]>
Commit | Line | Data |
---|---|---|
b1322259 RS |
1 | /* |
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
d02b48c6 | 3 | * |
3e4b43b9 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
b1322259 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
b39fc560 | 11 | #include "internal/cryptlib.h" |
9d6b1ce6 | 12 | #include <openssl/asn1t.h> |
ec577822 | 13 | #include <openssl/x509.h> |
124055a9 | 14 | #include "internal/x509_int.h" |
d02b48c6 | 15 | |
1d97c843 TH |
16 | /*- |
17 | * X509_REQ_INFO is handled in an unusual way to get round | |
9d6b1ce6 DSH |
18 | * invalid encodings. Some broken certificate requests don't |
19 | * encode the attributes field if it is empty. This is in | |
20 | * violation of PKCS#10 but we need to tolerate it. We do | |
21 | * this by making the attributes field OPTIONAL then using | |
0f113f3e | 22 | * the callback to initialise it to an empty STACK. |
9d6b1ce6 DSH |
23 | * |
24 | * This means that the field will be correctly encoded unless | |
25 | * we NULL out the field. | |
26 | * | |
27 | * As a result we no longer need the req_kludge field because | |
28 | * the information is now contained in the attributes field: | |
29 | * 1. If it is NULL then it's the invalid omission. | |
30 | * 2. If it is empty it is the correct encoding. | |
31 | * 3. If it is not empty then some attributes are present. | |
32 | * | |
33 | */ | |
d02b48c6 | 34 | |
24484759 | 35 | static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, |
0f113f3e | 36 | void *exarg) |
9d6b1ce6 | 37 | { |
0f113f3e | 38 | X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; |
d02b48c6 | 39 | |
0f113f3e MC |
40 | if (operation == ASN1_OP_NEW_POST) { |
41 | rinf->attributes = sk_X509_ATTRIBUTE_new_null(); | |
42 | if (!rinf->attributes) | |
43 | return 0; | |
44 | } | |
45 | return 1; | |
9d6b1ce6 DSH |
46 | } |
47 | ||
48 | ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { | |
0f113f3e MC |
49 | ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), |
50 | ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), | |
51 | ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), | |
52 | /* This isn't really OPTIONAL but it gets round invalid | |
53 | * encodings | |
54 | */ | |
55 | ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) | |
d339187b | 56 | } ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO) |
d02b48c6 | 57 | |
9d6b1ce6 | 58 | IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) |
d02b48c6 | 59 | |
c001ce33 | 60 | ASN1_SEQUENCE_ref(X509_REQ, 0) = { |
95ed0e7c | 61 | ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO), |
6e63c142 | 62 | ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR), |
0f113f3e | 63 | ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) |
d339187b | 64 | } ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ) |
d02b48c6 | 65 | |
9d6b1ce6 | 66 | IMPLEMENT_ASN1_FUNCTIONS(X509_REQ) |
0f113f3e | 67 | |
1241126a | 68 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ) |