diff options
Diffstat (limited to 'src/lib/libcrypto/x509v3/v3_conf.c')
| -rw-r--r-- | src/lib/libcrypto/x509v3/v3_conf.c | 73 |
1 files changed, 17 insertions, 56 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c index 2b867305fb..1284d5aaa5 100644 --- a/src/lib/libcrypto/x509v3/v3_conf.c +++ b/src/lib/libcrypto/x509v3/v3_conf.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -69,12 +69,11 @@ | |||
| 69 | static int v3_check_critical(char **value); | 69 | static int v3_check_critical(char **value); |
| 70 | static int v3_check_generic(char **value); | 70 | static int v3_check_generic(char **value); |
| 71 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); | 71 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); |
| 72 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); | 72 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type); |
| 73 | static char *conf_lhash_get_string(void *db, char *section, char *value); | 73 | static char *conf_lhash_get_string(void *db, char *section, char *value); |
| 74 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); | 74 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); |
| 75 | static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, | 75 | static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, |
| 76 | int crit, void *ext_struc); | 76 | int crit, void *ext_struc); |
| 77 | static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); | ||
| 78 | /* CONF *conf: Config file */ | 77 | /* CONF *conf: Config file */ |
| 79 | /* char *name: Name */ | 78 | /* char *name: Name */ |
| 80 | /* char *value: Value */ | 79 | /* char *value: Value */ |
| @@ -86,11 +85,11 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, | |||
| 86 | X509_EXTENSION *ret; | 85 | X509_EXTENSION *ret; |
| 87 | crit = v3_check_critical(&value); | 86 | crit = v3_check_critical(&value); |
| 88 | if ((ext_type = v3_check_generic(&value))) | 87 | if ((ext_type = v3_check_generic(&value))) |
| 89 | return v3_generic_extension(name, value, crit, ext_type, ctx); | 88 | return v3_generic_extension(name, value, crit, ext_type); |
| 90 | ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); | 89 | ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); |
| 91 | if (!ret) | 90 | if (!ret) |
| 92 | { | 91 | { |
| 93 | X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION); | 92 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION); |
| 94 | ERR_add_error_data(4,"name=", name, ", value=", value); | 93 | ERR_add_error_data(4,"name=", name, ", value=", value); |
| 95 | } | 94 | } |
| 96 | return ret; | 95 | return ret; |
| @@ -106,7 +105,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, | |||
| 106 | crit = v3_check_critical(&value); | 105 | crit = v3_check_critical(&value); |
| 107 | if ((ext_type = v3_check_generic(&value))) | 106 | if ((ext_type = v3_check_generic(&value))) |
| 108 | return v3_generic_extension(OBJ_nid2sn(ext_nid), | 107 | return v3_generic_extension(OBJ_nid2sn(ext_nid), |
| 109 | value, crit, ext_type, ctx); | 108 | value, crit, ext_type); |
| 110 | return do_ext_nconf(conf, ctx, ext_nid, crit, value); | 109 | return do_ext_nconf(conf, ctx, ext_nid, crit, value); |
| 111 | } | 110 | } |
| 112 | 111 | ||
| @@ -121,12 +120,12 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, | |||
| 121 | void *ext_struc; | 120 | void *ext_struc; |
| 122 | if (ext_nid == NID_undef) | 121 | if (ext_nid == NID_undef) |
| 123 | { | 122 | { |
| 124 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME); | 123 | X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME); |
| 125 | return NULL; | 124 | return NULL; |
| 126 | } | 125 | } |
| 127 | if (!(method = X509V3_EXT_get_nid(ext_nid))) | 126 | if (!(method = X509V3_EXT_get_nid(ext_nid))) |
| 128 | { | 127 | { |
| 129 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION); | 128 | X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION); |
| 130 | return NULL; | 129 | return NULL; |
| 131 | } | 130 | } |
| 132 | /* Now get internal extension representation based on type */ | 131 | /* Now get internal extension representation based on type */ |
| @@ -134,9 +133,9 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, | |||
| 134 | { | 133 | { |
| 135 | if(*value == '@') nval = NCONF_get_section(conf, value + 1); | 134 | if(*value == '@') nval = NCONF_get_section(conf, value + 1); |
| 136 | else nval = X509V3_parse_list(value); | 135 | else nval = X509V3_parse_list(value); |
| 137 | if(sk_CONF_VALUE_num(nval) <= 0) | 136 | if(!nval) |
| 138 | { | 137 | { |
| 139 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING); | 138 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); |
| 140 | ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); | 139 | ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); |
| 141 | return NULL; | 140 | return NULL; |
| 142 | } | 141 | } |
| @@ -151,16 +150,16 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, | |||
| 151 | } | 150 | } |
| 152 | else if(method->r2i) | 151 | else if(method->r2i) |
| 153 | { | 152 | { |
| 154 | if(!ctx->db || !ctx->db_meth) | 153 | if(!ctx->db) |
| 155 | { | 154 | { |
| 156 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE); | 155 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); |
| 157 | return NULL; | 156 | return NULL; |
| 158 | } | 157 | } |
| 159 | if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; | 158 | if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; |
| 160 | } | 159 | } |
| 161 | else | 160 | else |
| 162 | { | 161 | { |
| 163 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); | 162 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); |
| 164 | ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); | 163 | ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); |
| 165 | return NULL; | 164 | return NULL; |
| 166 | } | 165 | } |
| @@ -236,29 +235,17 @@ static int v3_check_critical(char **value) | |||
| 236 | /* Check extension string for generic extension and return the type */ | 235 | /* Check extension string for generic extension and return the type */ |
| 237 | static int v3_check_generic(char **value) | 236 | static int v3_check_generic(char **value) |
| 238 | { | 237 | { |
| 239 | int gen_type = 0; | ||
| 240 | char *p = *value; | 238 | char *p = *value; |
| 241 | if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) | 239 | if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0; |
| 242 | { | 240 | p+=4; |
| 243 | p+=4; | ||
| 244 | gen_type = 1; | ||
| 245 | } | ||
| 246 | else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) | ||
| 247 | { | ||
| 248 | p+=5; | ||
| 249 | gen_type = 2; | ||
| 250 | } | ||
| 251 | else | ||
| 252 | return 0; | ||
| 253 | |||
| 254 | while (isspace((unsigned char)*p)) p++; | 241 | while (isspace((unsigned char)*p)) p++; |
| 255 | *value = p; | 242 | *value = p; |
| 256 | return gen_type; | 243 | return 1; |
| 257 | } | 244 | } |
| 258 | 245 | ||
| 259 | /* Create a generic extension: for now just handle DER type */ | 246 | /* Create a generic extension: for now just handle DER type */ |
| 260 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | 247 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, |
| 261 | int crit, int gen_type, X509V3_CTX *ctx) | 248 | int crit, int type) |
| 262 | { | 249 | { |
| 263 | unsigned char *ext_der=NULL; | 250 | unsigned char *ext_der=NULL; |
| 264 | long ext_len; | 251 | long ext_len; |
| @@ -272,12 +259,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | |||
| 272 | goto err; | 259 | goto err; |
| 273 | } | 260 | } |
| 274 | 261 | ||
| 275 | if (gen_type == 1) | 262 | if (!(ext_der = string_to_hex(value, &ext_len))) |
| 276 | ext_der = string_to_hex(value, &ext_len); | ||
| 277 | else if (gen_type == 2) | ||
| 278 | ext_der = generic_asn1(value, ctx, &ext_len); | ||
| 279 | |||
| 280 | if (ext_der == NULL) | ||
| 281 | { | 263 | { |
| 282 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); | 264 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); |
| 283 | ERR_add_error_data(2, "value=", value); | 265 | ERR_add_error_data(2, "value=", value); |
| @@ -304,17 +286,6 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | |||
| 304 | 286 | ||
| 305 | } | 287 | } |
| 306 | 288 | ||
| 307 | static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) | ||
| 308 | { | ||
| 309 | ASN1_TYPE *typ; | ||
| 310 | unsigned char *ext_der = NULL; | ||
| 311 | typ = ASN1_generate_v3(value, ctx); | ||
| 312 | if (typ == NULL) | ||
| 313 | return NULL; | ||
| 314 | *ext_len = i2d_ASN1_TYPE(typ, &ext_der); | ||
| 315 | ASN1_TYPE_free(typ); | ||
| 316 | return ext_der; | ||
| 317 | } | ||
| 318 | 289 | ||
| 319 | /* This is the main function: add a bunch of extensions based on a config file | 290 | /* This is the main function: add a bunch of extensions based on a config file |
| 320 | * section to an extension STACK. | 291 | * section to an extension STACK. |
| @@ -383,11 +354,6 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, | |||
| 383 | 354 | ||
| 384 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) | 355 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) |
| 385 | { | 356 | { |
| 386 | if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) | ||
| 387 | { | ||
| 388 | X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); | ||
| 389 | return NULL; | ||
| 390 | } | ||
| 391 | if (ctx->db_meth->get_string) | 357 | if (ctx->db_meth->get_string) |
| 392 | return ctx->db_meth->get_string(ctx->db, name, section); | 358 | return ctx->db_meth->get_string(ctx->db, name, section); |
| 393 | return NULL; | 359 | return NULL; |
| @@ -395,11 +361,6 @@ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) | |||
| 395 | 361 | ||
| 396 | STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) | 362 | STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) |
| 397 | { | 363 | { |
| 398 | if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) | ||
| 399 | { | ||
| 400 | X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); | ||
| 401 | return NULL; | ||
| 402 | } | ||
| 403 | if (ctx->db_meth->get_section) | 364 | if (ctx->db_meth->get_section) |
| 404 | return ctx->db_meth->get_section(ctx->db, section); | 365 | return ctx->db_meth->get_section(ctx->db, section); |
| 405 | return NULL; | 366 | return NULL; |