Cleanup OPENSSL_NO_xxx, part 1
[openssl.git] / crypto / x509v3 / v3_pci.c
1 /* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
2 /* Contributed to the OpenSSL Project 2004
3  * by Richard Levitte (richard@levitte.org)
4  */
5 /* Copyright (c) 2004 Kungliga Tekniska Högskolan
6  * (Royal Institute of Technology, Stockholm, Sweden).
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  *
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  *
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  *
20  * 3. Neither the name of the Institute nor the names of its contributors
21  *    may be used to endorse or promote products derived from this software
22  *    without specific prior written permission.
23  *
24  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
25  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
28  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34  * SUCH DAMAGE.
35  */
36
37 #include <stdio.h>
38 #include "cryptlib.h"
39 #include <openssl/conf.h>
40 #include <openssl/x509v3.h>
41
42 static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
43         BIO *out, int indent);
44 static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
45         X509V3_CTX *ctx, char *str);
46
47 const X509V3_EXT_METHOD v3_pci =
48         { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
49           0,0,0,0,
50           0,0,
51           NULL, NULL,
52           (X509V3_EXT_I2R)i2r_pci,
53           (X509V3_EXT_R2I)r2i_pci,
54           NULL,
55         };
56
57 static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
58         BIO *out, int indent)
59         {
60         BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
61         if (pci->pcPathLengthConstraint)
62           i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
63         else
64           BIO_printf(out, "infinite");
65         BIO_puts(out, "\n");
66         BIO_printf(out, "%*sPolicy Language: ", indent, "");
67         i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
68         BIO_puts(out, "\n");
69         if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
70           BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
71                      pci->proxyPolicy->policy->data);
72         return 1;
73         }
74
75 static int process_pci_value(CONF_VALUE *val,
76         ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
77         ASN1_OCTET_STRING **policy)
78         {
79         int free_policy = 0;
80
81         if (strcmp(val->name, "language") == 0)
82                 {
83                 if (*language)
84                         {
85                         X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
86                         X509V3_conf_err(val);
87                         return 0;
88                         }
89                 if (!(*language = OBJ_txt2obj(val->value, 0)))
90                         {
91                         X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
92                         X509V3_conf_err(val);
93                         return 0;
94                         }
95                 }
96         else if (strcmp(val->name, "pathlen") == 0)
97                 {
98                 if (*pathlen)
99                         {
100                         X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
101                         X509V3_conf_err(val);
102                         return 0;
103                         }
104                 if (!X509V3_get_value_int(val, pathlen))
105                         {
106                         X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH);
107                         X509V3_conf_err(val);
108                         return 0;
109                         }
110                 }
111         else if (strcmp(val->name, "policy") == 0)
112                 {
113                 unsigned char *tmp_data = NULL;
114                 long val_len;
115                 if (!*policy)
116                         {
117                         *policy = ASN1_OCTET_STRING_new();
118                         if (!*policy)
119                                 {
120                                 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
121                                 X509V3_conf_err(val);
122                                 return 0;
123                                 }
124                         free_policy = 1;
125                         }
126                 if (strncmp(val->value, "hex:", 4) == 0)
127                         {
128                         unsigned char *tmp_data2 =
129                                 string_to_hex(val->value + 4, &val_len);
130
131                         if (!tmp_data2) 
132                                 {
133                                 X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
134                                 X509V3_conf_err(val);
135                                 goto err;
136                                 }
137
138                         tmp_data = OPENSSL_realloc((*policy)->data,
139                                 (*policy)->length + val_len + 1);
140                         if (tmp_data)
141                                 {
142                                 (*policy)->data = tmp_data;
143                                 memcpy(&(*policy)->data[(*policy)->length],
144                                         tmp_data2, val_len);
145                                 (*policy)->length += val_len;
146                                 (*policy)->data[(*policy)->length] = '\0';
147                                 }
148                         else
149                                 {
150                                 OPENSSL_free(tmp_data2);
151                                 /* realloc failure implies the original data space is b0rked too! */
152                                 OPENSSL_free((*policy)->data);
153                                 (*policy)->data = NULL;
154                                 (*policy)->length = 0;
155                                 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
156                                 X509V3_conf_err(val);
157                                 goto err;
158                                 }
159                         OPENSSL_free(tmp_data2);
160                         }
161                 else if (strncmp(val->value, "file:", 5) == 0)
162                         {
163                         unsigned char buf[2048];
164                         int n;
165                         BIO *b = BIO_new_file(val->value + 5, "r");
166                         if (!b)
167                                 {
168                                 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
169                                 X509V3_conf_err(val);
170                                 goto err;
171                                 }
172                         while((n = BIO_read(b, buf, sizeof(buf))) > 0
173                                 || (n == 0 && BIO_should_retry(b)))
174                                 {
175                                 if (!n) continue;
176
177                                 tmp_data = OPENSSL_realloc((*policy)->data,
178                                         (*policy)->length + n + 1);
179
180                                 if (!tmp_data)
181                                 {
182                                         OPENSSL_free((*policy)->data);
183                                         (*policy)->data = NULL;
184                                         (*policy)->length = 0;
185                                         X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
186                                         X509V3_conf_err(val);
187                                         BIO_free_all(b);
188                                         goto err;
189                                 }
190
191                                 (*policy)->data = tmp_data;
192                                 memcpy(&(*policy)->data[(*policy)->length],
193                                         buf, n);
194                                 (*policy)->length += n;
195                                 (*policy)->data[(*policy)->length] = '\0';
196                                 }
197                         BIO_free_all(b);
198
199                         if (n < 0)
200                                 {
201                                 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
202                                 X509V3_conf_err(val);
203                                 goto err;
204                                 }
205                         }
206                 else if (strncmp(val->value, "text:", 5) == 0)
207                         {
208                         val_len = strlen(val->value + 5);
209                         tmp_data = OPENSSL_realloc((*policy)->data,
210                                 (*policy)->length + val_len + 1);
211                         if (tmp_data)
212                                 {
213                                 (*policy)->data = tmp_data;
214                                 memcpy(&(*policy)->data[(*policy)->length],
215                                         val->value + 5, val_len);
216                                 (*policy)->length += val_len;
217                                 (*policy)->data[(*policy)->length] = '\0';
218                                 }
219                         else
220                                 {
221                                 /* realloc failure implies the original data space is b0rked too! */
222                                 OPENSSL_free((*policy)->data);
223                                 (*policy)->data = NULL;
224                                 (*policy)->length = 0;
225                                 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
226                                 X509V3_conf_err(val);
227                                 goto err;
228                                 }
229                         }
230                 else
231                         {
232                         X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
233                         X509V3_conf_err(val);
234                         goto err;
235                         }
236                 if (!tmp_data)
237                         {
238                         X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
239                         X509V3_conf_err(val);
240                         goto err;
241                         }
242                 }
243         return 1;
244 err:
245         if (free_policy)
246                 {
247                 ASN1_OCTET_STRING_free(*policy);
248                 *policy = NULL;
249                 }
250         return 0;
251         }
252
253 static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
254         X509V3_CTX *ctx, char *value)
255         {
256         PROXY_CERT_INFO_EXTENSION *pci = NULL;
257         STACK_OF(CONF_VALUE) *vals;
258         ASN1_OBJECT *language = NULL;
259         ASN1_INTEGER *pathlen = NULL;
260         ASN1_OCTET_STRING *policy = NULL;
261         int i, j;
262
263         vals = X509V3_parse_list(value);
264         for (i = 0; i < sk_CONF_VALUE_num(vals); i++)
265                 {
266                 CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
267                 if (!cnf->name || (*cnf->name != '@' && !cnf->value))
268                         {
269                         X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);
270                         X509V3_conf_err(cnf);
271                         goto err;
272                         }
273                 if (*cnf->name == '@')
274                         {
275                         STACK_OF(CONF_VALUE) *sect;
276                         int success_p = 1;
277
278                         sect = X509V3_get_section(ctx, cnf->name + 1);
279                         if (!sect)
280                                 {
281                                 X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);
282                                 X509V3_conf_err(cnf);
283                                 goto err;
284                                 }
285                         for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++)
286                                 {
287                                 success_p =
288                                         process_pci_value(sk_CONF_VALUE_value(sect, j),
289                                                 &language, &pathlen, &policy);
290                                 }
291                         X509V3_section_free(ctx, sect);
292                         if (!success_p)
293                                 goto err;
294                         }
295                 else
296                         {
297                         if (!process_pci_value(cnf,
298                                         &language, &pathlen, &policy))
299                                 {
300                                 X509V3_conf_err(cnf);
301                                 goto err;
302                                 }
303                         }
304                 }
305
306         /* Language is mandatory */
307         if (!language)
308                 {
309                 X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
310                 goto err;
311                 }
312         i = OBJ_obj2nid(language);
313         if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)
314                 {
315                 X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
316                 goto err;
317                 }
318
319         pci = PROXY_CERT_INFO_EXTENSION_new();
320         if (!pci)
321                 {
322                 X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
323                 goto err;
324                 }
325
326         pci->proxyPolicy->policyLanguage = language; language = NULL;
327         pci->proxyPolicy->policy = policy; policy = NULL;
328         pci->pcPathLengthConstraint = pathlen; pathlen = NULL;
329         goto end;
330 err:
331         if (language) { ASN1_OBJECT_free(language); language = NULL; }
332         if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
333         if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
334         if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
335 end:
336         sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
337         return pci;
338         }