kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2555 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: f01fb5dc0e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f01fb5dc0e'
${ noResults }
boringssl/crypto/x509/t_x509.c

507 lines
15 KiB
Raw Blame History 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/asn1.h>

  58. #include <openssl/bio.h>

  59. #include <openssl/digest.h>

  60. #include <openssl/err.h>

  61. #include <openssl/evp.h>

  62. #include <openssl/mem.h>

  63. #include <openssl/obj.h>

  64. #include <openssl/x509.h>

  65. #include <openssl/x509v3.h>

  66. 

  67. #include "internal.h"

  68. 

  69. 

  70. #ifndef OPENSSL_NO_FP_API

  71. int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,

  72.                      unsigned long cflag)

  73. {

  74.     BIO *b;

  75.     int ret;

  76. 

  77.     if ((b = BIO_new(BIO_s_file())) == NULL) {

  78.         OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB);

  79.         return (0);

  80.     }

  81.     BIO_set_fp(b, fp, BIO_NOCLOSE);

  82.     ret = X509_print_ex(b, x, nmflag, cflag);

  83.     BIO_free(b);

  84.     return (ret);

  85. }

  86. 

  87. int X509_print_fp(FILE *fp, X509 *x)

  88. {

  89.     return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);

  90. }

  91. #endif

  92. 

  93. int X509_print(BIO *bp, X509 *x)

  94. {

  95.     return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);

  96. }

  97. 

  98. int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,

  99.                   unsigned long cflag)

  100. {

  101.     long l;

  102.     int ret = 0, i;

  103.     char *m = NULL, mlch = ' ';

  104.     int nmindent = 0;

  105.     X509_CINF *ci;

  106.     ASN1_INTEGER *bs;

  107.     EVP_PKEY *pkey = NULL;

  108.     const char *neg;

  109. 

  110.     if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {

  111.         mlch = '\n';

  112.         nmindent = 12;

  113.     }

  114. 

  115.     if (nmflags == X509_FLAG_COMPAT)

  116.         nmindent = 16;

  117. 

  118.     ci = x->cert_info;

  119.     if (!(cflag & X509_FLAG_NO_HEADER)) {

  120.         if (BIO_write(bp, "Certificate:\n", 13) <= 0)

  121.             goto err;

  122.         if (BIO_write(bp, "    Data:\n", 10) <= 0)

  123.             goto err;

  124.     }

  125.     if (!(cflag & X509_FLAG_NO_VERSION)) {

  126.         l = X509_get_version(x);

  127.         if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0)

  128.             goto err;

  129.     }

  130.     if (!(cflag & X509_FLAG_NO_SERIAL)) {

  131. 

  132.         if (BIO_write(bp, "        Serial Number:", 22) <= 0)

  133.             goto err;

  134. 

  135.         bs = X509_get_serialNumber(x);

  136.         if (bs->length < (int)sizeof(long)

  137.             || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {

  138.             l = ASN1_INTEGER_get(bs);

  139.             if (bs->type == V_ASN1_NEG_INTEGER) {

  140.                 l = -l;

  141.                 neg = "-";

  142.             } else

  143.                 neg = "";

  144.             if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0)

  145.                 goto err;

  146.         } else {

  147.             neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";

  148.             if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)

  149.                 goto err;

  150. 

  151.             for (i = 0; i < bs->length; i++) {

  152.                 if (BIO_printf(bp, "%02x%c", bs->data[i],

  153.                                ((i + 1 == bs->length) ? '\n' : ':')) <= 0)

  154.                     goto err;

  155.             }

  156.         }

  157. 

  158.     }

  159. 

  160.     if (!(cflag & X509_FLAG_NO_SIGNAME)) {

  161.         if (X509_signature_print(bp, ci->signature, NULL) <= 0)

  162.             goto err;

  163.     }

  164. 

  165.     if (!(cflag & X509_FLAG_NO_ISSUER)) {

  166.         if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0)

  167.             goto err;

  168.         if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)

  169.             < 0)

  170.             goto err;

  171.         if (BIO_write(bp, "\n", 1) <= 0)

  172.             goto err;

  173.     }

  174.     if (!(cflag & X509_FLAG_NO_VALIDITY)) {

  175.         if (BIO_write(bp, "        Validity\n", 17) <= 0)

  176.             goto err;

  177.         if (BIO_write(bp, "            Not Before: ", 24) <= 0)

  178.             goto err;

  179.         if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))

  180.             goto err;

  181.         if (BIO_write(bp, "\n            Not After : ", 25) <= 0)

  182.             goto err;

  183.         if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))

  184.             goto err;

  185.         if (BIO_write(bp, "\n", 1) <= 0)

  186.             goto err;

  187.     }

  188.     if (!(cflag & X509_FLAG_NO_SUBJECT)) {

  189.         if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)

  190.             goto err;

  191.         if (X509_NAME_print_ex

  192.             (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)

  193.             goto err;

  194.         if (BIO_write(bp, "\n", 1) <= 0)

  195.             goto err;

  196.     }

  197.     if (!(cflag & X509_FLAG_NO_PUBKEY)) {

  198.         if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)

  199.             goto err;

  200.         if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)

  201.             goto err;

  202.         if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)

  203.             goto err;

  204.         if (BIO_puts(bp, "\n") <= 0)

  205.             goto err;

  206. 

  207.         pkey = X509_get_pubkey(x);

  208.         if (pkey == NULL) {

  209.             BIO_printf(bp, "%12sUnable to load Public Key\n", "");

  210.             BIO_print_errors(bp);

  211.         } else {

  212.             EVP_PKEY_print_public(bp, pkey, 16, NULL);

  213.             EVP_PKEY_free(pkey);

  214.         }

  215.     }

  216. 

  217.     if (!(cflag & X509_FLAG_NO_IDS)) {

  218.         if (ci->issuerUID) {

  219.             if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0)

  220.                 goto err;

  221.             if (!X509_signature_dump(bp, ci->issuerUID, 12))

  222.                 goto err;

  223.         }

  224.         if (ci->subjectUID) {

  225.             if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0)

  226.                 goto err;

  227.             if (!X509_signature_dump(bp, ci->subjectUID, 12))

  228.                 goto err;

  229.         }

  230.     }

  231. 

  232.     if (!(cflag & X509_FLAG_NO_EXTENSIONS))

  233.         X509V3_extensions_print(bp, "X509v3 extensions",

  234.                                 ci->extensions, cflag, 8);

  235. 

  236.     if (!(cflag & X509_FLAG_NO_SIGDUMP)) {

  237.         if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0)

  238.             goto err;

  239.     }

  240.     if (!(cflag & X509_FLAG_NO_AUX)) {

  241.         if (!X509_CERT_AUX_print(bp, x->aux, 0))

  242.             goto err;

  243.     }

  244.     ret = 1;

  245.  err:

  246.     if (m != NULL)

  247.         OPENSSL_free(m);

  248.     return (ret);

  249. }

  250. 

  251. int X509_ocspid_print(BIO *bp, X509 *x)

  252. {

  253.     unsigned char *der = NULL;

  254.     unsigned char *dertmp;

  255.     int derlen;

  256.     int i;

  257.     unsigned char SHA1md[SHA_DIGEST_LENGTH];

  258. 

  259.     /*

  260.      * display the hash of the subject as it would appear in OCSP requests

  261.      */

  262.     if (BIO_printf(bp, "        Subject OCSP hash: ") <= 0)

  263.         goto err;

  264.     derlen = i2d_X509_NAME(x->cert_info->subject, NULL);

  265.     if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL)

  266.         goto err;

  267.     i2d_X509_NAME(x->cert_info->subject, &dertmp);

  268. 

  269.     if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))

  270.         goto err;

  271.     for (i = 0; i < SHA_DIGEST_LENGTH; i++) {

  272.         if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)

  273.             goto err;

  274.     }

  275.     OPENSSL_free(der);

  276.     der = NULL;

  277. 

  278.     /*

  279.      * display the hash of the public key as it would appear in OCSP requests

  280.      */

  281.     if (BIO_printf(bp, "\n        Public key OCSP hash: ") <= 0)

  282.         goto err;

  283. 

  284.     if (!EVP_Digest(x->cert_info->key->public_key->data,

  285.                     x->cert_info->key->public_key->length,

  286.                     SHA1md, NULL, EVP_sha1(), NULL))

  287.         goto err;

  288.     for (i = 0; i < SHA_DIGEST_LENGTH; i++) {

  289.         if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)

  290.             goto err;

  291.     }

  292.     BIO_printf(bp, "\n");

  293. 

  294.     return (1);

  295.  err:

  296.     if (der != NULL)

  297.         OPENSSL_free(der);

  298.     return (0);

  299. }

  300. 

  301. int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)

  302. {

  303.     if (BIO_puts(bp, "    Signature Algorithm: ") <= 0)

  304.         return 0;

  305.     if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)

  306.         return 0;

  307. 

  308.     /* RSA-PSS signatures have parameters to print. */

  309.     int sig_nid = OBJ_obj2nid(sigalg->algorithm);

  310.     if (sig_nid == NID_rsassaPss &&

  311.         !x509_print_rsa_pss_params(bp, sigalg, 9, 0)) {

  312.         return 0;

  313.     }

  314. 

  315.     if (sig)

  316.         return X509_signature_dump(bp, sig, 9);

  317.     else if (BIO_puts(bp, "\n") <= 0)

  318.         return 0;

  319.     return 1;

  320. }

  321. 

  322. int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)

  323. {

  324.     int i, n;

  325.     char buf[80];

  326.     const char *p;

  327. 

  328.     if (v == NULL)

  329.         return (0);

  330.     n = 0;

  331.     p = (const char *)v->data;

  332.     for (i = 0; i < v->length; i++) {

  333.         if ((p[i] > '~') || ((p[i] < ' ') &&

  334.                              (p[i] != '\n') && (p[i] != '\r')))

  335.             buf[n] = '.';

  336.         else

  337.             buf[n] = p[i];

  338.         n++;

  339.         if (n >= 80) {

  340.             if (BIO_write(bp, buf, n) <= 0)

  341.                 return (0);

  342.             n = 0;

  343.         }

  344.     }

  345.     if (n > 0)

  346.         if (BIO_write(bp, buf, n) <= 0)

  347.             return (0);

  348.     return (1);

  349. }

  350. 

  351. int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)

  352. {

  353.     if (tm->type == V_ASN1_UTCTIME)

  354.         return ASN1_UTCTIME_print(bp, tm);

  355.     if (tm->type == V_ASN1_GENERALIZEDTIME)

  356.         return ASN1_GENERALIZEDTIME_print(bp, tm);

  357.     BIO_write(bp, "Bad time value", 14);

  358.     return (0);

  359. }

  360. 

  361. static const char *const mon[12] = {

  362.     "Jan", "Feb", "Mar", "Apr", "May", "Jun",

  363.     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"

  364. };

  365. 

  366. int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)

  367. {

  368.     char *v;

  369.     int gmt = 0;

  370.     int i;

  371.     int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;

  372.     char *f = NULL;

  373.     int f_len = 0;

  374. 

  375.     i = tm->length;

  376.     v = (char *)tm->data;

  377. 

  378.     if (i < 12)

  379.         goto err;

  380.     if (v[i - 1] == 'Z')

  381.         gmt = 1;

  382.     for (i = 0; i < 12; i++)

  383.         if ((v[i] > '9') || (v[i] < '0'))

  384.             goto err;

  385.     y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 + (v[2] - '0') * 10 + (v[3] -

  386.                                                                         '0');

  387.     M = (v[4] - '0') * 10 + (v[5] - '0');

  388.     if ((M > 12) || (M < 1))

  389.         goto err;

  390.     d = (v[6] - '0') * 10 + (v[7] - '0');

  391.     h = (v[8] - '0') * 10 + (v[9] - '0');

  392.     m = (v[10] - '0') * 10 + (v[11] - '0');

  393.     if (tm->length >= 14 &&

  394.         (v[12] >= '0') && (v[12] <= '9') &&

  395.         (v[13] >= '0') && (v[13] <= '9')) {

  396.         s = (v[12] - '0') * 10 + (v[13] - '0');

  397.         /* Check for fractions of seconds. */

  398.         if (tm->length >= 15 && v[14] == '.') {

  399.             int l = tm->length;

  400.             f = &v[14];         /* The decimal point. */

  401.             f_len = 1;

  402.             while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')

  403.                 ++f_len;

  404.         }

  405.     }

  406. 

  407.     if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",

  408.                    mon[M - 1], d, h, m, s, f_len, f, y,

  409.                    (gmt) ? " GMT" : "") <= 0)

  410.         return (0);

  411.     else

  412.         return (1);

  413.  err:

  414.     BIO_write(bp, "Bad time value", 14);

  415.     return (0);

  416. }

  417. 

  418. int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)

  419. {

  420.     const char *v;

  421.     int gmt = 0;

  422.     int i;

  423.     int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;

  424. 

  425.     i = tm->length;

  426.     v = (const char *)tm->data;

  427. 

  428.     if (i < 10)

  429.         goto err;

  430.     if (v[i - 1] == 'Z')

  431.         gmt = 1;

  432.     for (i = 0; i < 10; i++)

  433.         if ((v[i] > '9') || (v[i] < '0'))

  434.             goto err;

  435.     y = (v[0] - '0') * 10 + (v[1] - '0');

  436.     if (y < 50)

  437.         y += 100;

  438.     M = (v[2] - '0') * 10 + (v[3] - '0');

  439.     if ((M > 12) || (M < 1))

  440.         goto err;

  441.     d = (v[4] - '0') * 10 + (v[5] - '0');

  442.     h = (v[6] - '0') * 10 + (v[7] - '0');

  443.     m = (v[8] - '0') * 10 + (v[9] - '0');

  444.     if (tm->length >= 12 &&

  445.         (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9'))

  446.         s = (v[10] - '0') * 10 + (v[11] - '0');

  447. 

  448.     if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",

  449.                    mon[M - 1], d, h, m, s, y + 1900,

  450.                    (gmt) ? " GMT" : "") <= 0)

  451.         return (0);

  452.     else

  453.         return (1);

  454.  err:

  455.     BIO_write(bp, "Bad time value", 14);

  456.     return (0);

  457. }

  458. 

  459. int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)

  460. {

  461.     char *s, *c, *b;

  462.     int ret = 0, l, i;

  463. 

  464.     l = 80 - 2 - obase;

  465. 

  466.     b = X509_NAME_oneline(name, NULL, 0);

  467.     if (!b)

  468.         return 0;

  469.     if (!*b) {

  470.         OPENSSL_free(b);

  471.         return 1;

  472.     }

  473.     s = b + 1;                  /* skip the first slash */

  474. 

  475.     c = s;

  476.     for (;;) {

  477.         if (((*s == '/') &&

  478.              ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') ||

  479.                                                  ((s[2] >= 'A')

  480.                                                   && (s[2] <= 'Z')

  481.                                                   && (s[3] == '='))

  482.               ))) || (*s == '\0')) {

  483.             i = s - c;

  484.             if (BIO_write(bp, c, i) != i)

  485.                 goto err;

  486.             c = s + 1;          /* skip following slash */

  487.             if (*s != '\0') {

  488.                 if (BIO_write(bp, ", ", 2) != 2)

  489.                     goto err;

  490.             }

  491.             l--;

  492.         }

  493.         if (*s == '\0')

  494.             break;

  495.         s++;

  496.         l--;

  497.     }

  498. 

  499.     ret = 1;

  500.     if (0) {

  501.  err:

  502.         OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB);

  503.     }

  504.     OPENSSL_free(b);

  505.     return (ret);

  506. }