]>
Commit | Line | Data |
---|---|---|
0f113f3e MC |
1 | /* |
2 | * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL | |
3 | * project. | |
4 | */ | |
eb64730b | 5 | |
0f113f3e MC |
6 | /* |
7 | * History: This file was transfered to Richard Levitte from CertCo by Kathy | |
8 | * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a | |
9 | * patch kit. | |
10 | */ | |
eb64730b RL |
11 | |
12 | /* ==================================================================== | |
13 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | |
14 | * | |
15 | * Redistribution and use in source and binary forms, with or without | |
16 | * modification, are permitted provided that the following conditions | |
17 | * are met: | |
18 | * | |
19 | * 1. Redistributions of source code must retain the above copyright | |
0f113f3e | 20 | * notice, this list of conditions and the following disclaimer. |
eb64730b RL |
21 | * |
22 | * 2. Redistributions in binary form must reproduce the above copyright | |
23 | * notice, this list of conditions and the following disclaimer in | |
24 | * the documentation and/or other materials provided with the | |
25 | * distribution. | |
26 | * | |
27 | * 3. All advertising materials mentioning features or use of this | |
28 | * software must display the following acknowledgment: | |
29 | * "This product includes software developed by the OpenSSL Project | |
30 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
31 | * | |
32 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
33 | * endorse or promote products derived from this software without | |
34 | * prior written permission. For written permission, please contact | |
35 | * openssl-core@openssl.org. | |
36 | * | |
37 | * 5. Products derived from this software may not be called "OpenSSL" | |
38 | * nor may "OpenSSL" appear in their names without prior written | |
39 | * permission of the OpenSSL Project. | |
40 | * | |
41 | * 6. Redistributions of any form whatsoever must retain the following | |
42 | * acknowledgment: | |
43 | * "This product includes software developed by the OpenSSL Project | |
44 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
45 | * | |
46 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
47 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
48 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
49 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
50 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
51 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
52 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
53 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
54 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
55 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
56 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
57 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
58 | * ==================================================================== | |
59 | * | |
60 | * This product includes cryptographic software written by Eric Young | |
61 | * (eay@cryptsoft.com). This product includes software written by Tim | |
62 | * Hudson (tjh@cryptsoft.com). | |
63 | * | |
64 | */ | |
65 | ||
66 | #include <stdio.h> | |
b39fc560 | 67 | #include "internal/cryptlib.h" |
eb64730b | 68 | #include <openssl/objects.h> |
0b33bc65 | 69 | #include <openssl/rand.h> |
eb64730b RL |
70 | #include <openssl/x509.h> |
71 | #include <openssl/pem.h> | |
72 | #include <openssl/x509v3.h> | |
eb64730b | 73 | #include <openssl/ocsp.h> |
6ef869d7 | 74 | #include "ocsp_lcl.h" |
fb596f3b | 75 | #include <openssl/asn1t.h> |
eb64730b | 76 | |
bf0d176e DSH |
77 | /* Convert a certificate and its issuer to an OCSP_CERTID */ |
78 | ||
79 | OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer) | |
80 | { | |
0f113f3e MC |
81 | X509_NAME *iname; |
82 | ASN1_INTEGER *serial; | |
83 | ASN1_BIT_STRING *ikey; | |
0f113f3e MC |
84 | if (!dgst) |
85 | dgst = EVP_sha1(); | |
0f113f3e MC |
86 | if (subject) { |
87 | iname = X509_get_issuer_name(subject); | |
88 | serial = X509_get_serialNumber(subject); | |
89 | } else { | |
90 | iname = X509_get_subject_name(issuer); | |
91 | serial = NULL; | |
92 | } | |
93 | ikey = X509_get0_pubkey_bitstr(issuer); | |
94 | return OCSP_cert_id_new(dgst, iname, ikey, serial); | |
bf0d176e | 95 | } |
eb64730b | 96 | |
0f113f3e MC |
97 | OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, |
98 | X509_NAME *issuerName, | |
99 | ASN1_BIT_STRING *issuerKey, | |
100 | ASN1_INTEGER *serialNumber) | |
101 | { | |
102 | int nid; | |
103 | unsigned int i; | |
104 | X509_ALGOR *alg; | |
105 | OCSP_CERTID *cid = NULL; | |
106 | unsigned char md[EVP_MAX_MD_SIZE]; | |
107 | ||
75ebbd9a | 108 | if ((cid = OCSP_CERTID_new()) == NULL) |
0f113f3e MC |
109 | goto err; |
110 | ||
a332635e | 111 | alg = &cid->hashAlgorithm; |
0dfb9398 | 112 | ASN1_OBJECT_free(alg->algorithm); |
0f113f3e MC |
113 | if ((nid = EVP_MD_type(dgst)) == NID_undef) { |
114 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); | |
115 | goto err; | |
116 | } | |
75ebbd9a | 117 | if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL) |
0f113f3e MC |
118 | goto err; |
119 | if ((alg->parameter = ASN1_TYPE_new()) == NULL) | |
120 | goto err; | |
121 | alg->parameter->type = V_ASN1_NULL; | |
122 | ||
123 | if (!X509_NAME_digest(issuerName, dgst, md, &i)) | |
124 | goto digerr; | |
af170194 | 125 | if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i))) |
0f113f3e MC |
126 | goto err; |
127 | ||
128 | /* Calculate the issuerKey hash, excluding tag and length */ | |
129 | if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL)) | |
130 | goto err; | |
131 | ||
af170194 | 132 | if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i))) |
0f113f3e MC |
133 | goto err; |
134 | ||
135 | if (serialNumber) { | |
af170194 | 136 | if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0) |
0f113f3e MC |
137 | goto err; |
138 | } | |
139 | return cid; | |
140 | digerr: | |
141 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); | |
142 | err: | |
25aaa98a | 143 | OCSP_CERTID_free(cid); |
0f113f3e MC |
144 | return NULL; |
145 | } | |
eb64730b | 146 | |
81f169e9 | 147 | int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b) |
0f113f3e MC |
148 | { |
149 | int ret; | |
a332635e | 150 | ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm); |
0f113f3e MC |
151 | if (ret) |
152 | return ret; | |
af170194 | 153 | ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash); |
0f113f3e MC |
154 | if (ret) |
155 | return ret; | |
af170194 | 156 | return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash); |
0f113f3e | 157 | } |
81f169e9 DSH |
158 | |
159 | int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) | |
0f113f3e MC |
160 | { |
161 | int ret; | |
162 | ret = OCSP_id_issuer_cmp(a, b); | |
163 | if (ret) | |
164 | return ret; | |
af170194 | 165 | return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber); |
0f113f3e | 166 | } |
67c18019 | 167 | |
0f113f3e MC |
168 | /* |
169 | * Parse a URL and split it up into host, port and path components and | |
170 | * whether it is SSL. | |
67c18019 DSH |
171 | */ |
172 | ||
0f113f3e MC |
173 | int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, |
174 | int *pssl) | |
175 | { | |
176 | char *p, *buf; | |
177 | ||
178 | char *host, *port; | |
179 | ||
180 | *phost = NULL; | |
181 | *pport = NULL; | |
182 | *ppath = NULL; | |
183 | ||
184 | /* dup the buffer since we are going to mess with it */ | |
7644a9ae | 185 | buf = OPENSSL_strdup(url); |
0f113f3e MC |
186 | if (!buf) |
187 | goto mem_err; | |
188 | ||
189 | /* Check for initial colon */ | |
190 | p = strchr(buf, ':'); | |
191 | ||
192 | if (!p) | |
193 | goto parse_err; | |
194 | ||
195 | *(p++) = '\0'; | |
196 | ||
86885c28 | 197 | if (strcmp(buf, "http") == 0) { |
0f113f3e MC |
198 | *pssl = 0; |
199 | port = "80"; | |
86885c28 | 200 | } else if (strcmp(buf, "https") == 0) { |
0f113f3e MC |
201 | *pssl = 1; |
202 | port = "443"; | |
203 | } else | |
204 | goto parse_err; | |
205 | ||
206 | /* Check for double slash */ | |
207 | if ((p[0] != '/') || (p[1] != '/')) | |
208 | goto parse_err; | |
209 | ||
210 | p += 2; | |
211 | ||
212 | host = p; | |
213 | ||
214 | /* Check for trailing part of path */ | |
215 | ||
216 | p = strchr(p, '/'); | |
217 | ||
218 | if (!p) | |
7644a9ae | 219 | *ppath = OPENSSL_strdup("/"); |
0f113f3e | 220 | else { |
7644a9ae | 221 | *ppath = OPENSSL_strdup(p); |
0f113f3e MC |
222 | /* Set start of path to 0 so hostname is valid */ |
223 | *p = '\0'; | |
224 | } | |
225 | ||
226 | if (!*ppath) | |
227 | goto mem_err; | |
228 | ||
229 | p = host; | |
230 | if (host[0] == '[') { | |
231 | /* ipv6 literal */ | |
232 | host++; | |
233 | p = strchr(host, ']'); | |
234 | if (!p) | |
235 | goto parse_err; | |
236 | *p = '\0'; | |
237 | p++; | |
238 | } | |
239 | ||
240 | /* Look for optional ':' for port number */ | |
241 | if ((p = strchr(p, ':'))) { | |
242 | *p = 0; | |
243 | port = p + 1; | |
0f113f3e MC |
244 | } |
245 | ||
7644a9ae | 246 | *pport = OPENSSL_strdup(port); |
0f113f3e MC |
247 | if (!*pport) |
248 | goto mem_err; | |
249 | ||
7644a9ae | 250 | *phost = OPENSSL_strdup(host); |
0f113f3e MC |
251 | |
252 | if (!*phost) | |
253 | goto mem_err; | |
254 | ||
255 | OPENSSL_free(buf); | |
256 | ||
257 | return 1; | |
258 | ||
259 | mem_err: | |
260 | OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE); | |
261 | goto err; | |
262 | ||
263 | parse_err: | |
264 | OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL); | |
265 | ||
266 | err: | |
b548a1f1 RS |
267 | OPENSSL_free(buf); |
268 | OPENSSL_free(*ppath); | |
269 | OPENSSL_free(*pport); | |
270 | OPENSSL_free(*phost); | |
0f113f3e | 271 | return 0; |
67c18019 | 272 | |
0f113f3e | 273 | } |
fb596f3b DSH |
274 | |
275 | IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID) |