/src/openssl/crypto/ocsp/ocsp_lib.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <stdio.h> |
11 | | #include "internal/cryptlib.h" |
12 | | #include <openssl/objects.h> |
13 | | #include <openssl/x509.h> |
14 | | #include <openssl/pem.h> |
15 | | #include <openssl/x509v3.h> |
16 | | #include <openssl/ocsp.h> |
17 | | #include "ocsp_local.h" |
18 | | #include <openssl/asn1t.h> |
19 | | |
20 | | /* Convert a certificate and its issuer to an OCSP_CERTID */ |
21 | | |
22 | | OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, |
23 | | const X509 *issuer) |
24 | 74 | { |
25 | 74 | const X509_NAME *iname; |
26 | 74 | const ASN1_INTEGER *serial; |
27 | 74 | ASN1_BIT_STRING *ikey; |
28 | | |
29 | 74 | if (!dgst) |
30 | 74 | dgst = EVP_sha1(); |
31 | 74 | if (subject) { |
32 | 74 | iname = X509_get_issuer_name(subject); |
33 | 74 | serial = X509_get0_serialNumber(subject); |
34 | 74 | } else { |
35 | 0 | iname = X509_get_subject_name(issuer); |
36 | 0 | serial = NULL; |
37 | 0 | } |
38 | 74 | ikey = X509_get0_pubkey_bitstr(issuer); |
39 | 74 | return OCSP_cert_id_new(dgst, iname, ikey, serial); |
40 | 74 | } |
41 | | |
42 | | OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, |
43 | | const X509_NAME *issuerName, |
44 | | const ASN1_BIT_STRING *issuerKey, |
45 | | const ASN1_INTEGER *serialNumber) |
46 | 74 | { |
47 | 74 | int nid; |
48 | 74 | unsigned int i; |
49 | 74 | X509_ALGOR *alg; |
50 | 74 | OCSP_CERTID *cid = NULL; |
51 | 74 | unsigned char md[EVP_MAX_MD_SIZE]; |
52 | | |
53 | 74 | if ((cid = OCSP_CERTID_new()) == NULL) |
54 | 0 | goto err; |
55 | | |
56 | 74 | alg = &cid->hashAlgorithm; |
57 | 74 | ASN1_OBJECT_free(alg->algorithm); |
58 | 74 | if ((nid = EVP_MD_get_type(dgst)) == NID_undef) { |
59 | 0 | ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_NID); |
60 | 0 | goto err; |
61 | 0 | } |
62 | 74 | if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL) |
63 | 0 | goto err; |
64 | 74 | if ((alg->parameter = ASN1_TYPE_new()) == NULL) |
65 | 0 | goto err; |
66 | 74 | alg->parameter->type = V_ASN1_NULL; |
67 | | |
68 | 74 | if (!X509_NAME_digest(issuerName, dgst, md, &i)) |
69 | 0 | goto digerr; |
70 | 74 | if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i))) |
71 | 0 | goto err; |
72 | | |
73 | | /* Calculate the issuerKey hash, excluding tag and length */ |
74 | 74 | if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL)) |
75 | 0 | goto err; |
76 | | |
77 | 74 | if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i))) |
78 | 0 | goto err; |
79 | | |
80 | 74 | if (serialNumber) { |
81 | 74 | if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0) |
82 | 0 | goto err; |
83 | 74 | } |
84 | 74 | return cid; |
85 | 0 | digerr: |
86 | 0 | ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_ERR); |
87 | 0 | err: |
88 | 0 | OCSP_CERTID_free(cid); |
89 | 0 | return NULL; |
90 | 0 | } |
91 | | |
92 | | int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b) |
93 | 74 | { |
94 | 74 | int ret; |
95 | 74 | ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm); |
96 | 74 | if (ret) |
97 | 7 | return ret; |
98 | 67 | ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash); |
99 | 67 | if (ret) |
100 | 26 | return ret; |
101 | 41 | return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash); |
102 | 67 | } |
103 | | |
104 | | int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b) |
105 | 74 | { |
106 | 74 | int ret; |
107 | 74 | ret = OCSP_id_issuer_cmp(a, b); |
108 | 74 | if (ret) |
109 | 67 | return ret; |
110 | 7 | return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber); |
111 | 74 | } |
112 | | |
113 | | IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID) |