Coverage Report

Created: 2024-07-27 06:35

/src/openssl/crypto/x509/x_attrib.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include <stdio.h>
11
#include "internal/cryptlib.h"
12
#include <openssl/objects.h>
13
#include <openssl/asn1t.h>
14
#include <openssl/x509.h>
15
#include "x509_local.h"
16
#include <crypto/x509.h>
17
18
/*-
19
 * X509_ATTRIBUTE: this has the following form:
20
 *
21
 * typedef struct x509_attributes_st
22
 *      {
23
 *      ASN1_OBJECT *object;
24
 *      STACK_OF(ASN1_TYPE) *set;
25
 *      } X509_ATTRIBUTE;
26
 *
27
 */
28
29
ASN1_SEQUENCE(X509_ATTRIBUTE) = {
30
        ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
31
        ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY)
32
} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
33
34
IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
35
IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
36
37
X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
38
0
{
39
0
    X509_ATTRIBUTE *ret = NULL;
40
0
    ASN1_TYPE *val = NULL;
41
0
    ASN1_OBJECT *oid;
42
43
0
    if ((oid = OBJ_nid2obj(nid)) == NULL)
44
0
        return NULL;
45
0
    if ((ret = X509_ATTRIBUTE_new()) == NULL)
46
0
        return NULL;
47
0
    ret->object = oid;
48
0
    if ((val = ASN1_TYPE_new()) == NULL)
49
0
        goto err;
50
0
    if (!sk_ASN1_TYPE_push(ret->set, val))
51
0
        goto err;
52
53
0
    ASN1_TYPE_set(val, atrtype, value);
54
0
    return ret;
55
0
 err:
56
0
    X509_ATTRIBUTE_free(ret);
57
0
    ASN1_TYPE_free(val);
58
0
    return NULL;
59
0
}
60
61
static int print_hex(BIO *out, unsigned char *buf, int len)
62
0
{
63
0
    int result = 1;
64
0
    char *hexbuf;
65
66
0
    if (len == 0)
67
0
        return 1;
68
69
0
    hexbuf = OPENSSL_buf2hexstr(buf, len);
70
0
    if (hexbuf == NULL)
71
0
        return 0;
72
0
    result = BIO_puts(out, hexbuf) > 0;
73
74
0
    OPENSSL_free(hexbuf);
75
0
    return result;
76
0
}
77
78
0
static int print_oid(BIO *out, const ASN1_OBJECT *oid) {
79
0
    const char *ln;
80
0
    char objbuf[80];
81
0
    int rc;
82
83
0
    if (OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1) <= 0)
84
0
        return 0;
85
0
    ln = OBJ_nid2ln(OBJ_obj2nid(oid));
86
0
    rc = (ln != NULL)
87
0
           ? BIO_printf(out, "%s (%s)", objbuf, ln)
88
0
           : BIO_printf(out, "%s", objbuf);
89
0
    return (rc >= 0);
90
0
}
91
92
int ossl_print_attribute_value(BIO *out,
93
                               int obj_nid,
94
                               const ASN1_TYPE *av,
95
                               int indent)
96
0
{
97
0
    ASN1_STRING *str;
98
0
    unsigned char *value;
99
0
    X509_NAME *xn = NULL;
100
0
    int64_t int_val;
101
102
    /*
103
     * This switch-case is only for syntaxes that are not encoded as a single
104
     * primitively-constructed value universal ASN.1 type.
105
     */
106
0
    switch (obj_nid) {
107
0
    case NID_undef: /* Unrecognized OID. */
108
0
        break;
109
    /* Attribute types with DN syntax. */
110
0
    case NID_member:
111
0
    case NID_roleOccupant:
112
0
    case NID_seeAlso:
113
0
    case NID_manager:
114
0
    case NID_documentAuthor:
115
0
    case NID_secretary:
116
0
    case NID_associatedName:
117
0
    case NID_dITRedirect:
118
0
    case NID_owner:
119
        /*
120
         * d2i_ functions increment the ppin pointer. See doc/man3/d2i_X509.pod.
121
         * This preserves the original  pointer. We don't want to corrupt this
122
         * value.
123
         */
124
0
        value = av->value.sequence->data;
125
0
        xn = d2i_X509_NAME(NULL,
126
0
                           (const unsigned char**)&value,
127
0
                           av->value.sequence->length);
128
0
        if (xn == NULL) {
129
0
            BIO_puts(out, "(COULD NOT DECODE DISTINGUISHED NAME)\n");
130
0
            return 0;
131
0
        }
132
0
        if (X509_NAME_print_ex(out, xn, indent, XN_FLAG_SEP_CPLUS_SPC) <= 0)
133
0
            return 0;
134
0
        X509_NAME_free(xn);
135
0
        return 1;
136
137
0
    default:
138
0
        break;
139
0
    }
140
141
0
    switch (av->type) {
142
0
    case V_ASN1_BOOLEAN:
143
0
        if (av->value.boolean) {
144
0
            return BIO_printf(out, "%*sTRUE", indent, "") >= 4;
145
0
        } else {
146
0
            return BIO_printf(out, "%*sFALSE", indent, "") >= 5;
147
0
        }
148
149
0
    case V_ASN1_INTEGER:
150
0
    case V_ASN1_ENUMERATED:
151
0
        if (BIO_printf(out, "%*s", indent, "") < 0)
152
0
            return 0;
153
0
        if (ASN1_ENUMERATED_get_int64(&int_val, av->value.integer) > 0) {
154
0
            return BIO_printf(out, "%lld", (long long int)int_val) > 0;
155
0
        }
156
0
        str = av->value.integer;
157
0
        return print_hex(out, str->data, str->length);
158
159
0
    case V_ASN1_BIT_STRING:
160
0
        if (BIO_printf(out, "%*s", indent, "") < 0)
161
0
            return 0;
162
0
        return print_hex(out, av->value.bit_string->data,
163
0
                         av->value.bit_string->length);
164
165
0
    case V_ASN1_OCTET_STRING:
166
0
    case V_ASN1_VIDEOTEXSTRING:
167
0
        if (BIO_printf(out, "%*s", indent, "") < 0)
168
0
            return 0;
169
0
        return print_hex(out, av->value.octet_string->data,
170
0
                         av->value.octet_string->length);
171
172
0
    case V_ASN1_NULL:
173
0
        return BIO_printf(out, "%*sNULL", indent, "") >= 4;
174
175
0
    case V_ASN1_OBJECT:
176
0
        if (BIO_printf(out, "%*s", indent, "") < 0)
177
0
            return 0;
178
0
        return print_oid(out, av->value.object);
179
    
180
    /*
181
     * ObjectDescriptor is an IMPLICIT GraphicString, but GeneralString is a
182
     * superset supported by OpenSSL, so we will use that anywhere a
183
     * GraphicString is needed here.
184
     */
185
0
    case V_ASN1_GENERALSTRING:
186
0
    case V_ASN1_GRAPHICSTRING:
187
0
    case V_ASN1_OBJECT_DESCRIPTOR:
188
0
        return BIO_printf(out, "%*s%.*s", indent, "",
189
0
                          av->value.generalstring->length,
190
0
                          av->value.generalstring->data) >= 0;
191
192
    /* EXTERNAL would go here. */
193
    /* EMBEDDED PDV would go here. */
194
195
0
    case V_ASN1_UTF8STRING:
196
0
        return BIO_printf(out, "%*s%.*s", indent, "",
197
0
                          av->value.utf8string->length,
198
0
                          av->value.utf8string->data) >= 0;
199
200
0
    case V_ASN1_REAL:
201
0
        return BIO_printf(out, "%*sREAL", indent, "") >= 4;
202
203
    /* RELATIVE-OID would go here. */
204
    /* TIME would go here. */
205
206
0
    case V_ASN1_SEQUENCE:
207
0
        return ASN1_parse_dump(out, av->value.sequence->data,
208
0
                               av->value.sequence->length, indent, 1) > 0;
209
210
0
    case V_ASN1_SET:
211
0
        return ASN1_parse_dump(out, av->value.set->data,
212
0
                               av->value.set->length, indent, 1) > 0;
213
214
    /*
215
     * UTCTime ::= [UNIVERSAL 23] IMPLICIT VisibleString
216
     * GeneralizedTime ::= [UNIVERSAL 24] IMPLICIT VisibleString
217
     * VisibleString is a superset for NumericString, so it will work for that.
218
     */
219
0
    case V_ASN1_VISIBLESTRING:
220
0
    case V_ASN1_UTCTIME:
221
0
    case V_ASN1_GENERALIZEDTIME:
222
0
    case V_ASN1_NUMERICSTRING:
223
0
        return BIO_printf(out, "%*s%.*s", indent, "",
224
0
                          av->value.visiblestring->length,
225
0
                          av->value.visiblestring->data) >= 0;
226
227
0
    case V_ASN1_PRINTABLESTRING:
228
0
        return BIO_printf(out, "%*s%.*s", indent, "",
229
0
                          av->value.printablestring->length,
230
0
                          av->value.printablestring->data) >= 0;
231
232
0
    case V_ASN1_T61STRING:
233
0
        return BIO_printf(out, "%*s%.*s", indent, "",
234
0
                          av->value.t61string->length,
235
0
                          av->value.t61string->data) >= 0;
236
237
0
    case V_ASN1_IA5STRING:
238
0
        return BIO_printf(out, "%*s%.*s", indent, "",
239
0
                          av->value.ia5string->length,
240
0
                          av->value.ia5string->data) >= 0;
241
242
    /* UniversalString would go here. */
243
    /* CHARACTER STRING would go here. */
244
    /* BMPString would go here. */
245
    /* DATE would go here. */
246
    /* TIME-OF-DAY would go here. */
247
    /* DATE-TIME would go here. */
248
    /* DURATION would go here. */
249
    /* OID-IRI would go here. */
250
    /* RELATIVE-OID-IRI would go here. */
251
252
    /* Would it be approriate to just hexdump? */
253
0
    default:
254
0
        return BIO_printf(out,
255
0
                          "%*s<Unsupported tag %d>",
256
0
                          indent,
257
0
                          "",
258
0
                          av->type) >= 0;
259
0
    }
260
0
}