xref: /openbsd-src/lib/libcrypto/x509/x509_crld.c (revision 8b5faa7170599a10b7304ec693b84d6d6fd0697f) 
1*8b5faa71Stb /* $OpenBSD: x509_crld.c,v 1.7 2024/07/13 15:08:58 tb Exp $ */
2e500e238Sjsing /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3e500e238Sjsing  * project 1999.
4e500e238Sjsing  */
5e500e238Sjsing /* ====================================================================
6e500e238Sjsing  * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
7e500e238Sjsing  *
8e500e238Sjsing  * Redistribution and use in source and binary forms, with or without
9e500e238Sjsing  * modification, are permitted provided that the following conditions
10e500e238Sjsing  * are met:
11e500e238Sjsing  *
12e500e238Sjsing  * 1. Redistributions of source code must retain the above copyright
13e500e238Sjsing  *    notice, this list of conditions and the following disclaimer.
14e500e238Sjsing  *
15e500e238Sjsing  * 2. Redistributions in binary form must reproduce the above copyright
16e500e238Sjsing  *    notice, this list of conditions and the following disclaimer in
17e500e238Sjsing  *    the documentation and/or other materials provided with the
18e500e238Sjsing  *    distribution.
19e500e238Sjsing  *
20e500e238Sjsing  * 3. All advertising materials mentioning features or use of this
21e500e238Sjsing  *    software must display the following acknowledgment:
22e500e238Sjsing  *    "This product includes software developed by the OpenSSL Project
23e500e238Sjsing  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24e500e238Sjsing  *
25e500e238Sjsing  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26e500e238Sjsing  *    endorse or promote products derived from this software without
27e500e238Sjsing  *    prior written permission. For written permission, please contact
28e500e238Sjsing  *    licensing@OpenSSL.org.
29e500e238Sjsing  *
30e500e238Sjsing  * 5. Products derived from this software may not be called "OpenSSL"
31e500e238Sjsing  *    nor may "OpenSSL" appear in their names without prior written
32e500e238Sjsing  *    permission of the OpenSSL Project.
33e500e238Sjsing  *
34e500e238Sjsing  * 6. Redistributions of any form whatsoever must retain the following
35e500e238Sjsing  *    acknowledgment:
36e500e238Sjsing  *    "This product includes software developed by the OpenSSL Project
37e500e238Sjsing  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38e500e238Sjsing  *
39e500e238Sjsing  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40e500e238Sjsing  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41e500e238Sjsing  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42e500e238Sjsing  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43e500e238Sjsing  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44e500e238Sjsing  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45e500e238Sjsing  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46e500e238Sjsing  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47e500e238Sjsing  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48e500e238Sjsing  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49e500e238Sjsing  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50e500e238Sjsing  * OF THE POSSIBILITY OF SUCH DAMAGE.
51e500e238Sjsing  * ====================================================================
52e500e238Sjsing  *
53e500e238Sjsing  * This product includes cryptographic software written by Eric Young
54e500e238Sjsing  * (eay@cryptsoft.com).  This product includes software written by Tim
55e500e238Sjsing  * Hudson (tjh@cryptsoft.com).
56e500e238Sjsing  *
57e500e238Sjsing  */
58e500e238Sjsing 
59e500e238Sjsing #include <stdio.h>
60e500e238Sjsing #include <string.h>
61e500e238Sjsing 
62e500e238Sjsing #include <openssl/asn1.h>
63e500e238Sjsing #include <openssl/asn1t.h>
64e500e238Sjsing #include <openssl/conf.h>
65e500e238Sjsing #include <openssl/err.h>
66e500e238Sjsing #include <openssl/x509v3.h>
67e500e238Sjsing 
68c9675a23Stb #include "x509_local.h"
69838f0b6dStb 
70e500e238Sjsing static void *v2i_crld(const X509V3_EXT_METHOD *method,
71e500e238Sjsing     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
72e500e238Sjsing static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
73e500e238Sjsing     int indent);
74e500e238Sjsing 
75*8b5faa71Stb static const X509V3_EXT_METHOD x509v3_ext_crl_distribution_points = {
76e500e238Sjsing 	.ext_nid = NID_crl_distribution_points,
77e500e238Sjsing 	.ext_flags = 0,
78e500e238Sjsing 	.it = &CRL_DIST_POINTS_it,
79e500e238Sjsing 	.ext_new = NULL,
80e500e238Sjsing 	.ext_free = NULL,
81e500e238Sjsing 	.d2i = NULL,
82e500e238Sjsing 	.i2d = NULL,
83e500e238Sjsing 	.i2s = NULL,
84e500e238Sjsing 	.s2i = NULL,
85e500e238Sjsing 	.i2v = NULL,
86e500e238Sjsing 	.v2i = v2i_crld,
87e500e238Sjsing 	.i2r = i2r_crldp,
88e500e238Sjsing 	.r2i = NULL,
89e500e238Sjsing 	.usr_data = NULL,
90e500e238Sjsing };
91e500e238Sjsing 
92*8b5faa71Stb const X509V3_EXT_METHOD *
x509v3_ext_method_crl_distribution_points(void)93*8b5faa71Stb x509v3_ext_method_crl_distribution_points(void)
94*8b5faa71Stb {
95*8b5faa71Stb 	return &x509v3_ext_crl_distribution_points;
96*8b5faa71Stb }
97*8b5faa71Stb 
98*8b5faa71Stb static const X509V3_EXT_METHOD x509v3_ext_freshest_crl = {
99e500e238Sjsing 	.ext_nid = NID_freshest_crl,
100e500e238Sjsing 	.ext_flags = 0,
101e500e238Sjsing 	.it = &CRL_DIST_POINTS_it,
102e500e238Sjsing 	.ext_new = NULL,
103e500e238Sjsing 	.ext_free = NULL,
104e500e238Sjsing 	.d2i = NULL,
105e500e238Sjsing 	.i2d = NULL,
106e500e238Sjsing 	.i2s = NULL,
107e500e238Sjsing 	.s2i = NULL,
108e500e238Sjsing 	.i2v = NULL,
109e500e238Sjsing 	.v2i = v2i_crld,
110e500e238Sjsing 	.i2r = i2r_crldp,
111e500e238Sjsing 	.r2i = NULL,
112e500e238Sjsing 	.usr_data = NULL,
113e500e238Sjsing };
114e500e238Sjsing 
115*8b5faa71Stb const X509V3_EXT_METHOD *
x509v3_ext_method_freshest_crl(void)116*8b5faa71Stb x509v3_ext_method_freshest_crl(void)
117*8b5faa71Stb {
118*8b5faa71Stb 	return &x509v3_ext_freshest_crl;
119*8b5faa71Stb }
120*8b5faa71Stb 
STACK_OF(GENERAL_NAME)121e500e238Sjsing static STACK_OF(GENERAL_NAME) *
122e500e238Sjsing gnames_from_sectname(X509V3_CTX *ctx, char *sect)
123e500e238Sjsing {
124e500e238Sjsing 	STACK_OF(CONF_VALUE) *gnsect;
125e500e238Sjsing 	STACK_OF(GENERAL_NAME) *gens;
126e500e238Sjsing 
127e500e238Sjsing 	if (*sect == '@')
128e500e238Sjsing 		gnsect = X509V3_get_section(ctx, sect + 1);
129e500e238Sjsing 	else
130e500e238Sjsing 		gnsect = X509V3_parse_list(sect);
131e500e238Sjsing 	if (!gnsect) {
132e500e238Sjsing 		X509V3error(X509V3_R_SECTION_NOT_FOUND);
133e500e238Sjsing 		return NULL;
134e500e238Sjsing 	}
135e500e238Sjsing 	gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
136e500e238Sjsing 	if (*sect == '@')
137e500e238Sjsing 		X509V3_section_free(ctx, gnsect);
138e500e238Sjsing 	else
139e500e238Sjsing 		sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
140e500e238Sjsing 	return gens;
141e500e238Sjsing }
142e500e238Sjsing 
143e500e238Sjsing static int
set_dist_point_name(DIST_POINT_NAME ** pdp,X509V3_CTX * ctx,CONF_VALUE * cnf)144e500e238Sjsing set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, CONF_VALUE *cnf)
145e500e238Sjsing {
146e500e238Sjsing 	STACK_OF(GENERAL_NAME) *fnm = NULL;
147e500e238Sjsing 	STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
148e500e238Sjsing 
149e500e238Sjsing 	if (!strncmp(cnf->name, "fullname", 9)) {
150e500e238Sjsing 		fnm = gnames_from_sectname(ctx, cnf->value);
151e500e238Sjsing 		if (!fnm)
152e500e238Sjsing 			goto err;
153e500e238Sjsing 	} else if (!strcmp(cnf->name, "relativename")) {
154e500e238Sjsing 		int ret;
155e500e238Sjsing 		STACK_OF(CONF_VALUE) *dnsect;
156e500e238Sjsing 		X509_NAME *nm;
157e500e238Sjsing 		nm = X509_NAME_new();
158e500e238Sjsing 		if (!nm)
159e500e238Sjsing 			return -1;
160e500e238Sjsing 		dnsect = X509V3_get_section(ctx, cnf->value);
161e500e238Sjsing 		if (!dnsect) {
162e500e238Sjsing 			X509V3error(X509V3_R_SECTION_NOT_FOUND);
163e500e238Sjsing 			X509_NAME_free(nm);
164e500e238Sjsing 			return -1;
165e500e238Sjsing 		}
166e500e238Sjsing 		ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
167e500e238Sjsing 		X509V3_section_free(ctx, dnsect);
168e500e238Sjsing 		rnm = nm->entries;
169e500e238Sjsing 		nm->entries = NULL;
170e500e238Sjsing 		X509_NAME_free(nm);
171e500e238Sjsing 		if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)
172e500e238Sjsing 			goto err;
173e500e238Sjsing 		/* Since its a name fragment can't have more than one
174e500e238Sjsing 		 * RDNSequence
175e500e238Sjsing 		 */
176e500e238Sjsing 		if (sk_X509_NAME_ENTRY_value(rnm,
177e500e238Sjsing 		    sk_X509_NAME_ENTRY_num(rnm) - 1)->set) {
178e500e238Sjsing 			X509V3error(X509V3_R_INVALID_MULTIPLE_RDNS);
179e500e238Sjsing 			goto err;
180e500e238Sjsing 		}
181e500e238Sjsing 	} else
182e500e238Sjsing 		return 0;
183e500e238Sjsing 
184e500e238Sjsing 	if (*pdp) {
185e500e238Sjsing 		X509V3error(X509V3_R_DISTPOINT_ALREADY_SET);
186e500e238Sjsing 		goto err;
187e500e238Sjsing 	}
188e500e238Sjsing 
189e500e238Sjsing 	*pdp = DIST_POINT_NAME_new();
190e500e238Sjsing 	if (!*pdp)
191e500e238Sjsing 		goto err;
192e500e238Sjsing 	if (fnm) {
193e500e238Sjsing 		(*pdp)->type = 0;
194e500e238Sjsing 		(*pdp)->name.fullname = fnm;
195e500e238Sjsing 	} else {
196e500e238Sjsing 		(*pdp)->type = 1;
197e500e238Sjsing 		(*pdp)->name.relativename = rnm;
198e500e238Sjsing 	}
199e500e238Sjsing 
200e500e238Sjsing 	return 1;
201e500e238Sjsing 
202e500e238Sjsing err:
203e500e238Sjsing 	sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
204e500e238Sjsing 	sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
205e500e238Sjsing 	return -1;
206e500e238Sjsing }
207e500e238Sjsing 
208e500e238Sjsing static const BIT_STRING_BITNAME reason_flags[] = {
209e500e238Sjsing 	{0, "Unused", "unused"},
210e500e238Sjsing 	{1, "Key Compromise", "keyCompromise"},
211e500e238Sjsing 	{2, "CA Compromise", "CACompromise"},
212e500e238Sjsing 	{3, "Affiliation Changed", "affiliationChanged"},
213e500e238Sjsing 	{4, "Superseded", "superseded"},
214e500e238Sjsing 	{5, "Cessation Of Operation", "cessationOfOperation"},
215e500e238Sjsing 	{6, "Certificate Hold", "certificateHold"},
216e500e238Sjsing 	{7, "Privilege Withdrawn", "privilegeWithdrawn"},
217e500e238Sjsing 	{8, "AA Compromise", "AACompromise"},
218e500e238Sjsing 	{-1, NULL, NULL}
219e500e238Sjsing };
220e500e238Sjsing 
221e500e238Sjsing static int
set_reasons(ASN1_BIT_STRING ** preas,char * value)222e500e238Sjsing set_reasons(ASN1_BIT_STRING **preas, char *value)
223e500e238Sjsing {
224e500e238Sjsing 	STACK_OF(CONF_VALUE) *rsk = NULL;
225e500e238Sjsing 	const BIT_STRING_BITNAME *pbn;
226e500e238Sjsing 	const char *bnam;
227e500e238Sjsing 	int i, ret = 0;
228e500e238Sjsing 
229e500e238Sjsing 	if (*preas != NULL)
230e500e238Sjsing 		return 0;
231e500e238Sjsing 	rsk = X509V3_parse_list(value);
232e500e238Sjsing 	if (rsk == NULL)
233e500e238Sjsing 		return 0;
234e500e238Sjsing 	for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
235e500e238Sjsing 		bnam = sk_CONF_VALUE_value(rsk, i)->name;
236e500e238Sjsing 		if (!*preas) {
237e500e238Sjsing 			*preas = ASN1_BIT_STRING_new();
238e500e238Sjsing 			if (!*preas)
239e500e238Sjsing 				goto err;
240e500e238Sjsing 		}
241e500e238Sjsing 		for (pbn = reason_flags; pbn->lname; pbn++) {
242e500e238Sjsing 			if (!strcmp(pbn->sname, bnam)) {
243e500e238Sjsing 				if (!ASN1_BIT_STRING_set_bit(*preas,
244e500e238Sjsing 				    pbn->bitnum, 1))
245e500e238Sjsing 					goto err;
246e500e238Sjsing 				break;
247e500e238Sjsing 			}
248e500e238Sjsing 		}
249e500e238Sjsing 		if (!pbn->lname)
250e500e238Sjsing 			goto err;
251e500e238Sjsing 	}
252e500e238Sjsing 	ret = 1;
253e500e238Sjsing 
254e500e238Sjsing err:
255e500e238Sjsing 	sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);
256e500e238Sjsing 	return ret;
257e500e238Sjsing }
258e500e238Sjsing 
259e500e238Sjsing static int
print_reasons(BIO * out,const char * rname,ASN1_BIT_STRING * rflags,int indent)260e500e238Sjsing print_reasons(BIO *out, const char *rname, ASN1_BIT_STRING *rflags, int indent)
261e500e238Sjsing {
262e500e238Sjsing 	int first = 1;
263e500e238Sjsing 	const BIT_STRING_BITNAME *pbn;
264e500e238Sjsing 
265e500e238Sjsing 	BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
266e500e238Sjsing 	for (pbn = reason_flags; pbn->lname; pbn++) {
267e500e238Sjsing 		if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) {
268e500e238Sjsing 			if (first)
269e500e238Sjsing 				first = 0;
270e500e238Sjsing 			else
271e500e238Sjsing 				BIO_puts(out, ", ");
272e500e238Sjsing 			BIO_puts(out, pbn->lname);
273e500e238Sjsing 		}
274e500e238Sjsing 	}
275e500e238Sjsing 	if (first)
276e500e238Sjsing 		BIO_puts(out, "<EMPTY>\n");
277e500e238Sjsing 	else
278e500e238Sjsing 		BIO_puts(out, "\n");
279e500e238Sjsing 	return 1;
280e500e238Sjsing }
281e500e238Sjsing 
282e500e238Sjsing static DIST_POINT *
crldp_from_section(X509V3_CTX * ctx,STACK_OF (CONF_VALUE)* nval)283e500e238Sjsing crldp_from_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
284e500e238Sjsing {
285e500e238Sjsing 	int i;
286e500e238Sjsing 	CONF_VALUE *cnf;
287e500e238Sjsing 	DIST_POINT *point = NULL;
288e500e238Sjsing 
289e500e238Sjsing 	point = DIST_POINT_new();
290e500e238Sjsing 	if (!point)
291e500e238Sjsing 		goto err;
292e500e238Sjsing 	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
293e500e238Sjsing 		int ret;
294e500e238Sjsing 		cnf = sk_CONF_VALUE_value(nval, i);
295e500e238Sjsing 		ret = set_dist_point_name(&point->distpoint, ctx, cnf);
296e500e238Sjsing 		if (ret > 0)
297e500e238Sjsing 			continue;
298e500e238Sjsing 		if (ret < 0)
299e500e238Sjsing 			goto err;
300e500e238Sjsing 		if (!strcmp(cnf->name, "reasons")) {
301e500e238Sjsing 			if (!set_reasons(&point->reasons, cnf->value))
302e500e238Sjsing 				goto err;
303e500e238Sjsing 		}
304e500e238Sjsing 		else if (!strcmp(cnf->name, "CRLissuer")) {
305e500e238Sjsing 			point->CRLissuer =
306e500e238Sjsing 			    gnames_from_sectname(ctx, cnf->value);
307e500e238Sjsing 			if (!point->CRLissuer)
308e500e238Sjsing 				goto err;
309e500e238Sjsing 		}
310e500e238Sjsing 	}
311e500e238Sjsing 
312e500e238Sjsing 	return point;
313e500e238Sjsing 
314e500e238Sjsing err:
315e500e238Sjsing 	DIST_POINT_free(point);
316e500e238Sjsing 	return NULL;
317e500e238Sjsing }
318e500e238Sjsing 
319e500e238Sjsing static void *
v2i_crld(const X509V3_EXT_METHOD * method,X509V3_CTX * ctx,STACK_OF (CONF_VALUE)* nval)320e500e238Sjsing v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
321e500e238Sjsing     STACK_OF(CONF_VALUE) *nval)
322e500e238Sjsing {
323e500e238Sjsing 	STACK_OF(DIST_POINT) *crld = NULL;
324e500e238Sjsing 	GENERAL_NAMES *gens = NULL;
325e500e238Sjsing 	GENERAL_NAME *gen = NULL;
326e500e238Sjsing 	CONF_VALUE *cnf;
327e500e238Sjsing 	int i;
328e500e238Sjsing 
329e500e238Sjsing 	if (!(crld = sk_DIST_POINT_new_null()))
330e500e238Sjsing 		goto merr;
331e500e238Sjsing 	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
332e500e238Sjsing 		DIST_POINT *point;
333e500e238Sjsing 		cnf = sk_CONF_VALUE_value(nval, i);
334e500e238Sjsing 		if (!cnf->value) {
335e500e238Sjsing 			STACK_OF(CONF_VALUE) *dpsect;
336e500e238Sjsing 			dpsect = X509V3_get_section(ctx, cnf->name);
337e500e238Sjsing 			if (!dpsect)
338e500e238Sjsing 				goto err;
339e500e238Sjsing 			point = crldp_from_section(ctx, dpsect);
340e500e238Sjsing 			X509V3_section_free(ctx, dpsect);
341e500e238Sjsing 			if (!point)
342e500e238Sjsing 				goto err;
343e500e238Sjsing 			if (!sk_DIST_POINT_push(crld, point)) {
344e500e238Sjsing 				DIST_POINT_free(point);
345e500e238Sjsing 				goto merr;
346e500e238Sjsing 			}
347e500e238Sjsing 		} else {
348e500e238Sjsing 			if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
349e500e238Sjsing 				goto err;
350e500e238Sjsing 			if (!(gens = GENERAL_NAMES_new()))
351e500e238Sjsing 				goto merr;
352e500e238Sjsing 			if (!sk_GENERAL_NAME_push(gens, gen))
353e500e238Sjsing 				goto merr;
354e500e238Sjsing 			gen = NULL;
355e500e238Sjsing 			if (!(point = DIST_POINT_new()))
356e500e238Sjsing 				goto merr;
357e500e238Sjsing 			if (!sk_DIST_POINT_push(crld, point)) {
358e500e238Sjsing 				DIST_POINT_free(point);
359e500e238Sjsing 				goto merr;
360e500e238Sjsing 			}
361e500e238Sjsing 			if (!(point->distpoint = DIST_POINT_NAME_new()))
362e500e238Sjsing 				goto merr;
363e500e238Sjsing 			point->distpoint->name.fullname = gens;
364e500e238Sjsing 			point->distpoint->type = 0;
365e500e238Sjsing 			gens = NULL;
366e500e238Sjsing 		}
367e500e238Sjsing 	}
368e500e238Sjsing 	return crld;
369e500e238Sjsing 
370e500e238Sjsing merr:
371e500e238Sjsing 	X509V3error(ERR_R_MALLOC_FAILURE);
372e500e238Sjsing err:
373e500e238Sjsing 	GENERAL_NAME_free(gen);
374e500e238Sjsing 	GENERAL_NAMES_free(gens);
375e500e238Sjsing 	sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
376e500e238Sjsing 	return NULL;
377e500e238Sjsing }
378e500e238Sjsing 
379e500e238Sjsing static int
dpn_cb(int operation,ASN1_VALUE ** pval,const ASN1_ITEM * it,void * exarg)380e500e238Sjsing dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
381e500e238Sjsing {
382e500e238Sjsing 	DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval;
383e500e238Sjsing 
384e500e238Sjsing 	switch (operation) {
385e500e238Sjsing 	case ASN1_OP_NEW_POST:
386e500e238Sjsing 		dpn->dpname = NULL;
387e500e238Sjsing 		break;
388e500e238Sjsing 
389e500e238Sjsing 	case ASN1_OP_FREE_POST:
390e500e238Sjsing 		if (dpn->dpname)
391e500e238Sjsing 			X509_NAME_free(dpn->dpname);
392e500e238Sjsing 		break;
393e500e238Sjsing 	}
394e500e238Sjsing 	return 1;
395e500e238Sjsing }
396e500e238Sjsing 
397e500e238Sjsing 
398e500e238Sjsing static const ASN1_AUX DIST_POINT_NAME_aux = {
399e500e238Sjsing 	.app_data = NULL,
400e500e238Sjsing 	.flags = 0,
401e500e238Sjsing 	.ref_offset = 0,
402e500e238Sjsing 	.ref_lock = 0,
403e500e238Sjsing 	.asn1_cb = dpn_cb,
404e500e238Sjsing 	.enc_offset = 0,
405e500e238Sjsing };
406e500e238Sjsing static const ASN1_TEMPLATE DIST_POINT_NAME_ch_tt[] = {
407e500e238Sjsing 	{
408e500e238Sjsing 		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF,
409e500e238Sjsing 		.tag = 0,
410e500e238Sjsing 		.offset = offsetof(DIST_POINT_NAME, name.fullname),
411e500e238Sjsing 		.field_name = "name.fullname",
412e500e238Sjsing 		.item = &GENERAL_NAME_it,
413e500e238Sjsing 	},
414e500e238Sjsing 	{
415e500e238Sjsing 		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF,
416e500e238Sjsing 		.tag = 1,
417e500e238Sjsing 		.offset = offsetof(DIST_POINT_NAME, name.relativename),
418e500e238Sjsing 		.field_name = "name.relativename",
419e500e238Sjsing 		.item = &X509_NAME_ENTRY_it,
420e500e238Sjsing 	},
421e500e238Sjsing };
422e500e238Sjsing 
423e500e238Sjsing const ASN1_ITEM DIST_POINT_NAME_it = {
424e500e238Sjsing 	.itype = ASN1_ITYPE_CHOICE,
425e500e238Sjsing 	.utype = offsetof(DIST_POINT_NAME, type),
426e500e238Sjsing 	.templates = DIST_POINT_NAME_ch_tt,
427e500e238Sjsing 	.tcount = sizeof(DIST_POINT_NAME_ch_tt) / sizeof(ASN1_TEMPLATE),
428e500e238Sjsing 	.funcs = &DIST_POINT_NAME_aux,
429e500e238Sjsing 	.size = sizeof(DIST_POINT_NAME),
430e500e238Sjsing 	.sname = "DIST_POINT_NAME",
431e500e238Sjsing };
432c0ebdaf2Sbeck LCRYPTO_ALIAS(DIST_POINT_NAME_it);
433e500e238Sjsing 
434e500e238Sjsing 
435e500e238Sjsing 
436e500e238Sjsing DIST_POINT_NAME *
d2i_DIST_POINT_NAME(DIST_POINT_NAME ** a,const unsigned char ** in,long len)437e500e238Sjsing d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, const unsigned char **in, long len)
438e500e238Sjsing {
439e500e238Sjsing 	return (DIST_POINT_NAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
440e500e238Sjsing 	    &DIST_POINT_NAME_it);
441e500e238Sjsing }
442cedac418Stb LCRYPTO_ALIAS(d2i_DIST_POINT_NAME);
443e500e238Sjsing 
444e500e238Sjsing int
i2d_DIST_POINT_NAME(DIST_POINT_NAME * a,unsigned char ** out)445e500e238Sjsing i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **out)
446e500e238Sjsing {
447e500e238Sjsing 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DIST_POINT_NAME_it);
448e500e238Sjsing }
449cedac418Stb LCRYPTO_ALIAS(i2d_DIST_POINT_NAME);
450e500e238Sjsing 
451e500e238Sjsing DIST_POINT_NAME *
DIST_POINT_NAME_new(void)452e500e238Sjsing DIST_POINT_NAME_new(void)
453e500e238Sjsing {
454e500e238Sjsing 	return (DIST_POINT_NAME *)ASN1_item_new(&DIST_POINT_NAME_it);
455e500e238Sjsing }
456cedac418Stb LCRYPTO_ALIAS(DIST_POINT_NAME_new);
457e500e238Sjsing 
458e500e238Sjsing void
DIST_POINT_NAME_free(DIST_POINT_NAME * a)459e500e238Sjsing DIST_POINT_NAME_free(DIST_POINT_NAME *a)
460e500e238Sjsing {
461e500e238Sjsing 	ASN1_item_free((ASN1_VALUE *)a, &DIST_POINT_NAME_it);
462e500e238Sjsing }
463cedac418Stb LCRYPTO_ALIAS(DIST_POINT_NAME_free);
464e500e238Sjsing 
465e500e238Sjsing static const ASN1_TEMPLATE DIST_POINT_seq_tt[] = {
466e500e238Sjsing 	{
467e500e238Sjsing 		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
468e500e238Sjsing 		.tag = 0,
469e500e238Sjsing 		.offset = offsetof(DIST_POINT, distpoint),
470e500e238Sjsing 		.field_name = "distpoint",
471e500e238Sjsing 		.item = &DIST_POINT_NAME_it,
472e500e238Sjsing 	},
473e500e238Sjsing 	{
474e500e238Sjsing 		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
475e500e238Sjsing 		.tag = 1,
476e500e238Sjsing 		.offset = offsetof(DIST_POINT, reasons),
477e500e238Sjsing 		.field_name = "reasons",
478e500e238Sjsing 		.item = &ASN1_BIT_STRING_it,
479e500e238Sjsing 	},
480e500e238Sjsing 	{
481e500e238Sjsing 		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
482e500e238Sjsing 		.tag = 2,
483e500e238Sjsing 		.offset = offsetof(DIST_POINT, CRLissuer),
484e500e238Sjsing 		.field_name = "CRLissuer",
485e500e238Sjsing 		.item = &GENERAL_NAME_it,
486e500e238Sjsing 	},
487e500e238Sjsing };
488e500e238Sjsing 
489e500e238Sjsing const ASN1_ITEM DIST_POINT_it = {
490e500e238Sjsing 	.itype = ASN1_ITYPE_SEQUENCE,
491e500e238Sjsing 	.utype = V_ASN1_SEQUENCE,
492e500e238Sjsing 	.templates = DIST_POINT_seq_tt,
493e500e238Sjsing 	.tcount = sizeof(DIST_POINT_seq_tt) / sizeof(ASN1_TEMPLATE),
494e500e238Sjsing 	.funcs = NULL,
495e500e238Sjsing 	.size = sizeof(DIST_POINT),
496e500e238Sjsing 	.sname = "DIST_POINT",
497e500e238Sjsing };
498c0ebdaf2Sbeck LCRYPTO_ALIAS(DIST_POINT_it);
499e500e238Sjsing 
500e500e238Sjsing 
501e500e238Sjsing DIST_POINT *
d2i_DIST_POINT(DIST_POINT ** a,const unsigned char ** in,long len)502e500e238Sjsing d2i_DIST_POINT(DIST_POINT **a, const unsigned char **in, long len)
503e500e238Sjsing {
504e500e238Sjsing 	return (DIST_POINT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
505e500e238Sjsing 	    &DIST_POINT_it);
506e500e238Sjsing }
507cedac418Stb LCRYPTO_ALIAS(d2i_DIST_POINT);
508e500e238Sjsing 
509e500e238Sjsing int
i2d_DIST_POINT(DIST_POINT * a,unsigned char ** out)510e500e238Sjsing i2d_DIST_POINT(DIST_POINT *a, unsigned char **out)
511e500e238Sjsing {
512e500e238Sjsing 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DIST_POINT_it);
513e500e238Sjsing }
514cedac418Stb LCRYPTO_ALIAS(i2d_DIST_POINT);
515e500e238Sjsing 
516e500e238Sjsing DIST_POINT *
DIST_POINT_new(void)517e500e238Sjsing DIST_POINT_new(void)
518e500e238Sjsing {
519e500e238Sjsing 	return (DIST_POINT *)ASN1_item_new(&DIST_POINT_it);
520e500e238Sjsing }
521cedac418Stb LCRYPTO_ALIAS(DIST_POINT_new);
522e500e238Sjsing 
523e500e238Sjsing void
DIST_POINT_free(DIST_POINT * a)524e500e238Sjsing DIST_POINT_free(DIST_POINT *a)
525e500e238Sjsing {
526e500e238Sjsing 	ASN1_item_free((ASN1_VALUE *)a, &DIST_POINT_it);
527e500e238Sjsing }
528cedac418Stb LCRYPTO_ALIAS(DIST_POINT_free);
529e500e238Sjsing 
530e500e238Sjsing static const ASN1_TEMPLATE CRL_DIST_POINTS_item_tt = {
531e500e238Sjsing 	.flags = ASN1_TFLG_SEQUENCE_OF,
532e500e238Sjsing 	.tag = 0,
533e500e238Sjsing 	.offset = 0,
534e500e238Sjsing 	.field_name = "CRLDistributionPoints",
535e500e238Sjsing 	.item = &DIST_POINT_it,
536e500e238Sjsing };
537e500e238Sjsing 
538e500e238Sjsing const ASN1_ITEM CRL_DIST_POINTS_it = {
539e500e238Sjsing 	.itype = ASN1_ITYPE_PRIMITIVE,
540e500e238Sjsing 	.utype = -1,
541e500e238Sjsing 	.templates = &CRL_DIST_POINTS_item_tt,
542e500e238Sjsing 	.tcount = 0,
543e500e238Sjsing 	.funcs = NULL,
544e500e238Sjsing 	.size = 0,
545e500e238Sjsing 	.sname = "CRL_DIST_POINTS",
546e500e238Sjsing };
547c0ebdaf2Sbeck LCRYPTO_ALIAS(CRL_DIST_POINTS_it);
548e500e238Sjsing 
549e500e238Sjsing 
550e500e238Sjsing CRL_DIST_POINTS *
d2i_CRL_DIST_POINTS(CRL_DIST_POINTS ** a,const unsigned char ** in,long len)551e500e238Sjsing d2i_CRL_DIST_POINTS(CRL_DIST_POINTS **a, const unsigned char **in, long len)
552e500e238Sjsing {
553e500e238Sjsing 	return (CRL_DIST_POINTS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
554e500e238Sjsing 	    &CRL_DIST_POINTS_it);
555e500e238Sjsing }
556cedac418Stb LCRYPTO_ALIAS(d2i_CRL_DIST_POINTS);
557e500e238Sjsing 
558e500e238Sjsing int
i2d_CRL_DIST_POINTS(CRL_DIST_POINTS * a,unsigned char ** out)559e500e238Sjsing i2d_CRL_DIST_POINTS(CRL_DIST_POINTS *a, unsigned char **out)
560e500e238Sjsing {
561e500e238Sjsing 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &CRL_DIST_POINTS_it);
562e500e238Sjsing }
563cedac418Stb LCRYPTO_ALIAS(i2d_CRL_DIST_POINTS);
564e500e238Sjsing 
565e500e238Sjsing CRL_DIST_POINTS *
CRL_DIST_POINTS_new(void)566e500e238Sjsing CRL_DIST_POINTS_new(void)
567e500e238Sjsing {
568e500e238Sjsing 	return (CRL_DIST_POINTS *)ASN1_item_new(&CRL_DIST_POINTS_it);
569e500e238Sjsing }
570cedac418Stb LCRYPTO_ALIAS(CRL_DIST_POINTS_new);
571e500e238Sjsing 
572e500e238Sjsing void
CRL_DIST_POINTS_free(CRL_DIST_POINTS * a)573e500e238Sjsing CRL_DIST_POINTS_free(CRL_DIST_POINTS *a)
574e500e238Sjsing {
575e500e238Sjsing 	ASN1_item_free((ASN1_VALUE *)a, &CRL_DIST_POINTS_it);
576e500e238Sjsing }
577cedac418Stb LCRYPTO_ALIAS(CRL_DIST_POINTS_free);
578e500e238Sjsing 
579e500e238Sjsing static const ASN1_TEMPLATE ISSUING_DIST_POINT_seq_tt[] = {
580e500e238Sjsing 	{
581e500e238Sjsing 		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
582e500e238Sjsing 		.tag = 0,
583e500e238Sjsing 		.offset = offsetof(ISSUING_DIST_POINT, distpoint),
584e500e238Sjsing 		.field_name = "distpoint",
585e500e238Sjsing 		.item = &DIST_POINT_NAME_it,
586e500e238Sjsing 	},
587e500e238Sjsing 	{
588e500e238Sjsing 		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
589e500e238Sjsing 		.tag = 1,
590e500e238Sjsing 		.offset = offsetof(ISSUING_DIST_POINT, onlyuser),
591e500e238Sjsing 		.field_name = "onlyuser",
592e500e238Sjsing 		.item = &ASN1_FBOOLEAN_it,
593e500e238Sjsing 	},
594e500e238Sjsing 	{
595e500e238Sjsing 		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
596e500e238Sjsing 		.tag = 2,
597e500e238Sjsing 		.offset = offsetof(ISSUING_DIST_POINT, onlyCA),
598e500e238Sjsing 		.field_name = "onlyCA",
599e500e238Sjsing 		.item = &ASN1_FBOOLEAN_it,
600e500e238Sjsing 	},
601e500e238Sjsing 	{
602e500e238Sjsing 		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
603e500e238Sjsing 		.tag = 3,
604e500e238Sjsing 		.offset = offsetof(ISSUING_DIST_POINT, onlysomereasons),
605e500e238Sjsing 		.field_name = "onlysomereasons",
606e500e238Sjsing 		.item = &ASN1_BIT_STRING_it,
607e500e238Sjsing 	},
608e500e238Sjsing 	{
609e500e238Sjsing 		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
610e500e238Sjsing 		.tag = 4,
611e500e238Sjsing 		.offset = offsetof(ISSUING_DIST_POINT, indirectCRL),
612e500e238Sjsing 		.field_name = "indirectCRL",
613e500e238Sjsing 		.item = &ASN1_FBOOLEAN_it,
614e500e238Sjsing 	},
615e500e238Sjsing 	{
616e500e238Sjsing 		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
617e500e238Sjsing 		.tag = 5,
618e500e238Sjsing 		.offset = offsetof(ISSUING_DIST_POINT, onlyattr),
619e500e238Sjsing 		.field_name = "onlyattr",
620e500e238Sjsing 		.item = &ASN1_FBOOLEAN_it,
621e500e238Sjsing 	},
622e500e238Sjsing };
623e500e238Sjsing 
624e500e238Sjsing const ASN1_ITEM ISSUING_DIST_POINT_it = {
625e500e238Sjsing 	.itype = ASN1_ITYPE_SEQUENCE,
626e500e238Sjsing 	.utype = V_ASN1_SEQUENCE,
627e500e238Sjsing 	.templates = ISSUING_DIST_POINT_seq_tt,
628e500e238Sjsing 	.tcount = sizeof(ISSUING_DIST_POINT_seq_tt) / sizeof(ASN1_TEMPLATE),
629e500e238Sjsing 	.funcs = NULL,
630e500e238Sjsing 	.size = sizeof(ISSUING_DIST_POINT),
631e500e238Sjsing 	.sname = "ISSUING_DIST_POINT",
632e500e238Sjsing };
633c0ebdaf2Sbeck LCRYPTO_ALIAS(ISSUING_DIST_POINT_it);
634e500e238Sjsing 
635e500e238Sjsing 
636e500e238Sjsing ISSUING_DIST_POINT *
d2i_ISSUING_DIST_POINT(ISSUING_DIST_POINT ** a,const unsigned char ** in,long len)637e500e238Sjsing d2i_ISSUING_DIST_POINT(ISSUING_DIST_POINT **a, const unsigned char **in, long len)
638e500e238Sjsing {
639e500e238Sjsing 	return (ISSUING_DIST_POINT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
640e500e238Sjsing 	    &ISSUING_DIST_POINT_it);
641e500e238Sjsing }
642cedac418Stb LCRYPTO_ALIAS(d2i_ISSUING_DIST_POINT);
643e500e238Sjsing 
644e500e238Sjsing int
i2d_ISSUING_DIST_POINT(ISSUING_DIST_POINT * a,unsigned char ** out)645e500e238Sjsing i2d_ISSUING_DIST_POINT(ISSUING_DIST_POINT *a, unsigned char **out)
646e500e238Sjsing {
647e500e238Sjsing 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ISSUING_DIST_POINT_it);
648e500e238Sjsing }
649cedac418Stb LCRYPTO_ALIAS(i2d_ISSUING_DIST_POINT);
650e500e238Sjsing 
651e500e238Sjsing ISSUING_DIST_POINT *
ISSUING_DIST_POINT_new(void)652e500e238Sjsing ISSUING_DIST_POINT_new(void)
653e500e238Sjsing {
654e500e238Sjsing 	return (ISSUING_DIST_POINT *)ASN1_item_new(&ISSUING_DIST_POINT_it);
655e500e238Sjsing }
656cedac418Stb LCRYPTO_ALIAS(ISSUING_DIST_POINT_new);
657e500e238Sjsing 
658e500e238Sjsing void
ISSUING_DIST_POINT_free(ISSUING_DIST_POINT * a)659e500e238Sjsing ISSUING_DIST_POINT_free(ISSUING_DIST_POINT *a)
660e500e238Sjsing {
661e500e238Sjsing 	ASN1_item_free((ASN1_VALUE *)a, &ISSUING_DIST_POINT_it);
662e500e238Sjsing }
663cedac418Stb LCRYPTO_ALIAS(ISSUING_DIST_POINT_free);
664e500e238Sjsing 
665e500e238Sjsing static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
666e500e238Sjsing     int indent);
667e500e238Sjsing static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
668e500e238Sjsing     STACK_OF(CONF_VALUE) *nval);
669e500e238Sjsing 
670*8b5faa71Stb static const X509V3_EXT_METHOD x509v3_ext_issuing_distribution_point = {
671*8b5faa71Stb 	.ext_nid = NID_issuing_distribution_point,
672*8b5faa71Stb 	.ext_flags = X509V3_EXT_MULTILINE,
673*8b5faa71Stb 	.it = &ISSUING_DIST_POINT_it,
674*8b5faa71Stb 	.ext_new = NULL,
675*8b5faa71Stb 	.ext_free = NULL,
676*8b5faa71Stb 	.d2i = NULL,
677*8b5faa71Stb 	.i2d = NULL,
678*8b5faa71Stb 	.i2s = NULL,
679*8b5faa71Stb 	.s2i = NULL,
680*8b5faa71Stb 	.i2v = NULL,
681*8b5faa71Stb 	.v2i = v2i_idp,
682*8b5faa71Stb 	.i2r = i2r_idp,
683*8b5faa71Stb 	.r2i = NULL,
684*8b5faa71Stb 	.usr_data = NULL,
685e500e238Sjsing };
686e500e238Sjsing 
687*8b5faa71Stb const X509V3_EXT_METHOD *
x509v3_ext_method_issuing_distribution_point(void)688*8b5faa71Stb x509v3_ext_method_issuing_distribution_point(void)
689*8b5faa71Stb {
690*8b5faa71Stb 	return &x509v3_ext_issuing_distribution_point;
691*8b5faa71Stb }
692*8b5faa71Stb 
693e500e238Sjsing static void *
v2i_idp(const X509V3_EXT_METHOD * method,X509V3_CTX * ctx,STACK_OF (CONF_VALUE)* nval)694e500e238Sjsing v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
695e500e238Sjsing     STACK_OF(CONF_VALUE) *nval)
696e500e238Sjsing {
697e500e238Sjsing 	ISSUING_DIST_POINT *idp = NULL;
698e500e238Sjsing 	CONF_VALUE *cnf;
699e500e238Sjsing 	char *name, *val;
700e500e238Sjsing 	int i, ret;
701e500e238Sjsing 
702e500e238Sjsing 	idp = ISSUING_DIST_POINT_new();
703e500e238Sjsing 	if (!idp)
704e500e238Sjsing 		goto merr;
705e500e238Sjsing 	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
706e500e238Sjsing 		cnf = sk_CONF_VALUE_value(nval, i);
707e500e238Sjsing 		name = cnf->name;
708e500e238Sjsing 		val = cnf->value;
709e500e238Sjsing 		ret = set_dist_point_name(&idp->distpoint, ctx, cnf);
710e500e238Sjsing 		if (ret > 0)
711e500e238Sjsing 			continue;
712e500e238Sjsing 		if (ret < 0)
713e500e238Sjsing 			goto err;
714e500e238Sjsing 		if (!strcmp(name, "onlyuser")) {
715e500e238Sjsing 			if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
716e500e238Sjsing 				goto err;
717e500e238Sjsing 		}
718e500e238Sjsing 		else if (!strcmp(name, "onlyCA")) {
719e500e238Sjsing 			if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
720e500e238Sjsing 				goto err;
721e500e238Sjsing 		}
722e500e238Sjsing 		else if (!strcmp(name, "onlyAA")) {
723e500e238Sjsing 			if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
724e500e238Sjsing 				goto err;
725e500e238Sjsing 		}
726e500e238Sjsing 		else if (!strcmp(name, "indirectCRL")) {
727e500e238Sjsing 			if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
728e500e238Sjsing 				goto err;
729e500e238Sjsing 		}
730e500e238Sjsing 		else if (!strcmp(name, "onlysomereasons")) {
731e500e238Sjsing 			if (!set_reasons(&idp->onlysomereasons, val))
732e500e238Sjsing 				goto err;
733e500e238Sjsing 		} else {
734e500e238Sjsing 			X509V3error(X509V3_R_INVALID_NAME);
735e500e238Sjsing 			X509V3_conf_err(cnf);
736e500e238Sjsing 			goto err;
737e500e238Sjsing 		}
738e500e238Sjsing 	}
739e500e238Sjsing 	return idp;
740e500e238Sjsing 
741e500e238Sjsing merr:
742e500e238Sjsing 	X509V3error(ERR_R_MALLOC_FAILURE);
743e500e238Sjsing err:
744e500e238Sjsing 	ISSUING_DIST_POINT_free(idp);
745e500e238Sjsing 	return NULL;
746e500e238Sjsing }
747e500e238Sjsing 
748e500e238Sjsing static int
print_gens(BIO * out,STACK_OF (GENERAL_NAME)* gens,int indent)749e500e238Sjsing print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
750e500e238Sjsing {
751e500e238Sjsing 	int i;
752e500e238Sjsing 
753e500e238Sjsing 	for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
754e500e238Sjsing 		BIO_printf(out, "%*s", indent + 2, "");
755e500e238Sjsing 		GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
756e500e238Sjsing 		BIO_puts(out, "\n");
757e500e238Sjsing 	}
758e500e238Sjsing 	return 1;
759e500e238Sjsing }
760e500e238Sjsing 
761e500e238Sjsing static int
print_distpoint(BIO * out,DIST_POINT_NAME * dpn,int indent)762e500e238Sjsing print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
763e500e238Sjsing {
764e500e238Sjsing 	if (dpn->type == 0) {
765e500e238Sjsing 		BIO_printf(out, "%*sFull Name:\n", indent, "");
766e500e238Sjsing 		print_gens(out, dpn->name.fullname, indent);
767e500e238Sjsing 	} else {
768e500e238Sjsing 		X509_NAME ntmp;
769e500e238Sjsing 		ntmp.entries = dpn->name.relativename;
770e500e238Sjsing 		BIO_printf(out, "%*sRelative Name:\n%*s",
771e500e238Sjsing 		    indent, "", indent + 2, "");
772e500e238Sjsing 		X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
773e500e238Sjsing 		BIO_puts(out, "\n");
774e500e238Sjsing 	}
775e500e238Sjsing 	return 1;
776e500e238Sjsing }
777e500e238Sjsing 
778e500e238Sjsing static int
i2r_idp(const X509V3_EXT_METHOD * method,void * pidp,BIO * out,int indent)779e500e238Sjsing i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
780e500e238Sjsing {
781e500e238Sjsing 	ISSUING_DIST_POINT *idp = pidp;
782e500e238Sjsing 
783e500e238Sjsing 	if (idp->distpoint)
784e500e238Sjsing 		print_distpoint(out, idp->distpoint, indent);
785e500e238Sjsing 	if (idp->onlyuser > 0)
786e500e238Sjsing 		BIO_printf(out, "%*sOnly User Certificates\n", indent, "");
787e500e238Sjsing 	if (idp->onlyCA > 0)
788e500e238Sjsing 		BIO_printf(out, "%*sOnly CA Certificates\n", indent, "");
789e500e238Sjsing 	if (idp->indirectCRL > 0)
790e500e238Sjsing 		BIO_printf(out, "%*sIndirect CRL\n", indent, "");
791e500e238Sjsing 	if (idp->onlysomereasons)
792e500e238Sjsing 		print_reasons(out, "Only Some Reasons",
793e500e238Sjsing 	    idp->onlysomereasons, indent);
794e500e238Sjsing 	if (idp->onlyattr > 0)
795e500e238Sjsing 		BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
796e500e238Sjsing 	if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) &&
797e500e238Sjsing 	    (idp->indirectCRL <= 0) && !idp->onlysomereasons &&
798e500e238Sjsing 	    (idp->onlyattr <= 0))
799e500e238Sjsing 		BIO_printf(out, "%*s<EMPTY>\n", indent, "");
800e500e238Sjsing 
801e500e238Sjsing 	return 1;
802e500e238Sjsing }
803e500e238Sjsing 
804e500e238Sjsing static int
i2r_crldp(const X509V3_EXT_METHOD * method,void * pcrldp,BIO * out,int indent)805e500e238Sjsing i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, int indent)
806e500e238Sjsing {
807e500e238Sjsing 	STACK_OF(DIST_POINT) *crld = pcrldp;
808e500e238Sjsing 	DIST_POINT *point;
809e500e238Sjsing 	int i;
810e500e238Sjsing 
811e500e238Sjsing 	for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
812e500e238Sjsing 		BIO_puts(out, "\n");
813e500e238Sjsing 		point = sk_DIST_POINT_value(crld, i);
814e500e238Sjsing 		if (point->distpoint)
815e500e238Sjsing 			print_distpoint(out, point->distpoint, indent);
816e500e238Sjsing 		if (point->reasons)
817e500e238Sjsing 			print_reasons(out, "Reasons", point->reasons,
818e500e238Sjsing 		    indent);
819e500e238Sjsing 		if (point->CRLissuer) {
820e500e238Sjsing 			BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
821e500e238Sjsing 			print_gens(out, point->CRLissuer, indent);
822e500e238Sjsing 		}
823e500e238Sjsing 	}
824e500e238Sjsing 	return 1;
825e500e238Sjsing }
826e500e238Sjsing 
827e500e238Sjsing int
DIST_POINT_set_dpname(DIST_POINT_NAME * dpn,X509_NAME * iname)828e500e238Sjsing DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname)
829e500e238Sjsing {
830e500e238Sjsing 	int i;
831e500e238Sjsing 	STACK_OF(X509_NAME_ENTRY) *frag;
832e500e238Sjsing 	X509_NAME_ENTRY *ne;
833e500e238Sjsing 
834e500e238Sjsing 	if (!dpn || (dpn->type != 1))
835e500e238Sjsing 		return 1;
836e500e238Sjsing 	frag = dpn->name.relativename;
837e500e238Sjsing 	dpn->dpname = X509_NAME_dup(iname);
838e500e238Sjsing 	if (!dpn->dpname)
839e500e238Sjsing 		return 0;
840e500e238Sjsing 	for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) {
841e500e238Sjsing 		ne = sk_X509_NAME_ENTRY_value(frag, i);
842e500e238Sjsing 		if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) {
843e500e238Sjsing 			X509_NAME_free(dpn->dpname);
844e500e238Sjsing 			dpn->dpname = NULL;
845e500e238Sjsing 			return 0;
846e500e238Sjsing 		}
847e500e238Sjsing 	}
848e500e238Sjsing 	/* generate cached encoding of name */
849e500e238Sjsing 	if (i2d_X509_NAME(dpn->dpname, NULL) < 0) {
850e500e238Sjsing 		X509_NAME_free(dpn->dpname);
851e500e238Sjsing 		dpn->dpname = NULL;
852e500e238Sjsing 		return 0;
853e500e238Sjsing 	}
854e500e238Sjsing 	return 1;
855e500e238Sjsing }
856cedac418Stb LCRYPTO_ALIAS(DIST_POINT_set_dpname);
857