MercurialSymaptic / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw
| help
os/ossrv/ssl/libcrypto/src/crypto/x509v3/v3_akey.c
changeset 0 bde4ae8d615e
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/os/ossrv/ssl/libcrypto/src/crypto/x509v3/v3_akey.c	Fri Jun 15 03:10:57 2012 +0200
     1.3 @@ -0,0 +1,231 @@
     1.4 +/* v3_akey.c */
     1.5 +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
     1.6 + * project 1999.
     1.7 + */
     1.8 +/* ====================================================================
     1.9 + * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
    1.10 + *
    1.11 + * Redistribution and use in source and binary forms, with or without
    1.12 + * modification, are permitted provided that the following conditions
    1.13 + * are met:
    1.14 + *
    1.15 + * 1. Redistributions of source code must retain the above copyright
    1.16 + *    notice, this list of conditions and the following disclaimer. 
    1.17 + *
    1.18 + * 2. Redistributions in binary form must reproduce the above copyright
    1.19 + *    notice, this list of conditions and the following disclaimer in
    1.20 + *    the documentation and/or other materials provided with the
    1.21 + *    distribution.
    1.22 + *
    1.23 + * 3. All advertising materials mentioning features or use of this
    1.24 + *    software must display the following acknowledgment:
    1.25 + *    "This product includes software developed by the OpenSSL Project
    1.26 + *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
    1.27 + *
    1.28 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
    1.29 + *    endorse or promote products derived from this software without
    1.30 + *    prior written permission. For written permission, please contact
    1.31 + *    licensing@OpenSSL.org.
    1.32 + *
    1.33 + * 5. Products derived from this software may not be called "OpenSSL"
    1.34 + *    nor may "OpenSSL" appear in their names without prior written
    1.35 + *    permission of the OpenSSL Project.
    1.36 + *
    1.37 + * 6. Redistributions of any form whatsoever must retain the following
    1.38 + *    acknowledgment:
    1.39 + *    "This product includes software developed by the OpenSSL Project
    1.40 + *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
    1.41 + *
    1.42 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
    1.43 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    1.44 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    1.45 + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
    1.46 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    1.47 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
    1.48 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
    1.49 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    1.50 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    1.51 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    1.52 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    1.53 + * OF THE POSSIBILITY OF SUCH DAMAGE.
    1.54 + * ====================================================================
    1.55 + *
    1.56 + * This product includes cryptographic software written by Eric Young
    1.57 + * (eay@cryptsoft.com).  This product includes software written by Tim
    1.58 + * Hudson (tjh@cryptsoft.com).
    1.59 + *
    1.60 + */
    1.61 + 
    1.62 +/*
    1.63 + © Portions copyright (c) 2006 Nokia Corporation.  All rights reserved.
    1.64 + */
    1.65 +
    1.66 +
    1.67 +#include <stdio.h>
    1.68 +#include "cryptlib.h"
    1.69 +#include <openssl/conf.h>
    1.70 +#include <openssl/asn1.h>
    1.71 +#include <openssl/asn1t.h>
    1.72 +#include <openssl/x509v3.h>
    1.73 +#if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__)))
    1.74 +#include "libcrypto_wsd_macros.h"
    1.75 +#include "libcrypto_wsd.h"
    1.76 +#endif
    1.77 +
    1.78 +
    1.79 +static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
    1.80 +			AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
    1.81 +static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
    1.82 +			X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
    1.83 +#ifndef EMULATOR
    1.84 +X509V3_EXT_METHOD v3_akey_id =
    1.85 +	{
    1.86 +	NID_authority_key_identifier,
    1.87 +	X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
    1.88 +	0,0,0,0,
    1.89 +	0,0,
    1.90 +	(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
    1.91 +	(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
    1.92 +	0,0,
    1.93 +	NULL
    1.94 +	};
    1.95 +#else
    1.96 +const X509V3_EXT_METHOD v3_akey_id =
    1.97 +	{
    1.98 +	NID_authority_key_identifier,
    1.99 +	X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
   1.100 +	0,0,0,0,
   1.101 +	0,0,
   1.102 +	(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
   1.103 +	(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
   1.104 +	0,0,
   1.105 +	NULL
   1.106 +	};
   1.107 +
   1.108 +#endif
   1.109 +static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
   1.110 +	     AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
   1.111 +{
   1.112 +	char *tmp;
   1.113 +	if(akeyid->keyid) {
   1.114 +		tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
   1.115 +		X509V3_add_value("keyid", tmp, &extlist);
   1.116 +		OPENSSL_free(tmp);
   1.117 +	}
   1.118 +	if(akeyid->issuer) 
   1.119 +		extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
   1.120 +	if(akeyid->serial) {
   1.121 +		tmp = hex_to_string(akeyid->serial->data,
   1.122 +						 akeyid->serial->length);
   1.123 +		X509V3_add_value("serial", tmp, &extlist);
   1.124 +		OPENSSL_free(tmp);
   1.125 +	}
   1.126 +	return extlist;
   1.127 +}
   1.128 +
   1.129 +/* Currently two options:
   1.130 + * keyid: use the issuers subject keyid, the value 'always' means its is
   1.131 + * an error if the issuer certificate doesn't have a key id.
   1.132 + * issuer: use the issuers cert issuer and serial number. The default is
   1.133 + * to only use this if keyid is not present. With the option 'always'
   1.134 + * this is always included.
   1.135 + */
   1.136 +
   1.137 +static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
   1.138 +	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
   1.139 +	{
   1.140 +	char keyid=0, issuer=0;
   1.141 +	int i;
   1.142 +	CONF_VALUE *cnf;
   1.143 +	ASN1_OCTET_STRING *ikeyid = NULL;
   1.144 +	X509_NAME *isname = NULL;
   1.145 +	GENERAL_NAMES * gens = NULL;
   1.146 +	GENERAL_NAME *gen = NULL;
   1.147 +	ASN1_INTEGER *serial = NULL;
   1.148 +	X509_EXTENSION *ext;
   1.149 +	X509 *cert;
   1.150 +	AUTHORITY_KEYID *akeyid;
   1.151 +
   1.152 +	for(i = 0; i < sk_CONF_VALUE_num(values); i++)
   1.153 +		{
   1.154 +		cnf = sk_CONF_VALUE_value(values, i);
   1.155 +		if(!strcmp(cnf->name, "keyid"))
   1.156 +			{
   1.157 +			keyid = 1;
   1.158 +			if(cnf->value && !strcmp(cnf->value, "always"))
   1.159 +				keyid = 2;
   1.160 +			}
   1.161 +		else if(!strcmp(cnf->name, "issuer"))
   1.162 +			{
   1.163 +			issuer = 1;
   1.164 +			if(cnf->value && !strcmp(cnf->value, "always"))
   1.165 +				issuer = 2;
   1.166 +			}
   1.167 +		else
   1.168 +			{
   1.169 +			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
   1.170 +			ERR_add_error_data(2, "name=", cnf->name);
   1.171 +			return NULL;
   1.172 +			}
   1.173 +		}
   1.174 +
   1.175 +	if(!ctx || !ctx->issuer_cert)
   1.176 +		{
   1.177 +		if(ctx && (ctx->flags==CTX_TEST))
   1.178 +			return AUTHORITY_KEYID_new();
   1.179 +		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
   1.180 +		return NULL;
   1.181 +		}
   1.182 +
   1.183 +	cert = ctx->issuer_cert;
   1.184 +
   1.185 +	if(keyid)
   1.186 +		{
   1.187 +		i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
   1.188 +		if((i >= 0)  && (ext = X509_get_ext(cert, i)))
   1.189 +			ikeyid = X509V3_EXT_d2i(ext);
   1.190 +		if(keyid==2 && !ikeyid)
   1.191 +			{
   1.192 +			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
   1.193 +			return NULL;
   1.194 +			}
   1.195 +		}
   1.196 +
   1.197 +	if((issuer && !ikeyid) || (issuer == 2))
   1.198 +		{
   1.199 +		isname = X509_NAME_dup(X509_get_issuer_name(cert));
   1.200 +		serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
   1.201 +		if(!isname || !serial)
   1.202 +			{
   1.203 +			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
   1.204 +			goto err;
   1.205 +			}
   1.206 +		}
   1.207 +
   1.208 +	if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
   1.209 +
   1.210 +	if(isname)
   1.211 +		{
   1.212 +		if(!(gens = sk_GENERAL_NAME_new_null())
   1.213 +			|| !(gen = GENERAL_NAME_new())
   1.214 +			|| !sk_GENERAL_NAME_push(gens, gen))
   1.215 +			{
   1.216 +			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
   1.217 +			goto err;
   1.218 +			}
   1.219 +		gen->type = GEN_DIRNAME;
   1.220 +		gen->d.dirn = isname;
   1.221 +		}
   1.222 +
   1.223 +	akeyid->issuer = gens;
   1.224 +	akeyid->serial = serial;
   1.225 +	akeyid->keyid = ikeyid;
   1.226 +
   1.227 +	return akeyid;
   1.228 +
   1.229 + err:
   1.230 +	X509_NAME_free(isname);
   1.231 +	M_ASN1_INTEGER_free(serial);
   1.232 +	M_ASN1_OCTET_STRING_free(ikeyid);
   1.233 +	return NULL;
   1.234 +	}
Symaptic