crypto/ocsp/ocsp_lib.c

   1 /*
   2  * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include "internal/cryptlib.h"
  12 #include <openssl/objects.h>
  13 #include <openssl/x509.h>
  14 #include <openssl/pem.h>
  15 #include <openssl/x509v3.h>
  16 #include <openssl/ocsp.h>
  17 #include "ocsp_local.h"
  18 #include <openssl/asn1t.h>
  19
  20 /* Convert a certificate and its issuer to an OCSP_CERTID */
  21
  22 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
  23                              const X509 *issuer)
  24 {
  25     X509_NAME *iname;
  26     const ASN1_INTEGER *serial;
  27     ASN1_BIT_STRING *ikey;
  28     if (!dgst)
  29         dgst = EVP_sha1();
  30     if (subject) {
  31         iname = X509_get_issuer_name(subject);
  32         serial = X509_get0_serialNumber(subject);
  33     } else {
  34         iname = X509_get_subject_name(issuer);
  35         serial = NULL;
  36     }
  37     ikey = X509_get0_pubkey_bitstr(issuer);
  38     return OCSP_cert_id_new(dgst, iname, ikey, serial);
  39 }
  40
  41 OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
  42                               const X509_NAME *issuerName,
  43                               const ASN1_BIT_STRING *issuerKey,
  44                               const ASN1_INTEGER *serialNumber)
  45 {
  46     int nid;
  47     unsigned int i;
  48     X509_ALGOR *alg;
  49     OCSP_CERTID *cid = NULL;
  50     unsigned char md[EVP_MAX_MD_SIZE];
  51
  52     if ((cid = OCSP_CERTID_new()) == NULL)
  53         goto err;
  54
  55     alg = &cid->hashAlgorithm;
  56     ASN1_OBJECT_free(alg->algorithm);
  57     if ((nid = EVP_MD_type(dgst)) == NID_undef) {
  58         OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
  59         goto err;
  60     }
  61     if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL)
  62         goto err;
  63     if ((alg->parameter = ASN1_TYPE_new()) == NULL)
  64         goto err;
  65     alg->parameter->type = V_ASN1_NULL;
  66
  67     if (!X509_NAME_digest(issuerName, dgst, md, &i))
  68         goto digerr;
  69     if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i)))
  70         goto err;
  71
  72     /* Calculate the issuerKey hash, excluding tag and length */
  73     if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
  74         goto err;
  75
  76     if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i)))
  77         goto err;
  78
  79     if (serialNumber) {
  80         if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0)
  81             goto err;
  82     }
  83     return cid;
  84  digerr:
  85     OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
  86  err:
  87     OCSP_CERTID_free(cid);
  88     return NULL;
  89 }
  90
  91 int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b)
  92 {
  93     int ret;
  94     ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
  95     if (ret)
  96         return ret;
  97     ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash);
  98     if (ret)
  99         return ret;
 100     return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash);
 101 }
 102
 103 int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b)
 104 {
 105     int ret;
 106     ret = OCSP_id_issuer_cmp(a, b);
 107     if (ret)
 108         return ret;
 109     return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber);
 110 }
 111
 112 IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)