1*e71b7053SJung-uk Kim /* 2*e71b7053SJung-uk Kim * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. 3*e71b7053SJung-uk Kim * 4*e71b7053SJung-uk Kim * Licensed under the OpenSSL license (the "License"). You may not use 5*e71b7053SJung-uk Kim * this file except in compliance with the License. You can obtain a copy 6*e71b7053SJung-uk Kim * in the file LICENSE in the source distribution or at 7*e71b7053SJung-uk Kim * https://www.openssl.org/source/license.html 8*e71b7053SJung-uk Kim */ 9*e71b7053SJung-uk Kim 10*e71b7053SJung-uk Kim #include <stdio.h> 11*e71b7053SJung-uk Kim #include "internal/cryptlib.h" 12*e71b7053SJung-uk Kim #include <openssl/evp.h> 13*e71b7053SJung-uk Kim #include <openssl/asn1t.h> 14*e71b7053SJung-uk Kim #include <openssl/x509.h> 15*e71b7053SJung-uk Kim #include "internal/x509_int.h" 16*e71b7053SJung-uk Kim 17*e71b7053SJung-uk Kim /* 18*e71b7053SJung-uk Kim * X509_CERT_AUX routines. These are used to encode additional user 19*e71b7053SJung-uk Kim * modifiable data about a certificate. This data is appended to the X509 20*e71b7053SJung-uk Kim * encoding when the *_X509_AUX routines are used. This means that the 21*e71b7053SJung-uk Kim * "traditional" X509 routines will simply ignore the extra data. 22*e71b7053SJung-uk Kim */ 23*e71b7053SJung-uk Kim 24*e71b7053SJung-uk Kim static X509_CERT_AUX *aux_get(X509 *x); 25*e71b7053SJung-uk Kim 26*e71b7053SJung-uk Kim ASN1_SEQUENCE(X509_CERT_AUX) = { 27*e71b7053SJung-uk Kim ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), 28*e71b7053SJung-uk Kim ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), 29*e71b7053SJung-uk Kim ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), 30*e71b7053SJung-uk Kim ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), 31*e71b7053SJung-uk Kim ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) 32*e71b7053SJung-uk Kim } ASN1_SEQUENCE_END(X509_CERT_AUX) 33*e71b7053SJung-uk Kim 34*e71b7053SJung-uk Kim IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX) 35*e71b7053SJung-uk Kim 36*e71b7053SJung-uk Kim int X509_trusted(const X509 *x) 37*e71b7053SJung-uk Kim { 38*e71b7053SJung-uk Kim return x->aux ? 1 : 0; 39*e71b7053SJung-uk Kim } 40*e71b7053SJung-uk Kim 41*e71b7053SJung-uk Kim static X509_CERT_AUX *aux_get(X509 *x) 42*e71b7053SJung-uk Kim { 43*e71b7053SJung-uk Kim if (x == NULL) 44*e71b7053SJung-uk Kim return NULL; 45*e71b7053SJung-uk Kim if (x->aux == NULL && (x->aux = X509_CERT_AUX_new()) == NULL) 46*e71b7053SJung-uk Kim return NULL; 47*e71b7053SJung-uk Kim return x->aux; 48*e71b7053SJung-uk Kim } 49*e71b7053SJung-uk Kim 50*e71b7053SJung-uk Kim int X509_alias_set1(X509 *x, const unsigned char *name, int len) 51*e71b7053SJung-uk Kim { 52*e71b7053SJung-uk Kim X509_CERT_AUX *aux; 53*e71b7053SJung-uk Kim if (!name) { 54*e71b7053SJung-uk Kim if (!x || !x->aux || !x->aux->alias) 55*e71b7053SJung-uk Kim return 1; 56*e71b7053SJung-uk Kim ASN1_UTF8STRING_free(x->aux->alias); 57*e71b7053SJung-uk Kim x->aux->alias = NULL; 58*e71b7053SJung-uk Kim return 1; 59*e71b7053SJung-uk Kim } 60*e71b7053SJung-uk Kim if ((aux = aux_get(x)) == NULL) 61*e71b7053SJung-uk Kim return 0; 62*e71b7053SJung-uk Kim if (aux->alias == NULL && (aux->alias = ASN1_UTF8STRING_new()) == NULL) 63*e71b7053SJung-uk Kim return 0; 64*e71b7053SJung-uk Kim return ASN1_STRING_set(aux->alias, name, len); 65*e71b7053SJung-uk Kim } 66*e71b7053SJung-uk Kim 67*e71b7053SJung-uk Kim int X509_keyid_set1(X509 *x, const unsigned char *id, int len) 68*e71b7053SJung-uk Kim { 69*e71b7053SJung-uk Kim X509_CERT_AUX *aux; 70*e71b7053SJung-uk Kim if (!id) { 71*e71b7053SJung-uk Kim if (!x || !x->aux || !x->aux->keyid) 72*e71b7053SJung-uk Kim return 1; 73*e71b7053SJung-uk Kim ASN1_OCTET_STRING_free(x->aux->keyid); 74*e71b7053SJung-uk Kim x->aux->keyid = NULL; 75*e71b7053SJung-uk Kim return 1; 76*e71b7053SJung-uk Kim } 77*e71b7053SJung-uk Kim if ((aux = aux_get(x)) == NULL) 78*e71b7053SJung-uk Kim return 0; 79*e71b7053SJung-uk Kim if (aux->keyid == NULL 80*e71b7053SJung-uk Kim && (aux->keyid = ASN1_OCTET_STRING_new()) == NULL) 81*e71b7053SJung-uk Kim return 0; 82*e71b7053SJung-uk Kim return ASN1_STRING_set(aux->keyid, id, len); 83*e71b7053SJung-uk Kim } 84*e71b7053SJung-uk Kim 85*e71b7053SJung-uk Kim unsigned char *X509_alias_get0(X509 *x, int *len) 86*e71b7053SJung-uk Kim { 87*e71b7053SJung-uk Kim if (!x->aux || !x->aux->alias) 88*e71b7053SJung-uk Kim return NULL; 89*e71b7053SJung-uk Kim if (len) 90*e71b7053SJung-uk Kim *len = x->aux->alias->length; 91*e71b7053SJung-uk Kim return x->aux->alias->data; 92*e71b7053SJung-uk Kim } 93*e71b7053SJung-uk Kim 94*e71b7053SJung-uk Kim unsigned char *X509_keyid_get0(X509 *x, int *len) 95*e71b7053SJung-uk Kim { 96*e71b7053SJung-uk Kim if (!x->aux || !x->aux->keyid) 97*e71b7053SJung-uk Kim return NULL; 98*e71b7053SJung-uk Kim if (len) 99*e71b7053SJung-uk Kim *len = x->aux->keyid->length; 100*e71b7053SJung-uk Kim return x->aux->keyid->data; 101*e71b7053SJung-uk Kim } 102*e71b7053SJung-uk Kim 103*e71b7053SJung-uk Kim int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj) 104*e71b7053SJung-uk Kim { 105*e71b7053SJung-uk Kim X509_CERT_AUX *aux; 106*e71b7053SJung-uk Kim ASN1_OBJECT *objtmp = NULL; 107*e71b7053SJung-uk Kim if (obj) { 108*e71b7053SJung-uk Kim objtmp = OBJ_dup(obj); 109*e71b7053SJung-uk Kim if (!objtmp) 110*e71b7053SJung-uk Kim return 0; 111*e71b7053SJung-uk Kim } 112*e71b7053SJung-uk Kim if ((aux = aux_get(x)) == NULL) 113*e71b7053SJung-uk Kim goto err; 114*e71b7053SJung-uk Kim if (aux->trust == NULL 115*e71b7053SJung-uk Kim && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL) 116*e71b7053SJung-uk Kim goto err; 117*e71b7053SJung-uk Kim if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp)) 118*e71b7053SJung-uk Kim return 1; 119*e71b7053SJung-uk Kim err: 120*e71b7053SJung-uk Kim ASN1_OBJECT_free(objtmp); 121*e71b7053SJung-uk Kim return 0; 122*e71b7053SJung-uk Kim } 123*e71b7053SJung-uk Kim 124*e71b7053SJung-uk Kim int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj) 125*e71b7053SJung-uk Kim { 126*e71b7053SJung-uk Kim X509_CERT_AUX *aux; 127*e71b7053SJung-uk Kim ASN1_OBJECT *objtmp; 128*e71b7053SJung-uk Kim if ((objtmp = OBJ_dup(obj)) == NULL) 129*e71b7053SJung-uk Kim return 0; 130*e71b7053SJung-uk Kim if ((aux = aux_get(x)) == NULL) 131*e71b7053SJung-uk Kim goto err; 132*e71b7053SJung-uk Kim if (aux->reject == NULL 133*e71b7053SJung-uk Kim && (aux->reject = sk_ASN1_OBJECT_new_null()) == NULL) 134*e71b7053SJung-uk Kim goto err; 135*e71b7053SJung-uk Kim return sk_ASN1_OBJECT_push(aux->reject, objtmp); 136*e71b7053SJung-uk Kim err: 137*e71b7053SJung-uk Kim ASN1_OBJECT_free(objtmp); 138*e71b7053SJung-uk Kim return 0; 139*e71b7053SJung-uk Kim } 140*e71b7053SJung-uk Kim 141*e71b7053SJung-uk Kim void X509_trust_clear(X509 *x) 142*e71b7053SJung-uk Kim { 143*e71b7053SJung-uk Kim if (x->aux) { 144*e71b7053SJung-uk Kim sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); 145*e71b7053SJung-uk Kim x->aux->trust = NULL; 146*e71b7053SJung-uk Kim } 147*e71b7053SJung-uk Kim } 148*e71b7053SJung-uk Kim 149*e71b7053SJung-uk Kim void X509_reject_clear(X509 *x) 150*e71b7053SJung-uk Kim { 151*e71b7053SJung-uk Kim if (x->aux) { 152*e71b7053SJung-uk Kim sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); 153*e71b7053SJung-uk Kim x->aux->reject = NULL; 154*e71b7053SJung-uk Kim } 155*e71b7053SJung-uk Kim } 156*e71b7053SJung-uk Kim 157*e71b7053SJung-uk Kim STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x) 158*e71b7053SJung-uk Kim { 159*e71b7053SJung-uk Kim if (x->aux != NULL) 160*e71b7053SJung-uk Kim return x->aux->trust; 161*e71b7053SJung-uk Kim return NULL; 162*e71b7053SJung-uk Kim } 163*e71b7053SJung-uk Kim 164*e71b7053SJung-uk Kim STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x) 165*e71b7053SJung-uk Kim { 166*e71b7053SJung-uk Kim if (x->aux != NULL) 167*e71b7053SJung-uk Kim return x->aux->reject; 168*e71b7053SJung-uk Kim return NULL; 169*e71b7053SJung-uk Kim } 170