Symaptic: os/ossrv/ssl/libcrypto/src/crypto/x509v3/v3

sl@0	1	/* v3_pci.c -- mode:C; c-file-style: "eay" -- */
sl@0	2	/* Contributed to the OpenSSL Project 2004
sl@0	3	* by Richard Levitte (richard@levitte.org)
sl@0	4	*/
sl@0	5	/* Copyright (c) 2004 Kungliga Tekniska Högskolan
sl@0	6	* (Royal Institute of Technology, Stockholm, Sweden).
sl@0	7	* All rights reserved.
sl@0	8	*
sl@0	9	* Redistribution and use in source and binary forms, with or without
sl@0	10	* modification, are permitted provided that the following conditions
sl@0	11	* are met:
sl@0	12	*
sl@0	13	* 1. Redistributions of source code must retain the above copyright
sl@0	14	* notice, this list of conditions and the following disclaimer.
sl@0	15	*
sl@0	16	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	17	* notice, this list of conditions and the following disclaimer in the
sl@0	18	* documentation and/or other materials provided with the distribution.
sl@0	19	*
sl@0	20	* 3. Neither the name of the Institute nor the names of its contributors
sl@0	21	* may be used to endorse or promote products derived from this software
sl@0	22	* without specific prior written permission.
sl@0	23	*
sl@0	24	* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
sl@0	25	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	26	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
sl@0	27	* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
sl@0	28	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
sl@0	29	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
sl@0	30	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	31	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
sl@0	32	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
sl@0	33	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
sl@0	34	* SUCH DAMAGE.
sl@0	35	*/
sl@0	36	/*
sl@0	37	© Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
sl@0	38	*/
sl@0	39	#include <stdio.h>
sl@0	40	#include "cryptlib.h"
sl@0	41	#include <openssl/conf.h>
sl@0	42	#include <openssl/x509v3.h>
sl@0	43	#if (defined(SYMBIAN) && (defined(__WINSCW__) \|\| defined(__WINS__)))
sl@0	44	#include "libcrypto_wsd_macros.h"
sl@0	45	#include "libcrypto_wsd.h"
sl@0	46	#endif
sl@0	47
sl@0	48
sl@0	49	static int i2r_pci(X509V3_EXT_METHOD method, PROXY_CERT_INFO_EXTENSION ext,
sl@0	50	BIO *out, int indent);
sl@0	51	static PROXY_CERT_INFO_EXTENSION r2i_pci(X509V3_EXT_METHOD method,
sl@0	52	X509V3_CTX ctx, char str);
sl@0	53	#ifndef EMULATOR
sl@0	54	X509V3_EXT_METHOD v3_pci =
sl@0	55	{ NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
sl@0	56	0,0,0,0,
sl@0	57	0,0,
sl@0	58	NULL, NULL,
sl@0	59	(X509V3_EXT_I2R)i2r_pci,
sl@0	60	(X509V3_EXT_R2I)r2i_pci,
sl@0	61	NULL,
sl@0	62	};
sl@0	63	#else
sl@0	64	const X509V3_EXT_METHOD v3_pci =
sl@0	65	{ NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
sl@0	66	0,0,0,0,
sl@0	67	0,0,
sl@0	68	NULL, NULL,
sl@0	69	(X509V3_EXT_I2R)i2r_pci,
sl@0	70	(X509V3_EXT_R2I)r2i_pci,
sl@0	71	NULL,
sl@0	72	};
sl@0	73	#endif
sl@0	74	static int i2r_pci(X509V3_EXT_METHOD method, PROXY_CERT_INFO_EXTENSION pci,
sl@0	75	BIO *out, int indent)
sl@0	76	{
sl@0	77	BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
sl@0	78	if (pci->pcPathLengthConstraint)
sl@0	79	i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
sl@0	80	else
sl@0	81	BIO_printf(out, "infinite");
sl@0	82	BIO_puts(out, "\n");
sl@0	83	BIO_printf(out, "%*sPolicy Language: ", indent, "");
sl@0	84	i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
sl@0	85	BIO_puts(out, "\n");
sl@0	86	if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
sl@0	87	BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
sl@0	88	pci->proxyPolicy->policy->data);
sl@0	89	return 1;
sl@0	90	}
sl@0	91
sl@0	92	static int process_pci_value(CONF_VALUE *val,
sl@0	93	ASN1_OBJECT language, ASN1_INTEGER pathlen,
sl@0	94	ASN1_OCTET_STRING **policy)
sl@0	95	{
sl@0	96	int free_policy = 0;
sl@0	97
sl@0	98	if (strcmp(val->name, "language") == 0)
sl@0	99	{
sl@0	100	if (*language)
sl@0	101	{
sl@0	102	X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
sl@0	103	X509V3_conf_err(val);
sl@0	104	return 0;
sl@0	105	}
sl@0	106	if (!(*language = OBJ_txt2obj(val->value, 0)))
sl@0	107	{
sl@0	108	X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
sl@0	109	X509V3_conf_err(val);
sl@0	110	return 0;
sl@0	111	}
sl@0	112	}
sl@0	113	else if (strcmp(val->name, "pathlen") == 0)
sl@0	114	{
sl@0	115	if (*pathlen)
sl@0	116	{
sl@0	117	X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
sl@0	118	X509V3_conf_err(val);
sl@0	119	return 0;
sl@0	120	}
sl@0	121	if (!X509V3_get_value_int(val, pathlen))
sl@0	122	{
sl@0	123	X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH);
sl@0	124	X509V3_conf_err(val);
sl@0	125	return 0;
sl@0	126	}
sl@0	127	}
sl@0	128	else if (strcmp(val->name, "policy") == 0)
sl@0	129	{
sl@0	130	unsigned char *tmp_data = NULL;
sl@0	131	long val_len;
sl@0	132	if (!*policy)
sl@0	133	{
sl@0	134	*policy = ASN1_OCTET_STRING_new();
sl@0	135	if (!*policy)
sl@0	136	{
sl@0	137	X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
sl@0	138	X509V3_conf_err(val);
sl@0	139	return 0;
sl@0	140	}
sl@0	141	free_policy = 1;
sl@0	142	}
sl@0	143	if (strncmp(val->value, "hex:", 4) == 0)
sl@0	144	{
sl@0	145	unsigned char *tmp_data2 =
sl@0	146	string_to_hex(val->value + 4, &val_len);
sl@0	147
sl@0	148	if (!tmp_data2) goto err;
sl@0	149
sl@0	150	tmp_data = OPENSSL_realloc((*policy)->data,
sl@0	151	(*policy)->length + val_len + 1);
sl@0	152	if (tmp_data)
sl@0	153	{
sl@0	154	(*policy)->data = tmp_data;
sl@0	155	memcpy(&(policy)->data[(policy)->length],
sl@0	156	tmp_data2, val_len);
sl@0	157	(*policy)->length += val_len;
sl@0	158	(policy)->data[(policy)->length] = '\0';
sl@0	159	}
sl@0	160	}
sl@0	161	else if (strncmp(val->value, "file:", 5) == 0)
sl@0	162	{
sl@0	163	#ifndef SYMBIAN
sl@0	164	unsigned char buf[2048];
sl@0	165	#else
sl@0	166	unsigned char buf[1024];
sl@0	167	#endif
sl@0	168	int n;
sl@0	169	BIO *b = BIO_new_file(val->value + 5, "r");
sl@0	170	if (!b)
sl@0	171	{
sl@0	172	X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
sl@0	173	X509V3_conf_err(val);
sl@0	174	goto err;
sl@0	175	}
sl@0	176	while((n = BIO_read(b, buf, sizeof(buf))) > 0
sl@0	177	\|\| (n == 0 && BIO_should_retry(b)))
sl@0	178	{
sl@0	179	if (!n) continue;
sl@0	180
sl@0	181	tmp_data = OPENSSL_realloc((*policy)->data,
sl@0	182	(*policy)->length + n + 1);
sl@0	183
sl@0	184	if (!tmp_data)
sl@0	185	break;
sl@0	186
sl@0	187	(*policy)->data = tmp_data;
sl@0	188	memcpy(&(policy)->data[(policy)->length],
sl@0	189	buf, n);
sl@0	190	(*policy)->length += n;
sl@0	191	(policy)->data[(policy)->length] = '\0';
sl@0	192	}
sl@0	193
sl@0	194	if (n < 0)
sl@0	195	{
sl@0	196	X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
sl@0	197	X509V3_conf_err(val);
sl@0	198	goto err;
sl@0	199	}
sl@0	200	}
sl@0	201	else if (strncmp(val->value, "text:", 5) == 0)
sl@0	202	{
sl@0	203	val_len = strlen(val->value + 5);
sl@0	204	tmp_data = OPENSSL_realloc((*policy)->data,
sl@0	205	(*policy)->length + val_len + 1);
sl@0	206	if (tmp_data)
sl@0	207	{
sl@0	208	(*policy)->data = tmp_data;
sl@0	209	memcpy(&(policy)->data[(policy)->length],
sl@0	210	val->value + 5, val_len);
sl@0	211	(*policy)->length += val_len;
sl@0	212	(policy)->data[(policy)->length] = '\0';
sl@0	213	}
sl@0	214	}
sl@0	215	else
sl@0	216	{
sl@0	217	X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
sl@0	218	X509V3_conf_err(val);
sl@0	219	goto err;
sl@0	220	}
sl@0	221	if (!tmp_data)
sl@0	222	{
sl@0	223	X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
sl@0	224	X509V3_conf_err(val);
sl@0	225	goto err;
sl@0	226	}
sl@0	227	}
sl@0	228	return 1;
sl@0	229	err:
sl@0	230	if (free_policy)
sl@0	231	{
sl@0	232	ASN1_OCTET_STRING_free(*policy);
sl@0	233	*policy = NULL;
sl@0	234	}
sl@0	235	return 0;
sl@0	236	}
sl@0	237
sl@0	238	static PROXY_CERT_INFO_EXTENSION r2i_pci(X509V3_EXT_METHOD method,
sl@0	239	X509V3_CTX ctx, char value)
sl@0	240	{
sl@0	241	PROXY_CERT_INFO_EXTENSION *pci = NULL;
sl@0	242	STACK_OF(CONF_VALUE) *vals;
sl@0	243	ASN1_OBJECT *language = NULL;
sl@0	244	ASN1_INTEGER *pathlen = NULL;
sl@0	245	ASN1_OCTET_STRING *policy = NULL;
sl@0	246	int i, j;
sl@0	247
sl@0	248	vals = X509V3_parse_list(value);
sl@0	249	for (i = 0; i < sk_CONF_VALUE_num(vals); i++)
sl@0	250	{
sl@0	251	CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
sl@0	252	if (!cnf->name \|\| (*cnf->name != '@' && !cnf->value))
sl@0	253	{
sl@0	254	X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);
sl@0	255	X509V3_conf_err(cnf);
sl@0	256	goto err;
sl@0	257	}
sl@0	258	if (*cnf->name == '@')
sl@0	259	{
sl@0	260	STACK_OF(CONF_VALUE) *sect;
sl@0	261	int success_p = 1;
sl@0	262
sl@0	263	sect = X509V3_get_section(ctx, cnf->name + 1);
sl@0	264	if (!sect)
sl@0	265	{
sl@0	266	X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);
sl@0	267	X509V3_conf_err(cnf);
sl@0	268	goto err;
sl@0	269	}
sl@0	270	for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++)
sl@0	271	{
sl@0	272	success_p =
sl@0	273	process_pci_value(sk_CONF_VALUE_value(sect, j),
sl@0	274	&language, &pathlen, &policy);
sl@0	275	}
sl@0	276	X509V3_section_free(ctx, sect);
sl@0	277	if (!success_p)
sl@0	278	goto err;
sl@0	279	}
sl@0	280	else
sl@0	281	{
sl@0	282	if (!process_pci_value(cnf,
sl@0	283	&language, &pathlen, &policy))
sl@0	284	{
sl@0	285	X509V3_conf_err(cnf);
sl@0	286	goto err;
sl@0	287	}
sl@0	288	}
sl@0	289	}
sl@0	290
sl@0	291	/* Language is mandatory */
sl@0	292	if (!language)
sl@0	293	{
sl@0	294	X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
sl@0	295	goto err;
sl@0	296	}
sl@0	297	i = OBJ_obj2nid(language);
sl@0	298	if ((i == NID_Independent \|\| i == NID_id_ppl_inheritAll) && policy)
sl@0	299	{
sl@0	300	X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
sl@0	301	goto err;
sl@0	302	}
sl@0	303
sl@0	304	pci = PROXY_CERT_INFO_EXTENSION_new();
sl@0	305	if (!pci)
sl@0	306	{
sl@0	307	X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
sl@0	308	goto err;
sl@0	309	}
sl@0	310
sl@0	311	pci->proxyPolicy->policyLanguage = language; language = NULL;
sl@0	312	pci->proxyPolicy->policy = policy; policy = NULL;
sl@0	313	pci->pcPathLengthConstraint = pathlen; pathlen = NULL;
sl@0	314	goto end;
sl@0	315	err:
sl@0	316	if (language) { ASN1_OBJECT_free(language); language = NULL; }
sl@0	317	if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
sl@0	318	if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
sl@0	319	if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
sl@0	320	end:
sl@0	321	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
sl@0	322	return pci;
sl@0	323	}

author	sl
	Tue, 10 Jun 2014 14:32:02 +0200
changeset 1	260cb5ec6c19
permissions	-rw-r--r--