diff options
author | Ben Laurie <ben@openssl.org> | 2012-06-07 13:20:47 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 2012-06-07 13:20:47 +0000 |
commit | 7a71af86ce75751f3cb2e9e9e3f2e0715b39b101 (patch) | |
tree | 3f2fd5284f987ff3bcc78128dc7623c085c2611d /ssl/ssl_rsa.c | |
parent | 32e62d1cc486f3f37fa5cbe66de8c0de1b321778 (diff) | |
download | openssl-7a71af86ce75751f3cb2e9e9e3f2e0715b39b101.zip openssl-7a71af86ce75751f3cb2e9e9e3f2e0715b39b101.tar.gz openssl-7a71af86ce75751f3cb2e9e9e3f2e0715b39b101.tar.bz2 |
Rearrange and test authz extension.
Diffstat (limited to 'ssl/ssl_rsa.c')
-rw-r--r-- | ssl/ssl_rsa.c | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 855952d..1babdef 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -855,6 +855,46 @@ static char authz_validate(const unsigned char *authz, size_t length) } } +static const unsigned char *authz_find_data(const unsigned char *authz, + size_t authz_length, + unsigned char data_type, + size_t *data_length) + { + if (authz == NULL) return NULL; + if (!authz_validate(authz, authz_length)) + { + SSLerr(SSL_F_AUTHZ_FIND_DATA,SSL_R_INVALID_AUTHZ_DATA); + return NULL; + } + + for (;;) + { + unsigned char type; + unsigned short len; + if (!authz_length) + return NULL; + + type = *(authz++); + authz_length--; + + /* We've validated the authz data, so we don't have to + * check again that we have enough bytes left. */ + len = ((unsigned short) authz[0]) << 8 | + ((unsigned short) authz[1]); + authz += 2; + authz_length -= 2; + if (type == data_type) + { + *data_length = len; + return authz; + } + authz += len; + authz_length -= len; + } + /* No match */ + return NULL; + } + static int ssl_set_authz(CERT *c, unsigned char *authz, size_t authz_length) { CERT_PKEY *current_key = c->key; @@ -901,4 +941,90 @@ int SSL_use_authz(SSL *ssl, unsigned char *authz, size_t authz_length) } return ssl_set_authz(ssl->cert, authz, authz_length); } + +const unsigned char *SSL_CTX_get_authz_data(SSL_CTX *ctx, unsigned char type, + size_t *data_length) + { + CERT_PKEY *current_key; + + if (ctx->cert == NULL) + return NULL; + current_key = ctx->cert->key; + if (current_key->authz == NULL) + return NULL; + return authz_find_data(current_key->authz, + current_key->authz_length, type, data_length); + } + +#ifndef OPENSSL_NO_STDIO +/* read_authz returns a newly allocated buffer with authz data */ +static unsigned char *read_authz(const char *file, size_t *authz_length) + { + BIO *authz_in = NULL; + unsigned char *authz = NULL; + /* Allow authzs up to 64KB. */ + static const size_t authz_limit = 65536; + size_t read_length; + unsigned char *ret = NULL; + + authz_in = BIO_new(BIO_s_file_internal()); + if (authz_in == NULL) + { + SSLerr(SSL_F_READ_AUTHZ,ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(authz_in,file) <= 0) + { + SSLerr(SSL_F_READ_AUTHZ,ERR_R_SYS_LIB); + goto end; + } + + authz = OPENSSL_malloc(authz_limit); + read_length = BIO_read(authz_in, authz, authz_limit); + if (read_length == authz_limit || read_length <= 0) + { + SSLerr(SSL_F_READ_AUTHZ,SSL_R_AUTHZ_DATA_TOO_LARGE); + OPENSSL_free(authz); + goto end; + } + *authz_length = read_length; + ret = authz; +end: + if (authz_in != NULL) BIO_free(authz_in); + return ret; + } + +int SSL_CTX_use_authz_file(SSL_CTX *ctx, const char *file) + { + unsigned char *authz = NULL; + size_t authz_length = 0; + int ret; + + authz = read_authz(file, &authz_length); + if (authz == NULL) + return 0; + + ret = SSL_CTX_use_authz(ctx, authz, authz_length); + /* SSL_CTX_use_authz makes a local copy of the authz. */ + OPENSSL_free(authz); + return ret; + } + +int SSL_use_authz_file(SSL *ssl, const char *file) + { + unsigned char *authz = NULL; + size_t authz_length = 0; + int ret; + + authz = read_authz(file, &authz_length); + if (authz == NULL) + return 0; + + ret = SSL_use_authz(ssl, authz, authz_length); + /* SSL_use_authz makes a local copy of the authz. */ + OPENSSL_free(authz); + return ret; + } +#endif /* OPENSSL_NO_STDIO */ #endif /* OPENSSL_NO_TLSEXT */ |