x509_att.c revision 1.11
1/* $OpenBSD: x509_att.c,v 1.11 2014/07/11 08:44:49 jsing Exp $ */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59#include <stdio.h> 60 61#include <openssl/asn1.h> 62#include <openssl/err.h> 63#include <openssl/evp.h> 64#include <openssl/objects.h> 65#include <openssl/stack.h> 66#include <openssl/x509.h> 67#include <openssl/x509v3.h> 68 69int 70X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) 71{ 72 return sk_X509_ATTRIBUTE_num(x); 73} 74 75int 76X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, 77 int lastpos) 78{ 79 ASN1_OBJECT *obj; 80 81 obj = OBJ_nid2obj(nid); 82 if (obj == NULL) 83 return (-2); 84 return (X509at_get_attr_by_OBJ(x, obj, lastpos)); 85} 86 87int 88X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, 89 int lastpos) 90{ 91 int n; 92 X509_ATTRIBUTE *ex; 93 94 if (sk == NULL) 95 return (-1); 96 lastpos++; 97 if (lastpos < 0) 98 lastpos = 0; 99 n = sk_X509_ATTRIBUTE_num(sk); 100 for (; lastpos < n; lastpos++) { 101 ex = sk_X509_ATTRIBUTE_value(sk, lastpos); 102 if (OBJ_cmp(ex->object, obj) == 0) 103 return (lastpos); 104 } 105 return (-1); 106} 107 108X509_ATTRIBUTE * 109X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc) 110{ 111 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) 112 return NULL; 113 else 114 return sk_X509_ATTRIBUTE_value(x, loc); 115} 116 117X509_ATTRIBUTE * 118X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) 119{ 120 X509_ATTRIBUTE *ret; 121 122 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) 123 return (NULL); 124 ret = sk_X509_ATTRIBUTE_delete(x, loc); 125 return (ret); 126} 127 128STACK_OF(X509_ATTRIBUTE) * 129X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *attr) 130{ 131 X509_ATTRIBUTE *new_attr = NULL; 132 STACK_OF(X509_ATTRIBUTE) *sk = NULL; 133 134 if (x == NULL) { 135 X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER); 136 goto err2; 137 } 138 139 if (*x == NULL) { 140 if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL) 141 goto err; 142 } else 143 sk= *x; 144 145 if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL) 146 goto err2; 147 if (!sk_X509_ATTRIBUTE_push(sk, new_attr)) 148 goto err; 149 if (*x == NULL) 150 *x = sk; 151 return (sk); 152 153err: 154 X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE); 155err2: 156 if (new_attr != NULL) 157 X509_ATTRIBUTE_free(new_attr); 158 if (sk != NULL) 159 sk_X509_ATTRIBUTE_free(sk); 160 return (NULL); 161} 162 163STACK_OF(X509_ATTRIBUTE) * 164X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, const ASN1_OBJECT *obj, 165 int type, const unsigned char *bytes, int len) 166{ 167 X509_ATTRIBUTE *attr; 168 STACK_OF(X509_ATTRIBUTE) *ret; 169 170 attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len); 171 if (!attr) 172 return 0; 173 ret = X509at_add1_attr(x, attr); 174 X509_ATTRIBUTE_free(attr); 175 return ret; 176} 177 178STACK_OF(X509_ATTRIBUTE) * 179X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, int nid, int type, 180 const unsigned char *bytes, int len) 181{ 182 X509_ATTRIBUTE *attr; 183 STACK_OF(X509_ATTRIBUTE) *ret; 184 185 attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len); 186 if (!attr) 187 return 0; 188 ret = X509at_add1_attr(x, attr); 189 X509_ATTRIBUTE_free(attr); 190 return ret; 191} 192 193STACK_OF(X509_ATTRIBUTE) * 194X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, const char *attrname, 195 int type, const unsigned char *bytes, int len) 196{ 197 X509_ATTRIBUTE *attr; 198 STACK_OF(X509_ATTRIBUTE) *ret; 199 200 attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len); 201 if (!attr) 202 return 0; 203 ret = X509at_add1_attr(x, attr); 204 X509_ATTRIBUTE_free(attr); 205 return ret; 206} 207 208void * 209X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, ASN1_OBJECT *obj, 210 int lastpos, int type) 211{ 212 int i; 213 X509_ATTRIBUTE *at; 214 215 i = X509at_get_attr_by_OBJ(x, obj, lastpos); 216 if (i == -1) 217 return NULL; 218 if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1)) 219 return NULL; 220 at = X509at_get_attr(x, i); 221 if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1)) 222 return NULL; 223 return X509_ATTRIBUTE_get0_data(at, 0, type, NULL); 224} 225 226X509_ATTRIBUTE * 227X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype, 228 const void *data, int len) 229{ 230 ASN1_OBJECT *obj; 231 X509_ATTRIBUTE *ret; 232 233 obj = OBJ_nid2obj(nid); 234 if (obj == NULL) { 235 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID, 236 X509_R_UNKNOWN_NID); 237 return (NULL); 238 } 239 ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len); 240 if (ret == NULL) 241 ASN1_OBJECT_free(obj); 242 return (ret); 243} 244 245X509_ATTRIBUTE * 246X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, const ASN1_OBJECT *obj, 247 int atrtype, const void *data, int len) 248{ 249 X509_ATTRIBUTE *ret; 250 251 if ((attr == NULL) || (*attr == NULL)) { 252 if ((ret = X509_ATTRIBUTE_new()) == NULL) { 253 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ, 254 ERR_R_MALLOC_FAILURE); 255 return (NULL); 256 } 257 } else 258 ret= *attr; 259 260 if (!X509_ATTRIBUTE_set1_object(ret, obj)) 261 goto err; 262 if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len)) 263 goto err; 264 265 if ((attr != NULL) && (*attr == NULL)) 266 *attr = ret; 267 return (ret); 268 269err: 270 if ((attr == NULL) || (ret != *attr)) 271 X509_ATTRIBUTE_free(ret); 272 return (NULL); 273} 274 275X509_ATTRIBUTE * 276X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, const char *atrname, 277 int type, const unsigned char *bytes, int len) 278{ 279 ASN1_OBJECT *obj; 280 X509_ATTRIBUTE *nattr; 281 282 obj = OBJ_txt2obj(atrname, 0); 283 if (obj == NULL) { 284 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, 285 X509_R_INVALID_FIELD_NAME); 286 ERR_asprintf_error_data("name=%s", atrname); 287 return (NULL); 288 } 289 nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len); 290 ASN1_OBJECT_free(obj); 291 return nattr; 292} 293 294int 295X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) 296{ 297 if ((attr == NULL) || (obj == NULL)) 298 return (0); 299 ASN1_OBJECT_free(attr->object); 300 attr->object = OBJ_dup(obj); 301 return (1); 302} 303 304int 305X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, 306 int len) 307{ 308 ASN1_TYPE *ttmp = NULL; 309 ASN1_STRING *stmp = NULL; 310 int atype = 0; 311 312 if (!attr) 313 return 0; 314 if (attrtype & MBSTRING_FLAG) { 315 stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, 316 OBJ_obj2nid(attr->object)); 317 if (!stmp) { 318 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, 319 ERR_R_ASN1_LIB); 320 return 0; 321 } 322 atype = stmp->type; 323 } else if (len != -1){ 324 if (!(stmp = ASN1_STRING_type_new(attrtype))) 325 goto err; 326 if (!ASN1_STRING_set(stmp, data, len)) 327 goto err; 328 atype = attrtype; 329 } 330 if (!(attr->value.set = sk_ASN1_TYPE_new_null())) 331 goto err; 332 attr->single = 0; 333 /* This is a bit naughty because the attribute should really have 334 * at least one value but some types use and zero length SET and 335 * require this. 336 */ 337 if (attrtype == 0) { 338 ASN1_STRING_free(stmp); 339 return 1; 340 } 341 342 if (!(ttmp = ASN1_TYPE_new())) 343 goto err; 344 if ((len == -1) && !(attrtype & MBSTRING_FLAG)) { 345 if (!ASN1_TYPE_set1(ttmp, attrtype, data)) 346 goto err; 347 } else 348 ASN1_TYPE_set(ttmp, atype, stmp); 349 if (!sk_ASN1_TYPE_push(attr->value.set, ttmp)) 350 goto err; 351 return 1; 352 353err: 354 ASN1_TYPE_free(ttmp); 355 ASN1_STRING_free(stmp); 356 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); 357 return 0; 358} 359 360int 361X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr) 362{ 363 if (!attr->single) 364 return sk_ASN1_TYPE_num(attr->value.set); 365 if (attr->value.single) 366 return 1; 367 return 0; 368} 369 370ASN1_OBJECT * 371X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr) 372{ 373 if (attr == NULL) 374 return (NULL); 375 return (attr->object); 376} 377 378void * 379X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, void *data) 380{ 381 ASN1_TYPE *ttmp; 382 383 ttmp = X509_ATTRIBUTE_get0_type(attr, idx); 384 if (!ttmp) 385 return NULL; 386 if (atrtype != ASN1_TYPE_get(ttmp)){ 387 X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE); 388 return NULL; 389 } 390 return ttmp->value.ptr; 391} 392 393ASN1_TYPE * 394X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) 395{ 396 if (attr == NULL) 397 return (NULL); 398 if (idx >= X509_ATTRIBUTE_count(attr)) 399 return NULL; 400 if (!attr->single) 401 return sk_ASN1_TYPE_value(attr->value.set, idx); 402 else 403 return attr->value.single; 404} 405