lib/libcrypto/x509v3/v3_bitst.c

   1 /* $OpenBSD: v3_bitst.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
   2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   3  * project 1999.
   4  */
   5 /* ====================================================================
   6  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in
  17  *    the documentation and/or other materials provided with the
  18  *    distribution.
  19  *
  20  * 3. All advertising materials mentioning features or use of this
  21  *    software must display the following acknowledgment:
  22  *    "This product includes software developed by the OpenSSL Project
  23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24  *
  25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26  *    endorse or promote products derived from this software without
  27  *    prior written permission. For written permission, please contact
  28  *    licensing@OpenSSL.org.
  29  *
  30  * 5. Products derived from this software may not be called "OpenSSL"
  31  *    nor may "OpenSSL" appear in their names without prior written
  32  *    permission of the OpenSSL Project.
  33  *
  34  * 6. Redistributions of any form whatsoever must retain the following
  35  *    acknowledgment:
  36  *    "This product includes software developed by the OpenSSL Project
  37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38  *
  39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50  * OF THE POSSIBILITY OF SUCH DAMAGE.
  51  * ====================================================================
  52  *
  53  * This product includes cryptographic software written by Eric Young
  54  * (eay@cryptsoft.com).  This product includes software written by Tim
  55  * Hudson (tjh@cryptsoft.com).
  56  *
  57  */
  58
  59 #include <stdio.h>
  60 #include <string.h>
  61
  62 #include <openssl/conf.h>
  63 #include <openssl/err.h>
  64 #include <openssl/x509v3.h>
  65
  66 static BIT_STRING_BITNAME ns_cert_type_table[] = {
  67         {0, "SSL Client", "client"},
  68         {1, "SSL Server", "server"},
  69         {2, "S/MIME", "email"},
  70         {3, "Object Signing", "objsign"},
  71         {4, "Unused", "reserved"},
  72         {5, "SSL CA", "sslCA"},
  73         {6, "S/MIME CA", "emailCA"},
  74         {7, "Object Signing CA", "objCA"},
  75         {-1, NULL, NULL}
  76 };
  77
  78 static BIT_STRING_BITNAME key_usage_type_table[] = {
  79         {0, "Digital Signature", "digitalSignature"},
  80         {1, "Non Repudiation", "nonRepudiation"},
  81         {2, "Key Encipherment", "keyEncipherment"},
  82         {3, "Data Encipherment", "dataEncipherment"},
  83         {4, "Key Agreement", "keyAgreement"},
  84         {5, "Certificate Sign", "keyCertSign"},
  85         {6, "CRL Sign", "cRLSign"},
  86         {7, "Encipher Only", "encipherOnly"},
  87         {8, "Decipher Only", "decipherOnly"},
  88         {-1, NULL, NULL}
  89 };
  90
  91 const X509V3_EXT_METHOD v3_nscert = {
  92         .ext_nid = NID_netscape_cert_type,
  93         .ext_flags = 0,
  94         .it = &ASN1_BIT_STRING_it,
  95         .ext_new = NULL,
  96         .ext_free = NULL,
  97         .d2i = NULL,
  98         .i2d = NULL,
  99         .i2s = NULL,
 100         .s2i = NULL,
 101         .i2v = (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING,
 102         .v2i = (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING,
 103         .i2r = NULL,
 104         .r2i = NULL,
 105         .usr_data = ns_cert_type_table,
 106 };
 107
 108 const X509V3_EXT_METHOD v3_key_usage = {
 109         .ext_nid = NID_key_usage,
 110         .ext_flags = 0,
 111         .it = &ASN1_BIT_STRING_it,
 112         .ext_new = NULL,
 113         .ext_free = NULL,
 114         .d2i = NULL,
 115         .i2d = NULL,
 116         .i2s = NULL,
 117         .s2i = NULL,
 118         .i2v = (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING,
 119         .v2i = (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING,
 120         .i2r = NULL,
 121         .r2i = NULL,
 122         .usr_data = key_usage_type_table,
 123 };
 124
 125 STACK_OF(CONF_VALUE) *
 126 i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits,
 127     STACK_OF(CONF_VALUE) *ret)
 128 {
 129         BIT_STRING_BITNAME *bnam;
 130
 131         for (bnam = method->usr_data; bnam->lname; bnam++) {
 132                 if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
 133                         X509V3_add_value(bnam->lname, NULL, &ret);
 134         }
 135         return ret;
 136 }
 137
 138 ASN1_BIT_STRING *
 139 v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
 140     STACK_OF(CONF_VALUE) *nval)
 141 {
 142         CONF_VALUE *val;
 143         ASN1_BIT_STRING *bs;
 144         int i;
 145         BIT_STRING_BITNAME *bnam;
 146
 147         if (!(bs = ASN1_BIT_STRING_new())) {
 148                 X509V3error(ERR_R_MALLOC_FAILURE);
 149                 return NULL;
 150         }
 151         for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
 152                 val = sk_CONF_VALUE_value(nval, i);
 153                 for (bnam = method->usr_data; bnam->lname; bnam++) {
 154                         if (!strcmp(bnam->sname, val->name) ||
 155                             !strcmp(bnam->lname, val->name) ) {
 156                                 if (!ASN1_BIT_STRING_set_bit(bs,
 157                                     bnam->bitnum, 1)) {
 158                                         X509V3error(ERR_R_MALLOC_FAILURE);
 159                                         ASN1_BIT_STRING_free(bs);
 160                                         return NULL;
 161                                 }
 162                                 break;
 163                         }
 164                 }
 165                 if (!bnam->lname) {
 166                         X509V3error(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
 167                         X509V3_conf_err(val);
 168                         ASN1_BIT_STRING_free(bs);
 169                         return NULL;
 170                 }
 171         }
 172         return bs;
 173 }