| OLD | NEW |
|---|
| (Empty) |
| 1 /* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */ | |
| 2 /* Contributed to the OpenSSL Project 2004 | |
| 3 * by Richard Levitte (richard@levitte.org) | |
| 4 */ | |
| 5 /* Copyright (c) 2004 Kungliga Tekniska Högskolan | |
| 6 * (Royal Institute of Technology, Stockholm, Sweden). | |
| 7 * All rights reserved. | |
| 8 * | |
| 9 * Redistribution and use in source and binary forms, with or without | |
| 10 * modification, are permitted provided that the following conditions | |
| 11 * are met: | |
| 12 * | |
| 13 * 1. Redistributions of source code must retain the above copyright | |
| 14 * notice, this list of conditions and the following disclaimer. | |
| 15 * | |
| 16 * 2. Redistributions in binary form must reproduce the above copyright | |
| 17 * notice, this list of conditions and the following disclaimer in the | |
| 18 * documentation and/or other materials provided with the distribution. | |
| 19 * | |
| 20 * 3. Neither the name of the Institute nor the names of its contributors | |
| 21 * may be used to endorse or promote products derived from this software | |
| 22 * without specific prior written permission. | |
| 23 * | |
| 24 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND | |
| 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
| 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE | |
| 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
| 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
| 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
| 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
| 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
| 34 * SUCH DAMAGE. | |
| 35 */ | |
| 36 | |
| 37 #include <stdio.h> | |
| 38 #include "cryptlib.h" | |
| 39 #include <openssl/conf.h> | |
| 40 #include <openssl/x509v3.h> | |
| 41 | |
| 42 static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, | |
| 43 BIO *out, int indent); | |
| 44 static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, | |
| 45 X509V3_CTX *ctx, char *str); | |
| 46 | |
| 47 const X509V3_EXT_METHOD v3_pci = | |
| 48 { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), | |
| 49 0,0,0,0, | |
| 50 0,0, | |
| 51 NULL, NULL, | |
| 52 (X509V3_EXT_I2R)i2r_pci, | |
| 53 (X509V3_EXT_R2I)r2i_pci, | |
| 54 NULL, | |
| 55 }; | |
| 56 | |
| 57 static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, | |
| 58 BIO *out, int indent) | |
| 59 { | |
| 60 BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); | |
| 61 if (pci->pcPathLengthConstraint) | |
| 62 i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); | |
| 63 else | |
| 64 BIO_printf(out, "infinite"); | |
| 65 BIO_puts(out, "\n"); | |
| 66 BIO_printf(out, "%*sPolicy Language: ", indent, ""); | |
| 67 i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); | |
| 68 BIO_puts(out, "\n"); | |
| 69 if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) | |
| 70 BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", | |
| 71 pci->proxyPolicy->policy->data); | |
| 72 return 1; | |
| 73 } | |
| 74 | |
| 75 static int process_pci_value(CONF_VALUE *val, | |
| 76 ASN1_OBJECT **language, ASN1_INTEGER **pathlen, | |
| 77 ASN1_OCTET_STRING **policy) | |
| 78 { | |
| 79 int free_policy = 0; | |
| 80 | |
| 81 if (strcmp(val->name, "language") == 0) | |
| 82 { | |
| 83 if (*language) | |
| 84 { | |
| 85 X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LAN
GUAGE_ALREADY_DEFINED); | |
| 86 X509V3_conf_err(val); | |
| 87 return 0; | |
| 88 } | |
| 89 if (!(*language = OBJ_txt2obj(val->value, 0))) | |
| 90 { | |
| 91 X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OB
JECT_IDENTIFIER); | |
| 92 X509V3_conf_err(val); | |
| 93 return 0; | |
| 94 } | |
| 95 } | |
| 96 else if (strcmp(val->name, "pathlen") == 0) | |
| 97 { | |
| 98 if (*pathlen) | |
| 99 { | |
| 100 X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PAT
H_LENGTH_ALREADY_DEFINED); | |
| 101 X509V3_conf_err(val); | |
| 102 return 0; | |
| 103 } | |
| 104 if (!X509V3_get_value_int(val, pathlen)) | |
| 105 { | |
| 106 X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PAT
H_LENGTH); | |
| 107 X509V3_conf_err(val); | |
| 108 return 0; | |
| 109 } | |
| 110 } | |
| 111 else if (strcmp(val->name, "policy") == 0) | |
| 112 { | |
| 113 unsigned char *tmp_data = NULL; | |
| 114 long val_len; | |
| 115 if (!*policy) | |
| 116 { | |
| 117 *policy = ASN1_OCTET_STRING_new(); | |
| 118 if (!*policy) | |
| 119 { | |
| 120 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLO
C_FAILURE); | |
| 121 X509V3_conf_err(val); | |
| 122 return 0; | |
| 123 } | |
| 124 free_policy = 1; | |
| 125 } | |
| 126 if (strncmp(val->value, "hex:", 4) == 0) | |
| 127 { | |
| 128 unsigned char *tmp_data2 = | |
| 129 string_to_hex(val->value + 4, &val_len); | |
| 130 | |
| 131 if (!tmp_data2) | |
| 132 { | |
| 133 X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_IL
LEGAL_HEX_DIGIT); | |
| 134 X509V3_conf_err(val); | |
| 135 goto err; | |
| 136 } | |
| 137 | |
| 138 tmp_data = OPENSSL_realloc((*policy)->data, | |
| 139 (*policy)->length + val_len + 1); | |
| 140 if (tmp_data) | |
| 141 { | |
| 142 (*policy)->data = tmp_data; | |
| 143 memcpy(&(*policy)->data[(*policy)->length], | |
| 144 tmp_data2, val_len); | |
| 145 (*policy)->length += val_len; | |
| 146 (*policy)->data[(*policy)->length] = '\0'; | |
| 147 } | |
| 148 else | |
| 149 { | |
| 150 OPENSSL_free(tmp_data2); | |
| 151 /* realloc failure implies the original data spa
ce is b0rked too! */ | |
| 152 (*policy)->data = NULL; | |
| 153 (*policy)->length = 0; | |
| 154 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLO
C_FAILURE); | |
| 155 X509V3_conf_err(val); | |
| 156 goto err; | |
| 157 } | |
| 158 OPENSSL_free(tmp_data2); | |
| 159 } | |
| 160 else if (strncmp(val->value, "file:", 5) == 0) | |
| 161 { | |
| 162 unsigned char buf[2048]; | |
| 163 int n; | |
| 164 BIO *b = BIO_new_file(val->value + 5, "r"); | |
| 165 if (!b) | |
| 166 { | |
| 167 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_L
IB); | |
| 168 X509V3_conf_err(val); | |
| 169 goto err; | |
| 170 } | |
| 171 while((n = BIO_read(b, buf, sizeof(buf))) > 0 | |
| 172 || (n == 0 && BIO_should_retry(b))) | |
| 173 { | |
| 174 if (!n) continue; | |
| 175 | |
| 176 tmp_data = OPENSSL_realloc((*policy)->data, | |
| 177 (*policy)->length + n + 1); | |
| 178 | |
| 179 if (!tmp_data) | |
| 180 break; | |
| 181 | |
| 182 (*policy)->data = tmp_data; | |
| 183 memcpy(&(*policy)->data[(*policy)->length], | |
| 184 buf, n); | |
| 185 (*policy)->length += n; | |
| 186 (*policy)->data[(*policy)->length] = '\0'; | |
| 187 } | |
| 188 BIO_free_all(b); | |
| 189 | |
| 190 if (n < 0) | |
| 191 { | |
| 192 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_L
IB); | |
| 193 X509V3_conf_err(val); | |
| 194 goto err; | |
| 195 } | |
| 196 } | |
| 197 else if (strncmp(val->value, "text:", 5) == 0) | |
| 198 { | |
| 199 val_len = strlen(val->value + 5); | |
| 200 tmp_data = OPENSSL_realloc((*policy)->data, | |
| 201 (*policy)->length + val_len + 1); | |
| 202 if (tmp_data) | |
| 203 { | |
| 204 (*policy)->data = tmp_data; | |
| 205 memcpy(&(*policy)->data[(*policy)->length], | |
| 206 val->value + 5, val_len); | |
| 207 (*policy)->length += val_len; | |
| 208 (*policy)->data[(*policy)->length] = '\0'; | |
| 209 } | |
| 210 else | |
| 211 { | |
| 212 /* realloc failure implies the original data spa
ce is b0rked too! */ | |
| 213 (*policy)->data = NULL; | |
| 214 (*policy)->length = 0; | |
| 215 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLO
C_FAILURE); | |
| 216 X509V3_conf_err(val); | |
| 217 goto err; | |
| 218 } | |
| 219 } | |
| 220 else | |
| 221 { | |
| 222 X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_
POLICY_SYNTAX_TAG); | |
| 223 X509V3_conf_err(val); | |
| 224 goto err; | |
| 225 } | |
| 226 if (!tmp_data) | |
| 227 { | |
| 228 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILUR
E); | |
| 229 X509V3_conf_err(val); | |
| 230 goto err; | |
| 231 } | |
| 232 } | |
| 233 return 1; | |
| 234 err: | |
| 235 if (free_policy) | |
| 236 { | |
| 237 ASN1_OCTET_STRING_free(*policy); | |
| 238 *policy = NULL; | |
| 239 } | |
| 240 return 0; | |
| 241 } | |
| 242 | |
| 243 static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, | |
| 244 X509V3_CTX *ctx, char *value) | |
| 245 { | |
| 246 PROXY_CERT_INFO_EXTENSION *pci = NULL; | |
| 247 STACK_OF(CONF_VALUE) *vals; | |
| 248 ASN1_OBJECT *language = NULL; | |
| 249 ASN1_INTEGER *pathlen = NULL; | |
| 250 ASN1_OCTET_STRING *policy = NULL; | |
| 251 int i, j; | |
| 252 | |
| 253 vals = X509V3_parse_list(value); | |
| 254 for (i = 0; i < sk_CONF_VALUE_num(vals); i++) | |
| 255 { | |
| 256 CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); | |
| 257 if (!cnf->name || (*cnf->name != '@' && !cnf->value)) | |
| 258 { | |
| 259 X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY
_SETTING); | |
| 260 X509V3_conf_err(cnf); | |
| 261 goto err; | |
| 262 } | |
| 263 if (*cnf->name == '@') | |
| 264 { | |
| 265 STACK_OF(CONF_VALUE) *sect; | |
| 266 int success_p = 1; | |
| 267 | |
| 268 sect = X509V3_get_section(ctx, cnf->name + 1); | |
| 269 if (!sect) | |
| 270 { | |
| 271 X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECT
ION); | |
| 272 X509V3_conf_err(cnf); | |
| 273 goto err; | |
| 274 } | |
| 275 for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j+
+) | |
| 276 { | |
| 277 success_p = | |
| 278 process_pci_value(sk_CONF_VALUE_value(se
ct, j), | |
| 279 &language, &pathlen, &policy); | |
| 280 } | |
| 281 X509V3_section_free(ctx, sect); | |
| 282 if (!success_p) | |
| 283 goto err; | |
| 284 } | |
| 285 else | |
| 286 { | |
| 287 if (!process_pci_value(cnf, | |
| 288 &language, &pathlen, &policy)) | |
| 289 { | |
| 290 X509V3_conf_err(cnf); | |
| 291 goto err; | |
| 292 } | |
| 293 } | |
| 294 } | |
| 295 | |
| 296 /* Language is mandatory */ | |
| 297 if (!language) | |
| 298 { | |
| 299 X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAG
E_DEFINED); | |
| 300 goto err; | |
| 301 } | |
| 302 i = OBJ_obj2nid(language); | |
| 303 if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) | |
| 304 { | |
| 305 X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_R
EQUIRES_NO_POLICY); | |
| 306 goto err; | |
| 307 } | |
| 308 | |
| 309 pci = PROXY_CERT_INFO_EXTENSION_new(); | |
| 310 if (!pci) | |
| 311 { | |
| 312 X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); | |
| 313 goto err; | |
| 314 } | |
| 315 | |
| 316 pci->proxyPolicy->policyLanguage = language; language = NULL; | |
| 317 pci->proxyPolicy->policy = policy; policy = NULL; | |
| 318 pci->pcPathLengthConstraint = pathlen; pathlen = NULL; | |
| 319 goto end; | |
| 320 err: | |
| 321 if (language) { ASN1_OBJECT_free(language); language = NULL; } | |
| 322 if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; } | |
| 323 if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; } | |
| 324 if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; } | |
| 325 end: | |
| 326 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); | |
| 327 return pci; | |
| 328 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2072073002:
Delete bundled copy of OpenSSL and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master