GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/crypto/../../libssl/src/crypto/ocsp/ocsp_lib.c Lines: 0 109 0.0 %
Date: 2016-12-06 Branches: 0 60 0.0 %

Line Branch Exec Source
1
/* $OpenBSD: ocsp_lib.c,v 1.18 2015/02/10 05:25:45 jsing Exp $ */
2
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
3
 * project. */
4
5
/* History:
6
   This file was transfered to Richard Levitte from CertCo by Kathy
7
   Weinhold in mid-spring 2000 to be included in OpenSSL or released
8
   as a patch kit. */
9
10
/* ====================================================================
11
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
12
 *
13
 * Redistribution and use in source and binary forms, with or without
14
 * modification, are permitted provided that the following conditions
15
 * are met:
16
 *
17
 * 1. Redistributions of source code must retain the above copyright
18
 *    notice, this list of conditions and the following disclaimer.
19
 *
20
 * 2. Redistributions in binary form must reproduce the above copyright
21
 *    notice, this list of conditions and the following disclaimer in
22
 *    the documentation and/or other materials provided with the
23
 *    distribution.
24
 *
25
 * 3. All advertising materials mentioning features or use of this
26
 *    software must display the following acknowledgment:
27
 *    "This product includes software developed by the OpenSSL Project
28
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
29
 *
30
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
31
 *    endorse or promote products derived from this software without
32
 *    prior written permission. For written permission, please contact
33
 *    openssl-core@openssl.org.
34
 *
35
 * 5. Products derived from this software may not be called "OpenSSL"
36
 *    nor may "OpenSSL" appear in their names without prior written
37
 *    permission of the OpenSSL Project.
38
 *
39
 * 6. Redistributions of any form whatsoever must retain the following
40
 *    acknowledgment:
41
 *    "This product includes software developed by the OpenSSL Project
42
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
43
 *
44
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
45
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
48
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55
 * OF THE POSSIBILITY OF SUCH DAMAGE.
56
 * ====================================================================
57
 *
58
 * This product includes cryptographic software written by Eric Young
59
 * (eay@cryptsoft.com).  This product includes software written by Tim
60
 * Hudson (tjh@cryptsoft.com).
61
 *
62
 */
63
64
#include <stdio.h>
65
#include <string.h>
66
67
#include <openssl/opensslconf.h>
68
69
#include <openssl/asn1t.h>
70
#include <openssl/err.h>
71
#include <openssl/objects.h>
72
#include <openssl/ocsp.h>
73
#include <openssl/pem.h>
74
#include <openssl/x509.h>
75
#include <openssl/x509v3.h>
76
77
/* Convert a certificate and its issuer to an OCSP_CERTID */
78
79
OCSP_CERTID *
80
OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
81
{
82
	X509_NAME *iname;
83
	ASN1_INTEGER *serial;
84
	ASN1_BIT_STRING *ikey;
85
86
#ifndef OPENSSL_NO_SHA1
87
	if (!dgst)
88
		dgst = EVP_sha1();
89
#endif
90
	if (subject) {
91
		iname = X509_get_issuer_name(subject);
92
		serial = X509_get_serialNumber(subject);
93
	} else {
94
		iname = X509_get_subject_name(issuer);
95
		serial = NULL;
96
	}
97
	ikey = X509_get0_pubkey_bitstr(issuer);
98
	return OCSP_cert_id_new(dgst, iname, ikey, serial);
99
}
100
101
OCSP_CERTID *
102
OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,
103
    ASN1_BIT_STRING* issuerKey, ASN1_INTEGER *serialNumber)
104
{
105
	int nid;
106
	unsigned int i;
107
	X509_ALGOR *alg;
108
	OCSP_CERTID *cid = NULL;
109
	unsigned char md[EVP_MAX_MD_SIZE];
110
111
	if (!(cid = OCSP_CERTID_new()))
112
		goto err;
113
114
	alg = cid->hashAlgorithm;
115
	if (alg->algorithm != NULL)
116
		ASN1_OBJECT_free(alg->algorithm);
117
	if ((nid = EVP_MD_type(dgst)) == NID_undef) {
118
		OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
119
		goto err;
120
	}
121
	if (!(alg->algorithm = OBJ_nid2obj(nid)))
122
		goto err;
123
	if ((alg->parameter = ASN1_TYPE_new()) == NULL)
124
		goto err;
125
	alg->parameter->type = V_ASN1_NULL;
126
127
	if (!X509_NAME_digest(issuerName, dgst, md, &i))
128
		goto digerr;
129
	if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i)))
130
		goto err;
131
132
	/* Calculate the issuerKey hash, excluding tag and length */
133
	if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
134
		goto err;
135
136
	if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i)))
137
		goto err;
138
139
	if (serialNumber) {
140
		ASN1_INTEGER_free(cid->serialNumber);
141
		if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber)))
142
			goto err;
143
	}
144
	return cid;
145
146
digerr:
147
	OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
148
err:
149
	if (cid)
150
		OCSP_CERTID_free(cid);
151
	return NULL;
152
}
153
154
int
155
OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
156
{
157
	int ret;
158
159
	ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
160
	if (ret)
161
		return ret;
162
	ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
163
	if (ret)
164
		return ret;
165
	return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
166
}
167
168
int
169
OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
170
{
171
	int ret;
172
173
	ret = OCSP_id_issuer_cmp(a, b);
174
	if (ret)
175
		return ret;
176
	return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
177
}
178
179
/* Parse a URL and split it up into host, port and path components and whether
180
 * it is SSL.
181
 */
182
int
183
OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
184
{
185
	char *p, *buf;
186
	char *host, *port;
187
188
	*phost = NULL;
189
	*pport = NULL;
190
	*ppath = NULL;
191
192
	/* dup the buffer since we are going to mess with it */
193
	buf = url ? strdup(url) : NULL;
194
	if (!buf)
195
		goto mem_err;
196
197
	/* Check for initial colon */
198
	p = strchr(buf, ':');
199
	if (!p)
200
		goto parse_err;
201
202
	*(p++) = '\0';
203
204
	if (!strcmp(buf, "http")) {
205
		*pssl = 0;
206
		port = "80";
207
	} else if (!strcmp(buf, "https")) {
208
		*pssl = 1;
209
		port = "443";
210
	} else
211
		goto parse_err;
212
213
	/* Check for double slash */
214
	if ((p[0] != '/') || (p[1] != '/'))
215
		goto parse_err;
216
217
	p += 2;
218
219
	host = p;
220
221
	/* Check for trailing part of path */
222
	p = strchr(p, '/');
223
	if (!p)
224
		*ppath = strdup("/");
225
	else {
226
		*ppath = strdup(p);
227
		/* Set start of path to 0 so hostname is valid */
228
		*p = '\0';
229
	}
230
231
	if (!*ppath)
232
		goto mem_err;
233
234
	/* Look for optional ':' for port number */
235
	if ((p = strchr(host, ':'))) {
236
		*p = 0;
237
		port = p + 1;
238
	} else {
239
		/* Not found: set default port */
240
		if (*pssl)
241
			port = "443";
242
		else
243
			port = "80";
244
	}
245
246
	*pport = strdup(port);
247
	if (!*pport)
248
		goto mem_err;
249
250
	*phost = strdup(host);
251
252
	if (!*phost)
253
		goto mem_err;
254
255
	free(buf);
256
257
	return 1;
258
259
mem_err:
260
	OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
261
	goto err;
262
263
parse_err:
264
	OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
265
266
err:
267
	free(buf);
268
	free(*ppath);
269
	free(*pport);
270
	free(*phost);
271
	*phost = NULL;
272
	*pport = NULL;
273
	*ppath = NULL;
274
	return 0;
275
}
276
277
278
OCSP_CERTID *
279
OCSP_CERTID_dup(OCSP_CERTID *x)
280
{
281
	return ASN1_item_dup(&OCSP_CERTID_it, x);
282
}