kris
/
boringssl
1
0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Toiminta
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1973 Commitit
12 Branchit
38 MiB
 
 
 
 
 
 
Puu: 13e81fc971
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '13e81fc971'
${ noResults }
boringssl/crypto/x509/x509_req.c

316 rivejä
9.1 KiB
Raaka Blame Historia 

  1. /* crypto/x509/x509_req.c */

  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  3.  * All rights reserved.

  4.  *

  5.  * This package is an SSL implementation written

  6.  * by Eric Young (eay@cryptsoft.com).

  7.  * The implementation was written so as to conform with Netscapes SSL.

  8.  *

  9.  * This library is free for commercial and non-commercial use as long as

  10.  * the following conditions are aheared to.  The following conditions

  11.  * apply to all code found in this distribution, be it the RC4, RSA,

  12.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  13.  * included with this distribution is covered by the same copyright terms

  14.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  15.  *

  16.  * Copyright remains Eric Young's, and as such any Copyright notices in

  17.  * the code are not to be removed.

  18.  * If this package is used in a product, Eric Young should be given attribution

  19.  * as the author of the parts of the library used.

  20.  * This can be in the form of a textual message at program startup or

  21.  * in documentation (online or textual) provided with the package.

  22.  *

  23.  * Redistribution and use in source and binary forms, with or without

  24.  * modification, are permitted provided that the following conditions

  25.  * are met:

  26.  * 1. Redistributions of source code must retain the copyright

  27.  *    notice, this list of conditions and the following disclaimer.

  28.  * 2. Redistributions in binary form must reproduce the above copyright

  29.  *    notice, this list of conditions and the following disclaimer in the

  30.  *    documentation and/or other materials provided with the distribution.

  31.  * 3. All advertising materials mentioning features or use of this software

  32.  *    must display the following acknowledgement:

  33.  *    "This product includes cryptographic software written by

  34.  *     Eric Young (eay@cryptsoft.com)"

  35.  *    The word 'cryptographic' can be left out if the rouines from the library

  36.  *    being used are not cryptographic related :-).

  37.  * 4. If you include any Windows specific code (or a derivative thereof) from

  38.  *    the apps directory (application code) you must include an acknowledgement:

  39.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  40.  *

  41.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  42.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  43.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  44.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  45.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  46.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  47.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  49.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  50.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  51.  * SUCH DAMAGE.

  52.  *

  53.  * The licence and distribution terms for any publically available version or

  54.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  55.  * copied and put under another distribution licence

  56.  * [including the GNU Public Licence.] */

  57. 

  58. #include <openssl/asn1.h>

  59. #include <openssl/asn1t.h>

  60. #include <openssl/bn.h>

  61. #include <openssl/buf.h>

  62. #include <openssl/err.h>

  63. #include <openssl/evp.h>

  64. #include <openssl/mem.h>

  65. #include <openssl/obj.h>

  66. #include <openssl/pem.h>

  67. #include <openssl/x509.h>

  68. 

  69. 

  70. X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)

  71. 	{

  72. 	X509_REQ *ret;

  73. 	X509_REQ_INFO *ri;

  74. 	int i;

  75. 	EVP_PKEY *pktmp;

  76. 

  77. 	ret=X509_REQ_new();

  78. 	if (ret == NULL)

  79. 		{

  80. 		OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);

  81. 		goto err;

  82. 		}

  83. 

  84. 	ri=ret->req_info;

  85. 

  86. 	ri->version->length=1;

  87. 	ri->version->data=(unsigned char *)OPENSSL_malloc(1);

  88. 	if (ri->version->data == NULL) goto err;

  89. 	ri->version->data[0]=0; /* version == 0 */

  90. 

  91. 	if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))

  92. 		goto err;

  93. 

  94. 	pktmp = X509_get_pubkey(x);

  95. 	if (pktmp == NULL)

  96. 		goto err;

  97. 	i=X509_REQ_set_pubkey(ret,pktmp);

  98. 	EVP_PKEY_free(pktmp);

  99. 	if (!i) goto err;

  100. 

  101. 	if (pkey != NULL)

  102. 		{

  103. 		if (!X509_REQ_sign(ret,pkey,md))

  104. 			goto err;

  105. 		}

  106. 	return(ret);

  107. err:

  108. 	X509_REQ_free(ret);

  109. 	return(NULL);

  110. 	}

  111. 

  112. EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)

  113. 	{

  114. 	if ((req == NULL) || (req->req_info == NULL))

  115. 		return(NULL);

  116. 	return(X509_PUBKEY_get(req->req_info->pubkey));

  117. 	}

  118. 

  119. int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)

  120. 	{

  121. 	EVP_PKEY *xk=NULL;

  122. 	int ok=0;

  123. 

  124. 	xk=X509_REQ_get_pubkey(x);

  125. 	switch (EVP_PKEY_cmp(xk, k))

  126. 		{

  127. 	case 1:

  128. 		ok=1;

  129. 		break;

  130. 	case 0:

  131. 		OPENSSL_PUT_ERROR(X509, X509_R_KEY_VALUES_MISMATCH);

  132. 		break;

  133. 	case -1:

  134. 		OPENSSL_PUT_ERROR(X509, X509_R_KEY_TYPE_MISMATCH);

  135. 		break;

  136. 	case -2:

  137. 		if (k->type == EVP_PKEY_EC)

  138. 			{

  139. 			OPENSSL_PUT_ERROR(X509, ERR_R_EC_LIB);

  140. 			break;

  141. 			}

  142. 		if (k->type == EVP_PKEY_DH)

  143. 			{

  144. 			/* No idea */

  145. 			OPENSSL_PUT_ERROR(X509, X509_R_CANT_CHECK_DH_KEY);

  146. 			break;

  147. 			}

  148. 	        OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE);

  149. 		}

  150. 

  151. 	EVP_PKEY_free(xk);

  152. 	return(ok);

  153. 	}

  154. 

  155. /* It seems several organisations had the same idea of including a list of

  156.  * extensions in a certificate request. There are at least two OIDs that are

  157.  * used and there may be more: so the list is configurable.

  158.  */

  159. 

  160. static const int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};

  161. 

  162. static const int *ext_nids = ext_nid_list;

  163. 

  164. int X509_REQ_extension_nid(int req_nid)

  165. {

  166. 	int i, nid;

  167. 	for(i = 0; ; i++) {

  168. 		nid = ext_nids[i];

  169. 		if(nid == NID_undef) return 0;

  170. 		else if (req_nid == nid) return 1;

  171. 	}

  172. }

  173. 

  174. const int *X509_REQ_get_extension_nids(void)

  175. {

  176. 	return ext_nids;

  177. }

  178. 	

  179. void X509_REQ_set_extension_nids(const int *nids)

  180. {

  181. 	ext_nids = nids;

  182. }

  183. 

  184. STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)

  185. 	{

  186. 	X509_ATTRIBUTE *attr;

  187. 	ASN1_TYPE *ext = NULL;

  188. 	int idx;

  189. 	const int *pnid;

  190. 	const unsigned char *p;

  191. 

  192. 	if ((req == NULL) || (req->req_info == NULL) || !ext_nids)

  193. 		return(NULL);

  194. 	for (pnid = ext_nids; *pnid != NID_undef; pnid++)

  195. 		{

  196. 		idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);

  197. 		if (idx == -1)

  198. 			continue;

  199. 		attr = X509_REQ_get_attr(req, idx);

  200. 		if(attr->single) ext = attr->value.single;

  201. 		else if(sk_ASN1_TYPE_num(attr->value.set))

  202. 			ext = sk_ASN1_TYPE_value(attr->value.set, 0);

  203. 		break;

  204. 		}

  205. 	if(!ext || (ext->type != V_ASN1_SEQUENCE))

  206. 		return NULL;

  207. 	p = ext->value.sequence->data;

  208. 	return (STACK_OF(X509_EXTENSION) *)

  209. 		ASN1_item_d2i(NULL, &p, ext->value.sequence->length,

  210. 				ASN1_ITEM_rptr(X509_EXTENSIONS));

  211. }

  212. 

  213. /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs

  214.  * in case we want to create a non standard one.

  215.  */

  216. 

  217. int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,

  218. 				int nid)

  219. {

  220. 	ASN1_TYPE *at = NULL;

  221. 	X509_ATTRIBUTE *attr = NULL;

  222. 	if(!(at = ASN1_TYPE_new()) ||

  223. 		!(at->value.sequence = ASN1_STRING_new())) goto err;

  224. 

  225. 	at->type = V_ASN1_SEQUENCE;

  226. 	/* Generate encoding of extensions */

  227. 	at->value.sequence->length = 

  228. 			ASN1_item_i2d((ASN1_VALUE *)exts,

  229. 				&at->value.sequence->data,

  230. 				ASN1_ITEM_rptr(X509_EXTENSIONS));

  231. 	if(!(attr = X509_ATTRIBUTE_new())) goto err;

  232. 	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;

  233. 	if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;

  234. 	at = NULL;

  235. 	attr->single = 0;

  236. 	attr->object = (ASN1_OBJECT*) OBJ_nid2obj(nid);

  237. 	if (!req->req_info->attributes)

  238. 		{

  239. 		if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))

  240. 			goto err;

  241. 		}

  242. 	if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;

  243. 	return 1;

  244. 	err:

  245. 	X509_ATTRIBUTE_free(attr);

  246. 	ASN1_TYPE_free(at);

  247. 	return 0;

  248. }

  249. /* This is the normal usage: use the "official" OID */

  250. int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)

  251. {

  252. 	return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);

  253. }

  254. 

  255. /* Request attribute functions */

  256. 

  257. int X509_REQ_get_attr_count(const X509_REQ *req)

  258. {

  259. 	return X509at_get_attr_count(req->req_info->attributes);

  260. }

  261. 

  262. int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,

  263. 			  int lastpos)

  264. {

  265. 	return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);

  266. }

  267. 

  268. int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,

  269. 			  int lastpos)

  270. {

  271. 	return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);

  272. }

  273. 

  274. X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)

  275. {

  276. 	return X509at_get_attr(req->req_info->attributes, loc);

  277. }

  278. 

  279. X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)

  280. {

  281. 	return X509at_delete_attr(req->req_info->attributes, loc);

  282. }

  283. 

  284. int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)

  285. {

  286. 	if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;

  287. 	return 0;

  288. }

  289. 

  290. int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,

  291. 			const ASN1_OBJECT *obj, int type,

  292. 			const unsigned char *bytes, int len)

  293. {

  294. 	if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,

  295. 				type, bytes, len)) return 1;

  296. 	return 0;

  297. }

  298. 

  299. int X509_REQ_add1_attr_by_NID(X509_REQ *req,

  300. 			int nid, int type,

  301. 			const unsigned char *bytes, int len)

  302. {

  303. 	if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,

  304. 				type, bytes, len)) return 1;

  305. 	return 0;

  306. }

  307. 

  308. int X509_REQ_add1_attr_by_txt(X509_REQ *req,

  309. 			const char *attrname, int type,

  310. 			const unsigned char *bytes, int len)

  311. {

  312. 	if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,

  313. 				type, bytes, len)) return 1;

  314. 	return 0;

  315. }