kris
/
boringssl
1
0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 0 Wiki Aktivita
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
5611 Revize
12 Větve
38 MiB
 
 
 
 
 
 
Strom: 17d553d299
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „17d553d299“
${ noResults }
boringssl/crypto/x509/t_x509.c

545 řádky
17 KiB
Surový Blame Historie 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <ctype.h>

  58. #include <openssl/asn1.h>

  59. #include <openssl/bio.h>

  60. #include <openssl/digest.h>

  61. #include <openssl/err.h>

  62. #include <openssl/evp.h>

  63. #include <openssl/mem.h>

  64. #include <openssl/obj.h>

  65. #include <openssl/x509.h>

  66. #include <openssl/x509v3.h>

  67. 

  68. #include "internal.h"

  69. 

  70. 

  71. #ifndef OPENSSL_NO_FP_API

  72. int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,

  73.                      unsigned long cflag)

  74. {

  75.     BIO *b = BIO_new_fp(fp, BIO_NOCLOSE);

  76.     if (b == NULL) {

  77.         OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB);

  78.         return 0;

  79.     }

  80.     int ret = X509_print_ex(b, x, nmflag, cflag);

  81.     BIO_free(b);

  82.     return ret;

  83. }

  84. 

  85. int X509_print_fp(FILE *fp, X509 *x)

  86. {

  87.     return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);

  88. }

  89. #endif

  90. 

  91. int X509_print(BIO *bp, X509 *x)

  92. {

  93.     return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);

  94. }

  95. 

  96. int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,

  97.                   unsigned long cflag)

  98. {

  99.     long l;

  100.     int ret = 0, i;

  101.     char *m = NULL, mlch = ' ';

  102.     int nmindent = 0;

  103.     X509_CINF *ci;

  104.     ASN1_INTEGER *bs;

  105.     EVP_PKEY *pkey = NULL;

  106.     const char *neg;

  107. 

  108.     if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {

  109.         mlch = '\n';

  110.         nmindent = 12;

  111.     }

  112. 

  113.     if (nmflags == X509_FLAG_COMPAT)

  114.         nmindent = 16;

  115. 

  116.     ci = x->cert_info;

  117.     if (!(cflag & X509_FLAG_NO_HEADER)) {

  118.         if (BIO_write(bp, "Certificate:\n", 13) <= 0)

  119.             goto err;

  120.         if (BIO_write(bp, "    Data:\n", 10) <= 0)

  121.             goto err;

  122.     }

  123.     if (!(cflag & X509_FLAG_NO_VERSION)) {

  124.         l = X509_get_version(x);

  125.         if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0)

  126.             goto err;

  127.     }

  128.     if (!(cflag & X509_FLAG_NO_SERIAL)) {

  129. 

  130.         if (BIO_write(bp, "        Serial Number:", 22) <= 0)

  131.             goto err;

  132. 

  133.         bs = X509_get_serialNumber(x);

  134.         if (bs->length < (int)sizeof(long)

  135.             || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {

  136.             l = ASN1_INTEGER_get(bs);

  137.             if (bs->type == V_ASN1_NEG_INTEGER) {

  138.                 l = -l;

  139.                 neg = "-";

  140.             } else

  141.                 neg = "";

  142.             if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0)

  143.                 goto err;

  144.         } else {

  145.             neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";

  146.             if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)

  147.                 goto err;

  148. 

  149.             for (i = 0; i < bs->length; i++) {

  150.                 if (BIO_printf(bp, "%02x%c", bs->data[i],

  151.                                ((i + 1 == bs->length) ? '\n' : ':')) <= 0)

  152.                     goto err;

  153.             }

  154.         }

  155. 

  156.     }

  157. 

  158.     if (!(cflag & X509_FLAG_NO_SIGNAME)) {

  159.         if (X509_signature_print(bp, ci->signature, NULL) <= 0)

  160.             goto err;

  161.     }

  162. 

  163.     if (!(cflag & X509_FLAG_NO_ISSUER)) {

  164.         if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0)

  165.             goto err;

  166.         if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)

  167.             < 0)

  168.             goto err;

  169.         if (BIO_write(bp, "\n", 1) <= 0)

  170.             goto err;

  171.     }

  172.     if (!(cflag & X509_FLAG_NO_VALIDITY)) {

  173.         if (BIO_write(bp, "        Validity\n", 17) <= 0)

  174.             goto err;

  175.         if (BIO_write(bp, "            Not Before: ", 24) <= 0)

  176.             goto err;

  177.         if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))

  178.             goto err;

  179.         if (BIO_write(bp, "\n            Not After : ", 25) <= 0)

  180.             goto err;

  181.         if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))

  182.             goto err;

  183.         if (BIO_write(bp, "\n", 1) <= 0)

  184.             goto err;

  185.     }

  186.     if (!(cflag & X509_FLAG_NO_SUBJECT)) {

  187.         if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)

  188.             goto err;

  189.         if (X509_NAME_print_ex

  190.             (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)

  191.             goto err;

  192.         if (BIO_write(bp, "\n", 1) <= 0)

  193.             goto err;

  194.     }

  195.     if (!(cflag & X509_FLAG_NO_PUBKEY)) {

  196.         if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)

  197.             goto err;

  198.         if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)

  199.             goto err;

  200.         if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)

  201.             goto err;

  202.         if (BIO_puts(bp, "\n") <= 0)

  203.             goto err;

  204. 

  205.         pkey = X509_get_pubkey(x);

  206.         if (pkey == NULL) {

  207.             BIO_printf(bp, "%12sUnable to load Public Key\n", "");

  208.             ERR_print_errors(bp);

  209.         } else {

  210.             EVP_PKEY_print_public(bp, pkey, 16, NULL);

  211.             EVP_PKEY_free(pkey);

  212.         }

  213.     }

  214. 

  215.     if (!(cflag & X509_FLAG_NO_IDS)) {

  216.         if (ci->issuerUID) {

  217.             if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0)

  218.                 goto err;

  219.             if (!X509_signature_dump(bp, ci->issuerUID, 12))

  220.                 goto err;

  221.         }

  222.         if (ci->subjectUID) {

  223.             if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0)

  224.                 goto err;

  225.             if (!X509_signature_dump(bp, ci->subjectUID, 12))

  226.                 goto err;

  227.         }

  228.     }

  229. 

  230.     if (!(cflag & X509_FLAG_NO_EXTENSIONS))

  231.         X509V3_extensions_print(bp, "X509v3 extensions",

  232.                                 ci->extensions, cflag, 8);

  233. 

  234.     if (!(cflag & X509_FLAG_NO_SIGDUMP)) {

  235.         if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0)

  236.             goto err;

  237.     }

  238.     if (!(cflag & X509_FLAG_NO_AUX)) {

  239.         if (!X509_CERT_AUX_print(bp, x->aux, 0))

  240.             goto err;

  241.     }

  242.     ret = 1;

  243.  err:

  244.     if (m != NULL)

  245.         OPENSSL_free(m);

  246.     return (ret);

  247. }

  248. 

  249. int X509_ocspid_print(BIO *bp, X509 *x)

  250. {

  251.     unsigned char *der = NULL;

  252.     unsigned char *dertmp;

  253.     int derlen;

  254.     int i;

  255.     unsigned char SHA1md[SHA_DIGEST_LENGTH];

  256. 

  257.     /*

  258.      * display the hash of the subject as it would appear in OCSP requests

  259.      */

  260.     if (BIO_printf(bp, "        Subject OCSP hash: ") <= 0)

  261.         goto err;

  262.     derlen = i2d_X509_NAME(x->cert_info->subject, NULL);

  263.     if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL)

  264.         goto err;

  265.     i2d_X509_NAME(x->cert_info->subject, &dertmp);

  266. 

  267.     if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))

  268.         goto err;

  269.     for (i = 0; i < SHA_DIGEST_LENGTH; i++) {

  270.         if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)

  271.             goto err;

  272.     }

  273.     OPENSSL_free(der);

  274.     der = NULL;

  275. 

  276.     /*

  277.      * display the hash of the public key as it would appear in OCSP requests

  278.      */

  279.     if (BIO_printf(bp, "\n        Public key OCSP hash: ") <= 0)

  280.         goto err;

  281. 

  282.     if (!EVP_Digest(x->cert_info->key->public_key->data,

  283.                     x->cert_info->key->public_key->length,

  284.                     SHA1md, NULL, EVP_sha1(), NULL))

  285.         goto err;

  286.     for (i = 0; i < SHA_DIGEST_LENGTH; i++) {

  287.         if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)

  288.             goto err;

  289.     }

  290.     BIO_printf(bp, "\n");

  291. 

  292.     return (1);

  293.  err:

  294.     if (der != NULL)

  295.         OPENSSL_free(der);

  296.     return (0);

  297. }

  298. 

  299. int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,

  300.                          const ASN1_STRING *sig)

  301. {

  302.     if (BIO_puts(bp, "    Signature Algorithm: ") <= 0)

  303.         return 0;

  304.     if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)

  305.         return 0;

  306. 

  307.     /* RSA-PSS signatures have parameters to print. */

  308.     int sig_nid = OBJ_obj2nid(sigalg->algorithm);

  309.     if (sig_nid == NID_rsassaPss &&

  310.         !x509_print_rsa_pss_params(bp, sigalg, 9, 0)) {

  311.         return 0;

  312.     }

  313. 

  314.     if (sig)

  315.         return X509_signature_dump(bp, sig, 9);

  316.     else if (BIO_puts(bp, "\n") <= 0)

  317.         return 0;

  318.     return 1;

  319. }

  320. 

  321. int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)

  322. {

  323.     int i, n;

  324.     char buf[80];

  325.     const char *p;

  326. 

  327.     if (v == NULL)

  328.         return (0);

  329.     n = 0;

  330.     p = (const char *)v->data;

  331.     for (i = 0; i < v->length; i++) {

  332.         if ((p[i] > '~') || ((p[i] < ' ') &&

  333.                              (p[i] != '\n') && (p[i] != '\r')))

  334.             buf[n] = '.';

  335.         else

  336.             buf[n] = p[i];

  337.         n++;

  338.         if (n >= 80) {

  339.             if (BIO_write(bp, buf, n) <= 0)

  340.                 return (0);

  341.             n = 0;

  342.         }

  343.     }

  344.     if (n > 0)

  345.         if (BIO_write(bp, buf, n) <= 0)

  346.             return (0);

  347.     return (1);

  348. }

  349. 

  350. int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)

  351. {

  352.     if (tm->type == V_ASN1_UTCTIME)

  353.         return ASN1_UTCTIME_print(bp, tm);

  354.     if (tm->type == V_ASN1_GENERALIZEDTIME)

  355.         return ASN1_GENERALIZEDTIME_print(bp, tm);

  356.     BIO_write(bp, "Bad time value", 14);

  357.     return (0);

  358. }

  359. 

  360. static const char *const mon[12] = {

  361.     "Jan", "Feb", "Mar", "Apr", "May", "Jun",

  362.     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"

  363. };

  364. 

  365. int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)

  366. {

  367.     char *v;

  368.     int gmt = 0;

  369.     int i;

  370.     int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;

  371.     char *f = NULL;

  372.     int f_len = 0;

  373. 

  374.     i = tm->length;

  375.     v = (char *)tm->data;

  376. 

  377.     if (i < 12)

  378.         goto err;

  379.     if (v[i - 1] == 'Z')

  380.         gmt = 1;

  381.     for (i = 0; i < 12; i++)

  382.         if ((v[i] > '9') || (v[i] < '0'))

  383.             goto err;

  384.     y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 + (v[2] - '0') * 10 + (v[3] -

  385.                                                                         '0');

  386.     M = (v[4] - '0') * 10 + (v[5] - '0');

  387.     if ((M > 12) || (M < 1))

  388.         goto err;

  389.     d = (v[6] - '0') * 10 + (v[7] - '0');

  390.     h = (v[8] - '0') * 10 + (v[9] - '0');

  391.     m = (v[10] - '0') * 10 + (v[11] - '0');

  392.     if (tm->length >= 14 &&

  393.         (v[12] >= '0') && (v[12] <= '9') &&

  394.         (v[13] >= '0') && (v[13] <= '9')) {

  395.         s = (v[12] - '0') * 10 + (v[13] - '0');

  396.         /* Check for fractions of seconds. */

  397.         if (tm->length >= 15 && v[14] == '.') {

  398.             int l = tm->length;

  399.             f = &v[14];         /* The decimal point. */

  400.             f_len = 1;

  401.             while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')

  402.                 ++f_len;

  403.         }

  404.     }

  405. 

  406.     if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",

  407.                    mon[M - 1], d, h, m, s, f_len, f, y,

  408.                    (gmt) ? " GMT" : "") <= 0)

  409.         return (0);

  410.     else

  411.         return (1);

  412.  err:

  413.     BIO_write(bp, "Bad time value", 14);

  414.     return (0);

  415. }

  416. 

  417. // consume_two_digits is a helper function for ASN1_UTCTIME_print. If |*v|,

  418. // assumed to be |*len| bytes long, has two leading digits, updates |*out| with

  419. // their value, updates |v| and |len|, and returns one. Otherwise, returns

  420. // zero.

  421. static int consume_two_digits(int* out, const char **v, int *len) {

  422.   if (*len < 2|| !isdigit((*v)[0]) || !isdigit((*v)[1])) {

  423.     return 0;

  424.   }

  425.   *out = ((*v)[0] - '0') * 10 + ((*v)[1] - '0');

  426.   *len -= 2;

  427.   *v += 2;

  428.   return 1;

  429. }

  430. 

  431. // consume_zulu_timezone is a helper function for ASN1_UTCTIME_print. If |*v|,

  432. // assumed to be |*len| bytes long, starts with "Z" then it updates |*v| and

  433. // |*len| and returns one. Otherwise returns zero.

  434. static int consume_zulu_timezone(const char **v, int *len) {

  435.   if (*len == 0 || (*v)[0] != 'Z') {

  436.     return 0;

  437.   }

  438. 

  439.   *len -= 1;

  440.   *v += 1;

  441.   return 1;

  442. }

  443. 

  444. int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) {

  445.   const char *v = (const char *)tm->data;

  446.   int len = tm->length;

  447.   int Y = 0, M = 0, D = 0, h = 0, m = 0, s = 0;

  448. 

  449.   // YYMMDDhhmm are required to be present.

  450.   if (!consume_two_digits(&Y, &v, &len) ||

  451.       !consume_two_digits(&M, &v, &len) ||

  452.       !consume_two_digits(&D, &v, &len) ||

  453.       !consume_two_digits(&h, &v, &len) ||

  454.       !consume_two_digits(&m, &v, &len)) {

  455.     goto err;

  456.   }

  457.   // https://tools.ietf.org/html/rfc5280, section 4.1.2.5.1, requires seconds

  458.   // to be present, but historically this code has forgiven its absence.

  459.   consume_two_digits(&s, &v, &len);

  460. 

  461.   // https://tools.ietf.org/html/rfc5280, section 4.1.2.5.1, specifies this

  462.   // interpretation of the year.

  463.   if (Y < 50) {

  464.     Y += 2000;

  465.   } else {

  466.     Y += 1900;

  467.   }

  468.   if (M > 12 || M == 0) {

  469.     goto err;

  470.   }

  471.   if (D > 31 || D == 0) {

  472.     goto err;

  473.   }

  474.   if (h > 23 || m > 59 || s > 60) {

  475.     goto err;

  476.   }

  477. 

  478.   // https://tools.ietf.org/html/rfc5280, section 4.1.2.5.1, requires the "Z"

  479.   // to be present, but historically this code has forgiven its absence.

  480.   const int is_gmt = consume_zulu_timezone(&v, &len);

  481. 

  482.   // https://tools.ietf.org/html/rfc5280, section 4.1.2.5.1, does not permit

  483.   // the specification of timezones using the +hhmm / -hhmm syntax, which is

  484.   // the only other thing that might legitimately be found at the end.

  485.   if (len) {

  486.     goto err;

  487.   }

  488. 

  489.   return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", mon[M - 1], D, h, m, s, Y,

  490.                     is_gmt ? " GMT" : "") > 0;

  491. 

  492. err:

  493.   BIO_write(bp, "Bad time value", 14);

  494.   return 0;

  495. }

  496. 

  497. int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)

  498. {

  499.     char *s, *c, *b;

  500.     int ret = 0, l, i;

  501. 

  502.     l = 80 - 2 - obase;

  503. 

  504.     b = X509_NAME_oneline(name, NULL, 0);

  505.     if (!b)

  506.         return 0;

  507.     if (!*b) {

  508.         OPENSSL_free(b);

  509.         return 1;

  510.     }

  511.     s = b + 1;                  /* skip the first slash */

  512. 

  513.     c = s;

  514.     for (;;) {

  515.         if (((*s == '/') &&

  516.              ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') ||

  517.                                                  ((s[2] >= 'A')

  518.                                                   && (s[2] <= 'Z')

  519.                                                   && (s[3] == '='))

  520.               ))) || (*s == '\0')) {

  521.             i = s - c;

  522.             if (BIO_write(bp, c, i) != i)

  523.                 goto err;

  524.             c = s + 1;          /* skip following slash */

  525.             if (*s != '\0') {

  526.                 if (BIO_write(bp, ", ", 2) != 2)

  527.                     goto err;

  528.             }

  529.             l--;

  530.         }

  531.         if (*s == '\0')

  532.             break;

  533.         s++;

  534.         l--;

  535.     }

  536. 

  537.     ret = 1;

  538.     if (0) {

  539.  err:

  540.         OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB);

  541.     }

  542.     OPENSSL_free(b);

  543.     return (ret);

  544. }