1d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* v3_akey.c */ 24969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin/* 34969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 44969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * 1999. 5d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 6d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ==================================================================== 7d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 8d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 9d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without 10d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions 11d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met: 12d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 13d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the above copyright 144969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * notice, this list of conditions and the following disclaimer. 15d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 16d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright 17d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer in 18d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the documentation and/or other materials provided with the 19d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * distribution. 20d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 21d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this 22d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * software must display the following acknowledgment: 23d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 24d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 26d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * endorse or promote products derived from this software without 28d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * prior written permission. For written permission, please contact 29d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * licensing@OpenSSL.org. 30d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 31d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 5. Products derived from this software may not be called "OpenSSL" 32d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * nor may "OpenSSL" appear in their names without prior written 33d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * permission of the OpenSSL Project. 34d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 35d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 6. Redistributions of any form whatsoever must retain the following 36d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * acknowledgment: 37d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 38d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 40d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OF THE POSSIBILITY OF SUCH DAMAGE. 52d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ==================================================================== 53d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 54d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This product includes cryptographic software written by Eric Young 55d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * (eay@cryptsoft.com). This product includes software written by Tim 56d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Hudson (tjh@cryptsoft.com). */ 57d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 58d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <stdio.h> 59d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <string.h> 60d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 61d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/asn1.h> 62d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/asn1t.h> 63d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/conf.h> 64d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/err.h> 65d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/mem.h> 66d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/obj.h> 67d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/x509v3.h> 68d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 69d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystatic STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, 704969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin AUTHORITY_KEYID *akeyid, 714969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin STACK_OF(CONF_VALUE) 724969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin *extlist); 73d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystatic AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, 744969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509V3_CTX *ctx, 754969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin STACK_OF(CONF_VALUE) *values); 764969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 774969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjaminconst X509V3_EXT_METHOD v3_akey_id = { 784969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin NID_authority_key_identifier, 794969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), 804969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 0, 0, 0, 0, 814969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 0, 0, 824969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID, 834969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, 844969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 0, 0, 854969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin NULL 864969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin}; 87d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 88d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystatic STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, 894969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin AUTHORITY_KEYID *akeyid, 904969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin STACK_OF(CONF_VALUE) 914969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin *extlist) 92d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ 934969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin char *tmp; 944969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (akeyid->keyid) { 954969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); 964969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509V3_add_value("keyid", tmp, &extlist); 974969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin OPENSSL_free(tmp); 984969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 994969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (akeyid->issuer) 1004969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); 1014969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (akeyid->serial) { 1024969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length); 1034969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509V3_add_value("serial", tmp, &extlist); 1044969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin OPENSSL_free(tmp); 1054969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1064969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return extlist; 107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 108d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1094969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin/* 1104969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * Currently two options: keyid: use the issuers subject keyid, the value 1114969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * 'always' means its is an error if the issuer certificate doesn't have a 1124969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * key id. issuer: use the issuers cert issuer and serial number. The default 1134969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * is to only use this if keyid is not present. With the option 'always' this 1144969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * is always included. 115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 116d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 117d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystatic AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, 1184969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509V3_CTX *ctx, 1194969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin STACK_OF(CONF_VALUE) *values) 1204969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin{ 1214969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin char keyid = 0, issuer = 0; 1224969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin size_t i; 1234969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin int j; 1244969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin CONF_VALUE *cnf; 1254969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_OCTET_STRING *ikeyid = NULL; 1264969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509_NAME *isname = NULL; 1274969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin GENERAL_NAMES *gens = NULL; 1284969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin GENERAL_NAME *gen = NULL; 1294969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_INTEGER *serial = NULL; 1304969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509_EXTENSION *ext; 1314969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509 *cert; 1324969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin AUTHORITY_KEYID *akeyid; 1334969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 1344969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin for (i = 0; i < sk_CONF_VALUE_num(values); i++) { 1354969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin cnf = sk_CONF_VALUE_value(values, i); 1364969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!strcmp(cnf->name, "keyid")) { 1374969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin keyid = 1; 1384969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (cnf->value && !strcmp(cnf->value, "always")) 1394969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin keyid = 2; 1404969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } else if (!strcmp(cnf->name, "issuer")) { 1414969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin issuer = 1; 1424969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (cnf->value && !strcmp(cnf->value, "always")) 1434969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin issuer = 2; 1444969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } else { 1454969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_OPTION); 1464969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ERR_add_error_data(2, "name=", cnf->name); 1474969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return NULL; 1484969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1494969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1504969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 1514969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!ctx || !ctx->issuer_cert) { 1524969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (ctx && (ctx->flags == CTX_TEST)) 1534969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return AUTHORITY_KEYID_new(); 1544969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_ISSUER_CERTIFICATE); 1554969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return NULL; 1564969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1574969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 1584969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin cert = ctx->issuer_cert; 1594969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 1604969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (keyid) { 1614969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin j = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); 1624969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if ((j >= 0) && (ext = X509_get_ext(cert, j))) 1634969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ikeyid = X509V3_EXT_d2i(ext); 1644969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (keyid == 2 && !ikeyid) { 1654969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); 1664969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return NULL; 1674969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1684969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1694969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 1704969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if ((issuer && !ikeyid) || (issuer == 2)) { 1714969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin isname = X509_NAME_dup(X509_get_issuer_name(cert)); 1724969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); 1734969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!isname || !serial) { 1744969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); 1754969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin goto err; 1764969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1774969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1784969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 1794969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!(akeyid = AUTHORITY_KEYID_new())) 1804969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin goto err; 1814969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 1824969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (isname) { 1834969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!(gens = sk_GENERAL_NAME_new_null()) 1844969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin || !(gen = GENERAL_NAME_new()) 1854969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin || !sk_GENERAL_NAME_push(gens, gen)) { 1864969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); 1874969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin goto err; 1884969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1894969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin gen->type = GEN_DIRNAME; 1904969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin gen->d.dirn = isname; 1914969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1924969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 1934969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin akeyid->issuer = gens; 1944969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin akeyid->serial = serial; 1954969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin akeyid->keyid = ikeyid; 1964969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 1974969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return akeyid; 198d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 199d9e397b599b13d642138480a28c14db7a136bf0Adam Langley err: 2004969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509_NAME_free(isname); 2014969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin M_ASN1_INTEGER_free(serial); 2024969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin M_ASN1_OCTET_STRING_free(ikeyid); 2034969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return NULL; 2044969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin} 205