Symaptic: os/ossrv/ssl/libcrypto/src/crypto/x509/x509

sl@0	1	/* x509_vpm.c */
sl@0	2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
sl@0	3	* project 2004.
sl@0	4	*/
sl@0	5	/* ====================================================================
sl@0	6	* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
sl@0	7	*
sl@0	8	* Redistribution and use in source and binary forms, with or without
sl@0	9	* modification, are permitted provided that the following conditions
sl@0	10	* are met:
sl@0	11	*
sl@0	12	* 1. Redistributions of source code must retain the above copyright
sl@0	13	* notice, this list of conditions and the following disclaimer.
sl@0	14	*
sl@0	15	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	16	* notice, this list of conditions and the following disclaimer in
sl@0	17	* the documentation and/or other materials provided with the
sl@0	18	* distribution.
sl@0	19	*
sl@0	20	* 3. All advertising materials mentioning features or use of this
sl@0	21	* software must display the following acknowledgment:
sl@0	22	* "This product includes software developed by the OpenSSL Project
sl@0	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
sl@0	24	*
sl@0	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
sl@0	26	* endorse or promote products derived from this software without
sl@0	27	* prior written permission. For written permission, please contact
sl@0	28	* licensing@OpenSSL.org.
sl@0	29	*
sl@0	30	* 5. Products derived from this software may not be called "OpenSSL"
sl@0	31	* nor may "OpenSSL" appear in their names without prior written
sl@0	32	* permission of the OpenSSL Project.
sl@0	33	*
sl@0	34	* 6. Redistributions of any form whatsoever must retain the following
sl@0	35	* acknowledgment:
sl@0	36	* "This product includes software developed by the OpenSSL Project
sl@0	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
sl@0	38	*
sl@0	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
sl@0	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
sl@0	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
sl@0	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
sl@0	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
sl@0	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
sl@0	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
sl@0	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
sl@0	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
sl@0	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
sl@0	51	* ====================================================================
sl@0	52	*
sl@0	53	* This product includes cryptographic software written by Eric Young
sl@0	54	* (eay@cryptsoft.com). This product includes software written by Tim
sl@0	55	* Hudson (tjh@cryptsoft.com).
sl@0	56	*
sl@0	57	*/
sl@0	58	/*
sl@0	59	© Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
sl@0	60	*/
sl@0	61
sl@0	62	#include <stdio.h>
sl@0	63
sl@0	64	#include "cryptlib.h"
sl@0	65	#include <openssl/crypto.h>
sl@0	66	#include <openssl/lhash.h>
sl@0	67	#include <openssl/buffer.h>
sl@0	68	#include <openssl/x509.h>
sl@0	69	#include <openssl/x509v3.h>
sl@0	70	#if (defined(SYMBIAN) && (defined(__WINSCW__) \|\| defined(__WINS__)))
sl@0	71	#include "libcrypto_wsd_macros.h"
sl@0	72	#include "libcrypto_wsd.h"
sl@0	73	#endif
sl@0	74
sl@0	75
sl@0	76	/* X509_VERIFY_PARAM functions */
sl@0	77
sl@0	78	static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
sl@0	79	{
sl@0	80	if (!param)
sl@0	81	return;
sl@0	82	param->name = NULL;
sl@0	83	param->purpose = 0;
sl@0	84	param->trust = 0;
sl@0	85	param->inh_flags = X509_VP_FLAG_DEFAULT;
sl@0	86	param->flags = 0;
sl@0	87	param->depth = -1;
sl@0	88	if (param->policies)
sl@0	89	{
sl@0	90	sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
sl@0	91	param->policies = NULL;
sl@0	92	}
sl@0	93	}
sl@0	94
sl@0	95	EXPORT_C X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
sl@0	96	{
sl@0	97	X509_VERIFY_PARAM *param;
sl@0	98	param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
sl@0	99	#ifdef SYMBIAN
sl@0	100	if(param==NULL)
sl@0	101	return param;
sl@0	102	#endif
sl@0	103	memset(param, 0, sizeof(X509_VERIFY_PARAM));
sl@0	104	x509_verify_param_zero(param);
sl@0	105	return param;
sl@0	106	}
sl@0	107
sl@0	108	EXPORT_C void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
sl@0	109	{
sl@0	110	x509_verify_param_zero(param);
sl@0	111	OPENSSL_free(param);
sl@0	112	}
sl@0	113
sl@0	114	/* This function determines how parameters are "inherited" from one structure
sl@0	115	* to another. There are several different ways this can happen.
sl@0	116	*
sl@0	117	* 1. If a child structure needs to have its values initialized from a parent
sl@0	118	* they are simply copied across. For example SSL_CTX copied to SSL.
sl@0	119	* 2. If the structure should take on values only if they are currently unset.
sl@0	120	* For example the values in an SSL structure will take appropriate value
sl@0	121	* for SSL servers or clients but only if the application has not set new
sl@0	122	* ones.
sl@0	123	*
sl@0	124	* The "inh_flags" field determines how this function behaves.
sl@0	125	*
sl@0	126	* Normally any values which are set in the default are not copied from the
sl@0	127	* destination and verify flags are ORed together.
sl@0	128	*
sl@0	129	* If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
sl@0	130	* to the destination. Effectively the values in "to" become default values
sl@0	131	* which will be used only if nothing new is set in "from".
sl@0	132	*
sl@0	133	* If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
sl@0	134	* they are set or not. Flags is still Ored though.
sl@0	135	*
sl@0	136	* If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
sl@0	137	* of ORed.
sl@0	138	*
sl@0	139	* If X509_VP_FLAG_LOCKED is set then no values are copied.
sl@0	140	*
sl@0	141	* If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
sl@0	142	* after the next call.
sl@0	143	*/
sl@0	144
sl@0	145	/* Macro to test if a field should be copied from src to dest */
sl@0	146
sl@0	147	#define test_x509_verify_param_copy(field, def) \
sl@0	148	(to_overwrite \|\| \
sl@0	149	((src->field != def) && (to_default \|\| (dest->field == def))))
sl@0	150
sl@0	151	/* Macro to test and copy a field if necessary */
sl@0	152
sl@0	153	#define x509_verify_param_copy(field, def) \
sl@0	154	if (test_x509_verify_param_copy(field, def)) \
sl@0	155	dest->field = src->field
sl@0	156
sl@0	157
sl@0	158	EXPORT_C int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
sl@0	159	const X509_VERIFY_PARAM *src)
sl@0	160	{
sl@0	161	unsigned long inh_flags;
sl@0	162	int to_default, to_overwrite;
sl@0	163	if (!src)
sl@0	164	return 1;
sl@0	165	inh_flags = dest->inh_flags \| src->inh_flags;
sl@0	166
sl@0	167	if (inh_flags & X509_VP_FLAG_ONCE)
sl@0	168	dest->inh_flags = 0;
sl@0	169
sl@0	170	if (inh_flags & X509_VP_FLAG_LOCKED)
sl@0	171	return 1;
sl@0	172
sl@0	173	if (inh_flags & X509_VP_FLAG_DEFAULT)
sl@0	174	to_default = 1;
sl@0	175	else
sl@0	176	to_default = 0;
sl@0	177
sl@0	178	if (inh_flags & X509_VP_FLAG_OVERWRITE)
sl@0	179	to_overwrite = 1;
sl@0	180	else
sl@0	181	to_overwrite = 0;
sl@0	182
sl@0	183	x509_verify_param_copy(purpose, 0);
sl@0	184	x509_verify_param_copy(trust, 0);
sl@0	185	x509_verify_param_copy(depth, -1);
sl@0	186	/* If overwrite or check time not set, copy across */
sl@0	187
sl@0	188	if (to_overwrite \|\| !(dest->flags & X509_V_FLAG_USE_CHECK_TIME))
sl@0	189	{
sl@0	190	dest->check_time = src->check_time;
sl@0	191	dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
sl@0	192	/* Don't need to copy flag: that is done below */
sl@0	193	}
sl@0	194
sl@0	195
sl@0	196	if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
sl@0	197	dest->flags = 0;
sl@0	198
sl@0	199	dest->flags \|= src->flags;
sl@0	200
sl@0	201	if (test_x509_verify_param_copy(policies, NULL))
sl@0	202	{
sl@0	203	if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
sl@0	204	return 0;
sl@0	205	}
sl@0	206
sl@0	207	return 1;
sl@0	208	}
sl@0	209
sl@0	210	EXPORT_C int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
sl@0	211	const X509_VERIFY_PARAM *from)
sl@0	212	{
sl@0	213	to->inh_flags \|= X509_VP_FLAG_DEFAULT;
sl@0	214	return X509_VERIFY_PARAM_inherit(to, from);
sl@0	215	}
sl@0	216
sl@0	217	EXPORT_C int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM param, const char name)
sl@0	218	{
sl@0	219	if (param->name)
sl@0	220	OPENSSL_free(param->name);
sl@0	221	param->name = BUF_strdup(name);
sl@0	222	if (param->name)
sl@0	223	return 1;
sl@0	224	return 0;
sl@0	225	}
sl@0	226
sl@0	227	EXPORT_C int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
sl@0	228	{
sl@0	229	param->flags \|= flags;
sl@0	230	if (flags & X509_V_FLAG_POLICY_MASK)
sl@0	231	param->flags \|= X509_V_FLAG_POLICY_CHECK;
sl@0	232	return 1;
sl@0	233	}
sl@0	234
sl@0	235	EXPORT_C int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags)
sl@0	236	{
sl@0	237	param->flags &= ~flags;
sl@0	238	return 1;
sl@0	239	}
sl@0	240
sl@0	241	EXPORT_C unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
sl@0	242	{
sl@0	243	return param->flags;
sl@0	244	}
sl@0	245
sl@0	246	EXPORT_C int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
sl@0	247	{
sl@0	248	return X509_PURPOSE_set(&param->purpose, purpose);
sl@0	249	}
sl@0	250
sl@0	251	EXPORT_C int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
sl@0	252	{
sl@0	253	return X509_TRUST_set(&param->trust, trust);
sl@0	254	}
sl@0	255
sl@0	256	EXPORT_C void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
sl@0	257	{
sl@0	258	param->depth = depth;
sl@0	259	}
sl@0	260
sl@0	261	EXPORT_C void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
sl@0	262	{
sl@0	263	param->check_time = t;
sl@0	264	param->flags \|= X509_V_FLAG_USE_CHECK_TIME;
sl@0	265	}
sl@0	266
sl@0	267	EXPORT_C int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM param, ASN1_OBJECT policy)
sl@0	268	{
sl@0	269	if (!param->policies)
sl@0	270	{
sl@0	271	param->policies = sk_ASN1_OBJECT_new_null();
sl@0	272	if (!param->policies)
sl@0	273	return 0;
sl@0	274	}
sl@0	275	if (!sk_ASN1_OBJECT_push(param->policies, policy))
sl@0	276	return 0;
sl@0	277	return 1;
sl@0	278	}
sl@0	279
sl@0	280	EXPORT_C int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
sl@0	281	STACK_OF(ASN1_OBJECT) *policies)
sl@0	282	{
sl@0	283	int i;
sl@0	284	ASN1_OBJECT oid, doid;
sl@0	285	if (!param)
sl@0	286	return 0;
sl@0	287	if (param->policies)
sl@0	288	sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
sl@0	289
sl@0	290	if (!policies)
sl@0	291	{
sl@0	292	param->policies = NULL;
sl@0	293	return 1;
sl@0	294	}
sl@0	295
sl@0	296	param->policies = sk_ASN1_OBJECT_new_null();
sl@0	297	if (!param->policies)
sl@0	298	return 0;
sl@0	299
sl@0	300	for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++)
sl@0	301	{
sl@0	302	oid = sk_ASN1_OBJECT_value(policies, i);
sl@0	303	doid = OBJ_dup(oid);
sl@0	304	if (!doid)
sl@0	305	return 0;
sl@0	306	if (!sk_ASN1_OBJECT_push(param->policies, doid))
sl@0	307	{
sl@0	308	ASN1_OBJECT_free(doid);
sl@0	309	return 0;
sl@0	310	}
sl@0	311	}
sl@0	312	param->flags \|= X509_V_FLAG_POLICY_CHECK;
sl@0	313	return 1;
sl@0	314	}
sl@0	315
sl@0	316	EXPORT_C int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
sl@0	317	{
sl@0	318	return param->depth;
sl@0	319	}
sl@0	320
sl@0	321	/* Default verify parameters: these are used for various
sl@0	322	* applications and can be overridden by the user specified table.
sl@0	323	* NB: the 'name' field must be in alphabetical order because it
sl@0	324	* will be searched using OBJ_search.
sl@0	325	*/
sl@0	326
sl@0	327	static const X509_VERIFY_PARAM default_table[] = {
sl@0	328	{
sl@0	329	"default", /* X509 default parameters */
sl@0	330	0, /* Check time */
sl@0	331	0, /* internal flags */
sl@0	332	0, /* flags */
sl@0	333	0, /* purpose */
sl@0	334	0, /* trust */
sl@0	335	9, /* depth */
sl@0	336	NULL /* policies */
sl@0	337	},
sl@0	338	{
sl@0	339	"pkcs7", /* SSL/TLS client parameters */
sl@0	340	0, /* Check time */
sl@0	341	0, /* internal flags */
sl@0	342	0, /* flags */
sl@0	343	X509_PURPOSE_SMIME_SIGN, /* purpose */
sl@0	344	X509_TRUST_EMAIL, /* trust */
sl@0	345	-1, /* depth */
sl@0	346	NULL /* policies */
sl@0	347	},
sl@0	348	{
sl@0	349	"ssl_client", /* SSL/TLS client parameters */
sl@0	350	0, /* Check time */
sl@0	351	0, /* internal flags */
sl@0	352	0, /* flags */
sl@0	353	X509_PURPOSE_SSL_CLIENT, /* purpose */
sl@0	354	X509_TRUST_SSL_CLIENT, /* trust */
sl@0	355	-1, /* depth */
sl@0	356	NULL /* policies */
sl@0	357	},
sl@0	358	{
sl@0	359	"ssl_server", /* SSL/TLS server parameters */
sl@0	360	0, /* Check time */
sl@0	361	0, /* internal flags */
sl@0	362	0, /* flags */
sl@0	363	X509_PURPOSE_SSL_SERVER, /* purpose */
sl@0	364	X509_TRUST_SSL_SERVER, /* trust */
sl@0	365	-1, /* depth */
sl@0	366	NULL /* policies */
sl@0	367	}};
sl@0	368
sl@0	369	#ifndef EMULATOR
sl@0	370	static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
sl@0	371	#else
sl@0	372	GET_STATIC_VAR_FROM_TLS(param_table,x509_vpm,STACK_OF(X509_VERIFY_PARAM) *)
sl@0	373	#define param_table (*GET_WSD_VAR_NAME(param_table,x509_vpm, s)())
sl@0	374	#endif
sl@0	375
sl@0	376	static int table_cmp(const void pa, const void pb)
sl@0	377	{
sl@0	378	const X509_VERIFY_PARAM a = pa, b = pb;
sl@0	379	return strcmp(a->name, b->name);
sl@0	380	}
sl@0	381
sl@0	382	static int param_cmp(const X509_VERIFY_PARAM * const *a,
sl@0	383	const X509_VERIFY_PARAM * const *b)
sl@0	384	{
sl@0	385	return strcmp((a)->name, (b)->name);
sl@0	386	}
sl@0	387
sl@0	388	EXPORT_C int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
sl@0	389	{
sl@0	390	int idx;
sl@0	391	X509_VERIFY_PARAM *ptmp;
sl@0	392	if (!param_table)
sl@0	393	{
sl@0	394	param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
sl@0	395	if (!param_table)
sl@0	396	return 0;
sl@0	397	}
sl@0	398	else
sl@0	399	{
sl@0	400	idx = sk_X509_VERIFY_PARAM_find(param_table, param);
sl@0	401	if (idx != -1)
sl@0	402	{
sl@0	403	ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
sl@0	404	X509_VERIFY_PARAM_free(ptmp);
sl@0	405	(void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
sl@0	406	}
sl@0	407	}
sl@0	408	if (!sk_X509_VERIFY_PARAM_push(param_table, param))
sl@0	409	return 0;
sl@0	410	return 1;
sl@0	411	}
sl@0	412
sl@0	413	EXPORT_C const X509_VERIFY_PARAM X509_VERIFY_PARAM_lookup(const char name)
sl@0	414	{
sl@0	415	int idx;
sl@0	416	X509_VERIFY_PARAM pm;
sl@0	417	pm.name = (char *)name;
sl@0	418	if (param_table)
sl@0	419	{
sl@0	420	idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
sl@0	421	if (idx != -1)
sl@0	422	return sk_X509_VERIFY_PARAM_value(param_table, idx);
sl@0	423	}
sl@0	424	return (const X509_VERIFY_PARAM ) OBJ_bsearch((char )&pm,
sl@0	425	(char *)&default_table,
sl@0	426	sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
sl@0	427	sizeof(X509_VERIFY_PARAM),
sl@0	428	table_cmp);
sl@0	429	}
sl@0	430
sl@0	431	EXPORT_C void X509_VERIFY_PARAM_table_cleanup(void)
sl@0	432	{
sl@0	433	if (param_table)
sl@0	434	sk_X509_VERIFY_PARAM_pop_free(param_table,
sl@0	435	X509_VERIFY_PARAM_free);
sl@0	436	param_table = NULL;
sl@0	437	}

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--