/src/openssl34/crypto/x509/x_attrib.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <stdio.h> |
11 | | #include "internal/cryptlib.h" |
12 | | #include <openssl/objects.h> |
13 | | #include <openssl/asn1t.h> |
14 | | #include <openssl/x509.h> |
15 | | #include "x509_local.h" |
16 | | #include <crypto/x509.h> |
17 | | |
18 | | /*- |
19 | | * X509_ATTRIBUTE: this has the following form: |
20 | | * |
21 | | * typedef struct x509_attributes_st |
22 | | * { |
23 | | * ASN1_OBJECT *object; |
24 | | * STACK_OF(ASN1_TYPE) *set; |
25 | | * } X509_ATTRIBUTE; |
26 | | * |
27 | | */ |
28 | | |
29 | | ASN1_SEQUENCE(X509_ATTRIBUTE) = { |
30 | | ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), |
31 | | ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY) |
32 | 3.79M | } ASN1_SEQUENCE_END(X509_ATTRIBUTE) |
33 | 3.79M | |
34 | 3.79M | IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) |
35 | 3.79M | IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) |
36 | 3.79M | |
37 | 3.79M | X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) |
38 | 3.79M | { |
39 | 0 | X509_ATTRIBUTE *ret = NULL; |
40 | 0 | ASN1_TYPE *val = NULL; |
41 | 0 | ASN1_OBJECT *oid; |
42 | |
|
43 | 0 | if ((oid = OBJ_nid2obj(nid)) == NULL) |
44 | 0 | return NULL; |
45 | 0 | if ((ret = X509_ATTRIBUTE_new()) == NULL) |
46 | 0 | return NULL; |
47 | 0 | ret->object = oid; |
48 | 0 | if ((val = ASN1_TYPE_new()) == NULL) |
49 | 0 | goto err; |
50 | 0 | if (!sk_ASN1_TYPE_push(ret->set, val)) |
51 | 0 | goto err; |
52 | | |
53 | 0 | ASN1_TYPE_set(val, atrtype, value); |
54 | 0 | return ret; |
55 | 0 | err: |
56 | 0 | X509_ATTRIBUTE_free(ret); |
57 | 0 | ASN1_TYPE_free(val); |
58 | 0 | return NULL; |
59 | 0 | } |
60 | | |
61 | | static int print_hex(BIO *out, unsigned char *buf, int len) |
62 | 10.5k | { |
63 | 10.5k | int result = 1; |
64 | 10.5k | char *hexbuf; |
65 | | |
66 | 10.5k | if (len == 0) |
67 | 6.46k | return 1; |
68 | | |
69 | 4.11k | hexbuf = OPENSSL_buf2hexstr(buf, len); |
70 | 4.11k | if (hexbuf == NULL) |
71 | 0 | return 0; |
72 | 4.11k | result = BIO_puts(out, hexbuf) > 0; |
73 | | |
74 | 4.11k | OPENSSL_free(hexbuf); |
75 | 4.11k | return result; |
76 | 4.11k | } |
77 | | |
78 | | static int print_oid(BIO *out, const ASN1_OBJECT *oid) |
79 | 8.68k | { |
80 | 8.68k | const char *ln; |
81 | 8.68k | char objbuf[80]; |
82 | 8.68k | int rc; |
83 | | |
84 | 8.68k | if (OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1) <= 0) |
85 | 1 | return 0; |
86 | 8.68k | ln = OBJ_nid2ln(OBJ_obj2nid(oid)); |
87 | 8.68k | rc = (ln != NULL) |
88 | 8.68k | ? BIO_printf(out, "%s (%s)", objbuf, ln) |
89 | 8.68k | : BIO_printf(out, "%s", objbuf); |
90 | 8.68k | return (rc >= 0); |
91 | 8.68k | } |
92 | | |
93 | | int ossl_print_attribute_value(BIO *out, |
94 | | int obj_nid, |
95 | | const ASN1_TYPE *av, |
96 | | int indent) |
97 | 487k | { |
98 | 487k | ASN1_STRING *str; |
99 | 487k | unsigned char *value; |
100 | 487k | X509_NAME *xn = NULL; |
101 | 487k | int64_t int_val; |
102 | 487k | int ret = 1; |
103 | | |
104 | 487k | switch (av->type) { |
105 | 10.3k | case V_ASN1_BOOLEAN: |
106 | 10.3k | if (av->value.boolean) { |
107 | 7.68k | return BIO_printf(out, "%*sTRUE", indent, "") >= 4; |
108 | 7.68k | } else { |
109 | 2.64k | return BIO_printf(out, "%*sFALSE", indent, "") >= 5; |
110 | 2.64k | } |
111 | | |
112 | 5.48k | case V_ASN1_INTEGER: |
113 | 21.6k | case V_ASN1_ENUMERATED: |
114 | 21.6k | if (BIO_printf(out, "%*s", indent, "") < 0) |
115 | 0 | return 0; |
116 | 21.6k | if (ASN1_ENUMERATED_get_int64(&int_val, av->value.integer) > 0) { |
117 | 10.3k | return BIO_printf(out, "%lld", (long long int)int_val) > 0; |
118 | 10.3k | } |
119 | 11.3k | str = av->value.integer; |
120 | 11.3k | return print_hex(out, str->data, str->length); |
121 | | |
122 | 10.4k | case V_ASN1_BIT_STRING: |
123 | 10.4k | if (BIO_printf(out, "%*s", indent, "") < 0) |
124 | 0 | return 0; |
125 | 10.4k | return print_hex(out, av->value.bit_string->data, |
126 | 10.4k | av->value.bit_string->length); |
127 | | |
128 | 13.1k | case V_ASN1_OCTET_STRING: |
129 | 23.6k | case V_ASN1_VIDEOTEXSTRING: |
130 | 23.6k | if (BIO_printf(out, "%*s", indent, "") < 0) |
131 | 0 | return 0; |
132 | 23.6k | return print_hex(out, av->value.octet_string->data, |
133 | 23.6k | av->value.octet_string->length); |
134 | | |
135 | 2.98k | case V_ASN1_NULL: |
136 | 2.98k | return BIO_printf(out, "%*sNULL", indent, "") >= 4; |
137 | | |
138 | 8.68k | case V_ASN1_OBJECT: |
139 | 8.68k | if (BIO_printf(out, "%*s", indent, "") < 0) |
140 | 0 | return 0; |
141 | 8.68k | return print_oid(out, av->value.object); |
142 | | |
143 | | /* |
144 | | * ObjectDescriptor is an IMPLICIT GraphicString, but GeneralString is a |
145 | | * superset supported by OpenSSL, so we will use that anywhere a |
146 | | * GraphicString is needed here. |
147 | | */ |
148 | 6.03k | case V_ASN1_GENERALSTRING: |
149 | 11.5k | case V_ASN1_GRAPHICSTRING: |
150 | 29.4k | case V_ASN1_OBJECT_DESCRIPTOR: |
151 | 29.4k | return BIO_printf(out, "%*s%.*s", indent, "", |
152 | 29.4k | av->value.generalstring->length, |
153 | 29.4k | av->value.generalstring->data) |
154 | 29.4k | >= 0; |
155 | | |
156 | | /* EXTERNAL would go here. */ |
157 | | /* EMBEDDED PDV would go here. */ |
158 | | |
159 | 5.51k | case V_ASN1_UTF8STRING: |
160 | 5.51k | return BIO_printf(out, "%*s%.*s", indent, "", |
161 | 5.51k | av->value.utf8string->length, |
162 | 5.51k | av->value.utf8string->data) |
163 | 5.51k | >= 0; |
164 | | |
165 | 2.74k | case V_ASN1_REAL: |
166 | 2.74k | return BIO_printf(out, "%*sREAL", indent, "") >= 4; |
167 | | |
168 | | /* RELATIVE-OID would go here. */ |
169 | | /* TIME would go here. */ |
170 | | |
171 | 129k | case V_ASN1_SEQUENCE: |
172 | 129k | switch (obj_nid) { |
173 | 115k | case NID_undef: /* Unrecognized OID. */ |
174 | 115k | break; |
175 | | /* Attribute types with DN syntax. */ |
176 | 924 | case NID_member: |
177 | 1.69k | case NID_roleOccupant: |
178 | 6.21k | case NID_seeAlso: |
179 | 6.21k | case NID_manager: |
180 | 6.21k | case NID_documentAuthor: |
181 | 6.21k | case NID_secretary: |
182 | 6.21k | case NID_associatedName: |
183 | 6.21k | case NID_dITRedirect: |
184 | 7.47k | case NID_owner: |
185 | | /* |
186 | | * d2i_ functions increment the ppin pointer. See doc/man3/d2i_X509.pod. |
187 | | * This preserves the original pointer. We don't want to corrupt this |
188 | | * value. |
189 | | */ |
190 | 7.47k | value = av->value.sequence->data; |
191 | 7.47k | xn = d2i_X509_NAME(NULL, |
192 | 7.47k | (const unsigned char **)&value, |
193 | 7.47k | av->value.sequence->length); |
194 | 7.47k | if (xn == NULL) { |
195 | 48 | BIO_puts(out, "(COULD NOT DECODE DISTINGUISHED NAME)\n"); |
196 | 48 | return 0; |
197 | 48 | } |
198 | 7.43k | if (X509_NAME_print_ex(out, xn, indent, XN_FLAG_SEP_CPLUS_SPC) <= 0) |
199 | 0 | ret = 0; |
200 | 7.43k | X509_NAME_free(xn); |
201 | 7.43k | return ret; |
202 | | |
203 | 6.88k | default: |
204 | 6.88k | break; |
205 | 129k | } |
206 | 122k | return ASN1_parse_dump(out, av->value.sequence->data, |
207 | 122k | av->value.sequence->length, indent, 1) |
208 | 122k | > 0; |
209 | | |
210 | 89.6k | case V_ASN1_SET: |
211 | 89.6k | return ASN1_parse_dump(out, av->value.set->data, |
212 | 89.6k | av->value.set->length, indent, 1) |
213 | 89.6k | > 0; |
214 | | |
215 | | /* |
216 | | * UTCTime ::= [UNIVERSAL 23] IMPLICIT VisibleString |
217 | | * GeneralizedTime ::= [UNIVERSAL 24] IMPLICIT VisibleString |
218 | | * VisibleString is a superset for NumericString, so it will work for that. |
219 | | */ |
220 | 3.39k | case V_ASN1_VISIBLESTRING: |
221 | 4.63k | case V_ASN1_UTCTIME: |
222 | 10.9k | case V_ASN1_GENERALIZEDTIME: |
223 | 25.1k | case V_ASN1_NUMERICSTRING: |
224 | 25.1k | return BIO_printf(out, "%*s%.*s", indent, "", |
225 | 25.1k | av->value.visiblestring->length, |
226 | 25.1k | av->value.visiblestring->data) |
227 | 25.1k | >= 0; |
228 | | |
229 | 4.60k | case V_ASN1_PRINTABLESTRING: |
230 | 4.60k | return BIO_printf(out, "%*s%.*s", indent, "", |
231 | 4.60k | av->value.printablestring->length, |
232 | 4.60k | av->value.printablestring->data) |
233 | 4.60k | >= 0; |
234 | | |
235 | 15.6k | case V_ASN1_T61STRING: |
236 | 15.6k | return BIO_printf(out, "%*s%.*s", indent, "", |
237 | 15.6k | av->value.t61string->length, |
238 | 15.6k | av->value.t61string->data) |
239 | 15.6k | >= 0; |
240 | | |
241 | 3.95k | case V_ASN1_IA5STRING: |
242 | 3.95k | return BIO_printf(out, "%*s%.*s", indent, "", |
243 | 3.95k | av->value.ia5string->length, |
244 | 3.95k | av->value.ia5string->data) |
245 | 3.95k | >= 0; |
246 | | |
247 | | /* UniversalString would go here. */ |
248 | | /* CHARACTER STRING would go here. */ |
249 | | /* BMPString would go here. */ |
250 | | /* DATE would go here. */ |
251 | | /* TIME-OF-DAY would go here. */ |
252 | | /* DATE-TIME would go here. */ |
253 | | /* DURATION would go here. */ |
254 | | /* OID-IRI would go here. */ |
255 | | /* RELATIVE-OID-IRI would go here. */ |
256 | | |
257 | | /* Would it be appropriate to just hexdump? */ |
258 | 103k | default: |
259 | 103k | return BIO_printf(out, |
260 | 103k | "%*s<Unsupported tag %d>", |
261 | 103k | indent, |
262 | 103k | "", |
263 | 103k | av->type) |
264 | 103k | >= 0; |
265 | 487k | } |
266 | 487k | } |