Symaptic: os/ossrv/ssl/libcrypto/src/crypto/x509v3/v3

sl@0	1	/* v3_akey.c */
sl@0	2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
sl@0	3	* project 1999.
sl@0	4	*/
sl@0	5	/* ====================================================================
sl@0	6	* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
sl@0	7	*
sl@0	8	* Redistribution and use in source and binary forms, with or without
sl@0	9	* modification, are permitted provided that the following conditions
sl@0	10	* are met:
sl@0	11	*
sl@0	12	* 1. Redistributions of source code must retain the above copyright
sl@0	13	* notice, this list of conditions and the following disclaimer.
sl@0	14	*
sl@0	15	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	16	* notice, this list of conditions and the following disclaimer in
sl@0	17	* the documentation and/or other materials provided with the
sl@0	18	* distribution.
sl@0	19	*
sl@0	20	* 3. All advertising materials mentioning features or use of this
sl@0	21	* software must display the following acknowledgment:
sl@0	22	* "This product includes software developed by the OpenSSL Project
sl@0	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
sl@0	24	*
sl@0	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
sl@0	26	* endorse or promote products derived from this software without
sl@0	27	* prior written permission. For written permission, please contact
sl@0	28	* licensing@OpenSSL.org.
sl@0	29	*
sl@0	30	* 5. Products derived from this software may not be called "OpenSSL"
sl@0	31	* nor may "OpenSSL" appear in their names without prior written
sl@0	32	* permission of the OpenSSL Project.
sl@0	33	*
sl@0	34	* 6. Redistributions of any form whatsoever must retain the following
sl@0	35	* acknowledgment:
sl@0	36	* "This product includes software developed by the OpenSSL Project
sl@0	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
sl@0	38	*
sl@0	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
sl@0	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
sl@0	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
sl@0	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
sl@0	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
sl@0	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
sl@0	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
sl@0	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
sl@0	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
sl@0	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
sl@0	51	* ====================================================================
sl@0	52	*
sl@0	53	* This product includes cryptographic software written by Eric Young
sl@0	54	* (eay@cryptsoft.com). This product includes software written by Tim
sl@0	55	* Hudson (tjh@cryptsoft.com).
sl@0	56	*
sl@0	57	*/
sl@0	58
sl@0	59	/*
sl@0	60	© Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
sl@0	61	*/
sl@0	62
sl@0	63
sl@0	64	#include <stdio.h>
sl@0	65	#include "cryptlib.h"
sl@0	66	#include <openssl/conf.h>
sl@0	67	#include <openssl/asn1.h>
sl@0	68	#include <openssl/asn1t.h>
sl@0	69	#include <openssl/x509v3.h>
sl@0	70	#if (defined(SYMBIAN) && (defined(__WINSCW__) \|\| defined(__WINS__)))
sl@0	71	#include "libcrypto_wsd_macros.h"
sl@0	72	#include "libcrypto_wsd.h"
sl@0	73	#endif
sl@0	74
sl@0	75
sl@0	76	static STACK_OF(CONF_VALUE) i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD method,
sl@0	77	AUTHORITY_KEYID akeyid, STACK_OF(CONF_VALUE) extlist);
sl@0	78	static AUTHORITY_KEYID v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD method,
sl@0	79	X509V3_CTX ctx, STACK_OF(CONF_VALUE) values);
sl@0	80	#ifndef EMULATOR
sl@0	81	X509V3_EXT_METHOD v3_akey_id =
sl@0	82	{
sl@0	83	NID_authority_key_identifier,
sl@0	84	X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
sl@0	85	0,0,0,0,
sl@0	86	0,0,
sl@0	87	(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
sl@0	88	(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
sl@0	89	0,0,
sl@0	90	NULL
sl@0	91	};
sl@0	92	#else
sl@0	93	const X509V3_EXT_METHOD v3_akey_id =
sl@0	94	{
sl@0	95	NID_authority_key_identifier,
sl@0	96	X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
sl@0	97	0,0,0,0,
sl@0	98	0,0,
sl@0	99	(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
sl@0	100	(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
sl@0	101	0,0,
sl@0	102	NULL
sl@0	103	};
sl@0	104
sl@0	105	#endif
sl@0	106	static STACK_OF(CONF_VALUE) i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD method,
sl@0	107	AUTHORITY_KEYID akeyid, STACK_OF(CONF_VALUE) extlist)
sl@0	108	{
sl@0	109	char *tmp;
sl@0	110	if(akeyid->keyid) {
sl@0	111	tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
sl@0	112	X509V3_add_value("keyid", tmp, &extlist);
sl@0	113	OPENSSL_free(tmp);
sl@0	114	}
sl@0	115	if(akeyid->issuer)
sl@0	116	extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
sl@0	117	if(akeyid->serial) {
sl@0	118	tmp = hex_to_string(akeyid->serial->data,
sl@0	119	akeyid->serial->length);
sl@0	120	X509V3_add_value("serial", tmp, &extlist);
sl@0	121	OPENSSL_free(tmp);
sl@0	122	}
sl@0	123	return extlist;
sl@0	124	}
sl@0	125
sl@0	126	/* Currently two options:
sl@0	127	* keyid: use the issuers subject keyid, the value 'always' means its is
sl@0	128	* an error if the issuer certificate doesn't have a key id.
sl@0	129	* issuer: use the issuers cert issuer and serial number. The default is
sl@0	130	* to only use this if keyid is not present. With the option 'always'
sl@0	131	* this is always included.
sl@0	132	*/
sl@0	133
sl@0	134	static AUTHORITY_KEYID v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD method,
sl@0	135	X509V3_CTX ctx, STACK_OF(CONF_VALUE) values)
sl@0	136	{
sl@0	137	char keyid=0, issuer=0;
sl@0	138	int i;
sl@0	139	CONF_VALUE *cnf;
sl@0	140	ASN1_OCTET_STRING *ikeyid = NULL;
sl@0	141	X509_NAME *isname = NULL;
sl@0	142	GENERAL_NAMES * gens = NULL;
sl@0	143	GENERAL_NAME *gen = NULL;
sl@0	144	ASN1_INTEGER *serial = NULL;
sl@0	145	X509_EXTENSION *ext;
sl@0	146	X509 *cert;
sl@0	147	AUTHORITY_KEYID *akeyid;
sl@0	148
sl@0	149	for(i = 0; i < sk_CONF_VALUE_num(values); i++)
sl@0	150	{
sl@0	151	cnf = sk_CONF_VALUE_value(values, i);
sl@0	152	if(!strcmp(cnf->name, "keyid"))
sl@0	153	{
sl@0	154	keyid = 1;
sl@0	155	if(cnf->value && !strcmp(cnf->value, "always"))
sl@0	156	keyid = 2;
sl@0	157	}
sl@0	158	else if(!strcmp(cnf->name, "issuer"))
sl@0	159	{
sl@0	160	issuer = 1;
sl@0	161	if(cnf->value && !strcmp(cnf->value, "always"))
sl@0	162	issuer = 2;
sl@0	163	}
sl@0	164	else
sl@0	165	{
sl@0	166	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
sl@0	167	ERR_add_error_data(2, "name=", cnf->name);
sl@0	168	return NULL;
sl@0	169	}
sl@0	170	}
sl@0	171
sl@0	172	if(!ctx \|\| !ctx->issuer_cert)
sl@0	173	{
sl@0	174	if(ctx && (ctx->flags==CTX_TEST))
sl@0	175	return AUTHORITY_KEYID_new();
sl@0	176	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
sl@0	177	return NULL;
sl@0	178	}
sl@0	179
sl@0	180	cert = ctx->issuer_cert;
sl@0	181
sl@0	182	if(keyid)
sl@0	183	{
sl@0	184	i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
sl@0	185	if((i >= 0) && (ext = X509_get_ext(cert, i)))
sl@0	186	ikeyid = X509V3_EXT_d2i(ext);
sl@0	187	if(keyid==2 && !ikeyid)
sl@0	188	{
sl@0	189	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
sl@0	190	return NULL;
sl@0	191	}
sl@0	192	}
sl@0	193
sl@0	194	if((issuer && !ikeyid) \|\| (issuer == 2))
sl@0	195	{
sl@0	196	isname = X509_NAME_dup(X509_get_issuer_name(cert));
sl@0	197	serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
sl@0	198	if(!isname \|\| !serial)
sl@0	199	{
sl@0	200	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
sl@0	201	goto err;
sl@0	202	}
sl@0	203	}
sl@0	204
sl@0	205	if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
sl@0	206
sl@0	207	if(isname)
sl@0	208	{
sl@0	209	if(!(gens = sk_GENERAL_NAME_new_null())
sl@0	210	\|\| !(gen = GENERAL_NAME_new())
sl@0	211	\|\| !sk_GENERAL_NAME_push(gens, gen))
sl@0	212	{
sl@0	213	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
sl@0	214	goto err;
sl@0	215	}
sl@0	216	gen->type = GEN_DIRNAME;
sl@0	217	gen->d.dirn = isname;
sl@0	218	}
sl@0	219
sl@0	220	akeyid->issuer = gens;
sl@0	221	akeyid->serial = serial;
sl@0	222	akeyid->keyid = ikeyid;
sl@0	223
sl@0	224	return akeyid;
sl@0	225
sl@0	226	err:
sl@0	227	X509_NAME_free(isname);
sl@0	228	M_ASN1_INTEGER_free(serial);
sl@0	229	M_ASN1_OCTET_STRING_free(ikeyid);
sl@0	230	return NULL;
sl@0	231	}

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--