1 /* $OpenBSD: x509_set.c,v 1.17 2018/08/24 19:55:58 tb Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 #include <stdio.h>
60 
61 #include <openssl/asn1.h>
62 #include <openssl/evp.h>
63 #include <openssl/objects.h>
64 #include <openssl/x509.h>
65 
66 const STACK_OF(X509_EXTENSION) *
67 X509_get0_extensions(const X509 *x)
68 {
69 	return x->cert_info->extensions;
70 }
71 
72 const X509_ALGOR *
73 X509_get0_tbs_sigalg(const X509 *x)
74 {
75 	return x->cert_info->signature;
76 }
77 
78 int
79 X509_set_version(X509 *x, long version)
80 {
81 	if (x == NULL)
82 		return (0);
83 	if (x->cert_info->version == NULL) {
84 		if ((x->cert_info->version = ASN1_INTEGER_new()) == NULL)
85 			return (0);
86 	}
87 	return (ASN1_INTEGER_set(x->cert_info->version, version));
88 }
89 
90 long
91 X509_get_version(const X509 *x)
92 {
93 	return ASN1_INTEGER_get(x->cert_info->version);
94 }
95 
96 int
97 X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
98 {
99 	ASN1_INTEGER *in;
100 
101 	if (x == NULL)
102 		return (0);
103 	in = x->cert_info->serialNumber;
104 	if (in != serial) {
105 		in = ASN1_INTEGER_dup(serial);
106 		if (in != NULL) {
107 			ASN1_INTEGER_free(x->cert_info->serialNumber);
108 			x->cert_info->serialNumber = in;
109 		}
110 	}
111 	return (in != NULL);
112 }
113 
114 int
115 X509_set_issuer_name(X509 *x, X509_NAME *name)
116 {
117 	if ((x == NULL) || (x->cert_info == NULL))
118 		return (0);
119 	return (X509_NAME_set(&x->cert_info->issuer, name));
120 }
121 
122 int
123 X509_set_subject_name(X509 *x, X509_NAME *name)
124 {
125 	if (x == NULL || x->cert_info == NULL)
126 		return (0);
127 	return (X509_NAME_set(&x->cert_info->subject, name));
128 }
129 
130 const ASN1_TIME *
131 X509_get0_notBefore(const X509 *x)
132 {
133 	return X509_getm_notBefore(x);
134 }
135 
136 ASN1_TIME *
137 X509_getm_notBefore(const X509 *x)
138 {
139 	if (x == NULL || x->cert_info == NULL || x->cert_info->validity == NULL)
140 		return (NULL);
141 	return x->cert_info->validity->notBefore;
142 }
143 
144 int
145 X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
146 {
147 	ASN1_TIME *in;
148 
149 	if (x == NULL || x->cert_info->validity == NULL)
150 		return (0);
151 	in = x->cert_info->validity->notBefore;
152 	if (in != tm) {
153 		in = ASN1_STRING_dup(tm);
154 		if (in != NULL) {
155 			ASN1_TIME_free(x->cert_info->validity->notBefore);
156 			x->cert_info->validity->notBefore = in;
157 		}
158 	}
159 	return (in != NULL);
160 }
161 
162 int
163 X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
164 {
165 	return X509_set_notBefore(x, tm);
166 }
167 
168 const ASN1_TIME *
169 X509_get0_notAfter(const X509 *x)
170 {
171 	return X509_getm_notAfter(x);
172 }
173 
174 ASN1_TIME *
175 X509_getm_notAfter(const X509 *x)
176 {
177 	if (x == NULL || x->cert_info == NULL || x->cert_info->validity == NULL)
178 		return (NULL);
179 	return x->cert_info->validity->notAfter;
180 }
181 
182 int
183 X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
184 {
185 	ASN1_TIME *in;
186 
187 	if (x == NULL || x->cert_info->validity == NULL)
188 		return (0);
189 	in = x->cert_info->validity->notAfter;
190 	if (in != tm) {
191 		in = ASN1_STRING_dup(tm);
192 		if (in != NULL) {
193 			ASN1_TIME_free(x->cert_info->validity->notAfter);
194 			x->cert_info->validity->notAfter = in;
195 		}
196 	}
197 	return (in != NULL);
198 }
199 
200 int
201 X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
202 {
203 	return X509_set_notAfter(x, tm);
204 }
205 
206 int
207 X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
208 {
209 	if ((x == NULL) || (x->cert_info == NULL))
210 		return (0);
211 	return (X509_PUBKEY_set(&(x->cert_info->key), pkey));
212 }
213 
214 int
215 X509_get_signature_type(const X509 *x)
216 {
217 	return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg->algorithm));
218 }
219