source: EcnlProtoTool/trunk/openssl-1.1.0e/crypto/x509v3/v3_cpols.c@ 331

Last change on this file since 331 was 331, checked in by coas-nagasima, 6 years ago

prototoolに関連するプロジェクトをnewlibからmuslを使うよう変更・更新
ntshellをnewlibの下位の実装から、muslのsyscallの実装に変更・更新
以下のOSSをアップデート
・mruby-1.3.0
・musl-1.1.18
・onigmo-6.1.3
・tcc-0.9.27
以下のOSSを追加
・openssl-1.1.0e
・curl-7.57.0
・zlib-1.2.11
以下のmrbgemsを追加
・iij/mruby-digest
・iij/mruby-env
・iij/mruby-errno
・iij/mruby-iijson
・iij/mruby-ipaddr
・iij/mruby-mock
・iij/mruby-require
・iij/mruby-tls-openssl
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc
File size: 14.4 KB
Line 
1/*
2 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include "internal/cryptlib.h"
12#include <openssl/conf.h>
13#include <openssl/asn1.h>
14#include <openssl/asn1t.h>
15#include <openssl/x509v3.h>
16
17#include "pcy_int.h"
18#include "ext_dat.h"
19
20/* Certificate policies extension support: this one is a bit complex... */
21
22static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
23 BIO *out, int indent);
24static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
25 X509V3_CTX *ctx, const char *value);
26static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
27 int indent);
28static void print_notice(BIO *out, USERNOTICE *notice, int indent);
29static POLICYINFO *policy_section(X509V3_CTX *ctx,
30 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
31static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
32 STACK_OF(CONF_VALUE) *unot, int ia5org);
33static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
34
35const X509V3_EXT_METHOD v3_cpols = {
36 NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
37 0, 0, 0, 0,
38 0, 0,
39 0, 0,
40 (X509V3_EXT_I2R)i2r_certpol,
41 (X509V3_EXT_R2I)r2i_certpol,
42 NULL
43};
44
45ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
46 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
47ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
48
49IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
50
51ASN1_SEQUENCE(POLICYINFO) = {
52 ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
53 ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
54} ASN1_SEQUENCE_END(POLICYINFO)
55
56IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
57
58ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
59
60ASN1_ADB(POLICYQUALINFO) = {
61 ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
62 ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
63} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
64
65ASN1_SEQUENCE(POLICYQUALINFO) = {
66 ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
67 ASN1_ADB_OBJECT(POLICYQUALINFO)
68} ASN1_SEQUENCE_END(POLICYQUALINFO)
69
70IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
71
72ASN1_SEQUENCE(USERNOTICE) = {
73 ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
74 ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
75} ASN1_SEQUENCE_END(USERNOTICE)
76
77IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
78
79ASN1_SEQUENCE(NOTICEREF) = {
80 ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
81 ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
82} ASN1_SEQUENCE_END(NOTICEREF)
83
84IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
85
86static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
87 X509V3_CTX *ctx, const char *value)
88{
89 STACK_OF(POLICYINFO) *pols = NULL;
90 char *pstr;
91 POLICYINFO *pol;
92 ASN1_OBJECT *pobj;
93 STACK_OF(CONF_VALUE) *vals;
94 CONF_VALUE *cnf;
95 int i, ia5org;
96 pols = sk_POLICYINFO_new_null();
97 if (pols == NULL) {
98 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
99 return NULL;
100 }
101 vals = X509V3_parse_list(value);
102 if (vals == NULL) {
103 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
104 goto err;
105 }
106 ia5org = 0;
107 for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
108 cnf = sk_CONF_VALUE_value(vals, i);
109 if (cnf->value || !cnf->name) {
110 X509V3err(X509V3_F_R2I_CERTPOL,
111 X509V3_R_INVALID_POLICY_IDENTIFIER);
112 X509V3_conf_err(cnf);
113 goto err;
114 }
115 pstr = cnf->name;
116 if (strcmp(pstr, "ia5org") == 0) {
117 ia5org = 1;
118 continue;
119 } else if (*pstr == '@') {
120 STACK_OF(CONF_VALUE) *polsect;
121 polsect = X509V3_get_section(ctx, pstr + 1);
122 if (!polsect) {
123 X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_SECTION);
124
125 X509V3_conf_err(cnf);
126 goto err;
127 }
128 pol = policy_section(ctx, polsect, ia5org);
129 X509V3_section_free(ctx, polsect);
130 if (pol == NULL)
131 goto err;
132 } else {
133 if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) {
134 X509V3err(X509V3_F_R2I_CERTPOL,
135 X509V3_R_INVALID_OBJECT_IDENTIFIER);
136 X509V3_conf_err(cnf);
137 goto err;
138 }
139 pol = POLICYINFO_new();
140 if (pol == NULL) {
141 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
142 ASN1_OBJECT_free(pobj);
143 goto err;
144 }
145 pol->policyid = pobj;
146 }
147 if (!sk_POLICYINFO_push(pols, pol)) {
148 POLICYINFO_free(pol);
149 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
150 goto err;
151 }
152 }
153 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
154 return pols;
155 err:
156 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
157 sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
158 return NULL;
159}
160
161static POLICYINFO *policy_section(X509V3_CTX *ctx,
162 STACK_OF(CONF_VALUE) *polstrs, int ia5org)
163{
164 int i;
165 CONF_VALUE *cnf;
166 POLICYINFO *pol;
167 POLICYQUALINFO *qual;
168
169 if ((pol = POLICYINFO_new()) == NULL)
170 goto merr;
171 for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
172 cnf = sk_CONF_VALUE_value(polstrs, i);
173 if (strcmp(cnf->name, "policyIdentifier") == 0) {
174 ASN1_OBJECT *pobj;
175 if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) {
176 X509V3err(X509V3_F_POLICY_SECTION,
177 X509V3_R_INVALID_OBJECT_IDENTIFIER);
178 X509V3_conf_err(cnf);
179 goto err;
180 }
181 pol->policyid = pobj;
182
183 } else if (!name_cmp(cnf->name, "CPS")) {
184 if (pol->qualifiers == NULL)
185 pol->qualifiers = sk_POLICYQUALINFO_new_null();
186 if ((qual = POLICYQUALINFO_new()) == NULL)
187 goto merr;
188 if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
189 goto merr;
190 if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) {
191 X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR);
192 goto err;
193 }
194 if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL)
195 goto merr;
196 if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
197 strlen(cnf->value)))
198 goto merr;
199 } else if (!name_cmp(cnf->name, "userNotice")) {
200 STACK_OF(CONF_VALUE) *unot;
201 if (*cnf->value != '@') {
202 X509V3err(X509V3_F_POLICY_SECTION,
203 X509V3_R_EXPECTED_A_SECTION_NAME);
204 X509V3_conf_err(cnf);
205 goto err;
206 }
207 unot = X509V3_get_section(ctx, cnf->value + 1);
208 if (!unot) {
209 X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_SECTION);
210
211 X509V3_conf_err(cnf);
212 goto err;
213 }
214 qual = notice_section(ctx, unot, ia5org);
215 X509V3_section_free(ctx, unot);
216 if (!qual)
217 goto err;
218 if (!pol->qualifiers)
219 pol->qualifiers = sk_POLICYQUALINFO_new_null();
220 if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
221 goto merr;
222 } else {
223 X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OPTION);
224
225 X509V3_conf_err(cnf);
226 goto err;
227 }
228 }
229 if (!pol->policyid) {
230 X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_NO_POLICY_IDENTIFIER);
231 goto err;
232 }
233
234 return pol;
235
236 merr:
237 X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE);
238
239 err:
240 POLICYINFO_free(pol);
241 return NULL;
242
243}
244
245static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
246 STACK_OF(CONF_VALUE) *unot, int ia5org)
247{
248 int i, ret;
249 CONF_VALUE *cnf;
250 USERNOTICE *not;
251 POLICYQUALINFO *qual;
252
253 if ((qual = POLICYQUALINFO_new()) == NULL)
254 goto merr;
255 if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) {
256 X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR);
257 goto err;
258 }
259 if ((not = USERNOTICE_new()) == NULL)
260 goto merr;
261 qual->d.usernotice = not;
262 for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
263 cnf = sk_CONF_VALUE_value(unot, i);
264 if (strcmp(cnf->name, "explicitText") == 0) {
265 if ((not->exptext = ASN1_VISIBLESTRING_new()) == NULL)
266 goto merr;
267 if (!ASN1_STRING_set(not->exptext, cnf->value,
268 strlen(cnf->value)))
269 goto merr;
270 } else if (strcmp(cnf->name, "organization") == 0) {
271 NOTICEREF *nref;
272 if (!not->noticeref) {
273 if ((nref = NOTICEREF_new()) == NULL)
274 goto merr;
275 not->noticeref = nref;
276 } else
277 nref = not->noticeref;
278 if (ia5org)
279 nref->organization->type = V_ASN1_IA5STRING;
280 else
281 nref->organization->type = V_ASN1_VISIBLESTRING;
282 if (!ASN1_STRING_set(nref->organization, cnf->value,
283 strlen(cnf->value)))
284 goto merr;
285 } else if (strcmp(cnf->name, "noticeNumbers") == 0) {
286 NOTICEREF *nref;
287 STACK_OF(CONF_VALUE) *nos;
288 if (!not->noticeref) {
289 if ((nref = NOTICEREF_new()) == NULL)
290 goto merr;
291 not->noticeref = nref;
292 } else
293 nref = not->noticeref;
294 nos = X509V3_parse_list(cnf->value);
295 if (!nos || !sk_CONF_VALUE_num(nos)) {
296 X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS);
297 X509V3_conf_err(cnf);
298 sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
299 goto err;
300 }
301 ret = nref_nos(nref->noticenos, nos);
302 sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
303 if (!ret)
304 goto err;
305 } else {
306 X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_OPTION);
307 X509V3_conf_err(cnf);
308 goto err;
309 }
310 }
311
312 if (not->noticeref &&
313 (!not->noticeref->noticenos || !not->noticeref->organization)) {
314 X509V3err(X509V3_F_NOTICE_SECTION,
315 X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
316 goto err;
317 }
318
319 return qual;
320
321 merr:
322 X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE);
323
324 err:
325 POLICYQUALINFO_free(qual);
326 return NULL;
327}
328
329static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
330{
331 CONF_VALUE *cnf;
332 ASN1_INTEGER *aint;
333
334 int i;
335
336 for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
337 cnf = sk_CONF_VALUE_value(nos, i);
338 if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) {
339 X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER);
340 goto err;
341 }
342 if (!sk_ASN1_INTEGER_push(nnums, aint))
343 goto merr;
344 }
345 return 1;
346
347 merr:
348 ASN1_INTEGER_free(aint);
349 X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE);
350
351 err:
352 return 0;
353}
354
355static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
356 BIO *out, int indent)
357{
358 int i;
359 POLICYINFO *pinfo;
360 /* First print out the policy OIDs */
361 for (i = 0; i < sk_POLICYINFO_num(pol); i++) {
362 pinfo = sk_POLICYINFO_value(pol, i);
363 BIO_printf(out, "%*sPolicy: ", indent, "");
364 i2a_ASN1_OBJECT(out, pinfo->policyid);
365 BIO_puts(out, "\n");
366 if (pinfo->qualifiers)
367 print_qualifiers(out, pinfo->qualifiers, indent + 2);
368 }
369 return 1;
370}
371
372static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
373 int indent)
374{
375 POLICYQUALINFO *qualinfo;
376 int i;
377 for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
378 qualinfo = sk_POLICYQUALINFO_value(quals, i);
379 switch (OBJ_obj2nid(qualinfo->pqualid)) {
380 case NID_id_qt_cps:
381 BIO_printf(out, "%*sCPS: %s\n", indent, "",
382 qualinfo->d.cpsuri->data);
383 break;
384
385 case NID_id_qt_unotice:
386 BIO_printf(out, "%*sUser Notice:\n", indent, "");
387 print_notice(out, qualinfo->d.usernotice, indent + 2);
388 break;
389
390 default:
391 BIO_printf(out, "%*sUnknown Qualifier: ", indent + 2, "");
392
393 i2a_ASN1_OBJECT(out, qualinfo->pqualid);
394 BIO_puts(out, "\n");
395 break;
396 }
397 }
398}
399
400static void print_notice(BIO *out, USERNOTICE *notice, int indent)
401{
402 int i;
403 if (notice->noticeref) {
404 NOTICEREF *ref;
405 ref = notice->noticeref;
406 BIO_printf(out, "%*sOrganization: %s\n", indent, "",
407 ref->organization->data);
408 BIO_printf(out, "%*sNumber%s: ", indent, "",
409 sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
410 for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
411 ASN1_INTEGER *num;
412 char *tmp;
413 num = sk_ASN1_INTEGER_value(ref->noticenos, i);
414 if (i)
415 BIO_puts(out, ", ");
416 tmp = i2s_ASN1_INTEGER(NULL, num);
417 BIO_puts(out, tmp);
418 OPENSSL_free(tmp);
419 }
420 BIO_puts(out, "\n");
421 }
422 if (notice->exptext)
423 BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
424 notice->exptext->data);
425}
426
427void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
428{
429 const X509_POLICY_DATA *dat = node->data;
430
431 BIO_printf(out, "%*sPolicy: ", indent, "");
432
433 i2a_ASN1_OBJECT(out, dat->valid_policy);
434 BIO_puts(out, "\n");
435 BIO_printf(out, "%*s%s\n", indent + 2, "",
436 node_data_critical(dat) ? "Critical" : "Non Critical");
437 if (dat->qualifier_set)
438 print_qualifiers(out, dat->qualifier_set, indent + 2);
439 else
440 BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
441}
Note: See TracBrowser for help on using the repository browser.