1 /* 2 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include "internal/cryptlib.h" 12 #include <openssl/x509v3.h> 13 #include "crypto/x509.h" 14 #include "ext_dat.h" 15 16 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, 17 X509V3_CTX *ctx, char *str); 18 const X509V3_EXT_METHOD ossl_v3_skey_id = { 19 NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), 20 0, 0, 0, 0, 21 (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, 22 (X509V3_EXT_S2I)s2i_skey_id, 23 0, 0, 0, 0, 24 NULL 25 }; 26 27 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, 28 const ASN1_OCTET_STRING *oct) 29 { 30 return OPENSSL_buf2hexstr(oct->data, oct->length); 31 } 32 33 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, 34 X509V3_CTX *ctx, const char *str) 35 { 36 ASN1_OCTET_STRING *oct; 37 long length; 38 39 if ((oct = ASN1_OCTET_STRING_new()) == NULL) { 40 ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); 41 return NULL; 42 } 43 44 if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) { 45 ASN1_OCTET_STRING_free(oct); 46 return NULL; 47 } 48 49 oct->length = length; 50 51 return oct; 52 53 } 54 55 ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey) 56 { 57 ASN1_OCTET_STRING *oct; 58 const unsigned char *pk; 59 int pklen; 60 unsigned char pkey_dig[EVP_MAX_MD_SIZE]; 61 unsigned int diglen; 62 const char *propq; 63 OSSL_LIB_CTX *libctx; 64 EVP_MD *md; 65 66 if (pubkey == NULL) { 67 ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_PUBLIC_KEY); 68 return NULL; 69 } 70 if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey)) 71 return NULL; 72 if ((md = EVP_MD_fetch(libctx, SN_sha1, propq)) == NULL) 73 return NULL; 74 if ((oct = ASN1_OCTET_STRING_new()) == NULL) { 75 EVP_MD_free(md); 76 return NULL; 77 } 78 79 X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey); 80 if (EVP_Digest(pk, pklen, pkey_dig, &diglen, md, NULL) 81 && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { 82 EVP_MD_free(md); 83 return oct; 84 } 85 86 EVP_MD_free(md); 87 ASN1_OCTET_STRING_free(oct); 88 return NULL; 89 } 90 91 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, 92 X509V3_CTX *ctx, char *str) 93 { 94 if (strcmp(str, "none") == 0) 95 return ASN1_OCTET_STRING_new(); /* dummy */ 96 97 if (strcmp(str, "hash") != 0) 98 return s2i_ASN1_OCTET_STRING(method, ctx /* not used */, str); 99 100 if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0) 101 return ASN1_OCTET_STRING_new(); 102 if (ctx == NULL 103 || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) { 104 ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_SUBJECT_DETAILS); 105 return NULL; 106 } 107 108 return ossl_x509_pubkey_hash(ctx->subject_cert != NULL ? 109 ctx->subject_cert->cert_info.key : 110 ctx->subject_req->req_info.pubkey); 111 } 112