release/src/router/openssl/crypto/x509v3/v3_lib.c

   1 /* v3_lib.c */
   2 /*
   3  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
   4  * 1999.
   5  */
   6 /* ====================================================================
   7  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  *
  13  * 1. Redistributions of source code must retain the above copyright
  14  *    notice, this list of conditions and the following disclaimer.
  15  *
  16  * 2. Redistributions in binary form must reproduce the above copyright
  17  *    notice, this list of conditions and the following disclaimer in
  18  *    the documentation and/or other materials provided with the
  19  *    distribution.
  20  *
  21  * 3. All advertising materials mentioning features or use of this
  22  *    software must display the following acknowledgment:
  23  *    "This product includes software developed by the OpenSSL Project
  24  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25  *
  26  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27  *    endorse or promote products derived from this software without
  28  *    prior written permission. For written permission, please contact
  29  *    licensing@OpenSSL.org.
  30  *
  31  * 5. Products derived from this software may not be called "OpenSSL"
  32  *    nor may "OpenSSL" appear in their names without prior written
  33  *    permission of the OpenSSL Project.
  34  *
  35  * 6. Redistributions of any form whatsoever must retain the following
  36  *    acknowledgment:
  37  *    "This product includes software developed by the OpenSSL Project
  38  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39  *
  40  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  41  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51  * OF THE POSSIBILITY OF SUCH DAMAGE.
  52  * ====================================================================
  53  *
  54  * This product includes cryptographic software written by Eric Young
  55  * (eay@cryptsoft.com).  This product includes software written by Tim
  56  * Hudson (tjh@cryptsoft.com).
  57  *
  58  */
  59 /* X509 v3 extension utilities */
  60
  61 #include <stdio.h>
  62 #include "cryptlib.h"
  63 #include <openssl/conf.h>
  64 #include <openssl/x509v3.h>
  65
  66 #include "ext_dat.h"
  67
  68 static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
  69
  70 static int ext_cmp(const X509V3_EXT_METHOD *const *a,
  71                    const X509V3_EXT_METHOD *const *b);
  72 static void ext_list_free(X509V3_EXT_METHOD *ext);
  73
  74 int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
  75 {
  76     if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
  77         X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
  78         return 0;
  79     }
  80     if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
  81         X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
  82         return 0;
  83     }
  84     return 1;
  85 }
  86
  87 static int ext_cmp(const X509V3_EXT_METHOD *const *a,
  88                    const X509V3_EXT_METHOD *const *b)
  89 {
  90     return ((*a)->ext_nid - (*b)->ext_nid);
  91 }
  92
  93 DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
  94                            const X509V3_EXT_METHOD *, ext);
  95 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
  96                              const X509V3_EXT_METHOD *, ext);
  97
  98 const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
  99 {
 100     X509V3_EXT_METHOD tmp;
 101     const X509V3_EXT_METHOD *t = &tmp, *const *ret;
 102     int idx;
 103     if (nid < 0)
 104         return NULL;
 105     tmp.ext_nid = nid;
 106     ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT);
 107     if (ret)
 108         return *ret;
 109     if (!ext_list)
 110         return NULL;
 111     idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
 112     if (idx == -1)
 113         return NULL;
 114     return sk_X509V3_EXT_METHOD_value(ext_list, idx);
 115 }
 116
 117 const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
 118 {
 119     int nid;
 120     if ((nid = OBJ_obj2nid(ext->object)) == NID_undef)
 121         return NULL;
 122     return X509V3_EXT_get_nid(nid);
 123 }
 124
 125 int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
 126 {
 127     for (; extlist->ext_nid != -1; extlist++)
 128         if (!X509V3_EXT_add(extlist))
 129             return 0;
 130     return 1;
 131 }
 132
 133 int X509V3_EXT_add_alias(int nid_to, int nid_from)
 134 {
 135     const X509V3_EXT_METHOD *ext;
 136     X509V3_EXT_METHOD *tmpext;
 137
 138     if (!(ext = X509V3_EXT_get_nid(nid_from))) {
 139         X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,
 140                   X509V3_R_EXTENSION_NOT_FOUND);
 141         return 0;
 142     }
 143     if (!
 144         (tmpext =
 145          (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
 146         X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE);
 147         return 0;
 148     }
 149     *tmpext = *ext;
 150     tmpext->ext_nid = nid_to;
 151     tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
 152     return X509V3_EXT_add(tmpext);
 153 }
 154
 155 void X509V3_EXT_cleanup(void)
 156 {
 157     sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
 158     ext_list = NULL;
 159 }
 160
 161 static void ext_list_free(X509V3_EXT_METHOD *ext)
 162 {
 163     if (ext->ext_flags & X509V3_EXT_DYNAMIC)
 164         OPENSSL_free(ext);
 165 }
 166
 167 /*
 168  * Legacy function: we don't need to add standard extensions any more because
 169  * they are now kept in ext_dat.h.
 170  */
 171
 172 int X509V3_add_standard_extensions(void)
 173 {
 174     return 1;
 175 }
 176
 177 /* Return an extension internal structure */
 178
 179 void *X509V3_EXT_d2i(X509_EXTENSION *ext)
 180 {
 181     const X509V3_EXT_METHOD *method;
 182     const unsigned char *p;
 183
 184     if (!(method = X509V3_EXT_get(ext)))
 185         return NULL;
 186     p = ext->value->data;
 187     if (method->it)
 188         return ASN1_item_d2i(NULL, &p, ext->value->length,
 189                              ASN1_ITEM_ptr(method->it));
 190     return method->d2i(NULL, &p, ext->value->length);
 191 }
 192
 193 /*-
 194  * Get critical flag and decoded version of extension from a NID.
 195  * The "idx" variable returns the last found extension and can
 196  * be used to retrieve multiple extensions of the same NID.
 197  * However multiple extensions with the same NID is usually
 198  * due to a badly encoded certificate so if idx is NULL we
 199  * choke if multiple extensions exist.
 200  * The "crit" variable is set to the critical value.
 201  * The return value is the decoded extension or NULL on
 202  * error. The actual error can have several different causes,
 203  * the value of *crit reflects the cause:
 204  * >= 0, extension found but not decoded (reflects critical value).
 205  * -1 extension not found.
 206  * -2 extension occurs more than once.
 207  */
 208
 209 void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
 210                      int *idx)
 211 {
 212     int lastpos, i;
 213     X509_EXTENSION *ex, *found_ex = NULL;
 214     if (!x) {
 215         if (idx)
 216             *idx = -1;
 217         if (crit)
 218             *crit = -1;
 219         return NULL;
 220     }
 221     if (idx)
 222         lastpos = *idx + 1;
 223     else
 224         lastpos = 0;
 225     if (lastpos < 0)
 226         lastpos = 0;
 227     for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) {
 228         ex = sk_X509_EXTENSION_value(x, i);
 229         if (OBJ_obj2nid(ex->object) == nid) {
 230             if (idx) {
 231                 *idx = i;
 232                 found_ex = ex;
 233                 break;
 234             } else if (found_ex) {
 235                 /* Found more than one */
 236                 if (crit)
 237                     *crit = -2;
 238                 return NULL;
 239             }
 240             found_ex = ex;
 241         }
 242     }
 243     if (found_ex) {
 244         /* Found it */
 245         if (crit)
 246             *crit = X509_EXTENSION_get_critical(found_ex);
 247         return X509V3_EXT_d2i(found_ex);
 248     }
 249
 250     /* Extension not found */
 251     if (idx)
 252         *idx = -1;
 253     if (crit)
 254         *crit = -1;
 255     return NULL;
 256 }
 257
 258 /*
 259  * This function is a general extension append, replace and delete utility.
 260  * The precise operation is governed by the 'flags' value. The 'crit' and
 261  * 'value' arguments (if relevant) are the extensions internal structure.
 262  */
 263
 264 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
 265                     int crit, unsigned long flags)
 266 {
 267     int extidx = -1;
 268     int errcode;
 269     X509_EXTENSION *ext, *extmp;
 270     unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
 271
 272     /*
 273      * If appending we don't care if it exists, otherwise look for existing
 274      * extension.
 275      */
 276     if (ext_op != X509V3_ADD_APPEND)
 277         extidx = X509v3_get_ext_by_NID(*x, nid, -1);
 278
 279     /* See if extension exists */
 280     if (extidx >= 0) {
 281         /* If keep existing, nothing to do */
 282         if (ext_op == X509V3_ADD_KEEP_EXISTING)
 283             return 1;
 284         /* If default then its an error */
 285         if (ext_op == X509V3_ADD_DEFAULT) {
 286             errcode = X509V3_R_EXTENSION_EXISTS;
 287             goto err;
 288         }
 289         /* If delete, just delete it */
 290         if (ext_op == X509V3_ADD_DELETE) {
 291             if (!sk_X509_EXTENSION_delete(*x, extidx))
 292                 return -1;
 293             return 1;
 294         }
 295     } else {
 296         /*
 297          * If replace existing or delete, error since extension must exist
 298          */
 299         if ((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
 300             (ext_op == X509V3_ADD_DELETE)) {
 301             errcode = X509V3_R_EXTENSION_NOT_FOUND;
 302             goto err;
 303         }
 304     }
 305
 306     /*
 307      * If we get this far then we have to create an extension: could have
 308      * some flags for alternative encoding schemes...
 309      */
 310
 311     ext = X509V3_EXT_i2d(nid, crit, value);
 312
 313     if (!ext) {
 314         X509V3err(X509V3_F_X509V3_ADD1_I2D,
 315                   X509V3_R_ERROR_CREATING_EXTENSION);
 316         return 0;
 317     }
 318
 319     /* If extension exists replace it.. */
 320     if (extidx >= 0) {
 321         extmp = sk_X509_EXTENSION_value(*x, extidx);
 322         X509_EXTENSION_free(extmp);
 323         if (!sk_X509_EXTENSION_set(*x, extidx, ext))
 324             return -1;
 325         return 1;
 326     }
 327
 328     if (!*x && !(*x = sk_X509_EXTENSION_new_null()))
 329         return -1;
 330     if (!sk_X509_EXTENSION_push(*x, ext))
 331         return -1;
 332
 333     return 1;
 334
 335  err:
 336     if (!(flags & X509V3_ADD_SILENT))
 337         X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
 338     return 0;
 339 }
 340
 341 IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)