← Back to branch summary

~ubuntu-branches/ubuntu/precise/openssl098/precise

« back to all changes in this revision

Viewing changes to crypto/x509v3/v3_ncons.c

  • Committer: Bazaar Package Importer
  • Author(s): Kurt Roeckx
  • Date: 2011-03-23 19:50:31 UTC
  • Revision ID: james.westby@ubuntu.com-20110323195031-6h9crj4bymhhr8b8
Tags: upstream-0.9.8o
ImportĀ upstreamĀ versionĀ 0.9.8o

Show diffs side-by-side

added added

removed removed

Lines of Context:
crypto/x509v3/v3_ncons.c
 
1
/* v3_ncons.c */
 
2
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 
3
 * project.
 
4
 */
 
5
/* ====================================================================
 
6
 * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 
7
 *
 
8
 * Redistribution and use in source and binary forms, with or without
 
9
 * modification, are permitted provided that the following conditions
 
10
 * are met:
 
11
 *
 
12
 * 1. Redistributions of source code must retain the above copyright
 
13
 *    notice, this list of conditions and the following disclaimer. 
 
14
 *
 
15
 * 2. Redistributions in binary form must reproduce the above copyright
 
16
 *    notice, this list of conditions and the following disclaimer in
 
17
 *    the documentation and/or other materials provided with the
 
18
 *    distribution.
 
19
 *
 
20
 * 3. All advertising materials mentioning features or use of this
 
21
 *    software must display the following acknowledgment:
 
22
 *    "This product includes software developed by the OpenSSL Project
 
23
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 
24
 *
 
25
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 
26
 *    endorse or promote products derived from this software without
 
27
 *    prior written permission. For written permission, please contact
 
28
 *    licensing@OpenSSL.org.
 
29
 *
 
30
 * 5. Products derived from this software may not be called "OpenSSL"
 
31
 *    nor may "OpenSSL" appear in their names without prior written
 
32
 *    permission of the OpenSSL Project.
 
33
 *
 
34
 * 6. Redistributions of any form whatsoever must retain the following
 
35
 *    acknowledgment:
 
36
 *    "This product includes software developed by the OpenSSL Project
 
37
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 
38
 *
 
39
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 
40
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 
41
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 
42
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 
43
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 
44
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 
45
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 
46
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 
48
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 
49
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 
50
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 
51
 * ====================================================================
 
52
 *
 
53
 * This product includes cryptographic software written by Eric Young
 
54
 * (eay@cryptsoft.com).  This product includes software written by Tim
 
55
 * Hudson (tjh@cryptsoft.com).
 
56
 *
 
57
 */
 
58
 
 
59
 
 
60
#include <stdio.h>
 
61
#include "cryptlib.h"
 
62
#include <openssl/asn1t.h>
 
63
#include <openssl/conf.h>
 
64
#include <openssl/x509v3.h>
 
65
 
 
66
static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
 
67
                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 
68
static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, 
 
69
                                void *a, BIO *bp, int ind);
 
70
static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
 
71
                                STACK_OF(GENERAL_SUBTREE) *trees,
 
72
                                        BIO *bp, int ind, char *name);
 
73
static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
 
74
 
 
75
const X509V3_EXT_METHOD v3_name_constraints = {
 
76
        NID_name_constraints, 0,
 
77
        ASN1_ITEM_ref(NAME_CONSTRAINTS),
 
78
        0,0,0,0,
 
79
        0,0,
 
80
        0, v2i_NAME_CONSTRAINTS,
 
81
        i2r_NAME_CONSTRAINTS,0,
 
82
        NULL
 
83
};
 
84
 
 
85
ASN1_SEQUENCE(GENERAL_SUBTREE) = {
 
86
        ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),
 
87
        ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),
 
88
        ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1)
 
89
} ASN1_SEQUENCE_END(GENERAL_SUBTREE)
 
90
 
 
91
ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
 
92
        ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
 
93
                                                        GENERAL_SUBTREE, 0),
 
94
        ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,
 
95
                                                        GENERAL_SUBTREE, 1),
 
96
} ASN1_SEQUENCE_END(NAME_CONSTRAINTS)
 
97
        
 
98
 
 
99
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
 
100
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
 
101
 
 
102
static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
 
103
                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 
104
        {
 
105
        int i;
 
106
        CONF_VALUE tval, *val;
 
107
        STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
 
108
        NAME_CONSTRAINTS *ncons = NULL;
 
109
        GENERAL_SUBTREE *sub = NULL;
 
110
        ncons = NAME_CONSTRAINTS_new();
 
111
        if (!ncons)
 
112
                goto memerr;
 
113
        for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
 
114
                {
 
115
                val = sk_CONF_VALUE_value(nval, i);
 
116
                if (!strncmp(val->name, "permitted", 9) && val->name[9])
 
117
                        {
 
118
                        ptree = &ncons->permittedSubtrees;
 
119
                        tval.name = val->name + 10;
 
120
                        }
 
121
                else if (!strncmp(val->name, "excluded", 8) && val->name[8])
 
122
                        {
 
123
                        ptree = &ncons->excludedSubtrees;
 
124
                        tval.name = val->name + 9;
 
125
                        }
 
126
                else
 
127
                        {
 
128
                        X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX);
 
129
                        goto err;
 
130
                        }
 
131
                tval.value = val->value;
 
132
                sub = GENERAL_SUBTREE_new();
 
133
                if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
 
134
                        goto err;
 
135
                if (!*ptree)
 
136
                        *ptree = sk_GENERAL_SUBTREE_new_null();
 
137
                if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
 
138
                        goto memerr;
 
139
                sub = NULL;
 
140
                }
 
141
 
 
142
        return ncons;
 
143
 
 
144
        memerr:
 
145
        X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
 
146
        err:
 
147
        if (ncons)
 
148
                NAME_CONSTRAINTS_free(ncons);
 
149
        if (sub)
 
150
                GENERAL_SUBTREE_free(sub);
 
151
 
 
152
        return NULL;
 
153
        }
 
154
                        
 
155
 
 
156
        
 
157
 
 
158
static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
 
159
                                void *a, BIO *bp, int ind)
 
160
        {
 
161
        NAME_CONSTRAINTS *ncons = a;
 
162
        do_i2r_name_constraints(method, ncons->permittedSubtrees,
 
163
                                        bp, ind, "Permitted");
 
164
        do_i2r_name_constraints(method, ncons->excludedSubtrees,
 
165
                                        bp, ind, "Excluded");
 
166
        return 1;
 
167
        }
 
168
 
 
169
static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
 
170
                                STACK_OF(GENERAL_SUBTREE) *trees,
 
171
                                        BIO *bp, int ind, char *name)
 
172
        {
 
173
        GENERAL_SUBTREE *tree;
 
174
        int i;
 
175
        if (sk_GENERAL_SUBTREE_num(trees) > 0)
 
176
                BIO_printf(bp, "%*s%s:\n", ind, "", name);
 
177
        for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++)
 
178
                {
 
179
                tree = sk_GENERAL_SUBTREE_value(trees, i);
 
180
                BIO_printf(bp, "%*s", ind + 2, "");
 
181
                if (tree->base->type == GEN_IPADD)
 
182
                        print_nc_ipadd(bp, tree->base->d.ip);
 
183
                else
 
184
                        GENERAL_NAME_print(bp, tree->base);
 
185
                tree = sk_GENERAL_SUBTREE_value(trees, i);
 
186
                BIO_puts(bp, "\n");
 
187
                }
 
188
        return 1;
 
189
        }
 
190
 
 
191
static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
 
192
        {
 
193
        int i, len;
 
194
        unsigned char *p;
 
195
        p = ip->data;
 
196
        len = ip->length;
 
197
        BIO_puts(bp, "IP:");
 
198
        if(len == 8)
 
199
                {
 
200
                BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d",
 
201
                                p[0], p[1], p[2], p[3],
 
202
                                p[4], p[5], p[6], p[7]);
 
203
                }
 
204
        else if(len == 32)
 
205
                {
 
206
                for (i = 0; i < 16; i++)
 
207
                        {
 
208
                        BIO_printf(bp, "%X", p[0] << 8 | p[1]);
 
209
                        p += 2;
 
210
                        if (i == 7)
 
211
                                BIO_puts(bp, "/");
 
212
                        else if (i != 15)
 
213
                                BIO_puts(bp, ":");
 
214
                        }
 
215
                }
 
216
        else
 
217
                BIO_printf(bp, "IP Address:<invalid>");
 
218
        return 1;
 
219
        }
 
220