]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/x509/x_req.c
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/asn1t.h>
13 #include <openssl/x509.h>
14 #include "internal/x509_int.h"
17 * X509_REQ_INFO is handled in an unusual way to get round
18 * invalid encodings. Some broken certificate requests don't
19 * encode the attributes field if it is empty. This is in
20 * violation of PKCS#10 but we need to tolerate it. We do
21 * this by making the attributes field OPTIONAL then using
22 * the callback to initialise it to an empty STACK.
24 * This means that the field will be correctly encoded unless
25 * we NULL out the field.
27 * As a result we no longer need the req_kludge field because
28 * the information is now contained in the attributes field:
29 * 1. If it is NULL then it's the invalid omission.
30 * 2. If it is empty it is the correct encoding.
31 * 3. If it is not empty then some attributes are present.
35 static int rinf_cb(int operation
, ASN1_VALUE
**pval
, const ASN1_ITEM
*it
,
38 X509_REQ_INFO
*rinf
= (X509_REQ_INFO
*)*pval
;
40 if (operation
== ASN1_OP_NEW_POST
) {
41 rinf
->attributes
= sk_X509_ATTRIBUTE_new_null();
42 if (!rinf
->attributes
)
48 ASN1_SEQUENCE_enc(X509_REQ_INFO
, enc
, rinf_cb
) = {
49 ASN1_SIMPLE(X509_REQ_INFO
, version
, ASN1_INTEGER
),
50 ASN1_SIMPLE(X509_REQ_INFO
, subject
, X509_NAME
),
51 ASN1_SIMPLE(X509_REQ_INFO
, pubkey
, X509_PUBKEY
),
52 /* This isn't really OPTIONAL but it gets round invalid
55 ASN1_IMP_SET_OF_OPT(X509_REQ_INFO
, attributes
, X509_ATTRIBUTE
, 0)
56 } ASN1_SEQUENCE_END_enc(X509_REQ_INFO
, X509_REQ_INFO
)
58 IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO
)
60 ASN1_SEQUENCE_ref(X509_REQ
, 0) = {
61 ASN1_EMBED(X509_REQ
, req_info
, X509_REQ_INFO
),
62 ASN1_EMBED(X509_REQ
, sig_alg
, X509_ALGOR
),
63 ASN1_SIMPLE(X509_REQ
, signature
, ASN1_BIT_STRING
)
64 } ASN1_SEQUENCE_END_ref(X509_REQ
, X509_REQ
)
66 IMPLEMENT_ASN1_FUNCTIONS(X509_REQ
)
68 IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ
)