2
0

v3_sxnet.c 6.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249
  1. /*
  2. * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/conf.h>
  12. #include <openssl/asn1.h>
  13. #include <openssl/asn1t.h>
  14. #include <openssl/x509v3.h>
  15. #include "ext_dat.h"
  16. /* Support for Thawte strong extranet extension */
  17. #define SXNET_TEST
  18. static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
  19. int indent);
  20. #ifdef SXNET_TEST
  21. static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
  22. STACK_OF(CONF_VALUE) *nval);
  23. #endif
  24. const X509V3_EXT_METHOD ossl_v3_sxnet = {
  25. NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
  26. 0, 0, 0, 0,
  27. 0, 0,
  28. 0,
  29. #ifdef SXNET_TEST
  30. (X509V3_EXT_V2I)sxnet_v2i,
  31. #else
  32. 0,
  33. #endif
  34. (X509V3_EXT_I2R)sxnet_i2r,
  35. 0,
  36. NULL
  37. };
  38. ASN1_SEQUENCE(SXNETID) = {
  39. ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
  40. ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
  41. } ASN1_SEQUENCE_END(SXNETID)
  42. IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
  43. ASN1_SEQUENCE(SXNET) = {
  44. ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
  45. ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
  46. } ASN1_SEQUENCE_END(SXNET)
  47. IMPLEMENT_ASN1_FUNCTIONS(SXNET)
  48. static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
  49. int indent)
  50. {
  51. int64_t v;
  52. char *tmp;
  53. SXNETID *id;
  54. int i;
  55. /*
  56. * Since we add 1 to the version number to display it, we don't support
  57. * LONG_MAX since that would cause on overflow.
  58. */
  59. if (!ASN1_INTEGER_get_int64(&v, sx->version)
  60. || v >= LONG_MAX
  61. || v < LONG_MIN) {
  62. BIO_printf(out, "%*sVersion: <unsupported>", indent, "");
  63. } else {
  64. long vl = (long)v;
  65. BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl);
  66. }
  67. for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
  68. id = sk_SXNETID_value(sx->ids, i);
  69. tmp = i2s_ASN1_INTEGER(NULL, id->zone);
  70. if (tmp == NULL)
  71. return 0;
  72. BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
  73. OPENSSL_free(tmp);
  74. ASN1_STRING_print(out, id->user);
  75. }
  76. return 1;
  77. }
  78. #ifdef SXNET_TEST
  79. /*
  80. * NBB: this is used for testing only. It should *not* be used for anything
  81. * else because it will just take static IDs from the configuration file and
  82. * they should really be separate values for each user.
  83. */
  84. static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
  85. STACK_OF(CONF_VALUE) *nval)
  86. {
  87. CONF_VALUE *cnf;
  88. SXNET *sx = NULL;
  89. int i;
  90. for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
  91. cnf = sk_CONF_VALUE_value(nval, i);
  92. if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
  93. return NULL;
  94. }
  95. return sx;
  96. }
  97. #endif
  98. /* Strong Extranet utility functions */
  99. /* Add an id given the zone as an ASCII number */
  100. int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen)
  101. {
  102. ASN1_INTEGER *izone;
  103. if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
  104. ERR_raise(ERR_LIB_X509V3, X509V3_R_ERROR_CONVERTING_ZONE);
  105. return 0;
  106. }
  107. return SXNET_add_id_INTEGER(psx, izone, user, userlen);
  108. }
  109. /* Add an id given the zone as an unsigned long */
  110. int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
  111. int userlen)
  112. {
  113. ASN1_INTEGER *izone;
  114. if ((izone = ASN1_INTEGER_new()) == NULL
  115. || !ASN1_INTEGER_set(izone, lzone)) {
  116. ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
  117. ASN1_INTEGER_free(izone);
  118. return 0;
  119. }
  120. return SXNET_add_id_INTEGER(psx, izone, user, userlen);
  121. }
  122. /*
  123. * Add an id given the zone as an ASN1_INTEGER. Note this version uses the
  124. * passed integer and doesn't make a copy so don't free it up afterwards.
  125. */
  126. int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
  127. int userlen)
  128. {
  129. SXNET *sx = NULL;
  130. SXNETID *id = NULL;
  131. if (psx == NULL || zone == NULL || user == NULL) {
  132. ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NULL_ARGUMENT);
  133. return 0;
  134. }
  135. if (userlen == -1)
  136. userlen = strlen(user);
  137. if (userlen > 64) {
  138. ERR_raise(ERR_LIB_X509V3, X509V3_R_USER_TOO_LONG);
  139. return 0;
  140. }
  141. if (*psx == NULL) {
  142. if ((sx = SXNET_new()) == NULL) {
  143. ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
  144. goto err;
  145. }
  146. if (!ASN1_INTEGER_set(sx->version, 0)) {
  147. ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
  148. goto err;
  149. }
  150. } else
  151. sx = *psx;
  152. if (SXNET_get_id_INTEGER(sx, zone)) {
  153. ERR_raise(ERR_LIB_X509V3, X509V3_R_DUPLICATE_ZONE_ID);
  154. if (*psx == NULL)
  155. SXNET_free(sx);
  156. return 0;
  157. }
  158. if ((id = SXNETID_new()) == NULL) {
  159. ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
  160. goto err;
  161. }
  162. if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen)){
  163. ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
  164. goto err;
  165. }
  166. if (!sk_SXNETID_push(sx->ids, id)) {
  167. ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB);
  168. goto err;
  169. }
  170. id->zone = zone;
  171. *psx = sx;
  172. return 1;
  173. err:
  174. SXNETID_free(id);
  175. if (*psx == NULL)
  176. SXNET_free(sx);
  177. return 0;
  178. }
  179. ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone)
  180. {
  181. ASN1_INTEGER *izone;
  182. ASN1_OCTET_STRING *oct;
  183. if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
  184. ERR_raise(ERR_LIB_X509V3, X509V3_R_ERROR_CONVERTING_ZONE);
  185. return NULL;
  186. }
  187. oct = SXNET_get_id_INTEGER(sx, izone);
  188. ASN1_INTEGER_free(izone);
  189. return oct;
  190. }
  191. ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
  192. {
  193. ASN1_INTEGER *izone;
  194. ASN1_OCTET_STRING *oct;
  195. if ((izone = ASN1_INTEGER_new()) == NULL
  196. || !ASN1_INTEGER_set(izone, lzone)) {
  197. ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
  198. ASN1_INTEGER_free(izone);
  199. return NULL;
  200. }
  201. oct = SXNET_get_id_INTEGER(sx, izone);
  202. ASN1_INTEGER_free(izone);
  203. return oct;
  204. }
  205. ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
  206. {
  207. SXNETID *id;
  208. int i;
  209. for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
  210. id = sk_SXNETID_value(sx->ids, i);
  211. if (!ASN1_INTEGER_cmp(id->zone, zone))
  212. return id->user;
  213. }
  214. return NULL;
  215. }