]>
Commit | Line | Data |
---|---|---|
2f0eae31 DSH |
1 | /* v3_sxnet.c */ |
2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | |
3 | * project 1999. | |
4 | */ | |
5 | /* ==================================================================== | |
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | |
14 | * | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | * | |
53 | * This product includes cryptographic software written by Eric Young | |
54 | * (eay@cryptsoft.com). This product includes software written by Tim | |
55 | * Hudson (tjh@cryptsoft.com). | |
56 | * | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
60 | #include "cryptlib.h" | |
ec577822 BM |
61 | #include <openssl/conf.h> |
62 | #include <openssl/asn1.h> | |
63 | #include <openssl/asn1_mac.h> | |
64 | #include <openssl/x509v3.h> | |
2f0eae31 DSH |
65 | |
66 | /* Support for Thawte strong extranet extension */ | |
67 | ||
28a98809 DSH |
68 | #define SXNET_TEST |
69 | ||
2f0eae31 | 70 | static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent); |
28a98809 | 71 | #ifdef SXNET_TEST |
66ab08b1 DSH |
72 | static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, |
73 | STACK_OF(CONF_VALUE) *nval); | |
28a98809 | 74 | #endif |
2f0eae31 DSH |
75 | X509V3_EXT_METHOD v3_sxnet = { |
76 | NID_sxnet, X509V3_EXT_MULTILINE, | |
77 | (X509V3_EXT_NEW)SXNET_new, | |
66ab08b1 | 78 | (X509V3_EXT_FREE)SXNET_free, |
2f0eae31 | 79 | (X509V3_EXT_D2I)d2i_SXNET, |
66ab08b1 | 80 | (X509V3_EXT_I2D)i2d_SXNET, |
2f0eae31 | 81 | NULL, NULL, |
28a98809 DSH |
82 | NULL, |
83 | #ifdef SXNET_TEST | |
84 | (X509V3_EXT_V2I)sxnet_v2i, | |
85 | #else | |
86 | NULL, | |
87 | #endif | |
2f0eae31 DSH |
88 | (X509V3_EXT_I2R)sxnet_i2r, |
89 | NULL, | |
90 | NULL | |
91 | }; | |
92 | ||
93 | ||
6b691a5c | 94 | int i2d_SXNET(SXNET *a, unsigned char **pp) |
2f0eae31 DSH |
95 | { |
96 | M_ASN1_I2D_vars(a); | |
97 | ||
98 | M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER); | |
cfdcfede | 99 | M_ASN1_I2D_len_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID); |
2f0eae31 DSH |
100 | |
101 | M_ASN1_I2D_seq_total(); | |
102 | ||
103 | M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER); | |
cfdcfede | 104 | M_ASN1_I2D_put_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID); |
2f0eae31 DSH |
105 | |
106 | M_ASN1_I2D_finish(); | |
107 | } | |
108 | ||
6b691a5c | 109 | SXNET *SXNET_new(void) |
2f0eae31 DSH |
110 | { |
111 | SXNET *ret=NULL; | |
112 | ASN1_CTX c; | |
113 | M_ASN1_New_Malloc(ret, SXNET); | |
08e9c1af | 114 | M_ASN1_New(ret->version,M_ASN1_INTEGER_new); |
cfdcfede | 115 | M_ASN1_New(ret->ids,sk_SXNETID_new_null); |
2f0eae31 DSH |
116 | return (ret); |
117 | M_ASN1_New_Error(ASN1_F_SXNET_NEW); | |
118 | } | |
119 | ||
6b691a5c | 120 | SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length) |
2f0eae31 DSH |
121 | { |
122 | M_ASN1_D2I_vars(a,SXNET *,SXNET_new); | |
123 | M_ASN1_D2I_Init(); | |
124 | M_ASN1_D2I_start_sequence(); | |
125 | M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER); | |
cfdcfede | 126 | M_ASN1_D2I_get_seq_type (SXNETID, ret->ids, d2i_SXNETID, SXNETID_free); |
2f0eae31 DSH |
127 | M_ASN1_D2I_Finish(a, SXNET_free, ASN1_F_D2I_SXNET); |
128 | } | |
129 | ||
6b691a5c | 130 | void SXNET_free(SXNET *a) |
2f0eae31 DSH |
131 | { |
132 | if (a == NULL) return; | |
08e9c1af | 133 | M_ASN1_INTEGER_free(a->version); |
cfdcfede | 134 | sk_SXNETID_pop_free(a->ids, SXNETID_free); |
26a3a48d | 135 | OPENSSL_free (a); |
2f0eae31 DSH |
136 | } |
137 | ||
6b691a5c | 138 | int i2d_SXNETID(SXNETID *a, unsigned char **pp) |
2f0eae31 DSH |
139 | { |
140 | M_ASN1_I2D_vars(a); | |
141 | ||
142 | M_ASN1_I2D_len (a->zone, i2d_ASN1_INTEGER); | |
143 | M_ASN1_I2D_len (a->user, i2d_ASN1_OCTET_STRING); | |
144 | ||
145 | M_ASN1_I2D_seq_total(); | |
146 | ||
147 | M_ASN1_I2D_put (a->zone, i2d_ASN1_INTEGER); | |
148 | M_ASN1_I2D_put (a->user, i2d_ASN1_OCTET_STRING); | |
149 | ||
150 | M_ASN1_I2D_finish(); | |
151 | } | |
152 | ||
6b691a5c | 153 | SXNETID *SXNETID_new(void) |
2f0eae31 DSH |
154 | { |
155 | SXNETID *ret=NULL; | |
156 | ASN1_CTX c; | |
157 | M_ASN1_New_Malloc(ret, SXNETID); | |
158 | ret->zone = NULL; | |
08e9c1af | 159 | M_ASN1_New(ret->user,M_ASN1_OCTET_STRING_new); |
2f0eae31 DSH |
160 | return (ret); |
161 | M_ASN1_New_Error(ASN1_F_SXNETID_NEW); | |
162 | } | |
163 | ||
6b691a5c | 164 | SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length) |
2f0eae31 DSH |
165 | { |
166 | M_ASN1_D2I_vars(a,SXNETID *,SXNETID_new); | |
167 | M_ASN1_D2I_Init(); | |
168 | M_ASN1_D2I_start_sequence(); | |
169 | M_ASN1_D2I_get(ret->zone, d2i_ASN1_INTEGER); | |
170 | M_ASN1_D2I_get(ret->user, d2i_ASN1_OCTET_STRING); | |
171 | M_ASN1_D2I_Finish(a, SXNETID_free, ASN1_F_D2I_SXNETID); | |
172 | } | |
173 | ||
6b691a5c | 174 | void SXNETID_free(SXNETID *a) |
2f0eae31 DSH |
175 | { |
176 | if (a == NULL) return; | |
08e9c1af DSH |
177 | M_ASN1_INTEGER_free(a->zone); |
178 | M_ASN1_OCTET_STRING_free(a->user); | |
26a3a48d | 179 | OPENSSL_free (a); |
2f0eae31 DSH |
180 | } |
181 | ||
6b691a5c UM |
182 | static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, |
183 | int indent) | |
2f0eae31 DSH |
184 | { |
185 | long v; | |
186 | char *tmp; | |
187 | SXNETID *id; | |
188 | int i; | |
189 | v = ASN1_INTEGER_get(sx->version); | |
190 | BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v); | |
cfdcfede BL |
191 | for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { |
192 | id = sk_SXNETID_value(sx->ids, i); | |
2f0eae31 DSH |
193 | tmp = i2s_ASN1_INTEGER(NULL, id->zone); |
194 | BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); | |
26a3a48d | 195 | OPENSSL_free(tmp); |
08e9c1af | 196 | M_ASN1_OCTET_STRING_print(out, id->user); |
2f0eae31 DSH |
197 | } |
198 | return 1; | |
199 | } | |
28a98809 DSH |
200 | |
201 | #ifdef SXNET_TEST | |
202 | ||
203 | /* NBB: this is used for testing only. It should *not* be used for anything | |
204 | * else because it will just take static IDs from the configuration file and | |
205 | * they should really be separate values for each user. | |
206 | */ | |
207 | ||
208 | ||
6b691a5c | 209 | static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, |
66ab08b1 | 210 | STACK_OF(CONF_VALUE) *nval) |
28a98809 DSH |
211 | { |
212 | CONF_VALUE *cnf; | |
213 | SXNET *sx = NULL; | |
214 | int i; | |
66ab08b1 DSH |
215 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { |
216 | cnf = sk_CONF_VALUE_value(nval, i); | |
28a98809 DSH |
217 | if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) |
218 | return NULL; | |
219 | } | |
220 | return sx; | |
221 | } | |
222 | ||
223 | ||
224 | #endif | |
225 | ||
226 | /* Strong Extranet utility functions */ | |
227 | ||
228 | /* Add an id given the zone as an ASCII number */ | |
229 | ||
61f5b6f3 | 230 | int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, |
6b691a5c | 231 | int userlen) |
28a98809 DSH |
232 | { |
233 | ASN1_INTEGER *izone = NULL; | |
234 | if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { | |
235 | X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE); | |
236 | return 0; | |
237 | } | |
238 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); | |
239 | } | |
240 | ||
241 | /* Add an id given the zone as an unsigned long */ | |
242 | ||
61f5b6f3 | 243 | int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, |
6b691a5c | 244 | int userlen) |
28a98809 DSH |
245 | { |
246 | ASN1_INTEGER *izone = NULL; | |
08e9c1af | 247 | if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { |
28a98809 | 248 | X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); |
08e9c1af | 249 | M_ASN1_INTEGER_free(izone); |
28a98809 DSH |
250 | return 0; |
251 | } | |
252 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); | |
253 | ||
254 | } | |
255 | ||
256 | /* Add an id given the zone as an ASN1_INTEGER. | |
257 | * Note this version uses the passed integer and doesn't make a copy so don't | |
258 | * free it up afterwards. | |
259 | */ | |
260 | ||
61f5b6f3 | 261 | int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, |
6b691a5c | 262 | int userlen) |
28a98809 DSH |
263 | { |
264 | SXNET *sx = NULL; | |
265 | SXNETID *id = NULL; | |
266 | if(!psx || !zone || !user) { | |
267 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT); | |
268 | return 0; | |
269 | } | |
270 | if(userlen == -1) userlen = strlen(user); | |
271 | if(userlen > 64) { | |
272 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG); | |
273 | return 0; | |
274 | } | |
275 | if(!*psx) { | |
276 | if(!(sx = SXNET_new())) goto err; | |
277 | if(!ASN1_INTEGER_set(sx->version, 0)) goto err; | |
278 | *psx = sx; | |
279 | } else sx = *psx; | |
280 | if(SXNET_get_id_INTEGER(sx, zone)) { | |
281 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID); | |
282 | return 0; | |
283 | } | |
284 | ||
285 | if(!(id = SXNETID_new())) goto err; | |
286 | if(userlen == -1) userlen = strlen(user); | |
287 | ||
08e9c1af | 288 | if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; |
cfdcfede | 289 | if(!sk_SXNETID_push(sx->ids, id)) goto err; |
28a98809 DSH |
290 | id->zone = zone; |
291 | return 1; | |
292 | ||
293 | err: | |
294 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE); | |
295 | SXNETID_free(id); | |
296 | SXNET_free(sx); | |
297 | *psx = NULL; | |
298 | return 0; | |
299 | } | |
300 | ||
6b691a5c | 301 | ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) |
28a98809 DSH |
302 | { |
303 | ASN1_INTEGER *izone = NULL; | |
304 | ASN1_OCTET_STRING *oct; | |
305 | if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { | |
306 | X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); | |
307 | return NULL; | |
308 | } | |
309 | oct = SXNET_get_id_INTEGER(sx, izone); | |
08e9c1af | 310 | M_ASN1_INTEGER_free(izone); |
28a98809 DSH |
311 | return oct; |
312 | } | |
313 | ||
6b691a5c | 314 | ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) |
28a98809 DSH |
315 | { |
316 | ASN1_INTEGER *izone = NULL; | |
317 | ASN1_OCTET_STRING *oct; | |
08e9c1af | 318 | if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { |
28a98809 | 319 | X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); |
08e9c1af | 320 | M_ASN1_INTEGER_free(izone); |
28a98809 DSH |
321 | return NULL; |
322 | } | |
323 | oct = SXNET_get_id_INTEGER(sx, izone); | |
08e9c1af | 324 | M_ASN1_INTEGER_free(izone); |
28a98809 DSH |
325 | return oct; |
326 | } | |
327 | ||
6b691a5c | 328 | ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) |
28a98809 DSH |
329 | { |
330 | SXNETID *id; | |
331 | int i; | |
cfdcfede BL |
332 | for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { |
333 | id = sk_SXNETID_value(sx->ids, i); | |
08e9c1af | 334 | if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user; |
28a98809 DSH |
335 | } |
336 | return NULL; | |
337 | } | |
cfdcfede BL |
338 | |
339 | IMPLEMENT_STACK_OF(SXNETID) | |
340 | IMPLEMENT_ASN1_SET_OF(SXNETID) |