1 /* crypto/x509/x509_req.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] */
57
58 #include <openssl/asn1.h>
59 #include <openssl/asn1t.h>
60 #include <openssl/bn.h>
61 #include <openssl/err.h>
62 #include <openssl/evp.h>
63 #include <openssl/mem.h>
64 #include <openssl/obj.h>
65 #include <openssl/pem.h>
66 #include <openssl/x509.h>
67
68 #include "internal.h"
69
70
X509_to_X509_REQ(X509 * x,EVP_PKEY * pkey,const EVP_MD * md)71 X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
72 {
73 X509_REQ *ret;
74 X509_REQ_INFO *ri;
75 int i;
76 EVP_PKEY *pktmp;
77
78 ret = X509_REQ_new();
79 if (ret == NULL) {
80 OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
81 goto err;
82 }
83
84 ri = ret->req_info;
85
86 ri->version->length = 1;
87 ri->version->data = (unsigned char *)OPENSSL_malloc(1);
88 if (ri->version->data == NULL)
89 goto err;
90 ri->version->data[0] = 0; /* version == 0 */
91
92 if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
93 goto err;
94
95 pktmp = X509_get_pubkey(x);
96 if (pktmp == NULL)
97 goto err;
98 i = X509_REQ_set_pubkey(ret, pktmp);
99 EVP_PKEY_free(pktmp);
100 if (!i)
101 goto err;
102
103 if (pkey != NULL) {
104 if (!X509_REQ_sign(ret, pkey, md))
105 goto err;
106 }
107 return (ret);
108 err:
109 X509_REQ_free(ret);
110 return (NULL);
111 }
112
X509_REQ_get_version(const X509_REQ * req)113 long X509_REQ_get_version(const X509_REQ *req)
114 {
115 return ASN1_INTEGER_get(req->req_info->version);
116 }
117
X509_REQ_get_subject_name(const X509_REQ * req)118 X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req)
119 {
120 return req->req_info->subject;
121 }
122
X509_REQ_get_pubkey(X509_REQ * req)123 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
124 {
125 if ((req == NULL) || (req->req_info == NULL))
126 return (NULL);
127 return (X509_PUBKEY_get(req->req_info->pubkey));
128 }
129
X509_REQ_check_private_key(X509_REQ * x,EVP_PKEY * k)130 int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
131 {
132 EVP_PKEY *xk = NULL;
133 int ok = 0;
134
135 xk = X509_REQ_get_pubkey(x);
136 switch (EVP_PKEY_cmp(xk, k)) {
137 case 1:
138 ok = 1;
139 break;
140 case 0:
141 OPENSSL_PUT_ERROR(X509, X509_R_KEY_VALUES_MISMATCH);
142 break;
143 case -1:
144 OPENSSL_PUT_ERROR(X509, X509_R_KEY_TYPE_MISMATCH);
145 break;
146 case -2:
147 if (k->type == EVP_PKEY_EC) {
148 OPENSSL_PUT_ERROR(X509, ERR_R_EC_LIB);
149 break;
150 }
151 if (k->type == EVP_PKEY_DH) {
152 /* No idea */
153 OPENSSL_PUT_ERROR(X509, X509_R_CANT_CHECK_DH_KEY);
154 break;
155 }
156 OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE);
157 }
158
159 EVP_PKEY_free(xk);
160 return (ok);
161 }
162
X509_REQ_extension_nid(int req_nid)163 int X509_REQ_extension_nid(int req_nid)
164 {
165 return req_nid == NID_ext_req || req_nid == NID_ms_ext_req;
166 }
167
STACK_OF(X509_EXTENSION)168 STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
169 {
170 if (req == NULL || req->req_info == NULL) {
171 return NULL;
172 }
173
174 int idx = X509_REQ_get_attr_by_NID(req, NID_ext_req, -1);
175 if (idx == -1) {
176 idx = X509_REQ_get_attr_by_NID(req, NID_ms_ext_req, -1);
177 }
178 if (idx == -1) {
179 return NULL;
180 }
181
182 X509_ATTRIBUTE *attr = X509_REQ_get_attr(req, idx);
183 ASN1_TYPE *ext = X509_ATTRIBUTE_get0_type(attr, 0);
184 if (!ext || ext->type != V_ASN1_SEQUENCE) {
185 return NULL;
186 }
187 const unsigned char *p = ext->value.sequence->data;
188 return (STACK_OF(X509_EXTENSION) *)
189 ASN1_item_d2i(NULL, &p, ext->value.sequence->length,
190 ASN1_ITEM_rptr(X509_EXTENSIONS));
191 }
192
193 /*
194 * Add a STACK_OF extensions to a certificate request: allow alternative OIDs
195 * in case we want to create a non standard one.
196 */
197
X509_REQ_add_extensions_nid(X509_REQ * req,const STACK_OF (X509_EXTENSION)* exts,int nid)198 int X509_REQ_add_extensions_nid(X509_REQ *req,
199 const STACK_OF(X509_EXTENSION) *exts, int nid)
200 {
201 /* Generate encoding of extensions */
202 unsigned char *ext = NULL;
203 int ext_len = ASN1_item_i2d((ASN1_VALUE *)exts, &ext,
204 ASN1_ITEM_rptr(X509_EXTENSIONS));
205 if (ext_len <= 0) {
206 return 0;
207 }
208 int ret = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext,
209 ext_len);
210 OPENSSL_free(ext);
211 return ret;
212 }
213
214 /* This is the normal usage: use the "official" OID */
X509_REQ_add_extensions(X509_REQ * req,const STACK_OF (X509_EXTENSION)* exts)215 int X509_REQ_add_extensions(X509_REQ *req,
216 const STACK_OF(X509_EXTENSION) *exts)
217 {
218 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
219 }
220
221 /* Request attribute functions */
222
X509_REQ_get_attr_count(const X509_REQ * req)223 int X509_REQ_get_attr_count(const X509_REQ *req)
224 {
225 return X509at_get_attr_count(req->req_info->attributes);
226 }
227
X509_REQ_get_attr_by_NID(const X509_REQ * req,int nid,int lastpos)228 int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos)
229 {
230 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
231 }
232
X509_REQ_get_attr_by_OBJ(const X509_REQ * req,const ASN1_OBJECT * obj,int lastpos)233 int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
234 int lastpos)
235 {
236 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
237 }
238
X509_REQ_get_attr(const X509_REQ * req,int loc)239 X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
240 {
241 return X509at_get_attr(req->req_info->attributes, loc);
242 }
243
X509_REQ_delete_attr(X509_REQ * req,int loc)244 X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
245 {
246 return X509at_delete_attr(req->req_info->attributes, loc);
247 }
248
X509_REQ_add1_attr(X509_REQ * req,X509_ATTRIBUTE * attr)249 int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
250 {
251 if (X509at_add1_attr(&req->req_info->attributes, attr))
252 return 1;
253 return 0;
254 }
255
X509_REQ_add1_attr_by_OBJ(X509_REQ * req,const ASN1_OBJECT * obj,int attrtype,const unsigned char * data,int len)256 int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
257 const ASN1_OBJECT *obj, int attrtype,
258 const unsigned char *data, int len)
259 {
260 if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
261 attrtype, data, len))
262 return 1;
263 return 0;
264 }
265
X509_REQ_add1_attr_by_NID(X509_REQ * req,int nid,int attrtype,const unsigned char * data,int len)266 int X509_REQ_add1_attr_by_NID(X509_REQ *req,
267 int nid, int attrtype,
268 const unsigned char *data, int len)
269 {
270 if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
271 attrtype, data, len))
272 return 1;
273 return 0;
274 }
275
X509_REQ_add1_attr_by_txt(X509_REQ * req,const char * attrname,int attrtype,const unsigned char * data,int len)276 int X509_REQ_add1_attr_by_txt(X509_REQ *req,
277 const char *attrname, int attrtype,
278 const unsigned char *data, int len)
279 {
280 if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
281 attrtype, data, len))
282 return 1;
283 return 0;
284 }
285
X509_REQ_get0_signature(const X509_REQ * req,const ASN1_BIT_STRING ** psig,const X509_ALGOR ** palg)286 void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
287 const X509_ALGOR **palg)
288 {
289 if (psig != NULL)
290 *psig = req->signature;
291 if (palg != NULL)
292 *palg = req->sig_alg;
293 }
294
X509_REQ_get_signature_nid(const X509_REQ * req)295 int X509_REQ_get_signature_nid(const X509_REQ *req)
296 {
297 return OBJ_obj2nid(req->sig_alg->algorithm);
298 }
299
i2d_re_X509_REQ_tbs(X509_REQ * req,unsigned char ** pp)300 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
301 {
302 req->req_info->enc.modified = 1;
303 return i2d_X509_REQ_INFO(req->req_info, pp);
304 }
305