v3_akey.c@ 91772

最後變更在這個檔案從91772是 91772,由 vboxsync 提交於 3 年前
openssl-1.1.1l: Applied and adjusted our OpenSSL changes to 1.1.1l. bugref:10126
檔案大小: 6.0 KB

行
1	/*
2	* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the OpenSSL license (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <stdio.h>
11	#include "internal/cryptlib.h"
12	#include <openssl/conf.h>
13	#include <openssl/asn1.h>
14	#include <openssl/asn1t.h>
15	#include <openssl/x509v3.h>
16	#include "ext_dat.h"
17
18	static STACK_OF(CONF_VALUE) i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD method,
19	AUTHORITY_KEYID *akeyid,
20	STACK_OF(CONF_VALUE)
21	*extlist);
22	static AUTHORITY_KEYID v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD method,
23	X509V3_CTX *ctx,
24	STACK_OF(CONF_VALUE) *values);
25
26	const X509V3_EXT_METHOD v3_akey_id = {
27	NID_authority_key_identifier,
28	X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
29	0, 0, 0, 0,
30	0, 0,
31	(X509V3_EXT_I2V) i2v_AUTHORITY_KEYID,
32	(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
33	0, 0,
34	NULL
35	};
36
37	static STACK_OF(CONF_VALUE) i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD method,
38	AUTHORITY_KEYID *akeyid,
39	STACK_OF(CONF_VALUE)
40	*extlist)
41	{
42	char *tmp = NULL;
43	STACK_OF(CONF_VALUE) origextlist = extlist, tmpextlist;
44
45	if (akeyid->keyid) {
46	tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
47	if (tmp == NULL) {
48	X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
49	return NULL;
50	}
51	if (!X509V3_add_value("keyid", tmp, &extlist)) {
52	OPENSSL_free(tmp);
53	X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
54	goto err;
55	}
56	OPENSSL_free(tmp);
57	}
58	if (akeyid->issuer) {
59	tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
60	if (tmpextlist == NULL) {
61	X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
62	goto err;
63	}
64	extlist = tmpextlist;
65	}
66	if (akeyid->serial) {
67	tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
68	if (tmp == NULL) {
69	X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
70	goto err;
71	}
72	if (!X509V3_add_value("serial", tmp, &extlist)) {
73	OPENSSL_free(tmp);
74	X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
75	goto err;
76	}
77	OPENSSL_free(tmp);
78	}
79	return extlist;
80	err:
81	if (origextlist == NULL)
82	sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free);
83	return NULL;
84	}
85
86	/*-
87	* Currently two options:
88	* keyid: use the issuers subject keyid, the value 'always' means its is
89	* an error if the issuer certificate doesn't have a key id.
90	* issuer: use the issuers cert issuer and serial number. The default is
91	* to only use this if keyid is not present. With the option 'always'
92	* this is always included.
93	*/
94
95	static AUTHORITY_KEYID v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD method,
96	X509V3_CTX *ctx,
97	STACK_OF(CONF_VALUE) *values)
98	{
99	char keyid = 0, issuer = 0;
100	int i;
101	CONF_VALUE *cnf;
102	ASN1_OCTET_STRING *ikeyid = NULL;
103	X509_NAME *isname = NULL;
104	GENERAL_NAMES *gens = NULL;
105	GENERAL_NAME *gen = NULL;
106	ASN1_INTEGER *serial = NULL;
107	X509_EXTENSION *ext;
108	X509 *cert;
109	AUTHORITY_KEYID *akeyid;
110
111	for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
112	cnf = sk_CONF_VALUE_value(values, i);
113	if (strcmp(cnf->name, "keyid") == 0) {
114	keyid = 1;
115	if (cnf->value && strcmp(cnf->value, "always") == 0)
116	keyid = 2;
117	} else if (strcmp(cnf->name, "issuer") == 0) {
118	issuer = 1;
119	if (cnf->value && strcmp(cnf->value, "always") == 0)
120	issuer = 2;
121	} else {
122	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION);
123	ERR_add_error_data(2, "name=", cnf->name);
124	return NULL;
125	}
126	}
127
128	if (!ctx \|\| !ctx->issuer_cert) {
129	if (ctx && (ctx->flags == CTX_TEST))
130	return AUTHORITY_KEYID_new();
131	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
132	X509V3_R_NO_ISSUER_CERTIFICATE);
133	return NULL;
134	}
135
136	cert = ctx->issuer_cert;
137
138	if (keyid) {
139	i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
140	if ((i >= 0) && (ext = X509_get_ext(cert, i)))
141	ikeyid = X509V3_EXT_d2i(ext);
142	if (keyid == 2 && !ikeyid) {
143	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
144	X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
145	return NULL;
146	}
147	}
148
149	if ((issuer && !ikeyid) \|\| (issuer == 2)) {
150	isname = X509_NAME_dup(X509_get_issuer_name(cert));
151	serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
152	if (!isname \|\| !serial) {
153	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
154	X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
155	goto err;
156	}
157	}
158
159	if ((akeyid = AUTHORITY_KEYID_new()) == NULL)
160	goto err;
161
162	if (isname) {
163	if ((gens = sk_GENERAL_NAME_new_null()) == NULL
164	\|\| (gen = GENERAL_NAME_new()) == NULL
165	\|\| !sk_GENERAL_NAME_push(gens, gen)) {
166	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
167	goto err;
168	}
169	gen->type = GEN_DIRNAME;
170	gen->d.dirn = isname;
171	}
172
173	akeyid->issuer = gens;
174	gen = NULL;
175	gens = NULL;
176	akeyid->serial = serial;
177	akeyid->keyid = ikeyid;
178
179	return akeyid;
180
181	err:
182	sk_GENERAL_NAME_free(gens);
183	GENERAL_NAME_free(gen);
184	X509_NAME_free(isname);
185	ASN1_INTEGER_free(serial);
186	ASN1_OCTET_STRING_free(ikeyid);
187	return NULL;
188	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-1.1.1l/crypto/x509v3/v3_akey.c@ 91772

以其他格式下載: