1 |
|
|
/* $OpenBSD: x_req.c,v 1.15 2015/02/11 04:00:39 jsing Exp $ */ |
2 |
|
|
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 |
|
|
* All rights reserved. |
4 |
|
|
* |
5 |
|
|
* This package is an SSL implementation written |
6 |
|
|
* by Eric Young (eay@cryptsoft.com). |
7 |
|
|
* The implementation was written so as to conform with Netscapes SSL. |
8 |
|
|
* |
9 |
|
|
* This library is free for commercial and non-commercial use as long as |
10 |
|
|
* the following conditions are aheared to. The following conditions |
11 |
|
|
* apply to all code found in this distribution, be it the RC4, RSA, |
12 |
|
|
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
13 |
|
|
* included with this distribution is covered by the same copyright terms |
14 |
|
|
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
15 |
|
|
* |
16 |
|
|
* Copyright remains Eric Young's, and as such any Copyright notices in |
17 |
|
|
* the code are not to be removed. |
18 |
|
|
* If this package is used in a product, Eric Young should be given attribution |
19 |
|
|
* as the author of the parts of the library used. |
20 |
|
|
* This can be in the form of a textual message at program startup or |
21 |
|
|
* in documentation (online or textual) provided with the package. |
22 |
|
|
* |
23 |
|
|
* Redistribution and use in source and binary forms, with or without |
24 |
|
|
* modification, are permitted provided that the following conditions |
25 |
|
|
* are met: |
26 |
|
|
* 1. Redistributions of source code must retain the copyright |
27 |
|
|
* notice, this list of conditions and the following disclaimer. |
28 |
|
|
* 2. Redistributions in binary form must reproduce the above copyright |
29 |
|
|
* notice, this list of conditions and the following disclaimer in the |
30 |
|
|
* documentation and/or other materials provided with the distribution. |
31 |
|
|
* 3. All advertising materials mentioning features or use of this software |
32 |
|
|
* must display the following acknowledgement: |
33 |
|
|
* "This product includes cryptographic software written by |
34 |
|
|
* Eric Young (eay@cryptsoft.com)" |
35 |
|
|
* The word 'cryptographic' can be left out if the rouines from the library |
36 |
|
|
* being used are not cryptographic related :-). |
37 |
|
|
* 4. If you include any Windows specific code (or a derivative thereof) from |
38 |
|
|
* the apps directory (application code) you must include an acknowledgement: |
39 |
|
|
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
40 |
|
|
* |
41 |
|
|
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
42 |
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
43 |
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
44 |
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
45 |
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
46 |
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
47 |
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
48 |
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
49 |
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
50 |
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
51 |
|
|
* SUCH DAMAGE. |
52 |
|
|
* |
53 |
|
|
* The licence and distribution terms for any publically available version or |
54 |
|
|
* derivative of this code cannot be changed. i.e. this code cannot simply be |
55 |
|
|
* copied and put under another distribution licence |
56 |
|
|
* [including the GNU Public Licence.] |
57 |
|
|
*/ |
58 |
|
|
|
59 |
|
|
#include <stdio.h> |
60 |
|
|
|
61 |
|
|
#include <openssl/asn1t.h> |
62 |
|
|
#include <openssl/x509.h> |
63 |
|
|
|
64 |
|
|
/* X509_REQ_INFO is handled in an unusual way to get round |
65 |
|
|
* invalid encodings. Some broken certificate requests don't |
66 |
|
|
* encode the attributes field if it is empty. This is in |
67 |
|
|
* violation of PKCS#10 but we need to tolerate it. We do |
68 |
|
|
* this by making the attributes field OPTIONAL then using |
69 |
|
|
* the callback to initialise it to an empty STACK. |
70 |
|
|
* |
71 |
|
|
* This means that the field will be correctly encoded unless |
72 |
|
|
* we NULL out the field. |
73 |
|
|
* |
74 |
|
|
* As a result we no longer need the req_kludge field because |
75 |
|
|
* the information is now contained in the attributes field: |
76 |
|
|
* 1. If it is NULL then it's the invalid omission. |
77 |
|
|
* 2. If it is empty it is the correct encoding. |
78 |
|
|
* 3. If it is not empty then some attributes are present. |
79 |
|
|
* |
80 |
|
|
*/ |
81 |
|
|
|
82 |
|
|
static int |
83 |
|
|
rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) |
84 |
|
|
{ |
85 |
|
772 |
X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; |
86 |
|
|
|
87 |
✓✓ |
386 |
if (operation == ASN1_OP_NEW_POST) { |
88 |
|
56 |
rinf->attributes = sk_X509_ATTRIBUTE_new_null(); |
89 |
✗✓ |
56 |
if (!rinf->attributes) |
90 |
|
|
return 0; |
91 |
|
|
} |
92 |
|
386 |
return 1; |
93 |
|
386 |
} |
94 |
|
|
|
95 |
|
|
static const ASN1_AUX X509_REQ_INFO_aux = { |
96 |
|
|
.flags = ASN1_AFLG_ENCODING, |
97 |
|
|
.asn1_cb = rinf_cb, |
98 |
|
|
.enc_offset = offsetof(X509_REQ_INFO, enc), |
99 |
|
|
}; |
100 |
|
|
static const ASN1_TEMPLATE X509_REQ_INFO_seq_tt[] = { |
101 |
|
|
{ |
102 |
|
|
.offset = offsetof(X509_REQ_INFO, version), |
103 |
|
|
.field_name = "version", |
104 |
|
|
.item = &ASN1_INTEGER_it, |
105 |
|
|
}, |
106 |
|
|
{ |
107 |
|
|
.offset = offsetof(X509_REQ_INFO, subject), |
108 |
|
|
.field_name = "subject", |
109 |
|
|
.item = &X509_NAME_it, |
110 |
|
|
}, |
111 |
|
|
{ |
112 |
|
|
.offset = offsetof(X509_REQ_INFO, pubkey), |
113 |
|
|
.field_name = "pubkey", |
114 |
|
|
.item = &X509_PUBKEY_it, |
115 |
|
|
}, |
116 |
|
|
/* This isn't really OPTIONAL but it gets round invalid |
117 |
|
|
* encodings |
118 |
|
|
*/ |
119 |
|
|
{ |
120 |
|
|
.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, |
121 |
|
|
.offset = offsetof(X509_REQ_INFO, attributes), |
122 |
|
|
.field_name = "attributes", |
123 |
|
|
.item = &X509_ATTRIBUTE_it, |
124 |
|
|
}, |
125 |
|
|
}; |
126 |
|
|
|
127 |
|
|
const ASN1_ITEM X509_REQ_INFO_it = { |
128 |
|
|
.itype = ASN1_ITYPE_SEQUENCE, |
129 |
|
|
.utype = V_ASN1_SEQUENCE, |
130 |
|
|
.templates = X509_REQ_INFO_seq_tt, |
131 |
|
|
.tcount = sizeof(X509_REQ_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), |
132 |
|
|
.funcs = &X509_REQ_INFO_aux, |
133 |
|
|
.size = sizeof(X509_REQ_INFO), |
134 |
|
|
.sname = "X509_REQ_INFO", |
135 |
|
|
}; |
136 |
|
|
|
137 |
|
|
|
138 |
|
|
X509_REQ_INFO * |
139 |
|
|
d2i_X509_REQ_INFO(X509_REQ_INFO **a, const unsigned char **in, long len) |
140 |
|
|
{ |
141 |
|
|
return (X509_REQ_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, |
142 |
|
|
&X509_REQ_INFO_it); |
143 |
|
|
} |
144 |
|
|
|
145 |
|
|
int |
146 |
|
|
i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **out) |
147 |
|
|
{ |
148 |
|
|
return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_REQ_INFO_it); |
149 |
|
|
} |
150 |
|
|
|
151 |
|
|
X509_REQ_INFO * |
152 |
|
|
X509_REQ_INFO_new(void) |
153 |
|
|
{ |
154 |
|
|
return (X509_REQ_INFO *)ASN1_item_new(&X509_REQ_INFO_it); |
155 |
|
|
} |
156 |
|
|
|
157 |
|
|
void |
158 |
|
|
X509_REQ_INFO_free(X509_REQ_INFO *a) |
159 |
|
|
{ |
160 |
|
|
ASN1_item_free((ASN1_VALUE *)a, &X509_REQ_INFO_it); |
161 |
|
|
} |
162 |
|
|
|
163 |
|
|
static const ASN1_AUX X509_REQ_aux = { |
164 |
|
|
.app_data = NULL, |
165 |
|
|
.flags = ASN1_AFLG_REFCOUNT, |
166 |
|
|
.ref_offset = offsetof(X509_REQ, references), |
167 |
|
|
.ref_lock = CRYPTO_LOCK_X509_REQ, |
168 |
|
|
}; |
169 |
|
|
static const ASN1_TEMPLATE X509_REQ_seq_tt[] = { |
170 |
|
|
{ |
171 |
|
|
.offset = offsetof(X509_REQ, req_info), |
172 |
|
|
.field_name = "req_info", |
173 |
|
|
.item = &X509_REQ_INFO_it, |
174 |
|
|
}, |
175 |
|
|
{ |
176 |
|
|
.offset = offsetof(X509_REQ, sig_alg), |
177 |
|
|
.field_name = "sig_alg", |
178 |
|
|
.item = &X509_ALGOR_it, |
179 |
|
|
}, |
180 |
|
|
{ |
181 |
|
|
.offset = offsetof(X509_REQ, signature), |
182 |
|
|
.field_name = "signature", |
183 |
|
|
.item = &ASN1_BIT_STRING_it, |
184 |
|
|
}, |
185 |
|
|
}; |
186 |
|
|
|
187 |
|
|
const ASN1_ITEM X509_REQ_it = { |
188 |
|
|
.itype = ASN1_ITYPE_SEQUENCE, |
189 |
|
|
.utype = V_ASN1_SEQUENCE, |
190 |
|
|
.templates = X509_REQ_seq_tt, |
191 |
|
|
.tcount = sizeof(X509_REQ_seq_tt) / sizeof(ASN1_TEMPLATE), |
192 |
|
|
.funcs = &X509_REQ_aux, |
193 |
|
|
.size = sizeof(X509_REQ), |
194 |
|
|
.sname = "X509_REQ", |
195 |
|
|
}; |
196 |
|
|
|
197 |
|
|
|
198 |
|
|
X509_REQ * |
199 |
|
|
d2i_X509_REQ(X509_REQ **a, const unsigned char **in, long len) |
200 |
|
|
{ |
201 |
|
36 |
return (X509_REQ *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, |
202 |
|
|
&X509_REQ_it); |
203 |
|
|
} |
204 |
|
|
|
205 |
|
|
int |
206 |
|
|
i2d_X509_REQ(X509_REQ *a, unsigned char **out) |
207 |
|
|
{ |
208 |
|
72 |
return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_REQ_it); |
209 |
|
|
} |
210 |
|
|
|
211 |
|
|
X509_REQ * |
212 |
|
|
X509_REQ_new(void) |
213 |
|
|
{ |
214 |
|
76 |
return (X509_REQ *)ASN1_item_new(&X509_REQ_it); |
215 |
|
|
} |
216 |
|
|
|
217 |
|
|
void |
218 |
|
|
X509_REQ_free(X509_REQ *a) |
219 |
|
|
{ |
220 |
|
208 |
ASN1_item_free((ASN1_VALUE *)a, &X509_REQ_it); |
221 |
|
104 |
} |
222 |
|
|
|
223 |
|
|
X509_REQ * |
224 |
|
|
X509_REQ_dup(X509_REQ *x) |
225 |
|
|
{ |
226 |
|
|
return ASN1_item_dup(&X509_REQ_it, x); |
227 |
|
|
} |