1*b077aed3SPierre Pronchery /*
2*b077aed3SPierre Pronchery * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3*b077aed3SPierre Pronchery *
4*b077aed3SPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use
5*b077aed3SPierre Pronchery * this file except in compliance with the License. You can obtain a copy
6*b077aed3SPierre Pronchery * in the file LICENSE in the source distribution or at
7*b077aed3SPierre Pronchery * https://www.openssl.org/source/license.html
8*b077aed3SPierre Pronchery */
9*b077aed3SPierre Pronchery
10*b077aed3SPierre Pronchery #include <string.h>
11*b077aed3SPierre Pronchery #include "apps.h"
12*b077aed3SPierre Pronchery
13*b077aed3SPierre Pronchery /*
14*b077aed3SPierre Pronchery * X509_ctrl_str() is sorely lacking in libcrypto, but is still needed to
15*b077aed3SPierre Pronchery * allow the application to process verification options in a manner similar
16*b077aed3SPierre Pronchery * to signature or other options that pass through EVP_PKEY_CTX_ctrl_str(),
17*b077aed3SPierre Pronchery * for uniformity.
18*b077aed3SPierre Pronchery *
19*b077aed3SPierre Pronchery * As soon as more stuff is added, the code will need serious rework. For
20*b077aed3SPierre Pronchery * the moment, it only handles the FIPS 196 / SM2 distinguishing ID.
21*b077aed3SPierre Pronchery */
22*b077aed3SPierre Pronchery #ifdef EVP_PKEY_CTRL_SET1_ID
mk_octet_string(void * value,size_t value_n)23*b077aed3SPierre Pronchery static ASN1_OCTET_STRING *mk_octet_string(void *value, size_t value_n)
24*b077aed3SPierre Pronchery {
25*b077aed3SPierre Pronchery ASN1_OCTET_STRING *v = ASN1_OCTET_STRING_new();
26*b077aed3SPierre Pronchery
27*b077aed3SPierre Pronchery if (v == NULL) {
28*b077aed3SPierre Pronchery BIO_printf(bio_err, "error: allocation failed\n");
29*b077aed3SPierre Pronchery } else if (!ASN1_OCTET_STRING_set(v, value, (int)value_n)) {
30*b077aed3SPierre Pronchery ASN1_OCTET_STRING_free(v);
31*b077aed3SPierre Pronchery v = NULL;
32*b077aed3SPierre Pronchery }
33*b077aed3SPierre Pronchery return v;
34*b077aed3SPierre Pronchery }
35*b077aed3SPierre Pronchery #endif
36*b077aed3SPierre Pronchery
x509_ctrl(void * object,int cmd,void * value,size_t value_n)37*b077aed3SPierre Pronchery static int x509_ctrl(void *object, int cmd, void *value, size_t value_n)
38*b077aed3SPierre Pronchery {
39*b077aed3SPierre Pronchery switch (cmd) {
40*b077aed3SPierre Pronchery #ifdef EVP_PKEY_CTRL_SET1_ID
41*b077aed3SPierre Pronchery case EVP_PKEY_CTRL_SET1_ID:
42*b077aed3SPierre Pronchery {
43*b077aed3SPierre Pronchery ASN1_OCTET_STRING *v = mk_octet_string(value, value_n);
44*b077aed3SPierre Pronchery
45*b077aed3SPierre Pronchery if (v == NULL) {
46*b077aed3SPierre Pronchery BIO_printf(bio_err,
47*b077aed3SPierre Pronchery "error: setting distinguishing ID in certificate failed\n");
48*b077aed3SPierre Pronchery return 0;
49*b077aed3SPierre Pronchery }
50*b077aed3SPierre Pronchery
51*b077aed3SPierre Pronchery X509_set0_distinguishing_id(object, v);
52*b077aed3SPierre Pronchery return 1;
53*b077aed3SPierre Pronchery }
54*b077aed3SPierre Pronchery #endif
55*b077aed3SPierre Pronchery default:
56*b077aed3SPierre Pronchery break;
57*b077aed3SPierre Pronchery }
58*b077aed3SPierre Pronchery return -2; /* typical EVP_PKEY return for "unsupported" */
59*b077aed3SPierre Pronchery }
60*b077aed3SPierre Pronchery
x509_req_ctrl(void * object,int cmd,void * value,size_t value_n)61*b077aed3SPierre Pronchery static int x509_req_ctrl(void *object, int cmd, void *value, size_t value_n)
62*b077aed3SPierre Pronchery {
63*b077aed3SPierre Pronchery switch (cmd) {
64*b077aed3SPierre Pronchery #ifdef EVP_PKEY_CTRL_SET1_ID
65*b077aed3SPierre Pronchery case EVP_PKEY_CTRL_SET1_ID:
66*b077aed3SPierre Pronchery {
67*b077aed3SPierre Pronchery ASN1_OCTET_STRING *v = mk_octet_string(value, value_n);
68*b077aed3SPierre Pronchery
69*b077aed3SPierre Pronchery if (v == NULL) {
70*b077aed3SPierre Pronchery BIO_printf(bio_err,
71*b077aed3SPierre Pronchery "error: setting distinguishing ID in certificate signing request failed\n");
72*b077aed3SPierre Pronchery return 0;
73*b077aed3SPierre Pronchery }
74*b077aed3SPierre Pronchery
75*b077aed3SPierre Pronchery X509_REQ_set0_distinguishing_id(object, v);
76*b077aed3SPierre Pronchery return 1;
77*b077aed3SPierre Pronchery }
78*b077aed3SPierre Pronchery #endif
79*b077aed3SPierre Pronchery default:
80*b077aed3SPierre Pronchery break;
81*b077aed3SPierre Pronchery }
82*b077aed3SPierre Pronchery return -2; /* typical EVP_PKEY return for "unsupported" */
83*b077aed3SPierre Pronchery }
84*b077aed3SPierre Pronchery
do_x509_ctrl_string(int (* ctrl)(void * object,int cmd,void * value,size_t value_n),void * object,const char * value)85*b077aed3SPierre Pronchery static int do_x509_ctrl_string(int (*ctrl)(void *object, int cmd,
86*b077aed3SPierre Pronchery void *value, size_t value_n),
87*b077aed3SPierre Pronchery void *object, const char *value)
88*b077aed3SPierre Pronchery {
89*b077aed3SPierre Pronchery int rv = 0;
90*b077aed3SPierre Pronchery char *stmp, *vtmp = NULL;
91*b077aed3SPierre Pronchery size_t vtmp_len = 0;
92*b077aed3SPierre Pronchery int cmd = 0; /* Will get command values that make sense somehow */
93*b077aed3SPierre Pronchery
94*b077aed3SPierre Pronchery stmp = OPENSSL_strdup(value);
95*b077aed3SPierre Pronchery if (stmp == NULL)
96*b077aed3SPierre Pronchery return -1;
97*b077aed3SPierre Pronchery vtmp = strchr(stmp, ':');
98*b077aed3SPierre Pronchery if (vtmp != NULL) {
99*b077aed3SPierre Pronchery *vtmp = 0;
100*b077aed3SPierre Pronchery vtmp++;
101*b077aed3SPierre Pronchery vtmp_len = strlen(vtmp);
102*b077aed3SPierre Pronchery }
103*b077aed3SPierre Pronchery
104*b077aed3SPierre Pronchery if (strcmp(stmp, "distid") == 0) {
105*b077aed3SPierre Pronchery #ifdef EVP_PKEY_CTRL_SET1_ID
106*b077aed3SPierre Pronchery cmd = EVP_PKEY_CTRL_SET1_ID; /* ... except we put it in X509 */
107*b077aed3SPierre Pronchery #endif
108*b077aed3SPierre Pronchery } else if (strcmp(stmp, "hexdistid") == 0) {
109*b077aed3SPierre Pronchery if (vtmp != NULL) {
110*b077aed3SPierre Pronchery void *hexid;
111*b077aed3SPierre Pronchery long hexid_len = 0;
112*b077aed3SPierre Pronchery
113*b077aed3SPierre Pronchery hexid = OPENSSL_hexstr2buf((const char *)vtmp, &hexid_len);
114*b077aed3SPierre Pronchery OPENSSL_free(stmp);
115*b077aed3SPierre Pronchery stmp = vtmp = hexid;
116*b077aed3SPierre Pronchery vtmp_len = (size_t)hexid_len;
117*b077aed3SPierre Pronchery }
118*b077aed3SPierre Pronchery #ifdef EVP_PKEY_CTRL_SET1_ID
119*b077aed3SPierre Pronchery cmd = EVP_PKEY_CTRL_SET1_ID; /* ... except we put it in X509 */
120*b077aed3SPierre Pronchery #endif
121*b077aed3SPierre Pronchery }
122*b077aed3SPierre Pronchery
123*b077aed3SPierre Pronchery rv = ctrl(object, cmd, vtmp, vtmp_len);
124*b077aed3SPierre Pronchery
125*b077aed3SPierre Pronchery OPENSSL_free(stmp);
126*b077aed3SPierre Pronchery return rv;
127*b077aed3SPierre Pronchery }
128*b077aed3SPierre Pronchery
x509_ctrl_string(X509 * x,const char * value)129*b077aed3SPierre Pronchery int x509_ctrl_string(X509 *x, const char *value)
130*b077aed3SPierre Pronchery {
131*b077aed3SPierre Pronchery return do_x509_ctrl_string(x509_ctrl, x, value);
132*b077aed3SPierre Pronchery }
133*b077aed3SPierre Pronchery
x509_req_ctrl_string(X509_REQ * x,const char * value)134*b077aed3SPierre Pronchery int x509_req_ctrl_string(X509_REQ *x, const char *value)
135*b077aed3SPierre Pronchery {
136*b077aed3SPierre Pronchery return do_x509_ctrl_string(x509_req_ctrl, x, value);
137*b077aed3SPierre Pronchery }
138