Tree - source-git/openssl - CentOS Git server

source-git / openssl

Blame crypto/ocsp/ocsp_lib.c

Blob History Raw

Packit	c4476c	`/*`
Packit	c4476c	`* Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.`
Packit	c4476c	`*`
Packit	c4476c	`* Licensed under the OpenSSL license (the "License"). You may not use`
Packit	c4476c	`* this file except in compliance with the License. You can obtain a copy`
Packit	c4476c	`* in the file LICENSE in the source distribution or at`
Packit	c4476c	`* https://www.openssl.org/source/license.html`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`#include <stdio.h>`
Packit	c4476c	`#include "internal/cryptlib.h"`
Packit	c4476c	`#include <openssl/objects.h>`
Packit	c4476c	`#include <openssl/x509.h>`
Packit	c4476c	`#include <openssl/pem.h>`
Packit	c4476c	`#include <openssl/x509v3.h>`
Packit	c4476c	`#include <openssl/ocsp.h>`
Packit	c4476c	`#include "ocsp_local.h"`
Packit	c4476c	`#include <openssl/asn1t.h>`
Packit	c4476c
Packit	c4476c	`/* Convert a certificate and its issuer to an OCSP_CERTID */`
Packit	c4476c
Packit	c4476c	`OCSP_CERTID OCSP_cert_to_id(const EVP_MD dgst, const X509 *subject,`
Packit	c4476c	`const X509 *issuer)`
Packit	c4476c	`{`
Packit	c4476c	`X509_NAME *iname;`
Packit	c4476c	`const ASN1_INTEGER *serial;`
Packit	c4476c	`ASN1_BIT_STRING *ikey;`
Packit	c4476c	`if (!dgst)`
Packit	c4476c	`dgst = EVP_sha1();`
Packit	c4476c	`if (subject) {`
Packit	c4476c	`iname = X509_get_issuer_name(subject);`
Packit	c4476c	`serial = X509_get0_serialNumber(subject);`
Packit	c4476c	`} else {`
Packit	c4476c	`iname = X509_get_subject_name(issuer);`
Packit	c4476c	`serial = NULL;`
Packit	c4476c	`}`
Packit	c4476c	`ikey = X509_get0_pubkey_bitstr(issuer);`
Packit	c4476c	`return OCSP_cert_id_new(dgst, iname, ikey, serial);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`OCSP_CERTID OCSP_cert_id_new(const EVP_MD dgst,`
Packit	c4476c	`const X509_NAME *issuerName,`
Packit	c4476c	`const ASN1_BIT_STRING *issuerKey,`
Packit	c4476c	`const ASN1_INTEGER *serialNumber)`
Packit	c4476c	`{`
Packit	c4476c	`int nid;`
Packit	c4476c	`unsigned int i;`
Packit	c4476c	`X509_ALGOR *alg;`
Packit	c4476c	`OCSP_CERTID *cid = NULL;`
Packit	c4476c	`unsigned char md[EVP_MAX_MD_SIZE];`
Packit	c4476c
Packit	c4476c	`if ((cid = OCSP_CERTID_new()) == NULL)`
Packit	c4476c	`goto err;`
Packit	c4476c
Packit	c4476c	`alg = &cid->hashAlgorithm;`
Packit	c4476c	`ASN1_OBJECT_free(alg->algorithm);`
Packit	c4476c	`if ((nid = EVP_MD_type(dgst)) == NID_undef) {`
Packit	c4476c	`OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c	`if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL)`
Packit	c4476c	`goto err;`
Packit	c4476c	`if ((alg->parameter = ASN1_TYPE_new()) == NULL)`
Packit	c4476c	`goto err;`
Packit	c4476c	`alg->parameter->type = V_ASN1_NULL;`
Packit	c4476c
Packit	c4476c	`if (!X509_NAME_digest(issuerName, dgst, md, &i))`
Packit	c4476c	`goto digerr;`
Packit	c4476c	`if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i)))`
Packit	c4476c	`goto err;`
Packit	c4476c
Packit	c4476c	`/* Calculate the issuerKey hash, excluding tag and length */`
Packit	c4476c	`if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))`
Packit	c4476c	`goto err;`
Packit	c4476c
Packit	c4476c	`if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i)))`
Packit	c4476c	`goto err;`
Packit	c4476c
Packit	c4476c	`if (serialNumber) {`
Packit	c4476c	`if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0)`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c	`return cid;`
Packit	c4476c	`digerr:`
Packit	c4476c	`OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);`
Packit	c4476c	`err:`
Packit	c4476c	`OCSP_CERTID_free(cid);`
Packit	c4476c	`return NULL;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`int OCSP_id_issuer_cmp(const OCSP_CERTID a, const OCSP_CERTID b)`
Packit	c4476c	`{`
Packit	c4476c	`int ret;`
Packit	c4476c	`ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);`
Packit	c4476c	`if (ret)`
Packit	c4476c	`return ret;`
Packit	c4476c	`ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash);`
Packit	c4476c	`if (ret)`
Packit	c4476c	`return ret;`
Packit	c4476c	`return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`int OCSP_id_cmp(const OCSP_CERTID a, const OCSP_CERTID b)`
Packit	c4476c	`{`
Packit	c4476c	`int ret;`
Packit	c4476c	`ret = OCSP_id_issuer_cmp(a, b);`
Packit	c4476c	`if (ret)`
Packit	c4476c	`return ret;`
Packit	c4476c	`return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Parse a URL and split it up into host, port and path components and`
Packit	c4476c	`* whether it is SSL.`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`int OCSP_parse_url(const char url, char phost, char pport, char *ppath,`
Packit	c4476c	`int *pssl)`
Packit	c4476c	`{`
Packit	c4476c	`char p, buf;`
Packit	c4476c
Packit	c4476c	`char host, port;`
Packit	c4476c
Packit	c4476c	`*phost = NULL;`
Packit	c4476c	`*pport = NULL;`
Packit	c4476c	`*ppath = NULL;`
Packit	c4476c
Packit	c4476c	`/* dup the buffer since we are going to mess with it */`
Packit	c4476c	`buf = OPENSSL_strdup(url);`
Packit	c4476c	`if (!buf)`
Packit	c4476c	`goto mem_err;`
Packit	c4476c
Packit	c4476c	`/* Check for initial colon */`
Packit	c4476c	`p = strchr(buf, ':');`
Packit	c4476c
Packit	c4476c	`if (!p)`
Packit	c4476c	`goto parse_err;`
Packit	c4476c
Packit	c4476c	`*(p++) = '\0';`
Packit	c4476c
Packit	c4476c	`if (strcmp(buf, "http") == 0) {`
Packit	c4476c	`*pssl = 0;`
Packit	c4476c	`port = "80";`
Packit	c4476c	`} else if (strcmp(buf, "https") == 0) {`
Packit	c4476c	`*pssl = 1;`
Packit	c4476c	`port = "443";`
Packit	c4476c	`} else`
Packit	c4476c	`goto parse_err;`
Packit	c4476c
Packit	c4476c	`/* Check for double slash */`
Packit	c4476c	`if ((p[0] != '/') \|\| (p[1] != '/'))`
Packit	c4476c	`goto parse_err;`
Packit	c4476c
Packit	c4476c	`p += 2;`
Packit	c4476c
Packit	c4476c	`host = p;`
Packit	c4476c
Packit	c4476c	`/* Check for trailing part of path */`
Packit	c4476c
Packit	c4476c	`p = strchr(p, '/');`
Packit	c4476c
Packit	c4476c	`if (!p)`
Packit	c4476c	`*ppath = OPENSSL_strdup("/");`
Packit	c4476c	`else {`
Packit	c4476c	`*ppath = OPENSSL_strdup(p);`
Packit	c4476c	`/* Set start of path to 0 so hostname is valid */`
Packit	c4476c	`*p = '\0';`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (!*ppath)`
Packit	c4476c	`goto mem_err;`
Packit	c4476c
Packit	c4476c	`p = host;`
Packit	c4476c	`if (host[0] == '[') {`
Packit	c4476c	`/* ipv6 literal */`
Packit	c4476c	`host++;`
Packit	c4476c	`p = strchr(host, ']');`
Packit	c4476c	`if (!p)`
Packit	c4476c	`goto parse_err;`
Packit	c4476c	`*p = '\0';`
Packit	c4476c	`p++;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/* Look for optional ':' for port number */`
Packit	c4476c	`if ((p = strchr(p, ':'))) {`
Packit	c4476c	`*p = 0;`
Packit	c4476c	`port = p + 1;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`*pport = OPENSSL_strdup(port);`
Packit	c4476c	`if (!*pport)`
Packit	c4476c	`goto mem_err;`
Packit	c4476c
Packit	c4476c	`*phost = OPENSSL_strdup(host);`
Packit	c4476c
Packit	c4476c	`if (!*phost)`
Packit	c4476c	`goto mem_err;`
Packit	c4476c
Packit	c4476c	`OPENSSL_free(buf);`
Packit	c4476c
Packit	c4476c	`return 1;`
Packit	c4476c
Packit	c4476c	`mem_err:`
Packit	c4476c	`OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);`
Packit	c4476c	`goto err;`
Packit	c4476c
Packit	c4476c	`parse_err:`
Packit	c4476c	`OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);`
Packit	c4476c
Packit	c4476c	`err:`
Packit	c4476c	`OPENSSL_free(buf);`
Packit	c4476c	`OPENSSL_free(*ppath);`
Packit	c4476c	`*ppath = NULL;`
Packit	c4476c	`OPENSSL_free(*pport);`
Packit	c4476c	`*pport = NULL;`
Packit	c4476c	`OPENSSL_free(*phost);`
Packit	c4476c	`*phost = NULL;`
Packit	c4476c	`return 0;`
Packit	c4476c
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)`

source-git / openssl

Source Code

Blame crypto/ocsp/ocsp_lib.c