/src/openssl/crypto/x509/x_attrib.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <stdio.h> |
11 | | #include "internal/cryptlib.h" |
12 | | #include <openssl/objects.h> |
13 | | #include <openssl/asn1t.h> |
14 | | #include <openssl/x509.h> |
15 | | #include "x509_local.h" |
16 | | #include <crypto/x509.h> |
17 | | |
18 | | /*- |
19 | | * X509_ATTRIBUTE: this has the following form: |
20 | | * |
21 | | * typedef struct x509_attributes_st |
22 | | * { |
23 | | * ASN1_OBJECT *object; |
24 | | * STACK_OF(ASN1_TYPE) *set; |
25 | | * } X509_ATTRIBUTE; |
26 | | * |
27 | | */ |
28 | | |
29 | | ASN1_SEQUENCE(X509_ATTRIBUTE) = { |
30 | | ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), |
31 | | ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY) |
32 | | } ASN1_SEQUENCE_END(X509_ATTRIBUTE) |
33 | | |
34 | | IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) |
35 | | IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) |
36 | | |
37 | | X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) |
38 | 0 | { |
39 | 0 | X509_ATTRIBUTE *ret = NULL; |
40 | 0 | ASN1_TYPE *val = NULL; |
41 | 0 | ASN1_OBJECT *oid; |
42 | |
|
43 | 0 | if ((oid = OBJ_nid2obj(nid)) == NULL) |
44 | 0 | return NULL; |
45 | 0 | if ((ret = X509_ATTRIBUTE_new()) == NULL) |
46 | 0 | return NULL; |
47 | 0 | ret->object = oid; |
48 | 0 | if ((val = ASN1_TYPE_new()) == NULL) |
49 | 0 | goto err; |
50 | 0 | if (!sk_ASN1_TYPE_push(ret->set, val)) |
51 | 0 | goto err; |
52 | | |
53 | 0 | ASN1_TYPE_set(val, atrtype, value); |
54 | 0 | return ret; |
55 | 0 | err: |
56 | 0 | X509_ATTRIBUTE_free(ret); |
57 | 0 | ASN1_TYPE_free(val); |
58 | 0 | return NULL; |
59 | 0 | } |
60 | | |
61 | | static int print_hex(BIO *out, unsigned char *buf, int len) |
62 | 0 | { |
63 | 0 | int result = 1; |
64 | 0 | char *hexbuf; |
65 | |
|
66 | 0 | if (len == 0) |
67 | 0 | return 1; |
68 | | |
69 | 0 | hexbuf = OPENSSL_buf2hexstr(buf, len); |
70 | 0 | if (hexbuf == NULL) |
71 | 0 | return 0; |
72 | 0 | result = BIO_puts(out, hexbuf) > 0; |
73 | |
|
74 | 0 | OPENSSL_free(hexbuf); |
75 | 0 | return result; |
76 | 0 | } |
77 | | |
78 | 0 | static int print_oid(BIO *out, const ASN1_OBJECT *oid) { |
79 | 0 | const char *ln; |
80 | 0 | char objbuf[80]; |
81 | 0 | int rc; |
82 | |
|
83 | 0 | if (OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1) <= 0) |
84 | 0 | return 0; |
85 | 0 | ln = OBJ_nid2ln(OBJ_obj2nid(oid)); |
86 | 0 | rc = (ln != NULL) |
87 | 0 | ? BIO_printf(out, "%s (%s)", objbuf, ln) |
88 | 0 | : BIO_printf(out, "%s", objbuf); |
89 | 0 | return (rc >= 0); |
90 | 0 | } |
91 | | |
92 | | int ossl_print_attribute_value(BIO *out, |
93 | | int obj_nid, |
94 | | const ASN1_TYPE *av, |
95 | | int indent) |
96 | 0 | { |
97 | 0 | ASN1_STRING *str; |
98 | 0 | unsigned char *value; |
99 | 0 | X509_NAME *xn = NULL; |
100 | 0 | int64_t int_val; |
101 | | |
102 | | /* |
103 | | * This switch-case is only for syntaxes that are not encoded as a single |
104 | | * primitively-constructed value universal ASN.1 type. |
105 | | */ |
106 | 0 | switch (obj_nid) { |
107 | 0 | case NID_undef: /* Unrecognized OID. */ |
108 | 0 | break; |
109 | | /* Attribute types with DN syntax. */ |
110 | 0 | case NID_member: |
111 | 0 | case NID_roleOccupant: |
112 | 0 | case NID_seeAlso: |
113 | 0 | case NID_manager: |
114 | 0 | case NID_documentAuthor: |
115 | 0 | case NID_secretary: |
116 | 0 | case NID_associatedName: |
117 | 0 | case NID_dITRedirect: |
118 | 0 | case NID_owner: |
119 | | /* |
120 | | * d2i_ functions increment the ppin pointer. See doc/man3/d2i_X509.pod. |
121 | | * This preserves the original pointer. We don't want to corrupt this |
122 | | * value. |
123 | | */ |
124 | 0 | value = av->value.sequence->data; |
125 | 0 | xn = d2i_X509_NAME(NULL, |
126 | 0 | (const unsigned char**)&value, |
127 | 0 | av->value.sequence->length); |
128 | 0 | if (xn == NULL) { |
129 | 0 | BIO_puts(out, "(COULD NOT DECODE DISTINGUISHED NAME)\n"); |
130 | 0 | return 0; |
131 | 0 | } |
132 | 0 | if (X509_NAME_print_ex(out, xn, indent, XN_FLAG_SEP_CPLUS_SPC) <= 0) |
133 | 0 | return 0; |
134 | 0 | X509_NAME_free(xn); |
135 | 0 | return 1; |
136 | | |
137 | 0 | default: |
138 | 0 | break; |
139 | 0 | } |
140 | | |
141 | 0 | switch (av->type) { |
142 | 0 | case V_ASN1_BOOLEAN: |
143 | 0 | if (av->value.boolean) { |
144 | 0 | return BIO_printf(out, "%*sTRUE", indent, "") >= 4; |
145 | 0 | } else { |
146 | 0 | return BIO_printf(out, "%*sFALSE", indent, "") >= 5; |
147 | 0 | } |
148 | | |
149 | 0 | case V_ASN1_INTEGER: |
150 | 0 | case V_ASN1_ENUMERATED: |
151 | 0 | if (BIO_printf(out, "%*s", indent, "") < 0) |
152 | 0 | return 0; |
153 | 0 | if (ASN1_ENUMERATED_get_int64(&int_val, av->value.integer) > 0) { |
154 | 0 | return BIO_printf(out, "%lld", (long long int)int_val) > 0; |
155 | 0 | } |
156 | 0 | str = av->value.integer; |
157 | 0 | return print_hex(out, str->data, str->length); |
158 | | |
159 | 0 | case V_ASN1_BIT_STRING: |
160 | 0 | if (BIO_printf(out, "%*s", indent, "") < 0) |
161 | 0 | return 0; |
162 | 0 | return print_hex(out, av->value.bit_string->data, |
163 | 0 | av->value.bit_string->length); |
164 | | |
165 | 0 | case V_ASN1_OCTET_STRING: |
166 | 0 | case V_ASN1_VIDEOTEXSTRING: |
167 | 0 | if (BIO_printf(out, "%*s", indent, "") < 0) |
168 | 0 | return 0; |
169 | 0 | return print_hex(out, av->value.octet_string->data, |
170 | 0 | av->value.octet_string->length); |
171 | | |
172 | 0 | case V_ASN1_NULL: |
173 | 0 | return BIO_printf(out, "%*sNULL", indent, "") >= 4; |
174 | | |
175 | 0 | case V_ASN1_OBJECT: |
176 | 0 | if (BIO_printf(out, "%*s", indent, "") < 0) |
177 | 0 | return 0; |
178 | 0 | return print_oid(out, av->value.object); |
179 | | |
180 | | /* |
181 | | * ObjectDescriptor is an IMPLICIT GraphicString, but GeneralString is a |
182 | | * superset supported by OpenSSL, so we will use that anywhere a |
183 | | * GraphicString is needed here. |
184 | | */ |
185 | 0 | case V_ASN1_GENERALSTRING: |
186 | 0 | case V_ASN1_GRAPHICSTRING: |
187 | 0 | case V_ASN1_OBJECT_DESCRIPTOR: |
188 | 0 | return BIO_printf(out, "%*s%.*s", indent, "", |
189 | 0 | av->value.generalstring->length, |
190 | 0 | av->value.generalstring->data) >= 0; |
191 | | |
192 | | /* EXTERNAL would go here. */ |
193 | | /* EMBEDDED PDV would go here. */ |
194 | | |
195 | 0 | case V_ASN1_UTF8STRING: |
196 | 0 | return BIO_printf(out, "%*s%.*s", indent, "", |
197 | 0 | av->value.utf8string->length, |
198 | 0 | av->value.utf8string->data) >= 0; |
199 | | |
200 | 0 | case V_ASN1_REAL: |
201 | 0 | return BIO_printf(out, "%*sREAL", indent, "") >= 4; |
202 | | |
203 | | /* RELATIVE-OID would go here. */ |
204 | | /* TIME would go here. */ |
205 | | |
206 | 0 | case V_ASN1_SEQUENCE: |
207 | 0 | return ASN1_parse_dump(out, av->value.sequence->data, |
208 | 0 | av->value.sequence->length, indent, 1) > 0; |
209 | | |
210 | 0 | case V_ASN1_SET: |
211 | 0 | return ASN1_parse_dump(out, av->value.set->data, |
212 | 0 | av->value.set->length, indent, 1) > 0; |
213 | | |
214 | | /* |
215 | | * UTCTime ::= [UNIVERSAL 23] IMPLICIT VisibleString |
216 | | * GeneralizedTime ::= [UNIVERSAL 24] IMPLICIT VisibleString |
217 | | * VisibleString is a superset for NumericString, so it will work for that. |
218 | | */ |
219 | 0 | case V_ASN1_VISIBLESTRING: |
220 | 0 | case V_ASN1_UTCTIME: |
221 | 0 | case V_ASN1_GENERALIZEDTIME: |
222 | 0 | case V_ASN1_NUMERICSTRING: |
223 | 0 | return BIO_printf(out, "%*s%.*s", indent, "", |
224 | 0 | av->value.visiblestring->length, |
225 | 0 | av->value.visiblestring->data) >= 0; |
226 | | |
227 | 0 | case V_ASN1_PRINTABLESTRING: |
228 | 0 | return BIO_printf(out, "%*s%.*s", indent, "", |
229 | 0 | av->value.printablestring->length, |
230 | 0 | av->value.printablestring->data) >= 0; |
231 | | |
232 | 0 | case V_ASN1_T61STRING: |
233 | 0 | return BIO_printf(out, "%*s%.*s", indent, "", |
234 | 0 | av->value.t61string->length, |
235 | 0 | av->value.t61string->data) >= 0; |
236 | | |
237 | 0 | case V_ASN1_IA5STRING: |
238 | 0 | return BIO_printf(out, "%*s%.*s", indent, "", |
239 | 0 | av->value.ia5string->length, |
240 | 0 | av->value.ia5string->data) >= 0; |
241 | | |
242 | | /* UniversalString would go here. */ |
243 | | /* CHARACTER STRING would go here. */ |
244 | | /* BMPString would go here. */ |
245 | | /* DATE would go here. */ |
246 | | /* TIME-OF-DAY would go here. */ |
247 | | /* DATE-TIME would go here. */ |
248 | | /* DURATION would go here. */ |
249 | | /* OID-IRI would go here. */ |
250 | | /* RELATIVE-OID-IRI would go here. */ |
251 | | |
252 | | /* Would it be approriate to just hexdump? */ |
253 | 0 | default: |
254 | 0 | return BIO_printf(out, |
255 | 0 | "%*s<Unsupported tag %d>", |
256 | 0 | indent, |
257 | 0 | "", |
258 | 0 | av->type) >= 0; |
259 | 0 | } |
260 | 0 | } |