sl@0: /* v3_akey.c */ sl@0: /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL sl@0: * project 1999. sl@0: */ sl@0: /* ==================================================================== sl@0: * Copyright (c) 1999 The OpenSSL Project. All rights reserved. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * sl@0: * 1. Redistributions of source code must retain the above copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in sl@0: * the documentation and/or other materials provided with the sl@0: * distribution. sl@0: * sl@0: * 3. All advertising materials mentioning features or use of this sl@0: * software must display the following acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" sl@0: * sl@0: * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to sl@0: * endorse or promote products derived from this software without sl@0: * prior written permission. For written permission, please contact sl@0: * licensing@OpenSSL.org. sl@0: * sl@0: * 5. Products derived from this software may not be called "OpenSSL" sl@0: * nor may "OpenSSL" appear in their names without prior written sl@0: * permission of the OpenSSL Project. sl@0: * sl@0: * 6. Redistributions of any form whatsoever must retain the following sl@0: * acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY sl@0: * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR sl@0: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR sl@0: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, sl@0: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT sl@0: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; sl@0: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, sl@0: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) sl@0: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED sl@0: * OF THE POSSIBILITY OF SUCH DAMAGE. sl@0: * ==================================================================== sl@0: * sl@0: * This product includes cryptographic software written by Eric Young sl@0: * (eay@cryptsoft.com). This product includes software written by Tim sl@0: * Hudson (tjh@cryptsoft.com). sl@0: * sl@0: */ sl@0: sl@0: /* sl@0: © Portions copyright (c) 2006 Nokia Corporation. All rights reserved. sl@0: */ sl@0: sl@0: sl@0: #include sl@0: #include "cryptlib.h" sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__))) sl@0: #include "libcrypto_wsd_macros.h" sl@0: #include "libcrypto_wsd.h" sl@0: #endif sl@0: sl@0: sl@0: static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, sl@0: AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist); sl@0: static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, sl@0: X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); sl@0: #ifndef EMULATOR sl@0: X509V3_EXT_METHOD v3_akey_id = sl@0: { sl@0: NID_authority_key_identifier, sl@0: X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), sl@0: 0,0,0,0, sl@0: 0,0, sl@0: (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, sl@0: (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, sl@0: 0,0, sl@0: NULL sl@0: }; sl@0: #else sl@0: const X509V3_EXT_METHOD v3_akey_id = sl@0: { sl@0: NID_authority_key_identifier, sl@0: X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), sl@0: 0,0,0,0, sl@0: 0,0, sl@0: (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, sl@0: (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, sl@0: 0,0, sl@0: NULL sl@0: }; sl@0: sl@0: #endif sl@0: static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, sl@0: AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) sl@0: { sl@0: char *tmp; sl@0: if(akeyid->keyid) { sl@0: tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); sl@0: X509V3_add_value("keyid", tmp, &extlist); sl@0: OPENSSL_free(tmp); sl@0: } sl@0: if(akeyid->issuer) sl@0: extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); sl@0: if(akeyid->serial) { sl@0: tmp = hex_to_string(akeyid->serial->data, sl@0: akeyid->serial->length); sl@0: X509V3_add_value("serial", tmp, &extlist); sl@0: OPENSSL_free(tmp); sl@0: } sl@0: return extlist; sl@0: } sl@0: sl@0: /* Currently two options: sl@0: * keyid: use the issuers subject keyid, the value 'always' means its is sl@0: * an error if the issuer certificate doesn't have a key id. sl@0: * issuer: use the issuers cert issuer and serial number. The default is sl@0: * to only use this if keyid is not present. With the option 'always' sl@0: * this is always included. sl@0: */ sl@0: sl@0: static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, sl@0: X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) sl@0: { sl@0: char keyid=0, issuer=0; sl@0: int i; sl@0: CONF_VALUE *cnf; sl@0: ASN1_OCTET_STRING *ikeyid = NULL; sl@0: X509_NAME *isname = NULL; sl@0: GENERAL_NAMES * gens = NULL; sl@0: GENERAL_NAME *gen = NULL; sl@0: ASN1_INTEGER *serial = NULL; sl@0: X509_EXTENSION *ext; sl@0: X509 *cert; sl@0: AUTHORITY_KEYID *akeyid; sl@0: sl@0: for(i = 0; i < sk_CONF_VALUE_num(values); i++) sl@0: { sl@0: cnf = sk_CONF_VALUE_value(values, i); sl@0: if(!strcmp(cnf->name, "keyid")) sl@0: { sl@0: keyid = 1; sl@0: if(cnf->value && !strcmp(cnf->value, "always")) sl@0: keyid = 2; sl@0: } sl@0: else if(!strcmp(cnf->name, "issuer")) sl@0: { sl@0: issuer = 1; sl@0: if(cnf->value && !strcmp(cnf->value, "always")) sl@0: issuer = 2; sl@0: } sl@0: else sl@0: { sl@0: X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); sl@0: ERR_add_error_data(2, "name=", cnf->name); sl@0: return NULL; sl@0: } sl@0: } sl@0: sl@0: if(!ctx || !ctx->issuer_cert) sl@0: { sl@0: if(ctx && (ctx->flags==CTX_TEST)) sl@0: return AUTHORITY_KEYID_new(); sl@0: X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); sl@0: return NULL; sl@0: } sl@0: sl@0: cert = ctx->issuer_cert; sl@0: sl@0: if(keyid) sl@0: { sl@0: i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); sl@0: if((i >= 0) && (ext = X509_get_ext(cert, i))) sl@0: ikeyid = X509V3_EXT_d2i(ext); sl@0: if(keyid==2 && !ikeyid) sl@0: { sl@0: X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); sl@0: return NULL; sl@0: } sl@0: } sl@0: sl@0: if((issuer && !ikeyid) || (issuer == 2)) sl@0: { sl@0: isname = X509_NAME_dup(X509_get_issuer_name(cert)); sl@0: serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); sl@0: if(!isname || !serial) sl@0: { sl@0: X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); sl@0: goto err; sl@0: } sl@0: } sl@0: sl@0: if(!(akeyid = AUTHORITY_KEYID_new())) goto err; sl@0: sl@0: if(isname) sl@0: { sl@0: if(!(gens = sk_GENERAL_NAME_new_null()) sl@0: || !(gen = GENERAL_NAME_new()) sl@0: || !sk_GENERAL_NAME_push(gens, gen)) sl@0: { sl@0: X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); sl@0: goto err; sl@0: } sl@0: gen->type = GEN_DIRNAME; sl@0: gen->d.dirn = isname; sl@0: } sl@0: sl@0: akeyid->issuer = gens; sl@0: akeyid->serial = serial; sl@0: akeyid->keyid = ikeyid; sl@0: sl@0: return akeyid; sl@0: sl@0: err: sl@0: X509_NAME_free(isname); sl@0: M_ASN1_INTEGER_free(serial); sl@0: M_ASN1_OCTET_STRING_free(ikeyid); sl@0: return NULL; sl@0: }