1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/asn1.h>
58 #include <openssl/bio.h>
59 #include <openssl/digest.h>
60 #include <openssl/err.h>
61 #include <openssl/evp.h>
62 #include <openssl/mem.h>
63 #include <openssl/obj.h>
64 #include <openssl/x509.h>
65 #include <openssl/x509v3.h>
66
67 #include "internal.h"
68
69
X509_print_ex_fp(FILE * fp,X509 * x,unsigned long nmflag,unsigned long cflag)70 int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,
71 unsigned long cflag)
72 {
73 BIO *b = BIO_new_fp(fp, BIO_NOCLOSE);
74 if (b == NULL) {
75 OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB);
76 return 0;
77 }
78 int ret = X509_print_ex(b, x, nmflag, cflag);
79 BIO_free(b);
80 return ret;
81 }
82
X509_print_fp(FILE * fp,X509 * x)83 int X509_print_fp(FILE *fp, X509 *x)
84 {
85 return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
86 }
87
X509_print(BIO * bp,X509 * x)88 int X509_print(BIO *bp, X509 *x)
89 {
90 return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
91 }
92
X509_print_ex(BIO * bp,X509 * x,unsigned long nmflags,unsigned long cflag)93 int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
94 unsigned long cflag)
95 {
96 long l;
97 int ret = 0, i;
98 char *m = NULL, mlch = ' ';
99 int nmindent = 0;
100 X509_CINF *ci;
101 ASN1_INTEGER *bs;
102 EVP_PKEY *pkey = NULL;
103 const char *neg;
104
105 if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
106 mlch = '\n';
107 nmindent = 12;
108 }
109
110 if (nmflags == X509_FLAG_COMPAT)
111 nmindent = 16;
112
113 ci = x->cert_info;
114 if (!(cflag & X509_FLAG_NO_HEADER)) {
115 if (BIO_write(bp, "Certificate:\n", 13) <= 0)
116 goto err;
117 if (BIO_write(bp, " Data:\n", 10) <= 0)
118 goto err;
119 }
120 if (!(cflag & X509_FLAG_NO_VERSION)) {
121 l = X509_get_version(x);
122 if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0)
123 goto err;
124 }
125 if (!(cflag & X509_FLAG_NO_SERIAL)) {
126
127 if (BIO_write(bp, " Serial Number:", 22) <= 0)
128 goto err;
129
130 bs = X509_get_serialNumber(x);
131 if (bs->length < (int)sizeof(long)
132 || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {
133 l = ASN1_INTEGER_get(bs);
134 if (bs->type == V_ASN1_NEG_INTEGER) {
135 l = -l;
136 neg = "-";
137 } else
138 neg = "";
139 if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0)
140 goto err;
141 } else {
142 neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";
143 if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
144 goto err;
145
146 for (i = 0; i < bs->length; i++) {
147 if (BIO_printf(bp, "%02x%c", bs->data[i],
148 ((i + 1 == bs->length) ? '\n' : ':')) <= 0)
149 goto err;
150 }
151 }
152
153 }
154
155 if (!(cflag & X509_FLAG_NO_SIGNAME)) {
156 if (X509_signature_print(bp, ci->signature, NULL) <= 0)
157 goto err;
158 }
159
160 if (!(cflag & X509_FLAG_NO_ISSUER)) {
161 if (BIO_printf(bp, " Issuer:%c", mlch) <= 0)
162 goto err;
163 if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)
164 < 0)
165 goto err;
166 if (BIO_write(bp, "\n", 1) <= 0)
167 goto err;
168 }
169 if (!(cflag & X509_FLAG_NO_VALIDITY)) {
170 if (BIO_write(bp, " Validity\n", 17) <= 0)
171 goto err;
172 if (BIO_write(bp, " Not Before: ", 24) <= 0)
173 goto err;
174 if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))
175 goto err;
176 if (BIO_write(bp, "\n Not After : ", 25) <= 0)
177 goto err;
178 if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))
179 goto err;
180 if (BIO_write(bp, "\n", 1) <= 0)
181 goto err;
182 }
183 if (!(cflag & X509_FLAG_NO_SUBJECT)) {
184 if (BIO_printf(bp, " Subject:%c", mlch) <= 0)
185 goto err;
186 if (X509_NAME_print_ex
187 (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)
188 goto err;
189 if (BIO_write(bp, "\n", 1) <= 0)
190 goto err;
191 }
192 if (!(cflag & X509_FLAG_NO_PUBKEY)) {
193 if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0)
194 goto err;
195 if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
196 goto err;
197 if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
198 goto err;
199 if (BIO_puts(bp, "\n") <= 0)
200 goto err;
201
202 pkey = X509_get_pubkey(x);
203 if (pkey == NULL) {
204 BIO_printf(bp, "%12sUnable to load Public Key\n", "");
205 ERR_print_errors(bp);
206 } else {
207 EVP_PKEY_print_public(bp, pkey, 16, NULL);
208 EVP_PKEY_free(pkey);
209 }
210 }
211
212 if (!(cflag & X509_FLAG_NO_IDS)) {
213 if (ci->issuerUID) {
214 if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0)
215 goto err;
216 if (!X509_signature_dump(bp, ci->issuerUID, 12))
217 goto err;
218 }
219 if (ci->subjectUID) {
220 if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0)
221 goto err;
222 if (!X509_signature_dump(bp, ci->subjectUID, 12))
223 goto err;
224 }
225 }
226
227 if (!(cflag & X509_FLAG_NO_EXTENSIONS))
228 X509V3_extensions_print(bp, "X509v3 extensions",
229 ci->extensions, cflag, 8);
230
231 if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
232 if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0)
233 goto err;
234 }
235 if (!(cflag & X509_FLAG_NO_AUX)) {
236 if (!X509_CERT_AUX_print(bp, x->aux, 0))
237 goto err;
238 }
239 ret = 1;
240 err:
241 if (m != NULL)
242 OPENSSL_free(m);
243 return (ret);
244 }
245
X509_ocspid_print(BIO * bp,X509 * x)246 int X509_ocspid_print(BIO *bp, X509 *x)
247 {
248 unsigned char *der = NULL;
249 unsigned char *dertmp;
250 int derlen;
251 int i;
252 unsigned char SHA1md[SHA_DIGEST_LENGTH];
253
254 /*
255 * display the hash of the subject as it would appear in OCSP requests
256 */
257 if (BIO_printf(bp, " Subject OCSP hash: ") <= 0)
258 goto err;
259 derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
260 if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL)
261 goto err;
262 i2d_X509_NAME(x->cert_info->subject, &dertmp);
263
264 if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
265 goto err;
266 for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
267 if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
268 goto err;
269 }
270 OPENSSL_free(der);
271 der = NULL;
272
273 /*
274 * display the hash of the public key as it would appear in OCSP requests
275 */
276 if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0)
277 goto err;
278
279 if (!EVP_Digest(x->cert_info->key->public_key->data,
280 x->cert_info->key->public_key->length,
281 SHA1md, NULL, EVP_sha1(), NULL))
282 goto err;
283 for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
284 if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
285 goto err;
286 }
287 BIO_printf(bp, "\n");
288
289 return (1);
290 err:
291 if (der != NULL)
292 OPENSSL_free(der);
293 return (0);
294 }
295
X509_signature_print(BIO * bp,const X509_ALGOR * sigalg,const ASN1_STRING * sig)296 int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,
297 const ASN1_STRING *sig)
298 {
299 if (BIO_puts(bp, " Signature Algorithm: ") <= 0)
300 return 0;
301 if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
302 return 0;
303
304 /* RSA-PSS signatures have parameters to print. */
305 int sig_nid = OBJ_obj2nid(sigalg->algorithm);
306 if (sig_nid == NID_rsassaPss &&
307 !x509_print_rsa_pss_params(bp, sigalg, 9, 0)) {
308 return 0;
309 }
310
311 if (sig)
312 return X509_signature_dump(bp, sig, 9);
313 else if (BIO_puts(bp, "\n") <= 0)
314 return 0;
315 return 1;
316 }
317
X509_NAME_print(BIO * bp,const X509_NAME * name,int obase)318 int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
319 {
320 char *s, *c, *b;
321 int ret = 0, l, i;
322
323 l = 80 - 2 - obase;
324
325 b = X509_NAME_oneline(name, NULL, 0);
326 if (!b)
327 return 0;
328 if (!*b) {
329 OPENSSL_free(b);
330 return 1;
331 }
332 s = b + 1; /* skip the first slash */
333
334 c = s;
335 for (;;) {
336 if (((*s == '/') &&
337 ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') ||
338 ((s[2] >= 'A')
339 && (s[2] <= 'Z')
340 && (s[3] == '='))
341 ))) || (*s == '\0')) {
342 i = s - c;
343 if (BIO_write(bp, c, i) != i)
344 goto err;
345 c = s + 1; /* skip following slash */
346 if (*s != '\0') {
347 if (BIO_write(bp, ", ", 2) != 2)
348 goto err;
349 }
350 l--;
351 }
352 if (*s == '\0')
353 break;
354 s++;
355 l--;
356 }
357
358 ret = 1;
359 if (0) {
360 err:
361 OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB);
362 }
363 OPENSSL_free(b);
364 return (ret);
365 }
366