/src/openssl35/crypto/x509/x_attrib.c

Source
/*
 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include "x509_local.h"
#include <crypto/x509.h>

/*-
 * X509_ATTRIBUTE: this has the following form:
 *
 * typedef struct x509_attributes_st
 *      {
 *      ASN1_OBJECT *object;
 *      STACK_OF(ASN1_TYPE) *set;
 *      } X509_ATTRIBUTE;
 *
 */

ASN1_SEQUENCE(X509_ATTRIBUTE) = {
        ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
        ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY)
} ASN1_SEQUENCE_END(X509_ATTRIBUTE)

IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)

X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
{
    X509_ATTRIBUTE *ret = NULL;
    ASN1_TYPE *val = NULL;
    ASN1_OBJECT *oid;

    if ((oid = OBJ_nid2obj(nid)) == NULL)
        return NULL;
    if ((ret = X509_ATTRIBUTE_new()) == NULL)
        return NULL;
    ret->object = oid;
    if ((val = ASN1_TYPE_new()) == NULL)
        goto err;
    if (!sk_ASN1_TYPE_push(ret->set, val))
        goto err;

    ASN1_TYPE_set(val, atrtype, value);
    return ret;
 err:
    X509_ATTRIBUTE_free(ret);
    ASN1_TYPE_free(val);
    return NULL;
}

static int print_oid(BIO *out, const ASN1_OBJECT *oid) {
    const char *ln;
    char objbuf[80];
    int rc;

    if (OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1) <= 0)
        return 0;
    ln = OBJ_nid2ln(OBJ_obj2nid(oid));
    rc = (ln != NULL)
           ? BIO_printf(out, "%s (%s)", objbuf, ln)
           : BIO_printf(out, "%s", objbuf);
    return (rc >= 0);
}

int ossl_print_attribute_value(BIO *out,
                               int obj_nid,
                               const ASN1_TYPE *av,
                               int indent)
{
    ASN1_STRING *str;
    unsigned char *value;
    X509_NAME *xn = NULL;
    int64_t int_val;
    int ret = 1;

    switch (av->type) {
    case V_ASN1_BOOLEAN:
        if (av->value.boolean) {
            return BIO_printf(out, "%*sTRUE", indent, "") >= 4;
        } else {
            return BIO_printf(out, "%*sFALSE", indent, "") >= 5;
        }

    case V_ASN1_INTEGER:
    case V_ASN1_ENUMERATED:
        if (BIO_printf(out, "%*s", indent, "") < 0)
            return 0;
        if (ASN1_ENUMERATED_get_int64(&int_val, av->value.integer) > 0) {
            return BIO_printf(out, "%lld", (long long int)int_val) > 0;
        }
        str = av->value.integer;
        return ossl_bio_print_hex(out, str->data, str->length);

    case V_ASN1_BIT_STRING:
        if (BIO_printf(out, "%*s", indent, "") < 0)
            return 0;
        return ossl_bio_print_hex(out, av->value.bit_string->data,
                                  av->value.bit_string->length);

    case V_ASN1_OCTET_STRING:
    case V_ASN1_VIDEOTEXSTRING:
        if (BIO_printf(out, "%*s", indent, "") < 0)
            return 0;
        return ossl_bio_print_hex(out, av->value.octet_string->data,
                                  av->value.octet_string->length);

    case V_ASN1_NULL:
        return BIO_printf(out, "%*sNULL", indent, "") >= 4;

    case V_ASN1_OBJECT:
        if (BIO_printf(out, "%*s", indent, "") < 0)
            return 0;
        return print_oid(out, av->value.object);

    /*
     * ObjectDescriptor is an IMPLICIT GraphicString, but GeneralString is a
     * superset supported by OpenSSL, so we will use that anywhere a
     * GraphicString is needed here.
     */
    case V_ASN1_GENERALSTRING:
    case V_ASN1_GRAPHICSTRING:
    case V_ASN1_OBJECT_DESCRIPTOR:
        return BIO_printf(out, "%*s%.*s", indent, "",
                          av->value.generalstring->length,
                          av->value.generalstring->data) >= 0;

    /* EXTERNAL would go here. */
    /* EMBEDDED PDV would go here. */

    case V_ASN1_UTF8STRING:
        return BIO_printf(out, "%*s%.*s", indent, "",
                          av->value.utf8string->length,
                          av->value.utf8string->data) >= 0;

    case V_ASN1_REAL:
        return BIO_printf(out, "%*sREAL", indent, "") >= 4;

    /* RELATIVE-OID would go here. */
    /* TIME would go here. */

    case V_ASN1_SEQUENCE:
        switch (obj_nid) {
        case NID_undef: /* Unrecognized OID. */
            break;
        /* Attribute types with DN syntax. */
        case NID_member:
        case NID_roleOccupant:
        case NID_seeAlso:
        case NID_manager:
        case NID_documentAuthor:
        case NID_secretary:
        case NID_associatedName:
        case NID_dITRedirect:
        case NID_owner:
            /*
             * d2i_ functions increment the ppin pointer. See doc/man3/d2i_X509.pod.
             * This preserves the original  pointer. We don't want to corrupt this
             * value.
             */
            value = av->value.sequence->data;
            xn = d2i_X509_NAME(NULL,
                               (const unsigned char **)&value,
                               av->value.sequence->length);
            if (xn == NULL) {
                BIO_puts(out, "(COULD NOT DECODE DISTINGUISHED NAME)\n");
                return 0;
            }
            if (X509_NAME_print_ex(out, xn, indent, XN_FLAG_SEP_CPLUS_SPC) <= 0)
                ret = 0;
            X509_NAME_free(xn);
            return ret;

        default:
            break;
        }
        return ASN1_parse_dump(out, av->value.sequence->data,
                               av->value.sequence->length, indent, 1) > 0;

    case V_ASN1_SET:
        return ASN1_parse_dump(out, av->value.set->data,
                               av->value.set->length, indent, 1) > 0;

    /*
     * UTCTime ::= [UNIVERSAL 23] IMPLICIT VisibleString
     * GeneralizedTime ::= [UNIVERSAL 24] IMPLICIT VisibleString
     * VisibleString is a superset for NumericString, so it will work for that.
     */
    case V_ASN1_VISIBLESTRING:
    case V_ASN1_UTCTIME:
    case V_ASN1_GENERALIZEDTIME:
    case V_ASN1_NUMERICSTRING:
        return BIO_printf(out, "%*s%.*s", indent, "",
                          av->value.visiblestring->length,
                          av->value.visiblestring->data) >= 0;

    case V_ASN1_PRINTABLESTRING:
        return BIO_printf(out, "%*s%.*s", indent, "",
                          av->value.printablestring->length,
                          av->value.printablestring->data) >= 0;

    case V_ASN1_T61STRING:
        return BIO_printf(out, "%*s%.*s", indent, "",
                          av->value.t61string->length,
                          av->value.t61string->data) >= 0;

    case V_ASN1_IA5STRING:
        return BIO_printf(out, "%*s%.*s", indent, "",
                          av->value.ia5string->length,
                          av->value.ia5string->data) >= 0;

    /* UniversalString would go here. */
    /* CHARACTER STRING would go here. */
    /* BMPString would go here. */
    /* DATE would go here. */
    /* TIME-OF-DAY would go here. */
    /* DATE-TIME would go here. */
    /* DURATION would go here. */
    /* OID-IRI would go here. */
    /* RELATIVE-OID-IRI would go here. */

    /* Would it be appropriate to just hexdump? */
    default:
        return BIO_printf(out,
                          "%*s<Unsupported tag %d>",
                          indent,
                          "",
                          av->type) >= 0;
    }
}

Coverage Report

Created: 2025-11-16 06:40

Line	Count	Source
1		/*
2		* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stdio.h>
11		#include "internal/cryptlib.h"
12		#include <openssl/objects.h>
13		#include <openssl/asn1t.h>
14		#include <openssl/x509.h>
15		#include "x509_local.h"
16		#include <crypto/x509.h>
17
18		/*-
19		* X509_ATTRIBUTE: this has the following form:
20		*
21		* typedef struct x509_attributes_st
22		* {
23		* ASN1_OBJECT *object;
24		* STACK_OF(ASN1_TYPE) *set;
25		* } X509_ATTRIBUTE;
26		*
27		*/
28
29		ASN1_SEQUENCE(X509_ATTRIBUTE) = {
30		ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
31		ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY)
32	3.14M	} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
33	3.14M
34	3.14M	IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
35	3.14M	IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
36	3.14M
37	3.14M	X509_ATTRIBUTE X509_ATTRIBUTE_create(int nid, int atrtype, void value)
38	3.14M	{
39	0	X509_ATTRIBUTE *ret = NULL;
40	0	ASN1_TYPE *val = NULL;
41	0	ASN1_OBJECT *oid;
42
43	0	if ((oid = OBJ_nid2obj(nid)) == NULL)
44	0	return NULL;
45	0	if ((ret = X509_ATTRIBUTE_new()) == NULL)
46	0	return NULL;
47	0	ret->object = oid;
48	0	if ((val = ASN1_TYPE_new()) == NULL)
49	0	goto err;
50	0	if (!sk_ASN1_TYPE_push(ret->set, val))
51	0	goto err;
52
53	0	ASN1_TYPE_set(val, atrtype, value);
54	0	return ret;
55	0	err:
56	0	X509_ATTRIBUTE_free(ret);
57	0	ASN1_TYPE_free(val);
58	0	return NULL;
59	0	}
60
61	7.08k	static int print_oid(BIO out, const ASN1_OBJECT oid) {
62	7.08k	const char *ln;
63	7.08k	char objbuf[80];
64	7.08k	int rc;
65
66	7.08k	if (OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1) <= 0)
67	1	return 0;
68	7.08k	ln = OBJ_nid2ln(OBJ_obj2nid(oid));
69	7.08k	rc = (ln != NULL)
70	7.08k	? BIO_printf(out, "%s (%s)", objbuf, ln)
71	7.08k	: BIO_printf(out, "%s", objbuf);
72	7.08k	return (rc >= 0);
73	7.08k	}
74
75		int ossl_print_attribute_value(BIO *out,
76		int obj_nid,
77		const ASN1_TYPE *av,
78		int indent)
79	422k	{
80	422k	ASN1_STRING *str;
81	422k	unsigned char *value;
82	422k	X509_NAME *xn = NULL;
83	422k	int64_t int_val;
84	422k	int ret = 1;
85
86	422k	switch (av->type) {
87	4.05k	case V_ASN1_BOOLEAN:
88	4.05k	if (av->value.boolean) {
89	1.43k	return BIO_printf(out, "%*sTRUE", indent, "") >= 4;
90	2.62k	} else {
91	2.62k	return BIO_printf(out, "%*sFALSE", indent, "") >= 5;
92	2.62k	}
93
94	3.67k	case V_ASN1_INTEGER:
95	11.9k	case V_ASN1_ENUMERATED:
96	11.9k	if (BIO_printf(out, "%*s", indent, "") < 0)
97	0	return 0;
98	11.9k	if (ASN1_ENUMERATED_get_int64(&int_val, av->value.integer) > 0) {
99	7.57k	return BIO_printf(out, "%lld", (long long int)int_val) > 0;
100	7.57k	}
101	4.42k	str = av->value.integer;
102	4.42k	return ossl_bio_print_hex(out, str->data, str->length);
103
104	16.2k	case V_ASN1_BIT_STRING:
105	16.2k	if (BIO_printf(out, "%*s", indent, "") < 0)
106	0	return 0;
107	16.2k	return ossl_bio_print_hex(out, av->value.bit_string->data,
108	16.2k	av->value.bit_string->length);
109
110	5.69k	case V_ASN1_OCTET_STRING:
111	9.16k	case V_ASN1_VIDEOTEXSTRING:
112	9.16k	if (BIO_printf(out, "%*s", indent, "") < 0)
113	0	return 0;
114	9.16k	return ossl_bio_print_hex(out, av->value.octet_string->data,
115	9.16k	av->value.octet_string->length);
116
117	668	case V_ASN1_NULL:
118	668	return BIO_printf(out, "%*sNULL", indent, "") >= 4;
119
120	7.08k	case V_ASN1_OBJECT:
121	7.08k	if (BIO_printf(out, "%*s", indent, "") < 0)
122	0	return 0;
123	7.08k	return print_oid(out, av->value.object);
124
125		/*
126		* ObjectDescriptor is an IMPLICIT GraphicString, but GeneralString is a
127		* superset supported by OpenSSL, so we will use that anywhere a
128		* GraphicString is needed here.
129		*/
130	4.76k	case V_ASN1_GENERALSTRING:
131	10.7k	case V_ASN1_GRAPHICSTRING:
132	33.7k	case V_ASN1_OBJECT_DESCRIPTOR:
133	33.7k	return BIO_printf(out, "%s%.s", indent, "",
134	33.7k	av->value.generalstring->length,
135	33.7k	av->value.generalstring->data) >= 0;
136
137		/* EXTERNAL would go here. */
138		/* EMBEDDED PDV would go here. */
139
140	7.42k	case V_ASN1_UTF8STRING:
141	7.42k	return BIO_printf(out, "%s%.s", indent, "",
142	7.42k	av->value.utf8string->length,
143	7.42k	av->value.utf8string->data) >= 0;
144
145	2.00k	case V_ASN1_REAL:
146	2.00k	return BIO_printf(out, "%*sREAL", indent, "") >= 4;
147
148		/* RELATIVE-OID would go here. */
149		/* TIME would go here. */
150
151	93.9k	case V_ASN1_SEQUENCE:
152	93.9k	switch (obj_nid) {
153	87.1k	case NID_undef: /* Unrecognized OID. */
154	87.1k	break;
155		/* Attribute types with DN syntax. */
156	120	case NID_member:
157	236	case NID_roleOccupant:
158	297	case NID_seeAlso:
159	297	case NID_manager:
160	297	case NID_documentAuthor:
161	297	case NID_secretary:
162	297	case NID_associatedName:
163	297	case NID_dITRedirect:
164	404	case NID_owner:
165		/*
166		* d2i_ functions increment the ppin pointer. See doc/man3/d2i_X509.pod.
167		* This preserves the original pointer. We don't want to corrupt this
168		* value.
169		*/
170	404	value = av->value.sequence->data;
171	404	xn = d2i_X509_NAME(NULL,
172	404	(const unsigned char **)&value,
173	404	av->value.sequence->length);
174	404	if (xn == NULL) {
175	40	BIO_puts(out, "(COULD NOT DECODE DISTINGUISHED NAME)\n");
176	40	return 0;
177	40	}
178	364	if (X509_NAME_print_ex(out, xn, indent, XN_FLAG_SEP_CPLUS_SPC) <= 0)
179	0	ret = 0;
180	364	X509_NAME_free(xn);
181	364	return ret;
182
183	6.41k	default:
184	6.41k	break;
185	93.9k	}
186	93.5k	return ASN1_parse_dump(out, av->value.sequence->data,
187	93.5k	av->value.sequence->length, indent, 1) > 0;
188
189	66.4k	case V_ASN1_SET:
190	66.4k	return ASN1_parse_dump(out, av->value.set->data,
191	66.4k	av->value.set->length, indent, 1) > 0;
192
193		/*
194		* UTCTime ::= [UNIVERSAL 23] IMPLICIT VisibleString
195		* GeneralizedTime ::= [UNIVERSAL 24] IMPLICIT VisibleString
196		* VisibleString is a superset for NumericString, so it will work for that.
197		*/
198	2.92k	case V_ASN1_VISIBLESTRING:
199	4.59k	case V_ASN1_UTCTIME:
200	47.9k	case V_ASN1_GENERALIZEDTIME:
201	62.3k	case V_ASN1_NUMERICSTRING:
202	62.3k	return BIO_printf(out, "%s%.s", indent, "",
203	62.3k	av->value.visiblestring->length,
204	62.3k	av->value.visiblestring->data) >= 0;
205
206	2.75k	case V_ASN1_PRINTABLESTRING:
207	2.75k	return BIO_printf(out, "%s%.s", indent, "",
208	2.75k	av->value.printablestring->length,
209	2.75k	av->value.printablestring->data) >= 0;
210
211	18.8k	case V_ASN1_T61STRING:
212	18.8k	return BIO_printf(out, "%s%.s", indent, "",
213	18.8k	av->value.t61string->length,
214	18.8k	av->value.t61string->data) >= 0;
215
216	1.95k	case V_ASN1_IA5STRING:
217	1.95k	return BIO_printf(out, "%s%.s", indent, "",
218	1.95k	av->value.ia5string->length,
219	1.95k	av->value.ia5string->data) >= 0;
220
221		/* UniversalString would go here. */
222		/* CHARACTER STRING would go here. */
223		/* BMPString would go here. */
224		/* DATE would go here. */
225		/* TIME-OF-DAY would go here. */
226		/* DATE-TIME would go here. */
227		/* DURATION would go here. */
228		/* OID-IRI would go here. */
229		/* RELATIVE-OID-IRI would go here. */
230
231		/* Would it be appropriate to just hexdump? */
232	83.5k	default:
233	83.5k	return BIO_printf(out,
234	83.5k	"%*s<Unsupported tag %d>",
235	83.5k	indent,
236	83.5k	"",
237	83.5k	av->type) >= 0;
238	422k	}
239	422k	}