16f9291ceSJung-uk Kim /*
2b077aed3SPierre Pronchery * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
35c87c606SMark Murray *
4b077aed3SPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use
5e71b7053SJung-uk Kim * this file except in compliance with the License. You can obtain a copy
6e71b7053SJung-uk Kim * in the file LICENSE in the source distribution or at
7e71b7053SJung-uk Kim * https://www.openssl.org/source/license.html
85c87c606SMark Murray */
95c87c606SMark Murray
105c87c606SMark Murray #include <stdio.h>
11e71b7053SJung-uk Kim #include "internal/cryptlib.h"
125c87c606SMark Murray #include <openssl/objects.h>
135c87c606SMark Murray #include <openssl/x509.h>
145c87c606SMark Murray #include <openssl/pem.h>
155c87c606SMark Murray #include <openssl/x509v3.h>
165c87c606SMark Murray #include <openssl/ocsp.h>
1717f01e99SJung-uk Kim #include "ocsp_local.h"
181f13597dSJung-uk Kim #include <openssl/asn1t.h>
195c87c606SMark Murray
205c87c606SMark Murray /* Convert a certificate and its issuer to an OCSP_CERTID */
215c87c606SMark Murray
OCSP_cert_to_id(const EVP_MD * dgst,const X509 * subject,const X509 * issuer)22e71b7053SJung-uk Kim OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
23e71b7053SJung-uk Kim const X509 *issuer)
245c87c606SMark Murray {
25b077aed3SPierre Pronchery const X509_NAME *iname;
26e71b7053SJung-uk Kim const ASN1_INTEGER *serial;
275c87c606SMark Murray ASN1_BIT_STRING *ikey;
28b077aed3SPierre Pronchery
296f9291ceSJung-uk Kim if (!dgst)
306f9291ceSJung-uk Kim dgst = EVP_sha1();
316f9291ceSJung-uk Kim if (subject) {
325c87c606SMark Murray iname = X509_get_issuer_name(subject);
33e71b7053SJung-uk Kim serial = X509_get0_serialNumber(subject);
346f9291ceSJung-uk Kim } else {
355c87c606SMark Murray iname = X509_get_subject_name(issuer);
365c87c606SMark Murray serial = NULL;
375c87c606SMark Murray }
385c87c606SMark Murray ikey = X509_get0_pubkey_bitstr(issuer);
395c87c606SMark Murray return OCSP_cert_id_new(dgst, iname, ikey, serial);
405c87c606SMark Murray }
415c87c606SMark Murray
OCSP_cert_id_new(const EVP_MD * dgst,const X509_NAME * issuerName,const ASN1_BIT_STRING * issuerKey,const ASN1_INTEGER * serialNumber)425c87c606SMark Murray OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
43e71b7053SJung-uk Kim const X509_NAME *issuerName,
44e71b7053SJung-uk Kim const ASN1_BIT_STRING *issuerKey,
45e71b7053SJung-uk Kim const ASN1_INTEGER *serialNumber)
465c87c606SMark Murray {
475c87c606SMark Murray int nid;
485c87c606SMark Murray unsigned int i;
495c87c606SMark Murray X509_ALGOR *alg;
505c87c606SMark Murray OCSP_CERTID *cid = NULL;
515c87c606SMark Murray unsigned char md[EVP_MAX_MD_SIZE];
525c87c606SMark Murray
53e71b7053SJung-uk Kim if ((cid = OCSP_CERTID_new()) == NULL)
546f9291ceSJung-uk Kim goto err;
555c87c606SMark Murray
56e71b7053SJung-uk Kim alg = &cid->hashAlgorithm;
576f9291ceSJung-uk Kim ASN1_OBJECT_free(alg->algorithm);
58b077aed3SPierre Pronchery if ((nid = EVP_MD_get_type(dgst)) == NID_undef) {
59b077aed3SPierre Pronchery ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_NID);
605c87c606SMark Murray goto err;
615c87c606SMark Murray }
62e71b7053SJung-uk Kim if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL)
636f9291ceSJung-uk Kim goto err;
646f9291ceSJung-uk Kim if ((alg->parameter = ASN1_TYPE_new()) == NULL)
656f9291ceSJung-uk Kim goto err;
665c87c606SMark Murray alg->parameter->type = V_ASN1_NULL;
675c87c606SMark Murray
686f9291ceSJung-uk Kim if (!X509_NAME_digest(issuerName, dgst, md, &i))
696f9291ceSJung-uk Kim goto digerr;
70e71b7053SJung-uk Kim if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i)))
716f9291ceSJung-uk Kim goto err;
725c87c606SMark Murray
735c87c606SMark Murray /* Calculate the issuerKey hash, excluding tag and length */
741f13597dSJung-uk Kim if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
751f13597dSJung-uk Kim goto err;
765c87c606SMark Murray
77e71b7053SJung-uk Kim if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i)))
786f9291ceSJung-uk Kim goto err;
795c87c606SMark Murray
806f9291ceSJung-uk Kim if (serialNumber) {
81e71b7053SJung-uk Kim if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0)
826f9291ceSJung-uk Kim goto err;
835c87c606SMark Murray }
845c87c606SMark Murray return cid;
855c87c606SMark Murray digerr:
86b077aed3SPierre Pronchery ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_ERR);
875c87c606SMark Murray err:
886f9291ceSJung-uk Kim OCSP_CERTID_free(cid);
895c87c606SMark Murray return NULL;
905c87c606SMark Murray }
915c87c606SMark Murray
OCSP_id_issuer_cmp(const OCSP_CERTID * a,const OCSP_CERTID * b)92610a21fdSJung-uk Kim int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b)
935c87c606SMark Murray {
945c87c606SMark Murray int ret;
95e71b7053SJung-uk Kim ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
966f9291ceSJung-uk Kim if (ret)
976f9291ceSJung-uk Kim return ret;
98e71b7053SJung-uk Kim ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash);
996f9291ceSJung-uk Kim if (ret)
1006f9291ceSJung-uk Kim return ret;
101e71b7053SJung-uk Kim return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash);
1025c87c606SMark Murray }
1035c87c606SMark Murray
OCSP_id_cmp(const OCSP_CERTID * a,const OCSP_CERTID * b)104610a21fdSJung-uk Kim int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b)
1055c87c606SMark Murray {
1065c87c606SMark Murray int ret;
1075c87c606SMark Murray ret = OCSP_id_issuer_cmp(a, b);
1086f9291ceSJung-uk Kim if (ret)
1096f9291ceSJung-uk Kim return ret;
110e71b7053SJung-uk Kim return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber);
1115c87c606SMark Murray }
1125c87c606SMark Murray
1131f13597dSJung-uk Kim IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)
114