]>
Commit | Line | Data |
---|---|---|
ba67253d | 1 | /* |
fecb3aae | 2 | * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. |
ba67253d | 3 | * |
4286ca47 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
d2e9e320 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
ba67253d RS |
8 | */ |
9 | ||
d5f9166b | 10 | #include "internal/e_os.h" |
07016a8a P |
11 | #include "internal/cryptlib.h" |
12 | #include <stdio.h> | |
ba67253d RS |
13 | #include <openssl/asn1t.h> |
14 | #include <openssl/conf.h> | |
15 | #include <openssl/x509v3.h> | |
16 | #include "ext_dat.h" | |
c90c4693 | 17 | #include "x509_local.h" |
ba67253d RS |
18 | |
19 | static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, | |
20 | TLS_FEATURE *tls_feature, | |
21 | STACK_OF(CONF_VALUE) *ext_list); | |
22 | static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, | |
23 | X509V3_CTX *ctx, | |
24 | STACK_OF(CONF_VALUE) *nval); | |
25 | ||
26 | ASN1_ITEM_TEMPLATE(TLS_FEATURE) = | |
27 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER) | |
28 | static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE) | |
29 | ||
30 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) | |
31 | ||
47864aea | 32 | const X509V3_EXT_METHOD ossl_v3_tls_feature = { |
ba67253d RS |
33 | NID_tlsfeature, 0, |
34 | ASN1_ITEM_ref(TLS_FEATURE), | |
35 | 0, 0, 0, 0, | |
36 | 0, 0, | |
37 | (X509V3_EXT_I2V)i2v_TLS_FEATURE, | |
38 | (X509V3_EXT_V2I)v2i_TLS_FEATURE, | |
39 | 0, 0, | |
40 | NULL | |
41 | }; | |
42 | ||
43 | ||
44 | typedef struct { | |
45 | long num; | |
46 | const char *name; | |
47 | } TLS_FEATURE_NAME; | |
48 | ||
49 | static TLS_FEATURE_NAME tls_feature_tbl[] = { | |
50 | { 5, "status_request" }, | |
51 | { 17, "status_request_v2" } | |
52 | }; | |
53 | ||
54 | /* | |
55 | * i2v_TLS_FEATURE converts the TLS_FEATURE structure tls_feature into the | |
56 | * STACK_OF(CONF_VALUE) structure ext_list. STACK_OF(CONF_VALUE) is the format | |
57 | * used by the CONF library to represent a multi-valued extension. ext_list is | |
58 | * returned. | |
59 | */ | |
60 | static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, | |
61 | TLS_FEATURE *tls_feature, | |
62 | STACK_OF(CONF_VALUE) *ext_list) | |
63 | { | |
64 | int i; | |
65 | size_t j; | |
66 | ASN1_INTEGER *ai; | |
67 | long tlsextid; | |
68 | for (i = 0; i < sk_ASN1_INTEGER_num(tls_feature); i++) { | |
69 | ai = sk_ASN1_INTEGER_value(tls_feature, i); | |
70 | tlsextid = ASN1_INTEGER_get(ai); | |
71 | for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) | |
72 | if (tlsextid == tls_feature_tbl[j].num) | |
73 | break; | |
74 | if (j < OSSL_NELEM(tls_feature_tbl)) | |
75 | X509V3_add_value(NULL, tls_feature_tbl[j].name, &ext_list); | |
76 | else | |
77 | X509V3_add_value_int(NULL, ai, &ext_list); | |
78 | } | |
79 | return ext_list; | |
80 | } | |
81 | ||
82 | /* | |
83 | * v2i_TLS_FEATURE converts the multi-valued extension nval into a TLS_FEATURE | |
84 | * structure, which is returned if the conversion is successful. In case of | |
85 | * error, NULL is returned. | |
86 | */ | |
87 | static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, | |
88 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | |
89 | { | |
90 | TLS_FEATURE *tlsf; | |
91 | char *extval, *endptr; | |
576bcdb5 | 92 | ASN1_INTEGER *ai = NULL; |
ba67253d RS |
93 | CONF_VALUE *val; |
94 | int i; | |
95 | size_t j; | |
96 | long tlsextid; | |
97 | ||
98 | if ((tlsf = sk_ASN1_INTEGER_new_null()) == NULL) { | |
e077455e | 99 | ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB); |
ba67253d RS |
100 | return NULL; |
101 | } | |
102 | ||
103 | for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { | |
104 | val = sk_CONF_VALUE_value(nval, i); | |
105 | if (val->value) | |
106 | extval = val->value; | |
107 | else | |
108 | extval = val->name; | |
109 | ||
110 | for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) | |
fba140c7 | 111 | if (OPENSSL_strcasecmp(extval, tls_feature_tbl[j].name) == 0) |
ba67253d RS |
112 | break; |
113 | if (j < OSSL_NELEM(tls_feature_tbl)) | |
114 | tlsextid = tls_feature_tbl[j].num; | |
115 | else { | |
116 | tlsextid = strtol(extval, &endptr, 10); | |
117 | if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) || | |
118 | (tlsextid > 65535)) { | |
9311d0c4 | 119 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_SYNTAX); |
c90c4693 | 120 | X509V3_conf_add_error_name_value(val); |
ba67253d RS |
121 | goto err; |
122 | } | |
123 | } | |
124 | ||
037241bf RS |
125 | if ((ai = ASN1_INTEGER_new()) == NULL |
126 | || !ASN1_INTEGER_set(ai, tlsextid) | |
127 | || sk_ASN1_INTEGER_push(tlsf, ai) <= 0) { | |
e077455e | 128 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
ba67253d RS |
129 | goto err; |
130 | } | |
576bcdb5 P |
131 | /* So it doesn't get purged if an error occurs next time around */ |
132 | ai = NULL; | |
ba67253d RS |
133 | } |
134 | return tlsf; | |
135 | ||
136 | err: | |
137 | sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free); | |
576bcdb5 | 138 | ASN1_INTEGER_free(ai); |
ba67253d RS |
139 | return NULL; |
140 | } |