/src/openssl36/crypto/x509/x_attrib.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <stdio.h> |
11 | | #include "internal/cryptlib.h" |
12 | | #include <openssl/objects.h> |
13 | | #include <openssl/asn1t.h> |
14 | | #include <openssl/x509.h> |
15 | | #include "x509_local.h" |
16 | | #include <crypto/x509.h> |
17 | | |
18 | | /*- |
19 | | * X509_ATTRIBUTE: this has the following form: |
20 | | * |
21 | | * typedef struct x509_attributes_st |
22 | | * { |
23 | | * ASN1_OBJECT *object; |
24 | | * STACK_OF(ASN1_TYPE) *set; |
25 | | * } X509_ATTRIBUTE; |
26 | | * |
27 | | */ |
28 | | |
29 | | ASN1_SEQUENCE(X509_ATTRIBUTE) = { |
30 | | ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), |
31 | | ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY) |
32 | 3.63M | } ASN1_SEQUENCE_END(X509_ATTRIBUTE) |
33 | 3.63M | |
34 | 3.63M | IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) |
35 | 3.63M | IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) |
36 | 3.63M | |
37 | 3.63M | X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) |
38 | 3.63M | { |
39 | 0 | X509_ATTRIBUTE *ret = NULL; |
40 | 0 | ASN1_TYPE *val = NULL; |
41 | 0 | ASN1_OBJECT *oid; |
42 | |
|
43 | 0 | if ((oid = OBJ_nid2obj(nid)) == NULL) |
44 | 0 | return NULL; |
45 | 0 | if ((ret = X509_ATTRIBUTE_new()) == NULL) |
46 | 0 | return NULL; |
47 | 0 | ret->object = oid; |
48 | 0 | if ((val = ASN1_TYPE_new()) == NULL) |
49 | 0 | goto err; |
50 | 0 | if (!sk_ASN1_TYPE_push(ret->set, val)) |
51 | 0 | goto err; |
52 | | |
53 | 0 | ASN1_TYPE_set(val, atrtype, value); |
54 | 0 | return ret; |
55 | 0 | err: |
56 | 0 | X509_ATTRIBUTE_free(ret); |
57 | 0 | ASN1_TYPE_free(val); |
58 | 0 | return NULL; |
59 | 0 | } |
60 | | |
61 | | static int print_oid(BIO *out, const ASN1_OBJECT *oid) |
62 | 9.24k | { |
63 | 9.24k | const char *ln; |
64 | 9.24k | char objbuf[80]; |
65 | 9.24k | int rc; |
66 | | |
67 | 9.24k | if (OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1) <= 0) |
68 | 1 | return 0; |
69 | 9.24k | ln = OBJ_nid2ln(OBJ_obj2nid(oid)); |
70 | 9.24k | rc = (ln != NULL) |
71 | 9.24k | ? BIO_printf(out, "%s (%s)", objbuf, ln) |
72 | 9.24k | : BIO_printf(out, "%s", objbuf); |
73 | 9.24k | return (rc >= 0); |
74 | 9.24k | } |
75 | | |
76 | | int ossl_print_attribute_value(BIO *out, |
77 | | int obj_nid, |
78 | | const ASN1_TYPE *av, |
79 | | int indent) |
80 | 501k | { |
81 | 501k | ASN1_STRING *str; |
82 | 501k | unsigned char *value; |
83 | 501k | X509_NAME *xn = NULL; |
84 | 501k | int64_t int_val; |
85 | 501k | int ret = 1; |
86 | | |
87 | 501k | switch (av->type) { |
88 | 9.40k | case V_ASN1_BOOLEAN: |
89 | 9.40k | if (av->value.boolean) { |
90 | 6.97k | return BIO_printf(out, "%*sTRUE", indent, "") >= 4; |
91 | 6.97k | } else { |
92 | 2.42k | return BIO_printf(out, "%*sFALSE", indent, "") >= 5; |
93 | 2.42k | } |
94 | | |
95 | 5.70k | case V_ASN1_INTEGER: |
96 | 24.2k | case V_ASN1_ENUMERATED: |
97 | 24.2k | if (BIO_printf(out, "%*s", indent, "") < 0) |
98 | 0 | return 0; |
99 | 24.2k | if (ASN1_ENUMERATED_get_int64(&int_val, av->value.integer) > 0) { |
100 | 11.1k | return BIO_printf(out, "%lld", (long long int)int_val) > 0; |
101 | 11.1k | } |
102 | 13.0k | str = av->value.integer; |
103 | 13.0k | return ossl_bio_print_hex(out, str->data, str->length); |
104 | | |
105 | 9.32k | case V_ASN1_BIT_STRING: |
106 | 9.32k | if (BIO_printf(out, "%*s", indent, "") < 0) |
107 | 0 | return 0; |
108 | 9.32k | return ossl_bio_print_hex(out, av->value.bit_string->data, |
109 | 9.32k | av->value.bit_string->length); |
110 | | |
111 | 11.1k | case V_ASN1_OCTET_STRING: |
112 | 20.1k | case V_ASN1_VIDEOTEXSTRING: |
113 | 20.1k | if (BIO_printf(out, "%*s", indent, "") < 0) |
114 | 0 | return 0; |
115 | 20.1k | return ossl_bio_print_hex(out, av->value.octet_string->data, |
116 | 20.1k | av->value.octet_string->length); |
117 | | |
118 | 2.27k | case V_ASN1_NULL: |
119 | 2.27k | return BIO_printf(out, "%*sNULL", indent, "") >= 4; |
120 | | |
121 | 9.24k | case V_ASN1_OBJECT: |
122 | 9.24k | if (BIO_printf(out, "%*s", indent, "") < 0) |
123 | 0 | return 0; |
124 | 9.24k | return print_oid(out, av->value.object); |
125 | | |
126 | | /* |
127 | | * ObjectDescriptor is an IMPLICIT GraphicString, but GeneralString is a |
128 | | * superset supported by OpenSSL, so we will use that anywhere a |
129 | | * GraphicString is needed here. |
130 | | */ |
131 | 5.96k | case V_ASN1_GENERALSTRING: |
132 | 10.7k | case V_ASN1_GRAPHICSTRING: |
133 | 28.6k | case V_ASN1_OBJECT_DESCRIPTOR: |
134 | 28.6k | return BIO_printf(out, "%*s%.*s", indent, "", |
135 | 28.6k | av->value.generalstring->length, |
136 | 28.6k | av->value.generalstring->data) |
137 | 28.6k | >= 0; |
138 | | |
139 | | /* EXTERNAL would go here. */ |
140 | | /* EMBEDDED PDV would go here. */ |
141 | | |
142 | 5.53k | case V_ASN1_UTF8STRING: |
143 | 5.53k | return BIO_printf(out, "%*s%.*s", indent, "", |
144 | 5.53k | av->value.utf8string->length, |
145 | 5.53k | av->value.utf8string->data) |
146 | 5.53k | >= 0; |
147 | | |
148 | 2.09k | case V_ASN1_REAL: |
149 | 2.09k | return BIO_printf(out, "%*sREAL", indent, "") >= 4; |
150 | | |
151 | | /* RELATIVE-OID would go here. */ |
152 | | /* TIME would go here. */ |
153 | | |
154 | 135k | case V_ASN1_SEQUENCE: |
155 | 135k | switch (obj_nid) { |
156 | 118k | case NID_undef: /* Unrecognized OID. */ |
157 | 118k | break; |
158 | | /* Attribute types with DN syntax. */ |
159 | 1.33k | case NID_member: |
160 | 2.11k | case NID_roleOccupant: |
161 | 7.11k | case NID_seeAlso: |
162 | 7.11k | case NID_manager: |
163 | 7.11k | case NID_documentAuthor: |
164 | 7.11k | case NID_secretary: |
165 | 7.11k | case NID_associatedName: |
166 | 7.11k | case NID_dITRedirect: |
167 | 10.2k | case NID_owner: |
168 | | /* |
169 | | * d2i_ functions increment the ppin pointer. See doc/man3/d2i_X509.pod. |
170 | | * This preserves the original pointer. We don't want to corrupt this |
171 | | * value. |
172 | | */ |
173 | 10.2k | value = av->value.sequence->data; |
174 | 10.2k | xn = d2i_X509_NAME(NULL, |
175 | 10.2k | (const unsigned char **)&value, |
176 | 10.2k | av->value.sequence->length); |
177 | 10.2k | if (xn == NULL) { |
178 | 55 | BIO_puts(out, "(COULD NOT DECODE DISTINGUISHED NAME)\n"); |
179 | 55 | return 0; |
180 | 55 | } |
181 | 10.2k | if (X509_NAME_print_ex(out, xn, indent, XN_FLAG_SEP_CPLUS_SPC) <= 0) |
182 | 0 | ret = 0; |
183 | 10.2k | X509_NAME_free(xn); |
184 | 10.2k | return ret; |
185 | | |
186 | 6.43k | default: |
187 | 6.43k | break; |
188 | 135k | } |
189 | 125k | return ASN1_parse_dump(out, av->value.sequence->data, |
190 | 125k | av->value.sequence->length, indent, 1) |
191 | 125k | > 0; |
192 | | |
193 | 87.1k | case V_ASN1_SET: |
194 | 87.1k | return ASN1_parse_dump(out, av->value.set->data, |
195 | 87.1k | av->value.set->length, indent, 1) |
196 | 87.1k | > 0; |
197 | | |
198 | | /* |
199 | | * UTCTime ::= [UNIVERSAL 23] IMPLICIT VisibleString |
200 | | * GeneralizedTime ::= [UNIVERSAL 24] IMPLICIT VisibleString |
201 | | * VisibleString is a superset for NumericString, so it will work for that. |
202 | | */ |
203 | 3.27k | case V_ASN1_VISIBLESTRING: |
204 | 4.40k | case V_ASN1_UTCTIME: |
205 | 10.0k | case V_ASN1_GENERALIZEDTIME: |
206 | 24.6k | case V_ASN1_NUMERICSTRING: |
207 | 24.6k | return BIO_printf(out, "%*s%.*s", indent, "", |
208 | 24.6k | av->value.visiblestring->length, |
209 | 24.6k | av->value.visiblestring->data) |
210 | 24.6k | >= 0; |
211 | | |
212 | 3.87k | case V_ASN1_PRINTABLESTRING: |
213 | 3.87k | return BIO_printf(out, "%*s%.*s", indent, "", |
214 | 3.87k | av->value.printablestring->length, |
215 | 3.87k | av->value.printablestring->data) |
216 | 3.87k | >= 0; |
217 | | |
218 | 15.3k | case V_ASN1_T61STRING: |
219 | 15.3k | return BIO_printf(out, "%*s%.*s", indent, "", |
220 | 15.3k | av->value.t61string->length, |
221 | 15.3k | av->value.t61string->data) |
222 | 15.3k | >= 0; |
223 | | |
224 | 4.51k | case V_ASN1_IA5STRING: |
225 | 4.51k | return BIO_printf(out, "%*s%.*s", indent, "", |
226 | 4.51k | av->value.ia5string->length, |
227 | 4.51k | av->value.ia5string->data) |
228 | 4.51k | >= 0; |
229 | | |
230 | | /* UniversalString would go here. */ |
231 | | /* CHARACTER STRING would go here. */ |
232 | | /* BMPString would go here. */ |
233 | | /* DATE would go here. */ |
234 | | /* TIME-OF-DAY would go here. */ |
235 | | /* DATE-TIME would go here. */ |
236 | | /* DURATION would go here. */ |
237 | | /* OID-IRI would go here. */ |
238 | | /* RELATIVE-OID-IRI would go here. */ |
239 | | |
240 | | /* Would it be appropriate to just hexdump? */ |
241 | 119k | default: |
242 | 119k | return BIO_printf(out, |
243 | 119k | "%*s<Unsupported tag %d>", |
244 | 119k | indent, |
245 | 119k | "", |
246 | 119k | av->type) |
247 | 119k | >= 0; |
248 | 501k | } |
249 | 501k | } |