v3_sxnet.c 6.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259
  1. /*
  2. * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/conf.h>
  12. #include <openssl/asn1.h>
  13. #include <openssl/asn1t.h>
  14. #include <openssl/x509v3.h>
  15. #include "ext_dat.h"
  16. /* Support for Thawte strong extranet extension */
  17. #define SXNET_TEST
  18. static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
  19. int indent);
  20. #ifdef SXNET_TEST
  21. static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
  22. STACK_OF(CONF_VALUE) *nval);
  23. #endif
  24. const X509V3_EXT_METHOD ossl_v3_sxnet = {
  25. NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
  26. 0, 0, 0, 0,
  27. 0, 0,
  28. 0,
  29. #ifdef SXNET_TEST
  30. (X509V3_EXT_V2I)sxnet_v2i,
  31. #else
  32. 0,
  33. #endif
  34. (X509V3_EXT_I2R)sxnet_i2r,
  35. 0,
  36. NULL
  37. };
  38. ASN1_SEQUENCE(SXNETID) = {
  39. ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
  40. ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
  41. } ASN1_SEQUENCE_END(SXNETID)
  42. IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
  43. ASN1_SEQUENCE(SXNET) = {
  44. ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
  45. ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
  46. } ASN1_SEQUENCE_END(SXNET)
  47. IMPLEMENT_ASN1_FUNCTIONS(SXNET)
  48. static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
  49. int indent)
  50. {
  51. int64_t v;
  52. char *tmp;
  53. SXNETID *id;
  54. int i;
  55. /*
  56. * Since we add 1 to the version number to display it, we don't support
  57. * LONG_MAX since that would cause on overflow.
  58. */
  59. if (!ASN1_INTEGER_get_int64(&v, sx->version)
  60. || v >= LONG_MAX
  61. || v < LONG_MIN) {
  62. BIO_printf(out, "%*sVersion: <unsupported>", indent, "");
  63. } else {
  64. long vl = (long)v;
  65. BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl);
  66. }
  67. for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
  68. id = sk_SXNETID_value(sx->ids, i);
  69. tmp = i2s_ASN1_INTEGER(NULL, id->zone);
  70. if (tmp == NULL)
  71. return 0;
  72. BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
  73. OPENSSL_free(tmp);
  74. ASN1_STRING_print(out, id->user);
  75. }
  76. return 1;
  77. }
  78. #ifdef SXNET_TEST
  79. /*
  80. * NBB: this is used for testing only. It should *not* be used for anything
  81. * else because it will just take static IDs from the configuration file and
  82. * they should really be separate values for each user.
  83. */
  84. static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
  85. STACK_OF(CONF_VALUE) *nval)
  86. {
  87. CONF_VALUE *cnf;
  88. SXNET *sx = NULL;
  89. int i;
  90. for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
  91. cnf = sk_CONF_VALUE_value(nval, i);
  92. if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) {
  93. SXNET_free(sx);
  94. return NULL;
  95. }
  96. }
  97. return sx;
  98. }
  99. #endif
  100. /* Strong Extranet utility functions */
  101. /* Add an id given the zone as an ASCII number */
  102. int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen)
  103. {
  104. ASN1_INTEGER *izone;
  105. if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
  106. ERR_raise(ERR_LIB_X509V3, X509V3_R_ERROR_CONVERTING_ZONE);
  107. return 0;
  108. }
  109. if (!SXNET_add_id_INTEGER(psx, izone, user, userlen)) {
  110. ASN1_INTEGER_free(izone);
  111. return 0;
  112. }
  113. return 1;
  114. }
  115. /* Add an id given the zone as an unsigned long */
  116. int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
  117. int userlen)
  118. {
  119. ASN1_INTEGER *izone;
  120. if ((izone = ASN1_INTEGER_new()) == NULL
  121. || !ASN1_INTEGER_set(izone, lzone)) {
  122. ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
  123. ASN1_INTEGER_free(izone);
  124. return 0;
  125. }
  126. if (!SXNET_add_id_INTEGER(psx, izone, user, userlen)) {
  127. ASN1_INTEGER_free(izone);
  128. return 0;
  129. }
  130. return 1;
  131. }
  132. /*
  133. * Add an id given the zone as an ASN1_INTEGER. Note this version uses the
  134. * passed integer and doesn't make a copy so don't free it up afterwards.
  135. */
  136. int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
  137. int userlen)
  138. {
  139. SXNET *sx = NULL;
  140. SXNETID *id = NULL;
  141. if (psx == NULL || zone == NULL || user == NULL) {
  142. ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NULL_ARGUMENT);
  143. return 0;
  144. }
  145. if (userlen == -1)
  146. userlen = strlen(user);
  147. if (userlen > 64) {
  148. ERR_raise(ERR_LIB_X509V3, X509V3_R_USER_TOO_LONG);
  149. return 0;
  150. }
  151. if (*psx == NULL) {
  152. if ((sx = SXNET_new()) == NULL) {
  153. ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
  154. goto err;
  155. }
  156. if (!ASN1_INTEGER_set(sx->version, 0)) {
  157. ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
  158. goto err;
  159. }
  160. } else
  161. sx = *psx;
  162. if (SXNET_get_id_INTEGER(sx, zone)) {
  163. ERR_raise(ERR_LIB_X509V3, X509V3_R_DUPLICATE_ZONE_ID);
  164. if (*psx == NULL)
  165. SXNET_free(sx);
  166. return 0;
  167. }
  168. if ((id = SXNETID_new()) == NULL) {
  169. ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
  170. goto err;
  171. }
  172. if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen)){
  173. ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
  174. goto err;
  175. }
  176. if (!sk_SXNETID_push(sx->ids, id)) {
  177. ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB);
  178. goto err;
  179. }
  180. ASN1_INTEGER_free(id->zone);
  181. id->zone = zone;
  182. *psx = sx;
  183. return 1;
  184. err:
  185. SXNETID_free(id);
  186. if (*psx == NULL)
  187. SXNET_free(sx);
  188. return 0;
  189. }
  190. ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone)
  191. {
  192. ASN1_INTEGER *izone;
  193. ASN1_OCTET_STRING *oct;
  194. if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
  195. ERR_raise(ERR_LIB_X509V3, X509V3_R_ERROR_CONVERTING_ZONE);
  196. return NULL;
  197. }
  198. oct = SXNET_get_id_INTEGER(sx, izone);
  199. ASN1_INTEGER_free(izone);
  200. return oct;
  201. }
  202. ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
  203. {
  204. ASN1_INTEGER *izone;
  205. ASN1_OCTET_STRING *oct;
  206. if ((izone = ASN1_INTEGER_new()) == NULL
  207. || !ASN1_INTEGER_set(izone, lzone)) {
  208. ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
  209. ASN1_INTEGER_free(izone);
  210. return NULL;
  211. }
  212. oct = SXNET_get_id_INTEGER(sx, izone);
  213. ASN1_INTEGER_free(izone);
  214. return oct;
  215. }
  216. ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
  217. {
  218. SXNETID *id;
  219. int i;
  220. for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
  221. id = sk_SXNETID_value(sx->ids, i);
  222. if (!ASN1_INTEGER_cmp(id->zone, zone))
  223. return id->user;
  224. }
  225. return NULL;
  226. }