1 /* 2 * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include "internal/cryptlib.h" 12 #include <openssl/objects.h> 13 #include <openssl/x509.h> 14 #include <openssl/pem.h> 15 #include <openssl/x509v3.h> 16 #include <openssl/ocsp.h> 17 #include "ocsp_local.h" 18 #include <openssl/asn1t.h> 19 20 /* Convert a certificate and its issuer to an OCSP_CERTID */ 21 22 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, 23 const X509 *issuer) 24 { 25 const X509_NAME *iname; 26 const ASN1_INTEGER *serial; 27 ASN1_BIT_STRING *ikey; 28 29 if (!dgst) 30 dgst = EVP_sha1(); 31 if (subject) { 32 iname = X509_get_issuer_name(subject); 33 serial = X509_get0_serialNumber(subject); 34 } else { 35 iname = X509_get_subject_name(issuer); 36 serial = NULL; 37 } 38 ikey = X509_get0_pubkey_bitstr(issuer); 39 return OCSP_cert_id_new(dgst, iname, ikey, serial); 40 } 41 42 OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 43 const X509_NAME *issuerName, 44 const ASN1_BIT_STRING *issuerKey, 45 const ASN1_INTEGER *serialNumber) 46 { 47 int nid; 48 unsigned int i; 49 X509_ALGOR *alg; 50 OCSP_CERTID *cid = NULL; 51 unsigned char md[EVP_MAX_MD_SIZE]; 52 53 if ((cid = OCSP_CERTID_new()) == NULL) 54 goto err; 55 56 alg = &cid->hashAlgorithm; 57 ASN1_OBJECT_free(alg->algorithm); 58 if ((nid = EVP_MD_get_type(dgst)) == NID_undef) { 59 ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_NID); 60 goto err; 61 } 62 if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL) 63 goto err; 64 if ((alg->parameter = ASN1_TYPE_new()) == NULL) 65 goto err; 66 alg->parameter->type = V_ASN1_NULL; 67 68 if (!X509_NAME_digest(issuerName, dgst, md, &i)) 69 goto digerr; 70 if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i))) 71 goto err; 72 73 /* Calculate the issuerKey hash, excluding tag and length */ 74 if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL)) 75 goto err; 76 77 if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i))) 78 goto err; 79 80 if (serialNumber) { 81 if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0) 82 goto err; 83 } 84 return cid; 85 digerr: 86 ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_ERR); 87 err: 88 OCSP_CERTID_free(cid); 89 return NULL; 90 } 91 92 int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b) 93 { 94 int ret; 95 ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm); 96 if (ret) 97 return ret; 98 ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash); 99 if (ret) 100 return ret; 101 return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash); 102 } 103 104 int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b) 105 { 106 int ret; 107 ret = OCSP_id_issuer_cmp(a, b); 108 if (ret) 109 return ret; 110 return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber); 111 } 112 113 IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID) 114