/src/openssl/crypto/x509v3/v3_sxnet.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <stdio.h> |
11 | | #include "internal/cryptlib.h" |
12 | | #include <openssl/conf.h> |
13 | | #include <openssl/asn1.h> |
14 | | #include <openssl/asn1t.h> |
15 | | #include <openssl/x509v3.h> |
16 | | #include "ext_dat.h" |
17 | | |
18 | | /* Support for Thawte strong extranet extension */ |
19 | | |
20 | | #define SXNET_TEST |
21 | | |
22 | | static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, |
23 | | int indent); |
24 | | #ifdef SXNET_TEST |
25 | | static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, |
26 | | STACK_OF(CONF_VALUE) *nval); |
27 | | #endif |
28 | | const X509V3_EXT_METHOD v3_sxnet = { |
29 | | NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), |
30 | | 0, 0, 0, 0, |
31 | | 0, 0, |
32 | | 0, |
33 | | #ifdef SXNET_TEST |
34 | | (X509V3_EXT_V2I)sxnet_v2i, |
35 | | #else |
36 | | 0, |
37 | | #endif |
38 | | (X509V3_EXT_I2R)sxnet_i2r, |
39 | | 0, |
40 | | NULL |
41 | | }; |
42 | | |
43 | | ASN1_SEQUENCE(SXNETID) = { |
44 | | ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), |
45 | | ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) |
46 | | } ASN1_SEQUENCE_END(SXNETID) |
47 | | |
48 | | IMPLEMENT_ASN1_FUNCTIONS(SXNETID) |
49 | | |
50 | | ASN1_SEQUENCE(SXNET) = { |
51 | | ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), |
52 | | ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) |
53 | | } ASN1_SEQUENCE_END(SXNET) |
54 | | |
55 | | IMPLEMENT_ASN1_FUNCTIONS(SXNET) |
56 | | |
57 | | static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, |
58 | | int indent) |
59 | 0 | { |
60 | 0 | long v; |
61 | 0 | char *tmp; |
62 | 0 | SXNETID *id; |
63 | 0 | int i; |
64 | 0 | v = ASN1_INTEGER_get(sx->version); |
65 | 0 | BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); |
66 | 0 | for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { |
67 | 0 | id = sk_SXNETID_value(sx->ids, i); |
68 | 0 | tmp = i2s_ASN1_INTEGER(NULL, id->zone); |
69 | 0 | BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); |
70 | 0 | OPENSSL_free(tmp); |
71 | 0 | ASN1_STRING_print(out, id->user); |
72 | 0 | } |
73 | 0 | return 1; |
74 | 0 | } |
75 | | |
76 | | #ifdef SXNET_TEST |
77 | | |
78 | | /* |
79 | | * NBB: this is used for testing only. It should *not* be used for anything |
80 | | * else because it will just take static IDs from the configuration file and |
81 | | * they should really be separate values for each user. |
82 | | */ |
83 | | |
84 | | static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, |
85 | | STACK_OF(CONF_VALUE) *nval) |
86 | 0 | { |
87 | 0 | CONF_VALUE *cnf; |
88 | 0 | SXNET *sx = NULL; |
89 | 0 | int i; |
90 | 0 | for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { |
91 | 0 | cnf = sk_CONF_VALUE_value(nval, i); |
92 | 0 | if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) |
93 | 0 | return NULL; |
94 | 0 | } |
95 | 0 | return sx; |
96 | 0 | } |
97 | | |
98 | | #endif |
99 | | |
100 | | /* Strong Extranet utility functions */ |
101 | | |
102 | | /* Add an id given the zone as an ASCII number */ |
103 | | |
104 | | int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen) |
105 | 0 | { |
106 | 0 | ASN1_INTEGER *izone; |
107 | 0 |
|
108 | 0 | if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { |
109 | 0 | X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); |
110 | 0 | return 0; |
111 | 0 | } |
112 | 0 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); |
113 | 0 | } |
114 | | |
115 | | /* Add an id given the zone as an unsigned long */ |
116 | | |
117 | | int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, |
118 | | int userlen) |
119 | 0 | { |
120 | 0 | ASN1_INTEGER *izone; |
121 | 0 |
|
122 | 0 | if ((izone = ASN1_INTEGER_new()) == NULL |
123 | 0 | || !ASN1_INTEGER_set(izone, lzone)) { |
124 | 0 | X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE); |
125 | 0 | ASN1_INTEGER_free(izone); |
126 | 0 | return 0; |
127 | 0 | } |
128 | 0 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); |
129 | 0 |
|
130 | 0 | } |
131 | | |
132 | | /* |
133 | | * Add an id given the zone as an ASN1_INTEGER. Note this version uses the |
134 | | * passed integer and doesn't make a copy so don't free it up afterwards. |
135 | | */ |
136 | | |
137 | | int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, |
138 | | int userlen) |
139 | 0 | { |
140 | 0 | SXNET *sx = NULL; |
141 | 0 | SXNETID *id = NULL; |
142 | 0 | if (!psx || !zone || !user) { |
143 | 0 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, |
144 | 0 | X509V3_R_INVALID_NULL_ARGUMENT); |
145 | 0 | return 0; |
146 | 0 | } |
147 | 0 | if (userlen == -1) |
148 | 0 | userlen = strlen(user); |
149 | 0 | if (userlen > 64) { |
150 | 0 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG); |
151 | 0 | return 0; |
152 | 0 | } |
153 | 0 | if (*psx == NULL) { |
154 | 0 | if ((sx = SXNET_new()) == NULL) |
155 | 0 | goto err; |
156 | 0 | if (!ASN1_INTEGER_set(sx->version, 0)) |
157 | 0 | goto err; |
158 | 0 | *psx = sx; |
159 | 0 | } else |
160 | 0 | sx = *psx; |
161 | 0 | if (SXNET_get_id_INTEGER(sx, zone)) { |
162 | 0 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_DUPLICATE_ZONE_ID); |
163 | 0 | return 0; |
164 | 0 | } |
165 | 0 |
|
166 | 0 | if ((id = SXNETID_new()) == NULL) |
167 | 0 | goto err; |
168 | 0 | if (userlen == -1) |
169 | 0 | userlen = strlen(user); |
170 | 0 |
|
171 | 0 | if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen)) |
172 | 0 | goto err; |
173 | 0 | if (!sk_SXNETID_push(sx->ids, id)) |
174 | 0 | goto err; |
175 | 0 | id->zone = zone; |
176 | 0 | return 1; |
177 | 0 | |
178 | 0 | err: |
179 | 0 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE); |
180 | 0 | SXNETID_free(id); |
181 | 0 | SXNET_free(sx); |
182 | 0 | *psx = NULL; |
183 | 0 | return 0; |
184 | 0 | } |
185 | | |
186 | | ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone) |
187 | 0 | { |
188 | 0 | ASN1_INTEGER *izone; |
189 | 0 | ASN1_OCTET_STRING *oct; |
190 | 0 |
|
191 | 0 | if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { |
192 | 0 | X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); |
193 | 0 | return NULL; |
194 | 0 | } |
195 | 0 | oct = SXNET_get_id_INTEGER(sx, izone); |
196 | 0 | ASN1_INTEGER_free(izone); |
197 | 0 | return oct; |
198 | 0 | } |
199 | | |
200 | | ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) |
201 | 0 | { |
202 | 0 | ASN1_INTEGER *izone; |
203 | 0 | ASN1_OCTET_STRING *oct; |
204 | 0 |
|
205 | 0 | if ((izone = ASN1_INTEGER_new()) == NULL |
206 | 0 | || !ASN1_INTEGER_set(izone, lzone)) { |
207 | 0 | X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE); |
208 | 0 | ASN1_INTEGER_free(izone); |
209 | 0 | return NULL; |
210 | 0 | } |
211 | 0 | oct = SXNET_get_id_INTEGER(sx, izone); |
212 | 0 | ASN1_INTEGER_free(izone); |
213 | 0 | return oct; |
214 | 0 | } |
215 | | |
216 | | ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) |
217 | 0 | { |
218 | 0 | SXNETID *id; |
219 | 0 | int i; |
220 | 0 | for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { |
221 | 0 | id = sk_SXNETID_value(sx->ids, i); |
222 | 0 | if (!ASN1_INTEGER_cmp(id->zone, zone)) |
223 | 0 | return id->user; |
224 | 0 | } |
225 | 0 | return NULL; |
226 | 0 | } |