1 /* $OpenBSD: x_x509a.c,v 1.18 2021/12/25 13:17:48 jsing Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 1999. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 61 #include <openssl/asn1t.h> 62 #include <openssl/evp.h> 63 #include <openssl/x509.h> 64 65 #include "x509_lcl.h" 66 67 /* X509_CERT_AUX routines. These are used to encode additional 68 * user modifiable data about a certificate. This data is 69 * appended to the X509 encoding when the *_X509_AUX routines 70 * are used. This means that the "traditional" X509 routines 71 * will simply ignore the extra data. 72 */ 73 74 static X509_CERT_AUX *aux_get(X509 *x); 75 76 static const ASN1_TEMPLATE X509_CERT_AUX_seq_tt[] = { 77 { 78 .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, 79 .offset = offsetof(X509_CERT_AUX, trust), 80 .field_name = "trust", 81 .item = &ASN1_OBJECT_it, 82 }, 83 { 84 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | 85 ASN1_TFLG_OPTIONAL, 86 .tag = 0, 87 .offset = offsetof(X509_CERT_AUX, reject), 88 .field_name = "reject", 89 .item = &ASN1_OBJECT_it, 90 }, 91 { 92 .flags = ASN1_TFLG_OPTIONAL, 93 .offset = offsetof(X509_CERT_AUX, alias), 94 .field_name = "alias", 95 .item = &ASN1_UTF8STRING_it, 96 }, 97 { 98 .flags = ASN1_TFLG_OPTIONAL, 99 .offset = offsetof(X509_CERT_AUX, keyid), 100 .field_name = "keyid", 101 .item = &ASN1_OCTET_STRING_it, 102 }, 103 { 104 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | 105 ASN1_TFLG_OPTIONAL, 106 .tag = 1, 107 .offset = offsetof(X509_CERT_AUX, other), 108 .field_name = "other", 109 .item = &X509_ALGOR_it, 110 }, 111 }; 112 113 const ASN1_ITEM X509_CERT_AUX_it = { 114 .itype = ASN1_ITYPE_SEQUENCE, 115 .utype = V_ASN1_SEQUENCE, 116 .templates = X509_CERT_AUX_seq_tt, 117 .tcount = sizeof(X509_CERT_AUX_seq_tt) / sizeof(ASN1_TEMPLATE), 118 .size = sizeof(X509_CERT_AUX), 119 .sname = "X509_CERT_AUX", 120 }; 121 122 123 X509_CERT_AUX * 124 d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len) 125 { 126 return (X509_CERT_AUX *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 127 &X509_CERT_AUX_it); 128 } 129 130 int 131 i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out) 132 { 133 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CERT_AUX_it); 134 } 135 136 X509_CERT_AUX * 137 X509_CERT_AUX_new(void) 138 { 139 return (X509_CERT_AUX *)ASN1_item_new(&X509_CERT_AUX_it); 140 } 141 142 void 143 X509_CERT_AUX_free(X509_CERT_AUX *a) 144 { 145 ASN1_item_free((ASN1_VALUE *)a, &X509_CERT_AUX_it); 146 } 147 148 static X509_CERT_AUX * 149 aux_get(X509 *x) 150 { 151 if (!x) 152 return NULL; 153 if (!x->aux && !(x->aux = X509_CERT_AUX_new())) 154 return NULL; 155 return x->aux; 156 } 157 158 int 159 X509_alias_set1(X509 *x, const unsigned char *name, int len) 160 { 161 X509_CERT_AUX *aux; 162 if (!name) { 163 if (!x || !x->aux || !x->aux->alias) 164 return 1; 165 ASN1_UTF8STRING_free(x->aux->alias); 166 x->aux->alias = NULL; 167 return 1; 168 } 169 if (!(aux = aux_get(x))) 170 return 0; 171 if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) 172 return 0; 173 return ASN1_STRING_set(aux->alias, name, len); 174 } 175 176 int 177 X509_keyid_set1(X509 *x, const unsigned char *id, int len) 178 { 179 X509_CERT_AUX *aux; 180 if (!id) { 181 if (!x || !x->aux || !x->aux->keyid) 182 return 1; 183 ASN1_OCTET_STRING_free(x->aux->keyid); 184 x->aux->keyid = NULL; 185 return 1; 186 } 187 if (!(aux = aux_get(x))) 188 return 0; 189 if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) 190 return 0; 191 return ASN1_STRING_set(aux->keyid, id, len); 192 } 193 194 unsigned char * 195 X509_alias_get0(X509 *x, int *len) 196 { 197 if (!x->aux || !x->aux->alias) 198 return NULL; 199 if (len) 200 *len = x->aux->alias->length; 201 return x->aux->alias->data; 202 } 203 204 unsigned char * 205 X509_keyid_get0(X509 *x, int *len) 206 { 207 if (!x->aux || !x->aux->keyid) 208 return NULL; 209 if (len) 210 *len = x->aux->keyid->length; 211 return x->aux->keyid->data; 212 } 213 214 int 215 X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj) 216 { 217 X509_CERT_AUX *aux; 218 ASN1_OBJECT *objtmp; 219 int rc; 220 221 if (!(objtmp = OBJ_dup(obj))) 222 return 0; 223 if (!(aux = aux_get(x))) 224 goto err; 225 if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null())) 226 goto err; 227 rc = sk_ASN1_OBJECT_push(aux->trust, objtmp); 228 if (rc != 0) 229 return rc; 230 231 err: 232 ASN1_OBJECT_free(objtmp); 233 return 0; 234 } 235 236 int 237 X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj) 238 { 239 X509_CERT_AUX *aux; 240 ASN1_OBJECT *objtmp; 241 int rc; 242 243 if (!(objtmp = OBJ_dup(obj))) 244 return 0; 245 if (!(aux = aux_get(x))) 246 goto err; 247 if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null())) 248 goto err; 249 rc = sk_ASN1_OBJECT_push(aux->reject, objtmp); 250 if (rc != 0) 251 return rc; 252 253 err: 254 ASN1_OBJECT_free(objtmp); 255 return 0; 256 } 257 258 void 259 X509_trust_clear(X509 *x) 260 { 261 if (x->aux && x->aux->trust) { 262 sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); 263 x->aux->trust = NULL; 264 } 265 } 266 267 void 268 X509_reject_clear(X509 *x) 269 { 270 if (x->aux && x->aux->reject) { 271 sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); 272 x->aux->reject = NULL; 273 } 274 } 275