]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/ocsp/ocsp_lib.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Rename some BUF_xxx to OPENSSL_xxx
[thirdparty/openssl.git] / crypto / ocsp / ocsp_lib.c
1 /* ocsp_lib.c */
2 /*
3 * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
4 * project.
5 */
6
7 /*
8 * History: This file was transfered to Richard Levitte from CertCo by Kathy
9 * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
10 * patch kit.
11 */
12
13 /* ====================================================================
14 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
15 *
16 * Redistribution and use in source and binary forms, with or without
17 * modification, are permitted provided that the following conditions
18 * are met:
19 *
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 *
23 * 2. Redistributions in binary form must reproduce the above copyright
24 * notice, this list of conditions and the following disclaimer in
25 * the documentation and/or other materials provided with the
26 * distribution.
27 *
28 * 3. All advertising materials mentioning features or use of this
29 * software must display the following acknowledgment:
30 * "This product includes software developed by the OpenSSL Project
31 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
32 *
33 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
34 * endorse or promote products derived from this software without
35 * prior written permission. For written permission, please contact
36 * openssl-core@openssl.org.
37 *
38 * 5. Products derived from this software may not be called "OpenSSL"
39 * nor may "OpenSSL" appear in their names without prior written
40 * permission of the OpenSSL Project.
41 *
42 * 6. Redistributions of any form whatsoever must retain the following
43 * acknowledgment:
44 * "This product includes software developed by the OpenSSL Project
45 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
46 *
47 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
48 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
49 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
50 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
51 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
52 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
53 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
54 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
56 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
57 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
58 * OF THE POSSIBILITY OF SUCH DAMAGE.
59 * ====================================================================
60 *
61 * This product includes cryptographic software written by Eric Young
62 * (eay@cryptsoft.com). This product includes software written by Tim
63 * Hudson (tjh@cryptsoft.com).
64 *
65 */
66
67 #include <stdio.h>
68 #include "internal/cryptlib.h"
69 #include <openssl/objects.h>
70 #include <openssl/rand.h>
71 #include <openssl/x509.h>
72 #include <openssl/pem.h>
73 #include <openssl/x509v3.h>
74 #include <openssl/ocsp.h>
75 #include "ocsp_lcl.h"
76 #include <openssl/asn1t.h>
77
78 /* Convert a certificate and its issuer to an OCSP_CERTID */
79
80 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
81 {
82 X509_NAME *iname;
83 ASN1_INTEGER *serial;
84 ASN1_BIT_STRING *ikey;
85 if (!dgst)
86 dgst = EVP_sha1();
87 if (subject) {
88 iname = X509_get_issuer_name(subject);
89 serial = X509_get_serialNumber(subject);
90 } else {
91 iname = X509_get_subject_name(issuer);
92 serial = NULL;
93 }
94 ikey = X509_get0_pubkey_bitstr(issuer);
95 return OCSP_cert_id_new(dgst, iname, ikey, serial);
96 }
97
98 OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
99 X509_NAME *issuerName,
100 ASN1_BIT_STRING *issuerKey,
101 ASN1_INTEGER *serialNumber)
102 {
103 int nid;
104 unsigned int i;
105 X509_ALGOR *alg;
106 OCSP_CERTID *cid = NULL;
107 unsigned char md[EVP_MAX_MD_SIZE];
108
109 if ((cid = OCSP_CERTID_new()) == NULL)
110 goto err;
111
112 alg = &cid->hashAlgorithm;
113 ASN1_OBJECT_free(alg->algorithm);
114 if ((nid = EVP_MD_type(dgst)) == NID_undef) {
115 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
116 goto err;
117 }
118 if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL)
119 goto err;
120 if ((alg->parameter = ASN1_TYPE_new()) == NULL)
121 goto err;
122 alg->parameter->type = V_ASN1_NULL;
123
124 if (!X509_NAME_digest(issuerName, dgst, md, &i))
125 goto digerr;
126 if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i)))
127 goto err;
128
129 /* Calculate the issuerKey hash, excluding tag and length */
130 if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
131 goto err;
132
133 if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i)))
134 goto err;
135
136 if (serialNumber) {
137 if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0)
138 goto err;
139 }
140 return cid;
141 digerr:
142 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
143 err:
144 OCSP_CERTID_free(cid);
145 return NULL;
146 }
147
148 int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
149 {
150 int ret;
151 ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
152 if (ret)
153 return ret;
154 ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash);
155 if (ret)
156 return ret;
157 return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash);
158 }
159
160 int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
161 {
162 int ret;
163 ret = OCSP_id_issuer_cmp(a, b);
164 if (ret)
165 return ret;
166 return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber);
167 }
168
169 /*
170 * Parse a URL and split it up into host, port and path components and
171 * whether it is SSL.
172 */
173
174 int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
175 int *pssl)
176 {
177 char *p, *buf;
178
179 char *host, *port;
180
181 *phost = NULL;
182 *pport = NULL;
183 *ppath = NULL;
184
185 /* dup the buffer since we are going to mess with it */
186 buf = OPENSSL_strdup(url);
187 if (!buf)
188 goto mem_err;
189
190 /* Check for initial colon */
191 p = strchr(buf, ':');
192
193 if (!p)
194 goto parse_err;
195
196 *(p++) = '\0';
197
198 if (strcmp(buf, "http") == 0) {
199 *pssl = 0;
200 port = "80";
201 } else if (strcmp(buf, "https") == 0) {
202 *pssl = 1;
203 port = "443";
204 } else
205 goto parse_err;
206
207 /* Check for double slash */
208 if ((p[0] != '/') || (p[1] != '/'))
209 goto parse_err;
210
211 p += 2;
212
213 host = p;
214
215 /* Check for trailing part of path */
216
217 p = strchr(p, '/');
218
219 if (!p)
220 *ppath = OPENSSL_strdup("/");
221 else {
222 *ppath = OPENSSL_strdup(p);
223 /* Set start of path to 0 so hostname is valid */
224 *p = '\0';
225 }
226
227 if (!*ppath)
228 goto mem_err;
229
230 p = host;
231 if (host[0] == '[') {
232 /* ipv6 literal */
233 host++;
234 p = strchr(host, ']');
235 if (!p)
236 goto parse_err;
237 *p = '\0';
238 p++;
239 }
240
241 /* Look for optional ':' for port number */
242 if ((p = strchr(p, ':'))) {
243 *p = 0;
244 port = p + 1;
245 }
246
247 *pport = OPENSSL_strdup(port);
248 if (!*pport)
249 goto mem_err;
250
251 *phost = OPENSSL_strdup(host);
252
253 if (!*phost)
254 goto mem_err;
255
256 OPENSSL_free(buf);
257
258 return 1;
259
260 mem_err:
261 OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
262 goto err;
263
264 parse_err:
265 OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
266
267 err:
268 OPENSSL_free(buf);
269 OPENSSL_free(*ppath);
270 OPENSSL_free(*pport);
271 OPENSSL_free(*phost);
272 return 0;
273
274 }
275
276 IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)
A mirror of the official openssl repository