1 /* a_x509a.c */ 2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 3 * project 1999. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 #include "cryptlib.h" 61 #include <openssl/evp.h> 62 #include <openssl/asn1_mac.h> 63 #include <openssl/x509.h> 64 65 /* X509_CERT_AUX routines. These are used to encode additional 66 * user modifiable data about a certificate. This data is 67 * appended to the X509 encoding when the *_X509_AUX routines 68 * are used. This means that the "traditional" X509 routines 69 * will simply ignore the extra data. 70 */ 71 72 static X509_CERT_AUX *aux_get(X509 *x); 73 74 X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, unsigned char **pp, long length) 75 { 76 M_ASN1_D2I_vars(a, X509_CERT_AUX *, X509_CERT_AUX_new); 77 78 M_ASN1_D2I_Init(); 79 M_ASN1_D2I_start_sequence(); 80 81 M_ASN1_D2I_get_seq_opt_type(ASN1_OBJECT, ret->trust, 82 d2i_ASN1_OBJECT, ASN1_OBJECT_free); 83 M_ASN1_D2I_get_IMP_set_opt_type(ASN1_OBJECT, ret->reject, 84 d2i_ASN1_OBJECT, ASN1_OBJECT_free, 0); 85 M_ASN1_D2I_get_opt(ret->alias, d2i_ASN1_UTF8STRING, V_ASN1_UTF8STRING); 86 M_ASN1_D2I_get_opt(ret->keyid, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING); 87 M_ASN1_D2I_get_IMP_set_opt_type(X509_ALGOR, ret->other, 88 d2i_X509_ALGOR, X509_ALGOR_free, 1); 89 90 M_ASN1_D2I_Finish(a, X509_CERT_AUX_free, ASN1_F_D2I_X509_CERT_AUX); 91 } 92 93 X509_CERT_AUX *X509_CERT_AUX_new() 94 { 95 X509_CERT_AUX *ret = NULL; 96 ASN1_CTX c; 97 M_ASN1_New_Malloc(ret, X509_CERT_AUX); 98 ret->trust = NULL; 99 ret->reject = NULL; 100 ret->alias = NULL; 101 ret->keyid = NULL; 102 ret->other = NULL; 103 return(ret); 104 M_ASN1_New_Error(ASN1_F_X509_CERT_AUX_NEW); 105 } 106 107 void X509_CERT_AUX_free(X509_CERT_AUX *a) 108 { 109 if(a == NULL) return; 110 sk_ASN1_OBJECT_pop_free(a->trust, ASN1_OBJECT_free); 111 sk_ASN1_OBJECT_pop_free(a->reject, ASN1_OBJECT_free); 112 ASN1_UTF8STRING_free(a->alias); 113 ASN1_OCTET_STRING_free(a->keyid); 114 sk_X509_ALGOR_pop_free(a->other, X509_ALGOR_free); 115 OPENSSL_free(a); 116 } 117 118 int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **pp) 119 { 120 M_ASN1_I2D_vars(a); 121 122 M_ASN1_I2D_len_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT); 123 M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0); 124 125 M_ASN1_I2D_len(a->alias, i2d_ASN1_UTF8STRING); 126 M_ASN1_I2D_len(a->keyid, i2d_ASN1_OCTET_STRING); 127 M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1); 128 129 M_ASN1_I2D_seq_total(); 130 131 M_ASN1_I2D_put_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT); 132 M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0); 133 134 M_ASN1_I2D_put(a->alias, i2d_ASN1_UTF8STRING); 135 M_ASN1_I2D_put(a->keyid, i2d_ASN1_OCTET_STRING); 136 M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1); 137 138 M_ASN1_I2D_finish(); 139 } 140 141 static X509_CERT_AUX *aux_get(X509 *x) 142 { 143 if(!x) return NULL; 144 if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL; 145 return x->aux; 146 } 147 148 int X509_alias_set1(X509 *x, unsigned char *name, int len) 149 { 150 X509_CERT_AUX *aux; 151 if(!(aux = aux_get(x))) return 0; 152 if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0; 153 return ASN1_STRING_set(aux->alias, name, len); 154 } 155 156 int X509_keyid_set1(X509 *x, unsigned char *id, int len) 157 { 158 X509_CERT_AUX *aux; 159 if(!(aux = aux_get(x))) return 0; 160 if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0; 161 return ASN1_STRING_set(aux->keyid, id, len); 162 } 163 164 unsigned char *X509_alias_get0(X509 *x, int *len) 165 { 166 if(!x->aux || !x->aux->alias) return NULL; 167 if(len) *len = x->aux->alias->length; 168 return x->aux->alias->data; 169 } 170 171 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) 172 { 173 X509_CERT_AUX *aux; 174 ASN1_OBJECT *objtmp; 175 if(!(objtmp = OBJ_dup(obj))) return 0; 176 if(!(aux = aux_get(x))) return 0; 177 if(!aux->trust 178 && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0; 179 return sk_ASN1_OBJECT_push(aux->trust, objtmp); 180 } 181 182 int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) 183 { 184 X509_CERT_AUX *aux; 185 ASN1_OBJECT *objtmp; 186 if(!(objtmp = OBJ_dup(obj))) return 0; 187 if(!(aux = aux_get(x))) return 0; 188 if(!aux->reject 189 && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0; 190 return sk_ASN1_OBJECT_push(aux->reject, objtmp); 191 } 192 193 void X509_trust_clear(X509 *x) 194 { 195 if(x->aux && x->aux->trust) { 196 sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); 197 x->aux->trust = NULL; 198 } 199 } 200 201 void X509_reject_clear(X509 *x) 202 { 203 if(x->aux && x->aux->reject) { 204 sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); 205 x->aux->reject = NULL; 206 } 207 } 208 209