/**
 * Add a subject_key_identifier and authority_key_dentifier based
 * on the SHA256 hash of the public key.
 *
 * Return true on success, false on error
 *
 * Example:
 * @code
 * <#example#>
 * @endcode
 */
static bool
_addKeyIdentifier(X509 *cert)
{
    unsigned char spkid[SHA256_DIGEST_LENGTH];
    char spkid_hex[1 + 2 * SHA256_DIGEST_LENGTH];

    /* Generate a KeyID which is the SHA256 digest of the DER encoding
     * of a SubjectPublicKeyInfo.  Note that this is slightly uncommon,
     * but it is more general and complete than digesting the BIT STRING
     * component of the SubjectPublicKeyInfo itself (and no standard dictates
     * how you must generate a key ID).  This code must produce the same result
     * as the Java version applied to the same SubjectPublicKeyInfo.
     */

    if (ASN1_item_digest(ASN1_ITEM_rptr(X509_PUBKEY), EVP_sha256(), X509_get_X509_PUBKEY(cert), spkid, NULL)) {
        for (int i = 0; i < 32; i++) {
            snprintf(&spkid_hex[2 * i], 3, "%02X", (unsigned) spkid[i]);
        }
        if (_addCertificateExtension(cert, NID_subject_key_identifier, spkid_hex) == true) {
            if (_addCertificateExtensionWithContext(cert, NID_authority_key_identifier, "keyid:always") == true) {
                return true;
            }
        }
    }
    return false;
}
示例#2
0
文件: x_all.c 项目: 1234-/openssl
int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
                                   const EVP_MD *type, unsigned char *md,
                                   unsigned int *len)
{
    return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
                             (char *)data, md, len));
}
示例#3
0
文件: x_all.c 项目: vladrich/openssl
int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
                    unsigned char *md, unsigned int *len)
{
    if (type == EVP_sha1()) {
        /* Asking for SHA1; always computed in CRL d2i. */
        if (len != NULL)
            *len = sizeof(data->sha1_hash);
        memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
        return 1;
    }
    return (ASN1_item_digest
            (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
}
示例#4
0
文件: x_all.c 项目: vladrich/openssl
int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
                unsigned int *len)
{
    if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) {
        /* Asking for SHA1 and we already computed it. */
        if (len != NULL)
            *len = sizeof(data->sha1_hash);
        memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
        return 1;
    }
    return (ASN1_item_digest
            (ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
}
示例#5
0
static int
make_certfp(X509 *cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
{
	const ASN1_ITEM *it;
	const EVP_MD *evp;
	void *data;
	unsigned int len;

	switch(method)
	{
	case RB_SSL_CERTFP_METH_CERT_SHA1:
		it = ASN1_ITEM_rptr(X509);
		evp = EVP_sha1();
		data = cert;
		len = RB_SSL_CERTFP_LEN_SHA1;
		break;
	case RB_SSL_CERTFP_METH_CERT_SHA256:
		it = ASN1_ITEM_rptr(X509);
		evp = EVP_sha256();
		data = cert;
		len = RB_SSL_CERTFP_LEN_SHA256;
		break;
	case RB_SSL_CERTFP_METH_CERT_SHA512:
		it = ASN1_ITEM_rptr(X509);
		evp = EVP_sha512();
		data = cert;
		len = RB_SSL_CERTFP_LEN_SHA512;
		break;
	case RB_SSL_CERTFP_METH_SPKI_SHA256:
		it = ASN1_ITEM_rptr(X509_PUBKEY);
		evp = EVP_sha256();
		data = X509_get_X509_PUBKEY(cert);
		len = RB_SSL_CERTFP_LEN_SHA256;
		break;
	case RB_SSL_CERTFP_METH_SPKI_SHA512:
		it = ASN1_ITEM_rptr(X509_PUBKEY);
		evp = EVP_sha512();
		data = X509_get_X509_PUBKEY(cert);
		len = RB_SSL_CERTFP_LEN_SHA512;
		break;
	default:
		return 0;
	}

	if (ASN1_item_digest(it, evp, data, certfp, &len) != 1)
		len = 0;
	return (int) len;
}
示例#6
0
static PARCCryptoHash *
_GetPublickKeyDigest(PARCPkcs12KeyStore *keystore)
{
    parcSecurity_AssertIsInitialized();

    assertNotNull(keystore, "Parameter must be non-null PARCPkcs12KeyStore");

    if (keystore->public_key_digest == NULL) {
        AUTHORITY_KEYID  *akid = X509_get_ext_d2i(keystore->x509_cert, NID_authority_key_identifier, NULL, NULL);
        if (akid != NULL) {
            ASN1_OCTET_STRING *skid = X509_get_ext_d2i(keystore->x509_cert, NID_subject_key_identifier, NULL, NULL);
            if (skid != NULL) {
                keystore->public_key_digest =
                    parcBuffer_PutArray(parcBuffer_Allocate(skid->length), skid->length, skid->data);
                parcBuffer_Flip(keystore->public_key_digest);
                ASN1_OCTET_STRING_free(skid);
            }
            AUTHORITY_KEYID_free(akid);
        }
    }

    // If we could not load the digest from the certificate, then calculate it from the public key.
    if (keystore->public_key_digest == NULL) {
        uint8_t digestBuffer[SHA256_DIGEST_LENGTH];

        int result = ASN1_item_digest(ASN1_ITEM_rptr(X509_PUBKEY),
                                      EVP_sha256(),
                                      X509_get_X509_PUBKEY(keystore->x509_cert),
                                      digestBuffer,
                                      NULL);
        if (result != 1) {
            assertTrue(0, "Could not compute digest over certificate public key");
        } else {
            keystore->public_key_digest =
                parcBuffer_PutArray(parcBuffer_Allocate(SHA256_DIGEST_LENGTH), SHA256_DIGEST_LENGTH, digestBuffer);
            parcBuffer_Flip(keystore->public_key_digest);
        }
    }

    // This stores a reference, so keystore->public_key_digest will remain valid
    // even if the cryptoHasher is destroyed
    return parcCryptoHash_Create(PARC_HASH_SHA256, keystore->public_key_digest);
}
示例#7
0
文件: x_all.c 项目: 1234-/openssl
int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
                     unsigned char *md, unsigned int *len)
{
    return (ASN1_item_digest
            (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len));
}