|
1 /* v3_akey.c */ |
|
2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
|
3 * project 1999. |
|
4 */ |
|
5 /* ==================================================================== |
|
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
|
7 * |
|
8 * Redistribution and use in source and binary forms, with or without |
|
9 * modification, are permitted provided that the following conditions |
|
10 * are met: |
|
11 * |
|
12 * 1. Redistributions of source code must retain the above copyright |
|
13 * notice, this list of conditions and the following disclaimer. |
|
14 * |
|
15 * 2. Redistributions in binary form must reproduce the above copyright |
|
16 * notice, this list of conditions and the following disclaimer in |
|
17 * the documentation and/or other materials provided with the |
|
18 * distribution. |
|
19 * |
|
20 * 3. All advertising materials mentioning features or use of this |
|
21 * software must display the following acknowledgment: |
|
22 * "This product includes software developed by the OpenSSL Project |
|
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
|
24 * |
|
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
26 * endorse or promote products derived from this software without |
|
27 * prior written permission. For written permission, please contact |
|
28 * licensing@OpenSSL.org. |
|
29 * |
|
30 * 5. Products derived from this software may not be called "OpenSSL" |
|
31 * nor may "OpenSSL" appear in their names without prior written |
|
32 * permission of the OpenSSL Project. |
|
33 * |
|
34 * 6. Redistributions of any form whatsoever must retain the following |
|
35 * acknowledgment: |
|
36 * "This product includes software developed by the OpenSSL Project |
|
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
|
38 * |
|
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
50 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
51 * ==================================================================== |
|
52 * |
|
53 * This product includes cryptographic software written by Eric Young |
|
54 * (eay@cryptsoft.com). This product includes software written by Tim |
|
55 * Hudson (tjh@cryptsoft.com). |
|
56 * |
|
57 */ |
|
58 |
|
59 /* |
|
60 © Portions copyright (c) 2006 Nokia Corporation. All rights reserved. |
|
61 */ |
|
62 |
|
63 |
|
64 #include <stdio.h> |
|
65 #include "cryptlib.h" |
|
66 #include <openssl/conf.h> |
|
67 #include <openssl/asn1.h> |
|
68 #include <openssl/asn1t.h> |
|
69 #include <openssl/x509v3.h> |
|
70 #if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__))) |
|
71 #include "libcrypto_wsd_macros.h" |
|
72 #include "libcrypto_wsd.h" |
|
73 #endif |
|
74 |
|
75 |
|
76 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, |
|
77 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist); |
|
78 static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, |
|
79 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); |
|
80 #ifndef EMULATOR |
|
81 X509V3_EXT_METHOD v3_akey_id = |
|
82 { |
|
83 NID_authority_key_identifier, |
|
84 X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), |
|
85 0,0,0,0, |
|
86 0,0, |
|
87 (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, |
|
88 (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, |
|
89 0,0, |
|
90 NULL |
|
91 }; |
|
92 #else |
|
93 const X509V3_EXT_METHOD v3_akey_id = |
|
94 { |
|
95 NID_authority_key_identifier, |
|
96 X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), |
|
97 0,0,0,0, |
|
98 0,0, |
|
99 (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, |
|
100 (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, |
|
101 0,0, |
|
102 NULL |
|
103 }; |
|
104 |
|
105 #endif |
|
106 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, |
|
107 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) |
|
108 { |
|
109 char *tmp; |
|
110 if(akeyid->keyid) { |
|
111 tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); |
|
112 X509V3_add_value("keyid", tmp, &extlist); |
|
113 OPENSSL_free(tmp); |
|
114 } |
|
115 if(akeyid->issuer) |
|
116 extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); |
|
117 if(akeyid->serial) { |
|
118 tmp = hex_to_string(akeyid->serial->data, |
|
119 akeyid->serial->length); |
|
120 X509V3_add_value("serial", tmp, &extlist); |
|
121 OPENSSL_free(tmp); |
|
122 } |
|
123 return extlist; |
|
124 } |
|
125 |
|
126 /* Currently two options: |
|
127 * keyid: use the issuers subject keyid, the value 'always' means its is |
|
128 * an error if the issuer certificate doesn't have a key id. |
|
129 * issuer: use the issuers cert issuer and serial number. The default is |
|
130 * to only use this if keyid is not present. With the option 'always' |
|
131 * this is always included. |
|
132 */ |
|
133 |
|
134 static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, |
|
135 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) |
|
136 { |
|
137 char keyid=0, issuer=0; |
|
138 int i; |
|
139 CONF_VALUE *cnf; |
|
140 ASN1_OCTET_STRING *ikeyid = NULL; |
|
141 X509_NAME *isname = NULL; |
|
142 GENERAL_NAMES * gens = NULL; |
|
143 GENERAL_NAME *gen = NULL; |
|
144 ASN1_INTEGER *serial = NULL; |
|
145 X509_EXTENSION *ext; |
|
146 X509 *cert; |
|
147 AUTHORITY_KEYID *akeyid; |
|
148 |
|
149 for(i = 0; i < sk_CONF_VALUE_num(values); i++) |
|
150 { |
|
151 cnf = sk_CONF_VALUE_value(values, i); |
|
152 if(!strcmp(cnf->name, "keyid")) |
|
153 { |
|
154 keyid = 1; |
|
155 if(cnf->value && !strcmp(cnf->value, "always")) |
|
156 keyid = 2; |
|
157 } |
|
158 else if(!strcmp(cnf->name, "issuer")) |
|
159 { |
|
160 issuer = 1; |
|
161 if(cnf->value && !strcmp(cnf->value, "always")) |
|
162 issuer = 2; |
|
163 } |
|
164 else |
|
165 { |
|
166 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); |
|
167 ERR_add_error_data(2, "name=", cnf->name); |
|
168 return NULL; |
|
169 } |
|
170 } |
|
171 |
|
172 if(!ctx || !ctx->issuer_cert) |
|
173 { |
|
174 if(ctx && (ctx->flags==CTX_TEST)) |
|
175 return AUTHORITY_KEYID_new(); |
|
176 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); |
|
177 return NULL; |
|
178 } |
|
179 |
|
180 cert = ctx->issuer_cert; |
|
181 |
|
182 if(keyid) |
|
183 { |
|
184 i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); |
|
185 if((i >= 0) && (ext = X509_get_ext(cert, i))) |
|
186 ikeyid = X509V3_EXT_d2i(ext); |
|
187 if(keyid==2 && !ikeyid) |
|
188 { |
|
189 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); |
|
190 return NULL; |
|
191 } |
|
192 } |
|
193 |
|
194 if((issuer && !ikeyid) || (issuer == 2)) |
|
195 { |
|
196 isname = X509_NAME_dup(X509_get_issuer_name(cert)); |
|
197 serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); |
|
198 if(!isname || !serial) |
|
199 { |
|
200 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); |
|
201 goto err; |
|
202 } |
|
203 } |
|
204 |
|
205 if(!(akeyid = AUTHORITY_KEYID_new())) goto err; |
|
206 |
|
207 if(isname) |
|
208 { |
|
209 if(!(gens = sk_GENERAL_NAME_new_null()) |
|
210 || !(gen = GENERAL_NAME_new()) |
|
211 || !sk_GENERAL_NAME_push(gens, gen)) |
|
212 { |
|
213 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); |
|
214 goto err; |
|
215 } |
|
216 gen->type = GEN_DIRNAME; |
|
217 gen->d.dirn = isname; |
|
218 } |
|
219 |
|
220 akeyid->issuer = gens; |
|
221 akeyid->serial = serial; |
|
222 akeyid->keyid = ikeyid; |
|
223 |
|
224 return akeyid; |
|
225 |
|
226 err: |
|
227 X509_NAME_free(isname); |
|
228 M_ASN1_INTEGER_free(serial); |
|
229 M_ASN1_OCTET_STRING_free(ikeyid); |
|
230 return NULL; |
|
231 } |