kris
/
boringssl
1
0
Çatalla 0
Kod Konular 0 Değişiklik İstekleri 0 Sürümler 0 Wiki Aktivite
25'ten fazla konu seçemezsiniz Konular bir harf veya rakamla başlamalı, kısa çizgiler ('-') içerebilir ve en fazla 35 karakter uzunluğunda olabilir.
2891 İşleme
12 Dallar
38 MiB
 
 
 
 
 
 
Ağaç: 71dd6660e8
Dallar Biçim İmleri
${ item.name }
${ searchTerm } dalı oluştur
'71dd6660e8'den
${ noResults }
boringssl/crypto/x509v3/v3_conf.c

461 satır
14 KiB
Ham Suçlama Geçmiş 

  1. /* v3_conf.c */

  2. /*

  3.  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project

  4.  * 1999.

  5.  */

  6. /* ====================================================================

  7.  * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.

  8.  *

  9.  * Redistribution and use in source and binary forms, with or without

  10.  * modification, are permitted provided that the following conditions

  11.  * are met:

  12.  *

  13.  * 1. Redistributions of source code must retain the above copyright

  14.  *    notice, this list of conditions and the following disclaimer.

  15.  *

  16.  * 2. Redistributions in binary form must reproduce the above copyright

  17.  *    notice, this list of conditions and the following disclaimer in

  18.  *    the documentation and/or other materials provided with the

  19.  *    distribution.

  20.  *

  21.  * 3. All advertising materials mentioning features or use of this

  22.  *    software must display the following acknowledgment:

  23.  *    "This product includes software developed by the OpenSSL Project

  24.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  25.  *

  26.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  27.  *    endorse or promote products derived from this software without

  28.  *    prior written permission. For written permission, please contact

  29.  *    licensing@OpenSSL.org.

  30.  *

  31.  * 5. Products derived from this software may not be called "OpenSSL"

  32.  *    nor may "OpenSSL" appear in their names without prior written

  33.  *    permission of the OpenSSL Project.

  34.  *

  35.  * 6. Redistributions of any form whatsoever must retain the following

  36.  *    acknowledgment:

  37.  *    "This product includes software developed by the OpenSSL Project

  38.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  41.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  43.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  44.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  45.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  46.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  47.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  49.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  50.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  51.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  52.  * ====================================================================

  53.  *

  54.  * This product includes cryptographic software written by Eric Young

  55.  * (eay@cryptsoft.com).  This product includes software written by Tim

  56.  * Hudson (tjh@cryptsoft.com). */

  57. 

  58. /* extension creation utilities */

  59. 

  60. #include <ctype.h>

  61. #include <stdio.h>

  62. #include <string.h>

  63. 

  64. #include <openssl/conf.h>

  65. #include <openssl/err.h>

  66. #include <openssl/mem.h>

  67. #include <openssl/obj.h>

  68. #include <openssl/x509.h>

  69. #include <openssl/x509v3.h>

  70. 

  71. #include "../internal.h"

  72. 

  73. static int v3_check_critical(char **value);

  74. static int v3_check_generic(char **value);

  75. static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,

  76.                                     int crit, char *value);

  77. static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,

  78.                                             int crit, int type,

  79.                                             X509V3_CTX *ctx);

  80. static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,

  81.                                   int ext_nid, int crit, void *ext_struc);

  82. static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,

  83.                                    long *ext_len);

  84. /* CONF *conf:  Config file    */

  85. /* char *name:  Name    */

  86. /* char *value:  Value    */

  87. X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,

  88.                                  char *value)

  89. {

  90.     int crit;

  91.     int ext_type;

  92.     X509_EXTENSION *ret;

  93.     crit = v3_check_critical(&value);

  94.     if ((ext_type = v3_check_generic(&value)))

  95.         return v3_generic_extension(name, value, crit, ext_type, ctx);

  96.     ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);

  97.     if (!ret) {

  98.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_IN_EXTENSION);

  99.         ERR_add_error_data(4, "name=", name, ", value=", value);

  100.     }

  101.     return ret;

  102. }

  103. 

  104. /* CONF *conf:  Config file    */

  105. /* char *value:  Value    */

  106. X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,

  107.                                      char *value)

  108. {

  109.     int crit;

  110.     int ext_type;

  111.     crit = v3_check_critical(&value);

  112.     if ((ext_type = v3_check_generic(&value)))

  113.         return v3_generic_extension(OBJ_nid2sn(ext_nid),

  114.                                     value, crit, ext_type, ctx);

  115.     return do_ext_nconf(conf, ctx, ext_nid, crit, value);

  116. }

  117. 

  118. /* CONF *conf:  Config file    */

  119. /* char *value:  Value    */

  120. static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,

  121.                                     int crit, char *value)

  122. {

  123.     const X509V3_EXT_METHOD *method;

  124.     X509_EXTENSION *ext;

  125.     STACK_OF(CONF_VALUE) *nval;

  126.     void *ext_struc;

  127.     if (ext_nid == NID_undef) {

  128.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_EXTENSION_NAME);

  129.         return NULL;

  130.     }

  131.     if (!(method = X509V3_EXT_get_nid(ext_nid))) {

  132.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_EXTENSION);

  133.         return NULL;

  134.     }

  135.     /* Now get internal extension representation based on type */

  136.     if (method->v2i) {

  137.         if (*value == '@')

  138.             nval = NCONF_get_section(conf, value + 1);

  139.         else

  140.             nval = X509V3_parse_list(value);

  141.         if (sk_CONF_VALUE_num(nval) <= 0) {

  142.             OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_EXTENSION_STRING);

  143.             ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",

  144.                                value);

  145.             return NULL;

  146.         }

  147.         ext_struc = method->v2i(method, ctx, nval);

  148.         if (*value != '@')

  149.             sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);

  150.         if (!ext_struc)

  151.             return NULL;

  152.     } else if (method->s2i) {

  153.         if (!(ext_struc = method->s2i(method, ctx, value)))

  154.             return NULL;

  155.     } else if (method->r2i) {

  156.         if (!ctx->db || !ctx->db_meth) {

  157.             OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_CONFIG_DATABASE);

  158.             return NULL;

  159.         }

  160.         if (!(ext_struc = method->r2i(method, ctx, value)))

  161.             return NULL;

  162.     } else {

  163.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);

  164.         ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));

  165.         return NULL;

  166.     }

  167. 

  168.     ext = do_ext_i2d(method, ext_nid, crit, ext_struc);

  169.     if (method->it)

  170.         ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));

  171.     else

  172.         method->ext_free(ext_struc);

  173.     return ext;

  174. 

  175. }

  176. 

  177. static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,

  178.                                   int ext_nid, int crit, void *ext_struc)

  179. {

  180.     unsigned char *ext_der;

  181.     int ext_len;

  182.     ASN1_OCTET_STRING *ext_oct;

  183.     X509_EXTENSION *ext;

  184.     /* Convert internal representation to DER */

  185.     if (method->it) {

  186.         ext_der = NULL;

  187.         ext_len =

  188.             ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));

  189.         if (ext_len < 0)

  190.             goto merr;

  191.     } else {

  192.         unsigned char *p;

  193.         ext_len = method->i2d(ext_struc, NULL);

  194.         if (!(ext_der = OPENSSL_malloc(ext_len)))

  195.             goto merr;

  196.         p = ext_der;

  197.         method->i2d(ext_struc, &p);

  198.     }

  199.     if (!(ext_oct = M_ASN1_OCTET_STRING_new()))

  200.         goto merr;

  201.     ext_oct->data = ext_der;

  202.     ext_oct->length = ext_len;

  203. 

  204.     ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);

  205.     if (!ext)

  206.         goto merr;

  207.     M_ASN1_OCTET_STRING_free(ext_oct);

  208. 

  209.     return ext;

  210. 

  211.  merr:

  212.     OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);

  213.     return NULL;

  214. 

  215. }

  216. 

  217. /* Given an internal structure, nid and critical flag create an extension */

  218. 

  219. X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)

  220. {

  221.     const X509V3_EXT_METHOD *method;

  222.     if (!(method = X509V3_EXT_get_nid(ext_nid))) {

  223.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_EXTENSION);

  224.         return NULL;

  225.     }

  226.     return do_ext_i2d(method, ext_nid, crit, ext_struc);

  227. }

  228. 

  229. /* Check the extension string for critical flag */

  230. static int v3_check_critical(char **value)

  231. {

  232.     char *p = *value;

  233.     if ((strlen(p) < 9) || strncmp(p, "critical,", 9))

  234.         return 0;

  235.     p += 9;

  236.     while (isspace((unsigned char)*p))

  237.         p++;

  238.     *value = p;

  239.     return 1;

  240. }

  241. 

  242. /* Check extension string for generic extension and return the type */

  243. static int v3_check_generic(char **value)

  244. {

  245.     int gen_type = 0;

  246.     char *p = *value;

  247.     if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {

  248.         p += 4;

  249.         gen_type = 1;

  250.     } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) {

  251.         p += 5;

  252.         gen_type = 2;

  253.     } else

  254.         return 0;

  255. 

  256.     while (isspace((unsigned char)*p))

  257.         p++;

  258.     *value = p;

  259.     return gen_type;

  260. }

  261. 

  262. /* Create a generic extension: for now just handle DER type */

  263. static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,

  264.                                             int crit, int gen_type,

  265.                                             X509V3_CTX *ctx)

  266. {

  267.     unsigned char *ext_der = NULL;

  268.     long ext_len = 0;

  269.     ASN1_OBJECT *obj = NULL;

  270.     ASN1_OCTET_STRING *oct = NULL;

  271.     X509_EXTENSION *extension = NULL;

  272.     if (!(obj = OBJ_txt2obj(ext, 0))) {

  273.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXTENSION_NAME_ERROR);

  274.         ERR_add_error_data(2, "name=", ext);

  275.         goto err;

  276.     }

  277. 

  278.     if (gen_type == 1)

  279.         ext_der = string_to_hex(value, &ext_len);

  280.     else if (gen_type == 2)

  281.         ext_der = generic_asn1(value, ctx, &ext_len);

  282. 

  283.     if (ext_der == NULL) {

  284.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXTENSION_VALUE_ERROR);

  285.         ERR_add_error_data(2, "value=", value);

  286.         goto err;

  287.     }

  288. 

  289.     if (!(oct = M_ASN1_OCTET_STRING_new())) {

  290.         OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);

  291.         goto err;

  292.     }

  293. 

  294.     oct->data = ext_der;

  295.     oct->length = ext_len;

  296.     ext_der = NULL;

  297. 

  298.     extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);

  299. 

  300.  err:

  301.     ASN1_OBJECT_free(obj);

  302.     M_ASN1_OCTET_STRING_free(oct);

  303.     if (ext_der)

  304.         OPENSSL_free(ext_der);

  305.     return extension;

  306. 

  307. }

  308. 

  309. static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,

  310.                                    long *ext_len)

  311. {

  312.     ASN1_TYPE *typ;

  313.     unsigned char *ext_der = NULL;

  314.     typ = ASN1_generate_v3(value, ctx);

  315.     if (typ == NULL)

  316.         return NULL;

  317.     *ext_len = i2d_ASN1_TYPE(typ, &ext_der);

  318.     ASN1_TYPE_free(typ);

  319.     return ext_der;

  320. }

  321. 

  322. /*

  323.  * This is the main function: add a bunch of extensions based on a config

  324.  * file section to an extension STACK.

  325.  */

  326. 

  327. int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,

  328.                             STACK_OF(X509_EXTENSION) **sk)

  329. {

  330.     X509_EXTENSION *ext;

  331.     STACK_OF(CONF_VALUE) *nval;

  332.     CONF_VALUE *val;

  333.     size_t i;

  334.     if (!(nval = NCONF_get_section(conf, section)))

  335.         return 0;

  336.     for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {

  337.         val = sk_CONF_VALUE_value(nval, i);

  338.         if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))

  339.             return 0;

  340.         if (sk)

  341.             X509v3_add_ext(sk, ext, -1);

  342.         X509_EXTENSION_free(ext);

  343.     }

  344.     return 1;

  345. }

  346. 

  347. /*

  348.  * Convenience functions to add extensions to a certificate, CRL and request

  349.  */

  350. 

  351. int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,

  352.                          X509 *cert)

  353. {

  354.     STACK_OF(X509_EXTENSION) **sk = NULL;

  355.     if (cert)

  356.         sk = &cert->cert_info->extensions;

  357.     return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);

  358. }

  359. 

  360. /* Same as above but for a CRL */

  361. 

  362. int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,

  363.                              X509_CRL *crl)

  364. {

  365.     STACK_OF(X509_EXTENSION) **sk = NULL;

  366.     if (crl)

  367.         sk = &crl->crl->extensions;

  368.     return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);

  369. }

  370. 

  371. /* Add extensions to certificate request */

  372. 

  373. int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,

  374.                              X509_REQ *req)

  375. {

  376.     STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;

  377.     int i;

  378.     if (req)

  379.         sk = &extlist;

  380.     i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);

  381.     if (!i || !sk)

  382.         return i;

  383.     i = X509_REQ_add_extensions(req, extlist);

  384.     sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);

  385.     return i;

  386. }

  387. 

  388. /* Config database functions */

  389. 

  390. char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)

  391. {

  392.     if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {

  393.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED);

  394.         return NULL;

  395.     }

  396.     if (ctx->db_meth->get_string)

  397.         return ctx->db_meth->get_string(ctx->db, name, section);

  398.     return NULL;

  399. }

  400. 

  401. STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section)

  402. {

  403.     if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {

  404.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED);

  405.         return NULL;

  406.     }

  407.     if (ctx->db_meth->get_section)

  408.         return ctx->db_meth->get_section(ctx->db, section);

  409.     return NULL;

  410. }

  411. 

  412. void X509V3_string_free(X509V3_CTX *ctx, char *str)

  413. {

  414.     if (!str)

  415.         return;

  416.     if (ctx->db_meth->free_string)

  417.         ctx->db_meth->free_string(ctx->db, str);

  418. }

  419. 

  420. void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)

  421. {

  422.     if (!section)

  423.         return;

  424.     if (ctx->db_meth->free_section)

  425.         ctx->db_meth->free_section(ctx->db, section);

  426. }

  427. 

  428. static char *nconf_get_string(void *db, char *section, char *value)

  429. {

  430.     /* TODO(fork): this should return a const value. */

  431.     return (char *)NCONF_get_string(db, section, value);

  432. }

  433. 

  434. static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)

  435. {

  436.     return NCONF_get_section(db, section);

  437. }

  438. 

  439. static const X509V3_CONF_METHOD nconf_method = {

  440.     nconf_get_string,

  441.     nconf_get_section,

  442.     NULL,

  443.     NULL

  444. };

  445. 

  446. void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)

  447. {

  448.     ctx->db_meth = &nconf_method;

  449.     ctx->db = conf;

  450. }

  451. 

  452. void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,

  453.                     X509_CRL *crl, int flags)

  454. {

  455.     ctx->issuer_cert = issuer;

  456.     ctx->subject_cert = subj;

  457.     ctx->crl = crl;

  458.     ctx->subject_req = req;

  459.     ctx->flags = flags;

  460. }