v3_pci.c@ 91772

Last change on this file since 91772 was 91772, checked in by vboxsync, 3 years ago
openssl-1.1.1l: Applied and adjusted our OpenSSL changes to 1.1.1l. bugref:10126
File size: 11.5 KB

Line
1	/*
2	* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the OpenSSL license (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/*
11	* This file is dual-licensed and is also available under the following
12	* terms:
13	*
14	* Copyright (c) 2004 Kungliga Tekniska Högskolan
15	* (Royal Institute of Technology, Stockholm, Sweden).
16	* All rights reserved.
17	*
18	* Redistribution and use in source and binary forms, with or without
19	* modification, are permitted provided that the following conditions
20	* are met:
21	*
22	* 1. Redistributions of source code must retain the above copyright
23	* notice, this list of conditions and the following disclaimer.
24	*
25	* 2. Redistributions in binary form must reproduce the above copyright
26	* notice, this list of conditions and the following disclaimer in the
27	* documentation and/or other materials provided with the distribution.
28	*
29	* 3. Neither the name of the Institute nor the names of its contributors
30	* may be used to endorse or promote products derived from this software
31	* without specific prior written permission.
32	*
33	* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
34	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
35	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
36	* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
37	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
38	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
39	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
40	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
41	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
42	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43	* SUCH DAMAGE.
44	*/
45
46	#include <stdio.h>
47	#include "internal/cryptlib.h"
48	#include <openssl/conf.h>
49	#include <openssl/x509v3.h>
50	#include "ext_dat.h"
51
52	static int i2r_pci(X509V3_EXT_METHOD method, PROXY_CERT_INFO_EXTENSION ext,
53	BIO *out, int indent);
54	static PROXY_CERT_INFO_EXTENSION r2i_pci(X509V3_EXT_METHOD method,
55	X509V3_CTX ctx, char str);
56
57	const X509V3_EXT_METHOD v3_pci =
58	{ NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
59	0, 0, 0, 0,
60	0, 0,
61	NULL, NULL,
62	(X509V3_EXT_I2R)i2r_pci,
63	(X509V3_EXT_R2I)r2i_pci,
64	NULL,
65	};
66
67	static int i2r_pci(X509V3_EXT_METHOD method, PROXY_CERT_INFO_EXTENSION pci,
68	BIO *out, int indent)
69	{
70	BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
71	if (pci->pcPathLengthConstraint)
72	i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
73	else
74	BIO_printf(out, "infinite");
75	BIO_puts(out, "\n");
76	BIO_printf(out, "%*sPolicy Language: ", indent, "");
77	i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
78	BIO_puts(out, "\n");
79	if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
80	BIO_printf(out, "%sPolicy Text: %.s\n", indent, "",
81	pci->proxyPolicy->policy->length,
82	pci->proxyPolicy->policy->data);
83	return 1;
84	}
85
86	static int process_pci_value(CONF_VALUE *val,
87	ASN1_OBJECT language, ASN1_INTEGER pathlen,
88	ASN1_OCTET_STRING **policy)
89	{
90	int free_policy = 0;
91
92	if (strcmp(val->name, "language") == 0) {
93	if (*language) {
94	X509V3err(X509V3_F_PROCESS_PCI_VALUE,
95	X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
96	X509V3_conf_err(val);
97	return 0;
98	}
99	if ((*language = OBJ_txt2obj(val->value, 0)) == NULL) {
100	X509V3err(X509V3_F_PROCESS_PCI_VALUE,
101	X509V3_R_INVALID_OBJECT_IDENTIFIER);
102	X509V3_conf_err(val);
103	return 0;
104	}
105	} else if (strcmp(val->name, "pathlen") == 0) {
106	if (*pathlen) {
107	X509V3err(X509V3_F_PROCESS_PCI_VALUE,
108	X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
109	X509V3_conf_err(val);
110	return 0;
111	}
112	if (!X509V3_get_value_int(val, pathlen)) {
113	X509V3err(X509V3_F_PROCESS_PCI_VALUE,
114	X509V3_R_POLICY_PATH_LENGTH);
115	X509V3_conf_err(val);
116	return 0;
117	}
118	} else if (strcmp(val->name, "policy") == 0) {
119	unsigned char *tmp_data = NULL;
120	long val_len;
121	if (!*policy) {
122	*policy = ASN1_OCTET_STRING_new();
123	if (*policy == NULL) {
124	X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
125	X509V3_conf_err(val);
126	return 0;
127	}
128	free_policy = 1;
129	}
130	if (strncmp(val->value, "hex:", 4) == 0) {
131	unsigned char *tmp_data2 =
132	OPENSSL_hexstr2buf(val->value + 4, &val_len);
133
134	if (!tmp_data2) {
135	X509V3_conf_err(val);
136	goto err;
137	}
138
139	tmp_data = OPENSSL_realloc((*policy)->data,
140	(*policy)->length + val_len + 1);
141	if (tmp_data) {
142	(*policy)->data = tmp_data;
143	memcpy(&(policy)->data[(policy)->length],
144	tmp_data2, val_len);
145	(*policy)->length += val_len;
146	(policy)->data[(policy)->length] = '\0';
147	} else {
148	OPENSSL_free(tmp_data2);
149	/*
150	* realloc failure implies the original data space is b0rked
151	* too!
152	*/
153	OPENSSL_free((*policy)->data);
154	(*policy)->data = NULL;
155	(*policy)->length = 0;
156	X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
157	X509V3_conf_err(val);
158	goto err;
159	}
160	OPENSSL_free(tmp_data2);
161	} else if (strncmp(val->value, "file:", 5) == 0) {
162	unsigned char buf[2048];
163	int n;
164	BIO *b = BIO_new_file(val->value + 5, "r");
165	if (!b) {
166	X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
167	X509V3_conf_err(val);
168	goto err;
169	}
170	while ((n = BIO_read(b, buf, sizeof(buf))) > 0
171	\|\| (n == 0 && BIO_should_retry(b))) {
172	if (!n)
173	continue;
174
175	tmp_data = OPENSSL_realloc((*policy)->data,
176	(*policy)->length + n + 1);
177
178	if (!tmp_data) {
179	OPENSSL_free((*policy)->data);
180	(*policy)->data = NULL;
181	(*policy)->length = 0;
182	X509V3err(X509V3_F_PROCESS_PCI_VALUE,
183	ERR_R_MALLOC_FAILURE);
184	X509V3_conf_err(val);
185	BIO_free_all(b);
186	goto err;
187	}
188
189	(*policy)->data = tmp_data;
190	memcpy(&(policy)->data[(policy)->length], buf, n);
191	(*policy)->length += n;
192	(policy)->data[(policy)->length] = '\0';
193	}
194	BIO_free_all(b);
195
196	if (n < 0) {
197	X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
198	X509V3_conf_err(val);
199	goto err;
200	}
201	} else if (strncmp(val->value, "text:", 5) == 0) {
202	val_len = strlen(val->value + 5);
203	tmp_data = OPENSSL_realloc((*policy)->data,
204	(*policy)->length + val_len + 1);
205	if (tmp_data) {
206	(*policy)->data = tmp_data;
207	memcpy(&(policy)->data[(policy)->length],
208	val->value + 5, val_len);
209	(*policy)->length += val_len;
210	(policy)->data[(policy)->length] = '\0';
211	} else {
212	/*
213	* realloc failure implies the original data space is b0rked
214	* too!
215	*/
216	OPENSSL_free((*policy)->data);
217	(*policy)->data = NULL;
218	(*policy)->length = 0;
219	X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
220	X509V3_conf_err(val);
221	goto err;
222	}
223	} else {
224	X509V3err(X509V3_F_PROCESS_PCI_VALUE,
225	X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
226	X509V3_conf_err(val);
227	goto err;
228	}
229	if (!tmp_data) {
230	X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
231	X509V3_conf_err(val);
232	goto err;
233	}
234	}
235	return 1;
236	err:
237	if (free_policy) {
238	ASN1_OCTET_STRING_free(*policy);
239	*policy = NULL;
240	}
241	return 0;
242	}
243
244	static PROXY_CERT_INFO_EXTENSION r2i_pci(X509V3_EXT_METHOD method,
245	X509V3_CTX ctx, char value)
246	{
247	PROXY_CERT_INFO_EXTENSION *pci = NULL;
248	STACK_OF(CONF_VALUE) *vals;
249	ASN1_OBJECT *language = NULL;
250	ASN1_INTEGER *pathlen = NULL;
251	ASN1_OCTET_STRING *policy = NULL;
252	int i, j;
253
254	vals = X509V3_parse_list(value);
255	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
256	CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
257	if (!cnf->name \|\| (*cnf->name != '@' && !cnf->value)) {
258	X509V3err(X509V3_F_R2I_PCI,
259	X509V3_R_INVALID_PROXY_POLICY_SETTING);
260	X509V3_conf_err(cnf);
261	goto err;
262	}
263	if (*cnf->name == '@') {
264	STACK_OF(CONF_VALUE) *sect;
265	int success_p = 1;
266
267	sect = X509V3_get_section(ctx, cnf->name + 1);
268	if (!sect) {
269	X509V3err(X509V3_F_R2I_PCI, X509V3_R_INVALID_SECTION);
270	X509V3_conf_err(cnf);
271	goto err;
272	}
273	for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) {
274	success_p =
275	process_pci_value(sk_CONF_VALUE_value(sect, j),
276	&language, &pathlen, &policy);
277	}
278	X509V3_section_free(ctx, sect);
279	if (!success_p)
280	goto err;
281	} else {
282	if (!process_pci_value(cnf, &language, &pathlen, &policy)) {
283	X509V3_conf_err(cnf);
284	goto err;
285	}
286	}
287	}
288
289	/* Language is mandatory */
290	if (!language) {
291	X509V3err(X509V3_F_R2I_PCI,
292	X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
293	goto err;
294	}
295	i = OBJ_obj2nid(language);
296	if ((i == NID_Independent \|\| i == NID_id_ppl_inheritAll) && policy) {
297	X509V3err(X509V3_F_R2I_PCI,
298	X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
299	goto err;
300	}
301
302	pci = PROXY_CERT_INFO_EXTENSION_new();
303	if (pci == NULL) {
304	X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE);
305	goto err;
306	}
307
308	pci->proxyPolicy->policyLanguage = language;
309	language = NULL;
310	pci->proxyPolicy->policy = policy;
311	policy = NULL;
312	pci->pcPathLengthConstraint = pathlen;
313	pathlen = NULL;
314	goto end;
315	err:
316	ASN1_OBJECT_free(language);
317	ASN1_INTEGER_free(pathlen);
318	pathlen = NULL;
319	ASN1_OCTET_STRING_free(policy);
320	policy = NULL;
321	PROXY_CERT_INFO_EXTENSION_free(pci);
322	pci = NULL;
323	end:
324	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
325	return pci;
326	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-1.1.1l/crypto/x509v3/v3_pci.c@ 91772

Download in other formats: