diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-03-10 10:29:46 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-03-10 16:09:44 +0100 |
| commit | 62dcd2aa17b27b7892ad62540f9034c9192f6530 (patch) | |
| tree | edaeb955151ff3c43c7d6a33b5f6047bd05e637c /crypto/cmp/cmp_util.c | |
| parent | da42c2a3d752628e15b47aa7511e7044745080cb (diff) | |
Chunk 8 of CMP contribution to OpenSSL: CMP server and cmp_mock_srv.c for testing
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)
Diffstat (limited to 'crypto/cmp/cmp_util.c')
| -rw-r--r-- | crypto/cmp/cmp_util.c | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index ad4ae66454..f53ff889e6 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -320,6 +320,26 @@ STACK_OF(X509) *ossl_cmp_build_cert_chain(STACK_OF(X509) *certs, X509 *cert) return result; } +int ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk, + const char *text) +{ + ASN1_UTF8STRING *utf8string; + + if (!ossl_assert(sk != NULL && text != NULL)) + return 0; + if ((utf8string = ASN1_UTF8STRING_new()) == NULL) + return 0; + if (!ASN1_STRING_set(utf8string, text, -1)) + goto err; + if (!sk_ASN1_UTF8STRING_push(sk, utf8string)) + goto err; + return 1; + + err: + ASN1_UTF8STRING_free(utf8string); + return 0; +} + int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, const ASN1_OCTET_STRING *src) { @@ -364,3 +384,39 @@ int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt, *tgt = new; return 1; } + +/* + * calculate a digest of the given certificate, + * using the same hash algorithm as in the certificate signature. + */ +ASN1_OCTET_STRING *OSSL_CMP_X509_digest(const X509 *cert) +{ + unsigned int len; + unsigned char hash[EVP_MAX_MD_SIZE]; + int md_NID; + const EVP_MD *md = NULL; + ASN1_OCTET_STRING *new = NULL; + + if (!ossl_assert(cert != NULL)) + return NULL; + + /*- + * select hash algorithm, as stated in CMP RFC 4210 Appendix F. + * Compilable ASN.1 defs: + * the hash of the certificate, using the same hash algorithm + * as is used to create and verify the certificate signature + */ + if (!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &md_NID, NULL) + || (md = EVP_get_digestbynid(md_NID)) == NULL) { + CMPerr(0, CMP_R_UNSUPPORTED_ALGORITHM); + return NULL; + } + if (!X509_digest(cert, md, hash, &len) + || (new = ASN1_OCTET_STRING_new()) == NULL) + return NULL; + if (!(ASN1_OCTET_STRING_set(new, hash, len))) { + ASN1_OCTET_STRING_free(new); + return NULL; + } + return new; +} |