155714Skris/* v3_akey.c */ 2296341Sdelphij/* 3296341Sdelphij * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4296341Sdelphij * 1999. 555714Skris */ 655714Skris/* ==================================================================== 755714Skris * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 855714Skris * 955714Skris * Redistribution and use in source and binary forms, with or without 1055714Skris * modification, are permitted provided that the following conditions 1155714Skris * are met: 1255714Skris * 1355714Skris * 1. Redistributions of source code must retain the above copyright 14296341Sdelphij * notice, this list of conditions and the following disclaimer. 1555714Skris * 1655714Skris * 2. Redistributions in binary form must reproduce the above copyright 1755714Skris * notice, this list of conditions and the following disclaimer in 1855714Skris * the documentation and/or other materials provided with the 1955714Skris * distribution. 2055714Skris * 2155714Skris * 3. All advertising materials mentioning features or use of this 2255714Skris * software must display the following acknowledgment: 2355714Skris * "This product includes software developed by the OpenSSL Project 2455714Skris * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2555714Skris * 2655714Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2755714Skris * endorse or promote products derived from this software without 2855714Skris * prior written permission. For written permission, please contact 2955714Skris * licensing@OpenSSL.org. 3055714Skris * 3155714Skris * 5. Products derived from this software may not be called "OpenSSL" 3255714Skris * nor may "OpenSSL" appear in their names without prior written 3355714Skris * permission of the OpenSSL Project. 3455714Skris * 3555714Skris * 6. Redistributions of any form whatsoever must retain the following 3655714Skris * acknowledgment: 3755714Skris * "This product includes software developed by the OpenSSL Project 3855714Skris * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3955714Skris * 4055714Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 4155714Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4255714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4355714Skris * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4455714Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4555714Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4655714Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4755714Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4955714Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 5055714Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5155714Skris * OF THE POSSIBILITY OF SUCH DAMAGE. 5255714Skris * ==================================================================== 5355714Skris * 5455714Skris * This product includes cryptographic software written by Eric Young 5555714Skris * (eay@cryptsoft.com). This product includes software written by Tim 5655714Skris * Hudson (tjh@cryptsoft.com). 5755714Skris * 5855714Skris */ 5955714Skris 6055714Skris#include <stdio.h> 6155714Skris#include "cryptlib.h" 6255714Skris#include <openssl/conf.h> 6355714Skris#include <openssl/asn1.h> 64109998Smarkm#include <openssl/asn1t.h> 6555714Skris#include <openssl/x509v3.h> 6655714Skris 6755714Skrisstatic STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, 68296341Sdelphij AUTHORITY_KEYID *akeyid, 69296341Sdelphij STACK_OF(CONF_VALUE) 70296341Sdelphij *extlist); 7155714Skrisstatic AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, 72296341Sdelphij X509V3_CTX *ctx, 73296341Sdelphij STACK_OF(CONF_VALUE) *values); 7455714Skris 75296341Sdelphijconst X509V3_EXT_METHOD v3_akey_id = { 76296341Sdelphij NID_authority_key_identifier, 77296341Sdelphij X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), 78296341Sdelphij 0, 0, 0, 0, 79296341Sdelphij 0, 0, 80296341Sdelphij (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID, 81296341Sdelphij (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, 82296341Sdelphij 0, 0, 83296341Sdelphij NULL 84296341Sdelphij}; 8555714Skris 8655714Skrisstatic STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, 87296341Sdelphij AUTHORITY_KEYID *akeyid, 88296341Sdelphij STACK_OF(CONF_VALUE) 89296341Sdelphij *extlist) 9055714Skris{ 91296341Sdelphij char *tmp; 92296341Sdelphij if (akeyid->keyid) { 93296341Sdelphij tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); 94296341Sdelphij X509V3_add_value("keyid", tmp, &extlist); 95296341Sdelphij OPENSSL_free(tmp); 96296341Sdelphij } 97296341Sdelphij if (akeyid->issuer) 98296341Sdelphij extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); 99296341Sdelphij if (akeyid->serial) { 100296341Sdelphij tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length); 101296341Sdelphij X509V3_add_value("serial", tmp, &extlist); 102296341Sdelphij OPENSSL_free(tmp); 103296341Sdelphij } 104296341Sdelphij return extlist; 10555714Skris} 10655714Skris 107296341Sdelphij/*- 108296341Sdelphij * Currently two options: 10955714Skris * keyid: use the issuers subject keyid, the value 'always' means its is 11055714Skris * an error if the issuer certificate doesn't have a key id. 11155714Skris * issuer: use the issuers cert issuer and serial number. The default is 11255714Skris * to only use this if keyid is not present. With the option 'always' 11355714Skris * this is always included. 11455714Skris */ 11555714Skris 11655714Skrisstatic AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, 117296341Sdelphij X509V3_CTX *ctx, 118296341Sdelphij STACK_OF(CONF_VALUE) *values) 119296341Sdelphij{ 120296341Sdelphij char keyid = 0, issuer = 0; 121296341Sdelphij int i; 122296341Sdelphij CONF_VALUE *cnf; 123296341Sdelphij ASN1_OCTET_STRING *ikeyid = NULL; 124296341Sdelphij X509_NAME *isname = NULL; 125296341Sdelphij GENERAL_NAMES *gens = NULL; 126296341Sdelphij GENERAL_NAME *gen = NULL; 127296341Sdelphij ASN1_INTEGER *serial = NULL; 128296341Sdelphij X509_EXTENSION *ext; 129296341Sdelphij X509 *cert; 130296341Sdelphij AUTHORITY_KEYID *akeyid; 13155714Skris 132296341Sdelphij for (i = 0; i < sk_CONF_VALUE_num(values); i++) { 133296341Sdelphij cnf = sk_CONF_VALUE_value(values, i); 134296341Sdelphij if (!strcmp(cnf->name, "keyid")) { 135296341Sdelphij keyid = 1; 136296341Sdelphij if (cnf->value && !strcmp(cnf->value, "always")) 137296341Sdelphij keyid = 2; 138296341Sdelphij } else if (!strcmp(cnf->name, "issuer")) { 139296341Sdelphij issuer = 1; 140296341Sdelphij if (cnf->value && !strcmp(cnf->value, "always")) 141296341Sdelphij issuer = 2; 142296341Sdelphij } else { 143296341Sdelphij X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION); 144296341Sdelphij ERR_add_error_data(2, "name=", cnf->name); 145296341Sdelphij return NULL; 146296341Sdelphij } 147296341Sdelphij } 14855714Skris 149296341Sdelphij if (!ctx || !ctx->issuer_cert) { 150296341Sdelphij if (ctx && (ctx->flags == CTX_TEST)) 151296341Sdelphij return AUTHORITY_KEYID_new(); 152296341Sdelphij X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, 153296341Sdelphij X509V3_R_NO_ISSUER_CERTIFICATE); 154296341Sdelphij return NULL; 155296341Sdelphij } 15655714Skris 157296341Sdelphij cert = ctx->issuer_cert; 15855714Skris 159296341Sdelphij if (keyid) { 160296341Sdelphij i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); 161296341Sdelphij if ((i >= 0) && (ext = X509_get_ext(cert, i))) 162296341Sdelphij ikeyid = X509V3_EXT_d2i(ext); 163296341Sdelphij if (keyid == 2 && !ikeyid) { 164296341Sdelphij X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, 165296341Sdelphij X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); 166296341Sdelphij return NULL; 167296341Sdelphij } 168296341Sdelphij } 16955714Skris 170296341Sdelphij if ((issuer && !ikeyid) || (issuer == 2)) { 171296341Sdelphij isname = X509_NAME_dup(X509_get_issuer_name(cert)); 172296341Sdelphij serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); 173296341Sdelphij if (!isname || !serial) { 174296341Sdelphij X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, 175296341Sdelphij X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); 176296341Sdelphij goto err; 177296341Sdelphij } 178296341Sdelphij } 17955714Skris 180296341Sdelphij if (!(akeyid = AUTHORITY_KEYID_new())) 181296341Sdelphij goto err; 18255714Skris 183296341Sdelphij if (isname) { 184296341Sdelphij if (!(gens = sk_GENERAL_NAME_new_null()) 185296341Sdelphij || !(gen = GENERAL_NAME_new()) 186296341Sdelphij || !sk_GENERAL_NAME_push(gens, gen)) { 187296341Sdelphij X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); 188296341Sdelphij goto err; 189296341Sdelphij } 190296341Sdelphij gen->type = GEN_DIRNAME; 191296341Sdelphij gen->d.dirn = isname; 192296341Sdelphij } 19355714Skris 194296341Sdelphij akeyid->issuer = gens; 195296341Sdelphij akeyid->serial = serial; 196296341Sdelphij akeyid->keyid = ikeyid; 19755714Skris 198296341Sdelphij return akeyid; 19955714Skris 200160814Ssimon err: 201296341Sdelphij X509_NAME_free(isname); 202296341Sdelphij M_ASN1_INTEGER_free(serial); 203296341Sdelphij M_ASN1_OCTET_STRING_free(ikeyid); 204296341Sdelphij return NULL; 205296341Sdelphij} 206