kris
/
boringssl
1
0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
5667 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tag: 9978f0a865
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 9978f0a865
${ noResults }
boringssl/crypto/x509v3/v3_akey.c

208 linhas
7.3 KiB
Original Anotar Histórico 

  1. /* v3_akey.c */

  2. /*

  3.  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project

  4.  * 1999.

  5.  */

  6. /* ====================================================================

  7.  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

  8.  *

  9.  * Redistribution and use in source and binary forms, with or without

  10.  * modification, are permitted provided that the following conditions

  11.  * are met:

  12.  *

  13.  * 1. Redistributions of source code must retain the above copyright

  14.  *    notice, this list of conditions and the following disclaimer.

  15.  *

  16.  * 2. Redistributions in binary form must reproduce the above copyright

  17.  *    notice, this list of conditions and the following disclaimer in

  18.  *    the documentation and/or other materials provided with the

  19.  *    distribution.

  20.  *

  21.  * 3. All advertising materials mentioning features or use of this

  22.  *    software must display the following acknowledgment:

  23.  *    "This product includes software developed by the OpenSSL Project

  24.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  25.  *

  26.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  27.  *    endorse or promote products derived from this software without

  28.  *    prior written permission. For written permission, please contact

  29.  *    licensing@OpenSSL.org.

  30.  *

  31.  * 5. Products derived from this software may not be called "OpenSSL"

  32.  *    nor may "OpenSSL" appear in their names without prior written

  33.  *    permission of the OpenSSL Project.

  34.  *

  35.  * 6. Redistributions of any form whatsoever must retain the following

  36.  *    acknowledgment:

  37.  *    "This product includes software developed by the OpenSSL Project

  38.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  41.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  43.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  44.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  45.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  46.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  47.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  49.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  50.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  51.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  52.  * ====================================================================

  53.  *

  54.  * This product includes cryptographic software written by Eric Young

  55.  * (eay@cryptsoft.com).  This product includes software written by Tim

  56.  * Hudson (tjh@cryptsoft.com). */

  57. 

  58. #include <stdio.h>

  59. #include <string.h>

  60. 

  61. #include <openssl/asn1.h>

  62. #include <openssl/asn1t.h>

  63. #include <openssl/conf.h>

  64. #include <openssl/err.h>

  65. #include <openssl/mem.h>

  66. #include <openssl/obj.h>

  67. #include <openssl/x509v3.h>

  68. 

  69. #include "internal.h"

  70. 

  71. 

  72. static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

  73.                                                  AUTHORITY_KEYID *akeyid,

  74.                                                  STACK_OF(CONF_VALUE)

  75.                                                  *extlist);

  76. static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

  77.                                             X509V3_CTX *ctx,

  78.                                             STACK_OF(CONF_VALUE) *values);

  79. 

  80. const X509V3_EXT_METHOD v3_akey_id = {

  81.     NID_authority_key_identifier,

  82.     X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),

  83.     0, 0, 0, 0,

  84.     0, 0,

  85.     (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID,

  86.     (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,

  87.     0, 0,

  88.     NULL

  89. };

  90. 

  91. static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

  92.                                                  AUTHORITY_KEYID *akeyid,

  93.                                                  STACK_OF(CONF_VALUE)

  94.                                                  *extlist)

  95. {

  96.     char *tmp;

  97.     if (akeyid->keyid) {

  98.         tmp = x509v3_bytes_to_hex(akeyid->keyid->data, akeyid->keyid->length);

  99.         X509V3_add_value("keyid", tmp, &extlist);

  100.         OPENSSL_free(tmp);

  101.     }

  102.     if (akeyid->issuer)

  103.         extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);

  104.     if (akeyid->serial) {

  105.         tmp = x509v3_bytes_to_hex(akeyid->serial->data, akeyid->serial->length);

  106.         X509V3_add_value("serial", tmp, &extlist);

  107.         OPENSSL_free(tmp);

  108.     }

  109.     return extlist;

  110. }

  111. 

  112. /*

  113.  * Currently two options: keyid: use the issuers subject keyid, the value

  114.  * 'always' means its is an error if the issuer certificate doesn't have a

  115.  * key id. issuer: use the issuers cert issuer and serial number. The default

  116.  * is to only use this if keyid is not present. With the option 'always' this

  117.  * is always included.

  118.  */

  119. 

  120. static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

  121.                                             X509V3_CTX *ctx,

  122.                                             STACK_OF(CONF_VALUE) *values)

  123. {

  124.     char keyid = 0, issuer = 0;

  125.     size_t i;

  126.     int j;

  127.     CONF_VALUE *cnf;

  128.     ASN1_OCTET_STRING *ikeyid = NULL;

  129.     X509_NAME *isname = NULL;

  130.     GENERAL_NAMES *gens = NULL;

  131.     GENERAL_NAME *gen = NULL;

  132.     ASN1_INTEGER *serial = NULL;

  133.     X509_EXTENSION *ext;

  134.     X509 *cert;

  135.     AUTHORITY_KEYID *akeyid;

  136. 

  137.     for (i = 0; i < sk_CONF_VALUE_num(values); i++) {

  138.         cnf = sk_CONF_VALUE_value(values, i);

  139.         if (!strcmp(cnf->name, "keyid")) {

  140.             keyid = 1;

  141.             if (cnf->value && !strcmp(cnf->value, "always"))

  142.                 keyid = 2;

  143.         } else if (!strcmp(cnf->name, "issuer")) {

  144.             issuer = 1;

  145.             if (cnf->value && !strcmp(cnf->value, "always"))

  146.                 issuer = 2;

  147.         } else {

  148.             OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_OPTION);

  149.             ERR_add_error_data(2, "name=", cnf->name);

  150.             return NULL;

  151.         }

  152.     }

  153. 

  154.     if (!ctx || !ctx->issuer_cert) {

  155.         if (ctx && (ctx->flags == CTX_TEST))

  156.             return AUTHORITY_KEYID_new();

  157.         OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_ISSUER_CERTIFICATE);

  158.         return NULL;

  159.     }

  160. 

  161.     cert = ctx->issuer_cert;

  162. 

  163.     if (keyid) {

  164.         j = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);

  165.         if ((j >= 0) && (ext = X509_get_ext(cert, j)))

  166.             ikeyid = X509V3_EXT_d2i(ext);

  167.         if (keyid == 2 && !ikeyid) {

  168.             OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);

  169.             return NULL;

  170.         }

  171.     }

  172. 

  173.     if ((issuer && !ikeyid) || (issuer == 2)) {

  174.         isname = X509_NAME_dup(X509_get_issuer_name(cert));

  175.         serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));

  176.         if (!isname || !serial) {

  177.             OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);

  178.             goto err;

  179.         }

  180.     }

  181. 

  182.     if (!(akeyid = AUTHORITY_KEYID_new()))

  183.         goto err;

  184. 

  185.     if (isname) {

  186.         if (!(gens = sk_GENERAL_NAME_new_null())

  187.             || !(gen = GENERAL_NAME_new())

  188.             || !sk_GENERAL_NAME_push(gens, gen)) {

  189.             OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);

  190.             goto err;

  191.         }

  192.         gen->type = GEN_DIRNAME;

  193.         gen->d.dirn = isname;

  194.     }

  195. 

  196.     akeyid->issuer = gens;

  197.     akeyid->serial = serial;

  198.     akeyid->keyid = ikeyid;

  199. 

  200.     return akeyid;

  201. 

  202.  err:

  203.     X509_NAME_free(isname);

  204.     M_ASN1_INTEGER_free(serial);

  205.     M_ASN1_OCTET_STRING_free(ikeyid);

  206.     return NULL;

  207. }