v3_sxnet.c revision 296341
1/* v3_sxnet.c */ 2/* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 1999. 5 */ 6/* ==================================================================== 7 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60#include <stdio.h> 61#include "cryptlib.h" 62#include <openssl/conf.h> 63#include <openssl/asn1.h> 64#include <openssl/asn1t.h> 65#include <openssl/x509v3.h> 66 67/* Support for Thawte strong extranet extension */ 68 69#define SXNET_TEST 70 71static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, 72 int indent); 73#ifdef SXNET_TEST 74static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 75 STACK_OF(CONF_VALUE) *nval); 76#endif 77const X509V3_EXT_METHOD v3_sxnet = { 78 NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), 79 0, 0, 0, 0, 80 0, 0, 81 0, 82#ifdef SXNET_TEST 83 (X509V3_EXT_V2I)sxnet_v2i, 84#else 85 0, 86#endif 87 (X509V3_EXT_I2R)sxnet_i2r, 88 0, 89 NULL 90}; 91 92ASN1_SEQUENCE(SXNETID) = { 93 ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), 94 ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) 95} ASN1_SEQUENCE_END(SXNETID) 96 97IMPLEMENT_ASN1_FUNCTIONS(SXNETID) 98 99ASN1_SEQUENCE(SXNET) = { 100 ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), 101 ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) 102} ASN1_SEQUENCE_END(SXNET) 103 104IMPLEMENT_ASN1_FUNCTIONS(SXNET) 105 106static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, 107 int indent) 108{ 109 long v; 110 char *tmp; 111 SXNETID *id; 112 int i; 113 v = ASN1_INTEGER_get(sx->version); 114 BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); 115 for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { 116 id = sk_SXNETID_value(sx->ids, i); 117 tmp = i2s_ASN1_INTEGER(NULL, id->zone); 118 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); 119 OPENSSL_free(tmp); 120 M_ASN1_OCTET_STRING_print(out, id->user); 121 } 122 return 1; 123} 124 125#ifdef SXNET_TEST 126 127/* 128 * NBB: this is used for testing only. It should *not* be used for anything 129 * else because it will just take static IDs from the configuration file and 130 * they should really be separate values for each user. 131 */ 132 133static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 134 STACK_OF(CONF_VALUE) *nval) 135{ 136 CONF_VALUE *cnf; 137 SXNET *sx = NULL; 138 int i; 139 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { 140 cnf = sk_CONF_VALUE_value(nval, i); 141 if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) 142 return NULL; 143 } 144 return sx; 145} 146 147#endif 148 149/* Strong Extranet utility functions */ 150 151/* Add an id given the zone as an ASCII number */ 152 153int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) 154{ 155 ASN1_INTEGER *izone = NULL; 156 if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { 157 X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); 158 return 0; 159 } 160 return SXNET_add_id_INTEGER(psx, izone, user, userlen); 161} 162 163/* Add an id given the zone as an unsigned long */ 164 165int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, 166 int userlen) 167{ 168 ASN1_INTEGER *izone = NULL; 169 if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { 170 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE); 171 M_ASN1_INTEGER_free(izone); 172 return 0; 173 } 174 return SXNET_add_id_INTEGER(psx, izone, user, userlen); 175 176} 177 178/* 179 * Add an id given the zone as an ASN1_INTEGER. Note this version uses the 180 * passed integer and doesn't make a copy so don't free it up afterwards. 181 */ 182 183int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, 184 int userlen) 185{ 186 SXNET *sx = NULL; 187 SXNETID *id = NULL; 188 if (!psx || !zone || !user) { 189 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, 190 X509V3_R_INVALID_NULL_ARGUMENT); 191 return 0; 192 } 193 if (userlen == -1) 194 userlen = strlen(user); 195 if (userlen > 64) { 196 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG); 197 return 0; 198 } 199 if (!*psx) { 200 if (!(sx = SXNET_new())) 201 goto err; 202 if (!ASN1_INTEGER_set(sx->version, 0)) 203 goto err; 204 *psx = sx; 205 } else 206 sx = *psx; 207 if (SXNET_get_id_INTEGER(sx, zone)) { 208 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_DUPLICATE_ZONE_ID); 209 return 0; 210 } 211 212 if (!(id = SXNETID_new())) 213 goto err; 214 if (userlen == -1) 215 userlen = strlen(user); 216 217 if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) 218 goto err; 219 if (!sk_SXNETID_push(sx->ids, id)) 220 goto err; 221 id->zone = zone; 222 return 1; 223 224 err: 225 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE); 226 SXNETID_free(id); 227 SXNET_free(sx); 228 *psx = NULL; 229 return 0; 230} 231 232ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) 233{ 234 ASN1_INTEGER *izone = NULL; 235 ASN1_OCTET_STRING *oct; 236 if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { 237 X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); 238 return NULL; 239 } 240 oct = SXNET_get_id_INTEGER(sx, izone); 241 M_ASN1_INTEGER_free(izone); 242 return oct; 243} 244 245ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) 246{ 247 ASN1_INTEGER *izone = NULL; 248 ASN1_OCTET_STRING *oct; 249 if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { 250 X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE); 251 M_ASN1_INTEGER_free(izone); 252 return NULL; 253 } 254 oct = SXNET_get_id_INTEGER(sx, izone); 255 M_ASN1_INTEGER_free(izone); 256 return oct; 257} 258 259ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) 260{ 261 SXNETID *id; 262 int i; 263 for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { 264 id = sk_SXNETID_value(sx->ids, i); 265 if (!M_ASN1_INTEGER_cmp(id->zone, zone)) 266 return id->user; 267 } 268 return NULL; 269} 270 271IMPLEMENT_STACK_OF(SXNETID) 272 273IMPLEMENT_ASN1_SET_OF(SXNETID) 274