1 /* $OpenBSD: x509_genn.c,v 1.1.4.1 2020/12/08 15:08:47 tb Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
5 /* ====================================================================
6 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
62 #include <openssl/asn1t.h>
63 #include <openssl/conf.h>
64 #include <openssl/x509v3.h>
66 static const ASN1_TEMPLATE OTHERNAME_seq_tt[] = {
70 .offset = offsetof(OTHERNAME, type_id),
71 .field_name = "type_id",
72 .item = &ASN1_OBJECT_it,
74 /* Maybe have a true ANY DEFINED BY later */
76 .flags = ASN1_TFLG_EXPLICIT,
78 .offset = offsetof(OTHERNAME, value),
79 .field_name = "value",
84 const ASN1_ITEM OTHERNAME_it = {
85 .itype = ASN1_ITYPE_SEQUENCE,
86 .utype = V_ASN1_SEQUENCE,
87 .templates = OTHERNAME_seq_tt,
88 .tcount = sizeof(OTHERNAME_seq_tt) / sizeof(ASN1_TEMPLATE),
90 .size = sizeof(OTHERNAME),
96 d2i_OTHERNAME(OTHERNAME **a, const unsigned char **in, long len)
98 return (OTHERNAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
103 i2d_OTHERNAME(OTHERNAME *a, unsigned char **out)
105 return ASN1_item_i2d((ASN1_VALUE *)a, out, &OTHERNAME_it);
111 return (OTHERNAME *)ASN1_item_new(&OTHERNAME_it);
115 OTHERNAME_free(OTHERNAME *a)
117 ASN1_item_free((ASN1_VALUE *)a, &OTHERNAME_it);
120 /* Uses explicit tagging since DIRECTORYSTRING is a CHOICE type */
121 static const ASN1_TEMPLATE EDIPARTYNAME_seq_tt[] = {
123 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
125 .offset = offsetof(EDIPARTYNAME, nameAssigner),
126 .field_name = "nameAssigner",
127 .item = &DIRECTORYSTRING_it,
130 .flags = ASN1_TFLG_EXPLICIT,
132 .offset = offsetof(EDIPARTYNAME, partyName),
133 .field_name = "partyName",
134 .item = &DIRECTORYSTRING_it,
138 const ASN1_ITEM EDIPARTYNAME_it = {
139 .itype = ASN1_ITYPE_SEQUENCE,
140 .utype = V_ASN1_SEQUENCE,
141 .templates = EDIPARTYNAME_seq_tt,
142 .tcount = sizeof(EDIPARTYNAME_seq_tt) / sizeof(ASN1_TEMPLATE),
144 .size = sizeof(EDIPARTYNAME),
145 .sname = "EDIPARTYNAME",
150 d2i_EDIPARTYNAME(EDIPARTYNAME **a, const unsigned char **in, long len)
152 return (EDIPARTYNAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
157 i2d_EDIPARTYNAME(EDIPARTYNAME *a, unsigned char **out)
159 return ASN1_item_i2d((ASN1_VALUE *)a, out, &EDIPARTYNAME_it);
163 EDIPARTYNAME_new(void)
165 return (EDIPARTYNAME *)ASN1_item_new(&EDIPARTYNAME_it);
169 EDIPARTYNAME_free(EDIPARTYNAME *a)
171 ASN1_item_free((ASN1_VALUE *)a, &EDIPARTYNAME_it);
174 static const ASN1_TEMPLATE GENERAL_NAME_ch_tt[] = {
176 .flags = ASN1_TFLG_IMPLICIT,
177 .tag = GEN_OTHERNAME,
178 .offset = offsetof(GENERAL_NAME, d.otherName),
179 .field_name = "d.otherName",
180 .item = &OTHERNAME_it,
183 .flags = ASN1_TFLG_IMPLICIT,
185 .offset = offsetof(GENERAL_NAME, d.rfc822Name),
186 .field_name = "d.rfc822Name",
187 .item = &ASN1_IA5STRING_it,
190 .flags = ASN1_TFLG_IMPLICIT,
192 .offset = offsetof(GENERAL_NAME, d.dNSName),
193 .field_name = "d.dNSName",
194 .item = &ASN1_IA5STRING_it,
196 /* Don't decode this */
198 .flags = ASN1_TFLG_IMPLICIT,
200 .offset = offsetof(GENERAL_NAME, d.x400Address),
201 .field_name = "d.x400Address",
202 .item = &ASN1_SEQUENCE_it,
204 /* X509_NAME is a CHOICE type so use EXPLICIT */
206 .flags = ASN1_TFLG_EXPLICIT,
208 .offset = offsetof(GENERAL_NAME, d.directoryName),
209 .field_name = "d.directoryName",
210 .item = &X509_NAME_it,
213 .flags = ASN1_TFLG_IMPLICIT,
215 .offset = offsetof(GENERAL_NAME, d.ediPartyName),
216 .field_name = "d.ediPartyName",
217 .item = &EDIPARTYNAME_it,
220 .flags = ASN1_TFLG_IMPLICIT,
222 .offset = offsetof(GENERAL_NAME, d.uniformResourceIdentifier),
223 .field_name = "d.uniformResourceIdentifier",
224 .item = &ASN1_IA5STRING_it,
227 .flags = ASN1_TFLG_IMPLICIT,
229 .offset = offsetof(GENERAL_NAME, d.iPAddress),
230 .field_name = "d.iPAddress",
231 .item = &ASN1_OCTET_STRING_it,
234 .flags = ASN1_TFLG_IMPLICIT,
236 .offset = offsetof(GENERAL_NAME, d.registeredID),
237 .field_name = "d.registeredID",
238 .item = &ASN1_OBJECT_it,
242 const ASN1_ITEM GENERAL_NAME_it = {
243 .itype = ASN1_ITYPE_CHOICE,
244 .utype = offsetof(GENERAL_NAME, type),
245 .templates = GENERAL_NAME_ch_tt,
246 .tcount = sizeof(GENERAL_NAME_ch_tt) / sizeof(ASN1_TEMPLATE),
248 .size = sizeof(GENERAL_NAME),
249 .sname = "GENERAL_NAME",
254 d2i_GENERAL_NAME(GENERAL_NAME **a, const unsigned char **in, long len)
256 return (GENERAL_NAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
261 i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **out)
263 return ASN1_item_i2d((ASN1_VALUE *)a, out, &GENERAL_NAME_it);
267 GENERAL_NAME_new(void)
269 return (GENERAL_NAME *)ASN1_item_new(&GENERAL_NAME_it);
273 GENERAL_NAME_free(GENERAL_NAME *a)
275 ASN1_item_free((ASN1_VALUE *)a, &GENERAL_NAME_it);
278 static const ASN1_TEMPLATE GENERAL_NAMES_item_tt = {
279 .flags = ASN1_TFLG_SEQUENCE_OF,
282 .field_name = "GeneralNames",
283 .item = &GENERAL_NAME_it,
286 const ASN1_ITEM GENERAL_NAMES_it = {
287 .itype = ASN1_ITYPE_PRIMITIVE,
289 .templates = &GENERAL_NAMES_item_tt,
293 .sname = "GENERAL_NAMES",
298 d2i_GENERAL_NAMES(GENERAL_NAMES **a, const unsigned char **in, long len)
300 return (GENERAL_NAMES *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
305 i2d_GENERAL_NAMES(GENERAL_NAMES *a, unsigned char **out)
307 return ASN1_item_i2d((ASN1_VALUE *)a, out, &GENERAL_NAMES_it);
311 GENERAL_NAMES_new(void)
313 return (GENERAL_NAMES *)ASN1_item_new(&GENERAL_NAMES_it);
317 GENERAL_NAMES_free(GENERAL_NAMES *a)
319 ASN1_item_free((ASN1_VALUE *)a, &GENERAL_NAMES_it);
323 GENERAL_NAME_dup(GENERAL_NAME *a)
325 return ASN1_item_dup(&GENERAL_NAME_it, a);
329 EDIPARTYNAME_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
334 * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
335 * anyway. OTHERNAME_cmp treats NULL != NULL, so we do the same here.
337 if (a == NULL || b == NULL)
339 if (a->nameAssigner == NULL && b->nameAssigner != NULL)
341 if (a->nameAssigner != NULL && b->nameAssigner == NULL)
343 /* If we get here, both have nameAssigner set or both unset. */
344 if (a->nameAssigner != NULL) {
345 res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
350 * partyName is required, so these should never be NULL. We treat it in
351 * the same way as the a == NULL || b == NULL case above.
353 if (a->partyName == NULL || b->partyName == NULL)
356 return ASN1_STRING_cmp(a->partyName, b->partyName);
359 /* Returns 0 if they are equal, != 0 otherwise. */
361 GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
365 if (!a || !b || a->type != b->type)
369 result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
373 result = EDIPARTYNAME_cmp(a->d.ediPartyName, b->d.ediPartyName);
377 result = OTHERNAME_cmp(a->d.otherName, b->d.otherName);
383 result = ASN1_STRING_cmp(a->d.ia5, b->d.ia5);
387 result = X509_NAME_cmp(a->d.dirn, b->d.dirn);
391 result = ASN1_OCTET_STRING_cmp(a->d.ip, b->d.ip);
395 result = OBJ_cmp(a->d.rid, b->d.rid);
401 /* Returns 0 if they are equal, != 0 otherwise. */
403 OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b)
409 /* Check their type first. */
410 if ((result = OBJ_cmp(a->type_id, b->type_id)) != 0)
412 /* Check the value. */
413 result = ASN1_TYPE_cmp(a->value, b->value);
418 GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
422 a->d.x400Address = value;
426 a->d.ediPartyName = value;
430 a->d.otherName = value;
455 GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype)
461 return a->d.x400Address;
464 return a->d.ediPartyName;
467 return a->d.otherName;
489 GENERAL_NAME_set0_othername(GENERAL_NAME *gen, ASN1_OBJECT *oid,
494 oth = OTHERNAME_new();
499 GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth);
504 GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, ASN1_OBJECT **poid,
507 if (gen->type != GEN_OTHERNAME)
510 *poid = gen->d.otherName->type_id;
512 *pvalue = gen->d.otherName->value;