]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/ocsp/ocsp_lib.c
2 * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/objects.h>
13 #include <openssl/x509.h>
14 #include <openssl/pem.h>
15 #include <openssl/x509v3.h>
16 #include <openssl/ocsp.h>
17 #include "ocsp_local.h"
18 #include <openssl/asn1t.h>
20 /* Convert a certificate and its issuer to an OCSP_CERTID */
22 OCSP_CERTID
*OCSP_cert_to_id(const EVP_MD
*dgst
, const X509
*subject
,
26 const ASN1_INTEGER
*serial
;
27 ASN1_BIT_STRING
*ikey
;
31 iname
= X509_get_issuer_name(subject
);
32 serial
= X509_get0_serialNumber(subject
);
34 iname
= X509_get_subject_name(issuer
);
37 ikey
= X509_get0_pubkey_bitstr(issuer
);
38 return OCSP_cert_id_new(dgst
, iname
, ikey
, serial
);
41 OCSP_CERTID
*OCSP_cert_id_new(const EVP_MD
*dgst
,
42 const X509_NAME
*issuerName
,
43 const ASN1_BIT_STRING
*issuerKey
,
44 const ASN1_INTEGER
*serialNumber
)
49 OCSP_CERTID
*cid
= NULL
;
50 unsigned char md
[EVP_MAX_MD_SIZE
];
52 if ((cid
= OCSP_CERTID_new()) == NULL
)
55 alg
= &cid
->hashAlgorithm
;
56 ASN1_OBJECT_free(alg
->algorithm
);
57 if ((nid
= EVP_MD_type(dgst
)) == NID_undef
) {
58 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW
, OCSP_R_UNKNOWN_NID
);
61 if ((alg
->algorithm
= OBJ_nid2obj(nid
)) == NULL
)
63 if ((alg
->parameter
= ASN1_TYPE_new()) == NULL
)
65 alg
->parameter
->type
= V_ASN1_NULL
;
67 if (!X509_NAME_digest(issuerName
, dgst
, md
, &i
))
69 if (!(ASN1_OCTET_STRING_set(&cid
->issuerNameHash
, md
, i
)))
72 /* Calculate the issuerKey hash, excluding tag and length */
73 if (!EVP_Digest(issuerKey
->data
, issuerKey
->length
, md
, &i
, dgst
, NULL
))
76 if (!(ASN1_OCTET_STRING_set(&cid
->issuerKeyHash
, md
, i
)))
80 if (ASN1_STRING_copy(&cid
->serialNumber
, serialNumber
) == 0)
85 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW
, OCSP_R_DIGEST_ERR
);
87 OCSP_CERTID_free(cid
);
91 int OCSP_id_issuer_cmp(const OCSP_CERTID
*a
, const OCSP_CERTID
*b
)
94 ret
= OBJ_cmp(a
->hashAlgorithm
.algorithm
, b
->hashAlgorithm
.algorithm
);
97 ret
= ASN1_OCTET_STRING_cmp(&a
->issuerNameHash
, &b
->issuerNameHash
);
100 return ASN1_OCTET_STRING_cmp(&a
->issuerKeyHash
, &b
->issuerKeyHash
);
103 int OCSP_id_cmp(const OCSP_CERTID
*a
, const OCSP_CERTID
*b
)
106 ret
= OCSP_id_issuer_cmp(a
, b
);
109 return ASN1_INTEGER_cmp(&a
->serialNumber
, &b
->serialNumber
);
112 IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID
)