OpenCoverage

x509_req.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/x509/x509_req.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: x509_req.c,v 1.21 2018/05/13 06:48:00 tb Exp $ */-
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)-
3 * All rights reserved.-
4 *-
5 * This package is an SSL implementation written-
6 * by Eric Young (eay@cryptsoft.com).-
7 * The implementation was written so as to conform with Netscapes SSL.-
8 *-
9 * This library is free for commercial and non-commercial use as long as-
10 * the following conditions are aheared to. The following conditions-
11 * apply to all code found in this distribution, be it the RC4, RSA,-
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation-
13 * included with this distribution is covered by the same copyright terms-
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).-
15 *-
16 * Copyright remains Eric Young's, and as such any Copyright notices in-
17 * the code are not to be removed.-
18 * If this package is used in a product, Eric Young should be given attribution-
19 * as the author of the parts of the library used.-
20 * This can be in the form of a textual message at program startup or-
21 * in documentation (online or textual) provided with the package.-
22 *-
23 * Redistribution and use in source and binary forms, with or without-
24 * modification, are permitted provided that the following conditions-
25 * are met:-
26 * 1. Redistributions of source code must retain the copyright-
27 * notice, this list of conditions and the following disclaimer.-
28 * 2. Redistributions in binary form must reproduce the above copyright-
29 * notice, this list of conditions and the following disclaimer in the-
30 * documentation and/or other materials provided with the distribution.-
31 * 3. All advertising materials mentioning features or use of this software-
32 * must display the following acknowledgement:-
33 * "This product includes cryptographic software written by-
34 * Eric Young (eay@cryptsoft.com)"-
35 * The word 'cryptographic' can be left out if the rouines from the library-
36 * being used are not cryptographic related :-).-
37 * 4. If you include any Windows specific code (or a derivative thereof) from-
38 * the apps directory (application code) you must include an acknowledgement:-
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"-
40 *-
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND-
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE-
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE-
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL-
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS-
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT-
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY-
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF-
51 * SUCH DAMAGE.-
52 *-
53 * The licence and distribution terms for any publically available version or-
54 * derivative of this code cannot be changed. i.e. this code cannot simply be-
55 * copied and put under another distribution licence-
56 * [including the GNU Public Licence.]-
57 */-
58-
59#include <stdio.h>-
60-
61#include <openssl/opensslconf.h>-
62-
63#include <openssl/asn1.h>-
64#include <openssl/asn1t.h>-
65#include <openssl/bn.h>-
66#include <openssl/buffer.h>-
67#include <openssl/err.h>-
68#include <openssl/evp.h>-
69#include <openssl/objects.h>-
70#include <openssl/pem.h>-
71#include <openssl/x509.h>-
72-
73X509_REQ *-
74X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)-
75{-
76 X509_REQ *ret;-
77 X509_REQ_INFO *ri;-
78 int i;-
79 EVP_PKEY *pktmp;-
80-
81 ret = X509_REQ_new();-
82 if (ret == NULL) {
ret == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
83 X509error(ERR_R_MALLOC_FAILURE);-
84 goto err;
never executed: goto err;
0
85 }-
86-
87 ri = ret->req_info;-
88-
89 if ((ri->version = ASN1_INTEGER_new()) == NULL)
(ri->version =...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
90 goto err;
never executed: goto err;
0
91 if (ASN1_INTEGER_set(ri->version, 0) == 0)
ASN1_INTEGER_s...rsion, 0) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
92 goto err;
never executed: goto err;
0
93-
94 if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
!X509_REQ_set_...bject_name(x))Description
TRUEnever evaluated
FALSEnever evaluated
0
95 goto err;
never executed: goto err;
0
96-
97 if ((pktmp = X509_get_pubkey(x)) == NULL)
(pktmp = X509_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
98 goto err;
never executed: goto err;
0
99-
100 i = X509_REQ_set_pubkey(ret, pktmp);-
101 EVP_PKEY_free(pktmp);-
102 if (!i)
!iDescription
TRUEnever evaluated
FALSEnever evaluated
0
103 goto err;
never executed: goto err;
0
104-
105 if (pkey != NULL) {
pkey != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
106 if (!X509_REQ_sign(ret, pkey, md))
!X509_REQ_sign(ret, pkey, md)Description
TRUEnever evaluated
FALSEnever evaluated
0
107 goto err;
never executed: goto err;
0
108 }
never executed: end of block
0
109 return (ret);
never executed: return (ret);
0
110-
111err:-
112 X509_REQ_free(ret);-
113 return (NULL);
never executed: return ( ((void *)0) );
0
114}-
115-
116EVP_PKEY *-
117X509_REQ_get_pubkey(X509_REQ *req)-
118{-
119 if ((req == NULL) || (req->req_info == NULL))
(req == ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
(req->req_info... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.44.0.1
0-2
120 return (NULL);
never executed: return ( ((void *)0) );
0
121 return (X509_PUBKEY_get(req->req_info->pubkey));
executed 2 times by 1 test: return (X509_PUBKEY_get(req->req_info->pubkey));
Executed by:
  • libcrypto.so.44.0.1
2
122}-
123-
124int-
125X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)-
126{-
127 EVP_PKEY *xk = NULL;-
128 int ok = 0;-
129-
130 xk = X509_REQ_get_pubkey(x);-
131 switch (EVP_PKEY_cmp(xk, k)) {-
132 case 1:
never executed: case 1:
0
133 ok = 1;-
134 break;
never executed: break;
0
135 case 0:
never executed: case 0:
0
136 X509error(X509_R_KEY_VALUES_MISMATCH);-
137 break;
never executed: break;
0
138 case -1:
never executed: case -1:
0
139 X509error(X509_R_KEY_TYPE_MISMATCH);-
140 break;
never executed: break;
0
141 case -2:
never executed: case -2:
0
142#ifndef OPENSSL_NO_EC-
143 if (k->type == EVP_PKEY_EC) {
k->type == 408Description
TRUEnever evaluated
FALSEnever evaluated
0
144 X509error(ERR_R_EC_LIB);-
145 break;
never executed: break;
0
146 }-
147#endif-
148#ifndef OPENSSL_NO_DH-
149 if (k->type == EVP_PKEY_DH) {
k->type == 28Description
TRUEnever evaluated
FALSEnever evaluated
0
150 /* No idea */-
151 X509error(X509_R_CANT_CHECK_DH_KEY);-
152 break;
never executed: break;
0
153 }-
154#endif-
155 X509error(X509_R_UNKNOWN_KEY_TYPE);-
156 }
never executed: end of block
0
157-
158 EVP_PKEY_free(xk);-
159 return (ok);
never executed: return (ok);
0
160}-
161-
162/* It seems several organisations had the same idea of including a list of-
163 * extensions in a certificate request. There are at least two OIDs that are-
164 * used and there may be more: so the list is configurable.-
165 */-
166-
167static int ext_nid_list[] = {NID_ext_req, NID_ms_ext_req, NID_undef};-
168-
169static int *ext_nids = ext_nid_list;-
170-
171int-
172X509_REQ_extension_nid(int req_nid)-
173{-
174 int i, nid;-
175-
176 for (i = 0; ; i++) {-
177 nid = ext_nids[i];-
178 if (nid == NID_undef)
nid == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
179 return 0;
never executed: return 0;
0
180 else if (req_nid == nid)
req_nid == nidDescription
TRUEnever evaluated
FALSEnever evaluated
0
181 return 1;
never executed: return 1;
0
182 }
never executed: end of block
0
183}
never executed: end of block
0
184-
185int *-
186X509_REQ_get_extension_nids(void)-
187{-
188 return ext_nids;
never executed: return ext_nids;
0
189}-
190-
191void-
192X509_REQ_set_extension_nids(int *nids)-
193{-
194 ext_nids = nids;-
195}
never executed: end of block
0
196-
197STACK_OF(X509_EXTENSION) *-
198X509_REQ_get_extensions(X509_REQ *req)-
199{-
200 X509_ATTRIBUTE *attr;-
201 ASN1_TYPE *ext = NULL;-
202 int idx, *pnid;-
203 const unsigned char *p;-
204-
205 if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
(req == ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
(req->req_info... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
!ext_nidsDescription
TRUEnever evaluated
FALSEnever evaluated
0
206 return (NULL);
never executed: return ( ((void *)0) );
0
207 for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
*pnid != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
208 idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);-
209 if (idx == -1)
idx == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
210 continue;
never executed: continue;
0
211 attr = X509_REQ_get_attr(req, idx);-
212 if (attr->single)
attr->singleDescription
TRUEnever evaluated
FALSEnever evaluated
0
213 ext = attr->value.single;
never executed: ext = attr->value.single;
0
214 else if (sk_ASN1_TYPE_num(attr->value.set))
sk_num(((_STAC...SN1_TYPE*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
215 ext = sk_ASN1_TYPE_value(attr->value.set, 0);
never executed: ext = ((ASN1_TYPE *)sk_value(((_STACK*) (1 ? (attr->value.set) : (struct stack_st_ASN1_TYPE*)0)), (0)));
0
216 break;
never executed: break;
0
217 }-
218 if (!ext || (ext->type != V_ASN1_SEQUENCE))
!extDescription
TRUEnever evaluated
FALSEnever evaluated
(ext->type != 16)Description
TRUEnever evaluated
FALSEnever evaluated
0
219 return NULL;
never executed: return ((void *)0) ;
0
220 p = ext->value.sequence->data;-
221 return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p,
never executed: return (struct stack_st_X509_EXTENSION *)ASN1_item_d2i( ((void *)0) , &p, ext->value.sequence->length, &X509_EXTENSIONS_it);
0
222 ext->value.sequence->length, &X509_EXTENSIONS_it);
never executed: return (struct stack_st_X509_EXTENSION *)ASN1_item_d2i( ((void *)0) , &p, ext->value.sequence->length, &X509_EXTENSIONS_it);
0
223}-
224-
225/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs-
226 * in case we want to create a non standard one.-
227 */-
228-
229int-
230X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,-
231 int nid)-
232{-
233 ASN1_TYPE *at = NULL;-
234 X509_ATTRIBUTE *attr = NULL;-
235-
236 if (!(at = ASN1_TYPE_new()) ||
!(at = ASN1_TYPE_new())Description
TRUEnever evaluated
FALSEnever evaluated
0
237 !(at->value.sequence = ASN1_STRING_new()))
!(at->value.se..._STRING_new())Description
TRUEnever evaluated
FALSEnever evaluated
0
238 goto err;
never executed: goto err;
0
239-
240 at->type = V_ASN1_SEQUENCE;-
241 /* Generate encoding of extensions */-
242 at->value.sequence->length = ASN1_item_i2d((ASN1_VALUE *)exts,-
243 &at->value.sequence->data, &X509_EXTENSIONS_it);-
244 if (!(attr = X509_ATTRIBUTE_new()))
!(attr = X509_ATTRIBUTE_new())Description
TRUEnever evaluated
FALSEnever evaluated
0
245 goto err;
never executed: goto err;
0
246 if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
!(attr->value....k_new_null()))Description
TRUEnever evaluated
FALSEnever evaluated
0
247 goto err;
never executed: goto err;
0
248 if (!sk_ASN1_TYPE_push(attr->value.set, at))
!sk_push(((_ST...SN1_TYPE*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
249 goto err;
never executed: goto err;
0
250 at = NULL;-
251 attr->single = 0;-
252 attr->object = OBJ_nid2obj(nid);-
253 if (!req->req_info->attributes) {
!req->req_info->attributesDescription
TRUEnever evaluated
FALSEnever evaluated
0
254 if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
!(req->req_inf...k_new_null()))Description
TRUEnever evaluated
FALSEnever evaluated
0
255 goto err;
never executed: goto err;
0
256 }
never executed: end of block
0
257 if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr))
!sk_push(((_ST...TTRIBUTE*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
258 goto err;
never executed: goto err;
0
259 return 1;
never executed: return 1;
0
260-
261err:-
262 X509_ATTRIBUTE_free(attr);-
263 ASN1_TYPE_free(at);-
264 return 0;
never executed: return 0;
0
265}-
266-
267/* This is the normal usage: use the "official" OID */-
268int-
269X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)-
270{-
271 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
never executed: return X509_REQ_add_extensions_nid(req, exts, 172);
0
272}-
273-
274/* Request attribute functions */-
275-
276int-
277X509_REQ_get_attr_count(const X509_REQ *req)-
278{-
279 return X509at_get_attr_count(req->req_info->attributes);
never executed: return X509at_get_attr_count(req->req_info->attributes);
0
280}-
281-
282int-
283X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos)-
284{-
285 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
never executed: return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
0
286}-
287-
288int-
289X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,-
290 int lastpos)-
291{-
292 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
never executed: return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
0
293}-
294-
295X509_ATTRIBUTE *-
296X509_REQ_get_attr(const X509_REQ *req, int loc)-
297{-
298 return X509at_get_attr(req->req_info->attributes, loc);
never executed: return X509at_get_attr(req->req_info->attributes, loc);
0
299}-
300-
301X509_ATTRIBUTE *-
302X509_REQ_delete_attr(X509_REQ *req, int loc)-
303{-
304 return X509at_delete_attr(req->req_info->attributes, loc);
never executed: return X509at_delete_attr(req->req_info->attributes, loc);
0
305}-
306-
307int-
308X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)-
309{-
310 if (X509at_add1_attr(&req->req_info->attributes, attr))
X509at_add1_at...ributes, attr)Description
TRUEnever evaluated
FALSEnever evaluated
0
311 return 1;
never executed: return 1;
0
312 return 0;
never executed: return 0;
0
313}-
314-
315int-
316X509_REQ_add1_attr_by_OBJ(X509_REQ *req, const ASN1_OBJECT *obj, int type,-
317 const unsigned char *bytes, int len)-
318{-
319 if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
X509at_add1_at...e, bytes, len)Description
TRUEnever evaluated
FALSEnever evaluated
0
320 type, bytes, len))
X509at_add1_at...e, bytes, len)Description
TRUEnever evaluated
FALSEnever evaluated
0
321 return 1;
never executed: return 1;
0
322 return 0;
never executed: return 0;
0
323}-
324-
325int-
326X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int type,-
327 const unsigned char *bytes, int len)-
328{-
329 if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
X509at_add1_at...e, bytes, len)Description
TRUEnever evaluated
FALSEnever evaluated
0
330 type, bytes, len))
X509at_add1_at...e, bytes, len)Description
TRUEnever evaluated
FALSEnever evaluated
0
331 return 1;
never executed: return 1;
0
332 return 0;
never executed: return 0;
0
333}-
334-
335int-
336X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int type,-
337 const unsigned char *bytes, int len)-
338{-
339 if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
X509at_add1_at...e, bytes, len)Description
TRUEnever evaluated
FALSEnever evaluated
0
340 type, bytes, len))
X509at_add1_at...e, bytes, len)Description
TRUEnever evaluated
FALSEnever evaluated
0
341 return 1;
never executed: return 1;
0
342 return 0;
never executed: return 0;
0
343}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2