x509_info.c revision 1.3
1/* $OpenBSD: x509_info.c,v 1.3 2023/02/16 08:38:17 tb Exp $ */ 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 1999. 4 */ 5/* ==================================================================== 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59#include <stdio.h> 60#include <string.h> 61 62#include <openssl/asn1.h> 63#include <openssl/asn1t.h> 64#include <openssl/conf.h> 65#include <openssl/err.h> 66#include <openssl/x509v3.h> 67 68static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( 69 X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo, 70 STACK_OF(CONF_VALUE) *ret); 71static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS( 72 X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 73 74const X509V3_EXT_METHOD v3_info = { 75 .ext_nid = NID_info_access, 76 .ext_flags = X509V3_EXT_MULTILINE, 77 .it = &AUTHORITY_INFO_ACCESS_it, 78 .ext_new = NULL, 79 .ext_free = NULL, 80 .d2i = NULL, 81 .i2d = NULL, 82 .i2s = NULL, 83 .s2i = NULL, 84 .i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, 85 .v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, 86 .i2r = NULL, 87 .r2i = NULL, 88 .usr_data = NULL, 89}; 90 91const X509V3_EXT_METHOD v3_sinfo = { 92 .ext_nid = NID_sinfo_access, 93 .ext_flags = X509V3_EXT_MULTILINE, 94 .it = &AUTHORITY_INFO_ACCESS_it, 95 .ext_new = NULL, 96 .ext_free = NULL, 97 .d2i = NULL, 98 .i2d = NULL, 99 .i2s = NULL, 100 .s2i = NULL, 101 .i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, 102 .v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, 103 .i2r = NULL, 104 .r2i = NULL, 105 .usr_data = NULL, 106}; 107 108static const ASN1_TEMPLATE ACCESS_DESCRIPTION_seq_tt[] = { 109 { 110 .flags = 0, 111 .tag = 0, 112 .offset = offsetof(ACCESS_DESCRIPTION, method), 113 .field_name = "method", 114 .item = &ASN1_OBJECT_it, 115 }, 116 { 117 .flags = 0, 118 .tag = 0, 119 .offset = offsetof(ACCESS_DESCRIPTION, location), 120 .field_name = "location", 121 .item = &GENERAL_NAME_it, 122 }, 123}; 124 125const ASN1_ITEM ACCESS_DESCRIPTION_it = { 126 .itype = ASN1_ITYPE_SEQUENCE, 127 .utype = V_ASN1_SEQUENCE, 128 .templates = ACCESS_DESCRIPTION_seq_tt, 129 .tcount = sizeof(ACCESS_DESCRIPTION_seq_tt) / sizeof(ASN1_TEMPLATE), 130 .funcs = NULL, 131 .size = sizeof(ACCESS_DESCRIPTION), 132 .sname = "ACCESS_DESCRIPTION", 133}; 134 135 136ACCESS_DESCRIPTION * 137d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, const unsigned char **in, long len) 138{ 139 return (ACCESS_DESCRIPTION *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 140 &ACCESS_DESCRIPTION_it); 141} 142LCRYPTO_ALIAS(d2i_ACCESS_DESCRIPTION); 143 144int 145i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **out) 146{ 147 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ACCESS_DESCRIPTION_it); 148} 149LCRYPTO_ALIAS(i2d_ACCESS_DESCRIPTION); 150 151ACCESS_DESCRIPTION * 152ACCESS_DESCRIPTION_new(void) 153{ 154 return (ACCESS_DESCRIPTION *)ASN1_item_new(&ACCESS_DESCRIPTION_it); 155} 156LCRYPTO_ALIAS(ACCESS_DESCRIPTION_new); 157 158void 159ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a) 160{ 161 ASN1_item_free((ASN1_VALUE *)a, &ACCESS_DESCRIPTION_it); 162} 163LCRYPTO_ALIAS(ACCESS_DESCRIPTION_free); 164 165static const ASN1_TEMPLATE AUTHORITY_INFO_ACCESS_item_tt = { 166 .flags = ASN1_TFLG_SEQUENCE_OF, 167 .tag = 0, 168 .offset = 0, 169 .field_name = "GeneralNames", 170 .item = &ACCESS_DESCRIPTION_it, 171}; 172 173const ASN1_ITEM AUTHORITY_INFO_ACCESS_it = { 174 .itype = ASN1_ITYPE_PRIMITIVE, 175 .utype = -1, 176 .templates = &AUTHORITY_INFO_ACCESS_item_tt, 177 .tcount = 0, 178 .funcs = NULL, 179 .size = 0, 180 .sname = "AUTHORITY_INFO_ACCESS", 181}; 182 183 184AUTHORITY_INFO_ACCESS * 185d2i_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS **a, const unsigned char **in, long len) 186{ 187 return (AUTHORITY_INFO_ACCESS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 188 &AUTHORITY_INFO_ACCESS_it); 189} 190LCRYPTO_ALIAS(d2i_AUTHORITY_INFO_ACCESS); 191 192int 193i2d_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS *a, unsigned char **out) 194{ 195 return ASN1_item_i2d((ASN1_VALUE *)a, out, &AUTHORITY_INFO_ACCESS_it); 196} 197LCRYPTO_ALIAS(i2d_AUTHORITY_INFO_ACCESS); 198 199AUTHORITY_INFO_ACCESS * 200AUTHORITY_INFO_ACCESS_new(void) 201{ 202 return (AUTHORITY_INFO_ACCESS *)ASN1_item_new(&AUTHORITY_INFO_ACCESS_it); 203} 204LCRYPTO_ALIAS(AUTHORITY_INFO_ACCESS_new); 205 206void 207AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *a) 208{ 209 ASN1_item_free((ASN1_VALUE *)a, &AUTHORITY_INFO_ACCESS_it); 210} 211LCRYPTO_ALIAS(AUTHORITY_INFO_ACCESS_free); 212 213static STACK_OF(CONF_VALUE) * 214i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, 215 AUTHORITY_INFO_ACCESS *ainfo, STACK_OF(CONF_VALUE) *ret) 216{ 217 ACCESS_DESCRIPTION *desc; 218 CONF_VALUE *vtmp; 219 STACK_OF(CONF_VALUE) *free_ret = NULL; 220 char objtmp[80], *ntmp; 221 int i; 222 223 if (ret == NULL) { 224 if ((free_ret = ret = sk_CONF_VALUE_new_null()) == NULL) 225 return NULL; 226 } 227 228 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { 229 if ((desc = sk_ACCESS_DESCRIPTION_value(ainfo, i)) == NULL) 230 goto err; 231 if ((ret = i2v_GENERAL_NAME(method, desc->location, 232 ret)) == NULL) 233 goto err; 234 if ((vtmp = sk_CONF_VALUE_value(ret, i)) == NULL) 235 goto err; 236 if (!i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method)) 237 goto err; 238 if (asprintf(&ntmp, "%s - %s", objtmp, vtmp->name) == -1) { 239 ntmp = NULL; 240 X509V3error(ERR_R_MALLOC_FAILURE); 241 goto err; 242 } 243 free(vtmp->name); 244 vtmp->name = ntmp; 245 } 246 247 return ret; 248 249 err: 250 sk_CONF_VALUE_pop_free(free_ret, X509V3_conf_free); 251 252 return NULL; 253} 254 255static AUTHORITY_INFO_ACCESS * 256v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 257 STACK_OF(CONF_VALUE) *nval) 258{ 259 AUTHORITY_INFO_ACCESS *ainfo = NULL; 260 CONF_VALUE *cnf, ctmp; 261 ACCESS_DESCRIPTION *acc; 262 int i, objlen; 263 char *objtmp, *ptmp; 264 265 if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { 266 X509V3error(ERR_R_MALLOC_FAILURE); 267 return NULL; 268 } 269 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { 270 cnf = sk_CONF_VALUE_value(nval, i); 271 if ((acc = ACCESS_DESCRIPTION_new()) == NULL) { 272 X509V3error(ERR_R_MALLOC_FAILURE); 273 goto err; 274 } 275 if (sk_ACCESS_DESCRIPTION_push(ainfo, acc) == 0) { 276 ACCESS_DESCRIPTION_free(acc); 277 X509V3error(ERR_R_MALLOC_FAILURE); 278 goto err; 279 } 280 ptmp = strchr(cnf->name, ';'); 281 if (!ptmp) { 282 X509V3error(X509V3_R_INVALID_SYNTAX); 283 goto err; 284 } 285 objlen = ptmp - cnf->name; 286 ctmp.name = ptmp + 1; 287 ctmp.value = cnf->value; 288 if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) 289 goto err; 290 if (!(objtmp = malloc(objlen + 1))) { 291 X509V3error(ERR_R_MALLOC_FAILURE); 292 goto err; 293 } 294 strlcpy(objtmp, cnf->name, objlen + 1); 295 acc->method = OBJ_txt2obj(objtmp, 0); 296 if (!acc->method) { 297 X509V3error(X509V3_R_BAD_OBJECT); 298 ERR_asprintf_error_data("value=%s", objtmp); 299 free(objtmp); 300 goto err; 301 } 302 free(objtmp); 303 } 304 return ainfo; 305 306err: 307 sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); 308 return NULL; 309} 310 311int 312i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION* a) 313{ 314 i2a_ASN1_OBJECT(bp, a->method); 315 return 2; 316} 317LCRYPTO_ALIAS(i2a_ACCESS_DESCRIPTION); 318