1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay (at) cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay (at) cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57 #include <string.h> 58 59 #include <openssl/asn1.h> 60 #include <openssl/err.h> 61 #include <openssl/evp.h> 62 #include <openssl/obj.h> 63 #include <openssl/stack.h> 64 #include <openssl/x509.h> 65 66 #include "../internal.h" 67 68 69 int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) 70 { 71 const ASN1_OBJECT *obj; 72 73 obj = OBJ_nid2obj(nid); 74 if (obj == NULL) 75 return (-1); 76 return (X509_NAME_get_text_by_OBJ(name, obj, buf, len)); 77 } 78 79 int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, 80 char *buf, int len) 81 { 82 int i; 83 ASN1_STRING *data; 84 85 i = X509_NAME_get_index_by_OBJ(name, obj, -1); 86 if (i < 0) 87 return (-1); 88 data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i)); 89 i = (data->length > (len - 1)) ? (len - 1) : data->length; 90 if (buf == NULL) 91 return (data->length); 92 OPENSSL_memcpy(buf, data->data, i); 93 buf[i] = '\0'; 94 return (i); 95 } 96 97 int X509_NAME_entry_count(X509_NAME *name) 98 { 99 if (name == NULL) 100 return (0); 101 return (sk_X509_NAME_ENTRY_num(name->entries)); 102 } 103 104 int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) 105 { 106 const ASN1_OBJECT *obj; 107 108 obj = OBJ_nid2obj(nid); 109 if (obj == NULL) 110 return (-2); 111 return (X509_NAME_get_index_by_OBJ(name, obj, lastpos)); 112 } 113 114 /* NOTE: you should be passsing -1, not 0 as lastpos */ 115 int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, 116 int lastpos) 117 { 118 int n; 119 X509_NAME_ENTRY *ne; 120 STACK_OF(X509_NAME_ENTRY) *sk; 121 122 if (name == NULL) 123 return (-1); 124 if (lastpos < 0) 125 lastpos = -1; 126 sk = name->entries; 127 n = sk_X509_NAME_ENTRY_num(sk); 128 for (lastpos++; lastpos < n; lastpos++) { 129 ne = sk_X509_NAME_ENTRY_value(sk, lastpos); 130 if (OBJ_cmp(ne->object, obj) == 0) 131 return (lastpos); 132 } 133 return (-1); 134 } 135 136 X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc) 137 { 138 if (name == NULL || loc < 0 139 || sk_X509_NAME_ENTRY_num(name->entries) <= (size_t)loc) 140 return (NULL); 141 else 142 return (sk_X509_NAME_ENTRY_value(name->entries, loc)); 143 } 144 145 X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) 146 { 147 X509_NAME_ENTRY *ret; 148 int i, n, set_prev, set_next; 149 STACK_OF(X509_NAME_ENTRY) *sk; 150 151 if (name == NULL || loc < 0 152 || sk_X509_NAME_ENTRY_num(name->entries) <= (size_t)loc) 153 return (NULL); 154 sk = name->entries; 155 ret = sk_X509_NAME_ENTRY_delete(sk, loc); 156 n = sk_X509_NAME_ENTRY_num(sk); 157 name->modified = 1; 158 if (loc == n) 159 return (ret); 160 161 /* else we need to fixup the set field */ 162 if (loc != 0) 163 set_prev = (sk_X509_NAME_ENTRY_value(sk, loc - 1))->set; 164 else 165 set_prev = ret->set - 1; 166 set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set; 167 168 /* 169 * set_prev is the previous set set is the current set set_next is the 170 * following prev 1 1 1 1 1 1 1 1 set 1 1 2 2 next 1 1 2 2 2 2 3 2 so 171 * basically only if prev and next differ by 2, then re-number down by 1 172 */ 173 if (set_prev + 1 < set_next) 174 for (i = loc; i < n; i++) 175 sk_X509_NAME_ENTRY_value(sk, i)->set--; 176 return (ret); 177 } 178 179 int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, 180 unsigned char *bytes, int len, int loc, 181 int set) 182 { 183 X509_NAME_ENTRY *ne; 184 int ret; 185 ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len); 186 if (!ne) 187 return 0; 188 ret = X509_NAME_add_entry(name, ne, loc, set); 189 X509_NAME_ENTRY_free(ne); 190 return ret; 191 } 192 193 int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, 194 unsigned char *bytes, int len, int loc, 195 int set) 196 { 197 X509_NAME_ENTRY *ne; 198 int ret; 199 ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); 200 if (!ne) 201 return 0; 202 ret = X509_NAME_add_entry(name, ne, loc, set); 203 X509_NAME_ENTRY_free(ne); 204 return ret; 205 } 206 207 int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, 208 const unsigned char *bytes, int len, int loc, 209 int set) 210 { 211 X509_NAME_ENTRY *ne; 212 int ret; 213 ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len); 214 if (!ne) 215 return 0; 216 ret = X509_NAME_add_entry(name, ne, loc, set); 217 X509_NAME_ENTRY_free(ne); 218 return ret; 219 } 220 221 /* 222 * if set is -1, append to previous set, 0 'a new one', and 1, prepend to the 223 * guy we are about to stomp on. 224 */ 225 int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, 226 int set) 227 { 228 X509_NAME_ENTRY *new_name = NULL; 229 int n, i, inc; 230 STACK_OF(X509_NAME_ENTRY) *sk; 231 232 if (name == NULL) 233 return (0); 234 sk = name->entries; 235 n = sk_X509_NAME_ENTRY_num(sk); 236 if (loc > n) 237 loc = n; 238 else if (loc < 0) 239 loc = n; 240 241 name->modified = 1; 242 243 if (set == -1) { 244 if (loc == 0) { 245 set = 0; 246 inc = 1; 247 } else { 248 set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set; 249 inc = 0; 250 } 251 } else { /* if (set >= 0) */ 252 253 if (loc >= n) { 254 if (loc != 0) 255 set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1; 256 else 257 set = 0; 258 } else 259 set = sk_X509_NAME_ENTRY_value(sk, loc)->set; 260 inc = (set == 0) ? 1 : 0; 261 } 262 263 if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL) 264 goto err; 265 new_name->set = set; 266 if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) { 267 OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); 268 goto err; 269 } 270 if (inc) { 271 n = sk_X509_NAME_ENTRY_num(sk); 272 for (i = loc + 1; i < n; i++) 273 sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1; 274 } 275 return (1); 276 err: 277 if (new_name != NULL) 278 X509_NAME_ENTRY_free(new_name); 279 return (0); 280 } 281 282 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, 283 const char *field, int type, 284 const unsigned char *bytes, 285 int len) 286 { 287 ASN1_OBJECT *obj; 288 X509_NAME_ENTRY *nentry; 289 290 obj = OBJ_txt2obj(field, 0); 291 if (obj == NULL) { 292 OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_NAME); 293 ERR_add_error_data(2, "name=", field); 294 return (NULL); 295 } 296 nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len); 297 ASN1_OBJECT_free(obj); 298 return nentry; 299 } 300 301 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, 302 int type, unsigned char *bytes, 303 int len) 304 { 305 const ASN1_OBJECT *obj = OBJ_nid2obj(nid); 306 if (obj == NULL) { 307 OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_NID); 308 return NULL; 309 } 310 return X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len); 311 } 312 313 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, 314 const ASN1_OBJECT *obj, 315 int type, 316 const unsigned char *bytes, 317 int len) 318 { 319 X509_NAME_ENTRY *ret; 320 321 if ((ne == NULL) || (*ne == NULL)) { 322 if ((ret = X509_NAME_ENTRY_new()) == NULL) 323 return (NULL); 324 } else 325 ret = *ne; 326 327 if (!X509_NAME_ENTRY_set_object(ret, obj)) 328 goto err; 329 if (!X509_NAME_ENTRY_set_data(ret, type, bytes, len)) 330 goto err; 331 332 if ((ne != NULL) && (*ne == NULL)) 333 *ne = ret; 334 return (ret); 335 err: 336 if ((ne == NULL) || (ret != *ne)) 337 X509_NAME_ENTRY_free(ret); 338 return (NULL); 339 } 340 341 int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj) 342 { 343 if ((ne == NULL) || (obj == NULL)) { 344 OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); 345 return (0); 346 } 347 ASN1_OBJECT_free(ne->object); 348 ne->object = OBJ_dup(obj); 349 return ((ne->object == NULL) ? 0 : 1); 350 } 351 352 int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, 353 const unsigned char *bytes, int len) 354 { 355 int i; 356 357 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) 358 return (0); 359 if ((type > 0) && (type & MBSTRING_FLAG)) 360 return ASN1_STRING_set_by_NID(&ne->value, bytes, 361 len, type, 362 OBJ_obj2nid(ne->object)) ? 1 : 0; 363 if (len < 0) 364 len = strlen((const char *)bytes); 365 i = ASN1_STRING_set(ne->value, bytes, len); 366 if (!i) 367 return (0); 368 if (type != V_ASN1_UNDEF) { 369 if (type == V_ASN1_APP_CHOOSE) 370 ne->value->type = ASN1_PRINTABLE_type(bytes, len); 371 else 372 ne->value->type = type; 373 } 374 return (1); 375 } 376 377 ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne) 378 { 379 if (ne == NULL) 380 return (NULL); 381 return (ne->object); 382 } 383 384 ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne) 385 { 386 if (ne == NULL) 387 return (NULL); 388 return (ne->value); 389 } 390