/src/boringssl/crypto/x509/x509_req.cc
Line | Count | Source |
1 | | // Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // https://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #include <openssl/asn1.h> |
16 | | #include <openssl/asn1t.h> |
17 | | #include <openssl/bn.h> |
18 | | #include <openssl/err.h> |
19 | | #include <openssl/evp.h> |
20 | | #include <openssl/mem.h> |
21 | | #include <openssl/obj.h> |
22 | | #include <openssl/pem.h> |
23 | | #include <openssl/x509.h> |
24 | | |
25 | | #include "../asn1/internal.h" |
26 | | #include "internal.h" |
27 | | |
28 | | |
29 | 0 | long X509_REQ_get_version(const X509_REQ *req) { |
30 | 0 | return ASN1_INTEGER_get(req->req_info->version); |
31 | 0 | } |
32 | | |
33 | 0 | X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req) { |
34 | 0 | return req->req_info->subject; |
35 | 0 | } |
36 | | |
37 | 0 | EVP_PKEY *X509_REQ_get_pubkey(const X509_REQ *req) { |
38 | 0 | if (req == nullptr) { |
39 | 0 | return nullptr; |
40 | 0 | } |
41 | 0 | return X509_PUBKEY_get(req->req_info->pubkey); |
42 | 0 | } |
43 | | |
44 | 0 | EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req) { |
45 | 0 | if (req == nullptr) { |
46 | 0 | return nullptr; |
47 | 0 | } |
48 | 0 | return X509_PUBKEY_get0(req->req_info->pubkey); |
49 | 0 | } |
50 | | |
51 | 0 | int X509_REQ_check_private_key(const X509_REQ *x, const EVP_PKEY *k) { |
52 | 0 | const EVP_PKEY *xk = X509_REQ_get0_pubkey(x); |
53 | 0 | if (xk == nullptr) { |
54 | 0 | return 0; |
55 | 0 | } |
56 | | |
57 | 0 | int ret = EVP_PKEY_cmp(xk, k); |
58 | 0 | if (ret > 0) { |
59 | 0 | return 1; |
60 | 0 | } |
61 | | |
62 | 0 | switch (ret) { |
63 | 0 | case 0: |
64 | 0 | OPENSSL_PUT_ERROR(X509, X509_R_KEY_VALUES_MISMATCH); |
65 | 0 | return 0; |
66 | 0 | case -1: |
67 | 0 | OPENSSL_PUT_ERROR(X509, X509_R_KEY_TYPE_MISMATCH); |
68 | 0 | return 0; |
69 | 0 | case -2: |
70 | 0 | if (EVP_PKEY_id(k) == EVP_PKEY_EC) { |
71 | 0 | OPENSSL_PUT_ERROR(X509, ERR_R_EC_LIB); |
72 | 0 | } else { |
73 | 0 | OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE); |
74 | 0 | } |
75 | 0 | return 0; |
76 | 0 | } |
77 | | |
78 | 0 | return 0; |
79 | 0 | } |
80 | | |
81 | 0 | int X509_REQ_extension_nid(int req_nid) { |
82 | 0 | return req_nid == NID_ext_req || req_nid == NID_ms_ext_req; |
83 | 0 | } |
84 | | |
85 | 0 | STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(const X509_REQ *req) { |
86 | 0 | if (req == nullptr || req->req_info == nullptr) { |
87 | 0 | return nullptr; |
88 | 0 | } |
89 | | |
90 | 0 | int idx = X509_REQ_get_attr_by_NID(req, NID_ext_req, -1); |
91 | 0 | if (idx == -1) { |
92 | 0 | idx = X509_REQ_get_attr_by_NID(req, NID_ms_ext_req, -1); |
93 | 0 | } |
94 | 0 | if (idx == -1) { |
95 | 0 | return nullptr; |
96 | 0 | } |
97 | | |
98 | 0 | const X509_ATTRIBUTE *attr = X509_REQ_get_attr(req, idx); |
99 | | // TODO(davidben): |X509_ATTRIBUTE_get0_type| is not const-correct. It should |
100 | | // take and return a const pointer. |
101 | 0 | const ASN1_TYPE *ext = X509_ATTRIBUTE_get0_type((X509_ATTRIBUTE *)attr, 0); |
102 | 0 | if (!ext || ext->type != V_ASN1_SEQUENCE) { |
103 | 0 | return nullptr; |
104 | 0 | } |
105 | 0 | const unsigned char *p = ext->value.sequence->data; |
106 | 0 | return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i( |
107 | 0 | nullptr, &p, ext->value.sequence->length, |
108 | 0 | ASN1_ITEM_rptr(X509_EXTENSIONS)); |
109 | 0 | } |
110 | | |
111 | | // Add a STACK_OF extensions to a certificate request: allow alternative OIDs |
112 | | // in case we want to create a non standard one. |
113 | | |
114 | | int X509_REQ_add_extensions_nid(X509_REQ *req, |
115 | 0 | const STACK_OF(X509_EXTENSION) *exts, int nid) { |
116 | | // Generate encoding of extensions |
117 | 0 | unsigned char *ext = nullptr; |
118 | 0 | int ext_len = |
119 | 0 | ASN1_item_i2d((ASN1_VALUE *)exts, &ext, ASN1_ITEM_rptr(X509_EXTENSIONS)); |
120 | 0 | if (ext_len <= 0) { |
121 | 0 | return 0; |
122 | 0 | } |
123 | 0 | int ret = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, ext_len); |
124 | 0 | OPENSSL_free(ext); |
125 | 0 | return ret; |
126 | 0 | } |
127 | | |
128 | | // This is the normal usage: use the "official" OID |
129 | | int X509_REQ_add_extensions(X509_REQ *req, |
130 | 0 | const STACK_OF(X509_EXTENSION) *exts) { |
131 | 0 | return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); |
132 | 0 | } |
133 | | |
134 | 0 | int X509_REQ_get_attr_count(const X509_REQ *req) { |
135 | 0 | return (int)sk_X509_ATTRIBUTE_num(req->req_info->attributes); |
136 | 0 | } |
137 | | |
138 | 0 | int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos) { |
139 | 0 | const ASN1_OBJECT *obj = OBJ_nid2obj(nid); |
140 | 0 | if (obj == nullptr) { |
141 | 0 | return -1; |
142 | 0 | } |
143 | 0 | return X509_REQ_get_attr_by_OBJ(req, obj, lastpos); |
144 | 0 | } |
145 | | |
146 | | int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, |
147 | 0 | int lastpos) { |
148 | 0 | if (req->req_info->attributes == nullptr) { |
149 | 0 | return -1; |
150 | 0 | } |
151 | 0 | lastpos++; |
152 | 0 | if (lastpos < 0) { |
153 | 0 | lastpos = 0; |
154 | 0 | } |
155 | 0 | int n = (int)sk_X509_ATTRIBUTE_num(req->req_info->attributes); |
156 | 0 | for (; lastpos < n; lastpos++) { |
157 | 0 | const X509_ATTRIBUTE *attr = |
158 | 0 | sk_X509_ATTRIBUTE_value(req->req_info->attributes, lastpos); |
159 | 0 | if (OBJ_cmp(attr->object, obj) == 0) { |
160 | 0 | return lastpos; |
161 | 0 | } |
162 | 0 | } |
163 | 0 | return -1; |
164 | 0 | } |
165 | | |
166 | 0 | X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) { |
167 | 0 | if (req->req_info->attributes == nullptr || loc < 0 || |
168 | 0 | sk_X509_ATTRIBUTE_num(req->req_info->attributes) <= (size_t)loc) { |
169 | 0 | return nullptr; |
170 | 0 | } |
171 | 0 | return sk_X509_ATTRIBUTE_value(req->req_info->attributes, loc); |
172 | 0 | } |
173 | | |
174 | 0 | X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) { |
175 | 0 | if (req->req_info->attributes == nullptr || loc < 0 || |
176 | 0 | sk_X509_ATTRIBUTE_num(req->req_info->attributes) <= (size_t)loc) { |
177 | 0 | return nullptr; |
178 | 0 | } |
179 | 0 | return sk_X509_ATTRIBUTE_delete(req->req_info->attributes, loc); |
180 | 0 | } |
181 | | |
182 | 0 | static int X509_REQ_add0_attr(X509_REQ *req, X509_ATTRIBUTE *attr) { |
183 | 0 | if (req->req_info->attributes == nullptr) { |
184 | 0 | req->req_info->attributes = sk_X509_ATTRIBUTE_new_null(); |
185 | 0 | } |
186 | 0 | if (req->req_info->attributes == nullptr || |
187 | 0 | !sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) { |
188 | 0 | return 0; |
189 | 0 | } |
190 | | |
191 | 0 | return 1; |
192 | 0 | } |
193 | | |
194 | 0 | int X509_REQ_add1_attr(X509_REQ *req, const X509_ATTRIBUTE *attr) { |
195 | 0 | X509_ATTRIBUTE *new_attr = X509_ATTRIBUTE_dup(attr); |
196 | 0 | if (new_attr == nullptr || !X509_REQ_add0_attr(req, new_attr)) { |
197 | 0 | X509_ATTRIBUTE_free(new_attr); |
198 | 0 | return 0; |
199 | 0 | } |
200 | | |
201 | 0 | return 1; |
202 | 0 | } |
203 | | |
204 | | int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, const ASN1_OBJECT *obj, |
205 | | int attrtype, const unsigned char *data, |
206 | 0 | int len) { |
207 | 0 | X509_ATTRIBUTE *attr = |
208 | 0 | X509_ATTRIBUTE_create_by_OBJ(nullptr, obj, attrtype, data, len); |
209 | 0 | if (attr == nullptr || !X509_REQ_add0_attr(req, attr)) { |
210 | 0 | X509_ATTRIBUTE_free(attr); |
211 | 0 | return 0; |
212 | 0 | } |
213 | | |
214 | 0 | return 1; |
215 | 0 | } |
216 | | |
217 | | int X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int attrtype, |
218 | 0 | const unsigned char *data, int len) { |
219 | 0 | X509_ATTRIBUTE *attr = |
220 | 0 | X509_ATTRIBUTE_create_by_NID(nullptr, nid, attrtype, data, len); |
221 | 0 | if (attr == nullptr || !X509_REQ_add0_attr(req, attr)) { |
222 | 0 | X509_ATTRIBUTE_free(attr); |
223 | 0 | return 0; |
224 | 0 | } |
225 | | |
226 | 0 | return 1; |
227 | 0 | } |
228 | | |
229 | | int X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int attrtype, |
230 | 0 | const unsigned char *data, int len) { |
231 | 0 | X509_ATTRIBUTE *attr = |
232 | 0 | X509_ATTRIBUTE_create_by_txt(nullptr, attrname, attrtype, data, len); |
233 | 0 | if (attr == nullptr || !X509_REQ_add0_attr(req, attr)) { |
234 | 0 | X509_ATTRIBUTE_free(attr); |
235 | 0 | return 0; |
236 | 0 | } |
237 | | |
238 | 0 | return 1; |
239 | 0 | } |
240 | | |
241 | | void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, |
242 | 0 | const X509_ALGOR **palg) { |
243 | 0 | if (psig != nullptr) { |
244 | 0 | *psig = req->signature; |
245 | 0 | } |
246 | 0 | if (palg != nullptr) { |
247 | 0 | *palg = req->sig_alg; |
248 | 0 | } |
249 | 0 | } |
250 | | |
251 | 0 | int X509_REQ_get_signature_nid(const X509_REQ *req) { |
252 | 0 | return OBJ_obj2nid(req->sig_alg->algorithm); |
253 | 0 | } |
254 | | |
255 | 0 | int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) { |
256 | 0 | asn1_encoding_clear(&req->req_info->enc); |
257 | 0 | return i2d_X509_REQ_INFO(req->req_info, pp); |
258 | 0 | } |