kris
/
boringssl
1
0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
778 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tag: bbd8444d92
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de bbd8444d92
${ noResults }
boringssl/crypto/x509/by_dir.c

479 linhas
12 KiB
Original Anotar Histórico 

  1. /* crypto/x509/by_dir.c */

  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  3.  * All rights reserved.

  4.  *

  5.  * This package is an SSL implementation written

  6.  * by Eric Young (eay@cryptsoft.com).

  7.  * The implementation was written so as to conform with Netscapes SSL.

  8.  *

  9.  * This library is free for commercial and non-commercial use as long as

  10.  * the following conditions are aheared to.  The following conditions

  11.  * apply to all code found in this distribution, be it the RC4, RSA,

  12.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  13.  * included with this distribution is covered by the same copyright terms

  14.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  15.  *

  16.  * Copyright remains Eric Young's, and as such any Copyright notices in

  17.  * the code are not to be removed.

  18.  * If this package is used in a product, Eric Young should be given attribution

  19.  * as the author of the parts of the library used.

  20.  * This can be in the form of a textual message at program startup or

  21.  * in documentation (online or textual) provided with the package.

  22.  *

  23.  * Redistribution and use in source and binary forms, with or without

  24.  * modification, are permitted provided that the following conditions

  25.  * are met:

  26.  * 1. Redistributions of source code must retain the copyright

  27.  *    notice, this list of conditions and the following disclaimer.

  28.  * 2. Redistributions in binary form must reproduce the above copyright

  29.  *    notice, this list of conditions and the following disclaimer in the

  30.  *    documentation and/or other materials provided with the distribution.

  31.  * 3. All advertising materials mentioning features or use of this software

  32.  *    must display the following acknowledgement:

  33.  *    "This product includes cryptographic software written by

  34.  *     Eric Young (eay@cryptsoft.com)"

  35.  *    The word 'cryptographic' can be left out if the rouines from the library

  36.  *    being used are not cryptographic related :-).

  37.  * 4. If you include any Windows specific code (or a derivative thereof) from

  38.  *    the apps directory (application code) you must include an acknowledgement:

  39.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  40.  *

  41.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  42.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  43.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  44.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  45.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  46.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  47.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  49.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  50.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  51.  * SUCH DAMAGE.

  52.  *

  53.  * The licence and distribution terms for any publically available version or

  54.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  55.  * copied and put under another distribution licence

  56.  * [including the GNU Public Licence.] */

  57. 

  58. #include <sys/types.h>

  59. #include <sys/stat.h>

  60. 

  61. #include <openssl/buf.h>

  62. #include <openssl/err.h>

  63. #include <openssl/lhash.h>

  64. #include <openssl/mem.h>

  65. #include <openssl/x509.h>

  66. 

  67. 

  68. typedef struct lookup_dir_hashes_st

  69. 	{

  70. 	unsigned long hash;

  71. 	int suffix;

  72. 	} BY_DIR_HASH;

  73. 

  74. typedef struct lookup_dir_entry_st

  75. 	{

  76. 	char *dir;

  77. 	int dir_type;

  78. 	STACK_OF(BY_DIR_HASH) *hashes;

  79. 	} BY_DIR_ENTRY;

  80. 

  81. typedef struct lookup_dir_st

  82. 	{

  83. 	BUF_MEM *buffer;

  84. 	STACK_OF(BY_DIR_ENTRY) *dirs;

  85. 	} BY_DIR;

  86. 

  87. DECLARE_STACK_OF(BY_DIR_HASH)

  88. DECLARE_STACK_OF(BY_DIR_ENTRY)

  89. 

  90. static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,

  91. 	char **ret);

  92. static int new_dir(X509_LOOKUP *lu);

  93. static void free_dir(X509_LOOKUP *lu);

  94. static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);

  95. static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,

  96. 	X509_OBJECT *ret);

  97. X509_LOOKUP_METHOD x509_dir_lookup=

  98. 	{

  99. 	"Load certs from files in a directory",

  100. 	new_dir,		/* new */

  101. 	free_dir,		/* free */

  102. 	NULL, 			/* init */

  103. 	NULL,			/* shutdown */

  104. 	dir_ctrl,		/* ctrl */

  105. 	get_cert_by_subject,	/* get_by_subject */

  106. 	NULL,			/* get_by_issuer_serial */

  107. 	NULL,			/* get_by_fingerprint */

  108. 	NULL,			/* get_by_alias */

  109. 	};

  110. 

  111. X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)

  112. 	{

  113. 	return(&x509_dir_lookup);

  114. 	}

  115. 

  116. static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,

  117. 	     char **retp)

  118. 	{

  119. 	int ret=0;

  120. 	BY_DIR *ld;

  121. 	char *dir = NULL;

  122. 

  123. 	ld=(BY_DIR *)ctx->method_data;

  124. 

  125. 	switch (cmd)

  126. 		{

  127. 	case X509_L_ADD_DIR:

  128. 		if (argl == X509_FILETYPE_DEFAULT)

  129. 			{

  130. 			dir=(char *)getenv(X509_get_default_cert_dir_env());

  131. 			if (dir)

  132. 				ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);

  133. 			else

  134. 				ret=add_cert_dir(ld,X509_get_default_cert_dir(),

  135. 					X509_FILETYPE_PEM);

  136. 			if (!ret)

  137. 				{

  138. 				OPENSSL_PUT_ERROR(X509, dir_ctrl, X509_R_LOADING_CERT_DIR);

  139. 				}

  140. 			}

  141. 		else

  142. 			ret=add_cert_dir(ld,argp,(int)argl);

  143. 		break;

  144. 		}

  145. 	return(ret);

  146. 	}

  147. 

  148. static int new_dir(X509_LOOKUP *lu)

  149. 	{

  150. 	BY_DIR *a;

  151. 

  152. 	if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)

  153. 		return(0);

  154. 	if ((a->buffer=BUF_MEM_new()) == NULL)

  155. 		{

  156. 		OPENSSL_free(a);

  157. 		return(0);

  158. 		}

  159. 	a->dirs=NULL;

  160. 	lu->method_data=(char *)a;

  161. 	return(1);

  162. 	}

  163. 

  164. static void by_dir_hash_free(BY_DIR_HASH *hash)

  165. 	{

  166. 	OPENSSL_free(hash);

  167. 	}

  168. 

  169. static int by_dir_hash_cmp(const BY_DIR_HASH **a,

  170. 			const BY_DIR_HASH **b)

  171. 	{

  172. 	if ((*a)->hash > (*b)->hash)

  173. 		return 1;

  174. 	if ((*a)->hash < (*b)->hash)

  175. 		return -1;

  176. 	return 0;

  177. 	}

  178. 

  179. static void by_dir_entry_free(BY_DIR_ENTRY *ent)

  180. 	{

  181. 	if (ent->dir)

  182. 		OPENSSL_free(ent->dir);

  183. 	if (ent->hashes)

  184. 		sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);

  185. 	OPENSSL_free(ent);

  186. 	}

  187. 

  188. static void free_dir(X509_LOOKUP *lu)

  189. 	{

  190. 	BY_DIR *a;

  191. 

  192. 	a=(BY_DIR *)lu->method_data;

  193. 	if (a->dirs != NULL)

  194. 		sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);

  195. 	if (a->buffer != NULL)

  196. 		BUF_MEM_free(a->buffer);

  197. 	OPENSSL_free(a);

  198. 	}

  199. 

  200. static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)

  201. 	{

  202. 	size_t j,len;

  203. 	const char *s,*ss,*p;

  204. 

  205. 	if (dir == NULL || !*dir)

  206. 	    {

  207. 	    OPENSSL_PUT_ERROR(X509, add_cert_dir, X509_R_INVALID_DIRECTORY);

  208. 	    return 0;

  209. 	    }

  210. 

  211. 	s=dir;

  212. 	p=s;

  213. 	do

  214. 		{

  215. 		if ((*p == ':') || (*p == '\0'))

  216. 			{

  217. 			BY_DIR_ENTRY *ent;

  218. 			ss=s;

  219. 			s=p+1;

  220. 			len=p-ss;

  221. 			if (len == 0) continue;

  222. 			for (j=0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++)

  223. 				{

  224. 				ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);

  225. 				if (strlen(ent->dir) == len &&

  226. 				    strncmp(ent->dir,ss,len) == 0)

  227. 					break;

  228. 				}

  229. 			if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))

  230. 				continue;

  231. 			if (ctx->dirs == NULL)

  232. 				{

  233. 				ctx->dirs = sk_BY_DIR_ENTRY_new_null();

  234. 				if (!ctx->dirs)

  235. 					{

  236. 					OPENSSL_PUT_ERROR(X509, add_cert_dir, ERR_R_MALLOC_FAILURE);

  237. 					return 0;

  238. 					}

  239. 				}

  240. 			ent = OPENSSL_malloc(sizeof(BY_DIR_ENTRY));

  241. 			if (!ent)

  242. 				return 0;

  243. 			ent->dir_type = type;

  244. 			ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);

  245. 			ent->dir = OPENSSL_malloc(len+1);

  246. 			if (!ent->dir || !ent->hashes)

  247. 				{

  248. 				by_dir_entry_free(ent);

  249. 				return 0;

  250. 				}

  251. 			strncpy(ent->dir,ss,len);

  252. 			ent->dir[len] = '\0';

  253. 			if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent))

  254. 				{

  255. 				by_dir_entry_free(ent);

  256. 				return 0;

  257. 				}

  258. 			}

  259. 		} while (*p++ != '\0');

  260. 	return 1;

  261. 	}

  262. 

  263. static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,

  264. 	     X509_OBJECT *ret)

  265. 	{

  266. 	BY_DIR *ctx;

  267. 	union	{

  268. 		struct	{

  269. 			X509 st_x509;

  270. 			X509_CINF st_x509_cinf;

  271. 			} x509;

  272. 		struct	{

  273. 			X509_CRL st_crl;

  274. 			X509_CRL_INFO st_crl_info;

  275. 			} crl;

  276. 		} data;

  277. 	int ok=0;

  278. 	size_t i;

  279. 	int j,k;

  280. 	unsigned long h;

  281. 	unsigned long hash_array[2];

  282. 	int hash_index;

  283. 	BUF_MEM *b=NULL;

  284. 	X509_OBJECT stmp,*tmp;

  285. 	const char *postfix="";

  286. 

  287. 	if (name == NULL) return(0);

  288. 

  289. 	stmp.type=type;

  290. 	if (type == X509_LU_X509)

  291. 		{

  292. 		data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;

  293. 		data.x509.st_x509_cinf.subject=name;

  294. 		stmp.data.x509= &data.x509.st_x509;

  295. 		postfix="";

  296. 		}

  297. 	else if (type == X509_LU_CRL)

  298. 		{

  299. 		data.crl.st_crl.crl= &data.crl.st_crl_info;

  300. 		data.crl.st_crl_info.issuer=name;

  301. 		stmp.data.crl= &data.crl.st_crl;

  302. 		postfix="r";

  303. 		}

  304. 	else

  305. 		{

  306. 		OPENSSL_PUT_ERROR(X509, get_cert_by_subject, X509_R_WRONG_LOOKUP_TYPE);

  307. 		goto finish;

  308. 		}

  309. 

  310. 	if ((b=BUF_MEM_new()) == NULL)

  311. 		{

  312. 		OPENSSL_PUT_ERROR(X509, get_cert_by_subject, ERR_R_BUF_LIB);

  313. 		goto finish;

  314. 		}

  315. 	

  316. 	ctx=(BY_DIR *)xl->method_data;

  317. 

  318. 	hash_array[0]=X509_NAME_hash(name);

  319. 	hash_array[1]=X509_NAME_hash_old(name);

  320. 	for (hash_index=0; hash_index < 2; ++hash_index)

  321. 		{

  322. 		h=hash_array[hash_index];

  323. 		for (i=0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++)

  324. 			{

  325. 			BY_DIR_ENTRY *ent;

  326. 			size_t idx;

  327. 			BY_DIR_HASH htmp, *hent;

  328. 			ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);

  329. 			j=strlen(ent->dir)+1+8+6+1+1;

  330. 			if (!BUF_MEM_grow(b,j))

  331. 				{

  332. 				OPENSSL_PUT_ERROR(X509, get_cert_by_subject, ERR_R_MALLOC_FAILURE);

  333. 				goto finish;

  334. 				}

  335. 			if (type == X509_LU_CRL && ent->hashes)

  336. 				{

  337. 				htmp.hash = h;

  338. 				CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);

  339. 				if (sk_BY_DIR_HASH_find(ent->hashes, &idx, &htmp))

  340. 					{

  341. 					hent = sk_BY_DIR_HASH_value(ent->hashes, idx);

  342. 					k = hent->suffix;

  343. 					}

  344. 				else

  345. 					{

  346. 					hent = NULL;

  347. 					k=0;

  348. 					}

  349. 				CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);

  350. 				}

  351. 			else

  352. 				{

  353. 				k = 0;

  354. 				hent = NULL;

  355. 				}

  356. 			for (;;)

  357. 				{

  358. 				char c = '/';

  359. #ifdef OPENSSL_SYS_VMS

  360. 				c = ent->dir[strlen(ent->dir)-1];

  361. 				if (c != ':' && c != '>' && c != ']')

  362. 					{

  363. 					/* If no separator is present, we assume the

  364. 					   directory specifier is a logical name, and

  365. 					   add a colon.  We really should use better

  366. 					   VMS routines for merging things like this,

  367. 					   but this will do for now...

  368. 					   -- Richard Levitte */

  369. 					c = ':';

  370. 					}

  371. 				else

  372. 					{

  373. 					c = '\0';

  374. 					}

  375. #endif

  376. 				if (c == '\0')

  377. 					{

  378. 					/* This is special.  When c == '\0', no

  379. 					   directory separator should be added. */

  380. 					BIO_snprintf(b->data,b->max,

  381. 						"%s%08lx.%s%d",ent->dir,h,

  382. 						postfix,k);

  383. 					}

  384. 				else

  385. 					{

  386. 					BIO_snprintf(b->data,b->max,

  387. 						"%s%c%08lx.%s%d",ent->dir,c,h,

  388. 						postfix,k);

  389. 					}

  390. #ifndef OPENSSL_NO_POSIX_IO

  391. #ifdef _WIN32

  392. #define stat _stat

  393. #endif

  394. 				{

  395. 				struct stat st;

  396. 				if (stat(b->data,&st) < 0)

  397. 					break;

  398. 				}

  399. #endif

  400. 				/* found one. */

  401. 				if (type == X509_LU_X509)

  402. 					{

  403. 					if ((X509_load_cert_file(xl,b->data,

  404. 						ent->dir_type)) == 0)

  405. 						break;

  406. 					}

  407. 				else if (type == X509_LU_CRL)

  408. 					{

  409. 					if ((X509_load_crl_file(xl,b->data,

  410. 						ent->dir_type)) == 0)

  411. 						break;

  412. 					}

  413. 				/* else case will caught higher up */

  414. 				k++;

  415. 				}

  416. 

  417. 			/* we have added it to the cache so now pull

  418. 			 * it out again */

  419. 			CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);

  420. 			tmp = NULL;

  421. 			if (sk_X509_OBJECT_find(xl->store_ctx->objs, &idx, &stmp)) {

  422. 				tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,idx);

  423. 			}

  424. 			CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

  425. 

  426. 

  427. 			/* If a CRL, update the last file suffix added for this */

  428. 

  429. 			if (type == X509_LU_CRL)

  430. 				{

  431. 				CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);

  432. 				/* Look for entry again in case another thread added

  433. 				 * an entry first.

  434. 				 */

  435. 				if (!hent)

  436. 					{

  437. 					htmp.hash = h;

  438. 					if (sk_BY_DIR_HASH_find(ent->hashes, &idx, &htmp))

  439. 						hent = sk_BY_DIR_HASH_value(ent->hashes, idx);

  440. 					}

  441. 				if (!hent)

  442. 					{

  443. 					hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));

  444. 					hent->hash = h;

  445. 					hent->suffix = k;

  446. 					if (!sk_BY_DIR_HASH_push(ent->hashes, hent))

  447. 						{

  448. 						CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

  449. 						OPENSSL_free(hent);

  450. 						ok = 0;

  451. 						goto finish;

  452. 						}

  453. 					}

  454. 				else if (hent->suffix < k)

  455. 					hent->suffix = k;

  456. 

  457. 				CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

  458. 

  459. 				}

  460. 

  461. 			if (tmp != NULL)

  462. 				{

  463. 				ok=1;

  464. 				ret->type=tmp->type;

  465. 				memcpy(&ret->data,&tmp->data,sizeof(ret->data));

  466. 				/* If we were going to up the reference count,

  467. 				 * we would need to do it on a perl 'type'

  468. 				 * basis */

  469. 		/*		CRYPTO_add(&tmp->data.x509->references,1,

  470. 					CRYPTO_LOCK_X509);*/

  471. 				goto finish;

  472. 				}

  473. 			}

  474. 		}

  475. finish:

  476. 	if (b != NULL) BUF_MEM_free(b);

  477. 	return(ok);

  478. 	}