]>
Commit | Line | Data |
---|---|---|
b1322259 | 1 | /* |
3c2bdd7d | 2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
3e4b43b9 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
b1322259 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
b39fc560 | 11 | #include "internal/cryptlib.h" |
9d6b1ce6 | 12 | #include <openssl/asn1t.h> |
ec577822 | 13 | #include <openssl/x509.h> |
25f2138b | 14 | #include "crypto/x509.h" |
d02b48c6 | 15 | |
1d97c843 TH |
16 | /*- |
17 | * X509_REQ_INFO is handled in an unusual way to get round | |
9d6b1ce6 DSH |
18 | * invalid encodings. Some broken certificate requests don't |
19 | * encode the attributes field if it is empty. This is in | |
20 | * violation of PKCS#10 but we need to tolerate it. We do | |
21 | * this by making the attributes field OPTIONAL then using | |
0f113f3e | 22 | * the callback to initialise it to an empty STACK. |
9d6b1ce6 DSH |
23 | * |
24 | * This means that the field will be correctly encoded unless | |
25 | * we NULL out the field. | |
26 | * | |
27 | * As a result we no longer need the req_kludge field because | |
28 | * the information is now contained in the attributes field: | |
29 | * 1. If it is NULL then it's the invalid omission. | |
30 | * 2. If it is empty it is the correct encoding. | |
31 | * 3. If it is not empty then some attributes are present. | |
32 | * | |
33 | */ | |
d02b48c6 | 34 | |
24484759 | 35 | static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, |
0f113f3e | 36 | void *exarg) |
9d6b1ce6 | 37 | { |
0f113f3e | 38 | X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; |
d02b48c6 | 39 | |
0f113f3e MC |
40 | if (operation == ASN1_OP_NEW_POST) { |
41 | rinf->attributes = sk_X509_ATTRIBUTE_new_null(); | |
42 | if (!rinf->attributes) | |
43 | return 0; | |
44 | } | |
45 | return 1; | |
9d6b1ce6 DSH |
46 | } |
47 | ||
bc42bd62 PY |
48 | static int req_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, |
49 | void *exarg) | |
50 | { | |
bc42bd62 PY |
51 | X509_REQ *ret = (X509_REQ *)*pval; |
52 | ||
53 | switch (operation) { | |
54 | case ASN1_OP_D2I_PRE: | |
70a7dd6f | 55 | ASN1_OCTET_STRING_free(ret->distinguishing_id); |
c7340583 | 56 | /* fall through */ |
bc42bd62 | 57 | case ASN1_OP_NEW_POST: |
70a7dd6f | 58 | ret->distinguishing_id = NULL; |
bc42bd62 PY |
59 | break; |
60 | ||
61 | case ASN1_OP_FREE_POST: | |
70a7dd6f | 62 | ASN1_OCTET_STRING_free(ret->distinguishing_id); |
a2502862 | 63 | OPENSSL_free(ret->propq); |
bc42bd62 | 64 | break; |
e72dbd8e SL |
65 | case ASN1_OP_DUP_POST: |
66 | { | |
67 | X509_REQ *old = exarg; | |
68 | ||
69 | if (!ossl_x509_req_set0_libctx(ret, old->libctx, old->propq)) | |
70 | return 0; | |
d2b6c062 MC |
71 | if (old->req_info.pubkey != NULL) { |
72 | EVP_PKEY *pkey = X509_PUBKEY_get0(old->req_info.pubkey); | |
73 | ||
74 | if (pkey != NULL) { | |
75 | pkey = EVP_PKEY_dup(pkey); | |
76 | if (pkey == NULL) { | |
e077455e | 77 | ERR_raise(ERR_LIB_X509, ERR_R_EVP_LIB); |
d2b6c062 MC |
78 | return 0; |
79 | } | |
80 | if (!X509_PUBKEY_set(&ret->req_info.pubkey, pkey)) { | |
81 | EVP_PKEY_free(pkey); | |
82 | ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); | |
83 | return 0; | |
84 | } | |
85 | EVP_PKEY_free(pkey); | |
86 | } | |
87 | } | |
88 | } | |
89 | break; | |
90 | case ASN1_OP_GET0_LIBCTX: | |
91 | { | |
92 | OSSL_LIB_CTX **libctx = exarg; | |
93 | ||
94 | *libctx = ret->libctx; | |
95 | } | |
96 | break; | |
97 | case ASN1_OP_GET0_PROPQ: | |
98 | { | |
99 | const char **propq = exarg; | |
100 | ||
101 | *propq = ret->propq; | |
e72dbd8e SL |
102 | } |
103 | break; | |
bc42bd62 | 104 | } |
bc42bd62 PY |
105 | |
106 | return 1; | |
107 | } | |
108 | ||
9d6b1ce6 | 109 | ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { |
0f113f3e MC |
110 | ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), |
111 | ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), | |
112 | ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), | |
113 | /* This isn't really OPTIONAL but it gets round invalid | |
114 | * encodings | |
115 | */ | |
116 | ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) | |
d339187b | 117 | } ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO) |
d02b48c6 | 118 | |
9d6b1ce6 | 119 | IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) |
d02b48c6 | 120 | |
bc42bd62 | 121 | ASN1_SEQUENCE_ref(X509_REQ, req_cb) = { |
95ed0e7c | 122 | ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO), |
6e63c142 | 123 | ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR), |
0f113f3e | 124 | ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) |
d339187b | 125 | } ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ) |
d02b48c6 | 126 | |
9d6b1ce6 | 127 | IMPLEMENT_ASN1_FUNCTIONS(X509_REQ) |
0f113f3e | 128 | |
1241126a | 129 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ) |
bc42bd62 | 130 | |
70a7dd6f | 131 | void X509_REQ_set0_distinguishing_id(X509_REQ *x, ASN1_OCTET_STRING *d_id) |
bc42bd62 | 132 | { |
70a7dd6f RL |
133 | ASN1_OCTET_STRING_free(x->distinguishing_id); |
134 | x->distinguishing_id = d_id; | |
bc42bd62 PY |
135 | } |
136 | ||
70a7dd6f | 137 | ASN1_OCTET_STRING *X509_REQ_get0_distinguishing_id(X509_REQ *x) |
bc42bd62 | 138 | { |
70a7dd6f | 139 | return x->distinguishing_id; |
bc42bd62 | 140 | } |
e72dbd8e SL |
141 | |
142 | /* | |
143 | * This should only be used if the X509_REQ object was embedded inside another | |
144 | * asn1 object and it needs a libctx to operate. | |
145 | * Use X509_REQ_new_ex() instead if possible. | |
146 | */ | |
147 | int ossl_x509_req_set0_libctx(X509_REQ *x, OSSL_LIB_CTX *libctx, | |
148 | const char *propq) | |
149 | { | |
150 | if (x != NULL) { | |
151 | x->libctx = libctx; | |
152 | OPENSSL_free(x->propq); | |
153 | x->propq = NULL; | |
154 | if (propq != NULL) { | |
155 | x->propq = OPENSSL_strdup(propq); | |
156 | if (x->propq == NULL) | |
157 | return 0; | |
158 | } | |
159 | } | |
160 | return 1; | |
161 | } | |
162 | ||
163 | X509_REQ *X509_REQ_new_ex(OSSL_LIB_CTX *libctx, const char *propq) | |
164 | { | |
165 | X509_REQ *req = NULL; | |
166 | ||
167 | req = (X509_REQ *)ASN1_item_new((X509_REQ_it())); | |
168 | if (!ossl_x509_req_set0_libctx(req, libctx, propq)) { | |
169 | X509_REQ_free(req); | |
170 | req = NULL; | |
171 | } | |
172 | return req; | |
173 | } |