xref: /openbsd/lib/libcrypto/x509/x509_info.c (revision 8b5faa71) 
1 /* $OpenBSD: x509_info.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project 1999.
4  */
5 /* ====================================================================
6  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com).  This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com).
56  *
57  */
58 
59 #include <stdio.h>
60 #include <string.h>
61 
62 #include <openssl/asn1.h>
63 #include <openssl/asn1t.h>
64 #include <openssl/conf.h>
65 #include <openssl/err.h>
66 #include <openssl/x509v3.h>
67 
68 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
69     X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo,
70     STACK_OF(CONF_VALUE) *ret);
71 static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(
72     X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
73 
74 static const X509V3_EXT_METHOD x509v3_ext_info_access = {
75 	.ext_nid = NID_info_access,
76 	.ext_flags = X509V3_EXT_MULTILINE,
77 	.it = &AUTHORITY_INFO_ACCESS_it,
78 	.ext_new = NULL,
79 	.ext_free = NULL,
80 	.d2i = NULL,
81 	.i2d = NULL,
82 	.i2s = NULL,
83 	.s2i = NULL,
84 	.i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
85 	.v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
86 	.i2r = NULL,
87 	.r2i = NULL,
88 	.usr_data = NULL,
89 };
90 
91 const X509V3_EXT_METHOD *
x509v3_ext_method_info_access(void)92 x509v3_ext_method_info_access(void)
93 {
94 	return &x509v3_ext_info_access;
95 }
96 
97 static const X509V3_EXT_METHOD x509v3_ext_sinfo_access = {
98 	.ext_nid = NID_sinfo_access,
99 	.ext_flags = X509V3_EXT_MULTILINE,
100 	.it = &AUTHORITY_INFO_ACCESS_it,
101 	.ext_new = NULL,
102 	.ext_free = NULL,
103 	.d2i = NULL,
104 	.i2d = NULL,
105 	.i2s = NULL,
106 	.s2i = NULL,
107 	.i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
108 	.v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
109 	.i2r = NULL,
110 	.r2i = NULL,
111 	.usr_data = NULL,
112 };
113 
114 const X509V3_EXT_METHOD *
x509v3_ext_method_sinfo_access(void)115 x509v3_ext_method_sinfo_access(void)
116 {
117 	return &x509v3_ext_sinfo_access;
118 }
119 
120 static const ASN1_TEMPLATE ACCESS_DESCRIPTION_seq_tt[] = {
121 	{
122 		.flags = 0,
123 		.tag = 0,
124 		.offset = offsetof(ACCESS_DESCRIPTION, method),
125 		.field_name = "method",
126 		.item = &ASN1_OBJECT_it,
127 	},
128 	{
129 		.flags = 0,
130 		.tag = 0,
131 		.offset = offsetof(ACCESS_DESCRIPTION, location),
132 		.field_name = "location",
133 		.item = &GENERAL_NAME_it,
134 	},
135 };
136 
137 const ASN1_ITEM ACCESS_DESCRIPTION_it = {
138 	.itype = ASN1_ITYPE_SEQUENCE,
139 	.utype = V_ASN1_SEQUENCE,
140 	.templates = ACCESS_DESCRIPTION_seq_tt,
141 	.tcount = sizeof(ACCESS_DESCRIPTION_seq_tt) / sizeof(ASN1_TEMPLATE),
142 	.funcs = NULL,
143 	.size = sizeof(ACCESS_DESCRIPTION),
144 	.sname = "ACCESS_DESCRIPTION",
145 };
146 LCRYPTO_ALIAS(ACCESS_DESCRIPTION_it);
147 
148 
149 ACCESS_DESCRIPTION *
d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION ** a,const unsigned char ** in,long len)150 d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, const unsigned char **in, long len)
151 {
152 	return (ACCESS_DESCRIPTION *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
153 	    &ACCESS_DESCRIPTION_it);
154 }
155 LCRYPTO_ALIAS(d2i_ACCESS_DESCRIPTION);
156 
157 int
i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION * a,unsigned char ** out)158 i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **out)
159 {
160 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ACCESS_DESCRIPTION_it);
161 }
162 LCRYPTO_ALIAS(i2d_ACCESS_DESCRIPTION);
163 
164 ACCESS_DESCRIPTION *
ACCESS_DESCRIPTION_new(void)165 ACCESS_DESCRIPTION_new(void)
166 {
167 	return (ACCESS_DESCRIPTION *)ASN1_item_new(&ACCESS_DESCRIPTION_it);
168 }
169 LCRYPTO_ALIAS(ACCESS_DESCRIPTION_new);
170 
171 void
ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION * a)172 ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
173 {
174 	ASN1_item_free((ASN1_VALUE *)a, &ACCESS_DESCRIPTION_it);
175 }
176 LCRYPTO_ALIAS(ACCESS_DESCRIPTION_free);
177 
178 static const ASN1_TEMPLATE AUTHORITY_INFO_ACCESS_item_tt = {
179 	.flags = ASN1_TFLG_SEQUENCE_OF,
180 	.tag = 0,
181 	.offset = 0,
182 	.field_name = "GeneralNames",
183 	.item = &ACCESS_DESCRIPTION_it,
184 };
185 
186 const ASN1_ITEM AUTHORITY_INFO_ACCESS_it = {
187 	.itype = ASN1_ITYPE_PRIMITIVE,
188 	.utype = -1,
189 	.templates = &AUTHORITY_INFO_ACCESS_item_tt,
190 	.tcount = 0,
191 	.funcs = NULL,
192 	.size = 0,
193 	.sname = "AUTHORITY_INFO_ACCESS",
194 };
195 LCRYPTO_ALIAS(AUTHORITY_INFO_ACCESS_it);
196 
197 
198 AUTHORITY_INFO_ACCESS *
d2i_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS ** a,const unsigned char ** in,long len)199 d2i_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS **a, const unsigned char **in, long len)
200 {
201 	return (AUTHORITY_INFO_ACCESS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
202 	    &AUTHORITY_INFO_ACCESS_it);
203 }
204 LCRYPTO_ALIAS(d2i_AUTHORITY_INFO_ACCESS);
205 
206 int
i2d_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS * a,unsigned char ** out)207 i2d_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS *a, unsigned char **out)
208 {
209 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &AUTHORITY_INFO_ACCESS_it);
210 }
211 LCRYPTO_ALIAS(i2d_AUTHORITY_INFO_ACCESS);
212 
213 AUTHORITY_INFO_ACCESS *
AUTHORITY_INFO_ACCESS_new(void)214 AUTHORITY_INFO_ACCESS_new(void)
215 {
216 	return (AUTHORITY_INFO_ACCESS *)ASN1_item_new(&AUTHORITY_INFO_ACCESS_it);
217 }
218 LCRYPTO_ALIAS(AUTHORITY_INFO_ACCESS_new);
219 
220 void
AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS * a)221 AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *a)
222 {
223 	ASN1_item_free((ASN1_VALUE *)a, &AUTHORITY_INFO_ACCESS_it);
224 }
225 LCRYPTO_ALIAS(AUTHORITY_INFO_ACCESS_free);
226 
STACK_OF(CONF_VALUE)227 static STACK_OF(CONF_VALUE) *
228 i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
229     AUTHORITY_INFO_ACCESS *ainfo, STACK_OF(CONF_VALUE) *ret)
230 {
231 	ACCESS_DESCRIPTION *desc;
232 	CONF_VALUE *vtmp;
233 	STACK_OF(CONF_VALUE) *free_ret = NULL;
234 	char objtmp[80], *ntmp;
235 	int i;
236 
237 	if (ret == NULL) {
238 		if ((free_ret = ret = sk_CONF_VALUE_new_null()) == NULL)
239 			return NULL;
240 	}
241 
242 	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
243 		if ((desc = sk_ACCESS_DESCRIPTION_value(ainfo, i)) == NULL)
244 			goto err;
245 		if ((ret = i2v_GENERAL_NAME(method, desc->location,
246 		    ret)) == NULL)
247 			goto err;
248 		if ((vtmp = sk_CONF_VALUE_value(ret, i)) == NULL)
249 			goto err;
250 		if (!i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method))
251 			goto err;
252 		if (asprintf(&ntmp, "%s - %s", objtmp, vtmp->name) == -1) {
253 			ntmp = NULL;
254 			X509V3error(ERR_R_MALLOC_FAILURE);
255 			goto err;
256 		}
257 		free(vtmp->name);
258 		vtmp->name = ntmp;
259 	}
260 
261 	return ret;
262 
263  err:
264 	sk_CONF_VALUE_pop_free(free_ret, X509V3_conf_free);
265 
266 	return NULL;
267 }
268 
269 static AUTHORITY_INFO_ACCESS *
v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD * method,X509V3_CTX * ctx,STACK_OF (CONF_VALUE)* nval)270 v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
271     STACK_OF(CONF_VALUE) *nval)
272 {
273 	AUTHORITY_INFO_ACCESS *ainfo = NULL;
274 	CONF_VALUE *cnf, ctmp;
275 	ACCESS_DESCRIPTION *acc;
276 	int i, objlen;
277 	char *objtmp, *ptmp;
278 
279 	if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
280 		X509V3error(ERR_R_MALLOC_FAILURE);
281 		return NULL;
282 	}
283 	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
284 		cnf = sk_CONF_VALUE_value(nval, i);
285 		if ((acc = ACCESS_DESCRIPTION_new()) == NULL) {
286 			X509V3error(ERR_R_MALLOC_FAILURE);
287 			goto err;
288 		}
289 		if (sk_ACCESS_DESCRIPTION_push(ainfo, acc) == 0) {
290 			ACCESS_DESCRIPTION_free(acc);
291 			X509V3error(ERR_R_MALLOC_FAILURE);
292 			goto err;
293 		}
294 		ptmp = strchr(cnf->name, ';');
295 		if (!ptmp) {
296 			X509V3error(X509V3_R_INVALID_SYNTAX);
297 			goto err;
298 		}
299 		objlen = ptmp - cnf->name;
300 		ctmp.name = ptmp + 1;
301 		ctmp.value = cnf->value;
302 		if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
303 			goto err;
304 		if (!(objtmp = malloc(objlen + 1))) {
305 			X509V3error(ERR_R_MALLOC_FAILURE);
306 			goto err;
307 		}
308 		strlcpy(objtmp, cnf->name, objlen + 1);
309 		acc->method = OBJ_txt2obj(objtmp, 0);
310 		if (!acc->method) {
311 			X509V3error(X509V3_R_BAD_OBJECT);
312 			ERR_asprintf_error_data("value=%s", objtmp);
313 			free(objtmp);
314 			goto err;
315 		}
316 		free(objtmp);
317 	}
318 	return ainfo;
319 
320 err:
321 	sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
322 	return NULL;
323 }
324 
325 int
i2a_ACCESS_DESCRIPTION(BIO * bp,const ACCESS_DESCRIPTION * a)326 i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION* a)
327 {
328 	i2a_ASN1_OBJECT(bp, a->method);
329 	return 2;
330 }
331 LCRYPTO_ALIAS(i2a_ACCESS_DESCRIPTION);
332