/src/openssl/crypto/x509/v3_skid.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <stdio.h> |
11 | | #include "internal/cryptlib.h" |
12 | | #include <openssl/x509v3.h> |
13 | | #include "crypto/x509.h" |
14 | | #include "ext_dat.h" |
15 | | |
16 | | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, |
17 | | X509V3_CTX *ctx, char *str); |
18 | | const X509V3_EXT_METHOD ossl_v3_skey_id = { |
19 | | NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), |
20 | | 0, 0, 0, 0, |
21 | | (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, |
22 | | (X509V3_EXT_S2I)s2i_skey_id, |
23 | | 0, 0, 0, 0, |
24 | | NULL |
25 | | }; |
26 | | |
27 | | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, |
28 | | const ASN1_OCTET_STRING *oct) |
29 | 0 | { |
30 | 0 | return OPENSSL_buf2hexstr(oct->data, oct->length); |
31 | 0 | } |
32 | | |
33 | | ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, |
34 | | X509V3_CTX *ctx, const char *str) |
35 | 0 | { |
36 | 0 | ASN1_OCTET_STRING *oct; |
37 | 0 | long length; |
38 | |
|
39 | 0 | if ((oct = ASN1_OCTET_STRING_new()) == NULL) { |
40 | 0 | ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); |
41 | 0 | return NULL; |
42 | 0 | } |
43 | | |
44 | 0 | if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) { |
45 | 0 | ASN1_OCTET_STRING_free(oct); |
46 | 0 | return NULL; |
47 | 0 | } |
48 | | |
49 | 0 | oct->length = length; |
50 | |
|
51 | 0 | return oct; |
52 | |
|
53 | 0 | } |
54 | | |
55 | | ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey) |
56 | 0 | { |
57 | 0 | ASN1_OCTET_STRING *oct; |
58 | 0 | const unsigned char *pk; |
59 | 0 | int pklen; |
60 | 0 | unsigned char pkey_dig[EVP_MAX_MD_SIZE]; |
61 | 0 | unsigned int diglen; |
62 | 0 | const char *propq; |
63 | 0 | OSSL_LIB_CTX *libctx; |
64 | 0 | EVP_MD *md; |
65 | |
|
66 | 0 | if (pubkey == NULL) { |
67 | 0 | ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_PUBLIC_KEY); |
68 | 0 | return NULL; |
69 | 0 | } |
70 | 0 | if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey)) |
71 | 0 | return NULL; |
72 | 0 | if ((md = EVP_MD_fetch(libctx, SN_sha1, propq)) == NULL) |
73 | 0 | return NULL; |
74 | 0 | if ((oct = ASN1_OCTET_STRING_new()) == NULL) { |
75 | 0 | EVP_MD_free(md); |
76 | 0 | return NULL; |
77 | 0 | } |
78 | | |
79 | 0 | X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey); |
80 | 0 | if (EVP_Digest(pk, pklen, pkey_dig, &diglen, md, NULL) |
81 | 0 | && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { |
82 | 0 | EVP_MD_free(md); |
83 | 0 | return oct; |
84 | 0 | } |
85 | | |
86 | 0 | EVP_MD_free(md); |
87 | 0 | ASN1_OCTET_STRING_free(oct); |
88 | 0 | return NULL; |
89 | 0 | } |
90 | | |
91 | | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, |
92 | | X509V3_CTX *ctx, char *str) |
93 | 0 | { |
94 | 0 | if (strcmp(str, "none") == 0) |
95 | 0 | return ASN1_OCTET_STRING_new(); /* dummy */ |
96 | | |
97 | 0 | if (strcmp(str, "hash") != 0) |
98 | 0 | return s2i_ASN1_OCTET_STRING(method, ctx /* not used */, str); |
99 | | |
100 | 0 | if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0) |
101 | 0 | return ASN1_OCTET_STRING_new(); |
102 | 0 | if (ctx == NULL |
103 | 0 | || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) { |
104 | 0 | ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_SUBJECT_DETAILS); |
105 | 0 | return NULL; |
106 | 0 | } |
107 | | |
108 | 0 | return ossl_x509_pubkey_hash(ctx->subject_cert != NULL ? |
109 | 0 | ctx->subject_cert->cert_info.key : |
110 | 0 | ctx->subject_req->req_info.pubkey); |
111 | 0 | } |