Print this page
4853 illumos-gate is not lint-clean when built with openssl 1.0
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/openssl/libsunw_crypto/x509v3/v3_utl.c
+++ new/usr/src/lib/openssl/libsunw_crypto/x509v3/v3_utl.c
1 1 /* v3_utl.c */
2 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 3 * project.
4 4 */
5 5 /* ====================================================================
6 6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
7 7 *
8 8 * Redistribution and use in source and binary forms, with or without
9 9 * modification, are permitted provided that the following conditions
10 10 * are met:
11 11 *
12 12 * 1. Redistributions of source code must retain the above copyright
13 13 * notice, this list of conditions and the following disclaimer.
14 14 *
15 15 * 2. Redistributions in binary form must reproduce the above copyright
16 16 * notice, this list of conditions and the following disclaimer in
17 17 * the documentation and/or other materials provided with the
18 18 * distribution.
19 19 *
20 20 * 3. All advertising materials mentioning features or use of this
21 21 * software must display the following acknowledgment:
22 22 * "This product includes software developed by the OpenSSL Project
23 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 24 *
25 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 26 * endorse or promote products derived from this software without
27 27 * prior written permission. For written permission, please contact
28 28 * licensing@OpenSSL.org.
29 29 *
30 30 * 5. Products derived from this software may not be called "OpenSSL"
31 31 * nor may "OpenSSL" appear in their names without prior written
32 32 * permission of the OpenSSL Project.
33 33 *
34 34 * 6. Redistributions of any form whatsoever must retain the following
35 35 * acknowledgment:
36 36 * "This product includes software developed by the OpenSSL Project
37 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 38 *
39 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 51 * ====================================================================
52 52 *
53 53 * This product includes cryptographic software written by Eric Young
54 54 * (eay@cryptsoft.com). This product includes software written by Tim
55 55 * Hudson (tjh@cryptsoft.com).
56 56 *
57 57 */
58 58 /* X509 v3 extension utilities */
59 59
60 60
61 61 #include <stdio.h>
62 62 #include <ctype.h>
63 63 #include "cryptlib.h"
64 64 #include <openssl/conf.h>
65 65 #include <openssl/x509v3.h>
66 66 #include <openssl/bn.h>
67 67
68 68 static char *strip_spaces(char *name);
69 69 static int sk_strcmp(const char * const *a, const char * const *b);
70 70 static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens);
71 71 static void str_free(OPENSSL_STRING str);
72 72 static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email);
73 73
74 74 static int ipv4_from_asc(unsigned char *v4, const char *in);
75 75 static int ipv6_from_asc(unsigned char *v6, const char *in);
76 76 static int ipv6_cb(const char *elem, int len, void *usr);
77 77 static int ipv6_hex(unsigned char *out, const char *in, int inlen);
78 78
79 79 /* Add a CONF_VALUE name value pair to stack */
80 80
81 81 int X509V3_add_value(const char *name, const char *value,
82 82 STACK_OF(CONF_VALUE) **extlist)
83 83 {
84 84 CONF_VALUE *vtmp = NULL;
85 85 char *tname = NULL, *tvalue = NULL;
86 86 if(name && !(tname = BUF_strdup(name))) goto err;
87 87 if(value && !(tvalue = BUF_strdup(value))) goto err;
88 88 if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
89 89 if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
90 90 vtmp->section = NULL;
91 91 vtmp->name = tname;
92 92 vtmp->value = tvalue;
93 93 if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
94 94 return 1;
95 95 err:
96 96 X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
97 97 if(vtmp) OPENSSL_free(vtmp);
98 98 if(tname) OPENSSL_free(tname);
99 99 if(tvalue) OPENSSL_free(tvalue);
100 100 return 0;
101 101 }
102 102
103 103 int X509V3_add_value_uchar(const char *name, const unsigned char *value,
104 104 STACK_OF(CONF_VALUE) **extlist)
105 105 {
106 106 return X509V3_add_value(name,(const char *)value,extlist);
107 107 }
108 108
109 109 /* Free function for STACK_OF(CONF_VALUE) */
110 110
111 111 void X509V3_conf_free(CONF_VALUE *conf)
112 112 {
113 113 if(!conf) return;
114 114 if(conf->name) OPENSSL_free(conf->name);
115 115 if(conf->value) OPENSSL_free(conf->value);
116 116 if(conf->section) OPENSSL_free(conf->section);
117 117 OPENSSL_free(conf);
118 118 }
119 119
120 120 int X509V3_add_value_bool(const char *name, int asn1_bool,
121 121 STACK_OF(CONF_VALUE) **extlist)
122 122 {
123 123 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
124 124 return X509V3_add_value(name, "FALSE", extlist);
125 125 }
126 126
127 127 int X509V3_add_value_bool_nf(char *name, int asn1_bool,
128 128 STACK_OF(CONF_VALUE) **extlist)
129 129 {
130 130 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
131 131 return 1;
132 132 }
133 133
134 134
135 135 char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
136 136 {
137 137 BIGNUM *bntmp = NULL;
138 138 char *strtmp = NULL;
139 139 if(!a) return NULL;
140 140 if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
141 141 !(strtmp = BN_bn2dec(bntmp)) )
142 142 X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
143 143 BN_free(bntmp);
144 144 return strtmp;
145 145 }
146 146
147 147 char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
148 148 {
149 149 BIGNUM *bntmp = NULL;
150 150 char *strtmp = NULL;
151 151 if(!a) return NULL;
152 152 if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
153 153 !(strtmp = BN_bn2dec(bntmp)) )
154 154 X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
155 155 BN_free(bntmp);
156 156 return strtmp;
157 157 }
158 158
159 159 ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
160 160 {
161 161 BIGNUM *bn = NULL;
162 162 ASN1_INTEGER *aint;
163 163 int isneg, ishex;
164 164 int ret;
165 165 if (!value) {
166 166 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
167 167 return 0;
168 168 }
169 169 bn = BN_new();
170 170 if (value[0] == '-') {
171 171 value++;
172 172 isneg = 1;
173 173 } else isneg = 0;
174 174
175 175 if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
176 176 value += 2;
177 177 ishex = 1;
178 178 } else ishex = 0;
179 179
180 180 if (ishex) ret = BN_hex2bn(&bn, value);
181 181 else ret = BN_dec2bn(&bn, value);
182 182
183 183 if (!ret || value[ret]) {
184 184 BN_free(bn);
185 185 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
186 186 return 0;
187 187 }
188 188
189 189 if (isneg && BN_is_zero(bn)) isneg = 0;
190 190
191 191 aint = BN_to_ASN1_INTEGER(bn, NULL);
192 192 BN_free(bn);
193 193 if (!aint) {
194 194 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
195 195 return 0;
196 196 }
197 197 if (isneg) aint->type |= V_ASN1_NEG;
198 198 return aint;
199 199 }
200 200
201 201 int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
202 202 STACK_OF(CONF_VALUE) **extlist)
203 203 {
204 204 char *strtmp;
205 205 int ret;
206 206 if(!aint) return 1;
207 207 if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
208 208 ret = X509V3_add_value(name, strtmp, extlist);
209 209 OPENSSL_free(strtmp);
210 210 return ret;
211 211 }
212 212
213 213 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
214 214 {
215 215 char *btmp;
216 216 if(!(btmp = value->value)) goto err;
217 217 if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
218 218 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
219 219 || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
220 220 *asn1_bool = 0xff;
221 221 return 1;
222 222 } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
223 223 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
224 224 || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
225 225 *asn1_bool = 0;
226 226 return 1;
227 227 }
228 228 err:
229 229 X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
230 230 X509V3_conf_err(value);
231 231 return 0;
232 232 }
233 233
234 234 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
235 235 {
236 236 ASN1_INTEGER *itmp;
237 237 if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
238 238 X509V3_conf_err(value);
239 239 return 0;
240 240 }
241 241 *aint = itmp;
242 242 return 1;
243 243 }
244 244
245 245 #define HDR_NAME 1
246 246 #define HDR_VALUE 2
247 247
248 248 /*#define DEBUG*/
249 249
250 250 STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
251 251 {
252 252 char *p, *q, c;
253 253 char *ntmp, *vtmp;
254 254 STACK_OF(CONF_VALUE) *values = NULL;
255 255 char *linebuf;
256 256 int state;
257 257 /* We are going to modify the line so copy it first */
258 258 linebuf = BUF_strdup(line);
259 259 state = HDR_NAME;
260 260 ntmp = NULL;
261 261 /* Go through all characters */
262 262 for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
263 263
264 264 switch(state) {
265 265 case HDR_NAME:
266 266 if(c == ':') {
267 267 state = HDR_VALUE;
268 268 *p = 0;
269 269 ntmp = strip_spaces(q);
270 270 if(!ntmp) {
271 271 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
272 272 goto err;
273 273 }
274 274 q = p + 1;
275 275 } else if(c == ',') {
276 276 *p = 0;
277 277 ntmp = strip_spaces(q);
278 278 q = p + 1;
279 279 #if 0
280 280 printf("%s\n", ntmp);
281 281 #endif
282 282 if(!ntmp) {
283 283 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
284 284 goto err;
285 285 }
286 286 X509V3_add_value(ntmp, NULL, &values);
287 287 }
288 288 break ;
289 289
290 290 case HDR_VALUE:
291 291 if(c == ',') {
292 292 state = HDR_NAME;
293 293 *p = 0;
294 294 vtmp = strip_spaces(q);
295 295 #if 0
296 296 printf("%s\n", ntmp);
297 297 #endif
298 298 if(!vtmp) {
299 299 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
300 300 goto err;
301 301 }
302 302 X509V3_add_value(ntmp, vtmp, &values);
303 303 ntmp = NULL;
304 304 q = p + 1;
305 305 }
306 306
307 307 }
308 308 }
309 309
310 310 if(state == HDR_VALUE) {
311 311 vtmp = strip_spaces(q);
312 312 #if 0
313 313 printf("%s=%s\n", ntmp, vtmp);
314 314 #endif
315 315 if(!vtmp) {
316 316 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
317 317 goto err;
318 318 }
319 319 X509V3_add_value(ntmp, vtmp, &values);
320 320 } else {
321 321 ntmp = strip_spaces(q);
322 322 #if 0
323 323 printf("%s\n", ntmp);
324 324 #endif
325 325 if(!ntmp) {
326 326 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
327 327 goto err;
328 328 }
329 329 X509V3_add_value(ntmp, NULL, &values);
330 330 }
331 331 OPENSSL_free(linebuf);
332 332 return values;
333 333
334 334 err:
335 335 OPENSSL_free(linebuf);
336 336 sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
337 337 return NULL;
338 338
339 339 }
340 340
341 341 /* Delete leading and trailing spaces from a string */
342 342 static char *strip_spaces(char *name)
343 343 {
344 344 char *p, *q;
345 345 /* Skip over leading spaces */
346 346 p = name;
347 347 while(*p && isspace((unsigned char)*p)) p++;
348 348 if(!*p) return NULL;
349 349 q = p + strlen(p) - 1;
350 350 while((q != p) && isspace((unsigned char)*q)) q--;
351 351 if(p != q) q[1] = 0;
352 352 if(!*p) return NULL;
353 353 return p;
354 354 }
355 355
356 356 /* hex string utilities */
357 357
|
↓ open down ↓ |
357 lines elided |
↑ open up ↑ |
358 358 /* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
359 359 * hex representation
360 360 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
361 361 */
362 362
363 363 char *hex_to_string(const unsigned char *buffer, long len)
364 364 {
365 365 char *tmp, *q;
366 366 const unsigned char *p;
367 367 int i;
368 - const static char hexdig[] = "0123456789ABCDEF";
368 + static const char hexdig[] = "0123456789ABCDEF";
369 369 if(!buffer || !len) return NULL;
370 370 if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
371 371 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
372 372 return NULL;
373 373 }
374 374 q = tmp;
375 375 for(i = 0, p = buffer; i < len; i++,p++) {
376 376 *q++ = hexdig[(*p >> 4) & 0xf];
377 377 *q++ = hexdig[*p & 0xf];
378 378 *q++ = ':';
379 379 }
380 380 q[-1] = 0;
381 381 #ifdef CHARSET_EBCDIC
382 382 ebcdic2ascii(tmp, tmp, q - tmp - 1);
383 383 #endif
384 384
385 385 return tmp;
386 386 }
387 387
388 388 /* Give a string of hex digits convert to
389 389 * a buffer
390 390 */
391 391
392 392 unsigned char *string_to_hex(const char *str, long *len)
393 393 {
394 394 unsigned char *hexbuf, *q;
395 395 unsigned char ch, cl, *p;
396 396 if(!str) {
397 397 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
398 398 return NULL;
399 399 }
400 400 if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
401 401 for(p = (unsigned char *)str, q = hexbuf; *p;) {
402 402 ch = *p++;
403 403 #ifdef CHARSET_EBCDIC
404 404 ch = os_toebcdic[ch];
405 405 #endif
406 406 if(ch == ':') continue;
407 407 cl = *p++;
408 408 #ifdef CHARSET_EBCDIC
409 409 cl = os_toebcdic[cl];
410 410 #endif
411 411 if(!cl) {
412 412 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
413 413 OPENSSL_free(hexbuf);
414 414 return NULL;
415 415 }
416 416 if(isupper(ch)) ch = tolower(ch);
417 417 if(isupper(cl)) cl = tolower(cl);
418 418
419 419 if((ch >= '0') && (ch <= '9')) ch -= '0';
420 420 else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
421 421 else goto badhex;
422 422
423 423 if((cl >= '0') && (cl <= '9')) cl -= '0';
424 424 else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
425 425 else goto badhex;
426 426
427 427 *q++ = (ch << 4) | cl;
428 428 }
429 429
430 430 if(len) *len = q - hexbuf;
431 431
432 432 return hexbuf;
433 433
434 434 err:
435 435 if(hexbuf) OPENSSL_free(hexbuf);
436 436 X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
437 437 return NULL;
438 438
439 439 badhex:
440 440 OPENSSL_free(hexbuf);
441 441 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
442 442 return NULL;
443 443
444 444 }
445 445
446 446 /* V2I name comparison function: returns zero if 'name' matches
447 447 * cmp or cmp.*
448 448 */
449 449
450 450 int name_cmp(const char *name, const char *cmp)
451 451 {
452 452 int len, ret;
453 453 char c;
454 454 len = strlen(cmp);
455 455 if((ret = strncmp(name, cmp, len))) return ret;
456 456 c = name[len];
457 457 if(!c || (c=='.')) return 0;
458 458 return 1;
459 459 }
460 460
461 461 static int sk_strcmp(const char * const *a, const char * const *b)
462 462 {
463 463 return strcmp(*a, *b);
464 464 }
465 465
466 466 STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x)
467 467 {
468 468 GENERAL_NAMES *gens;
469 469 STACK_OF(OPENSSL_STRING) *ret;
470 470
471 471 gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
472 472 ret = get_email(X509_get_subject_name(x), gens);
473 473 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
474 474 return ret;
475 475 }
476 476
477 477 STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x)
478 478 {
479 479 AUTHORITY_INFO_ACCESS *info;
480 480 STACK_OF(OPENSSL_STRING) *ret = NULL;
481 481 int i;
482 482
483 483 info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
484 484 if (!info)
485 485 return NULL;
486 486 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++)
487 487 {
488 488 ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
489 489 if (OBJ_obj2nid(ad->method) == NID_ad_OCSP)
490 490 {
491 491 if (ad->location->type == GEN_URI)
492 492 {
493 493 if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier))
494 494 break;
495 495 }
496 496 }
497 497 }
498 498 AUTHORITY_INFO_ACCESS_free(info);
499 499 return ret;
500 500 }
501 501
502 502 STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x)
503 503 {
504 504 GENERAL_NAMES *gens;
505 505 STACK_OF(X509_EXTENSION) *exts;
506 506 STACK_OF(OPENSSL_STRING) *ret;
507 507
508 508 exts = X509_REQ_get_extensions(x);
509 509 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
510 510 ret = get_email(X509_REQ_get_subject_name(x), gens);
511 511 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
512 512 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
513 513 return ret;
514 514 }
515 515
516 516
517 517 static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens)
518 518 {
519 519 STACK_OF(OPENSSL_STRING) *ret = NULL;
520 520 X509_NAME_ENTRY *ne;
521 521 ASN1_IA5STRING *email;
522 522 GENERAL_NAME *gen;
523 523 int i;
524 524 /* Now add any email address(es) to STACK */
525 525 i = -1;
526 526 /* First supplied X509_NAME */
527 527 while((i = X509_NAME_get_index_by_NID(name,
528 528 NID_pkcs9_emailAddress, i)) >= 0) {
529 529 ne = X509_NAME_get_entry(name, i);
530 530 email = X509_NAME_ENTRY_get_data(ne);
531 531 if(!append_ia5(&ret, email)) return NULL;
532 532 }
533 533 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
534 534 {
535 535 gen = sk_GENERAL_NAME_value(gens, i);
536 536 if(gen->type != GEN_EMAIL) continue;
537 537 if(!append_ia5(&ret, gen->d.ia5)) return NULL;
538 538 }
539 539 return ret;
540 540 }
541 541
542 542 static void str_free(OPENSSL_STRING str)
543 543 {
544 544 OPENSSL_free(str);
545 545 }
546 546
547 547 static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
548 548 {
549 549 char *emtmp;
550 550 /* First some sanity checks */
551 551 if(email->type != V_ASN1_IA5STRING) return 1;
552 552 if(!email->data || !email->length) return 1;
553 553 if(!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp);
554 554 if(!*sk) return 0;
555 555 /* Don't add duplicates */
556 556 if(sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1;
557 557 emtmp = BUF_strdup((char *)email->data);
558 558 if(!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
559 559 X509_email_free(*sk);
560 560 *sk = NULL;
561 561 return 0;
562 562 }
563 563 return 1;
564 564 }
565 565
566 566 void X509_email_free(STACK_OF(OPENSSL_STRING) *sk)
567 567 {
568 568 sk_OPENSSL_STRING_pop_free(sk, str_free);
569 569 }
570 570
571 571 /* Convert IP addresses both IPv4 and IPv6 into an
572 572 * OCTET STRING compatible with RFC3280.
573 573 */
574 574
575 575 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
576 576 {
577 577 unsigned char ipout[16];
578 578 ASN1_OCTET_STRING *ret;
579 579 int iplen;
580 580
581 581 /* If string contains a ':' assume IPv6 */
582 582
583 583 iplen = a2i_ipadd(ipout, ipasc);
584 584
585 585 if (!iplen)
586 586 return NULL;
587 587
588 588 ret = ASN1_OCTET_STRING_new();
589 589 if (!ret)
590 590 return NULL;
591 591 if (!ASN1_OCTET_STRING_set(ret, ipout, iplen))
592 592 {
593 593 ASN1_OCTET_STRING_free(ret);
594 594 return NULL;
595 595 }
596 596 return ret;
597 597 }
598 598
599 599 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
600 600 {
601 601 ASN1_OCTET_STRING *ret = NULL;
602 602 unsigned char ipout[32];
603 603 char *iptmp = NULL, *p;
604 604 int iplen1, iplen2;
605 605 p = strchr(ipasc,'/');
606 606 if (!p)
607 607 return NULL;
608 608 iptmp = BUF_strdup(ipasc);
609 609 if (!iptmp)
610 610 return NULL;
611 611 p = iptmp + (p - ipasc);
612 612 *p++ = 0;
613 613
614 614 iplen1 = a2i_ipadd(ipout, iptmp);
615 615
616 616 if (!iplen1)
617 617 goto err;
618 618
619 619 iplen2 = a2i_ipadd(ipout + iplen1, p);
620 620
621 621 OPENSSL_free(iptmp);
622 622 iptmp = NULL;
623 623
624 624 if (!iplen2 || (iplen1 != iplen2))
625 625 goto err;
626 626
627 627 ret = ASN1_OCTET_STRING_new();
628 628 if (!ret)
629 629 goto err;
630 630 if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
631 631 goto err;
632 632
633 633 return ret;
634 634
635 635 err:
636 636 if (iptmp)
637 637 OPENSSL_free(iptmp);
638 638 if (ret)
639 639 ASN1_OCTET_STRING_free(ret);
640 640 return NULL;
641 641 }
642 642
643 643
644 644 int a2i_ipadd(unsigned char *ipout, const char *ipasc)
645 645 {
646 646 /* If string contains a ':' assume IPv6 */
647 647
648 648 if (strchr(ipasc, ':'))
649 649 {
650 650 if (!ipv6_from_asc(ipout, ipasc))
651 651 return 0;
652 652 return 16;
653 653 }
654 654 else
655 655 {
656 656 if (!ipv4_from_asc(ipout, ipasc))
657 657 return 0;
658 658 return 4;
659 659 }
660 660 }
661 661
662 662 static int ipv4_from_asc(unsigned char *v4, const char *in)
663 663 {
664 664 int a0, a1, a2, a3;
665 665 if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
666 666 return 0;
667 667 if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
668 668 || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
669 669 return 0;
670 670 v4[0] = a0;
671 671 v4[1] = a1;
672 672 v4[2] = a2;
673 673 v4[3] = a3;
674 674 return 1;
675 675 }
676 676
677 677 typedef struct {
678 678 /* Temporary store for IPV6 output */
679 679 unsigned char tmp[16];
680 680 /* Total number of bytes in tmp */
681 681 int total;
682 682 /* The position of a zero (corresponding to '::') */
683 683 int zero_pos;
684 684 /* Number of zeroes */
685 685 int zero_cnt;
686 686 } IPV6_STAT;
687 687
688 688
689 689 static int ipv6_from_asc(unsigned char *v6, const char *in)
690 690 {
691 691 IPV6_STAT v6stat;
692 692 v6stat.total = 0;
693 693 v6stat.zero_pos = -1;
694 694 v6stat.zero_cnt = 0;
695 695 /* Treat the IPv6 representation as a list of values
696 696 * separated by ':'. The presence of a '::' will parse
697 697 * as one, two or three zero length elements.
698 698 */
699 699 if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
700 700 return 0;
701 701
702 702 /* Now for some sanity checks */
703 703
704 704 if (v6stat.zero_pos == -1)
705 705 {
706 706 /* If no '::' must have exactly 16 bytes */
707 707 if (v6stat.total != 16)
708 708 return 0;
709 709 }
710 710 else
711 711 {
712 712 /* If '::' must have less than 16 bytes */
713 713 if (v6stat.total == 16)
714 714 return 0;
715 715 /* More than three zeroes is an error */
716 716 if (v6stat.zero_cnt > 3)
717 717 return 0;
718 718 /* Can only have three zeroes if nothing else present */
719 719 else if (v6stat.zero_cnt == 3)
720 720 {
721 721 if (v6stat.total > 0)
722 722 return 0;
723 723 }
724 724 /* Can only have two zeroes if at start or end */
725 725 else if (v6stat.zero_cnt == 2)
726 726 {
727 727 if ((v6stat.zero_pos != 0)
728 728 && (v6stat.zero_pos != v6stat.total))
729 729 return 0;
730 730 }
731 731 else
732 732 /* Can only have one zero if *not* start or end */
733 733 {
734 734 if ((v6stat.zero_pos == 0)
735 735 || (v6stat.zero_pos == v6stat.total))
736 736 return 0;
737 737 }
738 738 }
739 739
740 740 /* Format result */
741 741
742 742 if (v6stat.zero_pos >= 0)
743 743 {
744 744 /* Copy initial part */
745 745 memcpy(v6, v6stat.tmp, v6stat.zero_pos);
746 746 /* Zero middle */
747 747 memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
748 748 /* Copy final part */
749 749 if (v6stat.total != v6stat.zero_pos)
750 750 memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
751 751 v6stat.tmp + v6stat.zero_pos,
752 752 v6stat.total - v6stat.zero_pos);
753 753 }
754 754 else
755 755 memcpy(v6, v6stat.tmp, 16);
756 756
757 757 return 1;
758 758 }
759 759
760 760 static int ipv6_cb(const char *elem, int len, void *usr)
761 761 {
762 762 IPV6_STAT *s = usr;
763 763 /* Error if 16 bytes written */
764 764 if (s->total == 16)
765 765 return 0;
766 766 if (len == 0)
767 767 {
768 768 /* Zero length element, corresponds to '::' */
769 769 if (s->zero_pos == -1)
770 770 s->zero_pos = s->total;
771 771 /* If we've already got a :: its an error */
772 772 else if (s->zero_pos != s->total)
773 773 return 0;
774 774 s->zero_cnt++;
775 775 }
776 776 else
777 777 {
778 778 /* If more than 4 characters could be final a.b.c.d form */
779 779 if (len > 4)
780 780 {
781 781 /* Need at least 4 bytes left */
782 782 if (s->total > 12)
783 783 return 0;
784 784 /* Must be end of string */
785 785 if (elem[len])
786 786 return 0;
787 787 if (!ipv4_from_asc(s->tmp + s->total, elem))
788 788 return 0;
789 789 s->total += 4;
790 790 }
791 791 else
792 792 {
793 793 if (!ipv6_hex(s->tmp + s->total, elem, len))
794 794 return 0;
795 795 s->total += 2;
796 796 }
797 797 }
798 798 return 1;
799 799 }
800 800
801 801 /* Convert a string of up to 4 hex digits into the corresponding
802 802 * IPv6 form.
803 803 */
804 804
805 805 static int ipv6_hex(unsigned char *out, const char *in, int inlen)
806 806 {
807 807 unsigned char c;
808 808 unsigned int num = 0;
809 809 if (inlen > 4)
810 810 return 0;
811 811 while(inlen--)
812 812 {
813 813 c = *in++;
814 814 num <<= 4;
815 815 if ((c >= '0') && (c <= '9'))
816 816 num |= c - '0';
817 817 else if ((c >= 'A') && (c <= 'F'))
818 818 num |= c - 'A' + 10;
819 819 else if ((c >= 'a') && (c <= 'f'))
820 820 num |= c - 'a' + 10;
821 821 else
822 822 return 0;
823 823 }
824 824 out[0] = num >> 8;
825 825 out[1] = num & 0xff;
826 826 return 1;
827 827 }
828 828
829 829
830 830 int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
831 831 unsigned long chtype)
832 832 {
833 833 CONF_VALUE *v;
834 834 int i, mval;
835 835 char *p, *type;
836 836 if (!nm)
837 837 return 0;
838 838
839 839 for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
840 840 {
841 841 v=sk_CONF_VALUE_value(dn_sk,i);
842 842 type=v->name;
843 843 /* Skip past any leading X. X: X, etc to allow for
844 844 * multiple instances
845 845 */
846 846 for(p = type; *p ; p++)
847 847 #ifndef CHARSET_EBCDIC
848 848 if ((*p == ':') || (*p == ',') || (*p == '.'))
849 849 #else
850 850 if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.']))
851 851 #endif
852 852 {
853 853 p++;
854 854 if(*p) type = p;
855 855 break;
856 856 }
857 857 #ifndef CHARSET_EBCDIC
858 858 if (*type == '+')
859 859 #else
860 860 if (*type == os_toascii['+'])
861 861 #endif
862 862 {
863 863 mval = -1;
864 864 type++;
865 865 }
866 866 else
867 867 mval = 0;
868 868 if (!X509_NAME_add_entry_by_txt(nm,type, chtype,
869 869 (unsigned char *) v->value,-1,-1,mval))
870 870 return 0;
871 871
872 872 }
873 873 return 1;
874 874 }
|
↓ open down ↓ |
496 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX