Line data Source code
1 : /* v3_sxnet.c */
2 : /*
3 : * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4 : * 1999.
5 : */
6 : /* ====================================================================
7 : * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
8 : *
9 : * Redistribution and use in source and binary forms, with or without
10 : * modification, are permitted provided that the following conditions
11 : * are met:
12 : *
13 : * 1. Redistributions of source code must retain the above copyright
14 : * notice, this list of conditions and the following disclaimer.
15 : *
16 : * 2. Redistributions in binary form must reproduce the above copyright
17 : * notice, this list of conditions and the following disclaimer in
18 : * the documentation and/or other materials provided with the
19 : * distribution.
20 : *
21 : * 3. All advertising materials mentioning features or use of this
22 : * software must display the following acknowledgment:
23 : * "This product includes software developed by the OpenSSL Project
24 : * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 : *
26 : * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 : * endorse or promote products derived from this software without
28 : * prior written permission. For written permission, please contact
29 : * licensing@OpenSSL.org.
30 : *
31 : * 5. Products derived from this software may not be called "OpenSSL"
32 : * nor may "OpenSSL" appear in their names without prior written
33 : * permission of the OpenSSL Project.
34 : *
35 : * 6. Redistributions of any form whatsoever must retain the following
36 : * acknowledgment:
37 : * "This product includes software developed by the OpenSSL Project
38 : * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 : *
40 : * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 : * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 : * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 : * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 : * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 : * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 : * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 : * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 : * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 : * OF THE POSSIBILITY OF SUCH DAMAGE.
52 : * ====================================================================
53 : *
54 : * This product includes cryptographic software written by Eric Young
55 : * (eay@cryptsoft.com). This product includes software written by Tim
56 : * Hudson (tjh@cryptsoft.com).
57 : *
58 : */
59 :
60 : #include <stdio.h>
61 : #include "cryptlib.h"
62 : #include <openssl/conf.h>
63 : #include <openssl/asn1.h>
64 : #include <openssl/asn1t.h>
65 : #include <openssl/x509v3.h>
66 :
67 : /* Support for Thawte strong extranet extension */
68 :
69 : #define SXNET_TEST
70 :
71 : static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
72 : int indent);
73 : #ifdef SXNET_TEST
74 : static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
75 : STACK_OF(CONF_VALUE) *nval);
76 : #endif
77 : const X509V3_EXT_METHOD v3_sxnet = {
78 : NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
79 : 0, 0, 0, 0,
80 : 0, 0,
81 : 0,
82 : #ifdef SXNET_TEST
83 : (X509V3_EXT_V2I)sxnet_v2i,
84 : #else
85 : 0,
86 : #endif
87 : (X509V3_EXT_I2R)sxnet_i2r,
88 : 0,
89 : NULL
90 : };
91 :
92 : ASN1_SEQUENCE(SXNETID) = {
93 : ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
94 : ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
95 : } ASN1_SEQUENCE_END(SXNETID)
96 :
97 0 : IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
98 :
99 : ASN1_SEQUENCE(SXNET) = {
100 : ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
101 : ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
102 : } ASN1_SEQUENCE_END(SXNET)
103 :
104 0 : IMPLEMENT_ASN1_FUNCTIONS(SXNET)
105 :
106 0 : static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
107 : int indent)
108 : {
109 : long v;
110 : char *tmp;
111 : SXNETID *id;
112 : int i;
113 0 : v = ASN1_INTEGER_get(sx->version);
114 0 : BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
115 0 : for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
116 0 : id = sk_SXNETID_value(sx->ids, i);
117 0 : tmp = i2s_ASN1_INTEGER(NULL, id->zone);
118 0 : BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
119 0 : OPENSSL_free(tmp);
120 0 : M_ASN1_OCTET_STRING_print(out, id->user);
121 : }
122 0 : return 1;
123 : }
124 :
125 : #ifdef SXNET_TEST
126 :
127 : /*
128 : * NBB: this is used for testing only. It should *not* be used for anything
129 : * else because it will just take static IDs from the configuration file and
130 : * they should really be separate values for each user.
131 : */
132 :
133 0 : static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
134 : STACK_OF(CONF_VALUE) *nval)
135 : {
136 : CONF_VALUE *cnf;
137 0 : SXNET *sx = NULL;
138 : int i;
139 0 : for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
140 0 : cnf = sk_CONF_VALUE_value(nval, i);
141 0 : if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
142 : return NULL;
143 : }
144 0 : return sx;
145 : }
146 :
147 : #endif
148 :
149 : /* Strong Extranet utility functions */
150 :
151 : /* Add an id given the zone as an ASCII number */
152 :
153 0 : int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
154 : {
155 : ASN1_INTEGER *izone = NULL;
156 0 : if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
157 0 : X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
158 0 : return 0;
159 : }
160 0 : return SXNET_add_id_INTEGER(psx, izone, user, userlen);
161 : }
162 :
163 : /* Add an id given the zone as an unsigned long */
164 :
165 0 : int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
166 : int userlen)
167 : {
168 : ASN1_INTEGER *izone = NULL;
169 0 : if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
170 0 : X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
171 0 : M_ASN1_INTEGER_free(izone);
172 0 : return 0;
173 : }
174 0 : return SXNET_add_id_INTEGER(psx, izone, user, userlen);
175 :
176 : }
177 :
178 : /*
179 : * Add an id given the zone as an ASN1_INTEGER. Note this version uses the
180 : * passed integer and doesn't make a copy so don't free it up afterwards.
181 : */
182 :
183 0 : int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
184 : int userlen)
185 : {
186 : SXNET *sx = NULL;
187 : SXNETID *id = NULL;
188 0 : if (!psx || !zone || !user) {
189 0 : X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
190 : X509V3_R_INVALID_NULL_ARGUMENT);
191 0 : return 0;
192 : }
193 0 : if (userlen == -1)
194 0 : userlen = strlen(user);
195 0 : if (userlen > 64) {
196 0 : X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG);
197 0 : return 0;
198 : }
199 0 : if (!*psx) {
200 0 : if (!(sx = SXNET_new()))
201 : goto err;
202 0 : if (!ASN1_INTEGER_set(sx->version, 0))
203 : goto err;
204 0 : *psx = sx;
205 : } else
206 : sx = *psx;
207 0 : if (SXNET_get_id_INTEGER(sx, zone)) {
208 0 : X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_DUPLICATE_ZONE_ID);
209 0 : return 0;
210 : }
211 :
212 0 : if (!(id = SXNETID_new()))
213 : goto err;
214 0 : if (userlen == -1)
215 0 : userlen = strlen(user);
216 :
217 0 : if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen))
218 : goto err;
219 0 : if (!sk_SXNETID_push(sx->ids, id))
220 : goto err;
221 0 : id->zone = zone;
222 0 : return 1;
223 :
224 : err:
225 0 : X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE);
226 : SXNETID_free(id);
227 : SXNET_free(sx);
228 0 : *psx = NULL;
229 0 : return 0;
230 : }
231 :
232 0 : ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
233 : {
234 : ASN1_INTEGER *izone = NULL;
235 : ASN1_OCTET_STRING *oct;
236 0 : if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
237 0 : X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
238 0 : return NULL;
239 : }
240 0 : oct = SXNET_get_id_INTEGER(sx, izone);
241 0 : M_ASN1_INTEGER_free(izone);
242 0 : return oct;
243 : }
244 :
245 0 : ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
246 : {
247 : ASN1_INTEGER *izone = NULL;
248 : ASN1_OCTET_STRING *oct;
249 0 : if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
250 0 : X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
251 0 : M_ASN1_INTEGER_free(izone);
252 0 : return NULL;
253 : }
254 0 : oct = SXNET_get_id_INTEGER(sx, izone);
255 0 : M_ASN1_INTEGER_free(izone);
256 0 : return oct;
257 : }
258 :
259 0 : ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
260 : {
261 : SXNETID *id;
262 : int i;
263 0 : for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
264 0 : id = sk_SXNETID_value(sx->ids, i);
265 0 : if (!M_ASN1_INTEGER_cmp(id->zone, zone))
266 0 : return id->user;
267 : }
268 : return NULL;
269 : }
270 :
271 : IMPLEMENT_STACK_OF(SXNETID)
272 :
273 : IMPLEMENT_ASN1_SET_OF(SXNETID)
|