GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/x509v3/v3_akey.c Lines: 0 61 0.0 %
Date: 2017-11-07 Branches: 0 52 0.0 %

Line Branch Exec Source
1
/* $OpenBSD: v3_akey.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
2
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
 * project 1999.
4
 */
5
/* ====================================================================
6
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 *
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 *
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in
17
 *    the documentation and/or other materials provided with the
18
 *    distribution.
19
 *
20
 * 3. All advertising materials mentioning features or use of this
21
 *    software must display the following acknowledgment:
22
 *    "This product includes software developed by the OpenSSL Project
23
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
 *
25
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
 *    endorse or promote products derived from this software without
27
 *    prior written permission. For written permission, please contact
28
 *    licensing@OpenSSL.org.
29
 *
30
 * 5. Products derived from this software may not be called "OpenSSL"
31
 *    nor may "OpenSSL" appear in their names without prior written
32
 *    permission of the OpenSSL Project.
33
 *
34
 * 6. Redistributions of any form whatsoever must retain the following
35
 *    acknowledgment:
36
 *    "This product includes software developed by the OpenSSL Project
37
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
 *
39
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
 * OF THE POSSIBILITY OF SUCH DAMAGE.
51
 * ====================================================================
52
 *
53
 * This product includes cryptographic software written by Eric Young
54
 * (eay@cryptsoft.com).  This product includes software written by Tim
55
 * Hudson (tjh@cryptsoft.com).
56
 *
57
 */
58
59
#include <stdio.h>
60
#include <string.h>
61
62
#include <openssl/asn1.h>
63
#include <openssl/asn1t.h>
64
#include <openssl/conf.h>
65
#include <openssl/err.h>
66
#include <openssl/x509v3.h>
67
68
static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
69
    AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
70
static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
71
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
72
73
const X509V3_EXT_METHOD v3_akey_id = {
74
	.ext_nid = NID_authority_key_identifier,
75
	.ext_flags = X509V3_EXT_MULTILINE,
76
	.it = &AUTHORITY_KEYID_it,
77
	.ext_new = NULL,
78
	.ext_free = NULL,
79
	.d2i = NULL,
80
	.i2d = NULL,
81
	.i2s = NULL,
82
	.s2i = NULL,
83
	.i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
84
	.v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
85
	.i2r = NULL,
86
	.r2i = NULL,
87
	.usr_data = NULL,
88
};
89
90
static
91
STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
92
    AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
93
{
94
	char *tmp;
95
96
	if (akeyid->keyid) {
97
		tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
98
		X509V3_add_value("keyid", tmp, &extlist);
99
		free(tmp);
100
	}
101
	if (akeyid->issuer)
102
		extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
103
	if (akeyid->serial) {
104
		tmp = hex_to_string(akeyid->serial->data,
105
		    akeyid->serial->length);
106
		X509V3_add_value("serial", tmp, &extlist);
107
		free(tmp);
108
	}
109
	return extlist;
110
}
111
112
/* Currently two options:
113
 * keyid: use the issuers subject keyid, the value 'always' means its is
114
 * an error if the issuer certificate doesn't have a key id.
115
 * issuer: use the issuers cert issuer and serial number. The default is
116
 * to only use this if keyid is not present. With the option 'always'
117
 * this is always included.
118
 */
119
120
static AUTHORITY_KEYID *
121
v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
122
    STACK_OF(CONF_VALUE) *values)
123
{
124
	char keyid = 0, issuer = 0;
125
	int i;
126
	CONF_VALUE *cnf;
127
	ASN1_OCTET_STRING *ikeyid = NULL;
128
	X509_NAME *isname = NULL;
129
	STACK_OF(GENERAL_NAME) *gens = NULL;
130
	GENERAL_NAME *gen = NULL;
131
	ASN1_INTEGER *serial = NULL;
132
	X509_EXTENSION *ext;
133
	X509 *cert;
134
	AUTHORITY_KEYID *akeyid = NULL;
135
136
	for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
137
		cnf = sk_CONF_VALUE_value(values, i);
138
		if (!strcmp(cnf->name, "keyid")) {
139
			keyid = 1;
140
			if (cnf->value && !strcmp(cnf->value, "always"))
141
				keyid = 2;
142
		}
143
		else if (!strcmp(cnf->name, "issuer")) {
144
			issuer = 1;
145
			if (cnf->value && !strcmp(cnf->value, "always"))
146
				issuer = 2;
147
		} else {
148
			X509V3error(X509V3_R_UNKNOWN_OPTION);
149
			ERR_asprintf_error_data("name=%s", cnf->name);
150
			return NULL;
151
		}
152
	}
153
154
	if (!ctx || !ctx->issuer_cert) {
155
		if (ctx && (ctx->flags == CTX_TEST))
156
			return AUTHORITY_KEYID_new();
157
		X509V3error(X509V3_R_NO_ISSUER_CERTIFICATE);
158
		return NULL;
159
	}
160
161
	cert = ctx->issuer_cert;
162
163
	if (keyid) {
164
		i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
165
		if ((i >= 0)  && (ext = X509_get_ext(cert, i)))
166
			ikeyid = X509V3_EXT_d2i(ext);
167
		if (keyid == 2 && !ikeyid) {
168
			X509V3error(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
169
			return NULL;
170
		}
171
	}
172
173
	if ((issuer && !ikeyid) || (issuer == 2)) {
174
		isname = X509_NAME_dup(X509_get_issuer_name(cert));
175
		serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
176
		if (!isname || !serial) {
177
			X509V3error(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
178
			goto err;
179
		}
180
	}
181
182
	if (!(akeyid = AUTHORITY_KEYID_new()))
183
		goto err;
184
185
	if (isname) {
186
		if (!(gens = sk_GENERAL_NAME_new_null()) ||
187
		    !(gen = GENERAL_NAME_new()) ||
188
		    !sk_GENERAL_NAME_push(gens, gen)) {
189
			X509V3error(ERR_R_MALLOC_FAILURE);
190
			goto err;
191
		}
192
		gen->type = GEN_DIRNAME;
193
		gen->d.dirn = isname;
194
	}
195
196
	akeyid->issuer = gens;
197
	akeyid->serial = serial;
198
	akeyid->keyid = ikeyid;
199
200
	return akeyid;
201
202
err:
203
	AUTHORITY_KEYID_free(akeyid);
204
	GENERAL_NAME_free(gen);
205
	sk_GENERAL_NAME_free(gens);
206
	X509_NAME_free(isname);
207
	ASN1_INTEGER_free(serial);
208
	ASN1_OCTET_STRING_free(ikeyid);
209
	return NULL;
210
}