2
0

x_x509a.c 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174
  1. /*
  2. * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/evp.h>
  12. #include <openssl/asn1t.h>
  13. #include <openssl/x509.h>
  14. #include "crypto/x509.h"
  15. /*
  16. * X509_CERT_AUX routines. These are used to encode additional user
  17. * modifiable data about a certificate. This data is appended to the X509
  18. * encoding when the *_X509_AUX routines are used. This means that the
  19. * "traditional" X509 routines will simply ignore the extra data.
  20. */
  21. static X509_CERT_AUX *aux_get(X509 *x);
  22. ASN1_SEQUENCE(X509_CERT_AUX) = {
  23. ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
  24. ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
  25. ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
  26. ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
  27. ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
  28. } ASN1_SEQUENCE_END(X509_CERT_AUX)
  29. IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
  30. int X509_trusted(const X509 *x)
  31. {
  32. return x->aux ? 1 : 0;
  33. }
  34. static X509_CERT_AUX *aux_get(X509 *x)
  35. {
  36. if (x == NULL)
  37. return NULL;
  38. if (x->aux == NULL && (x->aux = X509_CERT_AUX_new()) == NULL)
  39. return NULL;
  40. return x->aux;
  41. }
  42. int X509_alias_set1(X509 *x, const unsigned char *name, int len)
  43. {
  44. X509_CERT_AUX *aux;
  45. if (!name) {
  46. if (!x || !x->aux || !x->aux->alias)
  47. return 1;
  48. ASN1_UTF8STRING_free(x->aux->alias);
  49. x->aux->alias = NULL;
  50. return 1;
  51. }
  52. if ((aux = aux_get(x)) == NULL)
  53. return 0;
  54. if (aux->alias == NULL && (aux->alias = ASN1_UTF8STRING_new()) == NULL)
  55. return 0;
  56. return ASN1_STRING_set(aux->alias, name, len);
  57. }
  58. int X509_keyid_set1(X509 *x, const unsigned char *id, int len)
  59. {
  60. X509_CERT_AUX *aux;
  61. if (!id) {
  62. if (!x || !x->aux || !x->aux->keyid)
  63. return 1;
  64. ASN1_OCTET_STRING_free(x->aux->keyid);
  65. x->aux->keyid = NULL;
  66. return 1;
  67. }
  68. if ((aux = aux_get(x)) == NULL)
  69. return 0;
  70. if (aux->keyid == NULL
  71. && (aux->keyid = ASN1_OCTET_STRING_new()) == NULL)
  72. return 0;
  73. return ASN1_STRING_set(aux->keyid, id, len);
  74. }
  75. unsigned char *X509_alias_get0(X509 *x, int *len)
  76. {
  77. if (!x->aux || !x->aux->alias)
  78. return NULL;
  79. if (len)
  80. *len = x->aux->alias->length;
  81. return x->aux->alias->data;
  82. }
  83. unsigned char *X509_keyid_get0(X509 *x, int *len)
  84. {
  85. if (!x->aux || !x->aux->keyid)
  86. return NULL;
  87. if (len)
  88. *len = x->aux->keyid->length;
  89. return x->aux->keyid->data;
  90. }
  91. int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj)
  92. {
  93. X509_CERT_AUX *aux;
  94. ASN1_OBJECT *objtmp = NULL;
  95. if (obj) {
  96. objtmp = OBJ_dup(obj);
  97. if (!objtmp)
  98. return 0;
  99. }
  100. if ((aux = aux_get(x)) == NULL)
  101. goto err;
  102. if (aux->trust == NULL
  103. && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL)
  104. goto err;
  105. if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp))
  106. return 1;
  107. err:
  108. ASN1_OBJECT_free(objtmp);
  109. return 0;
  110. }
  111. int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj)
  112. {
  113. X509_CERT_AUX *aux;
  114. ASN1_OBJECT *objtmp;
  115. int res = 0;
  116. if ((objtmp = OBJ_dup(obj)) == NULL)
  117. return 0;
  118. if ((aux = aux_get(x)) == NULL)
  119. goto err;
  120. if (aux->reject == NULL
  121. && (aux->reject = sk_ASN1_OBJECT_new_null()) == NULL)
  122. goto err;
  123. if (sk_ASN1_OBJECT_push(aux->reject, objtmp) > 0)
  124. res = 1;
  125. err:
  126. if (!res)
  127. ASN1_OBJECT_free(objtmp);
  128. return res;
  129. }
  130. void X509_trust_clear(X509 *x)
  131. {
  132. if (x->aux) {
  133. sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
  134. x->aux->trust = NULL;
  135. }
  136. }
  137. void X509_reject_clear(X509 *x)
  138. {
  139. if (x->aux) {
  140. sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
  141. x->aux->reject = NULL;
  142. }
  143. }
  144. STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x)
  145. {
  146. if (x->aux != NULL)
  147. return x->aux->trust;
  148. return NULL;
  149. }
  150. STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x)
  151. {
  152. if (x->aux != NULL)
  153. return x->aux->reject;
  154. return NULL;
  155. }