1 // Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include <openssl/asn1.h>
16 #include <openssl/cipher.h>
17 #include <openssl/evp.h>
18 #include <openssl/obj.h>
19 #include <openssl/x509.h>
20 
21 #include "internal.h"
22 
23 
X509_get_version(const X509 * x509)24 long X509_get_version(const X509 *x509) {
25   // The default version is v1(0).
26   if (x509->cert_info->version == NULL) {
27     return X509_VERSION_1;
28   }
29   return ASN1_INTEGER_get(x509->cert_info->version);
30 }
31 
X509_set_version(X509 * x,long version)32 int X509_set_version(X509 *x, long version) {
33   if (x == NULL) {
34     return 0;
35   }
36 
37   if (version < X509_VERSION_1 || version > X509_VERSION_3) {
38     OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION);
39     return 0;
40   }
41 
42   // v1(0) is default and is represented by omitting the version.
43   if (version == X509_VERSION_1) {
44     ASN1_INTEGER_free(x->cert_info->version);
45     x->cert_info->version = NULL;
46     return 1;
47   }
48 
49   if (x->cert_info->version == NULL) {
50     x->cert_info->version = ASN1_INTEGER_new();
51     if (x->cert_info->version == NULL) {
52       return 0;
53     }
54   }
55   return ASN1_INTEGER_set_int64(x->cert_info->version, version);
56 }
57 
X509_set_serialNumber(X509 * x,const ASN1_INTEGER * serial)58 int X509_set_serialNumber(X509 *x, const ASN1_INTEGER *serial) {
59   if (serial->type != V_ASN1_INTEGER && serial->type != V_ASN1_NEG_INTEGER) {
60     OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
61     return 0;
62   }
63 
64   ASN1_INTEGER *in;
65   if (x == NULL) {
66     return 0;
67   }
68   in = x->cert_info->serialNumber;
69   if (in != serial) {
70     in = ASN1_INTEGER_dup(serial);
71     if (in != NULL) {
72       ASN1_INTEGER_free(x->cert_info->serialNumber);
73       x->cert_info->serialNumber = in;
74     }
75   }
76   return in != NULL;
77 }
78 
X509_set_issuer_name(X509 * x,X509_NAME * name)79 int X509_set_issuer_name(X509 *x, X509_NAME *name) {
80   if ((x == NULL) || (x->cert_info == NULL)) {
81     return 0;
82   }
83   return (X509_NAME_set(&x->cert_info->issuer, name));
84 }
85 
X509_set_subject_name(X509 * x,X509_NAME * name)86 int X509_set_subject_name(X509 *x, X509_NAME *name) {
87   if ((x == NULL) || (x->cert_info == NULL)) {
88     return 0;
89   }
90   return (X509_NAME_set(&x->cert_info->subject, name));
91 }
92 
X509_set1_notBefore(X509 * x,const ASN1_TIME * tm)93 int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm) {
94   ASN1_TIME *in;
95 
96   if ((x == NULL) || (x->cert_info->validity == NULL)) {
97     return 0;
98   }
99   in = x->cert_info->validity->notBefore;
100   if (in != tm) {
101     in = ASN1_STRING_dup(tm);
102     if (in != NULL) {
103       ASN1_TIME_free(x->cert_info->validity->notBefore);
104       x->cert_info->validity->notBefore = in;
105     }
106   }
107   return in != NULL;
108 }
109 
X509_set_notBefore(X509 * x,const ASN1_TIME * tm)110 int X509_set_notBefore(X509 *x, const ASN1_TIME *tm) {
111   return X509_set1_notBefore(x, tm);
112 }
113 
X509_get0_notBefore(const X509 * x)114 const ASN1_TIME *X509_get0_notBefore(const X509 *x) {
115   return x->cert_info->validity->notBefore;
116 }
117 
X509_getm_notBefore(X509 * x)118 ASN1_TIME *X509_getm_notBefore(X509 *x) {
119   // Note this function takes a const |X509| pointer in OpenSSL. We require
120   // non-const as this allows mutating |x|. If it comes up for compatibility,
121   // we can relax this.
122   return x->cert_info->validity->notBefore;
123 }
124 
X509_get_notBefore(const X509 * x509)125 ASN1_TIME *X509_get_notBefore(const X509 *x509) {
126   // In OpenSSL, this function is an alias for |X509_getm_notBefore|, but our
127   // |X509_getm_notBefore| is const-correct. |X509_get_notBefore| was
128   // originally a macro, so it needs to capture both get0 and getm use cases.
129   return x509->cert_info->validity->notBefore;
130 }
131 
X509_set1_notAfter(X509 * x,const ASN1_TIME * tm)132 int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) {
133   ASN1_TIME *in;
134 
135   if ((x == NULL) || (x->cert_info->validity == NULL)) {
136     return 0;
137   }
138   in = x->cert_info->validity->notAfter;
139   if (in != tm) {
140     in = ASN1_STRING_dup(tm);
141     if (in != NULL) {
142       ASN1_TIME_free(x->cert_info->validity->notAfter);
143       x->cert_info->validity->notAfter = in;
144     }
145   }
146   return in != NULL;
147 }
148 
X509_set_notAfter(X509 * x,const ASN1_TIME * tm)149 int X509_set_notAfter(X509 *x, const ASN1_TIME *tm) {
150   return X509_set1_notAfter(x, tm);
151 }
152 
X509_get0_notAfter(const X509 * x)153 const ASN1_TIME *X509_get0_notAfter(const X509 *x) {
154   return x->cert_info->validity->notAfter;
155 }
156 
X509_getm_notAfter(X509 * x)157 ASN1_TIME *X509_getm_notAfter(X509 *x) {
158   // Note this function takes a const |X509| pointer in OpenSSL. We require
159   // non-const as this allows mutating |x|. If it comes up for compatibility,
160   // we can relax this.
161   return x->cert_info->validity->notAfter;
162 }
163 
X509_get_notAfter(const X509 * x509)164 ASN1_TIME *X509_get_notAfter(const X509 *x509) {
165   // In OpenSSL, this function is an alias for |X509_getm_notAfter|, but our
166   // |X509_getm_notAfter| is const-correct. |X509_get_notAfter| was
167   // originally a macro, so it needs to capture both get0 and getm use cases.
168   return x509->cert_info->validity->notAfter;
169 }
170 
X509_get0_uids(const X509 * x509,const ASN1_BIT_STRING ** out_issuer_uid,const ASN1_BIT_STRING ** out_subject_uid)171 void X509_get0_uids(const X509 *x509, const ASN1_BIT_STRING **out_issuer_uid,
172                     const ASN1_BIT_STRING **out_subject_uid) {
173   if (out_issuer_uid != NULL) {
174     *out_issuer_uid = x509->cert_info->issuerUID;
175   }
176   if (out_subject_uid != NULL) {
177     *out_subject_uid = x509->cert_info->subjectUID;
178   }
179 }
180 
X509_set_pubkey(X509 * x,EVP_PKEY * pkey)181 int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) {
182   if ((x == NULL) || (x->cert_info == NULL)) {
183     return 0;
184   }
185   return (X509_PUBKEY_set(&(x->cert_info->key), pkey));
186 }
187 
STACK_OF(X509_EXTENSION)188 const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x) {
189   return x->cert_info->extensions;
190 }
191 
X509_get0_tbs_sigalg(const X509 * x)192 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) {
193   return x->cert_info->signature;
194 }
195 
X509_get_X509_PUBKEY(const X509 * x509)196 X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509) {
197   return x509->cert_info->key;
198 }
199