2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/safestack.h>
13 #include <openssl/asn1.h>
14 #include <openssl/objects.h>
15 #include <openssl/evp.h>
16 #include <openssl/x509.h>
17 #include <openssl/x509v3.h>
18 #include "crypto/x509.h"
19 #include "x509_local.h"
21 int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
23 return sk_X509_ATTRIBUTE_num(x);
26 int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
29 const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
33 return X509at_get_attr_by_OBJ(x, obj, lastpos);
36 int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
37 const ASN1_OBJECT *obj, int lastpos)
47 n = sk_X509_ATTRIBUTE_num(sk);
48 for (; lastpos < n; lastpos++) {
49 ex = sk_X509_ATTRIBUTE_value(sk, lastpos);
50 if (OBJ_cmp(ex->object, obj) == 0)
56 X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
59 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
62 if (sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) {
63 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
66 return sk_X509_ATTRIBUTE_value(x, loc);
69 X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
72 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
75 if (sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) {
76 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
79 return sk_X509_ATTRIBUTE_delete(x, loc);
82 STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
85 X509_ATTRIBUTE *new_attr = NULL;
86 STACK_OF(X509_ATTRIBUTE) *sk = NULL;
88 if (x == NULL || attr == NULL) {
89 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
94 if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL) {
95 ERR_raise(ERR_LIB_X509, ERR_R_CRYPTO_LIB);
102 if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL)
104 if (!sk_X509_ATTRIBUTE_push(sk, new_attr)) {
105 ERR_raise(ERR_LIB_X509, ERR_R_CRYPTO_LIB);
112 X509_ATTRIBUTE_free(new_attr);
114 sk_X509_ATTRIBUTE_free(sk);
118 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
119 X509_ATTRIBUTE *attr)
121 if (x == NULL || attr == NULL) {
122 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
125 if (*x != NULL && X509at_get_attr_by_OBJ(*x, attr->object, -1) != -1) {
126 ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE);
130 return ossl_x509at_add1_attr(x, attr);
133 STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
134 const ASN1_OBJECT *obj,
136 const unsigned char *bytes,
139 X509_ATTRIBUTE *attr;
140 STACK_OF(X509_ATTRIBUTE) *ret;
142 attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
145 ret = ossl_x509at_add1_attr(x, attr);
146 X509_ATTRIBUTE_free(attr);
150 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
151 **x, const ASN1_OBJECT *obj,
153 const unsigned char *bytes,
156 if (x == NULL || obj == NULL) {
157 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
160 if (*x != NULL && X509at_get_attr_by_OBJ(*x, obj, -1) != -1) {
161 ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE);
165 return ossl_x509at_add1_attr_by_OBJ(x, obj, type, bytes, len);
168 STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
170 const unsigned char *bytes,
173 X509_ATTRIBUTE *attr;
174 STACK_OF(X509_ATTRIBUTE) *ret;
176 attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
179 ret = ossl_x509at_add1_attr(x, attr);
180 X509_ATTRIBUTE_free(attr);
184 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
185 **x, int nid, int type,
186 const unsigned char *bytes,
190 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
193 if (*x != NULL && X509at_get_attr_by_NID(*x, nid, -1) != -1) {
194 ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE);
198 return ossl_x509at_add1_attr_by_NID(x, nid, type, bytes, len);
201 STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
202 const char *attrname,
204 const unsigned char *bytes,
207 X509_ATTRIBUTE *attr;
208 STACK_OF(X509_ATTRIBUTE) *ret;
210 attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
213 ret = ossl_x509at_add1_attr(x, attr);
214 X509_ATTRIBUTE_free(attr);
218 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
219 **x, const char *attrname,
221 const unsigned char *bytes,
224 X509_ATTRIBUTE *attr;
225 STACK_OF(X509_ATTRIBUTE) *ret;
227 attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
230 ret = X509at_add1_attr(x, attr);
231 X509_ATTRIBUTE_free(attr);
235 void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x,
236 const ASN1_OBJECT *obj, int lastpos, int type)
238 int i = X509at_get_attr_by_OBJ(x, obj, lastpos);
243 if (lastpos <= -2 && X509at_get_attr_by_OBJ(x, obj, i) != -1)
245 at = X509at_get_attr(x, i);
246 if (lastpos <= -3 && X509_ATTRIBUTE_count(at) != 1)
248 return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
251 STACK_OF(X509_ATTRIBUTE) *ossl_x509at_dup(const STACK_OF(X509_ATTRIBUTE) *x)
253 int i, n = sk_X509_ATTRIBUTE_num(x);
254 STACK_OF(X509_ATTRIBUTE) *sk = NULL;
256 for (i = 0; i < n; ++i) {
257 if (X509at_add1_attr(&sk, sk_X509_ATTRIBUTE_value(x, i)) == NULL) {
258 sk_X509_ATTRIBUTE_pop_free(sk, X509_ATTRIBUTE_free);
265 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
266 int atrtype, const void *data,
269 ASN1_OBJECT *obj = OBJ_nid2obj(nid);
273 ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_NID);
276 ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
278 ASN1_OBJECT_free(obj);
282 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
283 const ASN1_OBJECT *obj,
284 int atrtype, const void *data,
289 if (attr == NULL || *attr == NULL) {
290 if ((ret = X509_ATTRIBUTE_new()) == NULL) {
291 ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB);
298 if (!X509_ATTRIBUTE_set1_object(ret, obj))
300 if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len))
303 if (attr != NULL && *attr == NULL)
307 if (attr == NULL || ret != *attr)
308 X509_ATTRIBUTE_free(ret);
312 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
313 const char *atrname, int type,
314 const unsigned char *bytes,
317 ASN1_OBJECT *obj = OBJ_txt2obj(atrname, 0);
318 X509_ATTRIBUTE *nattr;
321 ERR_raise_data(ERR_LIB_X509, X509_R_INVALID_FIELD_NAME,
325 nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
326 ASN1_OBJECT_free(obj);
330 int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
332 if (attr == NULL || obj == NULL) {
333 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
336 ASN1_OBJECT_free(attr->object);
337 attr->object = OBJ_dup(obj);
338 return attr->object != NULL;
341 int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
342 const void *data, int len)
344 ASN1_TYPE *ttmp = NULL;
345 ASN1_STRING *stmp = NULL;
349 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
352 if ((attrtype & MBSTRING_FLAG) != 0) {
353 stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
354 OBJ_obj2nid(attr->object));
356 ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB);
360 } else if (len != -1) {
361 if ((stmp = ASN1_STRING_type_new(attrtype)) == NULL
362 || !ASN1_STRING_set(stmp, data, len)) {
363 ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB);
369 * This is a bit naughty because the attribute should really have at
370 * least one value but some types use and zero length SET and require
374 ASN1_STRING_free(stmp);
377 if ((ttmp = ASN1_TYPE_new()) == NULL) {
378 ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB);
381 if (len == -1 && (attrtype & MBSTRING_FLAG) == 0) {
382 if (!ASN1_TYPE_set1(ttmp, attrtype, data)) {
383 ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB);
387 ASN1_TYPE_set(ttmp, atype, stmp);
390 if (!sk_ASN1_TYPE_push(attr->set, ttmp)) {
391 ERR_raise(ERR_LIB_X509, ERR_R_CRYPTO_LIB);
396 ASN1_TYPE_free(ttmp);
397 ASN1_STRING_free(stmp);
401 int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr)
405 return sk_ASN1_TYPE_num(attr->set);
408 ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
411 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
417 void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
418 int atrtype, void *data)
420 ASN1_TYPE *ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
424 if (atrtype == V_ASN1_BOOLEAN
425 || atrtype == V_ASN1_NULL
426 || atrtype != ASN1_TYPE_get(ttmp)) {
427 ERR_raise(ERR_LIB_X509, X509_R_WRONG_TYPE);
430 return ttmp->value.ptr;
433 ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
436 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
439 return sk_ASN1_TYPE_value(attr->set, idx);