X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fasn1%2Fx_x509.c;h=fd5e6c6428f29837548d54ad603ec71ff5143dbd;hp=36f0e4743eefd098e72f18b79bc251b6de834960;hb=4cfeb00be953cff10182772930adb7776860cfff;hpb=eaa28181898b8ca0b54552a3290789bb17444c8a diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index 36f0e4743e..fd5e6c6428 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -59,110 +59,93 @@ #include #include "cryptlib.h" #include -#include +#include #include +#include + +ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { + ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), + ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), + ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), + ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), + ASN1_SIMPLE(X509_CINF, validity, X509_VAL), + ASN1_SIMPLE(X509_CINF, subject, X509_NAME), + ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), + ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), + ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), + ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) +} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) + +IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) +/* X509 top level structure needs a bit of customisation */ + +extern void policy_cache_free(X509_POLICY_CACHE *cache); + +static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) +{ + X509 *ret = (X509 *)*pval; + + switch(operation) { + + case ASN1_OP_NEW_POST: + ret->valid=0; + ret->name = NULL; + ret->ex_flags = 0; + ret->ex_pathlen = -1; + ret->skid = NULL; + ret->akid = NULL; +#ifndef OPENSSL_NO_RFC3779 + ret->rfc3779_addr = NULL; + ret->rfc3779_asid = NULL; +#endif + ret->aux = NULL; + ret->crldp = NULL; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); + break; + + case ASN1_OP_D2I_POST: + if (ret->name != NULL) OPENSSL_free(ret->name); + ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0); + break; + + case ASN1_OP_FREE_POST: + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); + X509_CERT_AUX_free(ret->aux); + ASN1_OCTET_STRING_free(ret->skid); + AUTHORITY_KEYID_free(ret->akid); + CRL_DIST_POINTS_free(ret->crldp); + policy_cache_free(ret->policy_cache); + GENERAL_NAMES_free(ret->altname); + NAME_CONSTRAINTS_free(ret->nc); +#ifndef OPENSSL_NO_RFC3779 + sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); + ASIdentifiers_free(ret->rfc3779_asid); +#endif -static int x509_meth_num = 0; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL; - -static ASN1_METHOD meth={ - (int (*)()) i2d_X509, - (char *(*)())d2i_X509, - (char *(*)())X509_new, - (void (*)()) X509_free}; - -ASN1_METHOD *X509_asn1_meth(void) - { - return(&meth); - } - -int i2d_X509(X509 *a, unsigned char **pp) - { - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len(a->cert_info, i2d_X509_CINF); - M_ASN1_I2D_len(a->sig_alg, i2d_X509_ALGOR); - M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(a->cert_info, i2d_X509_CINF); - M_ASN1_I2D_put(a->sig_alg, i2d_X509_ALGOR); - M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING); - - M_ASN1_I2D_finish(); - } - -X509 *d2i_X509(X509 **a, unsigned char **pp, long length) - { - M_ASN1_D2I_vars(a,X509 *,X509_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF); - M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR); - M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING); - if (ret->name != NULL) OPENSSL_free(ret->name); - ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0); - - M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509); - } + if (ret->name != NULL) OPENSSL_free(ret->name); + break; -X509 *X509_new(void) - { - X509 *ret=NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret,X509); - ret->references=1; - ret->valid=0; - ret->ex_flags = 0; - ret->ex_pathlen = -1; - ret->name=NULL; - ret->aux=NULL; - M_ASN1_New(ret->cert_info,X509_CINF_new); - M_ASN1_New(ret->sig_alg,X509_ALGOR_new); - M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new); - CRYPTO_new_ex_data(x509_meth, ret, &ret->ex_data); - return(ret); - M_ASN1_New_Error(ASN1_F_X509_NEW); } -void X509_free(X509 *a) - { - int i; - - if (a == NULL) return; + return 1; - i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509); -#ifdef REF_PRINT - REF_PRINT("X509",a); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"X509_free, bad reference count\n"); - abort(); - } -#endif +} - CRYPTO_free_ex_data(x509_meth,a,&a->ex_data); - X509_CINF_free(a->cert_info); - X509_ALGOR_free(a->sig_alg); - M_ASN1_BIT_STRING_free(a->signature); - X509_CERT_AUX_free(a->aux); +ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { + ASN1_SIMPLE(X509, cert_info, X509_CINF), + ASN1_SIMPLE(X509, sig_alg, X509_ALGOR), + ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END_ref(X509, X509) - if (a->name != NULL) OPENSSL_free(a->name); - OPENSSL_free(a); - } +IMPLEMENT_ASN1_FUNCTIONS(X509) +IMPLEMENT_ASN1_DUP_FUNCTION(X509) int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - x509_meth_num++; - return(CRYPTO_get_ex_new_index(x509_meth_num-1, - &x509_meth,argl,argp,new_func,dup_func,free_func)); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, + new_func, dup_func, free_func); } int X509_set_ex_data(X509 *r, int idx, void *arg) @@ -183,9 +166,9 @@ void *X509_get_ex_data(X509 *r, int idx) * */ -X509 *d2i_X509_AUX(X509 **a, unsigned char **pp, long length) +X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) { - unsigned char *q; + const unsigned char *q; X509 *ret; /* Save start position */ q = *pp; @@ -209,3 +192,17 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp) if(a) length += i2d_X509_CERT_AUX(a->aux, pp); return length; } + +void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, + const X509 *x) + { + if (psig) + *psig = x->signature; + if (palg) + *palg = x->sig_alg; + } + +int X509_get_signature_nid(const X509 *x) + { + return OBJ_obj2nid(x->sig_alg->algorithm); + }