Path: blob/main/crypto/openssl/apps/lib/app_x509.c
34879 views
/*1* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.2*3* Licensed under the Apache License 2.0 (the "License"). You may not use4* this file except in compliance with the License. You can obtain a copy5* in the file LICENSE in the source distribution or at6* https://www.openssl.org/source/license.html7*/89#include <string.h>10#include "apps.h"1112/*13* X509_ctrl_str() is sorely lacking in libcrypto, but is still needed to14* allow the application to process verification options in a manner similar15* to signature or other options that pass through EVP_PKEY_CTX_ctrl_str(),16* for uniformity.17*18* As soon as more stuff is added, the code will need serious rework. For19* the moment, it only handles the FIPS 196 / SM2 distinguishing ID.20*/21#ifdef EVP_PKEY_CTRL_SET1_ID22static ASN1_OCTET_STRING *mk_octet_string(void *value, size_t value_n)23{24ASN1_OCTET_STRING *v = ASN1_OCTET_STRING_new();2526if (v == NULL) {27BIO_printf(bio_err, "error: allocation failed\n");28} else if (!ASN1_OCTET_STRING_set(v, value, (int)value_n)) {29ASN1_OCTET_STRING_free(v);30v = NULL;31}32return v;33}34#endif3536static int x509_ctrl(void *object, int cmd, void *value, size_t value_n)37{38switch (cmd) {39#ifdef EVP_PKEY_CTRL_SET1_ID40case EVP_PKEY_CTRL_SET1_ID:41{42ASN1_OCTET_STRING *v = mk_octet_string(value, value_n);4344if (v == NULL) {45BIO_printf(bio_err,46"error: setting distinguishing ID in certificate failed\n");47return 0;48}4950X509_set0_distinguishing_id(object, v);51return 1;52}53#endif54default:55break;56}57return -2; /* typical EVP_PKEY return for "unsupported" */58}5960static int x509_req_ctrl(void *object, int cmd, void *value, size_t value_n)61{62switch (cmd) {63#ifdef EVP_PKEY_CTRL_SET1_ID64case EVP_PKEY_CTRL_SET1_ID:65{66ASN1_OCTET_STRING *v = mk_octet_string(value, value_n);6768if (v == NULL) {69BIO_printf(bio_err,70"error: setting distinguishing ID in certificate signing request failed\n");71return 0;72}7374X509_REQ_set0_distinguishing_id(object, v);75return 1;76}77#endif78default:79break;80}81return -2; /* typical EVP_PKEY return for "unsupported" */82}8384static int do_x509_ctrl_string(int (*ctrl)(void *object, int cmd,85void *value, size_t value_n),86void *object, const char *value)87{88int rv = 0;89char *stmp, *vtmp = NULL;90size_t vtmp_len = 0;91int cmd = 0; /* Will get command values that make sense somehow */9293stmp = OPENSSL_strdup(value);94if (stmp == NULL)95return -1;96vtmp = strchr(stmp, ':');97if (vtmp != NULL) {98*vtmp = 0;99vtmp++;100vtmp_len = strlen(vtmp);101}102103if (strcmp(stmp, "distid") == 0) {104#ifdef EVP_PKEY_CTRL_SET1_ID105cmd = EVP_PKEY_CTRL_SET1_ID; /* ... except we put it in X509 */106#endif107} else if (strcmp(stmp, "hexdistid") == 0) {108if (vtmp != NULL) {109void *hexid;110long hexid_len = 0;111112hexid = OPENSSL_hexstr2buf((const char *)vtmp, &hexid_len);113OPENSSL_free(stmp);114stmp = vtmp = hexid;115vtmp_len = (size_t)hexid_len;116}117#ifdef EVP_PKEY_CTRL_SET1_ID118cmd = EVP_PKEY_CTRL_SET1_ID; /* ... except we put it in X509 */119#endif120}121122rv = ctrl(object, cmd, vtmp, vtmp_len);123124OPENSSL_free(stmp);125return rv;126}127128int x509_ctrl_string(X509 *x, const char *value)129{130return do_x509_ctrl_string(x509_ctrl, x, value);131}132133int x509_req_ctrl_string(X509_REQ *x, const char *value)134{135return do_x509_ctrl_string(x509_req_ctrl, x, value);136}137138139