Symaptic: os/ossrv/ssl/libcrypto/src/crypto/x509/x509

     1 /* x509_vpm.c */

     2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL

     3  * project 2004.

     4  */

     5 /* ====================================================================

     6  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

     7  *

     8  * Redistribution and use in source and binary forms, with or without

     9  * modification, are permitted provided that the following conditions

    10  * are met:

    11  *

    12  * 1. Redistributions of source code must retain the above copyright

    13  *    notice, this list of conditions and the following disclaimer.

    14  *

    15  * 2. Redistributions in binary form must reproduce the above copyright

    16  *    notice, this list of conditions and the following disclaimer in

    17  *    the documentation and/or other materials provided with the

    18  *    distribution.

    19  *

    20  * 3. All advertising materials mentioning features or use of this

    21  *    software must display the following acknowledgment:

    22  *    "This product includes software developed by the OpenSSL Project

    23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

    24  *

    25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

    26  *    endorse or promote products derived from this software without

    27  *    prior written permission. For written permission, please contact

    28  *    licensing@OpenSSL.org.

    29  *

    30  * 5. Products derived from this software may not be called "OpenSSL"

    31  *    nor may "OpenSSL" appear in their names without prior written

    32  *    permission of the OpenSSL Project.

    33  *

    34  * 6. Redistributions of any form whatsoever must retain the following

    35  *    acknowledgment:

    36  *    "This product includes software developed by the OpenSSL Project

    37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

    38  *

    39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

    40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

    41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

    42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

    43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

    44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

    45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

    46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

    47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

    48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

    49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

    50  * OF THE POSSIBILITY OF SUCH DAMAGE.

    51  * ====================================================================

    52  *

    53  * This product includes cryptographic software written by Eric Young

    54  * (eay@cryptsoft.com).  This product includes software written by Tim

    55  * Hudson (tjh@cryptsoft.com).

    56  *

    57  */

    58  /*

    59  © Portions copyright (c) 2006 Nokia Corporation.  All rights reserved.

    60  */

    62 #include <stdio.h>

    64 #include "cryptlib.h"

    65 #include <openssl/crypto.h>

    66 #include <openssl/lhash.h>

    67 #include <openssl/buffer.h>

    68 #include <openssl/x509.h>

    69 #include <openssl/x509v3.h>

    70 #if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__)))

    71 #include "libcrypto_wsd_macros.h"

    72 #include "libcrypto_wsd.h"

    73 #endif

    76 /* X509_VERIFY_PARAM functions */

    78 static void x509_verify_param_zero(X509_VERIFY_PARAM *param)

    79 	{

    80 	if (!param)

    81 		return;

    82 	param->name = NULL;

    83 	param->purpose = 0;

    84 	param->trust = 0;

    85 	param->inh_flags = X509_VP_FLAG_DEFAULT;

    86 	param->flags = 0;

    87 	param->depth = -1;

    88 	if (param->policies)

    89 		{

    90 		sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);

    91 		param->policies = NULL;

    92 		}

    93 	}

    95 EXPORT_C X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)

    96 	{

    97 	X509_VERIFY_PARAM *param;

    98 	param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));

    99 #ifdef SYMBIAN

   100   if(param==NULL)

   101   return param;

   102 #endif

   103 	memset(param, 0, sizeof(X509_VERIFY_PARAM));

   104 	x509_verify_param_zero(param);

   105 	return param;

   106 	}

   108 EXPORT_C void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)

   109 	{

   110 	x509_verify_param_zero(param);

   111 	OPENSSL_free(param);

   112 	}

   114 /* This function determines how parameters are "inherited" from one structure

   115  * to another. There are several different ways this can happen.

   116  *

   117  * 1. If a child structure needs to have its values initialized from a parent

   118  *    they are simply copied across. For example SSL_CTX copied to SSL.

   119  * 2. If the structure should take on values only if they are currently unset.

   120  *    For example the values in an SSL structure will take appropriate value

   121  *    for SSL servers or clients but only if the application has not set new

   122  *    ones.

   123  *

   124  * The "inh_flags" field determines how this function behaves.

   125  *

   126  * Normally any values which are set in the default are not copied from the

   127  * destination and verify flags are ORed together.

   128  *

   129  * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied

   130  * to the destination. Effectively the values in "to" become default values

   131  * which will be used only if nothing new is set in "from".

   132  *

   133  * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether

   134  * they are set or not. Flags is still Ored though.

   135  *

   136  * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead

   137  * of ORed.

   138  *

   139  * If X509_VP_FLAG_LOCKED is set then no values are copied.

   140  *

   141  * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed

   142  * after the next call.

   143  */

   145 /* Macro to test if a field should be copied from src to dest */

   147 #define test_x509_verify_param_copy(field, def) \

   148 	(to_overwrite || \

   149 		((src->field != def) && (to_default || (dest->field == def))))

   151 /* Macro to test and copy a field if necessary */

   153 #define x509_verify_param_copy(field, def) \

   154 	if (test_x509_verify_param_copy(field, def)) \

   155 		dest->field = src->field

   158 EXPORT_C int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,

   159 						const X509_VERIFY_PARAM *src)

   160 	{

   161 	unsigned long inh_flags;

   162 	int to_default, to_overwrite;

   163 	if (!src)

   164 		return 1;

   165 	inh_flags = dest->inh_flags | src->inh_flags;

   167 	if (inh_flags & X509_VP_FLAG_ONCE)

   168 		dest->inh_flags = 0;

   170 	if (inh_flags & X509_VP_FLAG_LOCKED)

   171 		return 1;

   173 	if (inh_flags & X509_VP_FLAG_DEFAULT)

   174 		to_default = 1;

   175 	else

   176 		to_default = 0;

   178 	if (inh_flags & X509_VP_FLAG_OVERWRITE)

   179 		to_overwrite = 1;

   180 	else

   181 		to_overwrite = 0;

   183 	x509_verify_param_copy(purpose, 0);

   184 	x509_verify_param_copy(trust, 0);

   185 	x509_verify_param_copy(depth, -1);

   186 	/* If overwrite or check time not set, copy across */

   188 	if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME))

   189 		{

   190 		dest->check_time = src->check_time;

   191 		dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;

   192 		/* Don't need to copy flag: that is done below */

   193 		}

   196 	if (inh_flags & X509_VP_FLAG_RESET_FLAGS)

   197 		dest->flags = 0;

   199 	dest->flags |= src->flags;

   201 	if (test_x509_verify_param_copy(policies, NULL))

   202 		{

   203 		if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))

   204 			return 0;

   205 		}

   207 	return 1;

   208 	}

   210 EXPORT_C int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,

   211 						const X509_VERIFY_PARAM *from)

   212 	{

   213 	to->inh_flags |= X509_VP_FLAG_DEFAULT;

   214 	return X509_VERIFY_PARAM_inherit(to, from);

   215 	}

   217 EXPORT_C int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)

   218 	{

   219 	if (param->name)

   220 		OPENSSL_free(param->name);

   221 	param->name = BUF_strdup(name);

   222 	if (param->name)

   223 		return 1;

   224 	return 0;

   225 	}

   227 EXPORT_C int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)

   228 	{

   229 	param->flags |= flags;

   230 	if (flags & X509_V_FLAG_POLICY_MASK)

   231 		param->flags |= X509_V_FLAG_POLICY_CHECK;

   232 	return 1;

   233 	}

   235 EXPORT_C int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags)

   236 	{

   237 	param->flags &= ~flags;

   238 	return 1;

   239 	}

   241 EXPORT_C unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)

   242 	{

   243 	return param->flags;

   244 	}

   246 EXPORT_C int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)

   247 	{

   248 	return X509_PURPOSE_set(&param->purpose, purpose);

   249 	}

   251 EXPORT_C int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)

   252 	{

   253 	return X509_TRUST_set(&param->trust, trust);

   254 	}

   256 EXPORT_C void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)

   257 	{

   258 	param->depth = depth;

   259 	}

   261 EXPORT_C void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)

   262 	{

   263 	param->check_time = t;

   264 	param->flags |= X509_V_FLAG_USE_CHECK_TIME;

   265 	}

   267 EXPORT_C int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy)

   268 	{

   269 	if (!param->policies)

   270 		{

   271 		param->policies = sk_ASN1_OBJECT_new_null();

   272 		if (!param->policies)

   273 			return 0;

   274 		}

   275 	if (!sk_ASN1_OBJECT_push(param->policies, policy))

   276 		return 0;

   277 	return 1;

   278 	}

   280 EXPORT_C int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,

   281 					STACK_OF(ASN1_OBJECT) *policies)

   282 	{

   283 	int i;

   284 	ASN1_OBJECT *oid, *doid;

   285 	if (!param)

   286 		return 0;

   287 	if (param->policies)

   288 		sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);

   290 	if (!policies)

   291 		{

   292 		param->policies = NULL;

   293 		return 1;

   294 		}

   296 	param->policies = sk_ASN1_OBJECT_new_null();

   297 	if (!param->policies)

   298 		return 0;

   300 	for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++)

   301 		{

   302 		oid = sk_ASN1_OBJECT_value(policies, i);

   303 		doid = OBJ_dup(oid);

   304 		if (!doid)

   305 			return 0;

   306 		if (!sk_ASN1_OBJECT_push(param->policies, doid))

   307 			{

   308 			ASN1_OBJECT_free(doid);

   309 			return 0;

   310 			}

   311 		}

   312 	param->flags |= X509_V_FLAG_POLICY_CHECK;

   313 	return 1;

   314 	}

   316 EXPORT_C int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)

   317 	{

   318 	return param->depth;

   319 	}

   321 /* Default verify parameters: these are used for various

   322  * applications and can be overridden by the user specified table.

   323  * NB: the 'name' field *must* be in alphabetical order because it

   324  * will be searched using OBJ_search.

   325  */

   327 static const X509_VERIFY_PARAM default_table[] = {

   328 	{

   329 	"default",	/* X509 default parameters */

   330 	0,		/* Check time */

   331 	0,		/* internal flags */

   332 	0,		/* flags */

   333 	0,		/* purpose */

   334 	0,		/* trust */

   335 	9,		/* depth */

   336 	NULL		/* policies */

   337 	},

   338 	{

   339 	"pkcs7",			/* SSL/TLS client parameters */

   340 	0,				/* Check time */

   341 	0,				/* internal flags */

   342 	0,				/* flags */

   343 	X509_PURPOSE_SMIME_SIGN,	/* purpose */

   344 	X509_TRUST_EMAIL,		/* trust */

   345 	-1,				/* depth */

   346 	NULL				/* policies */

   347 	},

   348 	{

   349 	"ssl_client",			/* SSL/TLS client parameters */

   350 	0,				/* Check time */

   351 	0,				/* internal flags */

   352 	0,				/* flags */

   353 	X509_PURPOSE_SSL_CLIENT,	/* purpose */

   354 	X509_TRUST_SSL_CLIENT,		/* trust */

   355 	-1,				/* depth */

   356 	NULL				/* policies */

   357 	},

   358 	{

   359 	"ssl_server",			/* SSL/TLS server parameters */

   360 	0,				/* Check time */

   361 	0,				/* internal flags */

   362 	0,				/* flags */

   363 	X509_PURPOSE_SSL_SERVER,	/* purpose */

   364 	X509_TRUST_SSL_SERVER,		/* trust */

   365 	-1,				/* depth */

   366 	NULL				/* policies */

   367 	}};

   369 #ifndef EMULATOR

   370 static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;

   371 #else

   372 GET_STATIC_VAR_FROM_TLS(param_table,x509_vpm,STACK_OF(X509_VERIFY_PARAM) *)

   373 #define param_table (*GET_WSD_VAR_NAME(param_table,x509_vpm, s)())

   374 #endif

   376 static int table_cmp(const void *pa, const void *pb)

   377 	{

   378 	const X509_VERIFY_PARAM *a = pa, *b = pb;

   379 	return strcmp(a->name, b->name);

   380 	}

   382 static int param_cmp(const X509_VERIFY_PARAM * const *a,

   383 			const X509_VERIFY_PARAM * const *b)

   384 	{

   385 	return strcmp((*a)->name, (*b)->name);

   386 	}

   388 EXPORT_C int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)

   389 	{

   390 	int idx;

   391 	X509_VERIFY_PARAM *ptmp;

   392 	if (!param_table)

   393 		{

   394 		param_table = sk_X509_VERIFY_PARAM_new(param_cmp);

   395 		if (!param_table)

   396 			return 0;

   397 		}

   398 	else

   399 		{

   400 		idx = sk_X509_VERIFY_PARAM_find(param_table, param);

   401 		if (idx != -1)

   402 			{

   403 			ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);

   404 			X509_VERIFY_PARAM_free(ptmp);

   405 			(void)sk_X509_VERIFY_PARAM_delete(param_table, idx);

   406 			}

   407 		}

   408 	if (!sk_X509_VERIFY_PARAM_push(param_table, param))

   409 		return 0;

   410 	return 1;

   411 	}

   413 EXPORT_C const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)

   414 	{

   415 	int idx;

   416 	X509_VERIFY_PARAM pm;

   417 	pm.name = (char *)name;

   418 	if (param_table)

   419 		{

   420 		idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);

   421 		if (idx != -1)

   422 			return sk_X509_VERIFY_PARAM_value(param_table, idx);

   423 		}

   424 	return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm,

   425 				(char *)&default_table,

   426 				sizeof(default_table)/sizeof(X509_VERIFY_PARAM),

   427 				sizeof(X509_VERIFY_PARAM),

   428 				table_cmp);

   429 	}

   431 EXPORT_C void X509_VERIFY_PARAM_table_cleanup(void)

   432 	{

   433 	if (param_table)

   434 		sk_X509_VERIFY_PARAM_pop_free(param_table,

   435 						X509_VERIFY_PARAM_free);

   436 	param_table = NULL;

   437 	}

author	sl
	Tue, 10 Jun 2014 14:32:02 +0200
changeset 1	260cb5ec6c19
permissions	-rw-r--r--