]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/ocsp/ocsp_lib.c
e68513e1014ecfdf2b7ef2019ad151213b521e42
2 * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/objects.h>
13 #include <openssl/x509.h>
14 #include <openssl/pem.h>
15 #include <openssl/x509v3.h>
16 #include <openssl/ocsp.h>
18 #include <openssl/asn1t.h>
20 /* Convert a certificate and its issuer to an OCSP_CERTID */
22 OCSP_CERTID
*OCSP_cert_to_id(const EVP_MD
*dgst
, const X509
*subject
,
26 const ASN1_INTEGER
*serial
;
27 ASN1_BIT_STRING
*ikey
;
31 iname
= X509_get_issuer_name(subject
);
32 serial
= X509_get0_serialNumber(subject
);
34 iname
= X509_get_subject_name(issuer
);
37 ikey
= X509_get0_pubkey_bitstr(issuer
);
38 return OCSP_cert_id_new(dgst
, iname
, ikey
, serial
);
41 OCSP_CERTID
*OCSP_cert_id_new(const EVP_MD
*dgst
,
42 const X509_NAME
*issuerName
,
43 const ASN1_BIT_STRING
*issuerKey
,
44 const ASN1_INTEGER
*serialNumber
)
49 OCSP_CERTID
*cid
= NULL
;
50 unsigned char md
[EVP_MAX_MD_SIZE
];
52 if ((cid
= OCSP_CERTID_new()) == NULL
)
55 alg
= &cid
->hashAlgorithm
;
56 ASN1_OBJECT_free(alg
->algorithm
);
57 if ((nid
= EVP_MD_type(dgst
)) == NID_undef
) {
58 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW
, OCSP_R_UNKNOWN_NID
);
61 if ((alg
->algorithm
= OBJ_nid2obj(nid
)) == NULL
)
63 if ((alg
->parameter
= ASN1_TYPE_new()) == NULL
)
65 alg
->parameter
->type
= V_ASN1_NULL
;
67 if (!X509_NAME_digest(issuerName
, dgst
, md
, &i
))
69 if (!(ASN1_OCTET_STRING_set(&cid
->issuerNameHash
, md
, i
)))
72 /* Calculate the issuerKey hash, excluding tag and length */
73 if (!EVP_Digest(issuerKey
->data
, issuerKey
->length
, md
, &i
, dgst
, NULL
))
76 if (!(ASN1_OCTET_STRING_set(&cid
->issuerKeyHash
, md
, i
)))
80 if (ASN1_STRING_copy(&cid
->serialNumber
, serialNumber
) == 0)
85 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW
, OCSP_R_DIGEST_ERR
);
87 OCSP_CERTID_free(cid
);
91 int OCSP_id_issuer_cmp(const OCSP_CERTID
*a
, const OCSP_CERTID
*b
)
94 ret
= OBJ_cmp(a
->hashAlgorithm
.algorithm
, b
->hashAlgorithm
.algorithm
);
97 ret
= ASN1_OCTET_STRING_cmp(&a
->issuerNameHash
, &b
->issuerNameHash
);
100 return ASN1_OCTET_STRING_cmp(&a
->issuerKeyHash
, &b
->issuerKeyHash
);
103 int OCSP_id_cmp(const OCSP_CERTID
*a
, const OCSP_CERTID
*b
)
106 ret
= OCSP_id_issuer_cmp(a
, b
);
109 return ASN1_INTEGER_cmp(&a
->serialNumber
, &b
->serialNumber
);
113 * Parse a URL and split it up into host, port and path components and
117 int OCSP_parse_url(const char *url
, char **phost
, char **pport
, char **ppath
,
128 /* dup the buffer since we are going to mess with it */
129 buf
= OPENSSL_strdup(url
);
133 /* Check for initial colon */
134 p
= strchr(buf
, ':');
141 if (strcmp(buf
, "http") == 0) {
144 } else if (strcmp(buf
, "https") == 0) {
150 /* Check for double slash */
151 if ((p
[0] != '/') || (p
[1] != '/'))
158 /* Check for trailing part of path */
163 *ppath
= OPENSSL_strdup("/");
165 *ppath
= OPENSSL_strdup(p
);
166 /* Set start of path to 0 so hostname is valid */
174 if (host
[0] == '[') {
177 p
= strchr(host
, ']');
184 /* Look for optional ':' for port number */
185 if ((p
= strchr(p
, ':'))) {
190 *pport
= OPENSSL_strdup(port
);
194 *phost
= OPENSSL_strdup(host
);
204 OCSPerr(OCSP_F_OCSP_PARSE_URL
, ERR_R_MALLOC_FAILURE
);
208 OCSPerr(OCSP_F_OCSP_PARSE_URL
, OCSP_R_ERROR_PARSING_URL
);
212 OPENSSL_free(*ppath
);
214 OPENSSL_free(*pport
);
216 OPENSSL_free(*phost
);
222 IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID
)