1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libcrypto/src/crypto/x509/x509_vpm.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,437 @@
1.4 +/* x509_vpm.c */
1.5 +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
1.6 + * project 2004.
1.7 + */
1.8 +/* ====================================================================
1.9 + * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
1.10 + *
1.11 + * Redistribution and use in source and binary forms, with or without
1.12 + * modification, are permitted provided that the following conditions
1.13 + * are met:
1.14 + *
1.15 + * 1. Redistributions of source code must retain the above copyright
1.16 + * notice, this list of conditions and the following disclaimer.
1.17 + *
1.18 + * 2. Redistributions in binary form must reproduce the above copyright
1.19 + * notice, this list of conditions and the following disclaimer in
1.20 + * the documentation and/or other materials provided with the
1.21 + * distribution.
1.22 + *
1.23 + * 3. All advertising materials mentioning features or use of this
1.24 + * software must display the following acknowledgment:
1.25 + * "This product includes software developed by the OpenSSL Project
1.26 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
1.27 + *
1.28 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1.29 + * endorse or promote products derived from this software without
1.30 + * prior written permission. For written permission, please contact
1.31 + * licensing@OpenSSL.org.
1.32 + *
1.33 + * 5. Products derived from this software may not be called "OpenSSL"
1.34 + * nor may "OpenSSL" appear in their names without prior written
1.35 + * permission of the OpenSSL Project.
1.36 + *
1.37 + * 6. Redistributions of any form whatsoever must retain the following
1.38 + * acknowledgment:
1.39 + * "This product includes software developed by the OpenSSL Project
1.40 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
1.41 + *
1.42 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1.43 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.44 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1.45 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
1.46 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.47 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1.48 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1.49 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.50 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.51 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.52 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.53 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.54 + * ====================================================================
1.55 + *
1.56 + * This product includes cryptographic software written by Eric Young
1.57 + * (eay@cryptsoft.com). This product includes software written by Tim
1.58 + * Hudson (tjh@cryptsoft.com).
1.59 + *
1.60 + */
1.61 + /*
1.62 + © Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
1.63 + */
1.64 +
1.65 +#include <stdio.h>
1.66 +
1.67 +#include "cryptlib.h"
1.68 +#include <openssl/crypto.h>
1.69 +#include <openssl/lhash.h>
1.70 +#include <openssl/buffer.h>
1.71 +#include <openssl/x509.h>
1.72 +#include <openssl/x509v3.h>
1.73 +#if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__)))
1.74 +#include "libcrypto_wsd_macros.h"
1.75 +#include "libcrypto_wsd.h"
1.76 +#endif
1.77 +
1.78 +
1.79 +/* X509_VERIFY_PARAM functions */
1.80 +
1.81 +static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
1.82 + {
1.83 + if (!param)
1.84 + return;
1.85 + param->name = NULL;
1.86 + param->purpose = 0;
1.87 + param->trust = 0;
1.88 + param->inh_flags = X509_VP_FLAG_DEFAULT;
1.89 + param->flags = 0;
1.90 + param->depth = -1;
1.91 + if (param->policies)
1.92 + {
1.93 + sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
1.94 + param->policies = NULL;
1.95 + }
1.96 + }
1.97 +
1.98 +EXPORT_C X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
1.99 + {
1.100 + X509_VERIFY_PARAM *param;
1.101 + param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
1.102 +#ifdef SYMBIAN
1.103 + if(param==NULL)
1.104 + return param;
1.105 +#endif
1.106 + memset(param, 0, sizeof(X509_VERIFY_PARAM));
1.107 + x509_verify_param_zero(param);
1.108 + return param;
1.109 + }
1.110 +
1.111 +EXPORT_C void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
1.112 + {
1.113 + x509_verify_param_zero(param);
1.114 + OPENSSL_free(param);
1.115 + }
1.116 +
1.117 +/* This function determines how parameters are "inherited" from one structure
1.118 + * to another. There are several different ways this can happen.
1.119 + *
1.120 + * 1. If a child structure needs to have its values initialized from a parent
1.121 + * they are simply copied across. For example SSL_CTX copied to SSL.
1.122 + * 2. If the structure should take on values only if they are currently unset.
1.123 + * For example the values in an SSL structure will take appropriate value
1.124 + * for SSL servers or clients but only if the application has not set new
1.125 + * ones.
1.126 + *
1.127 + * The "inh_flags" field determines how this function behaves.
1.128 + *
1.129 + * Normally any values which are set in the default are not copied from the
1.130 + * destination and verify flags are ORed together.
1.131 + *
1.132 + * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
1.133 + * to the destination. Effectively the values in "to" become default values
1.134 + * which will be used only if nothing new is set in "from".
1.135 + *
1.136 + * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
1.137 + * they are set or not. Flags is still Ored though.
1.138 + *
1.139 + * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
1.140 + * of ORed.
1.141 + *
1.142 + * If X509_VP_FLAG_LOCKED is set then no values are copied.
1.143 + *
1.144 + * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
1.145 + * after the next call.
1.146 + */
1.147 +
1.148 +/* Macro to test if a field should be copied from src to dest */
1.149 +
1.150 +#define test_x509_verify_param_copy(field, def) \
1.151 + (to_overwrite || \
1.152 + ((src->field != def) && (to_default || (dest->field == def))))
1.153 +
1.154 +/* Macro to test and copy a field if necessary */
1.155 +
1.156 +#define x509_verify_param_copy(field, def) \
1.157 + if (test_x509_verify_param_copy(field, def)) \
1.158 + dest->field = src->field
1.159 +
1.160 +
1.161 +EXPORT_C int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
1.162 + const X509_VERIFY_PARAM *src)
1.163 + {
1.164 + unsigned long inh_flags;
1.165 + int to_default, to_overwrite;
1.166 + if (!src)
1.167 + return 1;
1.168 + inh_flags = dest->inh_flags | src->inh_flags;
1.169 +
1.170 + if (inh_flags & X509_VP_FLAG_ONCE)
1.171 + dest->inh_flags = 0;
1.172 +
1.173 + if (inh_flags & X509_VP_FLAG_LOCKED)
1.174 + return 1;
1.175 +
1.176 + if (inh_flags & X509_VP_FLAG_DEFAULT)
1.177 + to_default = 1;
1.178 + else
1.179 + to_default = 0;
1.180 +
1.181 + if (inh_flags & X509_VP_FLAG_OVERWRITE)
1.182 + to_overwrite = 1;
1.183 + else
1.184 + to_overwrite = 0;
1.185 +
1.186 + x509_verify_param_copy(purpose, 0);
1.187 + x509_verify_param_copy(trust, 0);
1.188 + x509_verify_param_copy(depth, -1);
1.189 + /* If overwrite or check time not set, copy across */
1.190 +
1.191 + if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME))
1.192 + {
1.193 + dest->check_time = src->check_time;
1.194 + dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
1.195 + /* Don't need to copy flag: that is done below */
1.196 + }
1.197 +
1.198 +
1.199 + if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
1.200 + dest->flags = 0;
1.201 +
1.202 + dest->flags |= src->flags;
1.203 +
1.204 + if (test_x509_verify_param_copy(policies, NULL))
1.205 + {
1.206 + if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
1.207 + return 0;
1.208 + }
1.209 +
1.210 + return 1;
1.211 + }
1.212 +
1.213 +EXPORT_C int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
1.214 + const X509_VERIFY_PARAM *from)
1.215 + {
1.216 + to->inh_flags |= X509_VP_FLAG_DEFAULT;
1.217 + return X509_VERIFY_PARAM_inherit(to, from);
1.218 + }
1.219 +
1.220 +EXPORT_C int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
1.221 + {
1.222 + if (param->name)
1.223 + OPENSSL_free(param->name);
1.224 + param->name = BUF_strdup(name);
1.225 + if (param->name)
1.226 + return 1;
1.227 + return 0;
1.228 + }
1.229 +
1.230 +EXPORT_C int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
1.231 + {
1.232 + param->flags |= flags;
1.233 + if (flags & X509_V_FLAG_POLICY_MASK)
1.234 + param->flags |= X509_V_FLAG_POLICY_CHECK;
1.235 + return 1;
1.236 + }
1.237 +
1.238 +EXPORT_C int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags)
1.239 + {
1.240 + param->flags &= ~flags;
1.241 + return 1;
1.242 + }
1.243 +
1.244 +EXPORT_C unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
1.245 + {
1.246 + return param->flags;
1.247 + }
1.248 +
1.249 +EXPORT_C int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
1.250 + {
1.251 + return X509_PURPOSE_set(¶m->purpose, purpose);
1.252 + }
1.253 +
1.254 +EXPORT_C int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
1.255 + {
1.256 + return X509_TRUST_set(¶m->trust, trust);
1.257 + }
1.258 +
1.259 +EXPORT_C void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
1.260 + {
1.261 + param->depth = depth;
1.262 + }
1.263 +
1.264 +EXPORT_C void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
1.265 + {
1.266 + param->check_time = t;
1.267 + param->flags |= X509_V_FLAG_USE_CHECK_TIME;
1.268 + }
1.269 +
1.270 +EXPORT_C int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy)
1.271 + {
1.272 + if (!param->policies)
1.273 + {
1.274 + param->policies = sk_ASN1_OBJECT_new_null();
1.275 + if (!param->policies)
1.276 + return 0;
1.277 + }
1.278 + if (!sk_ASN1_OBJECT_push(param->policies, policy))
1.279 + return 0;
1.280 + return 1;
1.281 + }
1.282 +
1.283 +EXPORT_C int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
1.284 + STACK_OF(ASN1_OBJECT) *policies)
1.285 + {
1.286 + int i;
1.287 + ASN1_OBJECT *oid, *doid;
1.288 + if (!param)
1.289 + return 0;
1.290 + if (param->policies)
1.291 + sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
1.292 +
1.293 + if (!policies)
1.294 + {
1.295 + param->policies = NULL;
1.296 + return 1;
1.297 + }
1.298 +
1.299 + param->policies = sk_ASN1_OBJECT_new_null();
1.300 + if (!param->policies)
1.301 + return 0;
1.302 +
1.303 + for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++)
1.304 + {
1.305 + oid = sk_ASN1_OBJECT_value(policies, i);
1.306 + doid = OBJ_dup(oid);
1.307 + if (!doid)
1.308 + return 0;
1.309 + if (!sk_ASN1_OBJECT_push(param->policies, doid))
1.310 + {
1.311 + ASN1_OBJECT_free(doid);
1.312 + return 0;
1.313 + }
1.314 + }
1.315 + param->flags |= X509_V_FLAG_POLICY_CHECK;
1.316 + return 1;
1.317 + }
1.318 +
1.319 +EXPORT_C int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
1.320 + {
1.321 + return param->depth;
1.322 + }
1.323 +
1.324 +/* Default verify parameters: these are used for various
1.325 + * applications and can be overridden by the user specified table.
1.326 + * NB: the 'name' field *must* be in alphabetical order because it
1.327 + * will be searched using OBJ_search.
1.328 + */
1.329 +
1.330 +static const X509_VERIFY_PARAM default_table[] = {
1.331 + {
1.332 + "default", /* X509 default parameters */
1.333 + 0, /* Check time */
1.334 + 0, /* internal flags */
1.335 + 0, /* flags */
1.336 + 0, /* purpose */
1.337 + 0, /* trust */
1.338 + 9, /* depth */
1.339 + NULL /* policies */
1.340 + },
1.341 + {
1.342 + "pkcs7", /* SSL/TLS client parameters */
1.343 + 0, /* Check time */
1.344 + 0, /* internal flags */
1.345 + 0, /* flags */
1.346 + X509_PURPOSE_SMIME_SIGN, /* purpose */
1.347 + X509_TRUST_EMAIL, /* trust */
1.348 + -1, /* depth */
1.349 + NULL /* policies */
1.350 + },
1.351 + {
1.352 + "ssl_client", /* SSL/TLS client parameters */
1.353 + 0, /* Check time */
1.354 + 0, /* internal flags */
1.355 + 0, /* flags */
1.356 + X509_PURPOSE_SSL_CLIENT, /* purpose */
1.357 + X509_TRUST_SSL_CLIENT, /* trust */
1.358 + -1, /* depth */
1.359 + NULL /* policies */
1.360 + },
1.361 + {
1.362 + "ssl_server", /* SSL/TLS server parameters */
1.363 + 0, /* Check time */
1.364 + 0, /* internal flags */
1.365 + 0, /* flags */
1.366 + X509_PURPOSE_SSL_SERVER, /* purpose */
1.367 + X509_TRUST_SSL_SERVER, /* trust */
1.368 + -1, /* depth */
1.369 + NULL /* policies */
1.370 + }};
1.371 +
1.372 +#ifndef EMULATOR
1.373 +static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
1.374 +#else
1.375 +GET_STATIC_VAR_FROM_TLS(param_table,x509_vpm,STACK_OF(X509_VERIFY_PARAM) *)
1.376 +#define param_table (*GET_WSD_VAR_NAME(param_table,x509_vpm, s)())
1.377 +#endif
1.378 +
1.379 +static int table_cmp(const void *pa, const void *pb)
1.380 + {
1.381 + const X509_VERIFY_PARAM *a = pa, *b = pb;
1.382 + return strcmp(a->name, b->name);
1.383 + }
1.384 +
1.385 +static int param_cmp(const X509_VERIFY_PARAM * const *a,
1.386 + const X509_VERIFY_PARAM * const *b)
1.387 + {
1.388 + return strcmp((*a)->name, (*b)->name);
1.389 + }
1.390 +
1.391 +EXPORT_C int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
1.392 + {
1.393 + int idx;
1.394 + X509_VERIFY_PARAM *ptmp;
1.395 + if (!param_table)
1.396 + {
1.397 + param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
1.398 + if (!param_table)
1.399 + return 0;
1.400 + }
1.401 + else
1.402 + {
1.403 + idx = sk_X509_VERIFY_PARAM_find(param_table, param);
1.404 + if (idx != -1)
1.405 + {
1.406 + ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
1.407 + X509_VERIFY_PARAM_free(ptmp);
1.408 + (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
1.409 + }
1.410 + }
1.411 + if (!sk_X509_VERIFY_PARAM_push(param_table, param))
1.412 + return 0;
1.413 + return 1;
1.414 + }
1.415 +
1.416 +EXPORT_C const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
1.417 + {
1.418 + int idx;
1.419 + X509_VERIFY_PARAM pm;
1.420 + pm.name = (char *)name;
1.421 + if (param_table)
1.422 + {
1.423 + idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
1.424 + if (idx != -1)
1.425 + return sk_X509_VERIFY_PARAM_value(param_table, idx);
1.426 + }
1.427 + return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm,
1.428 + (char *)&default_table,
1.429 + sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
1.430 + sizeof(X509_VERIFY_PARAM),
1.431 + table_cmp);
1.432 + }
1.433 +
1.434 +EXPORT_C void X509_VERIFY_PARAM_table_cleanup(void)
1.435 + {
1.436 + if (param_table)
1.437 + sk_X509_VERIFY_PARAM_pop_free(param_table,
1.438 + X509_VERIFY_PARAM_free);
1.439 + param_table = NULL;
1.440 + }