1e1051a39Sopenharmony_ci/* 2e1051a39Sopenharmony_ci * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci * 4e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci */ 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ci#include <stdio.h> 11e1051a39Sopenharmony_ci#include "internal/cryptlib.h" 12e1051a39Sopenharmony_ci#include <openssl/safestack.h> 13e1051a39Sopenharmony_ci#include <openssl/asn1.h> 14e1051a39Sopenharmony_ci#include <openssl/objects.h> 15e1051a39Sopenharmony_ci#include <openssl/evp.h> 16e1051a39Sopenharmony_ci#include <openssl/x509.h> 17e1051a39Sopenharmony_ci#include <openssl/x509v3.h> 18e1051a39Sopenharmony_ci#include "x509_local.h" 19e1051a39Sopenharmony_ci 20e1051a39Sopenharmony_ciint X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) 21e1051a39Sopenharmony_ci{ 22e1051a39Sopenharmony_ci int ret; 23e1051a39Sopenharmony_ci 24e1051a39Sopenharmony_ci if (x == NULL) 25e1051a39Sopenharmony_ci return 0; 26e1051a39Sopenharmony_ci ret = sk_X509_EXTENSION_num(x); 27e1051a39Sopenharmony_ci return ret > 0 ? ret : 0; 28e1051a39Sopenharmony_ci} 29e1051a39Sopenharmony_ci 30e1051a39Sopenharmony_ciint X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, 31e1051a39Sopenharmony_ci int lastpos) 32e1051a39Sopenharmony_ci{ 33e1051a39Sopenharmony_ci ASN1_OBJECT *obj; 34e1051a39Sopenharmony_ci 35e1051a39Sopenharmony_ci obj = OBJ_nid2obj(nid); 36e1051a39Sopenharmony_ci if (obj == NULL) 37e1051a39Sopenharmony_ci return -2; 38e1051a39Sopenharmony_ci return X509v3_get_ext_by_OBJ(x, obj, lastpos); 39e1051a39Sopenharmony_ci} 40e1051a39Sopenharmony_ci 41e1051a39Sopenharmony_ciint X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, 42e1051a39Sopenharmony_ci const ASN1_OBJECT *obj, int lastpos) 43e1051a39Sopenharmony_ci{ 44e1051a39Sopenharmony_ci int n; 45e1051a39Sopenharmony_ci X509_EXTENSION *ex; 46e1051a39Sopenharmony_ci 47e1051a39Sopenharmony_ci if (sk == NULL) 48e1051a39Sopenharmony_ci return -1; 49e1051a39Sopenharmony_ci lastpos++; 50e1051a39Sopenharmony_ci if (lastpos < 0) 51e1051a39Sopenharmony_ci lastpos = 0; 52e1051a39Sopenharmony_ci n = sk_X509_EXTENSION_num(sk); 53e1051a39Sopenharmony_ci for (; lastpos < n; lastpos++) { 54e1051a39Sopenharmony_ci ex = sk_X509_EXTENSION_value(sk, lastpos); 55e1051a39Sopenharmony_ci if (OBJ_cmp(ex->object, obj) == 0) 56e1051a39Sopenharmony_ci return lastpos; 57e1051a39Sopenharmony_ci } 58e1051a39Sopenharmony_ci return -1; 59e1051a39Sopenharmony_ci} 60e1051a39Sopenharmony_ci 61e1051a39Sopenharmony_ciint X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, 62e1051a39Sopenharmony_ci int lastpos) 63e1051a39Sopenharmony_ci{ 64e1051a39Sopenharmony_ci int n; 65e1051a39Sopenharmony_ci X509_EXTENSION *ex; 66e1051a39Sopenharmony_ci 67e1051a39Sopenharmony_ci if (sk == NULL) 68e1051a39Sopenharmony_ci return -1; 69e1051a39Sopenharmony_ci lastpos++; 70e1051a39Sopenharmony_ci if (lastpos < 0) 71e1051a39Sopenharmony_ci lastpos = 0; 72e1051a39Sopenharmony_ci n = sk_X509_EXTENSION_num(sk); 73e1051a39Sopenharmony_ci for (; lastpos < n; lastpos++) { 74e1051a39Sopenharmony_ci ex = sk_X509_EXTENSION_value(sk, lastpos); 75e1051a39Sopenharmony_ci if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit)) 76e1051a39Sopenharmony_ci return lastpos; 77e1051a39Sopenharmony_ci } 78e1051a39Sopenharmony_ci return -1; 79e1051a39Sopenharmony_ci} 80e1051a39Sopenharmony_ci 81e1051a39Sopenharmony_ciX509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) 82e1051a39Sopenharmony_ci{ 83e1051a39Sopenharmony_ci if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) 84e1051a39Sopenharmony_ci return NULL; 85e1051a39Sopenharmony_ci else 86e1051a39Sopenharmony_ci return sk_X509_EXTENSION_value(x, loc); 87e1051a39Sopenharmony_ci} 88e1051a39Sopenharmony_ci 89e1051a39Sopenharmony_ciX509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc) 90e1051a39Sopenharmony_ci{ 91e1051a39Sopenharmony_ci X509_EXTENSION *ret; 92e1051a39Sopenharmony_ci 93e1051a39Sopenharmony_ci if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) 94e1051a39Sopenharmony_ci return NULL; 95e1051a39Sopenharmony_ci ret = sk_X509_EXTENSION_delete(x, loc); 96e1051a39Sopenharmony_ci return ret; 97e1051a39Sopenharmony_ci} 98e1051a39Sopenharmony_ci 99e1051a39Sopenharmony_ciSTACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, 100e1051a39Sopenharmony_ci X509_EXTENSION *ex, int loc) 101e1051a39Sopenharmony_ci{ 102e1051a39Sopenharmony_ci X509_EXTENSION *new_ex = NULL; 103e1051a39Sopenharmony_ci int n; 104e1051a39Sopenharmony_ci STACK_OF(X509_EXTENSION) *sk = NULL; 105e1051a39Sopenharmony_ci 106e1051a39Sopenharmony_ci if (x == NULL) { 107e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); 108e1051a39Sopenharmony_ci goto err2; 109e1051a39Sopenharmony_ci } 110e1051a39Sopenharmony_ci 111e1051a39Sopenharmony_ci if (*x == NULL) { 112e1051a39Sopenharmony_ci if ((sk = sk_X509_EXTENSION_new_null()) == NULL) 113e1051a39Sopenharmony_ci goto err; 114e1051a39Sopenharmony_ci } else 115e1051a39Sopenharmony_ci sk = *x; 116e1051a39Sopenharmony_ci 117e1051a39Sopenharmony_ci n = sk_X509_EXTENSION_num(sk); 118e1051a39Sopenharmony_ci if (loc > n) 119e1051a39Sopenharmony_ci loc = n; 120e1051a39Sopenharmony_ci else if (loc < 0) 121e1051a39Sopenharmony_ci loc = n; 122e1051a39Sopenharmony_ci 123e1051a39Sopenharmony_ci if ((new_ex = X509_EXTENSION_dup(ex)) == NULL) 124e1051a39Sopenharmony_ci goto err2; 125e1051a39Sopenharmony_ci if (!sk_X509_EXTENSION_insert(sk, new_ex, loc)) 126e1051a39Sopenharmony_ci goto err; 127e1051a39Sopenharmony_ci if (*x == NULL) 128e1051a39Sopenharmony_ci *x = sk; 129e1051a39Sopenharmony_ci return sk; 130e1051a39Sopenharmony_ci err: 131e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); 132e1051a39Sopenharmony_ci err2: 133e1051a39Sopenharmony_ci X509_EXTENSION_free(new_ex); 134e1051a39Sopenharmony_ci if (x != NULL && *x == NULL) 135e1051a39Sopenharmony_ci sk_X509_EXTENSION_free(sk); 136e1051a39Sopenharmony_ci return NULL; 137e1051a39Sopenharmony_ci} 138e1051a39Sopenharmony_ci 139e1051a39Sopenharmony_ciX509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, 140e1051a39Sopenharmony_ci int crit, 141e1051a39Sopenharmony_ci ASN1_OCTET_STRING *data) 142e1051a39Sopenharmony_ci{ 143e1051a39Sopenharmony_ci ASN1_OBJECT *obj; 144e1051a39Sopenharmony_ci X509_EXTENSION *ret; 145e1051a39Sopenharmony_ci 146e1051a39Sopenharmony_ci obj = OBJ_nid2obj(nid); 147e1051a39Sopenharmony_ci if (obj == NULL) { 148e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_NID); 149e1051a39Sopenharmony_ci return NULL; 150e1051a39Sopenharmony_ci } 151e1051a39Sopenharmony_ci ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data); 152e1051a39Sopenharmony_ci if (ret == NULL) 153e1051a39Sopenharmony_ci ASN1_OBJECT_free(obj); 154e1051a39Sopenharmony_ci return ret; 155e1051a39Sopenharmony_ci} 156e1051a39Sopenharmony_ci 157e1051a39Sopenharmony_ciX509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, 158e1051a39Sopenharmony_ci const ASN1_OBJECT *obj, int crit, 159e1051a39Sopenharmony_ci ASN1_OCTET_STRING *data) 160e1051a39Sopenharmony_ci{ 161e1051a39Sopenharmony_ci X509_EXTENSION *ret; 162e1051a39Sopenharmony_ci 163e1051a39Sopenharmony_ci if ((ex == NULL) || (*ex == NULL)) { 164e1051a39Sopenharmony_ci if ((ret = X509_EXTENSION_new()) == NULL) { 165e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); 166e1051a39Sopenharmony_ci return NULL; 167e1051a39Sopenharmony_ci } 168e1051a39Sopenharmony_ci } else 169e1051a39Sopenharmony_ci ret = *ex; 170e1051a39Sopenharmony_ci 171e1051a39Sopenharmony_ci if (!X509_EXTENSION_set_object(ret, obj)) 172e1051a39Sopenharmony_ci goto err; 173e1051a39Sopenharmony_ci if (!X509_EXTENSION_set_critical(ret, crit)) 174e1051a39Sopenharmony_ci goto err; 175e1051a39Sopenharmony_ci if (!X509_EXTENSION_set_data(ret, data)) 176e1051a39Sopenharmony_ci goto err; 177e1051a39Sopenharmony_ci 178e1051a39Sopenharmony_ci if ((ex != NULL) && (*ex == NULL)) 179e1051a39Sopenharmony_ci *ex = ret; 180e1051a39Sopenharmony_ci return ret; 181e1051a39Sopenharmony_ci err: 182e1051a39Sopenharmony_ci if ((ex == NULL) || (ret != *ex)) 183e1051a39Sopenharmony_ci X509_EXTENSION_free(ret); 184e1051a39Sopenharmony_ci return NULL; 185e1051a39Sopenharmony_ci} 186e1051a39Sopenharmony_ci 187e1051a39Sopenharmony_ciint X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj) 188e1051a39Sopenharmony_ci{ 189e1051a39Sopenharmony_ci if ((ex == NULL) || (obj == NULL)) 190e1051a39Sopenharmony_ci return 0; 191e1051a39Sopenharmony_ci ASN1_OBJECT_free(ex->object); 192e1051a39Sopenharmony_ci ex->object = OBJ_dup(obj); 193e1051a39Sopenharmony_ci return ex->object != NULL; 194e1051a39Sopenharmony_ci} 195e1051a39Sopenharmony_ci 196e1051a39Sopenharmony_ciint X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) 197e1051a39Sopenharmony_ci{ 198e1051a39Sopenharmony_ci if (ex == NULL) 199e1051a39Sopenharmony_ci return 0; 200e1051a39Sopenharmony_ci ex->critical = (crit) ? 0xFF : -1; 201e1051a39Sopenharmony_ci return 1; 202e1051a39Sopenharmony_ci} 203e1051a39Sopenharmony_ci 204e1051a39Sopenharmony_ciint X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) 205e1051a39Sopenharmony_ci{ 206e1051a39Sopenharmony_ci int i; 207e1051a39Sopenharmony_ci 208e1051a39Sopenharmony_ci if (ex == NULL) 209e1051a39Sopenharmony_ci return 0; 210e1051a39Sopenharmony_ci i = ASN1_OCTET_STRING_set(&ex->value, data->data, data->length); 211e1051a39Sopenharmony_ci if (!i) 212e1051a39Sopenharmony_ci return 0; 213e1051a39Sopenharmony_ci return 1; 214e1051a39Sopenharmony_ci} 215e1051a39Sopenharmony_ci 216e1051a39Sopenharmony_ciASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex) 217e1051a39Sopenharmony_ci{ 218e1051a39Sopenharmony_ci if (ex == NULL) 219e1051a39Sopenharmony_ci return NULL; 220e1051a39Sopenharmony_ci return ex->object; 221e1051a39Sopenharmony_ci} 222e1051a39Sopenharmony_ci 223e1051a39Sopenharmony_ciASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex) 224e1051a39Sopenharmony_ci{ 225e1051a39Sopenharmony_ci if (ex == NULL) 226e1051a39Sopenharmony_ci return NULL; 227e1051a39Sopenharmony_ci return &ex->value; 228e1051a39Sopenharmony_ci} 229e1051a39Sopenharmony_ci 230e1051a39Sopenharmony_ciint X509_EXTENSION_get_critical(const X509_EXTENSION *ex) 231e1051a39Sopenharmony_ci{ 232e1051a39Sopenharmony_ci if (ex == NULL) 233e1051a39Sopenharmony_ci return 0; 234e1051a39Sopenharmony_ci if (ex->critical > 0) 235e1051a39Sopenharmony_ci return 1; 236e1051a39Sopenharmony_ci return 0; 237e1051a39Sopenharmony_ci} 238