kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2555 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: f01fb5dc0e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f01fb5dc0e'
${ noResults }
boringssl/crypto/x509/x509_req.c

323 lines
10 KiB
Raw Blame History 

  1. /* crypto/x509/x509_req.c */

  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  3.  * All rights reserved.

  4.  *

  5.  * This package is an SSL implementation written

  6.  * by Eric Young (eay@cryptsoft.com).

  7.  * The implementation was written so as to conform with Netscapes SSL.

  8.  *

  9.  * This library is free for commercial and non-commercial use as long as

  10.  * the following conditions are aheared to.  The following conditions

  11.  * apply to all code found in this distribution, be it the RC4, RSA,

  12.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  13.  * included with this distribution is covered by the same copyright terms

  14.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  15.  *

  16.  * Copyright remains Eric Young's, and as such any Copyright notices in

  17.  * the code are not to be removed.

  18.  * If this package is used in a product, Eric Young should be given attribution

  19.  * as the author of the parts of the library used.

  20.  * This can be in the form of a textual message at program startup or

  21.  * in documentation (online or textual) provided with the package.

  22.  *

  23.  * Redistribution and use in source and binary forms, with or without

  24.  * modification, are permitted provided that the following conditions

  25.  * are met:

  26.  * 1. Redistributions of source code must retain the copyright

  27.  *    notice, this list of conditions and the following disclaimer.

  28.  * 2. Redistributions in binary form must reproduce the above copyright

  29.  *    notice, this list of conditions and the following disclaimer in the

  30.  *    documentation and/or other materials provided with the distribution.

  31.  * 3. All advertising materials mentioning features or use of this software

  32.  *    must display the following acknowledgement:

  33.  *    "This product includes cryptographic software written by

  34.  *     Eric Young (eay@cryptsoft.com)"

  35.  *    The word 'cryptographic' can be left out if the rouines from the library

  36.  *    being used are not cryptographic related :-).

  37.  * 4. If you include any Windows specific code (or a derivative thereof) from

  38.  *    the apps directory (application code) you must include an acknowledgement:

  39.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  40.  *

  41.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  42.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  43.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  44.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  45.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  46.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  47.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  49.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  50.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  51.  * SUCH DAMAGE.

  52.  *

  53.  * The licence and distribution terms for any publically available version or

  54.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  55.  * copied and put under another distribution licence

  56.  * [including the GNU Public Licence.] */

  57. 

  58. #include <openssl/asn1.h>

  59. #include <openssl/asn1t.h>

  60. #include <openssl/bn.h>

  61. #include <openssl/buf.h>

  62. #include <openssl/err.h>

  63. #include <openssl/evp.h>

  64. #include <openssl/mem.h>

  65. #include <openssl/obj.h>

  66. #include <openssl/pem.h>

  67. #include <openssl/x509.h>

  68. 

  69. X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)

  70. {

  71.     X509_REQ *ret;

  72.     X509_REQ_INFO *ri;

  73.     int i;

  74.     EVP_PKEY *pktmp;

  75. 

  76.     ret = X509_REQ_new();

  77.     if (ret == NULL) {

  78.         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);

  79.         goto err;

  80.     }

  81. 

  82.     ri = ret->req_info;

  83. 

  84.     ri->version->length = 1;

  85.     ri->version->data = (unsigned char *)OPENSSL_malloc(1);

  86.     if (ri->version->data == NULL)

  87.         goto err;

  88.     ri->version->data[0] = 0;   /* version == 0 */

  89. 

  90.     if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))

  91.         goto err;

  92. 

  93.     pktmp = X509_get_pubkey(x);

  94.     if (pktmp == NULL)

  95.         goto err;

  96.     i = X509_REQ_set_pubkey(ret, pktmp);

  97.     EVP_PKEY_free(pktmp);

  98.     if (!i)

  99.         goto err;

  100. 

  101.     if (pkey != NULL) {

  102.         if (!X509_REQ_sign(ret, pkey, md))

  103.             goto err;

  104.     }

  105.     return (ret);

  106.  err:

  107.     X509_REQ_free(ret);

  108.     return (NULL);

  109. }

  110. 

  111. EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)

  112. {

  113.     if ((req == NULL) || (req->req_info == NULL))

  114.         return (NULL);

  115.     return (X509_PUBKEY_get(req->req_info->pubkey));

  116. }

  117. 

  118. int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)

  119. {

  120.     EVP_PKEY *xk = NULL;

  121.     int ok = 0;

  122. 

  123.     xk = X509_REQ_get_pubkey(x);

  124.     switch (EVP_PKEY_cmp(xk, k)) {

  125.     case 1:

  126.         ok = 1;

  127.         break;

  128.     case 0:

  129.         OPENSSL_PUT_ERROR(X509, X509_R_KEY_VALUES_MISMATCH);

  130.         break;

  131.     case -1:

  132.         OPENSSL_PUT_ERROR(X509, X509_R_KEY_TYPE_MISMATCH);

  133.         break;

  134.     case -2:

  135.         if (k->type == EVP_PKEY_EC) {

  136.             OPENSSL_PUT_ERROR(X509, ERR_R_EC_LIB);

  137.             break;

  138.         }

  139.         if (k->type == EVP_PKEY_DH) {

  140.             /* No idea */

  141.             OPENSSL_PUT_ERROR(X509, X509_R_CANT_CHECK_DH_KEY);

  142.             break;

  143.         }

  144.         OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE);

  145.     }

  146. 

  147.     EVP_PKEY_free(xk);

  148.     return (ok);

  149. }

  150. 

  151. /*

  152.  * It seems several organisations had the same idea of including a list of

  153.  * extensions in a certificate request. There are at least two OIDs that are

  154.  * used and there may be more: so the list is configurable.

  155.  */

  156. 

  157. static const int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef };

  158. 

  159. static const int *ext_nids = ext_nid_list;

  160. 

  161. int X509_REQ_extension_nid(int req_nid)

  162. {

  163.     int i, nid;

  164.     for (i = 0;; i++) {

  165.         nid = ext_nids[i];

  166.         if (nid == NID_undef)

  167.             return 0;

  168.         else if (req_nid == nid)

  169.             return 1;

  170.     }

  171. }

  172. 

  173. const int *X509_REQ_get_extension_nids(void)

  174. {

  175.     return ext_nids;

  176. }

  177. 

  178. void X509_REQ_set_extension_nids(const int *nids)

  179. {

  180.     ext_nids = nids;

  181. }

  182. 

  183. STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)

  184. {

  185.     X509_ATTRIBUTE *attr;

  186.     ASN1_TYPE *ext = NULL;

  187.     int idx;

  188.     const int *pnid;

  189.     const unsigned char *p;

  190. 

  191.     if ((req == NULL) || (req->req_info == NULL) || !ext_nids)

  192.         return (NULL);

  193.     for (pnid = ext_nids; *pnid != NID_undef; pnid++) {

  194.         idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);

  195.         if (idx == -1)

  196.             continue;

  197.         attr = X509_REQ_get_attr(req, idx);

  198.         if (attr->single)

  199.             ext = attr->value.single;

  200.         else if (sk_ASN1_TYPE_num(attr->value.set))

  201.             ext = sk_ASN1_TYPE_value(attr->value.set, 0);

  202.         break;

  203.     }

  204.     if (!ext || (ext->type != V_ASN1_SEQUENCE))

  205.         return NULL;

  206.     p = ext->value.sequence->data;

  207.     return (STACK_OF(X509_EXTENSION) *)

  208.         ASN1_item_d2i(NULL, &p, ext->value.sequence->length,

  209.                       ASN1_ITEM_rptr(X509_EXTENSIONS));

  210. }

  211. 

  212. /*

  213.  * Add a STACK_OF extensions to a certificate request: allow alternative OIDs

  214.  * in case we want to create a non standard one.

  215.  */

  216. 

  217. int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,

  218.                                 int nid)

  219. {

  220.     ASN1_TYPE *at = NULL;

  221.     X509_ATTRIBUTE *attr = NULL;

  222.     if (!(at = ASN1_TYPE_new()) || !(at->value.sequence = ASN1_STRING_new()))

  223.         goto err;

  224. 

  225.     at->type = V_ASN1_SEQUENCE;

  226.     /* Generate encoding of extensions */

  227.     at->value.sequence->length =

  228.         ASN1_item_i2d((ASN1_VALUE *)exts,

  229.                       &at->value.sequence->data,

  230.                       ASN1_ITEM_rptr(X509_EXTENSIONS));

  231.     if (!(attr = X509_ATTRIBUTE_new()))

  232.         goto err;

  233.     if (!(attr->value.set = sk_ASN1_TYPE_new_null()))

  234.         goto err;

  235.     if (!sk_ASN1_TYPE_push(attr->value.set, at))

  236.         goto err;

  237.     at = NULL;

  238.     attr->single = 0;

  239.     attr->object = (ASN1_OBJECT *)OBJ_nid2obj(nid);

  240.     if (!req->req_info->attributes) {

  241.         if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))

  242.             goto err;

  243.     }

  244.     if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr))

  245.         goto err;

  246.     return 1;

  247.  err:

  248.     X509_ATTRIBUTE_free(attr);

  249.     ASN1_TYPE_free(at);

  250.     return 0;

  251. }

  252. 

  253. /* This is the normal usage: use the "official" OID */

  254. int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)

  255. {

  256.     return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);

  257. }

  258. 

  259. /* Request attribute functions */

  260. 

  261. int X509_REQ_get_attr_count(const X509_REQ *req)

  262. {

  263.     return X509at_get_attr_count(req->req_info->attributes);

  264. }

  265. 

  266. int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos)

  267. {

  268.     return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);

  269. }

  270. 

  271. int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,

  272.                              int lastpos)

  273. {

  274.     return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);

  275. }

  276. 

  277. X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)

  278. {

  279.     return X509at_get_attr(req->req_info->attributes, loc);

  280. }

  281. 

  282. X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)

  283. {

  284.     return X509at_delete_attr(req->req_info->attributes, loc);

  285. }

  286. 

  287. int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)

  288. {

  289.     if (X509at_add1_attr(&req->req_info->attributes, attr))

  290.         return 1;

  291.     return 0;

  292. }

  293. 

  294. int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,

  295.                               const ASN1_OBJECT *obj, int type,

  296.                               const unsigned char *bytes, int len)

  297. {

  298.     if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,

  299.                                 type, bytes, len))

  300.         return 1;

  301.     return 0;

  302. }

  303. 

  304. int X509_REQ_add1_attr_by_NID(X509_REQ *req,

  305.                               int nid, int type,

  306.                               const unsigned char *bytes, int len)

  307. {

  308.     if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid,

  309.                                 type, bytes, len))

  310.         return 1;

  311.     return 0;

  312. }

  313. 

  314. int X509_REQ_add1_attr_by_txt(X509_REQ *req,

  315.                               const char *attrname, int type,

  316.                               const unsigned char *bytes, int len)

  317. {

  318.     if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,

  319.                                 type, bytes, len))

  320.         return 1;

  321.     return 0;

  322. }