/src/openssl/crypto/x509/v3_tlsf.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include "internal/e_os.h" |
11 | | #include "internal/cryptlib.h" |
12 | | #include <stdio.h> |
13 | | #include <openssl/asn1t.h> |
14 | | #include <openssl/conf.h> |
15 | | #include <openssl/x509v3.h> |
16 | | #include "ext_dat.h" |
17 | | #include "x509_local.h" |
18 | | |
19 | | static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, |
20 | | TLS_FEATURE *tls_feature, |
21 | | STACK_OF(CONF_VALUE) *ext_list); |
22 | | static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, |
23 | | X509V3_CTX *ctx, |
24 | | STACK_OF(CONF_VALUE) *nval); |
25 | | |
26 | | ASN1_ITEM_TEMPLATE(TLS_FEATURE) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER) |
27 | 0 | static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE) |
28 | | |
29 | | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) |
30 | | |
31 | | const X509V3_EXT_METHOD ossl_v3_tls_feature = { |
32 | | NID_tlsfeature, 0, |
33 | | ASN1_ITEM_ref(TLS_FEATURE), |
34 | | 0, 0, 0, 0, |
35 | | 0, 0, |
36 | | (X509V3_EXT_I2V)i2v_TLS_FEATURE, |
37 | | (X509V3_EXT_V2I)v2i_TLS_FEATURE, |
38 | | 0, 0, |
39 | | NULL |
40 | | }; |
41 | | |
42 | | typedef struct { |
43 | | long num; |
44 | | const char *name; |
45 | | } TLS_FEATURE_NAME; |
46 | | |
47 | | static TLS_FEATURE_NAME tls_feature_tbl[] = { |
48 | | { 5, "status_request" }, |
49 | | { 17, "status_request_v2" } |
50 | | }; |
51 | | |
52 | | /* |
53 | | * i2v_TLS_FEATURE converts the TLS_FEATURE structure tls_feature into the |
54 | | * STACK_OF(CONF_VALUE) structure ext_list. STACK_OF(CONF_VALUE) is the format |
55 | | * used by the CONF library to represent a multi-valued extension. ext_list is |
56 | | * returned. |
57 | | */ |
58 | | static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, |
59 | | TLS_FEATURE *tls_feature, |
60 | | STACK_OF(CONF_VALUE) *ext_list) |
61 | 0 | { |
62 | 0 | int i; |
63 | 0 | size_t j; |
64 | 0 | ASN1_INTEGER *ai; |
65 | 0 | long tlsextid; |
66 | 0 | for (i = 0; i < sk_ASN1_INTEGER_num(tls_feature); i++) { |
67 | 0 | ai = sk_ASN1_INTEGER_value(tls_feature, i); |
68 | 0 | tlsextid = ASN1_INTEGER_get(ai); |
69 | 0 | for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) |
70 | 0 | if (tlsextid == tls_feature_tbl[j].num) |
71 | 0 | break; |
72 | 0 | if (j < OSSL_NELEM(tls_feature_tbl)) |
73 | 0 | X509V3_add_value(NULL, tls_feature_tbl[j].name, &ext_list); |
74 | 0 | else |
75 | 0 | X509V3_add_value_int(NULL, ai, &ext_list); |
76 | 0 | } |
77 | 0 | return ext_list; |
78 | 0 | } |
79 | | |
80 | | /* |
81 | | * v2i_TLS_FEATURE converts the multi-valued extension nval into a TLS_FEATURE |
82 | | * structure, which is returned if the conversion is successful. In case of |
83 | | * error, NULL is returned. |
84 | | */ |
85 | | static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, |
86 | | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) |
87 | 0 | { |
88 | 0 | TLS_FEATURE *tlsf; |
89 | 0 | char *extval, *endptr; |
90 | 0 | ASN1_INTEGER *ai = NULL; |
91 | 0 | CONF_VALUE *val; |
92 | 0 | int i; |
93 | 0 | size_t j; |
94 | 0 | long tlsextid; |
95 | |
|
96 | 0 | if ((tlsf = sk_ASN1_INTEGER_new_null()) == NULL) { |
97 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB); |
98 | 0 | return NULL; |
99 | 0 | } |
100 | | |
101 | 0 | for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { |
102 | 0 | val = sk_CONF_VALUE_value(nval, i); |
103 | 0 | if (val->value) |
104 | 0 | extval = val->value; |
105 | 0 | else |
106 | 0 | extval = val->name; |
107 | |
|
108 | 0 | for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) |
109 | 0 | if (OPENSSL_strcasecmp(extval, tls_feature_tbl[j].name) == 0) |
110 | 0 | break; |
111 | 0 | if (j < OSSL_NELEM(tls_feature_tbl)) |
112 | 0 | tlsextid = tls_feature_tbl[j].num; |
113 | 0 | else { |
114 | 0 | tlsextid = strtol(extval, &endptr, 10); |
115 | 0 | if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) || (tlsextid > 65535)) { |
116 | 0 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_SYNTAX); |
117 | 0 | X509V3_conf_add_error_name_value(val); |
118 | 0 | goto err; |
119 | 0 | } |
120 | 0 | } |
121 | | |
122 | 0 | if ((ai = ASN1_INTEGER_new()) == NULL |
123 | 0 | || !ASN1_INTEGER_set(ai, tlsextid) |
124 | 0 | || sk_ASN1_INTEGER_push(tlsf, ai) <= 0) { |
125 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
126 | 0 | goto err; |
127 | 0 | } |
128 | | /* So it doesn't get purged if an error occurs next time around */ |
129 | 0 | ai = NULL; |
130 | 0 | } |
131 | 0 | return tlsf; |
132 | | |
133 | 0 | err: |
134 | 0 | sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free); |
135 | 0 | ASN1_INTEGER_free(ai); |
136 | | return NULL; |
137 | 0 | } |