1d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* v3_sxnet.c */
24969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin/*
34969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
44969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * 1999.
5d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */
6d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ====================================================================
7d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
8d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
9d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without
10d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions
11d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met:
12d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
13d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the above copyright
144969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin *    notice, this list of conditions and the following disclaimer.
15d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
16d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright
17d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    notice, this list of conditions and the following disclaimer in
18d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    the documentation and/or other materials provided with the
19d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    distribution.
20d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
21d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this
22d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    software must display the following acknowledgment:
23d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    "This product includes software developed by the OpenSSL Project
24d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
26d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    endorse or promote products derived from this software without
28d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    prior written permission. For written permission, please contact
29d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    licensing@OpenSSL.org.
30d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
31d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 5. Products derived from this software may not be called "OpenSSL"
32d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    nor may "OpenSSL" appear in their names without prior written
33d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    permission of the OpenSSL Project.
34d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
35d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 6. Redistributions of any form whatsoever must retain the following
36d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    acknowledgment:
37d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    "This product includes software developed by the OpenSSL Project
38d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
40d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OF THE POSSIBILITY OF SUCH DAMAGE.
52d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ====================================================================
53d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
54d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This product includes cryptographic software written by Eric Young
55d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * (eay@cryptsoft.com).  This product includes software written by Tim
56d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Hudson (tjh@cryptsoft.com).
57d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
58d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */
59d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
60d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <stdio.h>
61d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <string.h>
62d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
63d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/asn1.h>
64d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/asn1t.h>
65d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/conf.h>
66d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/err.h>
67d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/mem.h>
68d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/obj.h>
69d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/x509v3.h>
70d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
71d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Support for Thawte strong extranet extension */
72d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
73d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SXNET_TEST
74d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
754969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjaminstatic int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
764969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin                     int indent);
77d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#ifdef SXNET_TEST
784969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjaminstatic SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
794969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin                        STACK_OF(CONF_VALUE) *nval);
80d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif
81d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyconst X509V3_EXT_METHOD v3_sxnet = {
824969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
834969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    0, 0, 0, 0,
844969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    0, 0,
854969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    0,
86d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#ifdef SXNET_TEST
874969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    (X509V3_EXT_V2I)sxnet_v2i,
88d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#else
894969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    0,
90d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif
914969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    (X509V3_EXT_I2R)sxnet_i2r,
924969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    0,
934969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    NULL
94d9e397b599b13d642138480a28c14db7a136bf0Adam Langley};
95d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
96d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyASN1_SEQUENCE(SXNETID) = {
974969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
984969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
99d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} ASN1_SEQUENCE_END(SXNETID)
100d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
101d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyIMPLEMENT_ASN1_FUNCTIONS(SXNETID)
102d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
103d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyASN1_SEQUENCE(SXNET) = {
1044969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
1054969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
106d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} ASN1_SEQUENCE_END(SXNET)
107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
108d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyIMPLEMENT_ASN1_FUNCTIONS(SXNET)
109d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
110d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystatic int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
1114969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin                     int indent)
112d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{
1134969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    long v;
1144969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    char *tmp;
1154969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    SXNETID *id;
1164969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    size_t i;
1174969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    v = ASN1_INTEGER_get(sx->version);
1184969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
1194969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
1204969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        id = sk_SXNETID_value(sx->ids, i);
1214969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        tmp = i2s_ASN1_INTEGER(NULL, id->zone);
1224969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
1234969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        OPENSSL_free(tmp);
1244969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        M_ASN1_OCTET_STRING_print(out, id->user);
1254969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    }
1264969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    return 1;
127d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}
128d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
129d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#ifdef SXNET_TEST
130d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
1314969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin/*
1324969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * NBB: this is used for testing only. It should *not* be used for anything
133d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * else because it will just take static IDs from the configuration file and
134d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * they should really be separate values for each user.
135d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */
136d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
1374969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjaminstatic SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
1384969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin                        STACK_OF(CONF_VALUE) *nval)
139d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{
1404969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    CONF_VALUE *cnf;
1414969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    SXNET *sx = NULL;
1424969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    size_t i;
1434969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
1444969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        cnf = sk_CONF_VALUE_value(nval, i);
1454969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
1464969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin            return NULL;
1474969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    }
1484969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    return sx;
149d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}
1504969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin
151d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif
152d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
153d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Strong Extranet utility functions */
154d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
155d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Add an id given the zone as an ASCII number */
156d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
1574969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjaminint SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
158d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{
1594969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    ASN1_INTEGER *izone = NULL;
1604969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
1614969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_CONVERTING_ZONE);
1624969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        return 0;
1634969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    }
1644969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    return SXNET_add_id_INTEGER(psx, izone, user, userlen);
165d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}
166d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
167d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Add an id given the zone as an unsigned long */
168d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
169d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
1704969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin                       int userlen)
171d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{
1724969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    ASN1_INTEGER *izone = NULL;
1734969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
1744969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
1754969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        M_ASN1_INTEGER_free(izone);
1764969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        return 0;
1774969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    }
1784969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    return SXNET_add_id_INTEGER(psx, izone, user, userlen);
1794969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin
180d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}
181d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
1824969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin/*
1834969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * Add an id given the zone as an ASN1_INTEGER. Note this version uses the
1844969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * passed integer and doesn't make a copy so don't free it up afterwards.
185d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */
186d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
187d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
1884969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin                         int userlen)
189d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{
1904969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    SXNET *sx = NULL;
1914969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    SXNETID *id = NULL;
1924969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (!psx || !zone || !user) {
1934969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT);
1944969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        return 0;
1954969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    }
1964969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (userlen == -1)
1974969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        userlen = strlen(user);
1984969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (userlen > 64) {
1994969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        OPENSSL_PUT_ERROR(X509V3, X509V3_R_USER_TOO_LONG);
2004969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        return 0;
2014969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    }
2024969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (!*psx) {
2034969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        if (!(sx = SXNET_new()))
2044969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin            goto err;
2054969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        if (!ASN1_INTEGER_set(sx->version, 0))
2064969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin            goto err;
2074969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        *psx = sx;
2084969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    } else
2094969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        sx = *psx;
2104969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (SXNET_get_id_INTEGER(sx, zone)) {
2114969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        OPENSSL_PUT_ERROR(X509V3, X509V3_R_DUPLICATE_ZONE_ID);
2124969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        return 0;
2134969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    }
2144969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin
2154969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (!(id = SXNETID_new()))
2164969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        goto err;
2174969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (userlen == -1)
2184969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        userlen = strlen(user);
2194969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin
2204969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen))
2214969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        goto err;
2224969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (!sk_SXNETID_push(sx->ids, id))
2234969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        goto err;
2244969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    id->zone = zone;
2254969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    return 1;
226d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
2274969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin err:
2284969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
2294969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    SXNETID_free(id);
2304969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    SXNET_free(sx);
2314969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    *psx = NULL;
2324969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    return 0;
233d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}
234d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
235d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
236d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{
2374969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    ASN1_INTEGER *izone = NULL;
2384969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    ASN1_OCTET_STRING *oct;
2394969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
2404969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_CONVERTING_ZONE);
2414969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        return NULL;
2424969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    }
2434969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    oct = SXNET_get_id_INTEGER(sx, izone);
2444969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    M_ASN1_INTEGER_free(izone);
2454969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    return oct;
246d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}
247d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
248d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
249d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{
2504969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    ASN1_INTEGER *izone = NULL;
2514969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    ASN1_OCTET_STRING *oct;
2524969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
2534969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
2544969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        M_ASN1_INTEGER_free(izone);
2554969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        return NULL;
2564969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    }
2574969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    oct = SXNET_get_id_INTEGER(sx, izone);
2584969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    M_ASN1_INTEGER_free(izone);
2594969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    return oct;
260d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}
261d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
262d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
263d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{
2644969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    SXNETID *id;
2654969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    size_t i;
2664969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
2674969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        id = sk_SXNETID_value(sx->ids, i);
2684969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        if (!M_ASN1_INTEGER_cmp(id->zone, zone))
2694969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin            return id->user;
2704969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    }
2714969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    return NULL;
272d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}
273d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
274d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyIMPLEMENT_ASN1_SET_OF(SXNETID)
275