OLD | NEW |
1 /* v3_conf.c */ | 1 /* v3_conf.c */ |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 * project 1999. | 3 * project 1999. |
4 */ | 4 */ |
5 /* ==================================================================== | 5 /* ==================================================================== |
6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
65 #include <openssl/conf.h> | 65 #include <openssl/conf.h> |
66 #include <openssl/x509.h> | 66 #include <openssl/x509.h> |
67 #include <openssl/x509v3.h> | 67 #include <openssl/x509v3.h> |
68 | 68 |
69 static int v3_check_critical(char **value); | 69 static int v3_check_critical(char **value); |
70 static int v3_check_generic(char **value); | 70 static int v3_check_generic(char **value); |
71 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, in
t crit, char *value); | 71 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, in
t crit, char *value); |
72 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int cr
it, int type, X509V3_CTX *ctx); | 72 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int cr
it, int type, X509V3_CTX *ctx); |
73 static char *conf_lhash_get_string(void *db, char *section, char *value); | 73 static char *conf_lhash_get_string(void *db, char *section, char *value); |
74 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); | 74 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); |
75 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, | 75 static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, |
76 » » » » » » int crit, void *ext_struc); | 76 » » » » int crit, void *ext_struc); |
77 static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); | 77 static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); |
78 /* CONF *conf: Config file */ | 78 /* CONF *conf: Config file */ |
79 /* char *name: Name */ | 79 /* char *name: Name */ |
80 /* char *value: Value */ | 80 /* char *value: Value */ |
81 X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, | 81 X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, |
82 » char *value) | 82 » » » » char *value) |
83 { | 83 { |
84 int crit; | 84 int crit; |
85 int ext_type; | 85 int ext_type; |
86 X509_EXTENSION *ret; | 86 X509_EXTENSION *ret; |
87 crit = v3_check_critical(&value); | 87 crit = v3_check_critical(&value); |
88 if ((ext_type = v3_check_generic(&value))) | 88 if ((ext_type = v3_check_generic(&value))) |
89 return v3_generic_extension(name, value, crit, ext_type, ctx); | 89 return v3_generic_extension(name, value, crit, ext_type, ctx); |
90 ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); | 90 ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); |
91 if (!ret) | 91 if (!ret) |
92 { | 92 { |
93 X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION)
; | 93 X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION)
; |
94 ERR_add_error_data(4,"name=", name, ", value=", value); | 94 ERR_add_error_data(4,"name=", name, ", value=", value); |
95 } | 95 } |
96 return ret; | 96 return ret; |
97 } | 97 } |
98 | 98 |
99 /* CONF *conf: Config file */ | 99 /* CONF *conf: Config file */ |
100 /* char *value: Value */ | 100 /* char *value: Value */ |
101 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, | 101 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, |
102 » char *value) | 102 » » » » char *value) |
103 { | 103 { |
104 int crit; | 104 int crit; |
105 int ext_type; | 105 int ext_type; |
106 crit = v3_check_critical(&value); | 106 crit = v3_check_critical(&value); |
107 if ((ext_type = v3_check_generic(&value))) | 107 if ((ext_type = v3_check_generic(&value))) |
108 return v3_generic_extension(OBJ_nid2sn(ext_nid), | 108 return v3_generic_extension(OBJ_nid2sn(ext_nid), |
109 value, crit, ext_type, ctx); | 109 value, crit, ext_type, ctx); |
110 return do_ext_nconf(conf, ctx, ext_nid, crit, value); | 110 return do_ext_nconf(conf, ctx, ext_nid, crit, value); |
111 } | 111 } |
112 | 112 |
113 /* CONF *conf: Config file */ | 113 /* CONF *conf: Config file */ |
114 /* char *value: Value */ | 114 /* char *value: Value */ |
115 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, | 115 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, |
116 » int crit, char *value) | 116 » » » » int crit, char *value) |
117 { | 117 { |
118 » X509V3_EXT_METHOD *method; | 118 » const X509V3_EXT_METHOD *method; |
119 X509_EXTENSION *ext; | 119 X509_EXTENSION *ext; |
120 STACK_OF(CONF_VALUE) *nval; | 120 STACK_OF(CONF_VALUE) *nval; |
121 void *ext_struc; | 121 void *ext_struc; |
122 if (ext_nid == NID_undef) | 122 if (ext_nid == NID_undef) |
123 { | 123 { |
124 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME)
; | 124 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME)
; |
125 return NULL; | 125 return NULL; |
126 } | 126 } |
127 if (!(method = X509V3_EXT_get_nid(ext_nid))) | 127 if (!(method = X509V3_EXT_get_nid(ext_nid))) |
128 { | 128 { |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
165 return NULL; | 165 return NULL; |
166 } | 166 } |
167 | 167 |
168 ext = do_ext_i2d(method, ext_nid, crit, ext_struc); | 168 ext = do_ext_i2d(method, ext_nid, crit, ext_struc); |
169 if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); | 169 if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); |
170 else method->ext_free(ext_struc); | 170 else method->ext_free(ext_struc); |
171 return ext; | 171 return ext; |
172 | 172 |
173 } | 173 } |
174 | 174 |
175 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, | 175 static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, |
176 » » » » » » int crit, void *ext_struc) | 176 » » » » int crit, void *ext_struc) |
177 { | 177 { |
178 unsigned char *ext_der; | 178 unsigned char *ext_der; |
179 int ext_len; | 179 int ext_len; |
180 ASN1_OCTET_STRING *ext_oct; | 180 ASN1_OCTET_STRING *ext_oct; |
181 X509_EXTENSION *ext; | 181 X509_EXTENSION *ext; |
182 /* Convert internal representation to DER */ | 182 /* Convert internal representation to DER */ |
183 if (method->it) | 183 if (method->it) |
184 { | 184 { |
185 ext_der = NULL; | 185 ext_der = NULL; |
186 ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(metho
d->it)); | 186 ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(metho
d->it)); |
(...skipping 20 matching lines...) Expand all Loading... |
207 merr: | 207 merr: |
208 X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); | 208 X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); |
209 return NULL; | 209 return NULL; |
210 | 210 |
211 } | 211 } |
212 | 212 |
213 /* Given an internal structure, nid and critical flag create an extension */ | 213 /* Given an internal structure, nid and critical flag create an extension */ |
214 | 214 |
215 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) | 215 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) |
216 { | 216 { |
217 » X509V3_EXT_METHOD *method; | 217 » const X509V3_EXT_METHOD *method; |
218 if (!(method = X509V3_EXT_get_nid(ext_nid))) { | 218 if (!(method = X509V3_EXT_get_nid(ext_nid))) { |
219 X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); | 219 X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); |
220 return NULL; | 220 return NULL; |
221 } | 221 } |
222 return do_ext_i2d(method, ext_nid, crit, ext_struc); | 222 return do_ext_i2d(method, ext_nid, crit, ext_struc); |
223 } | 223 } |
224 | 224 |
225 /* Check the extension string for critical flag */ | 225 /* Check the extension string for critical flag */ |
226 static int v3_check_critical(char **value) | 226 static int v3_check_critical(char **value) |
227 { | 227 { |
(...skipping 23 matching lines...) Expand all Loading... |
251 else | 251 else |
252 return 0; | 252 return 0; |
253 | 253 |
254 while (isspace((unsigned char)*p)) p++; | 254 while (isspace((unsigned char)*p)) p++; |
255 *value = p; | 255 *value = p; |
256 return gen_type; | 256 return gen_type; |
257 } | 257 } |
258 | 258 |
259 /* Create a generic extension: for now just handle DER type */ | 259 /* Create a generic extension: for now just handle DER type */ |
260 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | 260 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, |
261 » int crit, int gen_type, X509V3_CTX *ctx) | 261 » » » » » int crit, int gen_type, |
| 262 » » » » » X509V3_CTX *ctx) |
262 { | 263 { |
263 unsigned char *ext_der=NULL; | 264 unsigned char *ext_der=NULL; |
264 long ext_len; | 265 long ext_len; |
265 ASN1_OBJECT *obj=NULL; | 266 ASN1_OBJECT *obj=NULL; |
266 ASN1_OCTET_STRING *oct=NULL; | 267 ASN1_OCTET_STRING *oct=NULL; |
267 X509_EXTENSION *extension=NULL; | 268 X509_EXTENSION *extension=NULL; |
268 if (!(obj = OBJ_txt2obj(ext, 0))) | 269 if (!(obj = OBJ_txt2obj(ext, 0))) |
269 { | 270 { |
270 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_
ERROR); | 271 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_
ERROR); |
271 ERR_add_error_data(2, "name=", ext); | 272 ERR_add_error_data(2, "name=", ext); |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
315 ASN1_TYPE_free(typ); | 316 ASN1_TYPE_free(typ); |
316 return ext_der; | 317 return ext_der; |
317 } | 318 } |
318 | 319 |
319 /* This is the main function: add a bunch of extensions based on a config file | 320 /* This is the main function: add a bunch of extensions based on a config file |
320 * section to an extension STACK. | 321 * section to an extension STACK. |
321 */ | 322 */ |
322 | 323 |
323 | 324 |
324 int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, | 325 int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, |
325 » STACK_OF(X509_EXTENSION) **sk) | 326 » » » STACK_OF(X509_EXTENSION) **sk) |
326 { | 327 { |
327 X509_EXTENSION *ext; | 328 X509_EXTENSION *ext; |
328 STACK_OF(CONF_VALUE) *nval; | 329 STACK_OF(CONF_VALUE) *nval; |
329 CONF_VALUE *val; | 330 CONF_VALUE *val; |
330 int i; | 331 int i; |
331 if (!(nval = NCONF_get_section(conf, section))) return 0; | 332 if (!(nval = NCONF_get_section(conf, section))) return 0; |
332 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) | 333 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) |
333 { | 334 { |
334 val = sk_CONF_VALUE_value(nval, i); | 335 val = sk_CONF_VALUE_value(nval, i); |
335 if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) | 336 if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) |
336 return 0; | 337 return 0; |
337 if (sk) X509v3_add_ext(sk, ext, -1); | 338 if (sk) X509v3_add_ext(sk, ext, -1); |
338 X509_EXTENSION_free(ext); | 339 X509_EXTENSION_free(ext); |
339 } | 340 } |
340 return 1; | 341 return 1; |
341 } | 342 } |
342 | 343 |
343 /* Convenience functions to add extensions to a certificate, CRL and request */ | 344 /* Convenience functions to add extensions to a certificate, CRL and request */ |
344 | 345 |
345 int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, | 346 int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, |
346 » X509 *cert) | 347 » » » X509 *cert) |
347 { | 348 { |
348 STACK_OF(X509_EXTENSION) **sk = NULL; | 349 STACK_OF(X509_EXTENSION) **sk = NULL; |
349 if (cert) | 350 if (cert) |
350 sk = &cert->cert_info->extensions; | 351 sk = &cert->cert_info->extensions; |
351 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); | 352 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); |
352 } | 353 } |
353 | 354 |
354 /* Same as above but for a CRL */ | 355 /* Same as above but for a CRL */ |
355 | 356 |
356 int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, | 357 int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, |
357 » X509_CRL *crl) | 358 » » » X509_CRL *crl) |
358 { | 359 { |
359 STACK_OF(X509_EXTENSION) **sk = NULL; | 360 STACK_OF(X509_EXTENSION) **sk = NULL; |
360 if (crl) | 361 if (crl) |
361 sk = &crl->crl->extensions; | 362 sk = &crl->crl->extensions; |
362 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); | 363 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); |
363 } | 364 } |
364 | 365 |
365 /* Add extensions to certificate request */ | 366 /* Add extensions to certificate request */ |
366 | 367 |
367 int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, | 368 int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
436 NULL | 437 NULL |
437 }; | 438 }; |
438 | 439 |
439 void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) | 440 void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) |
440 { | 441 { |
441 ctx->db_meth = &nconf_method; | 442 ctx->db_meth = &nconf_method; |
442 ctx->db = conf; | 443 ctx->db = conf; |
443 } | 444 } |
444 | 445 |
445 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, | 446 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, |
446 » X509_CRL *crl, int flags) | 447 » » X509_CRL *crl, int flags) |
447 { | 448 { |
448 ctx->issuer_cert = issuer; | 449 ctx->issuer_cert = issuer; |
449 ctx->subject_cert = subj; | 450 ctx->subject_cert = subj; |
450 ctx->crl = crl; | 451 ctx->crl = crl; |
451 ctx->subject_req = req; | 452 ctx->subject_req = req; |
452 ctx->flags = flags; | 453 ctx->flags = flags; |
453 } | 454 } |
454 | 455 |
455 /* Old conf compatibility functions */ | 456 /* Old conf compatibility functions */ |
456 | 457 |
457 X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, | 458 X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
458 » char *value) | 459 » » » » char *name, char *value) |
459 { | 460 { |
460 CONF ctmp; | 461 CONF ctmp; |
461 CONF_set_nconf(&ctmp, conf); | 462 CONF_set_nconf(&ctmp, conf); |
462 return X509V3_EXT_nconf(&ctmp, ctx, name, value); | 463 return X509V3_EXT_nconf(&ctmp, ctx, name, value); |
463 } | 464 } |
464 | 465 |
465 /* LHASH *conf: Config file */ | 466 /* LHASH *conf: Config file */ |
466 /* char *value: Value */ | 467 /* char *value: Value */ |
467 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, | 468 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
468 » char *value) | 469 » » » » int ext_nid, char *value) |
469 { | 470 { |
470 CONF ctmp; | 471 CONF ctmp; |
471 CONF_set_nconf(&ctmp, conf); | 472 CONF_set_nconf(&ctmp, conf); |
472 return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); | 473 return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); |
473 } | 474 } |
474 | 475 |
475 static char *conf_lhash_get_string(void *db, char *section, char *value) | 476 static char *conf_lhash_get_string(void *db, char *section, char *value) |
476 { | 477 { |
477 return CONF_get_string(db, section, value); | 478 return CONF_get_string(db, section, value); |
478 } | 479 } |
479 | 480 |
480 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) | 481 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) |
481 { | 482 { |
482 return CONF_get_section(db, section); | 483 return CONF_get_section(db, section); |
483 } | 484 } |
484 | 485 |
485 static X509V3_CONF_METHOD conf_lhash_method = { | 486 static X509V3_CONF_METHOD conf_lhash_method = { |
486 conf_lhash_get_string, | 487 conf_lhash_get_string, |
487 conf_lhash_get_section, | 488 conf_lhash_get_section, |
488 NULL, | 489 NULL, |
489 NULL | 490 NULL |
490 }; | 491 }; |
491 | 492 |
492 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash) | 493 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) |
493 { | 494 { |
494 ctx->db_meth = &conf_lhash_method; | 495 ctx->db_meth = &conf_lhash_method; |
495 ctx->db = lhash; | 496 ctx->db = lhash; |
496 } | 497 } |
497 | 498 |
498 int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | 499 int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
499 » X509 *cert) | 500 » » » char *section, X509 *cert) |
500 { | 501 { |
501 CONF ctmp; | 502 CONF ctmp; |
502 CONF_set_nconf(&ctmp, conf); | 503 CONF_set_nconf(&ctmp, conf); |
503 return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); | 504 return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); |
504 } | 505 } |
505 | 506 |
506 /* Same as above but for a CRL */ | 507 /* Same as above but for a CRL */ |
507 | 508 |
508 int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | 509 int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
509 » X509_CRL *crl) | 510 » » » char *section, X509_CRL *crl) |
510 { | 511 { |
511 CONF ctmp; | 512 CONF ctmp; |
512 CONF_set_nconf(&ctmp, conf); | 513 CONF_set_nconf(&ctmp, conf); |
513 return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); | 514 return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); |
514 } | 515 } |
515 | 516 |
516 /* Add extensions to certificate request */ | 517 /* Add extensions to certificate request */ |
517 | 518 |
518 int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | 519 int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
519 » X509_REQ *req) | 520 » » » char *section, X509_REQ *req) |
520 { | 521 { |
521 CONF ctmp; | 522 CONF ctmp; |
522 CONF_set_nconf(&ctmp, conf); | 523 CONF_set_nconf(&ctmp, conf); |
523 return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); | 524 return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); |
524 } | 525 } |
OLD | NEW |