1 | /* |
2 | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #include <stdio.h> |
11 | #include "internal/cryptlib.h" |
12 | #include <openssl/x509v3.h> |
13 | #include "crypto/x509.h" |
14 | #include "ext_dat.h" |
15 | |
16 | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, |
17 | X509V3_CTX *ctx, char *str); |
18 | const X509V3_EXT_METHOD v3_skey_id = { |
19 | NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), |
20 | 0, 0, 0, 0, |
21 | (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, |
22 | (X509V3_EXT_S2I)s2i_skey_id, |
23 | 0, 0, 0, 0, |
24 | NULL |
25 | }; |
26 | |
27 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, |
28 | const ASN1_OCTET_STRING *oct) |
29 | { |
30 | return OPENSSL_buf2hexstr(oct->data, oct->length); |
31 | } |
32 | |
33 | ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, |
34 | X509V3_CTX *ctx, const char *str) |
35 | { |
36 | ASN1_OCTET_STRING *oct; |
37 | long length; |
38 | |
39 | if ((oct = ASN1_OCTET_STRING_new()) == NULL) { |
40 | X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); |
41 | return NULL; |
42 | } |
43 | |
44 | if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) { |
45 | ASN1_OCTET_STRING_free(oct); |
46 | return NULL; |
47 | } |
48 | |
49 | oct->length = length; |
50 | |
51 | return oct; |
52 | |
53 | } |
54 | |
55 | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, |
56 | X509V3_CTX *ctx, char *str) |
57 | { |
58 | ASN1_OCTET_STRING *oct; |
59 | X509_PUBKEY *pubkey; |
60 | const unsigned char *pk; |
61 | int pklen; |
62 | unsigned char pkey_dig[EVP_MAX_MD_SIZE]; |
63 | unsigned int diglen; |
64 | |
65 | if (strcmp(str, "hash" )) |
66 | return s2i_ASN1_OCTET_STRING(method, ctx, str); |
67 | |
68 | if ((oct = ASN1_OCTET_STRING_new()) == NULL) { |
69 | X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); |
70 | return NULL; |
71 | } |
72 | |
73 | if (ctx && (ctx->flags == CTX_TEST)) |
74 | return oct; |
75 | |
76 | if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) { |
77 | X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY); |
78 | goto err; |
79 | } |
80 | |
81 | if (ctx->subject_req) |
82 | pubkey = ctx->subject_req->req_info.pubkey; |
83 | else |
84 | pubkey = ctx->subject_cert->cert_info.key; |
85 | |
86 | if (pubkey == NULL) { |
87 | X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY); |
88 | goto err; |
89 | } |
90 | |
91 | X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey); |
92 | |
93 | if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL)) |
94 | goto err; |
95 | |
96 | if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { |
97 | X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); |
98 | goto err; |
99 | } |
100 | |
101 | return oct; |
102 | |
103 | err: |
104 | ASN1_OCTET_STRING_free(oct); |
105 | return NULL; |
106 | } |
107 | |