Absolute File Name: | /home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/asn1/x_x509.c |
Source code | Switch to Preprocessed file |
Line | Source | Count | ||||||
---|---|---|---|---|---|---|---|---|
1 | /* $OpenBSD: x_x509.c,v 1.26 2018/02/17 15:50:42 jsing Exp $ */ | - | ||||||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | - | ||||||
3 | * All rights reserved. | - | ||||||
4 | * | - | ||||||
5 | * This package is an SSL implementation written | - | ||||||
6 | * by Eric Young (eay@cryptsoft.com). | - | ||||||
7 | * The implementation was written so as to conform with Netscapes SSL. | - | ||||||
8 | * | - | ||||||
9 | * This library is free for commercial and non-commercial use as long as | - | ||||||
10 | * the following conditions are aheared to. The following conditions | - | ||||||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | - | ||||||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | - | ||||||
13 | * included with this distribution is covered by the same copyright terms | - | ||||||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | - | ||||||
15 | * | - | ||||||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | - | ||||||
17 | * the code are not to be removed. | - | ||||||
18 | * If this package is used in a product, Eric Young should be given attribution | - | ||||||
19 | * as the author of the parts of the library used. | - | ||||||
20 | * This can be in the form of a textual message at program startup or | - | ||||||
21 | * in documentation (online or textual) provided with the package. | - | ||||||
22 | * | - | ||||||
23 | * Redistribution and use in source and binary forms, with or without | - | ||||||
24 | * modification, are permitted provided that the following conditions | - | ||||||
25 | * are met: | - | ||||||
26 | * 1. Redistributions of source code must retain the copyright | - | ||||||
27 | * notice, this list of conditions and the following disclaimer. | - | ||||||
28 | * 2. Redistributions in binary form must reproduce the above copyright | - | ||||||
29 | * notice, this list of conditions and the following disclaimer in the | - | ||||||
30 | * documentation and/or other materials provided with the distribution. | - | ||||||
31 | * 3. All advertising materials mentioning features or use of this software | - | ||||||
32 | * must display the following acknowledgement: | - | ||||||
33 | * "This product includes cryptographic software written by | - | ||||||
34 | * Eric Young (eay@cryptsoft.com)" | - | ||||||
35 | * The word 'cryptographic' can be left out if the rouines from the library | - | ||||||
36 | * being used are not cryptographic related :-). | - | ||||||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | - | ||||||
38 | * the apps directory (application code) you must include an acknowledgement: | - | ||||||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | - | ||||||
40 | * | - | ||||||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | - | ||||||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | - | ||||||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | - | ||||||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | - | ||||||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | - | ||||||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | - | ||||||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | - | ||||||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | - | ||||||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | - | ||||||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | - | ||||||
51 | * SUCH DAMAGE. | - | ||||||
52 | * | - | ||||||
53 | * The licence and distribution terms for any publically available version or | - | ||||||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | - | ||||||
55 | * copied and put under another distribution licence | - | ||||||
56 | * [including the GNU Public Licence.] | - | ||||||
57 | */ | - | ||||||
58 | - | |||||||
59 | #include <stdio.h> | - | ||||||
60 | - | |||||||
61 | #include <openssl/opensslconf.h> | - | ||||||
62 | - | |||||||
63 | #include <openssl/asn1t.h> | - | ||||||
64 | #include <openssl/evp.h> | - | ||||||
65 | #include <openssl/x509.h> | - | ||||||
66 | #include <openssl/x509v3.h> | - | ||||||
67 | - | |||||||
68 | static const ASN1_AUX X509_CINF_aux = { | - | ||||||
69 | .flags = ASN1_AFLG_ENCODING, | - | ||||||
70 | .enc_offset = offsetof(X509_CINF, enc), | - | ||||||
71 | }; | - | ||||||
72 | static const ASN1_TEMPLATE X509_CINF_seq_tt[] = { | - | ||||||
73 | { | - | ||||||
74 | .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, | - | ||||||
75 | .offset = offsetof(X509_CINF, version), | - | ||||||
76 | .field_name = "version", | - | ||||||
77 | .item = &ASN1_INTEGER_it, | - | ||||||
78 | }, | - | ||||||
79 | { | - | ||||||
80 | .offset = offsetof(X509_CINF, serialNumber), | - | ||||||
81 | .field_name = "serialNumber", | - | ||||||
82 | .item = &ASN1_INTEGER_it, | - | ||||||
83 | }, | - | ||||||
84 | { | - | ||||||
85 | .offset = offsetof(X509_CINF, signature), | - | ||||||
86 | .field_name = "signature", | - | ||||||
87 | .item = &X509_ALGOR_it, | - | ||||||
88 | }, | - | ||||||
89 | { | - | ||||||
90 | .offset = offsetof(X509_CINF, issuer), | - | ||||||
91 | .field_name = "issuer", | - | ||||||
92 | .item = &X509_NAME_it, | - | ||||||
93 | }, | - | ||||||
94 | { | - | ||||||
95 | .offset = offsetof(X509_CINF, validity), | - | ||||||
96 | .field_name = "validity", | - | ||||||
97 | .item = &X509_VAL_it, | - | ||||||
98 | }, | - | ||||||
99 | { | - | ||||||
100 | .offset = offsetof(X509_CINF, subject), | - | ||||||
101 | .field_name = "subject", | - | ||||||
102 | .item = &X509_NAME_it, | - | ||||||
103 | }, | - | ||||||
104 | { | - | ||||||
105 | .offset = offsetof(X509_CINF, key), | - | ||||||
106 | .field_name = "key", | - | ||||||
107 | .item = &X509_PUBKEY_it, | - | ||||||
108 | }, | - | ||||||
109 | { | - | ||||||
110 | .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, | - | ||||||
111 | .tag = 1, | - | ||||||
112 | .offset = offsetof(X509_CINF, issuerUID), | - | ||||||
113 | .field_name = "issuerUID", | - | ||||||
114 | .item = &ASN1_BIT_STRING_it, | - | ||||||
115 | }, | - | ||||||
116 | { | - | ||||||
117 | .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, | - | ||||||
118 | .tag = 2, | - | ||||||
119 | .offset = offsetof(X509_CINF, subjectUID), | - | ||||||
120 | .field_name = "subjectUID", | - | ||||||
121 | .item = &ASN1_BIT_STRING_it, | - | ||||||
122 | }, | - | ||||||
123 | { | - | ||||||
124 | .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | | - | ||||||
125 | ASN1_TFLG_OPTIONAL, | - | ||||||
126 | .tag = 3, | - | ||||||
127 | .offset = offsetof(X509_CINF, extensions), | - | ||||||
128 | .field_name = "extensions", | - | ||||||
129 | .item = &X509_EXTENSION_it, | - | ||||||
130 | }, | - | ||||||
131 | }; | - | ||||||
132 | - | |||||||
133 | const ASN1_ITEM X509_CINF_it = { | - | ||||||
134 | .itype = ASN1_ITYPE_SEQUENCE, | - | ||||||
135 | .utype = V_ASN1_SEQUENCE, | - | ||||||
136 | .templates = X509_CINF_seq_tt, | - | ||||||
137 | .tcount = sizeof(X509_CINF_seq_tt) / sizeof(ASN1_TEMPLATE), | - | ||||||
138 | .funcs = &X509_CINF_aux, | - | ||||||
139 | .size = sizeof(X509_CINF), | - | ||||||
140 | .sname = "X509_CINF", | - | ||||||
141 | }; | - | ||||||
142 | - | |||||||
143 | - | |||||||
144 | X509_CINF * | - | ||||||
145 | d2i_X509_CINF(X509_CINF **a, const unsigned char **in, long len) | - | ||||||
146 | { | - | ||||||
147 | return (X509_CINF *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, never executed: return (X509_CINF *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, &X509_CINF_it); | 0 | ||||||
148 | &X509_CINF_it); never executed: return (X509_CINF *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, &X509_CINF_it); | 0 | ||||||
149 | } | - | ||||||
150 | - | |||||||
151 | int | - | ||||||
152 | i2d_X509_CINF(X509_CINF *a, unsigned char **out) | - | ||||||
153 | { | - | ||||||
154 | return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CINF_it); never executed: return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CINF_it); | 0 | ||||||
155 | } | - | ||||||
156 | - | |||||||
157 | X509_CINF * | - | ||||||
158 | X509_CINF_new(void) | - | ||||||
159 | { | - | ||||||
160 | return (X509_CINF *)ASN1_item_new(&X509_CINF_it); never executed: return (X509_CINF *)ASN1_item_new(&X509_CINF_it); | 0 | ||||||
161 | } | - | ||||||
162 | - | |||||||
163 | void | - | ||||||
164 | X509_CINF_free(X509_CINF *a) | - | ||||||
165 | { | - | ||||||
166 | ASN1_item_free((ASN1_VALUE *)a, &X509_CINF_it); | - | ||||||
167 | } executed 1 time by 1 test: end of block Executed by:
| 1 | ||||||
168 | /* X509 top level structure needs a bit of customisation */ | - | ||||||
169 | - | |||||||
170 | extern void policy_cache_free(X509_POLICY_CACHE *cache); | - | ||||||
171 | - | |||||||
172 | static int | - | ||||||
173 | x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) | - | ||||||
174 | { | - | ||||||
175 | X509 *ret = (X509 *)*pval; | - | ||||||
176 | - | |||||||
177 | switch (operation) { | - | ||||||
178 | - | |||||||
179 | case ASN1_OP_NEW_POST: executed 249 times by 8 tests: case 1: Executed by:
| 249 | ||||||
180 | ret->valid = 0; | - | ||||||
181 | ret->name = NULL; | - | ||||||
182 | ret->ex_flags = 0; | - | ||||||
183 | ret->ex_pathlen = -1; | - | ||||||
184 | ret->skid = NULL; | - | ||||||
185 | ret->akid = NULL; | - | ||||||
186 | ret->aux = NULL; | - | ||||||
187 | ret->crldp = NULL; | - | ||||||
188 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); | - | ||||||
189 | break; executed 249 times by 8 tests: break; Executed by:
| 249 | ||||||
190 | - | |||||||
191 | case ASN1_OP_D2I_POST: executed 219 times by 7 tests: case 5: Executed by:
| 219 | ||||||
192 | free(ret->name); | - | ||||||
193 | ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0); | - | ||||||
194 | break; executed 219 times by 7 tests: break; Executed by:
| 219 | ||||||
195 | - | |||||||
196 | case ASN1_OP_FREE_POST: executed 244 times by 7 tests: case 3: Executed by:
| 244 | ||||||
197 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); | - | ||||||
198 | X509_CERT_AUX_free(ret->aux); | - | ||||||
199 | ASN1_OCTET_STRING_free(ret->skid); | - | ||||||
200 | AUTHORITY_KEYID_free(ret->akid); | - | ||||||
201 | CRL_DIST_POINTS_free(ret->crldp); | - | ||||||
202 | policy_cache_free(ret->policy_cache); | - | ||||||
203 | GENERAL_NAMES_free(ret->altname); | - | ||||||
204 | NAME_CONSTRAINTS_free(ret->nc); | - | ||||||
205 | free(ret->name); | - | ||||||
206 | ret->name = NULL; | - | ||||||
207 | break; executed 244 times by 7 tests: break; Executed by:
| 244 | ||||||
208 | } | - | ||||||
209 | - | |||||||
210 | return 1; executed 2390 times by 8 tests: return 1; Executed by:
| 2390 | ||||||
211 | } | - | ||||||
212 | - | |||||||
213 | static const ASN1_AUX X509_aux = { | - | ||||||
214 | .app_data = NULL, | - | ||||||
215 | .flags = ASN1_AFLG_REFCOUNT, | - | ||||||
216 | .ref_offset = offsetof(X509, references), | - | ||||||
217 | .ref_lock = CRYPTO_LOCK_X509, | - | ||||||
218 | .asn1_cb = x509_cb, | - | ||||||
219 | }; | - | ||||||
220 | static const ASN1_TEMPLATE X509_seq_tt[] = { | - | ||||||
221 | { | - | ||||||
222 | .offset = offsetof(X509, cert_info), | - | ||||||
223 | .field_name = "cert_info", | - | ||||||
224 | .item = &X509_CINF_it, | - | ||||||
225 | }, | - | ||||||
226 | { | - | ||||||
227 | .offset = offsetof(X509, sig_alg), | - | ||||||
228 | .field_name = "sig_alg", | - | ||||||
229 | .item = &X509_ALGOR_it, | - | ||||||
230 | }, | - | ||||||
231 | { | - | ||||||
232 | .offset = offsetof(X509, signature), | - | ||||||
233 | .field_name = "signature", | - | ||||||
234 | .item = &ASN1_BIT_STRING_it, | - | ||||||
235 | }, | - | ||||||
236 | }; | - | ||||||
237 | - | |||||||
238 | const ASN1_ITEM X509_it = { | - | ||||||
239 | .itype = ASN1_ITYPE_SEQUENCE, | - | ||||||
240 | .utype = V_ASN1_SEQUENCE, | - | ||||||
241 | .templates = X509_seq_tt, | - | ||||||
242 | .tcount = sizeof(X509_seq_tt) / sizeof(ASN1_TEMPLATE), | - | ||||||
243 | .funcs = &X509_aux, | - | ||||||
244 | .size = sizeof(X509), | - | ||||||
245 | .sname = "X509", | - | ||||||
246 | }; | - | ||||||
247 | - | |||||||
248 | - | |||||||
249 | X509 * | - | ||||||
250 | d2i_X509(X509 **a, const unsigned char **in, long len) | - | ||||||
251 | { | - | ||||||
252 | return (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, executed 216 times by 7 tests: return (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, &X509_it); Executed by:
| 216 | ||||||
253 | &X509_it); executed 216 times by 7 tests: return (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, &X509_it); Executed by:
| 216 | ||||||
254 | } | - | ||||||
255 | - | |||||||
256 | int | - | ||||||
257 | i2d_X509(X509 *a, unsigned char **out) | - | ||||||
258 | { | - | ||||||
259 | return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_it); executed 217 times by 5 tests: return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_it); Executed by:
| 217 | ||||||
260 | } | - | ||||||
261 | - | |||||||
262 | X509 * | - | ||||||
263 | X509_new(void) | - | ||||||
264 | { | - | ||||||
265 | return (X509 *)ASN1_item_new(&X509_it); executed 30 times by 2 tests: return (X509 *)ASN1_item_new(&X509_it); Executed by:
| 30 | ||||||
266 | } | - | ||||||
267 | - | |||||||
268 | void | - | ||||||
269 | X509_free(X509 *a) | - | ||||||
270 | { | - | ||||||
271 | ASN1_item_free((ASN1_VALUE *)a, &X509_it); | - | ||||||
272 | } executed 3519 times by 17 tests: end of block Executed by:
| 3519 | ||||||
273 | - | |||||||
274 | X509 * | - | ||||||
275 | X509_dup(X509 *x) | - | ||||||
276 | { | - | ||||||
277 | return ASN1_item_dup(&X509_it, x); never executed: return ASN1_item_dup(&X509_it, x); | 0 | ||||||
278 | } | - | ||||||
279 | - | |||||||
280 | int | - | ||||||
281 | X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | - | ||||||
282 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | - | ||||||
283 | { | - | ||||||
284 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, never executed: return CRYPTO_get_ex_new_index(10, argl, argp, new_func, dup_func, free_func); | 0 | ||||||
285 | new_func, dup_func, free_func); never executed: return CRYPTO_get_ex_new_index(10, argl, argp, new_func, dup_func, free_func); | 0 | ||||||
286 | } | - | ||||||
287 | - | |||||||
288 | int | - | ||||||
289 | X509_set_ex_data(X509 *r, int idx, void *arg) | - | ||||||
290 | { | - | ||||||
291 | return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); never executed: return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); | 0 | ||||||
292 | } | - | ||||||
293 | - | |||||||
294 | void * | - | ||||||
295 | X509_get_ex_data(X509 *r, int idx) | - | ||||||
296 | { | - | ||||||
297 | return (CRYPTO_get_ex_data(&r->ex_data, idx)); never executed: return (CRYPTO_get_ex_data(&r->ex_data, idx)); | 0 | ||||||
298 | } | - | ||||||
299 | - | |||||||
300 | /* X509_AUX ASN1 routines. X509_AUX is the name given to | - | ||||||
301 | * a certificate with extra info tagged on the end. Since these | - | ||||||
302 | * functions set how a certificate is trusted they should only | - | ||||||
303 | * be used when the certificate comes from a reliable source | - | ||||||
304 | * such as local storage. | - | ||||||
305 | * | - | ||||||
306 | */ | - | ||||||
307 | - | |||||||
308 | X509 * | - | ||||||
309 | d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) | - | ||||||
310 | { | - | ||||||
311 | const unsigned char *q; | - | ||||||
312 | X509 *ret; | - | ||||||
313 | - | |||||||
314 | /* Save start position */ | - | ||||||
315 | q = *pp; | - | ||||||
316 | ret = d2i_X509(NULL, pp, length); | - | ||||||
317 | /* If certificate unreadable then forget it */ | - | ||||||
318 | if (!ret)
| 0-8 | ||||||
319 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
320 | /* update length */ | - | ||||||
321 | length -= *pp - q; | - | ||||||
322 | if (length > 0) {
| 0-8 | ||||||
323 | if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
| 0 | ||||||
324 | goto err; never executed: goto err; | 0 | ||||||
325 | } never executed: end of block | 0 | ||||||
326 | if (a != NULL) {
| 0-8 | ||||||
327 | X509_free(*a); | - | ||||||
328 | *a = ret; | - | ||||||
329 | } never executed: end of block | 0 | ||||||
330 | return ret; executed 8 times by 3 tests: return ret; Executed by:
| 8 | ||||||
331 | - | |||||||
332 | err: | - | ||||||
333 | X509_free(ret); | - | ||||||
334 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
335 | } | - | ||||||
336 | - | |||||||
337 | int | - | ||||||
338 | i2d_X509_AUX(X509 *a, unsigned char **pp) | - | ||||||
339 | { | - | ||||||
340 | int length; | - | ||||||
341 | - | |||||||
342 | length = i2d_X509(a, pp); | - | ||||||
343 | if (a)
| 0 | ||||||
344 | length += i2d_X509_CERT_AUX(a->aux, pp); never executed: length += i2d_X509_CERT_AUX(a->aux, pp); | 0 | ||||||
345 | return length; never executed: return length; | 0 | ||||||
346 | } | - | ||||||
347 | - | |||||||
348 | void | - | ||||||
349 | X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, | - | ||||||
350 | const X509 *x) | - | ||||||
351 | { | - | ||||||
352 | if (psig != NULL)
| 0 | ||||||
353 | *psig = x->signature; never executed: *psig = x->signature; | 0 | ||||||
354 | if (palg != NULL)
| 0 | ||||||
355 | *palg = x->sig_alg; never executed: *palg = x->sig_alg; | 0 | ||||||
356 | } never executed: end of block | 0 | ||||||
357 | - | |||||||
358 | int | - | ||||||
359 | X509_get_signature_nid(const X509 *x) | - | ||||||
360 | { | - | ||||||
361 | return OBJ_obj2nid(x->sig_alg->algorithm); never executed: return OBJ_obj2nid(x->sig_alg->algorithm); | 0 | ||||||
362 | } | - | ||||||
Source code | Switch to Preprocessed file |