1 // Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include <stdio.h>
16 #include <string.h>
17 
18 #include <openssl/asn1.h>
19 #include <openssl/asn1t.h>
20 #include <openssl/conf.h>
21 #include <openssl/err.h>
22 #include <openssl/mem.h>
23 #include <openssl/obj.h>
24 #include <openssl/x509.h>
25 
26 #include "internal.h"
27 
28 
29 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
30     const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret);
31 static void *v2i_AUTHORITY_INFO_ACCESS(const X509V3_EXT_METHOD *method,
32                                        const X509V3_CTX *ctx,
33                                        const STACK_OF(CONF_VALUE) *nval);
34 
35 const X509V3_EXT_METHOD v3_info = {
36     NID_info_access,
37     X509V3_EXT_MULTILINE,
38     ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
39     0,
40     0,
41     0,
42     0,
43     0,
44     0,
45     i2v_AUTHORITY_INFO_ACCESS,
46     v2i_AUTHORITY_INFO_ACCESS,
47     0,
48     0,
49     NULL,
50 };
51 
52 const X509V3_EXT_METHOD v3_sinfo = {
53     NID_sinfo_access,
54     X509V3_EXT_MULTILINE,
55     ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
56     0,
57     0,
58     0,
59     0,
60     0,
61     0,
62     i2v_AUTHORITY_INFO_ACCESS,
63     v2i_AUTHORITY_INFO_ACCESS,
64     0,
65     0,
66     NULL,
67 };
68 
ASN1_SEQUENCE(ACCESS_DESCRIPTION)69 ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
70     ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
71     ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME),
72 } ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
73 
74 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ACCESS_DESCRIPTION)
75 
76 ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = ASN1_EX_TEMPLATE_TYPE(
77     ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
78 ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
79 
80 IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
81 
82 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
83     const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret) {
84   const AUTHORITY_INFO_ACCESS *ainfo =
85       reinterpret_cast<const AUTHORITY_INFO_ACCESS *>(ext);
86   ACCESS_DESCRIPTION *desc;
87   char objtmp[80], *name;
88   CONF_VALUE *vtmp;
89   STACK_OF(CONF_VALUE) *tret = ret;
90 
91   for (size_t i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
92     STACK_OF(CONF_VALUE) *tmp;
93 
94     desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
95     tmp = i2v_GENERAL_NAME(method, desc->location, tret);
96     if (tmp == NULL) {
97       goto err;
98     }
99     tret = tmp;
100     vtmp = sk_CONF_VALUE_value(tret, i);
101     i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
102 
103     if (OPENSSL_asprintf(&name, "%s - %s", objtmp, vtmp->name) == -1) {
104       goto err;
105     }
106     OPENSSL_free(vtmp->name);
107     vtmp->name = name;
108   }
109   if (ret == NULL && tret == NULL) {
110     return sk_CONF_VALUE_new_null();
111   }
112 
113   return tret;
114 err:
115   if (ret == NULL && tret != NULL) {
116     sk_CONF_VALUE_pop_free(tret, X509V3_conf_free);
117   }
118   return NULL;
119 }
120 
v2i_AUTHORITY_INFO_ACCESS(const X509V3_EXT_METHOD * method,const X509V3_CTX * ctx,const STACK_OF (CONF_VALUE)* nval)121 static void *v2i_AUTHORITY_INFO_ACCESS(const X509V3_EXT_METHOD *method,
122                                        const X509V3_CTX *ctx,
123                                        const STACK_OF(CONF_VALUE) *nval) {
124   bssl::UniquePtr<AUTHORITY_INFO_ACCESS> ainfo(sk_ACCESS_DESCRIPTION_new_null());
125   if (ainfo == nullptr) {
126     return nullptr;
127   }
128   for (size_t i = 0; i < sk_CONF_VALUE_num(nval); i++) {
129     const CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
130     bssl::UniquePtr<ACCESS_DESCRIPTION> acc(ACCESS_DESCRIPTION_new());
131     if (acc == nullptr) {
132       return nullptr;
133     }
134     char *ptmp = strchr(cnf->name, ';');
135     if (!ptmp) {
136       OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SYNTAX);
137       return nullptr;
138     }
139     CONF_VALUE ctmp;
140     ctmp.name = ptmp + 1;
141     ctmp.value = cnf->value;
142     if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) {
143       return nullptr;
144     }
145     bssl::UniquePtr<char> objtmp(OPENSSL_strndup(cnf->name, ptmp - cnf->name));
146     if (objtmp == nullptr) {
147       return nullptr;
148     }
149     acc->method = OBJ_txt2obj(objtmp.get(), 0);
150     if (!acc->method) {
151       OPENSSL_PUT_ERROR(X509V3, X509V3_R_BAD_OBJECT);
152       ERR_add_error_data(2, "value=", objtmp.get());
153       return nullptr;
154     }
155     if (!bssl::PushToStack(ainfo.get(), std::move(acc))) {
156       return nullptr;
157     }
158   }
159   return ainfo.release();
160 }
161