]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
b1322259 | 2 | * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. |
eb64730b | 3 | * |
0c496700 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
b1322259 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
eb64730b RL |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
b39fc560 | 11 | #include "internal/cryptlib.h" |
eb64730b | 12 | #include <openssl/objects.h> |
eb64730b RL |
13 | #include <openssl/x509.h> |
14 | #include <openssl/pem.h> | |
15 | #include <openssl/x509v3.h> | |
eb64730b | 16 | #include <openssl/ocsp.h> |
6ef869d7 | 17 | #include "ocsp_lcl.h" |
fb596f3b | 18 | #include <openssl/asn1t.h> |
eb64730b | 19 | |
bf0d176e DSH |
20 | /* Convert a certificate and its issuer to an OCSP_CERTID */ |
21 | ||
68c12bfc DSH |
22 | OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, |
23 | const X509 *issuer) | |
bf0d176e | 24 | { |
0f113f3e | 25 | X509_NAME *iname; |
68c12bfc | 26 | const ASN1_INTEGER *serial; |
0f113f3e | 27 | ASN1_BIT_STRING *ikey; |
0f113f3e MC |
28 | if (!dgst) |
29 | dgst = EVP_sha1(); | |
0f113f3e MC |
30 | if (subject) { |
31 | iname = X509_get_issuer_name(subject); | |
68c12bfc | 32 | serial = X509_get0_serialNumber(subject); |
0f113f3e MC |
33 | } else { |
34 | iname = X509_get_subject_name(issuer); | |
35 | serial = NULL; | |
36 | } | |
37 | ikey = X509_get0_pubkey_bitstr(issuer); | |
38 | return OCSP_cert_id_new(dgst, iname, ikey, serial); | |
bf0d176e | 39 | } |
eb64730b | 40 | |
0f113f3e | 41 | OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, |
68c12bfc DSH |
42 | const X509_NAME *issuerName, |
43 | const ASN1_BIT_STRING *issuerKey, | |
44 | const ASN1_INTEGER *serialNumber) | |
0f113f3e MC |
45 | { |
46 | int nid; | |
47 | unsigned int i; | |
48 | X509_ALGOR *alg; | |
49 | OCSP_CERTID *cid = NULL; | |
50 | unsigned char md[EVP_MAX_MD_SIZE]; | |
51 | ||
75ebbd9a | 52 | if ((cid = OCSP_CERTID_new()) == NULL) |
0f113f3e MC |
53 | goto err; |
54 | ||
a332635e | 55 | alg = &cid->hashAlgorithm; |
0dfb9398 | 56 | ASN1_OBJECT_free(alg->algorithm); |
0f113f3e MC |
57 | if ((nid = EVP_MD_type(dgst)) == NID_undef) { |
58 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); | |
59 | goto err; | |
60 | } | |
75ebbd9a | 61 | if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL) |
0f113f3e MC |
62 | goto err; |
63 | if ((alg->parameter = ASN1_TYPE_new()) == NULL) | |
64 | goto err; | |
65 | alg->parameter->type = V_ASN1_NULL; | |
66 | ||
67 | if (!X509_NAME_digest(issuerName, dgst, md, &i)) | |
68 | goto digerr; | |
af170194 | 69 | if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i))) |
0f113f3e MC |
70 | goto err; |
71 | ||
72 | /* Calculate the issuerKey hash, excluding tag and length */ | |
73 | if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL)) | |
74 | goto err; | |
75 | ||
af170194 | 76 | if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i))) |
0f113f3e MC |
77 | goto err; |
78 | ||
79 | if (serialNumber) { | |
af170194 | 80 | if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0) |
0f113f3e MC |
81 | goto err; |
82 | } | |
83 | return cid; | |
84 | digerr: | |
85 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); | |
86 | err: | |
25aaa98a | 87 | OCSP_CERTID_free(cid); |
0f113f3e MC |
88 | return NULL; |
89 | } | |
eb64730b | 90 | |
cc6d9261 | 91 | int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b) |
0f113f3e MC |
92 | { |
93 | int ret; | |
a332635e | 94 | ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm); |
0f113f3e MC |
95 | if (ret) |
96 | return ret; | |
af170194 | 97 | ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash); |
0f113f3e MC |
98 | if (ret) |
99 | return ret; | |
af170194 | 100 | return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash); |
0f113f3e | 101 | } |
81f169e9 | 102 | |
cc6d9261 | 103 | int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b) |
0f113f3e MC |
104 | { |
105 | int ret; | |
106 | ret = OCSP_id_issuer_cmp(a, b); | |
107 | if (ret) | |
108 | return ret; | |
af170194 | 109 | return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber); |
0f113f3e | 110 | } |
67c18019 | 111 | |
0f113f3e MC |
112 | /* |
113 | * Parse a URL and split it up into host, port and path components and | |
114 | * whether it is SSL. | |
67c18019 DSH |
115 | */ |
116 | ||
0f113f3e MC |
117 | int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, |
118 | int *pssl) | |
119 | { | |
120 | char *p, *buf; | |
121 | ||
122 | char *host, *port; | |
123 | ||
124 | *phost = NULL; | |
125 | *pport = NULL; | |
126 | *ppath = NULL; | |
127 | ||
128 | /* dup the buffer since we are going to mess with it */ | |
7644a9ae | 129 | buf = OPENSSL_strdup(url); |
0f113f3e MC |
130 | if (!buf) |
131 | goto mem_err; | |
132 | ||
133 | /* Check for initial colon */ | |
134 | p = strchr(buf, ':'); | |
135 | ||
136 | if (!p) | |
137 | goto parse_err; | |
138 | ||
139 | *(p++) = '\0'; | |
140 | ||
86885c28 | 141 | if (strcmp(buf, "http") == 0) { |
0f113f3e MC |
142 | *pssl = 0; |
143 | port = "80"; | |
86885c28 | 144 | } else if (strcmp(buf, "https") == 0) { |
0f113f3e MC |
145 | *pssl = 1; |
146 | port = "443"; | |
147 | } else | |
148 | goto parse_err; | |
149 | ||
150 | /* Check for double slash */ | |
151 | if ((p[0] != '/') || (p[1] != '/')) | |
152 | goto parse_err; | |
153 | ||
154 | p += 2; | |
155 | ||
156 | host = p; | |
157 | ||
158 | /* Check for trailing part of path */ | |
159 | ||
160 | p = strchr(p, '/'); | |
161 | ||
162 | if (!p) | |
7644a9ae | 163 | *ppath = OPENSSL_strdup("/"); |
0f113f3e | 164 | else { |
7644a9ae | 165 | *ppath = OPENSSL_strdup(p); |
0f113f3e MC |
166 | /* Set start of path to 0 so hostname is valid */ |
167 | *p = '\0'; | |
168 | } | |
169 | ||
170 | if (!*ppath) | |
171 | goto mem_err; | |
172 | ||
173 | p = host; | |
174 | if (host[0] == '[') { | |
175 | /* ipv6 literal */ | |
176 | host++; | |
177 | p = strchr(host, ']'); | |
178 | if (!p) | |
179 | goto parse_err; | |
180 | *p = '\0'; | |
181 | p++; | |
182 | } | |
183 | ||
184 | /* Look for optional ':' for port number */ | |
185 | if ((p = strchr(p, ':'))) { | |
186 | *p = 0; | |
187 | port = p + 1; | |
0f113f3e MC |
188 | } |
189 | ||
7644a9ae | 190 | *pport = OPENSSL_strdup(port); |
0f113f3e MC |
191 | if (!*pport) |
192 | goto mem_err; | |
193 | ||
7644a9ae | 194 | *phost = OPENSSL_strdup(host); |
0f113f3e MC |
195 | |
196 | if (!*phost) | |
197 | goto mem_err; | |
198 | ||
199 | OPENSSL_free(buf); | |
200 | ||
201 | return 1; | |
202 | ||
203 | mem_err: | |
204 | OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE); | |
205 | goto err; | |
206 | ||
207 | parse_err: | |
208 | OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL); | |
209 | ||
210 | err: | |
b548a1f1 RS |
211 | OPENSSL_free(buf); |
212 | OPENSSL_free(*ppath); | |
dca7158c | 213 | *ppath = NULL; |
b548a1f1 | 214 | OPENSSL_free(*pport); |
dca7158c | 215 | *pport = NULL; |
b548a1f1 | 216 | OPENSSL_free(*phost); |
dca7158c | 217 | *phost = NULL; |
0f113f3e | 218 | return 0; |
67c18019 | 219 | |
0f113f3e | 220 | } |
fb596f3b DSH |
221 | |
222 | IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID) |