]>
Commit | Line | Data |
---|---|---|
2aa707c6 | 1 | /* crypto/x509/t_x509.c */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
0f113f3e | 8 | * |
d02b48c6 RE |
9 | * This library is free for commercial and non-commercial use as long as |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
0f113f3e | 15 | * |
d02b48c6 RE |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
0f113f3e | 22 | * |
d02b48c6 RE |
23 | * Redistribution and use in source and binary forms, with or without |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
0f113f3e | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
d02b48c6 RE |
38 | * the apps directory (application code) you must include an acknowledgement: |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
0f113f3e | 40 | * |
d02b48c6 RE |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
0f113f3e | 52 | * |
d02b48c6 RE |
53 | * The licence and distribution terms for any publically available version or |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
b39fc560 | 60 | #include "internal/cryptlib.h" |
ec577822 BM |
61 | #include <openssl/buffer.h> |
62 | #include <openssl/bn.h> | |
ec577822 BM |
63 | #include <openssl/objects.h> |
64 | #include <openssl/x509.h> | |
65 | #include <openssl/x509v3.h> | |
5fe736e5 | 66 | #include "internal/asn1_int.h" |
d02b48c6 | 67 | |
4b618848 | 68 | #ifndef OPENSSL_NO_STDIO |
6b691a5c | 69 | int X509_print_fp(FILE *fp, X509 *x) |
0f113f3e MC |
70 | { |
71 | return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); | |
72 | } | |
d0c98589 | 73 | |
0f113f3e MC |
74 | int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, |
75 | unsigned long cflag) | |
76 | { | |
77 | BIO *b; | |
78 | int ret; | |
79 | ||
80 | if ((b = BIO_new(BIO_s_file())) == NULL) { | |
81 | X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB); | |
82 | return (0); | |
83 | } | |
84 | BIO_set_fp(b, fp, BIO_NOCLOSE); | |
85 | ret = X509_print_ex(b, x, nmflag, cflag); | |
86 | BIO_free(b); | |
87 | return (ret); | |
88 | } | |
d02b48c6 RE |
89 | #endif |
90 | ||
6b691a5c | 91 | int X509_print(BIO *bp, X509 *x) |
d0c98589 | 92 | { |
0f113f3e | 93 | return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); |
d0c98589 DSH |
94 | } |
95 | ||
0f113f3e MC |
96 | int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, |
97 | unsigned long cflag) | |
98 | { | |
99 | long l; | |
100 | int ret = 0, i; | |
101 | char *m = NULL, mlch = ' '; | |
102 | int nmindent = 0; | |
0f113f3e MC |
103 | ASN1_INTEGER *bs; |
104 | EVP_PKEY *pkey = NULL; | |
105 | const char *neg; | |
106 | ||
107 | if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { | |
108 | mlch = '\n'; | |
109 | nmindent = 12; | |
110 | } | |
111 | ||
112 | if (nmflags == X509_FLAG_COMPAT) | |
113 | nmindent = 16; | |
114 | ||
0f113f3e MC |
115 | if (!(cflag & X509_FLAG_NO_HEADER)) { |
116 | if (BIO_write(bp, "Certificate:\n", 13) <= 0) | |
117 | goto err; | |
118 | if (BIO_write(bp, " Data:\n", 10) <= 0) | |
119 | goto err; | |
120 | } | |
121 | if (!(cflag & X509_FLAG_NO_VERSION)) { | |
122 | l = X509_get_version(x); | |
123 | if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0) | |
124 | goto err; | |
125 | } | |
126 | if (!(cflag & X509_FLAG_NO_SERIAL)) { | |
127 | ||
128 | if (BIO_write(bp, " Serial Number:", 22) <= 0) | |
129 | goto err; | |
130 | ||
131 | bs = X509_get_serialNumber(x); | |
132 | if (bs->length <= (int)sizeof(long)) { | |
4336de0c DSH |
133 | ERR_set_mark(); |
134 | l = ASN1_INTEGER_get(bs); | |
135 | ERR_pop_to_mark(); | |
136 | } else { | |
137 | l = -1; | |
138 | } | |
139 | if (l != -1) { | |
0f113f3e MC |
140 | if (bs->type == V_ASN1_NEG_INTEGER) { |
141 | l = -l; | |
142 | neg = "-"; | |
143 | } else | |
144 | neg = ""; | |
145 | if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0) | |
146 | goto err; | |
147 | } else { | |
148 | neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : ""; | |
149 | if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) | |
150 | goto err; | |
151 | ||
152 | for (i = 0; i < bs->length; i++) { | |
153 | if (BIO_printf(bp, "%02x%c", bs->data[i], | |
154 | ((i + 1 == bs->length) ? '\n' : ':')) <= 0) | |
155 | goto err; | |
156 | } | |
157 | } | |
158 | ||
159 | } | |
160 | ||
161 | if (!(cflag & X509_FLAG_NO_SIGNAME)) { | |
699f1635 DSH |
162 | X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x); |
163 | if (X509_signature_print(bp, tsig_alg, NULL) <= 0) | |
0f113f3e | 164 | goto err; |
0f113f3e MC |
165 | } |
166 | ||
167 | if (!(cflag & X509_FLAG_NO_ISSUER)) { | |
168 | if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) | |
169 | goto err; | |
170 | if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) | |
171 | < 0) | |
172 | goto err; | |
173 | if (BIO_write(bp, "\n", 1) <= 0) | |
174 | goto err; | |
175 | } | |
176 | if (!(cflag & X509_FLAG_NO_VALIDITY)) { | |
177 | if (BIO_write(bp, " Validity\n", 17) <= 0) | |
178 | goto err; | |
179 | if (BIO_write(bp, " Not Before: ", 24) <= 0) | |
180 | goto err; | |
181 | if (!ASN1_TIME_print(bp, X509_get_notBefore(x))) | |
182 | goto err; | |
183 | if (BIO_write(bp, "\n Not After : ", 25) <= 0) | |
184 | goto err; | |
185 | if (!ASN1_TIME_print(bp, X509_get_notAfter(x))) | |
186 | goto err; | |
187 | if (BIO_write(bp, "\n", 1) <= 0) | |
188 | goto err; | |
189 | } | |
190 | if (!(cflag & X509_FLAG_NO_SUBJECT)) { | |
191 | if (BIO_printf(bp, " Subject:%c", mlch) <= 0) | |
192 | goto err; | |
193 | if (X509_NAME_print_ex | |
194 | (bp, X509_get_subject_name(x), nmindent, nmflags) < 0) | |
195 | goto err; | |
196 | if (BIO_write(bp, "\n", 1) <= 0) | |
197 | goto err; | |
198 | } | |
199 | if (!(cflag & X509_FLAG_NO_PUBKEY)) { | |
699f1635 DSH |
200 | X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x); |
201 | ASN1_OBJECT *xpoid; | |
202 | X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey); | |
0f113f3e MC |
203 | if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) |
204 | goto err; | |
205 | if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) | |
206 | goto err; | |
699f1635 | 207 | if (i2a_ASN1_OBJECT(bp, xpoid) <= 0) |
0f113f3e MC |
208 | goto err; |
209 | if (BIO_puts(bp, "\n") <= 0) | |
210 | goto err; | |
211 | ||
212 | pkey = X509_get_pubkey(x); | |
213 | if (pkey == NULL) { | |
214 | BIO_printf(bp, "%12sUnable to load Public Key\n", ""); | |
215 | ERR_print_errors(bp); | |
216 | } else { | |
217 | EVP_PKEY_print_public(bp, pkey, 16, NULL); | |
218 | EVP_PKEY_free(pkey); | |
219 | } | |
220 | } | |
221 | ||
222 | if (!(cflag & X509_FLAG_NO_IDS)) { | |
699f1635 DSH |
223 | ASN1_BIT_STRING *iuid, *suid; |
224 | X509_get0_uids(&iuid, &suid, x); | |
225 | if (iuid != NULL) { | |
0f113f3e MC |
226 | if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0) |
227 | goto err; | |
699f1635 | 228 | if (!X509_signature_dump(bp, iuid, 12)) |
0f113f3e MC |
229 | goto err; |
230 | } | |
699f1635 | 231 | if (suid != NULL) { |
0f113f3e MC |
232 | if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0) |
233 | goto err; | |
699f1635 | 234 | if (!X509_signature_dump(bp, suid, 12)) |
0f113f3e MC |
235 | goto err; |
236 | } | |
237 | } | |
238 | ||
239 | if (!(cflag & X509_FLAG_NO_EXTENSIONS)) | |
240 | X509V3_extensions_print(bp, "X509v3 extensions", | |
699f1635 | 241 | X509_get0_extensions(x), cflag, 8); |
0f113f3e MC |
242 | |
243 | if (!(cflag & X509_FLAG_NO_SIGDUMP)) { | |
699f1635 DSH |
244 | X509_ALGOR *sig_alg; |
245 | ASN1_BIT_STRING *sig; | |
246 | X509_get0_signature(&sig, &sig_alg, x); | |
247 | if (X509_signature_print(bp, sig_alg, sig) <= 0) | |
0f113f3e MC |
248 | goto err; |
249 | } | |
250 | if (!(cflag & X509_FLAG_NO_AUX)) { | |
699f1635 | 251 | if (!X509_aux_print(bp, x, 0)) |
0f113f3e MC |
252 | goto err; |
253 | } | |
254 | ret = 1; | |
255 | err: | |
b548a1f1 | 256 | OPENSSL_free(m); |
0f113f3e MC |
257 | return (ret); |
258 | } | |
259 | ||
260 | int X509_ocspid_print(BIO *bp, X509 *x) | |
261 | { | |
262 | unsigned char *der = NULL; | |
263 | unsigned char *dertmp; | |
264 | int derlen; | |
265 | int i; | |
266 | unsigned char SHA1md[SHA_DIGEST_LENGTH]; | |
699f1635 DSH |
267 | ASN1_BIT_STRING *keybstr; |
268 | X509_NAME *subj; | |
0f113f3e MC |
269 | |
270 | /* | |
271 | * display the hash of the subject as it would appear in OCSP requests | |
272 | */ | |
273 | if (BIO_printf(bp, " Subject OCSP hash: ") <= 0) | |
274 | goto err; | |
699f1635 DSH |
275 | subj = X509_get_subject_name(x); |
276 | derlen = i2d_X509_NAME(subj, NULL); | |
b196e7d9 | 277 | if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL) |
0f113f3e | 278 | goto err; |
699f1635 | 279 | i2d_X509_NAME(subj, &dertmp); |
0f113f3e MC |
280 | |
281 | if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL)) | |
282 | goto err; | |
283 | for (i = 0; i < SHA_DIGEST_LENGTH; i++) { | |
284 | if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) | |
285 | goto err; | |
286 | } | |
287 | OPENSSL_free(der); | |
288 | der = NULL; | |
289 | ||
290 | /* | |
291 | * display the hash of the public key as it would appear in OCSP requests | |
292 | */ | |
293 | if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0) | |
294 | goto err; | |
295 | ||
699f1635 DSH |
296 | keybstr = X509_get0_pubkey_bitstr(x); |
297 | ||
298 | if (keybstr == NULL) | |
299 | goto err; | |
300 | ||
301 | if (!EVP_Digest(ASN1_STRING_data(keybstr), ASN1_STRING_length(keybstr), | |
0f113f3e MC |
302 | SHA1md, NULL, EVP_sha1(), NULL)) |
303 | goto err; | |
304 | for (i = 0; i < SHA_DIGEST_LENGTH; i++) { | |
305 | if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) | |
306 | goto err; | |
307 | } | |
308 | BIO_printf(bp, "\n"); | |
309 | ||
310 | return (1); | |
311 | err: | |
b548a1f1 | 312 | OPENSSL_free(der); |
0f113f3e MC |
313 | return (0); |
314 | } | |
eb64730b | 315 | |
fa1ba589 | 316 | int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) |
de487514 | 317 | { |
0f113f3e MC |
318 | const unsigned char *s; |
319 | int i, n; | |
320 | ||
321 | n = sig->length; | |
322 | s = sig->data; | |
323 | for (i = 0; i < n; i++) { | |
324 | if ((i % 18) == 0) { | |
325 | if (BIO_write(bp, "\n", 1) <= 0) | |
326 | return 0; | |
327 | if (BIO_indent(bp, indent, indent) <= 0) | |
328 | return 0; | |
329 | } | |
330 | if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0) | |
331 | return 0; | |
332 | } | |
333 | if (BIO_write(bp, "\n", 1) != 1) | |
334 | return 0; | |
335 | ||
336 | return 1; | |
de487514 DSH |
337 | } |
338 | ||
fa1ba589 DSH |
339 | int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) |
340 | { | |
0f113f3e MC |
341 | int sig_nid; |
342 | if (BIO_puts(bp, " Signature Algorithm: ") <= 0) | |
343 | return 0; | |
344 | if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) | |
345 | return 0; | |
346 | ||
347 | sig_nid = OBJ_obj2nid(sigalg->algorithm); | |
348 | if (sig_nid != NID_undef) { | |
349 | int pkey_nid, dig_nid; | |
350 | const EVP_PKEY_ASN1_METHOD *ameth; | |
351 | if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) { | |
352 | ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); | |
353 | if (ameth && ameth->sig_print) | |
354 | return ameth->sig_print(bp, sigalg, sig, 9, 0); | |
355 | } | |
356 | } | |
357 | if (sig) | |
358 | return X509_signature_dump(bp, sig, 9); | |
359 | else if (BIO_puts(bp, "\n") <= 0) | |
360 | return 0; | |
361 | return 1; | |
fa1ba589 | 362 | } |
699f1635 DSH |
363 | |
364 | int X509_aux_print(BIO *out, X509 *x, int indent) | |
365 | { | |
366 | char oidstr[80], first; | |
367 | STACK_OF(ASN1_OBJECT) *trust, *reject; | |
368 | const unsigned char *alias, *keyid; | |
369 | int keyidlen; | |
370 | int i; | |
371 | if (X509_trusted(x) == 0) | |
372 | return 1; | |
373 | trust = X509_get0_trust_objects(x); | |
374 | reject = X509_get0_reject_objects(x); | |
375 | if (trust) { | |
376 | first = 1; | |
377 | BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, ""); | |
378 | for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { | |
379 | if (!first) | |
380 | BIO_puts(out, ", "); | |
381 | else | |
382 | first = 0; | |
383 | OBJ_obj2txt(oidstr, sizeof oidstr, | |
384 | sk_ASN1_OBJECT_value(trust, i), 0); | |
385 | BIO_puts(out, oidstr); | |
386 | } | |
387 | BIO_puts(out, "\n"); | |
388 | } else | |
389 | BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); | |
390 | if (reject) { | |
391 | first = 1; | |
392 | BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, ""); | |
393 | for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) { | |
394 | if (!first) | |
395 | BIO_puts(out, ", "); | |
396 | else | |
397 | first = 0; | |
398 | OBJ_obj2txt(oidstr, sizeof oidstr, | |
399 | sk_ASN1_OBJECT_value(reject, i), 0); | |
400 | BIO_puts(out, oidstr); | |
401 | } | |
402 | BIO_puts(out, "\n"); | |
403 | } else | |
404 | BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); | |
405 | alias = X509_alias_get0(x, NULL); | |
406 | if (alias) | |
407 | BIO_printf(out, "%*sAlias: %s\n", indent, "", alias); | |
408 | keyid = X509_keyid_get0(x, &keyidlen); | |
409 | if (keyid) { | |
410 | BIO_printf(out, "%*sKey Id: ", indent, ""); | |
411 | for (i = 0; i < keyidlen; i++) | |
412 | BIO_printf(out, "%s%02X", i ? ":" : "", keyid[i]); | |
413 | BIO_write(out, "\n", 1); | |
414 | } | |
415 | return 1; | |
416 | } |