diff options
Diffstat (limited to 'src/lib/libcrypto/x509v3/v3_conf.c')
| -rw-r--r-- | src/lib/libcrypto/x509v3/v3_conf.c | 73 |
1 files changed, 56 insertions, 17 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c index 1284d5aaa5..2b867305fb 100644 --- a/src/lib/libcrypto/x509v3/v3_conf.c +++ b/src/lib/libcrypto/x509v3/v3_conf.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -69,11 +69,12 @@ | |||
| 69 | static int v3_check_critical(char **value); | 69 | static int v3_check_critical(char **value); |
| 70 | static int v3_check_generic(char **value); | 70 | static int v3_check_generic(char **value); |
| 71 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); | 71 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); |
| 72 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type); | 72 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); |
| 73 | static char *conf_lhash_get_string(void *db, char *section, char *value); | 73 | static char *conf_lhash_get_string(void *db, char *section, char *value); |
| 74 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); | 74 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); |
| 75 | static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, | 75 | static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, |
| 76 | int crit, void *ext_struc); | 76 | int crit, void *ext_struc); |
| 77 | static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); | ||
| 77 | /* CONF *conf: Config file */ | 78 | /* CONF *conf: Config file */ |
| 78 | /* char *name: Name */ | 79 | /* char *name: Name */ |
| 79 | /* char *value: Value */ | 80 | /* char *value: Value */ |
| @@ -85,11 +86,11 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, | |||
| 85 | X509_EXTENSION *ret; | 86 | X509_EXTENSION *ret; |
| 86 | crit = v3_check_critical(&value); | 87 | crit = v3_check_critical(&value); |
| 87 | if ((ext_type = v3_check_generic(&value))) | 88 | if ((ext_type = v3_check_generic(&value))) |
| 88 | return v3_generic_extension(name, value, crit, ext_type); | 89 | return v3_generic_extension(name, value, crit, ext_type, ctx); |
| 89 | ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); | 90 | ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); |
| 90 | if (!ret) | 91 | if (!ret) |
| 91 | { | 92 | { |
| 92 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION); | 93 | X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION); |
| 93 | ERR_add_error_data(4,"name=", name, ", value=", value); | 94 | ERR_add_error_data(4,"name=", name, ", value=", value); |
| 94 | } | 95 | } |
| 95 | return ret; | 96 | return ret; |
| @@ -105,7 +106,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, | |||
| 105 | crit = v3_check_critical(&value); | 106 | crit = v3_check_critical(&value); |
| 106 | if ((ext_type = v3_check_generic(&value))) | 107 | if ((ext_type = v3_check_generic(&value))) |
| 107 | return v3_generic_extension(OBJ_nid2sn(ext_nid), | 108 | return v3_generic_extension(OBJ_nid2sn(ext_nid), |
| 108 | value, crit, ext_type); | 109 | value, crit, ext_type, ctx); |
| 109 | return do_ext_nconf(conf, ctx, ext_nid, crit, value); | 110 | return do_ext_nconf(conf, ctx, ext_nid, crit, value); |
| 110 | } | 111 | } |
| 111 | 112 | ||
| @@ -120,12 +121,12 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, | |||
| 120 | void *ext_struc; | 121 | void *ext_struc; |
| 121 | if (ext_nid == NID_undef) | 122 | if (ext_nid == NID_undef) |
| 122 | { | 123 | { |
| 123 | X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME); | 124 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME); |
| 124 | return NULL; | 125 | return NULL; |
| 125 | } | 126 | } |
| 126 | if (!(method = X509V3_EXT_get_nid(ext_nid))) | 127 | if (!(method = X509V3_EXT_get_nid(ext_nid))) |
| 127 | { | 128 | { |
| 128 | X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION); | 129 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION); |
| 129 | return NULL; | 130 | return NULL; |
| 130 | } | 131 | } |
| 131 | /* Now get internal extension representation based on type */ | 132 | /* Now get internal extension representation based on type */ |
| @@ -133,9 +134,9 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, | |||
| 133 | { | 134 | { |
| 134 | if(*value == '@') nval = NCONF_get_section(conf, value + 1); | 135 | if(*value == '@') nval = NCONF_get_section(conf, value + 1); |
| 135 | else nval = X509V3_parse_list(value); | 136 | else nval = X509V3_parse_list(value); |
| 136 | if(!nval) | 137 | if(sk_CONF_VALUE_num(nval) <= 0) |
| 137 | { | 138 | { |
| 138 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); | 139 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING); |
| 139 | ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); | 140 | ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); |
| 140 | return NULL; | 141 | return NULL; |
| 141 | } | 142 | } |
| @@ -150,16 +151,16 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, | |||
| 150 | } | 151 | } |
| 151 | else if(method->r2i) | 152 | else if(method->r2i) |
| 152 | { | 153 | { |
| 153 | if(!ctx->db) | 154 | if(!ctx->db || !ctx->db_meth) |
| 154 | { | 155 | { |
| 155 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); | 156 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE); |
| 156 | return NULL; | 157 | return NULL; |
| 157 | } | 158 | } |
| 158 | if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; | 159 | if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; |
| 159 | } | 160 | } |
| 160 | else | 161 | else |
| 161 | { | 162 | { |
| 162 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); | 163 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); |
| 163 | ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); | 164 | ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); |
| 164 | return NULL; | 165 | return NULL; |
| 165 | } | 166 | } |
| @@ -235,17 +236,29 @@ static int v3_check_critical(char **value) | |||
| 235 | /* Check extension string for generic extension and return the type */ | 236 | /* Check extension string for generic extension and return the type */ |
| 236 | static int v3_check_generic(char **value) | 237 | static int v3_check_generic(char **value) |
| 237 | { | 238 | { |
| 239 | int gen_type = 0; | ||
| 238 | char *p = *value; | 240 | char *p = *value; |
| 239 | if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0; | 241 | if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) |
| 240 | p+=4; | 242 | { |
| 243 | p+=4; | ||
| 244 | gen_type = 1; | ||
| 245 | } | ||
| 246 | else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) | ||
| 247 | { | ||
| 248 | p+=5; | ||
| 249 | gen_type = 2; | ||
| 250 | } | ||
| 251 | else | ||
| 252 | return 0; | ||
| 253 | |||
| 241 | while (isspace((unsigned char)*p)) p++; | 254 | while (isspace((unsigned char)*p)) p++; |
| 242 | *value = p; | 255 | *value = p; |
| 243 | return 1; | 256 | return gen_type; |
| 244 | } | 257 | } |
| 245 | 258 | ||
| 246 | /* Create a generic extension: for now just handle DER type */ | 259 | /* Create a generic extension: for now just handle DER type */ |
| 247 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | 260 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, |
| 248 | int crit, int type) | 261 | int crit, int gen_type, X509V3_CTX *ctx) |
| 249 | { | 262 | { |
| 250 | unsigned char *ext_der=NULL; | 263 | unsigned char *ext_der=NULL; |
| 251 | long ext_len; | 264 | long ext_len; |
| @@ -259,7 +272,12 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | |||
| 259 | goto err; | 272 | goto err; |
| 260 | } | 273 | } |
| 261 | 274 | ||
| 262 | if (!(ext_der = string_to_hex(value, &ext_len))) | 275 | if (gen_type == 1) |
| 276 | ext_der = string_to_hex(value, &ext_len); | ||
| 277 | else if (gen_type == 2) | ||
| 278 | ext_der = generic_asn1(value, ctx, &ext_len); | ||
| 279 | |||
| 280 | if (ext_der == NULL) | ||
| 263 | { | 281 | { |
| 264 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); | 282 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); |
| 265 | ERR_add_error_data(2, "value=", value); | 283 | ERR_add_error_data(2, "value=", value); |
| @@ -286,6 +304,17 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | |||
| 286 | 304 | ||
| 287 | } | 305 | } |
| 288 | 306 | ||
| 307 | static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) | ||
| 308 | { | ||
| 309 | ASN1_TYPE *typ; | ||
| 310 | unsigned char *ext_der = NULL; | ||
| 311 | typ = ASN1_generate_v3(value, ctx); | ||
| 312 | if (typ == NULL) | ||
| 313 | return NULL; | ||
| 314 | *ext_len = i2d_ASN1_TYPE(typ, &ext_der); | ||
| 315 | ASN1_TYPE_free(typ); | ||
| 316 | return ext_der; | ||
| 317 | } | ||
| 289 | 318 | ||
| 290 | /* This is the main function: add a bunch of extensions based on a config file | 319 | /* This is the main function: add a bunch of extensions based on a config file |
| 291 | * section to an extension STACK. | 320 | * section to an extension STACK. |
| @@ -354,6 +383,11 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, | |||
| 354 | 383 | ||
| 355 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) | 384 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) |
| 356 | { | 385 | { |
| 386 | if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) | ||
| 387 | { | ||
| 388 | X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); | ||
| 389 | return NULL; | ||
| 390 | } | ||
| 357 | if (ctx->db_meth->get_string) | 391 | if (ctx->db_meth->get_string) |
| 358 | return ctx->db_meth->get_string(ctx->db, name, section); | 392 | return ctx->db_meth->get_string(ctx->db, name, section); |
| 359 | return NULL; | 393 | return NULL; |
| @@ -361,6 +395,11 @@ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) | |||
| 361 | 395 | ||
| 362 | STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) | 396 | STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) |
| 363 | { | 397 | { |
| 398 | if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) | ||
| 399 | { | ||
| 400 | X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); | ||
| 401 | return NULL; | ||
| 402 | } | ||
| 364 | if (ctx->db_meth->get_section) | 403 | if (ctx->db_meth->get_section) |
| 365 | return ctx->db_meth->get_section(ctx->db, section); | 404 | return ctx->db_meth->get_section(ctx->db, section); |
| 366 | return NULL; | 405 | return NULL; |