1 | /* |
2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #include <stdio.h> |
11 | #include "internal/cryptlib.h" |
12 | #include "internal/refcount.h" |
13 | #include <openssl/asn1.h> |
14 | #include <openssl/objects.h> |
15 | #include <openssl/evp.h> |
16 | #include <openssl/x509.h> |
17 | #include <openssl/x509v3.h> |
18 | #include "crypto/asn1.h" |
19 | #include "crypto/x509.h" |
20 | #include "x509_local.h" |
21 | |
22 | int X509_set_version(X509 *x, long version) |
23 | { |
24 | if (x == NULL) |
25 | return 0; |
26 | if (version == 0) { |
27 | ASN1_INTEGER_free(x->cert_info.version); |
28 | x->cert_info.version = NULL; |
29 | return 1; |
30 | } |
31 | if (x->cert_info.version == NULL) { |
32 | if ((x->cert_info.version = ASN1_INTEGER_new()) == NULL) |
33 | return 0; |
34 | } |
35 | return ASN1_INTEGER_set(x->cert_info.version, version); |
36 | } |
37 | |
38 | int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) |
39 | { |
40 | ASN1_INTEGER *in; |
41 | |
42 | if (x == NULL) |
43 | return 0; |
44 | in = &x->cert_info.serialNumber; |
45 | if (in != serial) |
46 | return ASN1_STRING_copy(in, serial); |
47 | return 1; |
48 | } |
49 | |
50 | int X509_set_issuer_name(X509 *x, X509_NAME *name) |
51 | { |
52 | if (x == NULL) |
53 | return 0; |
54 | return X509_NAME_set(&x->cert_info.issuer, name); |
55 | } |
56 | |
57 | int X509_set_subject_name(X509 *x, X509_NAME *name) |
58 | { |
59 | if (x == NULL) |
60 | return 0; |
61 | return X509_NAME_set(&x->cert_info.subject, name); |
62 | } |
63 | |
64 | int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm) |
65 | { |
66 | ASN1_TIME *in; |
67 | in = *ptm; |
68 | if (in != tm) { |
69 | in = ASN1_STRING_dup(tm); |
70 | if (in != NULL) { |
71 | ASN1_TIME_free(*ptm); |
72 | *ptm = in; |
73 | } |
74 | } |
75 | return (in != NULL); |
76 | } |
77 | |
78 | int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm) |
79 | { |
80 | if (x == NULL) |
81 | return 0; |
82 | return x509_set1_time(&x->cert_info.validity.notBefore, tm); |
83 | } |
84 | |
85 | int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) |
86 | { |
87 | if (x == NULL) |
88 | return 0; |
89 | return x509_set1_time(&x->cert_info.validity.notAfter, tm); |
90 | } |
91 | |
92 | int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) |
93 | { |
94 | if (x == NULL) |
95 | return 0; |
96 | return X509_PUBKEY_set(&(x->cert_info.key), pkey); |
97 | } |
98 | |
99 | int X509_up_ref(X509 *x) |
100 | { |
101 | int i; |
102 | |
103 | if (CRYPTO_UP_REF(&x->references, &i, x->lock) <= 0) |
104 | return 0; |
105 | |
106 | REF_PRINT_COUNT("X509" , x); |
107 | REF_ASSERT_ISNT(i < 2); |
108 | return ((i > 1) ? 1 : 0); |
109 | } |
110 | |
111 | long X509_get_version(const X509 *x) |
112 | { |
113 | return ASN1_INTEGER_get(x->cert_info.version); |
114 | } |
115 | |
116 | const ASN1_TIME *X509_get0_notBefore(const X509 *x) |
117 | { |
118 | return x->cert_info.validity.notBefore; |
119 | } |
120 | |
121 | const ASN1_TIME *X509_get0_notAfter(const X509 *x) |
122 | { |
123 | return x->cert_info.validity.notAfter; |
124 | } |
125 | |
126 | ASN1_TIME *X509_getm_notBefore(const X509 *x) |
127 | { |
128 | return x->cert_info.validity.notBefore; |
129 | } |
130 | |
131 | ASN1_TIME *X509_getm_notAfter(const X509 *x) |
132 | { |
133 | return x->cert_info.validity.notAfter; |
134 | } |
135 | |
136 | int X509_get_signature_type(const X509 *x) |
137 | { |
138 | return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm)); |
139 | } |
140 | |
141 | X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x) |
142 | { |
143 | return x->cert_info.key; |
144 | } |
145 | |
146 | const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x) |
147 | { |
148 | return x->cert_info.extensions; |
149 | } |
150 | |
151 | void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, |
152 | const ASN1_BIT_STRING **psuid) |
153 | { |
154 | if (piuid != NULL) |
155 | *piuid = x->cert_info.issuerUID; |
156 | if (psuid != NULL) |
157 | *psuid = x->cert_info.subjectUID; |
158 | } |
159 | |
160 | const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) |
161 | { |
162 | return &x->cert_info.signature; |
163 | } |
164 | |
165 | int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, |
166 | int *secbits, uint32_t *flags) |
167 | { |
168 | if (mdnid != NULL) |
169 | *mdnid = siginf->mdnid; |
170 | if (pknid != NULL) |
171 | *pknid = siginf->pknid; |
172 | if (secbits != NULL) |
173 | *secbits = siginf->secbits; |
174 | if (flags != NULL) |
175 | *flags = siginf->flags; |
176 | return (siginf->flags & X509_SIG_INFO_VALID) != 0; |
177 | } |
178 | |
179 | void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, |
180 | int secbits, uint32_t flags) |
181 | { |
182 | siginf->mdnid = mdnid; |
183 | siginf->pknid = pknid; |
184 | siginf->secbits = secbits; |
185 | siginf->flags = flags; |
186 | } |
187 | |
188 | int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, |
189 | uint32_t *flags) |
190 | { |
191 | X509_check_purpose(x, -1, -1); |
192 | return X509_SIG_INFO_get(&x->siginf, mdnid, pknid, secbits, flags); |
193 | } |
194 | |
195 | static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, |
196 | const ASN1_STRING *sig) |
197 | { |
198 | int pknid, mdnid; |
199 | const EVP_MD *md; |
200 | |
201 | siginf->mdnid = NID_undef; |
202 | siginf->pknid = NID_undef; |
203 | siginf->secbits = -1; |
204 | siginf->flags = 0; |
205 | if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid) |
206 | || pknid == NID_undef) |
207 | return; |
208 | siginf->pknid = pknid; |
209 | if (mdnid == NID_undef) { |
210 | /* If we have one, use a custom handler for this algorithm */ |
211 | const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, pknid); |
212 | if (ameth == NULL || ameth->siginf_set == NULL |
213 | || ameth->siginf_set(siginf, alg, sig) == 0) |
214 | return; |
215 | siginf->flags |= X509_SIG_INFO_VALID; |
216 | return; |
217 | } |
218 | siginf->flags |= X509_SIG_INFO_VALID; |
219 | siginf->mdnid = mdnid; |
220 | md = EVP_get_digestbynid(mdnid); |
221 | if (md == NULL) |
222 | return; |
223 | /* Security bits: half number of bits in digest */ |
224 | siginf->secbits = EVP_MD_size(md) * 4; |
225 | switch (mdnid) { |
226 | case NID_sha1: |
227 | case NID_sha256: |
228 | case NID_sha384: |
229 | case NID_sha512: |
230 | siginf->flags |= X509_SIG_INFO_TLS; |
231 | } |
232 | } |
233 | |
234 | void x509_init_sig_info(X509 *x) |
235 | { |
236 | x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature); |
237 | } |
238 | |