1 /* $OpenBSD: x509_extku.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5 /* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59 #include <stdio.h>
60
61 #include <openssl/asn1t.h>
62 #include <openssl/conf.h>
63 #include <openssl/err.h>
64 #include <openssl/x509v3.h>
65
66 #include "x509_local.h"
67
68 static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
70 static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(
71 const X509V3_EXT_METHOD *method, void *eku, STACK_OF(CONF_VALUE) *extlist);
72
73 static const X509V3_EXT_METHOD x509v3_ext_ext_key_usage = {
74 .ext_nid = NID_ext_key_usage,
75 .ext_flags = 0,
76 .it = &EXTENDED_KEY_USAGE_it,
77 .ext_new = NULL,
78 .ext_free = NULL,
79 .d2i = NULL,
80 .i2d = NULL,
81 .i2s = NULL,
82 .s2i = NULL,
83 .i2v = i2v_EXTENDED_KEY_USAGE,
84 .v2i = v2i_EXTENDED_KEY_USAGE,
85 .i2r = NULL,
86 .r2i = NULL,
87 .usr_data = NULL,
88 };
89
90 const X509V3_EXT_METHOD *
x509v3_ext_method_ext_key_usage(void)91 x509v3_ext_method_ext_key_usage(void)
92 {
93 return &x509v3_ext_ext_key_usage;
94 }
95
96 /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
97 static const X509V3_EXT_METHOD x509v3_ext_id_pkix_OCSP_acceptableResponses = {
98 .ext_nid = NID_id_pkix_OCSP_acceptableResponses,
99 .ext_flags = 0,
100 .it = &EXTENDED_KEY_USAGE_it,
101 .ext_new = NULL,
102 .ext_free = NULL,
103 .d2i = NULL,
104 .i2d = NULL,
105 .i2s = NULL,
106 .s2i = NULL,
107 .i2v = i2v_EXTENDED_KEY_USAGE,
108 .v2i = v2i_EXTENDED_KEY_USAGE,
109 .i2r = NULL,
110 .r2i = NULL,
111 .usr_data = NULL,
112 };
113
114 const X509V3_EXT_METHOD *
x509v3_ext_method_id_pkix_OCSP_acceptableResponses(void)115 x509v3_ext_method_id_pkix_OCSP_acceptableResponses(void)
116 {
117 return &x509v3_ext_id_pkix_OCSP_acceptableResponses;
118 }
119
120 static const ASN1_TEMPLATE EXTENDED_KEY_USAGE_item_tt = {
121 .flags = ASN1_TFLG_SEQUENCE_OF,
122 .tag = 0,
123 .offset = 0,
124 .field_name = "EXTENDED_KEY_USAGE",
125 .item = &ASN1_OBJECT_it,
126 };
127
128 const ASN1_ITEM EXTENDED_KEY_USAGE_it = {
129 .itype = ASN1_ITYPE_PRIMITIVE,
130 .utype = -1,
131 .templates = &EXTENDED_KEY_USAGE_item_tt,
132 .tcount = 0,
133 .funcs = NULL,
134 .size = 0,
135 .sname = "EXTENDED_KEY_USAGE",
136 };
137 LCRYPTO_ALIAS(EXTENDED_KEY_USAGE_it);
138
139
140 EXTENDED_KEY_USAGE *
d2i_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE ** a,const unsigned char ** in,long len)141 d2i_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE **a, const unsigned char **in, long len)
142 {
143 return (EXTENDED_KEY_USAGE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
144 &EXTENDED_KEY_USAGE_it);
145 }
146 LCRYPTO_ALIAS(d2i_EXTENDED_KEY_USAGE);
147
148 int
i2d_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE * a,unsigned char ** out)149 i2d_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE *a, unsigned char **out)
150 {
151 return ASN1_item_i2d((ASN1_VALUE *)a, out, &EXTENDED_KEY_USAGE_it);
152 }
153 LCRYPTO_ALIAS(i2d_EXTENDED_KEY_USAGE);
154
155 EXTENDED_KEY_USAGE *
EXTENDED_KEY_USAGE_new(void)156 EXTENDED_KEY_USAGE_new(void)
157 {
158 return (EXTENDED_KEY_USAGE *)ASN1_item_new(&EXTENDED_KEY_USAGE_it);
159 }
160 LCRYPTO_ALIAS(EXTENDED_KEY_USAGE_new);
161
162 void
EXTENDED_KEY_USAGE_free(EXTENDED_KEY_USAGE * a)163 EXTENDED_KEY_USAGE_free(EXTENDED_KEY_USAGE *a)
164 {
165 ASN1_item_free((ASN1_VALUE *)a, &EXTENDED_KEY_USAGE_it);
166 }
167 LCRYPTO_ALIAS(EXTENDED_KEY_USAGE_free);
168
STACK_OF(CONF_VALUE)169 static STACK_OF(CONF_VALUE) *
170 i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, void *a,
171 STACK_OF(CONF_VALUE) *extlist)
172 {
173 ASN1_OBJECT *obj;
174 EXTENDED_KEY_USAGE *eku = a;
175 STACK_OF(CONF_VALUE) *free_extlist = NULL;
176 char obj_tmp[80];
177 int i;
178
179 if (extlist == NULL) {
180 if ((free_extlist = extlist = sk_CONF_VALUE_new_null()) == NULL)
181 return NULL;
182 }
183
184 for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
185 if ((obj = sk_ASN1_OBJECT_value(eku, i)) == NULL)
186 goto err;
187 if (!i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, obj))
188 goto err;
189 if (!X509V3_add_value(NULL, obj_tmp, &extlist))
190 goto err;
191 }
192
193 return extlist;
194
195 err:
196 sk_CONF_VALUE_pop_free(free_extlist, X509V3_conf_free);
197
198 return NULL;
199 }
200
201 static void *
v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD * method,X509V3_CTX * ctx,STACK_OF (CONF_VALUE)* nval)202 v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
203 STACK_OF(CONF_VALUE) *nval)
204 {
205 EXTENDED_KEY_USAGE *extku;
206 char *extval;
207 ASN1_OBJECT *objtmp;
208 CONF_VALUE *val;
209 int i;
210
211 if (!(extku = sk_ASN1_OBJECT_new_null())) {
212 X509V3error(ERR_R_MALLOC_FAILURE);
213 return NULL;
214 }
215
216 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
217 val = sk_CONF_VALUE_value(nval, i);
218 if (val->value)
219 extval = val->value;
220 else
221 extval = val->name;
222 if (!(objtmp = OBJ_txt2obj(extval, 0))) {
223 sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
224 X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER);
225 X509V3_conf_err(val);
226 return NULL;
227 }
228 if (sk_ASN1_OBJECT_push(extku, objtmp) == 0) {
229 ASN1_OBJECT_free(objtmp);
230 sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
231 X509V3error(ERR_R_MALLOC_FAILURE);
232 return NULL;
233 }
234 }
235 return extku;
236 }
237