X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fx509v3%2Fv3_conf.c;h=f625ff542eea98807162327a40c621e46c0d1012;hb=2d13250fd695eba777fe7e2af4beb1b7d356bd8f;hp=eb9cfea66d0ac730215d8914871f4c1cbf4b71b3;hpb=0dfb9398bb6493d5a56216e0c7039cb3f9fc88c6;p=oweals%2Fopenssl.git diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index eb9cfea66d..f625ff542e 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -1,88 +1,40 @@ -/* v3_conf.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + /* extension creation utilities */ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include +#include "internal/x509_int.h" #include -static int v3_check_critical(char **value); -static int v3_check_generic(char **value); +static int v3_check_critical(const char **value); +static int v3_check_generic(const char **value); static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, char *value); -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, + int crit, const char *value); +static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, int crit, int type, X509V3_CTX *ctx); -static char *conf_lhash_get_string(void *db, char *section, char *value); -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); +static char *conf_lhash_get_string(void *db, const char *section, const char *value); +static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section); static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc); -static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, +static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len); /* CONF *conf: Config file */ /* char *name: Name */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, - char *value) +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value) { int crit; int ext_type; @@ -101,7 +53,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, /* CONF *conf: Config file */ /* char *value: Value */ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - char *value) + const char *value) { int crit; int ext_type; @@ -115,17 +67,18 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, /* CONF *conf: Config file */ /* char *value: Value */ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, char *value) + int crit, const char *value) { const X509V3_EXT_METHOD *method; X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; void *ext_struc; + if (ext_nid == NID_undef) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME); return NULL; } - if (!(method = X509V3_EXT_get_nid(ext_nid))) { + if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); return NULL; } @@ -135,11 +88,13 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, nval = NCONF_get_section(conf, value + 1); else nval = X509V3_parse_list(value); - if (sk_CONF_VALUE_num(nval) <= 0) { + if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_INVALID_EXTENSION_STRING); ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); + if (*value != '@') + sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); return NULL; } ext_struc = method->v2i(method, ctx, nval); @@ -148,14 +103,14 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, if (!ext_struc) return NULL; } else if (method->s2i) { - if (!(ext_struc = method->s2i(method, ctx, value))) + if ((ext_struc = method->s2i(method, ctx, value)) == NULL) return NULL; } else if (method->r2i) { if (!ctx->db || !ctx->db_meth) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE); return NULL; } - if (!(ext_struc = method->r2i(method, ctx, value))) + if ((ext_struc = method->r2i(method, ctx, value)) == NULL) return NULL; } else { X509V3err(X509V3_F_DO_EXT_NCONF, @@ -189,13 +144,14 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, goto merr; } else { unsigned char *p; + ext_len = method->i2d(ext_struc, NULL); - if (!(ext_der = OPENSSL_malloc(ext_len))) + if ((ext_der = OPENSSL_malloc(ext_len)) == NULL) goto merr; p = ext_der; method->i2d(ext_struc, &p); } - if (!(ext_oct = ASN1_OCTET_STRING_new())) + if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL) goto merr; ext_oct->data = ext_der; ext_der = NULL; @@ -210,8 +166,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, merr: X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); - if (ext_der != NULL) - OPENSSL_free(ext_der); + OPENSSL_free(ext_der); ASN1_OCTET_STRING_free(ext_oct); return NULL; @@ -222,7 +177,8 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) { const X509V3_EXT_METHOD *method; - if (!(method = X509V3_EXT_get_nid(ext_nid))) { + + if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); return NULL; } @@ -230,9 +186,9 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) } /* Check the extension string for critical flag */ -static int v3_check_critical(char **value) +static int v3_check_critical(const char **value) { - char *p = *value; + const char *p = *value; if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; p += 9; @@ -243,14 +199,14 @@ static int v3_check_critical(char **value) } /* Check extension string for generic extension and return the type */ -static int v3_check_generic(char **value) +static int v3_check_generic(const char **value) { int gen_type = 0; - char *p = *value; - if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { + const char *p = *value; + if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) { p += 4; gen_type = 1; - } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { + } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) { p += 5; gen_type = 2; } else @@ -263,16 +219,17 @@ static int v3_check_generic(char **value) } /* Create a generic extension: for now just handle DER type */ -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, +static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, int crit, int gen_type, X509V3_CTX *ctx) { unsigned char *ext_der = NULL; - long ext_len; + long ext_len = 0; ASN1_OBJECT *obj = NULL; ASN1_OCTET_STRING *oct = NULL; X509_EXTENSION *extension = NULL; - if (!(obj = OBJ_txt2obj(ext, 0))) { + + if ((obj = OBJ_txt2obj(ext, 0)) == NULL) { X509V3err(X509V3_F_V3_GENERIC_EXTENSION, X509V3_R_EXTENSION_NAME_ERROR); ERR_add_error_data(2, "name=", ext); @@ -280,7 +237,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, } if (gen_type == 1) - ext_der = string_to_hex(value, &ext_len); + ext_der = OPENSSL_hexstr2buf(value, &ext_len); else if (gen_type == 2) ext_der = generic_asn1(value, ctx, &ext_len); @@ -291,7 +248,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, goto err; } - if (!(oct = ASN1_OCTET_STRING_new())) { + if ((oct = ASN1_OCTET_STRING_new()) == NULL) { X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); goto err; } @@ -305,13 +262,12 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, err: ASN1_OBJECT_free(obj); ASN1_OCTET_STRING_free(oct); - if (ext_der) - OPENSSL_free(ext_der); + OPENSSL_free(ext_der); return extension; } -static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, +static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len) { ASN1_TYPE *typ; @@ -341,18 +297,19 @@ static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext) * file section to an extension STACK. */ -int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, STACK_OF(X509_EXTENSION) **sk) { X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; CONF_VALUE *val; int i; - if (!(nval = NCONF_get_section(conf, section))) + + if ((nval = NCONF_get_section(conf, section)) == NULL) return 0; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) + if ((ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)) == NULL) return 0; if (ctx->flags == X509V3_CTX_REPLACE) delete_ext(*sk, ext); @@ -367,29 +324,29 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, * Convenience functions to add extensions to a certificate, CRL and request */ -int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, X509 *cert) { STACK_OF(X509_EXTENSION) **sk = NULL; if (cert) - sk = &cert->cert_info->extensions; + sk = &cert->cert_info.extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); } /* Same as above but for a CRL */ -int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, X509_CRL *crl) { STACK_OF(X509_EXTENSION) **sk = NULL; if (crl) - sk = &crl->crl->extensions; + sk = &crl->crl.extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); } /* Add extensions to certificate request */ -int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, X509_REQ *req) { STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; @@ -406,7 +363,7 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, /* Config database functions */ -char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) { if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED); @@ -417,7 +374,7 @@ char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) return NULL; } -STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section) +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section) { if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { X509V3err(X509V3_F_X509V3_GET_SECTION, @@ -445,12 +402,12 @@ void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) ctx->db_meth->free_section(ctx->db, section); } -static char *nconf_get_string(void *db, char *section, char *value) +static char *nconf_get_string(void *db, const char *section, const char *value) { return NCONF_get_string(db, section, value); } -static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) +static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section) { return NCONF_get_section(db, section); } @@ -481,7 +438,7 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, /* Old conf compatibility functions */ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *name, char *value) + const char *name, const char *value) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -491,19 +448,19 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, /* LHASH *conf: Config file */ /* char *value: Value */ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, - X509V3_CTX *ctx, int ext_nid, char *value) + X509V3_CTX *ctx, int ext_nid, const char *value) { CONF ctmp; CONF_set_nconf(&ctmp, conf); return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); } -static char *conf_lhash_get_string(void *db, char *section, char *value) +static char *conf_lhash_get_string(void *db, const char *section, const char *value) { return CONF_get_string(db, section, value); } -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) +static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section) { return CONF_get_section(db, section); } @@ -522,7 +479,7 @@ void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) } int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509 *cert) + const char *section, X509 *cert) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -532,7 +489,7 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, /* Same as above but for a CRL */ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509_CRL *crl) + const char *section, X509_CRL *crl) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -542,7 +499,7 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, /* Add extensions to certificate request */ int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509_REQ *req) + const char *section, X509_REQ *req) { CONF ctmp; CONF_set_nconf(&ctmp, conf);