14969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin/* 24969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 34969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * 1999. 44969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin */ 5d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ==================================================================== 6d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 7d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 8d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without 9d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions 10d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met: 11d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 12d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the above copyright 134969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * notice, this list of conditions and the following disclaimer. 14d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 15d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright 16d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer in 17d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the documentation and/or other materials provided with the 18d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * distribution. 19d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 20d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this 21d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * software must display the following acknowledgment: 22d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 23d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 25d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * endorse or promote products derived from this software without 27d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * prior written permission. For written permission, please contact 28d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * licensing@OpenSSL.org. 29d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 30d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 5. Products derived from this software may not be called "OpenSSL" 31d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * nor may "OpenSSL" appear in their names without prior written 32d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * permission of the OpenSSL Project. 33d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 34d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 6. Redistributions of any form whatsoever must retain the following 35d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * acknowledgment: 36d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 37d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 39d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OF THE POSSIBILITY OF SUCH DAMAGE. 51d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ==================================================================== 52d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 53d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This product includes cryptographic software written by Eric Young 54d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * (eay@cryptsoft.com). This product includes software written by Tim 55d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Hudson (tjh@cryptsoft.com). */ 56d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 57d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <stdio.h> 58d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 59d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/asn1t.h> 60d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/evp.h> 61d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/obj.h> 62d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/x509.h> 63d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 644969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin/* 654969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * X509_CERT_AUX routines. These are used to encode additional user 664969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * modifiable data about a certificate. This data is appended to the X509 674969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * encoding when the *_X509_AUX routines are used. This means that the 684969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * "traditional" X509 routines will simply ignore the extra data. 694969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin */ 70d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 71d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystatic X509_CERT_AUX *aux_get(X509 *x); 72d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 73d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyASN1_SEQUENCE(X509_CERT_AUX) = { 744969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), 754969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), 764969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), 774969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), 784969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) 79d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} ASN1_SEQUENCE_END(X509_CERT_AUX) 80d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 81d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyIMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX) 82d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 83d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystatic X509_CERT_AUX *aux_get(X509 *x) 84d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ 854969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!x) 864969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return NULL; 874969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!x->aux && !(x->aux = X509_CERT_AUX_new())) 884969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return NULL; 894969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return x->aux; 90d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 91d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 92d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint X509_alias_set1(X509 *x, unsigned char *name, int len) 93d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ 944969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509_CERT_AUX *aux; 954969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!name) { 964969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!x || !x->aux || !x->aux->alias) 974969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return 1; 984969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_UTF8STRING_free(x->aux->alias); 994969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin x->aux->alias = NULL; 1004969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return 1; 1014969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1024969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!(aux = aux_get(x))) 1034969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return 0; 1044969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) 1054969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return 0; 1064969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return ASN1_STRING_set(aux->alias, name, len); 107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 108d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 109d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint X509_keyid_set1(X509 *x, unsigned char *id, int len) 110d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ 1114969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509_CERT_AUX *aux; 1124969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!id) { 1134969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!x || !x->aux || !x->aux->keyid) 1144969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return 1; 1154969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_OCTET_STRING_free(x->aux->keyid); 1164969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin x->aux->keyid = NULL; 1174969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return 1; 1184969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1194969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!(aux = aux_get(x))) 1204969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return 0; 1214969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) 1224969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return 0; 1234969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return ASN1_STRING_set(aux->keyid, id, len); 124d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 125d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 126d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyunsigned char *X509_alias_get0(X509 *x, int *len) 127d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ 1284969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!x->aux || !x->aux->alias) 1294969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return NULL; 1304969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (len) 1314969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin *len = x->aux->alias->length; 1324969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return x->aux->alias->data; 133d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 134d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 135d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyunsigned char *X509_keyid_get0(X509 *x, int *len) 136d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ 1374969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!x->aux || !x->aux->keyid) 1384969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return NULL; 1394969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (len) 1404969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin *len = x->aux->keyid->length; 1414969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return x->aux->keyid->data; 142d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 143d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 144d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) 145d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ 1464969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_OBJECT *objtmp = OBJ_dup(obj); 1474969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (objtmp == NULL) 1484969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin goto err; 1494969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509_CERT_AUX *aux = aux_get(x); 1504969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (aux->trust == NULL) { 1514969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin aux->trust = sk_ASN1_OBJECT_new_null(); 1524969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (aux->trust == NULL) 1534969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin goto err; 1544969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1554969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!sk_ASN1_OBJECT_push(aux->trust, objtmp)) 1564969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin goto err; 1574969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return 1; 1584969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 1594969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin err: 1604969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_OBJECT_free(objtmp); 1614969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return 0; 162d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 163d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 164d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) 165d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ 1664969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_OBJECT *objtmp = OBJ_dup(obj); 1674969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (objtmp == NULL) 1684969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin goto err; 1694969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509_CERT_AUX *aux = aux_get(x); 1704969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (aux->reject == NULL) { 1714969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin aux->reject = sk_ASN1_OBJECT_new_null(); 1724969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (aux->reject == NULL) 1734969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin goto err; 1744969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 1754969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!sk_ASN1_OBJECT_push(aux->reject, objtmp)) 1764969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin goto err; 1774969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return 1; 1784969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin 1794969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin err: 1804969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_OBJECT_free(objtmp); 1814969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return 0; 182d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 183d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 184d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid X509_trust_clear(X509 *x) 185d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ 1864969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (x->aux && x->aux->trust) { 1874969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); 1884969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin x->aux->trust = NULL; 1894969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 190d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 191d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 192d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid X509_reject_clear(X509 *x) 193d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ 1944969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (x->aux && x->aux->reject) { 1954969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); 1964969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin x->aux->reject = NULL; 1974969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 198d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 199d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 200d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyASN1_SEQUENCE(X509_CERT_PAIR) = { 2014969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0), 2024969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1) 203d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} ASN1_SEQUENCE_END(X509_CERT_PAIR) 204d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 205d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyIMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR) 206