kris
/
boringssl
1
0
Forkuj 0
Kod Zgłoszenia 0 Oczekujące zmiany 0 Wydania 0 Wiki Aktywność
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
3598 Commity
12 Gałęzie
38 MiB
 
 
 
 
 
 
Drzewo: 97db926cf7
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z '97db926cf7'
${ noResults }
boringssl/crypto/x509v3/v3_pci.c

318 wiersze
11 KiB
Czysty Wina Historia 

  1. /* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */

  2. /*

  3.  * Contributed to the OpenSSL Project 2004 by Richard Levitte

  4.  * (richard@levitte.org)

  5.  */

  6. /* Copyright (c) 2004 Kungliga Tekniska Högskolan

  7.  * (Royal Institute of Technology, Stockholm, Sweden).

  8.  * All rights reserved.

  9.  *

  10.  * Redistribution and use in source and binary forms, with or without

  11.  * modification, are permitted provided that the following conditions

  12.  * are met:

  13.  *

  14.  * 1. Redistributions of source code must retain the above copyright

  15.  *    notice, this list of conditions and the following disclaimer.

  16.  *

  17.  * 2. Redistributions in binary form must reproduce the above copyright

  18.  *    notice, this list of conditions and the following disclaimer in the

  19.  *    documentation and/or other materials provided with the distribution.

  20.  *

  21.  * 3. Neither the name of the Institute nor the names of its contributors

  22.  *    may be used to endorse or promote products derived from this software

  23.  *    without specific prior written permission.

  24.  *

  25.  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND

  26.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  27.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  28.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE

  29.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  30.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  31.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  32.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  33.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  34.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  35.  * SUCH DAMAGE.

  36.  */

  37. 

  38. #include <stdio.h>

  39. #include <string.h>

  40. 

  41. #include <openssl/conf.h>

  42. #include <openssl/err.h>

  43. #include <openssl/mem.h>

  44. #include <openssl/obj.h>

  45. #include <openssl/x509v3.h>

  46. 

  47. static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,

  48.                    BIO *out, int indent);

  49. static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,

  50.                                           X509V3_CTX *ctx, char *str);

  51. 

  52. const X509V3_EXT_METHOD v3_pci =

  53.     { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),

  54.     0, 0, 0, 0,

  55.     0, 0,

  56.     NULL, NULL,

  57.     (X509V3_EXT_I2R)i2r_pci,

  58.     (X509V3_EXT_R2I)r2i_pci,

  59.     NULL,

  60. };

  61. 

  62. static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,

  63.                    BIO *out, int indent)

  64. {

  65.     BIO_printf(out, "%*sPath Length Constraint: ", indent, "");

  66.     if (pci->pcPathLengthConstraint)

  67.         i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);

  68.     else

  69.         BIO_printf(out, "infinite");

  70.     BIO_puts(out, "\n");

  71.     BIO_printf(out, "%*sPolicy Language: ", indent, "");

  72.     i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);

  73.     BIO_puts(out, "\n");

  74.     if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)

  75.         BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",

  76.                    pci->proxyPolicy->policy->data);

  77.     return 1;

  78. }

  79. 

  80. static int process_pci_value(CONF_VALUE *val,

  81.                              ASN1_OBJECT **language, ASN1_INTEGER **pathlen,

  82.                              ASN1_OCTET_STRING **policy)

  83. {

  84.     int free_policy = 0;

  85. 

  86.     if (strcmp(val->name, "language") == 0) {

  87.         if (*language) {

  88.             OPENSSL_PUT_ERROR(X509V3,

  89.                               X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);

  90.             X509V3_conf_err(val);

  91.             return 0;

  92.         }

  93.         if (!(*language = OBJ_txt2obj(val->value, 0))) {

  94.             OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER);

  95.             X509V3_conf_err(val);

  96.             return 0;

  97.         }

  98.     } else if (strcmp(val->name, "pathlen") == 0) {

  99.         if (*pathlen) {

  100.             OPENSSL_PUT_ERROR(X509V3,

  101.                               X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);

  102.             X509V3_conf_err(val);

  103.             return 0;

  104.         }

  105.         if (!X509V3_get_value_int(val, pathlen)) {

  106.             OPENSSL_PUT_ERROR(X509V3, X509V3_R_POLICY_PATH_LENGTH);

  107.             X509V3_conf_err(val);

  108.             return 0;

  109.         }

  110.     } else if (strcmp(val->name, "policy") == 0) {

  111.         unsigned char *tmp_data = NULL;

  112.         long val_len;

  113.         if (!*policy) {

  114.             *policy = ASN1_OCTET_STRING_new();

  115.             if (!*policy) {

  116.                 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);

  117.                 X509V3_conf_err(val);

  118.                 return 0;

  119.             }

  120.             free_policy = 1;

  121.         }

  122.         if (strncmp(val->value, "hex:", 4) == 0) {

  123.             unsigned char *tmp_data2 =

  124.                 string_to_hex(val->value + 4, &val_len);

  125. 

  126.             if (!tmp_data2) {

  127.                 OPENSSL_PUT_ERROR(X509V3, X509V3_R_ILLEGAL_HEX_DIGIT);

  128.                 X509V3_conf_err(val);

  129.                 goto err;

  130.             }

  131. 

  132.             tmp_data = OPENSSL_realloc((*policy)->data,

  133.                                        (*policy)->length + val_len + 1);

  134.             if (tmp_data) {

  135.                 (*policy)->data = tmp_data;

  136.                 memcpy(&(*policy)->data[(*policy)->length],

  137.                        tmp_data2, val_len);

  138.                 (*policy)->length += val_len;

  139.                 (*policy)->data[(*policy)->length] = '\0';

  140.             } else {

  141.                 OPENSSL_free(tmp_data2);

  142.                 /*

  143.                  * realloc failure implies the original data space is b0rked

  144.                  * too!

  145.                  */

  146.                 (*policy)->data = NULL;

  147.                 (*policy)->length = 0;

  148.                 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);

  149.                 X509V3_conf_err(val);

  150.                 goto err;

  151.             }

  152.             OPENSSL_free(tmp_data2);

  153.         } else if (strncmp(val->value, "file:", 5) == 0) {

  154.             unsigned char buf[2048];

  155.             int n;

  156.             BIO *b = BIO_new_file(val->value + 5, "r");

  157.             if (!b) {

  158.                 OPENSSL_PUT_ERROR(X509V3, ERR_R_BIO_LIB);

  159.                 X509V3_conf_err(val);

  160.                 goto err;

  161.             }

  162.             while ((n = BIO_read(b, buf, sizeof(buf))) > 0

  163.                    || (n == 0 && BIO_should_retry(b))) {

  164.                 if (!n)

  165.                     continue;

  166. 

  167.                 tmp_data = OPENSSL_realloc((*policy)->data,

  168.                                            (*policy)->length + n + 1);

  169. 

  170.                 if (!tmp_data)

  171.                     break;

  172. 

  173.                 (*policy)->data = tmp_data;

  174.                 memcpy(&(*policy)->data[(*policy)->length], buf, n);

  175.                 (*policy)->length += n;

  176.                 (*policy)->data[(*policy)->length] = '\0';

  177.             }

  178.             BIO_free_all(b);

  179. 

  180.             if (n < 0) {

  181.                 OPENSSL_PUT_ERROR(X509V3, ERR_R_BIO_LIB);

  182.                 X509V3_conf_err(val);

  183.                 goto err;

  184.             }

  185.         } else if (strncmp(val->value, "text:", 5) == 0) {

  186.             val_len = strlen(val->value + 5);

  187.             tmp_data = OPENSSL_realloc((*policy)->data,

  188.                                        (*policy)->length + val_len + 1);

  189.             if (tmp_data) {

  190.                 (*policy)->data = tmp_data;

  191.                 memcpy(&(*policy)->data[(*policy)->length],

  192.                        val->value + 5, val_len);

  193.                 (*policy)->length += val_len;

  194.                 (*policy)->data[(*policy)->length] = '\0';

  195.             } else {

  196.                 /*

  197.                  * realloc failure implies the original data space is b0rked

  198.                  * too!

  199.                  */

  200.                 (*policy)->data = NULL;

  201.                 (*policy)->length = 0;

  202.                 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);

  203.                 X509V3_conf_err(val);

  204.                 goto err;

  205.             }

  206.         } else {

  207.             OPENSSL_PUT_ERROR(X509V3, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);

  208.             X509V3_conf_err(val);

  209.             goto err;

  210.         }

  211.         if (!tmp_data) {

  212.             OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);

  213.             X509V3_conf_err(val);

  214.             goto err;

  215.         }

  216.     }

  217.     return 1;

  218.  err:

  219.     if (free_policy) {

  220.         ASN1_OCTET_STRING_free(*policy);

  221.         *policy = NULL;

  222.     }

  223.     return 0;

  224. }

  225. 

  226. static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,

  227.                                           X509V3_CTX *ctx, char *value)

  228. {

  229.     PROXY_CERT_INFO_EXTENSION *pci = NULL;

  230.     STACK_OF(CONF_VALUE) *vals;

  231.     ASN1_OBJECT *language = NULL;

  232.     ASN1_INTEGER *pathlen = NULL;

  233.     ASN1_OCTET_STRING *policy = NULL;

  234.     size_t i, j;

  235.     int nid;

  236. 

  237.     vals = X509V3_parse_list(value);

  238.     for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {

  239.         CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);

  240.         if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {

  241.             OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_PROXY_POLICY_SETTING);

  242.             X509V3_conf_err(cnf);

  243.             goto err;

  244.         }

  245.         if (*cnf->name == '@') {

  246.             STACK_OF(CONF_VALUE) *sect;

  247.             int success_p = 1;

  248. 

  249.             sect = X509V3_get_section(ctx, cnf->name + 1);

  250.             if (!sect) {

  251.                 OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SECTION);

  252.                 X509V3_conf_err(cnf);

  253.                 goto err;

  254.             }

  255.             for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) {

  256.                 success_p =

  257.                     process_pci_value(sk_CONF_VALUE_value(sect, j),

  258.                                       &language, &pathlen, &policy);

  259.             }

  260.             X509V3_section_free(ctx, sect);

  261.             if (!success_p)

  262.                 goto err;

  263.         } else {

  264.             if (!process_pci_value(cnf, &language, &pathlen, &policy)) {

  265.                 X509V3_conf_err(cnf);

  266.                 goto err;

  267.             }

  268.         }

  269.     }

  270. 

  271.     /* Language is mandatory */

  272.     if (!language) {

  273.         OPENSSL_PUT_ERROR(X509V3,

  274.                           X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);

  275.         goto err;

  276.     }

  277.     nid = OBJ_obj2nid(language);

  278.     if ((nid == NID_Independent || nid == NID_id_ppl_inheritAll) && policy) {

  279.         OPENSSL_PUT_ERROR(X509V3,

  280.                           X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);

  281.         goto err;

  282.     }

  283. 

  284.     pci = PROXY_CERT_INFO_EXTENSION_new();

  285.     if (!pci) {

  286.         OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);

  287.         goto err;

  288.     }

  289. 

  290.     pci->proxyPolicy->policyLanguage = language;

  291.     language = NULL;

  292.     pci->proxyPolicy->policy = policy;

  293.     policy = NULL;

  294.     pci->pcPathLengthConstraint = pathlen;

  295.     pathlen = NULL;

  296.     goto end;

  297.  err:

  298.     if (language) {

  299.         ASN1_OBJECT_free(language);

  300.         language = NULL;

  301.     }

  302.     if (pathlen) {

  303.         ASN1_INTEGER_free(pathlen);

  304.         pathlen = NULL;

  305.     }

  306.     if (policy) {

  307.         ASN1_OCTET_STRING_free(policy);

  308.         policy = NULL;

  309.     }

  310.     if (pci) {

  311.         PROXY_CERT_INFO_EXTENSION_free(pci);

  312.         pci = NULL;

  313.     }

  314.  end:

  315.     sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);

  316.     return pci;

  317. }