1 /* $OpenBSD: x509_v3.c,v 1.17 2018/05/19 10:54:40 tb Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 61 #include <openssl/asn1.h> 62 #include <openssl/err.h> 63 #include <openssl/evp.h> 64 #include <openssl/objects.h> 65 #include <openssl/stack.h> 66 #include <openssl/x509.h> 67 #include <openssl/x509v3.h> 68 69 int 70 X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) 71 { 72 if (x == NULL) 73 return (0); 74 return (sk_X509_EXTENSION_num(x)); 75 } 76 77 int 78 X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, int lastpos) 79 { 80 ASN1_OBJECT *obj; 81 82 obj = OBJ_nid2obj(nid); 83 if (obj == NULL) 84 return (-2); 85 return (X509v3_get_ext_by_OBJ(x, obj, lastpos)); 86 } 87 88 int 89 X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, 90 const ASN1_OBJECT *obj, int lastpos) 91 { 92 int n; 93 X509_EXTENSION *ex; 94 95 if (sk == NULL) 96 return (-1); 97 lastpos++; 98 if (lastpos < 0) 99 lastpos = 0; 100 n = sk_X509_EXTENSION_num(sk); 101 for (; lastpos < n; lastpos++) { 102 ex = sk_X509_EXTENSION_value(sk, lastpos); 103 if (OBJ_cmp(ex->object, obj) == 0) 104 return (lastpos); 105 } 106 return (-1); 107 } 108 109 int 110 X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, 111 int lastpos) 112 { 113 int n; 114 X509_EXTENSION *ex; 115 116 if (sk == NULL) 117 return (-1); 118 lastpos++; 119 if (lastpos < 0) 120 lastpos = 0; 121 n = sk_X509_EXTENSION_num(sk); 122 for (; lastpos < n; lastpos++) { 123 ex = sk_X509_EXTENSION_value(sk, lastpos); 124 if (((ex->critical > 0) && crit) || 125 ((ex->critical <= 0) && !crit)) 126 return (lastpos); 127 } 128 return (-1); 129 } 130 131 X509_EXTENSION * 132 X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) 133 { 134 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) 135 return NULL; 136 else 137 return sk_X509_EXTENSION_value(x, loc); 138 } 139 140 X509_EXTENSION * 141 X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc) 142 { 143 X509_EXTENSION *ret; 144 145 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) 146 return (NULL); 147 ret = sk_X509_EXTENSION_delete(x, loc); 148 return (ret); 149 } 150 151 STACK_OF(X509_EXTENSION) * 152 X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc) 153 { 154 X509_EXTENSION *new_ex = NULL; 155 int n; 156 STACK_OF(X509_EXTENSION) *sk = NULL; 157 158 if (x == NULL) { 159 X509error(ERR_R_PASSED_NULL_PARAMETER); 160 goto err2; 161 } 162 163 if (*x == NULL) { 164 if ((sk = sk_X509_EXTENSION_new_null()) == NULL) 165 goto err; 166 } else 167 sk= *x; 168 169 n = sk_X509_EXTENSION_num(sk); 170 if (loc > n) 171 loc = n; 172 else if (loc < 0) 173 loc = n; 174 175 if ((new_ex = X509_EXTENSION_dup(ex)) == NULL) 176 goto err2; 177 if (!sk_X509_EXTENSION_insert(sk, new_ex, loc)) 178 goto err; 179 if (*x == NULL) 180 *x = sk; 181 return (sk); 182 183 err: 184 X509error(ERR_R_MALLOC_FAILURE); 185 err2: 186 if (new_ex != NULL) 187 X509_EXTENSION_free(new_ex); 188 if (sk != NULL && (x != NULL && sk != *x)) 189 sk_X509_EXTENSION_free(sk); 190 return (NULL); 191 } 192 193 X509_EXTENSION * 194 X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit, 195 ASN1_OCTET_STRING *data) 196 { 197 ASN1_OBJECT *obj; 198 X509_EXTENSION *ret; 199 200 obj = OBJ_nid2obj(nid); 201 if (obj == NULL) { 202 X509error(X509_R_UNKNOWN_NID); 203 return (NULL); 204 } 205 ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data); 206 if (ret == NULL) 207 ASN1_OBJECT_free(obj); 208 return (ret); 209 } 210 211 X509_EXTENSION * 212 X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, const ASN1_OBJECT *obj, 213 int crit, ASN1_OCTET_STRING *data) 214 { 215 X509_EXTENSION *ret; 216 217 if ((ex == NULL) || (*ex == NULL)) { 218 if ((ret = X509_EXTENSION_new()) == NULL) { 219 X509error(ERR_R_MALLOC_FAILURE); 220 return (NULL); 221 } 222 } else 223 ret= *ex; 224 225 if (!X509_EXTENSION_set_object(ret, obj)) 226 goto err; 227 if (!X509_EXTENSION_set_critical(ret, crit)) 228 goto err; 229 if (!X509_EXTENSION_set_data(ret, data)) 230 goto err; 231 232 if ((ex != NULL) && (*ex == NULL)) 233 *ex = ret; 234 return (ret); 235 236 err: 237 if ((ex == NULL) || (ret != *ex)) 238 X509_EXTENSION_free(ret); 239 return (NULL); 240 } 241 242 int 243 X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj) 244 { 245 if ((ex == NULL) || (obj == NULL)) 246 return (0); 247 ASN1_OBJECT_free(ex->object); 248 ex->object = OBJ_dup(obj); 249 return ex->object != NULL; 250 } 251 252 int 253 X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) 254 { 255 if (ex == NULL) 256 return (0); 257 ex->critical = (crit) ? 0xFF : -1; 258 return (1); 259 } 260 261 int 262 X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) 263 { 264 int i; 265 266 if (ex == NULL) 267 return (0); 268 i = ASN1_STRING_set(ex->value, data->data, data->length); 269 if (!i) 270 return (0); 271 return (1); 272 } 273 274 ASN1_OBJECT * 275 X509_EXTENSION_get_object(X509_EXTENSION *ex) 276 { 277 if (ex == NULL) 278 return (NULL); 279 return (ex->object); 280 } 281 282 ASN1_OCTET_STRING * 283 X509_EXTENSION_get_data(X509_EXTENSION *ex) 284 { 285 if (ex == NULL) 286 return (NULL); 287 return (ex->value); 288 } 289 290 int 291 X509_EXTENSION_get_critical(const X509_EXTENSION *ex) 292 { 293 if (ex == NULL) 294 return (0); 295 if (ex->critical > 0) 296 return 1; 297 return 0; 298 } 299