kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
3990 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Struktur: 3e0b2ce12b
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „3e0b2ce12b“
${ noResults }
boringssl/crypto/x509v3/v3_lib.c

363 Zeilen
11 KiB
Originalformat Blame Verlauf 

  1. /* v3_lib.c */

  2. /*

  3.  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project

  4.  * 1999.

  5.  */

  6. /* ====================================================================

  7.  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

  8.  *

  9.  * Redistribution and use in source and binary forms, with or without

  10.  * modification, are permitted provided that the following conditions

  11.  * are met:

  12.  *

  13.  * 1. Redistributions of source code must retain the above copyright

  14.  *    notice, this list of conditions and the following disclaimer.

  15.  *

  16.  * 2. Redistributions in binary form must reproduce the above copyright

  17.  *    notice, this list of conditions and the following disclaimer in

  18.  *    the documentation and/or other materials provided with the

  19.  *    distribution.

  20.  *

  21.  * 3. All advertising materials mentioning features or use of this

  22.  *    software must display the following acknowledgment:

  23.  *    "This product includes software developed by the OpenSSL Project

  24.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  25.  *

  26.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  27.  *    endorse or promote products derived from this software without

  28.  *    prior written permission. For written permission, please contact

  29.  *    licensing@OpenSSL.org.

  30.  *

  31.  * 5. Products derived from this software may not be called "OpenSSL"

  32.  *    nor may "OpenSSL" appear in their names without prior written

  33.  *    permission of the OpenSSL Project.

  34.  *

  35.  * 6. Redistributions of any form whatsoever must retain the following

  36.  *    acknowledgment:

  37.  *    "This product includes software developed by the OpenSSL Project

  38.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  41.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  43.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  44.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  45.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  46.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  47.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  49.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  50.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  51.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  52.  * ====================================================================

  53.  *

  54.  * This product includes cryptographic software written by Eric Young

  55.  * (eay@cryptsoft.com).  This product includes software written by Tim

  56.  * Hudson (tjh@cryptsoft.com).

  57.  *

  58.  */

  59. /* X509 v3 extension utilities */

  60. 

  61. #include <stdio.h>

  62. 

  63. #include <openssl/conf.h>

  64. #include <openssl/err.h>

  65. #include <openssl/mem.h>

  66. #include <openssl/obj.h>

  67. #include <openssl/x509v3.h>

  68. 

  69. #include "ext_dat.h"

  70. static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;

  71. 

  72. static void ext_list_free(X509V3_EXT_METHOD *ext);

  73. 

  74. static int ext_stack_cmp(const X509V3_EXT_METHOD **a,

  75.                          const X509V3_EXT_METHOD **b)

  76. {

  77.     return ((*a)->ext_nid - (*b)->ext_nid);

  78. }

  79. 

  80. int X509V3_EXT_add(X509V3_EXT_METHOD *ext)

  81. {

  82.     if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_stack_cmp))) {

  83.         OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);

  84.         ext_list_free(ext);

  85.         return 0;

  86.     }

  87.     if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {

  88.         OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);

  89.         ext_list_free(ext);

  90.         return 0;

  91.     }

  92.     return 1;

  93. }

  94. 

  95. static int ext_cmp(const void *void_a, const void *void_b)

  96. {

  97.     const X509V3_EXT_METHOD **a = (const X509V3_EXT_METHOD **)void_a;

  98.     const X509V3_EXT_METHOD **b = (const X509V3_EXT_METHOD **)void_b;

  99.     return ext_stack_cmp(a, b);

  100. }

  101. 

  102. const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)

  103. {

  104.     X509V3_EXT_METHOD tmp;

  105.     const X509V3_EXT_METHOD *t = &tmp, *const *ret;

  106.     size_t idx;

  107. 

  108.     if (nid < 0)

  109.         return NULL;

  110.     tmp.ext_nid = nid;

  111.     ret =

  112.         bsearch(&t, standard_exts, STANDARD_EXTENSION_COUNT,

  113.                 sizeof(X509V3_EXT_METHOD *), ext_cmp);

  114.     if (ret)

  115.         return *ret;

  116.     if (!ext_list)

  117.         return NULL;

  118. 

  119.     if (!sk_X509V3_EXT_METHOD_find(ext_list, &idx, &tmp))

  120.         return NULL;

  121.     return sk_X509V3_EXT_METHOD_value(ext_list, idx);

  122. }

  123. 

  124. const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)

  125. {

  126.     int nid;

  127.     if ((nid = OBJ_obj2nid(ext->object)) == NID_undef)

  128.         return NULL;

  129.     return X509V3_EXT_get_nid(nid);

  130. }

  131. 

  132. int X509V3_EXT_free(int nid, void *ext_data)

  133. {

  134.     const X509V3_EXT_METHOD *ext_method = X509V3_EXT_get_nid(nid);

  135.     if (ext_method == NULL) {

  136.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_CANNOT_FIND_FREE_FUNCTION);

  137.         return 0;

  138.     }

  139. 

  140.     if (ext_method->it != NULL)

  141.         ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it));

  142.     else if (ext_method->ext_free != NULL)

  143.         ext_method->ext_free(ext_data);

  144.     else {

  145.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_CANNOT_FIND_FREE_FUNCTION);

  146.         return 0;

  147.     }

  148. 

  149.     return 1;

  150. }

  151. 

  152. int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)

  153. {

  154.     for (; extlist->ext_nid != -1; extlist++)

  155.         if (!X509V3_EXT_add(extlist))

  156.             return 0;

  157.     return 1;

  158. }

  159. 

  160. int X509V3_EXT_add_alias(int nid_to, int nid_from)

  161. {

  162.     const X509V3_EXT_METHOD *ext;

  163.     X509V3_EXT_METHOD *tmpext;

  164. 

  165.     if (!(ext = X509V3_EXT_get_nid(nid_from))) {

  166.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXTENSION_NOT_FOUND);

  167.         return 0;

  168.     }

  169.     if (!

  170.         (tmpext =

  171.          (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {

  172.         OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);

  173.         return 0;

  174.     }

  175.     *tmpext = *ext;

  176.     tmpext->ext_nid = nid_to;

  177.     tmpext->ext_flags |= X509V3_EXT_DYNAMIC;

  178.     return X509V3_EXT_add(tmpext);

  179. }

  180. 

  181. void X509V3_EXT_cleanup(void)

  182. {

  183.     sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);

  184.     ext_list = NULL;

  185. }

  186. 

  187. static void ext_list_free(X509V3_EXT_METHOD *ext)

  188. {

  189.     if (ext->ext_flags & X509V3_EXT_DYNAMIC)

  190.         OPENSSL_free(ext);

  191. }

  192. 

  193. /*

  194.  * Legacy function: we don't need to add standard extensions any more because

  195.  * they are now kept in ext_dat.h.

  196.  */

  197. 

  198. int X509V3_add_standard_extensions(void)

  199. {

  200.     return 1;

  201. }

  202. 

  203. /* Return an extension internal structure */

  204. 

  205. void *X509V3_EXT_d2i(X509_EXTENSION *ext)

  206. {

  207.     const X509V3_EXT_METHOD *method;

  208.     const unsigned char *p;

  209. 

  210.     if (!(method = X509V3_EXT_get(ext)))

  211.         return NULL;

  212.     p = ext->value->data;

  213.     if (method->it)

  214.         return ASN1_item_d2i(NULL, &p, ext->value->length,

  215.                              ASN1_ITEM_ptr(method->it));

  216.     return method->d2i(NULL, &p, ext->value->length);

  217. }

  218. 

  219. /*

  220.  * Get critical flag and decoded version of extension from a NID. The "idx"

  221.  * variable returns the last found extension and can be used to retrieve

  222.  * multiple extensions of the same NID. However multiple extensions with the

  223.  * same NID is usually due to a badly encoded certificate so if idx is NULL

  224.  * we choke if multiple extensions exist. The "crit" variable is set to the

  225.  * critical value. The return value is the decoded extension or NULL on

  226.  * error. The actual error can have several different causes, the value of

  227.  * *crit reflects the cause: >= 0, extension found but not decoded (reflects

  228.  * critical value). -1 extension not found. -2 extension occurs more than

  229.  * once.

  230.  */

  231. 

  232. void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,

  233.                      int *idx)

  234. {

  235.     int lastpos;

  236.     size_t i;

  237.     X509_EXTENSION *ex, *found_ex = NULL;

  238.     if (!x) {

  239.         if (idx)

  240.             *idx = -1;

  241.         if (crit)

  242.             *crit = -1;

  243.         return NULL;

  244.     }

  245.     if (idx)

  246.         lastpos = *idx + 1;

  247.     else

  248.         lastpos = 0;

  249.     if (lastpos < 0)

  250.         lastpos = 0;

  251.     for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) {

  252.         ex = sk_X509_EXTENSION_value(x, i);

  253.         if (OBJ_obj2nid(ex->object) == nid) {

  254.             if (idx) {

  255.                 *idx = i;

  256.                 found_ex = ex;

  257.                 break;

  258.             } else if (found_ex) {

  259.                 /* Found more than one */

  260.                 if (crit)

  261.                     *crit = -2;

  262.                 return NULL;

  263.             }

  264.             found_ex = ex;

  265.         }

  266.     }

  267.     if (found_ex) {

  268.         /* Found it */

  269.         if (crit)

  270.             *crit = X509_EXTENSION_get_critical(found_ex);

  271.         return X509V3_EXT_d2i(found_ex);

  272.     }

  273. 

  274.     /* Extension not found */

  275.     if (idx)

  276.         *idx = -1;

  277.     if (crit)

  278.         *crit = -1;

  279.     return NULL;

  280. }

  281. 

  282. /*

  283.  * This function is a general extension append, replace and delete utility.

  284.  * The precise operation is governed by the 'flags' value. The 'crit' and

  285.  * 'value' arguments (if relevant) are the extensions internal structure.

  286.  */

  287. 

  288. int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,

  289.                     int crit, unsigned long flags)

  290. {

  291.     int extidx = -1;

  292.     int errcode;

  293.     X509_EXTENSION *ext, *extmp;

  294.     unsigned long ext_op = flags & X509V3_ADD_OP_MASK;

  295. 

  296.     /*

  297.      * If appending we don't care if it exists, otherwise look for existing

  298.      * extension.

  299.      */

  300.     if (ext_op != X509V3_ADD_APPEND)

  301.         extidx = X509v3_get_ext_by_NID(*x, nid, -1);

  302. 

  303.     /* See if extension exists */

  304.     if (extidx >= 0) {

  305.         /* If keep existing, nothing to do */

  306.         if (ext_op == X509V3_ADD_KEEP_EXISTING)

  307.             return 1;

  308.         /* If default then its an error */

  309.         if (ext_op == X509V3_ADD_DEFAULT) {

  310.             errcode = X509V3_R_EXTENSION_EXISTS;

  311.             goto err;

  312.         }

  313.         /* If delete, just delete it */

  314.         if (ext_op == X509V3_ADD_DELETE) {

  315.             if (!sk_X509_EXTENSION_delete(*x, extidx))

  316.                 return -1;

  317.             return 1;

  318.         }

  319.     } else {

  320.         /*

  321.          * If replace existing or delete, error since extension must exist

  322.          */

  323.         if ((ext_op == X509V3_ADD_REPLACE_EXISTING) ||

  324.             (ext_op == X509V3_ADD_DELETE)) {

  325.             errcode = X509V3_R_EXTENSION_NOT_FOUND;

  326.             goto err;

  327.         }

  328.     }

  329. 

  330.     /*

  331.      * If we get this far then we have to create an extension: could have

  332.      * some flags for alternative encoding schemes...

  333.      */

  334. 

  335.     ext = X509V3_EXT_i2d(nid, crit, value);

  336. 

  337.     if (!ext) {

  338.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_CREATING_EXTENSION);

  339.         return 0;

  340.     }

  341. 

  342.     /* If extension exists replace it.. */

  343.     if (extidx >= 0) {

  344.         extmp = sk_X509_EXTENSION_value(*x, extidx);

  345.         X509_EXTENSION_free(extmp);

  346.         if (!sk_X509_EXTENSION_set(*x, extidx, ext))

  347.             return -1;

  348.         return 1;

  349.     }

  350. 

  351.     if (!*x && !(*x = sk_X509_EXTENSION_new_null()))

  352.         return -1;

  353.     if (!sk_X509_EXTENSION_push(*x, ext))

  354.         return -1;

  355. 

  356.     return 1;

  357. 

  358.  err:

  359.     if (!(flags & X509V3_ADD_SILENT))

  360.         OPENSSL_PUT_ERROR(X509V3, errcode);

  361.     return 0;

  362. }