t_x509.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528
  1. /* crypto/asn1/t_x509.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include "cryptlib.h"
  60. #include <openssl/buffer.h>
  61. #include <openssl/bn.h>
  62. #ifndef OPENSSL_NO_RSA
  63. #include <openssl/rsa.h>
  64. #endif
  65. #ifndef OPENSSL_NO_DSA
  66. #include <openssl/dsa.h>
  67. #endif
  68. #ifndef OPENSSL_NO_EC
  69. #include <openssl/ec.h>
  70. #endif
  71. #include <openssl/objects.h>
  72. #include <openssl/x509.h>
  73. #include <openssl/x509v3.h>
  74. #include "asn1_locl.h"
  75. #ifndef OPENSSL_NO_FP_API
  76. int X509_print_fp(FILE *fp, X509 *x)
  77. {
  78. return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
  79. }
  80. int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
  81. {
  82. BIO *b;
  83. int ret;
  84. if ((b=BIO_new(BIO_s_file())) == NULL)
  85. {
  86. X509err(X509_F_X509_PRINT_EX_FP,ERR_R_BUF_LIB);
  87. return(0);
  88. }
  89. BIO_set_fp(b,fp,BIO_NOCLOSE);
  90. ret=X509_print_ex(b, x, nmflag, cflag);
  91. BIO_free(b);
  92. return(ret);
  93. }
  94. #endif
  95. int X509_print(BIO *bp, X509 *x)
  96. {
  97. return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
  98. }
  99. int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
  100. {
  101. long l;
  102. int ret=0,i;
  103. char *m=NULL,mlch = ' ';
  104. int nmindent = 0;
  105. X509_CINF *ci;
  106. ASN1_INTEGER *bs;
  107. EVP_PKEY *pkey=NULL;
  108. const char *neg;
  109. if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
  110. mlch = '\n';
  111. nmindent = 12;
  112. }
  113. if(nmflags == X509_FLAG_COMPAT)
  114. nmindent = 16;
  115. ci=x->cert_info;
  116. if(!(cflag & X509_FLAG_NO_HEADER))
  117. {
  118. if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
  119. if (BIO_write(bp," Data:\n",10) <= 0) goto err;
  120. }
  121. if(!(cflag & X509_FLAG_NO_VERSION))
  122. {
  123. l=X509_get_version(x);
  124. if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
  125. }
  126. if(!(cflag & X509_FLAG_NO_SERIAL))
  127. {
  128. if (BIO_write(bp," Serial Number:",22) <= 0) goto err;
  129. bs=X509_get_serialNumber(x);
  130. if (bs->length <= 4)
  131. {
  132. l=ASN1_INTEGER_get(bs);
  133. if (l < 0)
  134. {
  135. l= -l;
  136. neg="-";
  137. }
  138. else
  139. neg="";
  140. if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
  141. goto err;
  142. }
  143. else
  144. {
  145. neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
  146. if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
  147. for (i=0; i<bs->length; i++)
  148. {
  149. if (BIO_printf(bp,"%02x%c",bs->data[i],
  150. ((i+1 == bs->length)?'\n':':')) <= 0)
  151. goto err;
  152. }
  153. }
  154. }
  155. if(!(cflag & X509_FLAG_NO_SIGNAME))
  156. {
  157. if(X509_signature_print(bp, x->sig_alg, NULL) <= 0)
  158. goto err;
  159. #if 0
  160. if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0)
  161. goto err;
  162. if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
  163. goto err;
  164. if (BIO_puts(bp, "\n") <= 0)
  165. goto err;
  166. #endif
  167. }
  168. if(!(cflag & X509_FLAG_NO_ISSUER))
  169. {
  170. if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err;
  171. if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
  172. if (BIO_write(bp,"\n",1) <= 0) goto err;
  173. }
  174. if(!(cflag & X509_FLAG_NO_VALIDITY))
  175. {
  176. if (BIO_write(bp," Validity\n",17) <= 0) goto err;
  177. if (BIO_write(bp," Not Before: ",24) <= 0) goto err;
  178. if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
  179. if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err;
  180. if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
  181. if (BIO_write(bp,"\n",1) <= 0) goto err;
  182. }
  183. if(!(cflag & X509_FLAG_NO_SUBJECT))
  184. {
  185. if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err;
  186. if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
  187. if (BIO_write(bp,"\n",1) <= 0) goto err;
  188. }
  189. if(!(cflag & X509_FLAG_NO_PUBKEY))
  190. {
  191. if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0)
  192. goto err;
  193. if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
  194. goto err;
  195. if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
  196. goto err;
  197. if (BIO_puts(bp, "\n") <= 0)
  198. goto err;
  199. pkey=X509_get_pubkey(x);
  200. if (pkey == NULL)
  201. {
  202. BIO_printf(bp,"%12sUnable to load Public Key\n","");
  203. ERR_print_errors(bp);
  204. }
  205. else
  206. {
  207. EVP_PKEY_print_public(bp, pkey, 16, NULL);
  208. EVP_PKEY_free(pkey);
  209. }
  210. }
  211. if (!(cflag & X509_FLAG_NO_EXTENSIONS))
  212. X509V3_extensions_print(bp, "X509v3 extensions",
  213. ci->extensions, cflag, 8);
  214. if(!(cflag & X509_FLAG_NO_SIGDUMP))
  215. {
  216. if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
  217. }
  218. if(!(cflag & X509_FLAG_NO_AUX))
  219. {
  220. if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
  221. }
  222. ret=1;
  223. err:
  224. if (m != NULL) OPENSSL_free(m);
  225. return(ret);
  226. }
  227. int X509_ocspid_print (BIO *bp, X509 *x)
  228. {
  229. unsigned char *der=NULL ;
  230. unsigned char *dertmp;
  231. int derlen;
  232. int i;
  233. unsigned char SHA1md[SHA_DIGEST_LENGTH];
  234. /* display the hash of the subject as it would appear
  235. in OCSP requests */
  236. if (BIO_printf(bp," Subject OCSP hash: ") <= 0)
  237. goto err;
  238. derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
  239. if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
  240. goto err;
  241. i2d_X509_NAME(x->cert_info->subject, &dertmp);
  242. if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
  243. goto err;
  244. for (i=0; i < SHA_DIGEST_LENGTH; i++)
  245. {
  246. if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
  247. }
  248. OPENSSL_free (der);
  249. der=NULL;
  250. /* display the hash of the public key as it would appear
  251. in OCSP requests */
  252. if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0)
  253. goto err;
  254. if (!EVP_Digest(x->cert_info->key->public_key->data,
  255. x->cert_info->key->public_key->length,
  256. SHA1md, NULL, EVP_sha1(), NULL))
  257. goto err;
  258. for (i=0; i < SHA_DIGEST_LENGTH; i++)
  259. {
  260. if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
  261. goto err;
  262. }
  263. BIO_printf(bp,"\n");
  264. return (1);
  265. err:
  266. if (der != NULL) OPENSSL_free(der);
  267. return(0);
  268. }
  269. int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
  270. {
  271. const unsigned char *s;
  272. int i, n;
  273. n=sig->length;
  274. s=sig->data;
  275. for (i=0; i<n; i++)
  276. {
  277. if ((i%18) == 0)
  278. {
  279. if (BIO_write(bp,"\n",1) <= 0) return 0;
  280. if (BIO_indent(bp, indent, indent) <= 0) return 0;
  281. }
  282. if (BIO_printf(bp,"%02x%s",s[i],
  283. ((i+1) == n)?"":":") <= 0) return 0;
  284. }
  285. if (BIO_write(bp,"\n",1) != 1) return 0;
  286. return 1;
  287. }
  288. int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
  289. {
  290. int sig_nid;
  291. if (BIO_puts(bp," Signature Algorithm: ") <= 0) return 0;
  292. if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
  293. sig_nid = OBJ_obj2nid(sigalg->algorithm);
  294. if (sig_nid != NID_undef)
  295. {
  296. int pkey_nid, dig_nid;
  297. const EVP_PKEY_ASN1_METHOD *ameth;
  298. if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid))
  299. {
  300. ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
  301. if (ameth && ameth->sig_print)
  302. return ameth->sig_print(bp, sigalg, sig, 9, 0);
  303. }
  304. }
  305. if (sig)
  306. return X509_signature_dump(bp, sig, 9);
  307. else if (BIO_puts(bp, "\n") <= 0)
  308. return 0;
  309. return 1;
  310. }
  311. int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
  312. {
  313. int i,n;
  314. char buf[80];
  315. const char *p;
  316. if (v == NULL) return(0);
  317. n=0;
  318. p=(const char *)v->data;
  319. for (i=0; i<v->length; i++)
  320. {
  321. if ((p[i] > '~') || ((p[i] < ' ') &&
  322. (p[i] != '\n') && (p[i] != '\r')))
  323. buf[n]='.';
  324. else
  325. buf[n]=p[i];
  326. n++;
  327. if (n >= 80)
  328. {
  329. if (BIO_write(bp,buf,n) <= 0)
  330. return(0);
  331. n=0;
  332. }
  333. }
  334. if (n > 0)
  335. if (BIO_write(bp,buf,n) <= 0)
  336. return(0);
  337. return(1);
  338. }
  339. int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
  340. {
  341. if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
  342. if(tm->type == V_ASN1_GENERALIZEDTIME)
  343. return ASN1_GENERALIZEDTIME_print(bp, tm);
  344. BIO_write(bp,"Bad time value",14);
  345. return(0);
  346. }
  347. static const char *mon[12]=
  348. {
  349. "Jan","Feb","Mar","Apr","May","Jun",
  350. "Jul","Aug","Sep","Oct","Nov","Dec"
  351. };
  352. int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
  353. {
  354. char *v;
  355. int gmt=0;
  356. int i;
  357. int y=0,M=0,d=0,h=0,m=0,s=0;
  358. char *f = NULL;
  359. int f_len = 0;
  360. i=tm->length;
  361. v=(char *)tm->data;
  362. if (i < 12) goto err;
  363. if (v[i-1] == 'Z') gmt=1;
  364. for (i=0; i<12; i++)
  365. if ((v[i] > '9') || (v[i] < '0')) goto err;
  366. y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');
  367. M= (v[4]-'0')*10+(v[5]-'0');
  368. if ((M > 12) || (M < 1)) goto err;
  369. d= (v[6]-'0')*10+(v[7]-'0');
  370. h= (v[8]-'0')*10+(v[9]-'0');
  371. m= (v[10]-'0')*10+(v[11]-'0');
  372. if (tm->length >= 14 &&
  373. (v[12] >= '0') && (v[12] <= '9') &&
  374. (v[13] >= '0') && (v[13] <= '9'))
  375. {
  376. s= (v[12]-'0')*10+(v[13]-'0');
  377. /* Check for fractions of seconds. */
  378. if (tm->length >= 15 && v[14] == '.')
  379. {
  380. int l = tm->length;
  381. f = &v[14]; /* The decimal point. */
  382. f_len = 1;
  383. while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
  384. ++f_len;
  385. }
  386. }
  387. if (BIO_printf(bp,"%s %2d %02d:%02d:%02d%.*s %d%s",
  388. mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"") <= 0)
  389. return(0);
  390. else
  391. return(1);
  392. err:
  393. BIO_write(bp,"Bad time value",14);
  394. return(0);
  395. }
  396. int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
  397. {
  398. const char *v;
  399. int gmt=0;
  400. int i;
  401. int y=0,M=0,d=0,h=0,m=0,s=0;
  402. i=tm->length;
  403. v=(const char *)tm->data;
  404. if (i < 10) goto err;
  405. if (v[i-1] == 'Z') gmt=1;
  406. for (i=0; i<10; i++)
  407. if ((v[i] > '9') || (v[i] < '0')) goto err;
  408. y= (v[0]-'0')*10+(v[1]-'0');
  409. if (y < 50) y+=100;
  410. M= (v[2]-'0')*10+(v[3]-'0');
  411. if ((M > 12) || (M < 1)) goto err;
  412. d= (v[4]-'0')*10+(v[5]-'0');
  413. h= (v[6]-'0')*10+(v[7]-'0');
  414. m= (v[8]-'0')*10+(v[9]-'0');
  415. if (tm->length >=12 &&
  416. (v[10] >= '0') && (v[10] <= '9') &&
  417. (v[11] >= '0') && (v[11] <= '9'))
  418. s= (v[10]-'0')*10+(v[11]-'0');
  419. if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
  420. mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0)
  421. return(0);
  422. else
  423. return(1);
  424. err:
  425. BIO_write(bp,"Bad time value",14);
  426. return(0);
  427. }
  428. int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
  429. {
  430. char *s,*c,*b;
  431. int ret=0,l,i;
  432. l=80-2-obase;
  433. b=X509_NAME_oneline(name,NULL,0);
  434. if (!*b)
  435. {
  436. OPENSSL_free(b);
  437. return 1;
  438. }
  439. s=b+1; /* skip the first slash */
  440. c=s;
  441. for (;;)
  442. {
  443. #ifndef CHARSET_EBCDIC
  444. if ( ((*s == '/') &&
  445. ((s[1] >= 'A') && (s[1] <= 'Z') && (
  446. (s[2] == '=') ||
  447. ((s[2] >= 'A') && (s[2] <= 'Z') &&
  448. (s[3] == '='))
  449. ))) ||
  450. (*s == '\0'))
  451. #else
  452. if ( ((*s == '/') &&
  453. (isupper(s[1]) && (
  454. (s[2] == '=') ||
  455. (isupper(s[2]) &&
  456. (s[3] == '='))
  457. ))) ||
  458. (*s == '\0'))
  459. #endif
  460. {
  461. i=s-c;
  462. if (BIO_write(bp,c,i) != i) goto err;
  463. c=s+1; /* skip following slash */
  464. if (*s != '\0')
  465. {
  466. if (BIO_write(bp,", ",2) != 2) goto err;
  467. }
  468. l--;
  469. }
  470. if (*s == '\0') break;
  471. s++;
  472. l--;
  473. }
  474. ret=1;
  475. if (0)
  476. {
  477. err:
  478. X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
  479. }
  480. OPENSSL_free(b);
  481. return(ret);
  482. }