]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the OpenSSL license (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <stdio.h> | |
11 | #include "internal/cryptlib.h" | |
12 | #include "internal/refcount.h" | |
13 | #include <openssl/asn1.h> | |
14 | #include <openssl/objects.h> | |
15 | #include <openssl/evp.h> | |
16 | #include <openssl/x509.h> | |
17 | #include <openssl/x509v3.h> | |
18 | #include "internal/asn1_int.h" | |
19 | #include "internal/x509_int.h" | |
20 | #include "x509_lcl.h" | |
21 | ||
22 | int X509_set_version(X509 *x, long version) | |
23 | { | |
24 | if (x == NULL) | |
25 | return (0); | |
26 | if (version == 0) { | |
27 | ASN1_INTEGER_free(x->cert_info.version); | |
28 | x->cert_info.version = NULL; | |
29 | return 1; | |
30 | } | |
31 | if (x->cert_info.version == NULL) { | |
32 | if ((x->cert_info.version = ASN1_INTEGER_new()) == NULL) | |
33 | return (0); | |
34 | } | |
35 | return (ASN1_INTEGER_set(x->cert_info.version, version)); | |
36 | } | |
37 | ||
38 | int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) | |
39 | { | |
40 | ASN1_INTEGER *in; | |
41 | ||
42 | if (x == NULL) | |
43 | return 0; | |
44 | in = &x->cert_info.serialNumber; | |
45 | if (in != serial) | |
46 | return ASN1_STRING_copy(in, serial); | |
47 | return 1; | |
48 | } | |
49 | ||
50 | int X509_set_issuer_name(X509 *x, X509_NAME *name) | |
51 | { | |
52 | if (x == NULL) | |
53 | return (0); | |
54 | return (X509_NAME_set(&x->cert_info.issuer, name)); | |
55 | } | |
56 | ||
57 | int X509_set_subject_name(X509 *x, X509_NAME *name) | |
58 | { | |
59 | if (x == NULL) | |
60 | return (0); | |
61 | return (X509_NAME_set(&x->cert_info.subject, name)); | |
62 | } | |
63 | ||
64 | int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm) | |
65 | { | |
66 | ASN1_TIME *in; | |
67 | in = *ptm; | |
68 | if (in != tm) { | |
69 | in = ASN1_STRING_dup(tm); | |
70 | if (in != NULL) { | |
71 | ASN1_TIME_free(*ptm); | |
72 | *ptm = in; | |
73 | } | |
74 | } | |
75 | return (in != NULL); | |
76 | } | |
77 | ||
78 | int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm) | |
79 | { | |
80 | if (x == NULL) | |
81 | return 0; | |
82 | return x509_set1_time(&x->cert_info.validity.notBefore, tm); | |
83 | } | |
84 | ||
85 | int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) | |
86 | { | |
87 | if (x == NULL) | |
88 | return 0; | |
89 | return x509_set1_time(&x->cert_info.validity.notAfter, tm); | |
90 | } | |
91 | ||
92 | int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) | |
93 | { | |
94 | if (x == NULL) | |
95 | return (0); | |
96 | return (X509_PUBKEY_set(&(x->cert_info.key), pkey)); | |
97 | } | |
98 | ||
99 | int X509_up_ref(X509 *x) | |
100 | { | |
101 | int i; | |
102 | ||
103 | if (CRYPTO_UP_REF(&x->references, &i, x->lock) <= 0) | |
104 | return 0; | |
105 | ||
106 | REF_PRINT_COUNT("X509", x); | |
107 | REF_ASSERT_ISNT(i < 2); | |
108 | return ((i > 1) ? 1 : 0); | |
109 | } | |
110 | ||
111 | long X509_get_version(const X509 *x) | |
112 | { | |
113 | return ASN1_INTEGER_get(x->cert_info.version); | |
114 | } | |
115 | ||
116 | const ASN1_TIME *X509_get0_notBefore(const X509 *x) | |
117 | { | |
118 | return x->cert_info.validity.notBefore; | |
119 | } | |
120 | ||
121 | const ASN1_TIME *X509_get0_notAfter(const X509 *x) | |
122 | { | |
123 | return x->cert_info.validity.notAfter; | |
124 | } | |
125 | ||
126 | ASN1_TIME *X509_getm_notBefore(const X509 *x) | |
127 | { | |
128 | return x->cert_info.validity.notBefore; | |
129 | } | |
130 | ||
131 | ASN1_TIME *X509_getm_notAfter(const X509 *x) | |
132 | { | |
133 | return x->cert_info.validity.notAfter; | |
134 | } | |
135 | ||
136 | int X509_get_signature_type(const X509 *x) | |
137 | { | |
138 | return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm)); | |
139 | } | |
140 | ||
141 | X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x) | |
142 | { | |
143 | return x->cert_info.key; | |
144 | } | |
145 | ||
146 | const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x) | |
147 | { | |
148 | return x->cert_info.extensions; | |
149 | } | |
150 | ||
151 | void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, | |
152 | const ASN1_BIT_STRING **psuid) | |
153 | { | |
154 | if (piuid != NULL) | |
155 | *piuid = x->cert_info.issuerUID; | |
156 | if (psuid != NULL) | |
157 | *psuid = x->cert_info.subjectUID; | |
158 | } | |
159 | ||
160 | const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) | |
161 | { | |
162 | return &x->cert_info.signature; | |
163 | } | |
164 | ||
165 | int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, | |
166 | int *secbits, uint32_t *flags) | |
167 | { | |
168 | if (mdnid != NULL) | |
169 | *mdnid = siginf->mdnid; | |
170 | if (pknid != NULL) | |
171 | *pknid = siginf->pknid; | |
172 | if (secbits != NULL) | |
173 | *secbits = siginf->secbits; | |
174 | if (flags != NULL) | |
175 | *flags = siginf->flags; | |
176 | return (siginf->flags & X509_SIG_INFO_VALID) != 0; | |
177 | } | |
178 | ||
179 | void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, | |
180 | int secbits, uint32_t flags) | |
181 | { | |
182 | siginf->mdnid = mdnid; | |
183 | siginf->pknid = pknid; | |
184 | siginf->secbits = secbits; | |
185 | siginf->flags = flags; | |
186 | } | |
187 | ||
188 | int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, | |
189 | uint32_t *flags) | |
190 | { | |
191 | X509_check_purpose(x, -1, -1); | |
192 | return X509_SIG_INFO_get(&x->siginf, mdnid, pknid, secbits, flags); | |
193 | } | |
194 | ||
195 | static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, | |
196 | const ASN1_STRING *sig) | |
197 | { | |
198 | int pknid, mdnid; | |
199 | const EVP_MD *md; | |
200 | ||
201 | siginf->mdnid = NID_undef; | |
202 | siginf->pknid = NID_undef; | |
203 | siginf->secbits = -1; | |
204 | siginf->flags = 0; | |
205 | if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid) | |
206 | || pknid == NID_undef) | |
207 | return; | |
208 | siginf->pknid = pknid; | |
209 | if (mdnid == NID_undef) { | |
210 | /* If we have one, use a custom handler for this algorithm */ | |
211 | const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, pknid); | |
212 | if (ameth == NULL || ameth->siginf_set == NULL | |
213 | || ameth->siginf_set(siginf, alg, sig) == 0) | |
214 | return; | |
215 | siginf->flags |= X509_SIG_INFO_VALID; | |
216 | return; | |
217 | } | |
218 | siginf->flags |= X509_SIG_INFO_VALID; | |
219 | siginf->mdnid = mdnid; | |
220 | md = EVP_get_digestbynid(mdnid); | |
221 | if (md == NULL) | |
222 | return; | |
223 | /* Security bits: half number of bits in digest */ | |
224 | siginf->secbits = EVP_MD_size(md) * 4; | |
225 | switch (mdnid) { | |
226 | case NID_sha1: | |
227 | case NID_sha256: | |
228 | case NID_sha384: | |
229 | case NID_sha512: | |
230 | siginf->flags |= X509_SIG_INFO_TLS; | |
231 | } | |
232 | } | |
233 | ||
234 | void x509_init_sig_info(X509 *x) | |
235 | { | |
236 | x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature); | |
237 | } |