1 /* $OpenBSD: x509_info.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 1999. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 #include <string.h> 61 62 #include <openssl/asn1.h> 63 #include <openssl/asn1t.h> 64 #include <openssl/conf.h> 65 #include <openssl/err.h> 66 #include <openssl/x509v3.h> 67 68 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( 69 X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo, 70 STACK_OF(CONF_VALUE) *ret); 71 static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS( 72 X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 73 74 const X509V3_EXT_METHOD v3_info = { 75 .ext_nid = NID_info_access, 76 .ext_flags = X509V3_EXT_MULTILINE, 77 .it = &AUTHORITY_INFO_ACCESS_it, 78 .ext_new = NULL, 79 .ext_free = NULL, 80 .d2i = NULL, 81 .i2d = NULL, 82 .i2s = NULL, 83 .s2i = NULL, 84 .i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, 85 .v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, 86 .i2r = NULL, 87 .r2i = NULL, 88 .usr_data = NULL, 89 }; 90 91 const X509V3_EXT_METHOD v3_sinfo = { 92 .ext_nid = NID_sinfo_access, 93 .ext_flags = X509V3_EXT_MULTILINE, 94 .it = &AUTHORITY_INFO_ACCESS_it, 95 .ext_new = NULL, 96 .ext_free = NULL, 97 .d2i = NULL, 98 .i2d = NULL, 99 .i2s = NULL, 100 .s2i = NULL, 101 .i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, 102 .v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, 103 .i2r = NULL, 104 .r2i = NULL, 105 .usr_data = NULL, 106 }; 107 108 static const ASN1_TEMPLATE ACCESS_DESCRIPTION_seq_tt[] = { 109 { 110 .flags = 0, 111 .tag = 0, 112 .offset = offsetof(ACCESS_DESCRIPTION, method), 113 .field_name = "method", 114 .item = &ASN1_OBJECT_it, 115 }, 116 { 117 .flags = 0, 118 .tag = 0, 119 .offset = offsetof(ACCESS_DESCRIPTION, location), 120 .field_name = "location", 121 .item = &GENERAL_NAME_it, 122 }, 123 }; 124 125 const ASN1_ITEM ACCESS_DESCRIPTION_it = { 126 .itype = ASN1_ITYPE_SEQUENCE, 127 .utype = V_ASN1_SEQUENCE, 128 .templates = ACCESS_DESCRIPTION_seq_tt, 129 .tcount = sizeof(ACCESS_DESCRIPTION_seq_tt) / sizeof(ASN1_TEMPLATE), 130 .funcs = NULL, 131 .size = sizeof(ACCESS_DESCRIPTION), 132 .sname = "ACCESS_DESCRIPTION", 133 }; 134 135 136 ACCESS_DESCRIPTION * 137 d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, const unsigned char **in, long len) 138 { 139 return (ACCESS_DESCRIPTION *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 140 &ACCESS_DESCRIPTION_it); 141 } 142 143 int 144 i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **out) 145 { 146 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ACCESS_DESCRIPTION_it); 147 } 148 149 ACCESS_DESCRIPTION * 150 ACCESS_DESCRIPTION_new(void) 151 { 152 return (ACCESS_DESCRIPTION *)ASN1_item_new(&ACCESS_DESCRIPTION_it); 153 } 154 155 void 156 ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a) 157 { 158 ASN1_item_free((ASN1_VALUE *)a, &ACCESS_DESCRIPTION_it); 159 } 160 161 static const ASN1_TEMPLATE AUTHORITY_INFO_ACCESS_item_tt = { 162 .flags = ASN1_TFLG_SEQUENCE_OF, 163 .tag = 0, 164 .offset = 0, 165 .field_name = "GeneralNames", 166 .item = &ACCESS_DESCRIPTION_it, 167 }; 168 169 const ASN1_ITEM AUTHORITY_INFO_ACCESS_it = { 170 .itype = ASN1_ITYPE_PRIMITIVE, 171 .utype = -1, 172 .templates = &AUTHORITY_INFO_ACCESS_item_tt, 173 .tcount = 0, 174 .funcs = NULL, 175 .size = 0, 176 .sname = "AUTHORITY_INFO_ACCESS", 177 }; 178 179 180 AUTHORITY_INFO_ACCESS * 181 d2i_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS **a, const unsigned char **in, long len) 182 { 183 return (AUTHORITY_INFO_ACCESS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 184 &AUTHORITY_INFO_ACCESS_it); 185 } 186 187 int 188 i2d_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS *a, unsigned char **out) 189 { 190 return ASN1_item_i2d((ASN1_VALUE *)a, out, &AUTHORITY_INFO_ACCESS_it); 191 } 192 193 AUTHORITY_INFO_ACCESS * 194 AUTHORITY_INFO_ACCESS_new(void) 195 { 196 return (AUTHORITY_INFO_ACCESS *)ASN1_item_new(&AUTHORITY_INFO_ACCESS_it); 197 } 198 199 void 200 AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *a) 201 { 202 ASN1_item_free((ASN1_VALUE *)a, &AUTHORITY_INFO_ACCESS_it); 203 } 204 205 static STACK_OF(CONF_VALUE) * 206 i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, 207 AUTHORITY_INFO_ACCESS *ainfo, STACK_OF(CONF_VALUE) *ret) 208 { 209 ACCESS_DESCRIPTION *desc; 210 CONF_VALUE *vtmp; 211 STACK_OF(CONF_VALUE) *free_ret = NULL; 212 char objtmp[80], *ntmp; 213 int i; 214 215 if (ret == NULL) { 216 if ((free_ret = ret = sk_CONF_VALUE_new_null()) == NULL) 217 return NULL; 218 } 219 220 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { 221 if ((desc = sk_ACCESS_DESCRIPTION_value(ainfo, i)) == NULL) 222 goto err; 223 if ((ret = i2v_GENERAL_NAME(method, desc->location, 224 ret)) == NULL) 225 goto err; 226 if ((vtmp = sk_CONF_VALUE_value(ret, i)) == NULL) 227 goto err; 228 if (!i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method)) 229 goto err; 230 if (asprintf(&ntmp, "%s - %s", objtmp, vtmp->name) == -1) { 231 ntmp = NULL; 232 X509V3error(ERR_R_MALLOC_FAILURE); 233 goto err; 234 } 235 free(vtmp->name); 236 vtmp->name = ntmp; 237 } 238 239 return ret; 240 241 err: 242 sk_CONF_VALUE_pop_free(free_ret, X509V3_conf_free); 243 244 return NULL; 245 } 246 247 static AUTHORITY_INFO_ACCESS * 248 v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 249 STACK_OF(CONF_VALUE) *nval) 250 { 251 AUTHORITY_INFO_ACCESS *ainfo = NULL; 252 CONF_VALUE *cnf, ctmp; 253 ACCESS_DESCRIPTION *acc; 254 int i, objlen; 255 char *objtmp, *ptmp; 256 257 if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { 258 X509V3error(ERR_R_MALLOC_FAILURE); 259 return NULL; 260 } 261 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { 262 cnf = sk_CONF_VALUE_value(nval, i); 263 if ((acc = ACCESS_DESCRIPTION_new()) == NULL) { 264 X509V3error(ERR_R_MALLOC_FAILURE); 265 goto err; 266 } 267 if (sk_ACCESS_DESCRIPTION_push(ainfo, acc) == 0) { 268 ACCESS_DESCRIPTION_free(acc); 269 X509V3error(ERR_R_MALLOC_FAILURE); 270 goto err; 271 } 272 ptmp = strchr(cnf->name, ';'); 273 if (!ptmp) { 274 X509V3error(X509V3_R_INVALID_SYNTAX); 275 goto err; 276 } 277 objlen = ptmp - cnf->name; 278 ctmp.name = ptmp + 1; 279 ctmp.value = cnf->value; 280 if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) 281 goto err; 282 if (!(objtmp = malloc(objlen + 1))) { 283 X509V3error(ERR_R_MALLOC_FAILURE); 284 goto err; 285 } 286 strlcpy(objtmp, cnf->name, objlen + 1); 287 acc->method = OBJ_txt2obj(objtmp, 0); 288 if (!acc->method) { 289 X509V3error(X509V3_R_BAD_OBJECT); 290 ERR_asprintf_error_data("value=%s", objtmp); 291 free(objtmp); 292 goto err; 293 } 294 free(objtmp); 295 } 296 return ainfo; 297 298 err: 299 sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); 300 return NULL; 301 } 302 303 int 304 i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION* a) 305 { 306 i2a_ASN1_OBJECT(bp, a->method); 307 return 2; 308 } 309