X509V3_EXT_get_nid(ext_nid))) {

  225.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_EXTENSION);

  226.         return NULL;

  227.     }

  228.     return do_ext_i2d(method, ext_nid, crit, ext_struc);

  229. }

  230. 

  231. /* Check the extension string for critical flag */

  232. static int v3_check_critical(char **value)

  233. {

  234.     char *p = *value;

  235.     if ((strlen(p) < 9) || strncmp(p, "critical,", 9))

  236.         return 0;

  237.     p += 9;

  238.     while (isspace((unsigned char)*p))

  239.         p++;

  240.     *value = p;

  241.     return 1;

  242. }

  243. 

  244. /* Check extension string for generic extension and return the type */

  245. static int v3_check_generic(char **value)

  246. {

  247.     int gen_type = 0;

  248.     char *p = *value;

  249.     if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {

  250.         p += 4;

  251.         gen_type = 1;

  252.     } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) {

  253.         p += 5;

  254.         gen_type = 2;

  255.     } else

  256.         return 0;

  257. 

  258.     while (isspace((unsigned char)*p))

  259.         p++;

  260.     *value = p;

  261.     return gen_type;

  262. }

  263. 

  264. /* Create a generic extension: for now just handle DER type */

  265. static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,

  266.                                             int crit, int gen_type,

  267.                                             X509V3_CTX *ctx)

  268. {

  269.     unsigned char *ext_der = NULL;

  270.     long ext_len = 0;

  271.     ASN1_OBJECT *obj = NULL;

  272.     ASN1_OCTET_STRING *oct = NULL;

  273.     X509_EXTENSION *extension = NULL;

  274.     if (!(obj = OBJ_txt2obj(ext, 0))) {

  275.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXTENSION_NAME_ERROR);

  276.         ERR_add_error_data(2, "name=", ext);

  277.         goto err;

  278.     }

  279. 

  280.     if (gen_type == 1)

  281.         ext_der = string_to_hex(value, &ext_len);

  282.     else if (gen_type == 2)

  283.         ext_der = generic_asn1(value, ctx, &ext_len);

  284. 

  285.     if (ext_der == NULL) {

  286.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXTENSION_VALUE_ERROR);

  287.         ERR_add_error_data(2, "value=", value);

  288.         goto err;

  289.     }

  290. 

  291.     if (!(oct = M_ASN1_OCTET_STRING_new())) {

  292.         OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);

  293.         goto err;

  294.     }

  295. 

  296.     oct->data = ext_der;

  297.     oct->length = ext_len;

  298.     ext_der = NULL;

  299. 

  300.     extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);

  301. 

  302.  err:

  303.     ASN1_OBJECT_free(obj);

  304.     M_ASN1_OCTET_STRING_free(oct);

  305.     if (ext_der)

  306.         OPENSSL_free(ext_der);

  307.     return extension;

  308. 

  309. }

  310. 

  311. static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,

  312.                                    long *ext_len)

  313. {

  314.     ASN1_TYPE *typ;

  315.     unsigned char *ext_der = NULL;

  316.     typ = ASN1_generate_v3(value, ctx);

  317.     if (typ == NULL)

  318.         return NULL;

  319.     *ext_len = i2d_ASN1_TYPE(typ, &ext_der);

  320.     ASN1_TYPE_free(typ);

  321.     return ext_der;

  322. }

  323. 

  324. /*

  325.  * This is the main function: add a bunch of extensions based on a config

  326.  * file section to an extension STACK.

  327.  */

  328. 

  329. int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,

  330.                             STACK_OF(X509_EXTENSION) **sk)

  331. {

  332.     X509_EXTENSION *ext;

  333.     STACK_OF(CONF_VALUE) *nval;

  334.     CONF_VALUE *val;

  335.     size_t i;

  336.     if (!(nval = NCONF_get_section(conf, section)))

  337.         return 0;

  338.     for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {

  339.         val = sk_CONF_VALUE_value(nval, i);

  340.         if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))

  341.             return 0;

  342.         if (sk)

  343.             X509v3_add_ext(sk, ext, -1);

  344.         X509_EXTENSION_free(ext);

  345.     }

  346.     return 1;

  347. }

  348. 

  349. /*

  350.  * Convenience functions to add extensions to a certificate, CRL and request

  351.  */

  352. 

  353. int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,

  354.                          X509 *cert)

  355. {

  356.     STACK_OF(X509_EXTENSION) **sk = NULL;

  357.     if (cert)

  358.         sk = &cert->cert_info->extensions;

  359.     return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);

  360. }

  361. 

  362. /* Same as above but for a CRL */

  363. 

  364. int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,

  365.                              X509_CRL *crl)

  366. {

  367.     STACK_OF(X509_EXTENSION) **sk = NULL;

  368.     if (crl)

  369.         sk = &crl->crl->extensions;

  370.     return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);

  371. }

  372. 

  373. /* Add extensions to certificate request */

  374. 

  375. int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,

  376.                              X509_REQ *req)

  377. {

  378.     STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;

  379.     int i;

  380.     if (req)

  381.         sk = &extlist;

  382.     i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);

  383.     if (!i || !sk)

  384.         return i;

  385.     i = X509_REQ_add_extensions(req, extlist);

  386.     sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);

  387.     return i;

  388. }

  389. 

  390. /* Config database functions */

  391. 

  392. char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)

  393. {

  394.     if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {

  395.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED);

  396.         return NULL;

  397.     }

  398.     if (ctx->db_meth->get_string)

  399.         return ctx->db_meth->get_string(ctx->db, name, section);

  400.     return NULL;

  401. }

  402. 

  403. STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section)

  404. {

  405.     if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {

  406.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED);

  407.         return NULL;

  408.     }

  409.     if (ctx->db_meth->get_section)

  410.         return ctx->db_meth->get_section(ctx->db, section);

  411.     return NULL;

  412. }

  413. 

  414. void X509V3_string_free(X509V3_CTX *ctx, char *str)

  415. {

  416.     if (!str)

  417.         return;

  418.     if (ctx->db_meth->free_string)

  419.         ctx->db_meth->free_string(ctx->db, str);

  420. }

  421. 

  422. void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)

  423. {

  424.     if (!section)

  425.         return;

  426.     if (ctx->db_meth->free_section)

  427.         ctx->db_meth->free_section(ctx->db, section);

  428. }

  429. 

  430. static char *nconf_get_string(void *db, char *section, char *value)

  431. {

  432.     /* TODO(fork): this should return a const value. */

  433.     return (char *)NCONF_get_string(db, section, value);

  434. }

  435. 

  436. static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)

  437. {

  438.     return NCONF_get_section(db, section);

  439. }

  440. 

  441. static const X509V3_CONF_METHOD nconf_method = {

  442.     nconf_get_string,

  443.     nconf_get_section,

  444.     NULL,

  445.     NULL

  446. };

  447. 

  448. void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)

  449. {

  450.     ctx->db_meth = &nconf_method;

  451.     ctx->db = conf;

  452. }

  453. 

  454. void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,

  455.                     X509_CRL *crl, int flags)

  456. {

  457.     ctx->issuer_cert = issuer;

  458.     ctx->subject_cert = subj;

  459.     ctx->crl = crl;

  460.     ctx->subject_req = req;

  461.     ctx->flags = flags;

  462. }