Coverage Report

Created: 2022-08-24 06:30

/src/libressl/crypto/asn1/t_x509.c
Line
Count
Source (jump to first uncovered line)
1
/* $OpenBSD: t_x509.c,v 1.40 2022/08/11 10:36:32 tb Exp $ */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
 * All rights reserved.
4
 *
5
 * This package is an SSL implementation written
6
 * by Eric Young (eay@cryptsoft.com).
7
 * The implementation was written so as to conform with Netscapes SSL.
8
 *
9
 * This library is free for commercial and non-commercial use as long as
10
 * the following conditions are aheared to.  The following conditions
11
 * apply to all code found in this distribution, be it the RC4, RSA,
12
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13
 * included with this distribution is covered by the same copyright terms
14
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15
 *
16
 * Copyright remains Eric Young's, and as such any Copyright notices in
17
 * the code are not to be removed.
18
 * If this package is used in a product, Eric Young should be given attribution
19
 * as the author of the parts of the library used.
20
 * This can be in the form of a textual message at program startup or
21
 * in documentation (online or textual) provided with the package.
22
 *
23
 * Redistribution and use in source and binary forms, with or without
24
 * modification, are permitted provided that the following conditions
25
 * are met:
26
 * 1. Redistributions of source code must retain the copyright
27
 *    notice, this list of conditions and the following disclaimer.
28
 * 2. Redistributions in binary form must reproduce the above copyright
29
 *    notice, this list of conditions and the following disclaimer in the
30
 *    documentation and/or other materials provided with the distribution.
31
 * 3. All advertising materials mentioning features or use of this software
32
 *    must display the following acknowledgement:
33
 *    "This product includes cryptographic software written by
34
 *     Eric Young (eay@cryptsoft.com)"
35
 *    The word 'cryptographic' can be left out if the rouines from the library
36
 *    being used are not cryptographic related :-).
37
 * 4. If you include any Windows specific code (or a derivative thereof) from
38
 *    the apps directory (application code) you must include an acknowledgement:
39
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40
 *
41
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
 * SUCH DAMAGE.
52
 *
53
 * The licence and distribution terms for any publically available version or
54
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55
 * copied and put under another distribution licence
56
 * [including the GNU Public Licence.]
57
 */
58
59
#include <stdio.h>
60
61
#include <openssl/opensslconf.h>
62
63
#include <openssl/bn.h>
64
#include <openssl/buffer.h>
65
#include <openssl/err.h>
66
#include <openssl/objects.h>
67
#include <openssl/x509.h>
68
#include <openssl/x509v3.h>
69
70
#ifndef OPENSSL_NO_DSA
71
#include <openssl/dsa.h>
72
#endif
73
#ifndef OPENSSL_NO_EC
74
#include <openssl/ec.h>
75
#endif
76
#ifndef OPENSSL_NO_RSA
77
#include <openssl/rsa.h>
78
#endif
79
80
#include "asn1_locl.h"
81
#include "x509_lcl.h"
82
83
int
84
X509_print_fp(FILE *fp, X509 *x)
85
0
{
86
0
  return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
87
0
}
88
89
int
90
X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
91
0
{
92
0
  BIO *b;
93
0
  int ret;
94
95
0
  if ((b = BIO_new(BIO_s_file())) == NULL) {
96
0
    X509error(ERR_R_BUF_LIB);
97
0
    return (0);
98
0
  }
99
0
  BIO_set_fp(b, fp, BIO_NOCLOSE);
100
0
  ret = X509_print_ex(b, x, nmflag, cflag);
101
0
  BIO_free(b);
102
0
  return (ret);
103
0
}
104
105
int
106
X509_print(BIO *bp, X509 *x)
107
0
{
108
0
  return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
109
0
}
110
111
int
112
X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
113
0
{
114
0
  long l;
115
0
  int ret = 0, i;
116
0
  char *m = NULL, mlch = ' ';
117
0
  int nmindent = 0;
118
0
  X509_CINF *ci;
119
0
  ASN1_INTEGER *bs;
120
0
  EVP_PKEY *pkey = NULL;
121
122
0
  if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
123
0
    mlch = '\n';
124
0
    nmindent = 12;
125
0
  }
126
127
0
  if (nmflags == X509_FLAG_COMPAT)
128
0
    nmindent = 16;
129
130
0
  ci = x->cert_info;
131
0
  if (!(cflag & X509_FLAG_NO_HEADER)) {
132
0
    if (BIO_write(bp, "Certificate:\n", 13) <= 0)
133
0
      goto err;
134
0
    if (BIO_write(bp, "    Data:\n", 10) <= 0)
135
0
      goto err;
136
0
  }
137
0
  if (!(cflag & X509_FLAG_NO_VERSION)) {
138
0
    l = X509_get_version(x);
139
0
    if (l >= 0 && l <= 2) {
140
0
      if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n",
141
0
          "", l + 1, l) <= 0)
142
0
        goto err;
143
0
    } else {
144
0
      if (BIO_printf(bp, "%8sVersion: unknown (%ld)\n",
145
0
          "", l) <= 0)
146
0
        goto err;
147
0
    }
148
0
  }
149
0
  if (!(cflag & X509_FLAG_NO_SERIAL)) {
150
0
    if (BIO_write(bp, "        Serial Number:", 22) <= 0)
151
0
      goto err;
152
153
0
    bs = X509_get_serialNumber(x);
154
0
    l = -1;
155
0
    if (bs->length <= (int)sizeof(long))
156
0
      l = ASN1_INTEGER_get(bs);
157
0
    if (l >= 0) {
158
0
      if (BIO_printf(bp, " %ld (0x%lx)\n", l, l) <= 0)
159
0
        goto err;
160
0
    } else {
161
0
      const char *neg = "";
162
163
0
      if (bs->type == V_ASN1_NEG_INTEGER)
164
0
        neg = " (Negative)";
165
166
0
      if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
167
0
        goto err;
168
0
      for (i = 0; i < bs->length; i++) {
169
0
        if (BIO_printf(bp, "%02x%c", bs->data[i],
170
0
            ((i + 1 == bs->length) ? '\n' : ':')) <= 0)
171
0
          goto err;
172
0
      }
173
0
    }
174
175
0
  }
176
177
0
  if (!(cflag & X509_FLAG_NO_SIGNAME)) {
178
0
    if (X509_signature_print(bp, x->sig_alg, NULL) <= 0)
179
0
      goto err;
180
0
  }
181
182
0
  if (!(cflag & X509_FLAG_NO_ISSUER)) {
183
0
    if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0)
184
0
      goto err;
185
0
    if (X509_NAME_print_ex(bp, X509_get_issuer_name(x),
186
0
        nmindent, nmflags) < (nmflags == X509_FLAG_COMPAT ? 1 : 0))
187
0
      goto err;
188
0
    if (BIO_write(bp, "\n", 1) <= 0)
189
0
      goto err;
190
0
  }
191
0
  if (!(cflag & X509_FLAG_NO_VALIDITY)) {
192
0
    if (BIO_write(bp, "        Validity\n", 17) <= 0)
193
0
      goto err;
194
0
    if (BIO_write(bp, "            Not Before: ", 24) <= 0)
195
0
      goto err;
196
0
    if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))
197
0
      goto err;
198
0
    if (BIO_write(bp, "\n            Not After : ", 25) <= 0)
199
0
      goto err;
200
0
    if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))
201
0
      goto err;
202
0
    if (BIO_write(bp, "\n", 1) <= 0)
203
0
      goto err;
204
0
  }
205
0
  if (!(cflag & X509_FLAG_NO_SUBJECT)) {
206
0
    if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
207
0
      goto err;
208
0
    if (X509_NAME_print_ex(bp, X509_get_subject_name(x),
209
0
        nmindent, nmflags) < (nmflags == X509_FLAG_COMPAT ? 1 : 0))
210
0
      goto err;
211
0
    if (BIO_write(bp, "\n", 1) <= 0)
212
0
      goto err;
213
0
  }
214
0
  if (!(cflag & X509_FLAG_NO_PUBKEY)) {
215
0
    if (BIO_write(bp, "        Subject Public Key Info:\n",
216
0
        33) <= 0)
217
0
      goto err;
218
0
    if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
219
0
      goto err;
220
0
    if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
221
0
      goto err;
222
0
    if (BIO_puts(bp, "\n") <= 0)
223
0
      goto err;
224
225
0
    pkey = X509_get_pubkey(x);
226
0
    if (pkey == NULL) {
227
0
      BIO_printf(bp, "%12sUnable to load Public Key\n", "");
228
0
      ERR_print_errors(bp);
229
0
    } else {
230
0
      EVP_PKEY_print_public(bp, pkey, 16, NULL);
231
0
      EVP_PKEY_free(pkey);
232
0
    }
233
0
  }
234
235
0
  if (!(cflag & X509_FLAG_NO_EXTENSIONS))
236
0
    X509V3_extensions_print(bp, "X509v3 extensions",
237
0
        ci->extensions, cflag, 8);
238
239
0
  if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
240
0
    if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0)
241
0
      goto err;
242
0
  }
243
0
  if (!(cflag & X509_FLAG_NO_AUX)) {
244
0
    if (!X509_CERT_AUX_print(bp, x->aux, 0))
245
0
      goto err;
246
0
  }
247
0
  ret = 1;
248
249
0
 err:
250
0
  free(m);
251
0
  return (ret);
252
0
}
253
254
int
255
X509_ocspid_print(BIO *bp, X509 *x)
256
0
{
257
0
  unsigned char *der = NULL;
258
0
  unsigned char *dertmp;
259
0
  int derlen;
260
0
  int i;
261
0
  unsigned char SHA1md[SHA_DIGEST_LENGTH];
262
263
  /* display the hash of the subject as it would appear
264
     in OCSP requests */
265
0
  if (BIO_printf(bp, "        Subject OCSP hash: ") <= 0)
266
0
    goto err;
267
0
  if ((derlen = i2d_X509_NAME(x->cert_info->subject, NULL)) <= 0)
268
0
    goto err;
269
0
  if ((der = dertmp = malloc(derlen)) == NULL)
270
0
    goto err;
271
0
  if (i2d_X509_NAME(x->cert_info->subject, &dertmp) <= 0)
272
0
    goto err;
273
274
0
  if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
275
0
    goto err;
276
0
  for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
277
0
    if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
278
0
      goto err;
279
0
  }
280
0
  free (der);
281
0
  der = NULL;
282
283
  /* display the hash of the public key as it would appear
284
     in OCSP requests */
285
0
  if (BIO_printf(bp, "\n        Public key OCSP hash: ") <= 0)
286
0
    goto err;
287
288
0
  if (!EVP_Digest(x->cert_info->key->public_key->data,
289
0
      x->cert_info->key->public_key->length,
290
0
      SHA1md, NULL, EVP_sha1(), NULL))
291
0
    goto err;
292
0
  for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
293
0
    if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
294
0
      goto err;
295
0
  }
296
0
  BIO_printf(bp, "\n");
297
298
0
  return (1);
299
300
0
 err:
301
0
  free(der);
302
0
  return (0);
303
0
}
304
305
int
306
X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
307
4.42k
{
308
4.42k
  const unsigned char *s;
309
4.42k
  int i, n;
310
311
4.42k
  n = sig->length;
312
4.42k
  s = sig->data;
313
1.91M
  for (i = 0; i < n; i++) {
314
1.91M
    if ((i % 18) == 0) {
315
108k
      if (BIO_write(bp, "\n", 1) <= 0)
316
0
        return 0;
317
108k
      if (BIO_indent(bp, indent, indent) <= 0)
318
0
        return 0;
319
108k
    }
320
1.91M
    if (BIO_printf(bp, "%02x%s", s[i],
321
1.91M
        ((i + 1) == n) ? "" : ":") <= 0)
322
0
      return 0;
323
1.91M
  }
324
4.42k
  if (BIO_write(bp, "\n", 1) != 1)
325
0
    return 0;
326
327
4.42k
  return 1;
328
4.42k
}
329
330
int
331
X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig)
332
8.95k
{
333
8.95k
  int sig_nid;
334
8.95k
  if (BIO_puts(bp, "    Signature Algorithm: ") <= 0)
335
0
    return 0;
336
8.95k
  if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
337
0
    return 0;
338
339
8.95k
  sig_nid = OBJ_obj2nid(sigalg->algorithm);
340
8.95k
  if (sig_nid != NID_undef) {
341
3.30k
    int pkey_nid, dig_nid;
342
3.30k
    const EVP_PKEY_ASN1_METHOD *ameth;
343
3.30k
    if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) {
344
848
      ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
345
848
      if (ameth && ameth->sig_print)
346
722
        return ameth->sig_print(bp, sigalg, sig, 9, 0);
347
848
    }
348
3.30k
  }
349
8.23k
  if (sig)
350
4.11k
    return X509_signature_dump(bp, sig, 9);
351
4.11k
  else if (BIO_puts(bp, "\n") <= 0)
352
0
    return 0;
353
4.11k
  return 1;
354
8.23k
}
355
356
int
357
ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
358
10.2k
{
359
10.2k
  if (tm->type == V_ASN1_UTCTIME)
360
6.79k
    return ASN1_UTCTIME_print(bp, tm);
361
3.41k
  if (tm->type == V_ASN1_GENERALIZEDTIME)
362
3.41k
    return ASN1_GENERALIZEDTIME_print(bp, tm);
363
0
  BIO_write(bp, "Bad time value", 14);
364
0
  return (0);
365
3.41k
}
366
367
static const char *mon[12] = {
368
  "Jan", "Feb", "Mar", "Apr", "May", "Jun",
369
  "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
370
};
371
372
int
373
ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
374
4.59k
{
375
4.59k
  char *v;
376
4.59k
  int gmt = 0;
377
4.59k
  int i;
378
4.59k
  int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
379
4.59k
  char *f = "";
380
4.59k
  int f_len = 0;
381
382
4.59k
  i = tm->length;
383
4.59k
  v = (char *)tm->data;
384
385
4.59k
  if (i < 12)
386
0
    goto err;
387
4.59k
  if (v[i-1] == 'Z')
388
4.59k
    gmt = 1;
389
59.7k
  for (i = 0; i < 12; i++)
390
55.1k
    if ((v[i] > '9') || (v[i] < '0'))
391
0
      goto err;
392
4.59k
  y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 +
393
4.59k
      (v[2] - '0') * 10 + (v[3] - '0');
394
4.59k
  M = (v[4] - '0') * 10 + (v[5] - '0');
395
4.59k
  if ((M > 12) || (M < 1))
396
0
    goto err;
397
4.59k
  d = (v[6] - '0') * 10 + (v[7] - '0');
398
4.59k
  h = (v[8] - '0') * 10 + (v[9] - '0');
399
4.59k
  m = (v[10] - '0') * 10 + (v[11] - '0');
400
4.59k
  if (tm->length >= 14 &&
401
4.59k
      (v[12] >= '0') && (v[12] <= '9') &&
402
4.59k
      (v[13] >= '0') && (v[13] <= '9')) {
403
4.59k
    s =  (v[12] - '0') * 10 + (v[13] - '0');
404
    /* Check for fractions of seconds. */
405
4.59k
    if (tm->length >= 15 && v[14] == '.') {
406
0
      int l = tm->length;
407
0
      f = &v[14]; /* The decimal point. */
408
0
      f_len = 1;
409
0
      while (14 + f_len < l && f[f_len] >= '0' &&
410
0
          f[f_len] <= '9')
411
0
        ++f_len;
412
0
    }
413
4.59k
  }
414
415
4.59k
  if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
416
4.59k
      mon[M - 1], d, h, m, s, f_len, f, y, (gmt) ? " GMT" : "") <= 0)
417
0
    return (0);
418
4.59k
  else
419
4.59k
    return (1);
420
421
0
 err:
422
0
  BIO_write(bp, "Bad time value", 14);
423
0
  return (0);
424
4.59k
}
425
426
int
427
ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
428
6.79k
{
429
6.79k
  const char *v;
430
6.79k
  int gmt = 0;
431
6.79k
  int i;
432
6.79k
  int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
433
434
6.79k
  i = tm->length;
435
6.79k
  v = (const char *)tm->data;
436
437
6.79k
  if (i < 10)
438
0
    goto err;
439
6.79k
  if (v[i-1] == 'Z')
440
6.79k
    gmt = 1;
441
74.7k
  for (i = 0; i < 10; i++)
442
67.9k
    if ((v[i] > '9') || (v[i] < '0'))
443
0
      goto err;
444
6.79k
  y = (v[0] - '0') * 10 + (v[1] - '0');
445
6.79k
  if (y < 50)
446
6.39k
    y += 100;
447
6.79k
  M = (v[2] - '0') * 10 + (v[3] - '0');
448
6.79k
  if ((M > 12) || (M < 1))
449
0
    goto err;
450
6.79k
  d = (v[4] - '0') * 10 + (v[5] - '0');
451
6.79k
  h = (v[6] - '0') * 10 + (v[7] - '0');
452
6.79k
  m = (v[8] - '0') * 10 + (v[9] - '0');
453
6.79k
  if (tm->length >=12 &&
454
6.79k
      (v[10] >= '0') && (v[10] <= '9') &&
455
6.79k
      (v[11] >= '0') && (v[11] <= '9'))
456
6.79k
    s = (v[10] - '0') * 10 + (v[11] - '0');
457
458
6.79k
  if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
459
6.79k
      mon[M - 1], d, h, m, s, y + 1900, (gmt) ? " GMT" : "") <= 0)
460
0
    return (0);
461
6.79k
  else
462
6.79k
    return (1);
463
464
0
 err:
465
0
  BIO_write(bp, "Bad time value", 14);
466
0
  return (0);
467
6.79k
}
468
469
int
470
X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
471
0
{
472
0
  char *s, *c, *b;
473
0
  int i;
474
0
  int ret = 0;
475
476
0
  b = X509_NAME_oneline(name, NULL, 0);
477
0
  if (b == NULL)
478
0
    return 0;
479
0
  if (*b == '\0') {
480
0
    free(b);
481
0
    return 1;
482
0
  }
483
0
  s = b + 1; /* skip the first slash */
484
485
0
  c = s;
486
0
  for (;;) {
487
0
    if (((*s == '/') &&
488
0
        ((s[1] >= 'A') && (s[1] <= 'Z') &&
489
0
        ((s[2] == '=') || ((s[2] >= 'A') && (s[2] <= 'Z') &&
490
0
        (s[3] == '='))))) || (*s == '\0')) {
491
0
      i = s - c;
492
0
      if (BIO_write(bp, c, i) != i)
493
0
        goto err;
494
0
      c = s + 1;  /* skip following slash */
495
0
      if (*s != '\0') {
496
0
        if (BIO_write(bp, ", ", 2) != 2)
497
0
          goto err;
498
0
      }
499
0
    }
500
0
    if (*s == '\0')
501
0
      break;
502
0
    s++;
503
0
  }
504
505
0
  ret = 1;
506
0
  if (0) {
507
0
 err:
508
0
    X509error(ERR_R_BUF_LIB);
509
0
  }
510
0
  free(b);
511
0
  return (ret);
512
0
}