Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | | - |
29 | | - |
30 | | - |
31 | | - |
32 | | - |
33 | | - |
34 | | - |
35 | | - |
36 | | - |
37 | #include <stdio.h> | - |
38 | #include <string.h> | - |
39 | | - |
40 | #include <openssl/conf.h> | - |
41 | #include <openssl/err.h> | - |
42 | #include <openssl/x509v3.h> | - |
43 | | - |
44 | static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, | - |
45 | BIO *out, int indent); | - |
46 | static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, | - |
47 | X509V3_CTX *ctx, char *str); | - |
48 | | - |
49 | const X509V3_EXT_METHOD v3_pci = { | - |
50 | .ext_nid = NID_proxyCertInfo, | - |
51 | .ext_flags = 0, | - |
52 | .it = &PROXY_CERT_INFO_EXTENSION_it, | - |
53 | .ext_new = NULL, | - |
54 | .ext_free = NULL, | - |
55 | .d2i = NULL, | - |
56 | .i2d = NULL, | - |
57 | .i2s = NULL, | - |
58 | .s2i = NULL, | - |
59 | .i2v = NULL, | - |
60 | .v2i = NULL, | - |
61 | .i2r = (X509V3_EXT_I2R)i2r_pci, | - |
62 | .r2i = (X509V3_EXT_R2I)r2i_pci, | - |
63 | .usr_data = NULL, | - |
64 | }; | - |
65 | | - |
66 | static int | - |
67 | i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, BIO *out, | - |
68 | int indent) | - |
69 | { | - |
70 | BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); | - |
71 | if (pci->pcPathLengthConstraint)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
72 | i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); never executed: i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); | 0 |
73 | else | - |
74 | BIO_printf(out, "infinite"); never executed: BIO_printf(out, "infinite"); | 0 |
75 | BIO_puts(out, "\n"); | - |
76 | BIO_printf(out, "%*sPolicy Language: ", indent, ""); | - |
77 | i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); | - |
78 | BIO_puts(out, "\n"); | - |
79 | if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
80 | BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", never executed: BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", pci->proxyPolicy->policy->data); | 0 |
81 | pci->proxyPolicy->policy->data); never executed: BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", pci->proxyPolicy->policy->data); | 0 |
82 | return 1; never executed: return 1; | 0 |
83 | } | - |
84 | | - |
85 | static int | - |
86 | process_pci_value(CONF_VALUE *val, ASN1_OBJECT **language, | - |
87 | ASN1_INTEGER **pathlen, ASN1_OCTET_STRING **policy) | - |
88 | { | - |
89 | int free_policy = 0; | - |
90 | | - |
91 | if (strcmp(val->name, "language") == 0) { never executed: __result = (((const unsigned char *) (const char *) ( val->name ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "language" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
92 | if (*language) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
93 | X509V3error(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED); | - |
94 | X509V3_conf_err(val); | - |
95 | return 0; never executed: return 0; | 0 |
96 | } | - |
97 | if (!(*language = OBJ_txt2obj(val->value, 0))) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
98 | X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER); | - |
99 | X509V3_conf_err(val); | - |
100 | return 0; never executed: return 0; | 0 |
101 | } | - |
102 | } never executed: end of block | 0 |
103 | else if (strcmp(val->name, "pathlen") == 0) { never executed: __result = (((const unsigned char *) (const char *) ( val->name ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "pathlen" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
104 | if (*pathlen) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
105 | X509V3error(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED); | - |
106 | X509V3_conf_err(val); | - |
107 | return 0; never executed: return 0; | 0 |
108 | } | - |
109 | if (!X509V3_get_value_int(val, pathlen)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
110 | X509V3error(X509V3_R_POLICY_PATH_LENGTH); | - |
111 | X509V3_conf_err(val); | - |
112 | return 0; never executed: return 0; | 0 |
113 | } | - |
114 | } never executed: end of block | 0 |
115 | else if (strcmp(val->name, "policy") == 0) { never executed: __result = (((const unsigned char *) (const char *) ( val->name ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "policy" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
116 | unsigned char *tmp_data = NULL; | - |
117 | long val_len; | - |
118 | if (!*policy) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
119 | *policy = ASN1_OCTET_STRING_new(); | - |
120 | if (!*policy) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
121 | X509V3error(ERR_R_MALLOC_FAILURE); | - |
122 | X509V3_conf_err(val); | - |
123 | return 0; never executed: return 0; | 0 |
124 | } | - |
125 | free_policy = 1; | - |
126 | } never executed: end of block | 0 |
127 | if (strncmp(val->value, "hex:", 4) == 0) { never executed: __result = (((const unsigned char *) (const char *) ( val->value ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "hex:" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
128 | unsigned char *tmp_data2 = | - |
129 | string_to_hex(val->value + 4, &val_len); | - |
130 | | - |
131 | if (!tmp_data2) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
132 | X509V3error(X509V3_R_ILLEGAL_HEX_DIGIT); | - |
133 | X509V3_conf_err(val); | - |
134 | goto err; never executed: goto err; | 0 |
135 | } | - |
136 | | - |
137 | tmp_data = realloc((*policy)->data, | - |
138 | (*policy)->length + val_len + 1); | - |
139 | if (tmp_data) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
140 | (*policy)->data = tmp_data; | - |
141 | memcpy(&(*policy)->data[(*policy)->length], | - |
142 | tmp_data2, val_len); | - |
143 | (*policy)->length += val_len; | - |
144 | (*policy)->data[(*policy)->length] = '\0'; | - |
145 | } else { never executed: end of block | 0 |
146 | free(tmp_data2); | - |
147 | free((*policy)->data); | - |
148 | (*policy)->data = NULL; | - |
149 | (*policy)->length = 0; | - |
150 | X509V3error(ERR_R_MALLOC_FAILURE); | - |
151 | X509V3_conf_err(val); | - |
152 | goto err; never executed: goto err; | 0 |
153 | } | - |
154 | free(tmp_data2); | - |
155 | } never executed: end of block | 0 |
156 | else if (strncmp(val->value, "file:", 5) == 0) { never executed: __result = (((const unsigned char *) (const char *) ( val->value ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "file:" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
157 | unsigned char buf[2048]; | - |
158 | int n; | - |
159 | BIO *b = BIO_new_file(val->value + 5, "r"); | - |
160 | if (!b) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
161 | X509V3error(ERR_R_BIO_LIB); | - |
162 | X509V3_conf_err(val); | - |
163 | goto err; never executed: goto err; | 0 |
164 | } | - |
165 | while ((n = BIO_read(b, buf, sizeof(buf))) > 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
166 | (n == 0 && BIO_should_retry(b))) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
167 | if (!n)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
168 | continue; never executed: continue; | 0 |
169 | | - |
170 | tmp_data = realloc((*policy)->data, | - |
171 | (*policy)->length + n + 1); | - |
172 | | - |
173 | if (!tmp_data)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
174 | break; never executed: break; | 0 |
175 | | - |
176 | (*policy)->data = tmp_data; | - |
177 | memcpy(&(*policy)->data[(*policy)->length], | - |
178 | buf, n); | - |
179 | (*policy)->length += n; | - |
180 | (*policy)->data[(*policy)->length] = '\0'; | - |
181 | } never executed: end of block | 0 |
182 | BIO_free_all(b); | - |
183 | | - |
184 | if (n < 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
185 | X509V3error(ERR_R_BIO_LIB); | - |
186 | X509V3_conf_err(val); | - |
187 | goto err; never executed: goto err; | 0 |
188 | } | - |
189 | } never executed: end of block | 0 |
190 | else if (strncmp(val->value, "text:", 5) == 0) { never executed: __result = (((const unsigned char *) (const char *) ( val->value ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "text:" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
191 | val_len = strlen(val->value + 5); | - |
192 | tmp_data = realloc((*policy)->data, | - |
193 | (*policy)->length + val_len + 1); | - |
194 | if (tmp_data) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
195 | (*policy)->data = tmp_data; | - |
196 | memcpy(&(*policy)->data[(*policy)->length], | - |
197 | val->value + 5, val_len); | - |
198 | (*policy)->length += val_len; | - |
199 | (*policy)->data[(*policy)->length] = '\0'; | - |
200 | } else { never executed: end of block | 0 |
201 | free((*policy)->data); | - |
202 | (*policy)->data = NULL; | - |
203 | (*policy)->length = 0; | - |
204 | X509V3error(ERR_R_MALLOC_FAILURE); | - |
205 | X509V3_conf_err(val); | - |
206 | goto err; never executed: goto err; | 0 |
207 | } | - |
208 | } else { | - |
209 | X509V3error(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG); | - |
210 | X509V3_conf_err(val); | - |
211 | goto err; never executed: goto err; | 0 |
212 | } | - |
213 | if (!tmp_data) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
214 | X509V3error(ERR_R_MALLOC_FAILURE); | - |
215 | X509V3_conf_err(val); | - |
216 | goto err; never executed: goto err; | 0 |
217 | } | - |
218 | } never executed: end of block | 0 |
219 | return 1; never executed: return 1; | 0 |
220 | | - |
221 | err: | - |
222 | if (free_policy) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
223 | ASN1_OCTET_STRING_free(*policy); | - |
224 | *policy = NULL; | - |
225 | } never executed: end of block | 0 |
226 | return 0; never executed: return 0; | 0 |
227 | } | - |
228 | | - |
229 | static PROXY_CERT_INFO_EXTENSION * | - |
230 | r2i_pci(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value) | - |
231 | { | - |
232 | PROXY_CERT_INFO_EXTENSION *pci = NULL; | - |
233 | STACK_OF(CONF_VALUE) *vals; | - |
234 | ASN1_OBJECT *language = NULL; | - |
235 | ASN1_INTEGER *pathlen = NULL; | - |
236 | ASN1_OCTET_STRING *policy = NULL; | - |
237 | int i, j; | - |
238 | | - |
239 | vals = X509V3_parse_list(value); | - |
240 | for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
241 | CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); | - |
242 | if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
243 | X509V3error(X509V3_R_INVALID_PROXY_POLICY_SETTING); | - |
244 | X509V3_conf_err(cnf); | - |
245 | goto err; never executed: goto err; | 0 |
246 | } | - |
247 | if (*cnf->name == '@') {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
248 | STACK_OF(CONF_VALUE) *sect; | - |
249 | int success_p = 1; | - |
250 | | - |
251 | sect = X509V3_get_section(ctx, cnf->name + 1); | - |
252 | if (!sect) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
253 | X509V3error(X509V3_R_INVALID_SECTION); | - |
254 | X509V3_conf_err(cnf); | - |
255 | goto err; never executed: goto err; | 0 |
256 | } | - |
257 | for (j = 0; success_p &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
258 | j < sk_CONF_VALUE_num(sect); j++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
259 | success_p = process_pci_value( | - |
260 | sk_CONF_VALUE_value(sect, j), | - |
261 | &language, &pathlen, &policy); | - |
262 | } never executed: end of block | 0 |
263 | X509V3_section_free(ctx, sect); | - |
264 | if (!success_p)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
265 | goto err; never executed: goto err; | 0 |
266 | } else { never executed: end of block | 0 |
267 | if (!process_pci_value(cnf,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
268 | &language, &pathlen, &policy)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
269 | X509V3_conf_err(cnf); | - |
270 | goto err; never executed: goto err; | 0 |
271 | } | - |
272 | } never executed: end of block | 0 |
273 | } | - |
274 | | - |
275 | | - |
276 | if (!language) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
277 | X509V3error(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); | - |
278 | goto err; never executed: goto err; | 0 |
279 | } | - |
280 | i = OBJ_obj2nid(language); | - |
281 | if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
282 | X509V3error(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); | - |
283 | goto err; never executed: goto err; | 0 |
284 | } | - |
285 | | - |
286 | pci = PROXY_CERT_INFO_EXTENSION_new(); | - |
287 | if (!pci) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
288 | X509V3error(ERR_R_MALLOC_FAILURE); | - |
289 | goto err; never executed: goto err; | 0 |
290 | } | - |
291 | | - |
292 | pci->proxyPolicy->policyLanguage = language; | - |
293 | language = NULL; | - |
294 | pci->proxyPolicy->policy = policy; | - |
295 | policy = NULL; | - |
296 | pci->pcPathLengthConstraint = pathlen; | - |
297 | pathlen = NULL; | - |
298 | goto end; never executed: goto end; | 0 |
299 | | - |
300 | err: | - |
301 | ASN1_OBJECT_free(language); | - |
302 | language = NULL; | - |
303 | ASN1_INTEGER_free(pathlen); | - |
304 | pathlen = NULL; | - |
305 | ASN1_OCTET_STRING_free(policy); | - |
306 | policy = NULL; | - |
307 | end: code before this statement never executed: end: | 0 |
308 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); | - |
309 | return pci; never executed: return pci; | 0 |
310 | } | - |
| | |