Rearrange and test authz extension.
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 855952d..1babdef 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -855,6 +855,46 @@
}
}
+static const unsigned char *authz_find_data(const unsigned char *authz,
+ size_t authz_length,
+ unsigned char data_type,
+ size_t *data_length)
+ {
+ if (authz == NULL) return NULL;
+ if (!authz_validate(authz, authz_length))
+ {
+ SSLerr(SSL_F_AUTHZ_FIND_DATA,SSL_R_INVALID_AUTHZ_DATA);
+ return NULL;
+ }
+
+ for (;;)
+ {
+ unsigned char type;
+ unsigned short len;
+ if (!authz_length)
+ return NULL;
+
+ type = *(authz++);
+ authz_length--;
+
+ /* We've validated the authz data, so we don't have to
+ * check again that we have enough bytes left. */
+ len = ((unsigned short) authz[0]) << 8 |
+ ((unsigned short) authz[1]);
+ authz += 2;
+ authz_length -= 2;
+ if (type == data_type)
+ {
+ *data_length = len;
+ return authz;
+ }
+ authz += len;
+ authz_length -= len;
+ }
+ /* No match */
+ return NULL;
+ }
+
static int ssl_set_authz(CERT *c, unsigned char *authz, size_t authz_length)
{
CERT_PKEY *current_key = c->key;
@@ -901,4 +941,90 @@
}
return ssl_set_authz(ssl->cert, authz, authz_length);
}
+
+const unsigned char *SSL_CTX_get_authz_data(SSL_CTX *ctx, unsigned char type,
+ size_t *data_length)
+ {
+ CERT_PKEY *current_key;
+
+ if (ctx->cert == NULL)
+ return NULL;
+ current_key = ctx->cert->key;
+ if (current_key->authz == NULL)
+ return NULL;
+ return authz_find_data(current_key->authz,
+ current_key->authz_length, type, data_length);
+ }
+
+#ifndef OPENSSL_NO_STDIO
+/* read_authz returns a newly allocated buffer with authz data */
+static unsigned char *read_authz(const char *file, size_t *authz_length)
+ {
+ BIO *authz_in = NULL;
+ unsigned char *authz = NULL;
+ /* Allow authzs up to 64KB. */
+ static const size_t authz_limit = 65536;
+ size_t read_length;
+ unsigned char *ret = NULL;
+
+ authz_in = BIO_new(BIO_s_file_internal());
+ if (authz_in == NULL)
+ {
+ SSLerr(SSL_F_READ_AUTHZ,ERR_R_BUF_LIB);
+ goto end;
+ }
+
+ if (BIO_read_filename(authz_in,file) <= 0)
+ {
+ SSLerr(SSL_F_READ_AUTHZ,ERR_R_SYS_LIB);
+ goto end;
+ }
+
+ authz = OPENSSL_malloc(authz_limit);
+ read_length = BIO_read(authz_in, authz, authz_limit);
+ if (read_length == authz_limit || read_length <= 0)
+ {
+ SSLerr(SSL_F_READ_AUTHZ,SSL_R_AUTHZ_DATA_TOO_LARGE);
+ OPENSSL_free(authz);
+ goto end;
+ }
+ *authz_length = read_length;
+ ret = authz;
+end:
+ if (authz_in != NULL) BIO_free(authz_in);
+ return ret;
+ }
+
+int SSL_CTX_use_authz_file(SSL_CTX *ctx, const char *file)
+ {
+ unsigned char *authz = NULL;
+ size_t authz_length = 0;
+ int ret;
+
+ authz = read_authz(file, &authz_length);
+ if (authz == NULL)
+ return 0;
+
+ ret = SSL_CTX_use_authz(ctx, authz, authz_length);
+ /* SSL_CTX_use_authz makes a local copy of the authz. */
+ OPENSSL_free(authz);
+ return ret;
+ }
+
+int SSL_use_authz_file(SSL *ssl, const char *file)
+ {
+ unsigned char *authz = NULL;
+ size_t authz_length = 0;
+ int ret;
+
+ authz = read_authz(file, &authz_length);
+ if (authz == NULL)
+ return 0;
+
+ ret = SSL_use_authz(ssl, authz, authz_length);
+ /* SSL_use_authz makes a local copy of the authz. */
+ OPENSSL_free(authz);
+ return ret;
+ }
+#endif /* OPENSSL_NO_STDIO */
#endif /* OPENSSL_NO_TLSEXT */
