zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openssl/crypto/x509/x_attrib.c
Jonathan M. Wilbur be5adfd6e3 Support subjectDirectoryAttributes and associatedInformation exts 
Added tests for SDA and AI extensions.
Added internal function ossl_print_attribute_value() with documentation.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24669)
2024-06-24 15:33:21 +02:00

285 lines
8.3 KiB
C
Raw Blame History

/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include "x509_local.h"
#include <crypto/x509.h>
/*-
* X509_ATTRIBUTE: this has the following form:
*
* typedef struct x509_attributes_st
* {
* ASN1_OBJECT *object;
* STACK_OF(ASN1_TYPE) *set;
* } X509_ATTRIBUTE;
*
*/
ASN1_SEQUENCE(X509_ATTRIBUTE) = {
ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY)
} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
{
X509_ATTRIBUTE *ret = NULL;
ASN1_TYPE *val = NULL;
ASN1_OBJECT *oid;
if ((oid = OBJ_nid2obj(nid)) == NULL)
return NULL;
if ((ret = X509_ATTRIBUTE_new()) == NULL)
return NULL;
ret->object = oid;
if ((val = ASN1_TYPE_new()) == NULL)
goto err;
if (!sk_ASN1_TYPE_push(ret->set, val))
goto err;
ASN1_TYPE_set(val, atrtype, value);
return ret;
err:
X509_ATTRIBUTE_free(ret);
ASN1_TYPE_free(val);
return NULL;
}
static int print_hex(BIO *out, unsigned char *buf, int len)
{
int i;
for (i = 0; i < len; i++) {
if (BIO_printf(out, "%02X ", buf[i]) <= 0) {
return 0;
}
}
return 1;
}
static int asn1_integer_print_bio(BIO *bio, const ASN1_INTEGER *num)
{
BIGNUM *num_bn;
int result = 0;
char *hex;
num_bn = ASN1_INTEGER_to_BN(num, NULL);
if (num_bn == NULL)
return -1;
if ((hex = BN_bn2hex(num_bn)) != NULL) {
result = BIO_write(bio, "0x", 2) > 0;
result = result && BIO_write(bio, hex, strlen(hex)) > 0;
OPENSSL_free(hex);
} else {
return -1;
}
BN_free(num_bn);
return result;
}
static int print_oid (BIO *out, ASN1_OBJECT *oid) {
const char *ln;
char objbuf[80];
int rc;
if (OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1) <= 0)
return 0;
ln = OBJ_nid2ln(OBJ_obj2nid(oid));
rc = (ln != NULL)
? BIO_printf(out, "%s (%s)", objbuf, ln)
: BIO_printf(out, "%s", objbuf);
if (rc < 0)
return 0;
return 1;
}
int ossl_print_attribute_value(BIO *out,
int obj_nid,
const ASN1_TYPE *av,
int indent)
{
ASN1_STRING *str;
unsigned char *value;
X509_NAME *xn = NULL;
int64_t int_val;
/*
* This switch-case is only for syntaxes that are not encoded as a single
* primitively-constructed value universal ASN.1 type.
*/
switch (obj_nid) {
case NID_undef: /* Unrecognized OID. */
break;
/* Attribute types with DN syntax. */
case NID_member:
case NID_roleOccupant:
case NID_seeAlso:
case NID_manager:
case NID_documentAuthor:
case NID_secretary:
case NID_associatedName:
case NID_dITRedirect:
case NID_owner:
value = av->value.sequence->data;
xn = d2i_X509_NAME(NULL,
(const unsigned char**)&(av->value.sequence->data),
av->value.sequence->length);
if (xn == NULL) {
BIO_puts(out, "(COULD NOT DECODE DISTINGUISHED NAME)\n");
return 0;
}
/*
* d2i_ functions increment the ppin pointer. See doc/man3/d2i_X509.pod.
* This resets the pointer. We don't want to corrupt this value.
*/
av->value.sequence->data = value;
if (X509_NAME_print_ex(out, xn, indent, XN_FLAG_SEP_CPLUS_SPC) <= 0)
return 0;
X509_NAME_free(xn);
return 1;
default:
break;
}
switch (av->type) {
case V_ASN1_BOOLEAN:
if (av->value.boolean) {
return BIO_printf(out, "%*sTRUE", indent, "");
} else {
return BIO_printf(out, "%*sFALSE", indent, "");
}
case V_ASN1_INTEGER:
if (BIO_printf(out, "%*s", indent, "") <= 0)
return 0;
if (ASN1_INTEGER_get_int64(&int_val, av->value.integer) > 0) {
return BIO_printf(out, "%lld", (long long int)int_val);
} else {
str = av->value.integer;
return asn1_integer_print_bio(out, str);
}
case V_ASN1_ENUMERATED:
if (BIO_printf(out, "%*s", indent, "") <= 0)
return 0;
if (ASN1_ENUMERATED_get_int64(&int_val, av->value.enumerated) > 0) {
return BIO_printf(out, "%lld", (long long int)int_val);
} else {
str = av->value.enumerated;
return asn1_integer_print_bio(out, str);
}
case V_ASN1_BIT_STRING:
if (BIO_printf(out, "%*s", indent, "") <= 0)
return 0;
return print_hex(out, av->value.bit_string->data,
av->value.bit_string->length);
case V_ASN1_OCTET_STRING:
case V_ASN1_VIDEOTEXSTRING:
if (BIO_printf(out, "%*s", indent, "") <= 0)
return 0;
return print_hex(out, av->value.octet_string->data,
av->value.octet_string->length);
case V_ASN1_NULL:
return BIO_printf(out, "%*sNULL", indent, "");
case V_ASN1_OBJECT:
if (BIO_printf(out, "%*s", indent, "") <= 0)
return 0;
return print_oid(out, av->value.object);
/*
* ObjectDescriptor is an IMPLICIT GraphicString, but GeneralString is a
* superset supported by OpenSSL, so we will use that anywhere a
* GraphicString is needed here.
*/
case V_ASN1_GENERALSTRING:
case V_ASN1_GRAPHICSTRING:
case V_ASN1_OBJECT_DESCRIPTOR:
return BIO_printf(out, "%*s%.*s", indent, "",
av->value.generalstring->length,
av->value.generalstring->data);
/* EXTERNAL would go here. */
/* EMBEDDED PDV would go here. */
case V_ASN1_UTF8STRING:
return BIO_printf(out, "%*s%.*s", indent, "",
av->value.utf8string->length,
av->value.utf8string->data);
case V_ASN1_REAL:
return BIO_printf(out, "%*sREAL", indent, "");
/* RELATIVE-OID would go here. */
/* TIME would go here. */
case V_ASN1_SEQUENCE:
return ASN1_parse_dump(out, av->value.sequence->data,
av->value.sequence->length, indent, 1);
case V_ASN1_SET:
return ASN1_parse_dump(out, av->value.set->data,
av->value.set->length, indent, 1);
/*
* UTCTime ::= [UNIVERSAL 23] IMPLICIT VisibleString
* GeneralizedTime ::= [UNIVERSAL 24] IMPLICIT VisibleString
* VisibleString is a superset for NumericString, so it will work for that.
*/
case V_ASN1_VISIBLESTRING:
case V_ASN1_UTCTIME:
case V_ASN1_GENERALIZEDTIME:
case V_ASN1_NUMERICSTRING:
return BIO_printf(out, "%*s%.*s", indent, "",
av->value.visiblestring->length,
av->value.visiblestring->data);
case V_ASN1_PRINTABLESTRING:
return BIO_printf(out, "%*s%.*s", indent, "",
av->value.printablestring->length,
av->value.printablestring->data);
case V_ASN1_T61STRING:
return BIO_printf(out, "%*s%.*s", indent, "",
av->value.t61string->length,
av->value.t61string->data);
case V_ASN1_IA5STRING:
return BIO_printf(out, "%*s%.*s", indent, "",
av->value.ia5string->length,
av->value.ia5string->data);
/* UniversalString would go here. */
/* CHARACTER STRING would go here. */
/* BMPString would go here. */
/* DATE would go here. */
/* TIME-OF-DAY would go here. */
/* DATE-TIME would go here. */
/* DURATION would go here. */
/* OID-IRI would go here. */
/* RELATIVE-OID-IRI would go here. */
/* Would it be approriate to just hexdump? */
default:
return BIO_printf(out, "%*s<Unsupported tag %d>", indent, "", av->type);
}
}
Reference in New Issue View Git Blame Copy Permalink