crypto/x509/x509_set.c

   1 /*
   2  * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include "internal/cryptlib.h"
  12 #include "internal/refcount.h"
  13 #include <openssl/asn1.h>
  14 #include <openssl/objects.h>
  15 #include <openssl/evp.h>
  16 #include <openssl/x509.h>
  17 #include <openssl/x509v3.h>
  18 #include "crypto/asn1.h"
  19 #include "crypto/x509.h"
  20 #include "x509_lcl.h"
  21
  22 int X509_set_version(X509 *x, long version)
  23 {
  24     if (x == NULL)
  25         return 0;
  26     if (version == 0) {
  27         ASN1_INTEGER_free(x->cert_info.version);
  28         x->cert_info.version = NULL;
  29         return 1;
  30     }
  31     if (x->cert_info.version == NULL) {
  32         if ((x->cert_info.version = ASN1_INTEGER_new()) == NULL)
  33             return 0;
  34     }
  35     return ASN1_INTEGER_set(x->cert_info.version, version);
  36 }
  37
  38 int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
  39 {
  40     ASN1_INTEGER *in;
  41
  42     if (x == NULL)
  43         return 0;
  44     in = &x->cert_info.serialNumber;
  45     if (in != serial)
  46         return ASN1_STRING_copy(in, serial);
  47     return 1;
  48 }
  49
  50 int X509_set_issuer_name(X509 *x, X509_NAME *name)
  51 {
  52     if (x == NULL)
  53         return 0;
  54     return X509_NAME_set(&x->cert_info.issuer, name);
  55 }
  56
  57 int X509_set_subject_name(X509 *x, X509_NAME *name)
  58 {
  59     if (x == NULL)
  60         return 0;
  61     return X509_NAME_set(&x->cert_info.subject, name);
  62 }
  63
  64 int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
  65 {
  66     ASN1_TIME *in;
  67     in = *ptm;
  68     if (in != tm) {
  69         in = ASN1_STRING_dup(tm);
  70         if (in != NULL) {
  71             ASN1_TIME_free(*ptm);
  72             *ptm = in;
  73         }
  74     }
  75     return (in != NULL);
  76 }
  77
  78 int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
  79 {
  80     if (x == NULL)
  81         return 0;
  82     return x509_set1_time(&x->cert_info.validity.notBefore, tm);
  83 }
  84
  85 int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
  86 {
  87     if (x == NULL)
  88         return 0;
  89     return x509_set1_time(&x->cert_info.validity.notAfter, tm);
  90 }
  91
  92 int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
  93 {
  94     if (x == NULL)
  95         return 0;
  96     return X509_PUBKEY_set(&(x->cert_info.key), pkey);
  97 }
  98
  99 int X509_up_ref(X509 *x)
 100 {
 101     int i;
 102
 103     if (CRYPTO_UP_REF(&x->references, &i, x->lock) <= 0)
 104         return 0;
 105
 106     REF_PRINT_COUNT("X509", x);
 107     REF_ASSERT_ISNT(i < 2);
 108     return ((i > 1) ? 1 : 0);
 109 }
 110
 111 long X509_get_version(const X509 *x)
 112 {
 113     return ASN1_INTEGER_get(x->cert_info.version);
 114 }
 115
 116 const ASN1_TIME *X509_get0_notBefore(const X509 *x)
 117 {
 118     return x->cert_info.validity.notBefore;
 119 }
 120
 121 const ASN1_TIME *X509_get0_notAfter(const X509 *x)
 122 {
 123     return x->cert_info.validity.notAfter;
 124 }
 125
 126 ASN1_TIME *X509_getm_notBefore(const X509 *x)
 127 {
 128     return x->cert_info.validity.notBefore;
 129 }
 130
 131 ASN1_TIME *X509_getm_notAfter(const X509 *x)
 132 {
 133     return x->cert_info.validity.notAfter;
 134 }
 135
 136 int X509_get_signature_type(const X509 *x)
 137 {
 138     return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm));
 139 }
 140
 141 X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x)
 142 {
 143     return x->cert_info.key;
 144 }
 145
 146 const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x)
 147 {
 148     return x->cert_info.extensions;
 149 }
 150
 151 void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
 152                     const ASN1_BIT_STRING **psuid)
 153 {
 154     if (piuid != NULL)
 155         *piuid = x->cert_info.issuerUID;
 156     if (psuid != NULL)
 157         *psuid = x->cert_info.subjectUID;
 158 }
 159
 160 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
 161 {
 162     return &x->cert_info.signature;
 163 }
 164
 165 int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
 166                       int *secbits, uint32_t *flags)
 167 {
 168     if (mdnid != NULL)
 169         *mdnid = siginf->mdnid;
 170     if (pknid != NULL)
 171         *pknid = siginf->pknid;
 172     if (secbits != NULL)
 173         *secbits = siginf->secbits;
 174     if (flags != NULL)
 175         *flags = siginf->flags;
 176     return (siginf->flags & X509_SIG_INFO_VALID) != 0;
 177 }
 178
 179 void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
 180                        int secbits, uint32_t flags)
 181 {
 182     siginf->mdnid = mdnid;
 183     siginf->pknid = pknid;
 184     siginf->secbits = secbits;
 185     siginf->flags = flags;
 186 }
 187
 188 int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
 189                             uint32_t *flags)
 190 {
 191     X509_check_purpose(x, -1, -1);
 192     return X509_SIG_INFO_get(&x->siginf, mdnid, pknid, secbits, flags);
 193 }
 194
 195 static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
 196                                const ASN1_STRING *sig)
 197 {
 198     int pknid, mdnid;
 199     const EVP_MD *md;
 200
 201     siginf->mdnid = NID_undef;
 202     siginf->pknid = NID_undef;
 203     siginf->secbits = -1;
 204     siginf->flags = 0;
 205     if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid)
 206             || pknid == NID_undef)
 207         return;
 208     siginf->pknid = pknid;
 209     if (mdnid == NID_undef) {
 210         /* If we have one, use a custom handler for this algorithm */
 211         const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, pknid);
 212         if (ameth == NULL || ameth->siginf_set == NULL
 213                 || ameth->siginf_set(siginf, alg, sig) == 0)
 214             return;
 215         siginf->flags |= X509_SIG_INFO_VALID;
 216         return;
 217     }
 218     siginf->flags |= X509_SIG_INFO_VALID;
 219     siginf->mdnid = mdnid;
 220     md = EVP_get_digestbynid(mdnid);
 221     if (md == NULL)
 222         return;
 223     /* Security bits: half number of bits in digest */
 224     siginf->secbits = EVP_MD_size(md) * 4;
 225     switch (mdnid) {
 226         case NID_sha1:
 227         case NID_sha256:
 228         case NID_sha384:
 229         case NID_sha512:
 230         siginf->flags |= X509_SIG_INFO_TLS;
 231     }
 232 }
 233
 234 void x509_init_sig_info(X509 *x)
 235 {
 236     x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature);
 237 }