[thirdparty/openssl.git] / crypto / x509 / v3_skid.c

/*
 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/x509v3.h>
#include "crypto/x509.h"
#include "ext_dat.h"

static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
                                      X509V3_CTX *ctx, char *str);
const X509V3_EXT_METHOD ossl_v3_skey_id = {
    NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
    0, 0, 0, 0,
    (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
    (X509V3_EXT_S2I)s2i_skey_id,
    0, 0, 0, 0,
    NULL
};

char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
                            const ASN1_OCTET_STRING *oct)
{
    return OPENSSL_buf2hexstr(oct->data, oct->length);
}

ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
                                         X509V3_CTX *ctx, const char *str)
{
    ASN1_OCTET_STRING *oct;
    long length;

    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
        ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
        return NULL;
    }

    if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) {
        ASN1_OCTET_STRING_free(oct);
        return NULL;
    }

    oct->length = length;

    return oct;

}

ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey)
{
    ASN1_OCTET_STRING *oct;
    const unsigned char *pk;
    int pklen;
    unsigned char pkey_dig[EVP_MAX_MD_SIZE];
    unsigned int diglen;
    const char *propq;
    OSSL_LIB_CTX *libctx;
    EVP_MD *md;

    if (pubkey == NULL) {
        ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_PUBLIC_KEY);
        return NULL;
    }
    if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey))
        return NULL;
    if ((md = EVP_MD_fetch(libctx, SN_sha1, propq)) == NULL)
        return NULL;
    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
        EVP_MD_free(md);
        return NULL;
    }

    X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);
    if (EVP_Digest(pk, pklen, pkey_dig, &diglen, md, NULL)
            && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
        EVP_MD_free(md);
        return oct;
    }

    EVP_MD_free(md);
    ASN1_OCTET_STRING_free(oct);
    return NULL;
}

static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
                                      X509V3_CTX *ctx, char *str)
{
    if (strcmp(str, "none") == 0)
        return ASN1_OCTET_STRING_new(); /* dummy */

    if (strcmp(str, "hash") != 0)
        return s2i_ASN1_OCTET_STRING(method, ctx /* not used */, str);

    if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
        return ASN1_OCTET_STRING_new();
    if (ctx == NULL
        || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
        ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_SUBJECT_DETAILS);
        return NULL;
    }

    return ossl_x509_pubkey_hash(ctx->subject_cert != NULL ?
                                 ctx->subject_cert->cert_info.key :
                                 ctx->subject_req->req_info.pubkey);
}
Commit	Line	Data
0f113f3e	1	/*
4333b89f	2	* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
175b0942	3	*
4286ca47	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
d2e9e320 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
175b0942 DSH	8	*/
	9
	10	#include <stdio.h>
b39fc560	11	#include "internal/cryptlib.h"
ec577822	12	#include <openssl/x509v3.h>
25f2138b	13	#include "crypto/x509.h"
df2ee0e2	14	#include "ext_dat.h"
175b0942	15
0f113f3e MC	16	static ASN1_OCTET_STRING s2i_skey_id(X509V3_EXT_METHOD method,
0f113f3e MC	17	X509V3_CTX ctx, char str);
47864aea	18	const X509V3_EXT_METHOD ossl_v3_skey_id = {
0f113f3e MC	19	NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
	20	0, 0, 0, 0,
	21	(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
	22	(X509V3_EXT_S2I)s2i_skey_id,
	23	0, 0, 0, 0,
	24	NULL
	25	};
	26
609b0852	27	char i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD method,
bf9d5e48	28	const ASN1_OCTET_STRING *oct)
175b0942	29	{
14f051a0	30	return OPENSSL_buf2hexstr(oct->data, oct->length);
175b0942 DSH	31	}
175b0942 DSH	32
6b691a5c	33	ASN1_OCTET_STRING s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD method,
bf9d5e48	34	X509V3_CTX ctx, const char str)
175b0942	35	{
0f113f3e MC	36	ASN1_OCTET_STRING *oct;
0f113f3e MC	37	long length;
175b0942	38
75ebbd9a	39	if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
e077455e	40	ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
0f113f3e MC	41	return NULL;
0f113f3e MC	42	}
175b0942	43
14f051a0	44	if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) {
f422a514	45	ASN1_OCTET_STRING_free(oct);
0f113f3e MC	46	return NULL;
0f113f3e MC	47	}
175b0942	48
0f113f3e	49	oct->length = length;
175b0942	50
0f113f3e	51	return oct;
175b0942 DSH	52
	53	}
	54
47864aea	55	ASN1_OCTET_STRING ossl_x509_pubkey_hash(X509_PUBKEY pubkey)
175b0942	56	{
0f113f3e	57	ASN1_OCTET_STRING *oct;
29fa0a1a DSH	58	const unsigned char *pk;
29fa0a1a DSH	59	int pklen;
0f113f3e MC	60	unsigned char pkey_dig[EVP_MAX_MD_SIZE];
0f113f3e MC	61	unsigned int diglen;
192d5008 P	62	const char *propq;
	63	OSSL_LIB_CTX *libctx;
	64	EVP_MD *md;
0f113f3e	65
41e597a0 DDO	66	if (pubkey == NULL) {
41e597a0 DDO	67	ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_PUBLIC_KEY);
0f113f3e MC	68	return NULL;
0f113f3e MC	69	}
192d5008	70	if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey))
41e597a0	71	return NULL;
192d5008 P	72	if ((md = EVP_MD_fetch(libctx, SN_sha1, propq)) == NULL)
	73	return NULL;
	74	if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
	75	EVP_MD_free(md);
	76	return NULL;
	77	}
0f113f3e	78
41e597a0	79	X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);
192d5008 P	80	if (EVP_Digest(pk, pklen, pkey_dig, &diglen, md, NULL)
	81	&& ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
	82	EVP_MD_free(md);
0f113f3e	83	return oct;
192d5008	84	}
0f113f3e	85
192d5008	86	EVP_MD_free(md);
41e597a0 DDO	87	ASN1_OCTET_STRING_free(oct);
	88	return NULL;
	89	}
0f113f3e	90
41e597a0 DDO	91	static ASN1_OCTET_STRING s2i_skey_id(X509V3_EXT_METHOD method,
	92	X509V3_CTX ctx, char str)
	93	{
	94	if (strcmp(str, "none") == 0)
	95	return ASN1_OCTET_STRING_new(); /* dummy */
29fa0a1a	96
41e597a0 DDO	97	if (strcmp(str, "hash") != 0)
41e597a0 DDO	98	return s2i_ASN1_OCTET_STRING(method, ctx /* not used */, str);
0f113f3e	99
2ed63033	100	if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
41e597a0 DDO	101	return ASN1_OCTET_STRING_new();
	102	if (ctx == NULL
	103	\|\| (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
	104	ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_SUBJECT_DETAILS);
	105	return NULL;
0f113f3e MC	106	}
0f113f3e MC	107
15ac84e6 DDO	108	return ossl_x509_pubkey_hash(ctx->subject_cert != NULL ?
	109	ctx->subject_cert->cert_info.key :
	110	ctx->subject_req->req_info.pubkey);
175b0942	111	}