2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
17 #include "internal/cryptlib.h"
18 #include <openssl/buffer.h>
19 #include <openssl/asn1.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/http.h>
23 #include <openssl/rsa.h>
24 #include <openssl/dsa.h>
25 #include <openssl/x509v3.h>
26 #include "internal/asn1.h"
27 #include "crypto/pkcs7.h"
28 #include "crypto/x509.h"
29 #include "crypto/x509_acert.h"
30 #include "crypto/rsa.h"
32 int X509_verify(X509
*a
, EVP_PKEY
*r
)
34 if (X509_ALGOR_cmp(&a
->sig_alg
, &a
->cert_info
.signature
) != 0)
37 return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_CINF
), &a
->sig_alg
,
38 &a
->signature
, &a
->cert_info
,
39 a
->distinguishing_id
, r
, a
->libctx
, a
->propq
);
42 int X509_REQ_verify_ex(X509_REQ
*a
, EVP_PKEY
*r
, OSSL_LIB_CTX
*libctx
,
45 return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_REQ_INFO
), &a
->sig_alg
,
46 a
->signature
, &a
->req_info
, a
->distinguishing_id
,
50 int X509_REQ_verify(X509_REQ
*a
, EVP_PKEY
*r
)
52 return X509_REQ_verify_ex(a
, r
, NULL
, NULL
);
55 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI
*a
, EVP_PKEY
*r
)
57 return ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC
),
58 &a
->sig_algor
, a
->signature
, a
->spkac
, r
);
61 int X509_sign(X509
*x
, EVP_PKEY
*pkey
, const EVP_MD
*md
)
64 ERR_raise(ERR_LIB_X509
, ERR_R_PASSED_NULL_PARAMETER
);
67 if (sk_X509_EXTENSION_num(X509_get0_extensions(x
)) > 0
68 && !X509_set_version(x
, X509_VERSION_3
))
72 * Setting the modified flag before signing it. This makes the cached
73 * encoding to be ignored, so even if the certificate fields have changed,
74 * they are signed correctly.
75 * The X509_sign_ctx, X509_REQ_sign{,_ctx}, X509_CRL_sign{,_ctx} functions
76 * which exist below are the same.
78 x
->cert_info
.enc
.modified
= 1;
79 return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CINF
), &x
->cert_info
.signature
,
80 &x
->sig_alg
, &x
->signature
, &x
->cert_info
, NULL
,
81 pkey
, md
, x
->libctx
, x
->propq
);
84 int X509_sign_ctx(X509
*x
, EVP_MD_CTX
*ctx
)
87 ERR_raise(ERR_LIB_X509
, ERR_R_PASSED_NULL_PARAMETER
);
90 if (sk_X509_EXTENSION_num(X509_get0_extensions(x
)) > 0
91 && !X509_set_version(x
, X509_VERSION_3
))
93 x
->cert_info
.enc
.modified
= 1;
94 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF
),
95 &x
->cert_info
.signature
,
96 &x
->sig_alg
, &x
->signature
, &x
->cert_info
, ctx
);
99 static ASN1_VALUE
*simple_get_asn1(const char *url
, BIO
*bio
, BIO
*rbio
,
100 int timeout
, const ASN1_ITEM
*it
)
102 #ifndef OPENSSL_NO_HTTP
103 BIO
*mem
= OSSL_HTTP_get(url
, NULL
/* proxy */, NULL
/* no_proxy */,
104 bio
, rbio
, NULL
/* cb */, NULL
/* arg */,
105 1024 /* buf_size */, NULL
/* headers */,
106 NULL
/* expected_ct */, 1 /* expect_asn1 */,
107 OSSL_HTTP_DEFAULT_MAX_RESP_LEN
, timeout
);
108 ASN1_VALUE
*res
= ASN1_item_d2i_bio(it
, mem
, NULL
);
117 X509
*X509_load_http(const char *url
, BIO
*bio
, BIO
*rbio
, int timeout
)
119 return (X509
*)simple_get_asn1(url
, bio
, rbio
, timeout
,
120 ASN1_ITEM_rptr(X509
));
123 int X509_REQ_sign(X509_REQ
*x
, EVP_PKEY
*pkey
, const EVP_MD
*md
)
126 ERR_raise(ERR_LIB_X509
, ERR_R_PASSED_NULL_PARAMETER
);
129 x
->req_info
.enc
.modified
= 1;
130 return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_REQ_INFO
), &x
->sig_alg
, NULL
,
131 x
->signature
, &x
->req_info
, NULL
,
132 pkey
, md
, x
->libctx
, x
->propq
);
135 int X509_REQ_sign_ctx(X509_REQ
*x
, EVP_MD_CTX
*ctx
)
138 ERR_raise(ERR_LIB_X509
, ERR_R_PASSED_NULL_PARAMETER
);
141 x
->req_info
.enc
.modified
= 1;
142 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO
),
143 &x
->sig_alg
, NULL
, x
->signature
, &x
->req_info
,
147 int X509_CRL_sign(X509_CRL
*x
, EVP_PKEY
*pkey
, const EVP_MD
*md
)
150 ERR_raise(ERR_LIB_X509
, ERR_R_PASSED_NULL_PARAMETER
);
153 x
->crl
.enc
.modified
= 1;
154 return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CRL_INFO
), &x
->crl
.sig_alg
,
155 &x
->sig_alg
, &x
->signature
, &x
->crl
, NULL
,
156 pkey
, md
, x
->libctx
, x
->propq
);
159 int X509_CRL_sign_ctx(X509_CRL
*x
, EVP_MD_CTX
*ctx
)
162 ERR_raise(ERR_LIB_X509
, ERR_R_PASSED_NULL_PARAMETER
);
165 x
->crl
.enc
.modified
= 1;
166 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO
),
167 &x
->crl
.sig_alg
, &x
->sig_alg
, &x
->signature
,
171 X509_CRL
*X509_CRL_load_http(const char *url
, BIO
*bio
, BIO
*rbio
, int timeout
)
173 return (X509_CRL
*)simple_get_asn1(url
, bio
, rbio
, timeout
,
174 ASN1_ITEM_rptr(X509_CRL
));
177 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI
*x
, EVP_PKEY
*pkey
, const EVP_MD
*md
)
180 ASN1_item_sign_ex(ASN1_ITEM_rptr(NETSCAPE_SPKAC
), &x
->sig_algor
, NULL
,
181 x
->signature
, x
->spkac
, NULL
, pkey
, md
, NULL
, NULL
);
184 #ifndef OPENSSL_NO_STDIO
185 X509
*d2i_X509_fp(FILE *fp
, X509
**x509
)
187 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509
), fp
, x509
);
190 int i2d_X509_fp(FILE *fp
, const X509
*x509
)
192 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509
), fp
, x509
);
196 X509
*d2i_X509_bio(BIO
*bp
, X509
**x509
)
198 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509
), bp
, x509
);
201 int i2d_X509_bio(BIO
*bp
, const X509
*x509
)
203 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509
), bp
, x509
);
206 #ifndef OPENSSL_NO_STDIO
207 X509_CRL
*d2i_X509_CRL_fp(FILE *fp
, X509_CRL
**crl
)
209 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL
), fp
, crl
);
212 int i2d_X509_CRL_fp(FILE *fp
, const X509_CRL
*crl
)
214 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL
), fp
, crl
);
218 X509_CRL
*d2i_X509_CRL_bio(BIO
*bp
, X509_CRL
**crl
)
220 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL
), bp
, crl
);
223 int i2d_X509_CRL_bio(BIO
*bp
, const X509_CRL
*crl
)
225 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL
), bp
, crl
);
228 #ifndef OPENSSL_NO_STDIO
229 PKCS7
*d2i_PKCS7_fp(FILE *fp
, PKCS7
**p7
)
232 OSSL_LIB_CTX
*libctx
= NULL
;
233 const char *propq
= NULL
;
235 if (p7
!= NULL
&& *p7
!= NULL
) {
236 libctx
= (*p7
)->ctx
.libctx
;
237 propq
= (*p7
)->ctx
.propq
;
240 ret
= ASN1_item_d2i_fp_ex(ASN1_ITEM_rptr(PKCS7
), fp
, p7
, libctx
, propq
);
242 ossl_pkcs7_resolve_libctx(ret
);
246 int i2d_PKCS7_fp(FILE *fp
, const PKCS7
*p7
)
248 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7
), fp
, p7
);
252 PKCS7
*d2i_PKCS7_bio(BIO
*bp
, PKCS7
**p7
)
255 OSSL_LIB_CTX
*libctx
= NULL
;
256 const char *propq
= NULL
;
258 if (p7
!= NULL
&& *p7
!= NULL
) {
259 libctx
= (*p7
)->ctx
.libctx
;
260 propq
= (*p7
)->ctx
.propq
;
263 ret
= ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(PKCS7
), bp
, p7
, libctx
, propq
);
265 ossl_pkcs7_resolve_libctx(ret
);
269 int i2d_PKCS7_bio(BIO
*bp
, const PKCS7
*p7
)
271 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7
), bp
, p7
);
274 #ifndef OPENSSL_NO_STDIO
275 X509_REQ
*d2i_X509_REQ_fp(FILE *fp
, X509_REQ
**req
)
277 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ
), fp
, req
);
280 int i2d_X509_REQ_fp(FILE *fp
, const X509_REQ
*req
)
282 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ
), fp
, req
);
286 X509_REQ
*d2i_X509_REQ_bio(BIO
*bp
, X509_REQ
**req
)
288 OSSL_LIB_CTX
*libctx
= NULL
;
289 const char *propq
= NULL
;
291 if (req
!= NULL
&& *req
!= NULL
) {
292 libctx
= (*req
)->libctx
;
293 propq
= (*req
)->propq
;
297 ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(X509_REQ
), bp
, req
, libctx
, propq
);
300 int i2d_X509_REQ_bio(BIO
*bp
, const X509_REQ
*req
)
302 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ
), bp
, req
);
305 #ifndef OPENSSL_NO_STDIO
306 RSA
*d2i_RSAPrivateKey_fp(FILE *fp
, RSA
**rsa
)
308 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey
), fp
, rsa
);
311 int i2d_RSAPrivateKey_fp(FILE *fp
, const RSA
*rsa
)
313 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey
), fp
, rsa
);
316 RSA
*d2i_RSAPublicKey_fp(FILE *fp
, RSA
**rsa
)
318 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey
), fp
, rsa
);
321 RSA
*d2i_RSA_PUBKEY_fp(FILE *fp
, RSA
**rsa
)
323 return ASN1_d2i_fp((void *(*)(void))
324 RSA_new
, (D2I_OF(void)) d2i_RSA_PUBKEY
, fp
,
328 int i2d_RSAPublicKey_fp(FILE *fp
, const RSA
*rsa
)
330 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey
), fp
, rsa
);
333 int i2d_RSA_PUBKEY_fp(FILE *fp
, const RSA
*rsa
)
335 return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY
, fp
, rsa
);
339 RSA
*d2i_RSAPrivateKey_bio(BIO
*bp
, RSA
**rsa
)
341 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey
), bp
, rsa
);
344 int i2d_RSAPrivateKey_bio(BIO
*bp
, const RSA
*rsa
)
346 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey
), bp
, rsa
);
349 RSA
*d2i_RSAPublicKey_bio(BIO
*bp
, RSA
**rsa
)
351 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey
), bp
, rsa
);
354 RSA
*d2i_RSA_PUBKEY_bio(BIO
*bp
, RSA
**rsa
)
356 return ASN1_d2i_bio_of(RSA
, RSA_new
, d2i_RSA_PUBKEY
, bp
, rsa
);
359 int i2d_RSAPublicKey_bio(BIO
*bp
, const RSA
*rsa
)
361 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey
), bp
, rsa
);
364 int i2d_RSA_PUBKEY_bio(BIO
*bp
, const RSA
*rsa
)
366 return ASN1_i2d_bio_of(RSA
, i2d_RSA_PUBKEY
, bp
, rsa
);
369 #ifndef OPENSSL_NO_DSA
370 # ifndef OPENSSL_NO_STDIO
371 DSA
*d2i_DSAPrivateKey_fp(FILE *fp
, DSA
**dsa
)
373 return ASN1_d2i_fp_of(DSA
, DSA_new
, d2i_DSAPrivateKey
, fp
, dsa
);
376 int i2d_DSAPrivateKey_fp(FILE *fp
, const DSA
*dsa
)
378 return ASN1_i2d_fp_of(DSA
, i2d_DSAPrivateKey
, fp
, dsa
);
381 DSA
*d2i_DSA_PUBKEY_fp(FILE *fp
, DSA
**dsa
)
383 return ASN1_d2i_fp_of(DSA
, DSA_new
, d2i_DSA_PUBKEY
, fp
, dsa
);
386 int i2d_DSA_PUBKEY_fp(FILE *fp
, const DSA
*dsa
)
388 return ASN1_i2d_fp_of(DSA
, i2d_DSA_PUBKEY
, fp
, dsa
);
392 DSA
*d2i_DSAPrivateKey_bio(BIO
*bp
, DSA
**dsa
)
394 return ASN1_d2i_bio_of(DSA
, DSA_new
, d2i_DSAPrivateKey
, bp
, dsa
);
397 int i2d_DSAPrivateKey_bio(BIO
*bp
, const DSA
*dsa
)
399 return ASN1_i2d_bio_of(DSA
, i2d_DSAPrivateKey
, bp
, dsa
);
402 DSA
*d2i_DSA_PUBKEY_bio(BIO
*bp
, DSA
**dsa
)
404 return ASN1_d2i_bio_of(DSA
, DSA_new
, d2i_DSA_PUBKEY
, bp
, dsa
);
407 int i2d_DSA_PUBKEY_bio(BIO
*bp
, const DSA
*dsa
)
409 return ASN1_i2d_bio_of(DSA
, i2d_DSA_PUBKEY
, bp
, dsa
);
414 #ifndef OPENSSL_NO_EC
415 # ifndef OPENSSL_NO_STDIO
416 EC_KEY
*d2i_EC_PUBKEY_fp(FILE *fp
, EC_KEY
**eckey
)
418 return ASN1_d2i_fp_of(EC_KEY
, EC_KEY_new
, d2i_EC_PUBKEY
, fp
, eckey
);
421 int i2d_EC_PUBKEY_fp(FILE *fp
, const EC_KEY
*eckey
)
423 return ASN1_i2d_fp_of(EC_KEY
, i2d_EC_PUBKEY
, fp
, eckey
);
426 EC_KEY
*d2i_ECPrivateKey_fp(FILE *fp
, EC_KEY
**eckey
)
428 return ASN1_d2i_fp_of(EC_KEY
, EC_KEY_new
, d2i_ECPrivateKey
, fp
, eckey
);
431 int i2d_ECPrivateKey_fp(FILE *fp
, const EC_KEY
*eckey
)
433 return ASN1_i2d_fp_of(EC_KEY
, i2d_ECPrivateKey
, fp
, eckey
);
436 EC_KEY
*d2i_EC_PUBKEY_bio(BIO
*bp
, EC_KEY
**eckey
)
438 return ASN1_d2i_bio_of(EC_KEY
, EC_KEY_new
, d2i_EC_PUBKEY
, bp
, eckey
);
441 int i2d_EC_PUBKEY_bio(BIO
*bp
, const EC_KEY
*ecdsa
)
443 return ASN1_i2d_bio_of(EC_KEY
, i2d_EC_PUBKEY
, bp
, ecdsa
);
446 EC_KEY
*d2i_ECPrivateKey_bio(BIO
*bp
, EC_KEY
**eckey
)
448 return ASN1_d2i_bio_of(EC_KEY
, EC_KEY_new
, d2i_ECPrivateKey
, bp
, eckey
);
451 int i2d_ECPrivateKey_bio(BIO
*bp
, const EC_KEY
*eckey
)
453 return ASN1_i2d_bio_of(EC_KEY
, i2d_ECPrivateKey
, bp
, eckey
);
457 int X509_pubkey_digest(const X509
*data
, const EVP_MD
*type
,
458 unsigned char *md
, unsigned int *len
)
460 ASN1_BIT_STRING
*key
= X509_get0_pubkey_bitstr(data
);
464 return EVP_Digest(key
->data
, key
->length
, md
, len
, type
, NULL
);
467 int X509_digest(const X509
*cert
, const EVP_MD
*md
, unsigned char *data
,
470 if (EVP_MD_is_a(md
, SN_sha1
) && (cert
->ex_flags
& EXFLAG_SET
) != 0
471 && (cert
->ex_flags
& EXFLAG_NO_FINGERPRINT
) == 0) {
472 /* Asking for SHA1 and we already computed it. */
474 *len
= sizeof(cert
->sha1_hash
);
475 memcpy(data
, cert
->sha1_hash
, sizeof(cert
->sha1_hash
));
478 return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509
), md
, (char *)cert
,
479 data
, len
, cert
->libctx
, cert
->propq
);
482 /* calculate cert digest using the same hash algorithm as in its signature */
483 ASN1_OCTET_STRING
*X509_digest_sig(const X509
*cert
,
484 EVP_MD
**md_used
, int *md_is_fallback
)
487 unsigned char hash
[EVP_MAX_MD_SIZE
];
491 ASN1_OCTET_STRING
*new;
495 if (md_is_fallback
!= NULL
)
499 ERR_raise(ERR_LIB_X509
, ERR_R_PASSED_NULL_PARAMETER
);
503 if (!OBJ_find_sigid_algs(X509_get_signature_nid(cert
), &mdnid
, &pknid
)) {
504 ERR_raise(ERR_LIB_X509
, X509_R_UNKNOWN_SIGID_ALGS
);
508 if (mdnid
== NID_undef
) {
509 if (pknid
== EVP_PKEY_RSA_PSS
) {
510 RSA_PSS_PARAMS
*pss
= ossl_rsa_pss_decode(&cert
->sig_alg
);
511 const EVP_MD
*mgf1md
, *mmd
= NULL
;
512 int saltlen
, trailerfield
;
515 || !ossl_rsa_pss_get_param_unverified(pss
, &mmd
, &mgf1md
,
519 RSA_PSS_PARAMS_free(pss
);
520 ERR_raise(ERR_LIB_X509
, X509_R_UNSUPPORTED_ALGORITHM
);
523 RSA_PSS_PARAMS_free(pss
);
524 /* Fetch explicitly and do not fallback */
525 if ((md
= EVP_MD_fetch(cert
->libctx
, EVP_MD_get0_name(mmd
),
526 cert
->propq
)) == NULL
)
527 /* Error code from fetch is sufficient */
529 } else if (pknid
!= NID_undef
) {
530 /* A known algorithm, but without a digest */
532 case NID_ED25519
: /* Follow CMS default given in RFC8419 */
535 case NID_ED448
: /* Follow CMS default given in RFC8419 */
536 md_name
= "SHAKE256";
538 default: /* Fall back to SHA-256 */
542 if ((md
= EVP_MD_fetch(cert
->libctx
, md_name
,
543 cert
->propq
)) == NULL
)
545 if (md_is_fallback
!= NULL
)
548 /* A completely unknown algorithm */
549 ERR_raise(ERR_LIB_X509
, X509_R_UNSUPPORTED_ALGORITHM
);
552 } else if ((md
= EVP_MD_fetch(cert
->libctx
, OBJ_nid2sn(mdnid
),
553 cert
->propq
)) == NULL
554 && (md
= (EVP_MD
*)EVP_get_digestbynid(mdnid
)) == NULL
) {
555 ERR_raise(ERR_LIB_X509
, X509_R_UNSUPPORTED_ALGORITHM
);
558 if (!X509_digest(cert
, md
, hash
, &len
)
559 || (new = ASN1_OCTET_STRING_new()) == NULL
)
561 if (ASN1_OCTET_STRING_set(new, hash
, len
)) {
568 ASN1_OCTET_STRING_free(new);
574 int X509_CRL_digest(const X509_CRL
*data
, const EVP_MD
*type
,
575 unsigned char *md
, unsigned int *len
)
578 ERR_raise(ERR_LIB_X509
, ERR_R_PASSED_NULL_PARAMETER
);
581 if (EVP_MD_is_a(type
, SN_sha1
)
582 && (data
->flags
& EXFLAG_SET
) != 0
583 && (data
->flags
& EXFLAG_NO_FINGERPRINT
) == 0) {
584 /* Asking for SHA1; always computed in CRL d2i. */
586 *len
= sizeof(data
->sha1_hash
);
587 memcpy(md
, data
->sha1_hash
, sizeof(data
->sha1_hash
));
591 ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_CRL
), type
, (char *)data
,
592 md
, len
, data
->libctx
, data
->propq
);
595 int X509_REQ_digest(const X509_REQ
*data
, const EVP_MD
*type
,
596 unsigned char *md
, unsigned int *len
)
599 ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_REQ
), type
, (char *)data
,
600 md
, len
, data
->libctx
, data
->propq
);
603 int X509_NAME_digest(const X509_NAME
*data
, const EVP_MD
*type
,
604 unsigned char *md
, unsigned int *len
)
606 return ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME
), type
, (char *)data
,
610 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL
*data
,
611 const EVP_MD
*type
, unsigned char *md
,
614 return ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL
), type
,
615 (char *)data
, md
, len
);
618 #ifndef OPENSSL_NO_STDIO
619 X509_SIG
*d2i_PKCS8_fp(FILE *fp
, X509_SIG
**p8
)
621 return ASN1_d2i_fp_of(X509_SIG
, X509_SIG_new
, d2i_X509_SIG
, fp
, p8
);
624 int i2d_PKCS8_fp(FILE *fp
, const X509_SIG
*p8
)
626 return ASN1_i2d_fp_of(X509_SIG
, i2d_X509_SIG
, fp
, p8
);
630 X509_SIG
*d2i_PKCS8_bio(BIO
*bp
, X509_SIG
**p8
)
632 return ASN1_d2i_bio_of(X509_SIG
, X509_SIG_new
, d2i_X509_SIG
, bp
, p8
);
635 int i2d_PKCS8_bio(BIO
*bp
, const X509_SIG
*p8
)
637 return ASN1_i2d_bio_of(X509_SIG
, i2d_X509_SIG
, bp
, p8
);
640 #ifndef OPENSSL_NO_STDIO
641 X509_PUBKEY
*d2i_X509_PUBKEY_fp(FILE *fp
, X509_PUBKEY
**xpk
)
643 return ASN1_d2i_fp_of(X509_PUBKEY
, X509_PUBKEY_new
, d2i_X509_PUBKEY
,
647 int i2d_X509_PUBKEY_fp(FILE *fp
, const X509_PUBKEY
*xpk
)
649 return ASN1_i2d_fp_of(X509_PUBKEY
, i2d_X509_PUBKEY
, fp
, xpk
);
653 X509_PUBKEY
*d2i_X509_PUBKEY_bio(BIO
*bp
, X509_PUBKEY
**xpk
)
655 return ASN1_d2i_bio_of(X509_PUBKEY
, X509_PUBKEY_new
, d2i_X509_PUBKEY
,
659 int i2d_X509_PUBKEY_bio(BIO
*bp
, const X509_PUBKEY
*xpk
)
661 return ASN1_i2d_bio_of(X509_PUBKEY
, i2d_X509_PUBKEY
, bp
, xpk
);
664 #ifndef OPENSSL_NO_STDIO
665 PKCS8_PRIV_KEY_INFO
*d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp
,
666 PKCS8_PRIV_KEY_INFO
**p8inf
)
668 return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO
, PKCS8_PRIV_KEY_INFO_new
,
669 d2i_PKCS8_PRIV_KEY_INFO
, fp
, p8inf
);
672 int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp
, const PKCS8_PRIV_KEY_INFO
*p8inf
)
674 return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO
, i2d_PKCS8_PRIV_KEY_INFO
, fp
,
678 int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp
, const EVP_PKEY
*key
)
680 PKCS8_PRIV_KEY_INFO
*p8inf
;
683 p8inf
= EVP_PKEY2PKCS8(key
);
686 ret
= i2d_PKCS8_PRIV_KEY_INFO_fp(fp
, p8inf
);
687 PKCS8_PRIV_KEY_INFO_free(p8inf
);
691 int i2d_PrivateKey_fp(FILE *fp
, const EVP_PKEY
*pkey
)
693 return ASN1_i2d_fp_of(EVP_PKEY
, i2d_PrivateKey
, fp
, pkey
);
696 EVP_PKEY
*d2i_PrivateKey_fp(FILE *fp
, EVP_PKEY
**a
)
698 return ASN1_d2i_fp_of(EVP_PKEY
, EVP_PKEY_new
, d2i_AutoPrivateKey
, fp
, a
);
701 EVP_PKEY
*d2i_PrivateKey_ex_fp(FILE *fp
, EVP_PKEY
**a
, OSSL_LIB_CTX
*libctx
,
707 if ((b
= BIO_new(BIO_s_file())) == NULL
) {
708 ERR_raise(ERR_LIB_X509
, ERR_R_BUF_LIB
);
711 BIO_set_fp(b
, fp
, BIO_NOCLOSE
);
712 ret
= d2i_PrivateKey_ex_bio(b
, a
, libctx
, propq
);
717 int i2d_PUBKEY_fp(FILE *fp
, const EVP_PKEY
*pkey
)
719 return ASN1_i2d_fp_of(EVP_PKEY
, i2d_PUBKEY
, fp
, pkey
);
722 EVP_PKEY
*d2i_PUBKEY_ex_fp(FILE *fp
, EVP_PKEY
**a
, OSSL_LIB_CTX
*libctx
,
728 if ((b
= BIO_new(BIO_s_file())) == NULL
) {
729 ERR_raise(ERR_LIB_X509
, ERR_R_BUF_LIB
);
732 BIO_set_fp(b
, fp
, BIO_NOCLOSE
);
733 ret
= d2i_PUBKEY_ex_bio(b
, a
, libctx
, propq
);
738 EVP_PKEY
*d2i_PUBKEY_fp(FILE *fp
, EVP_PKEY
**a
)
740 return ASN1_d2i_fp_of(EVP_PKEY
, EVP_PKEY_new
, d2i_PUBKEY
, fp
, a
);
745 PKCS8_PRIV_KEY_INFO
*d2i_PKCS8_PRIV_KEY_INFO_bio(BIO
*bp
,
746 PKCS8_PRIV_KEY_INFO
**p8inf
)
748 return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO
, PKCS8_PRIV_KEY_INFO_new
,
749 d2i_PKCS8_PRIV_KEY_INFO
, bp
, p8inf
);
752 int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO
*bp
, const PKCS8_PRIV_KEY_INFO
*p8inf
)
754 return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO
, i2d_PKCS8_PRIV_KEY_INFO
, bp
,
758 int i2d_PKCS8PrivateKeyInfo_bio(BIO
*bp
, const EVP_PKEY
*key
)
760 PKCS8_PRIV_KEY_INFO
*p8inf
;
763 p8inf
= EVP_PKEY2PKCS8(key
);
766 ret
= i2d_PKCS8_PRIV_KEY_INFO_bio(bp
, p8inf
);
767 PKCS8_PRIV_KEY_INFO_free(p8inf
);
771 int i2d_PrivateKey_bio(BIO
*bp
, const EVP_PKEY
*pkey
)
773 return ASN1_i2d_bio_of(EVP_PKEY
, i2d_PrivateKey
, bp
, pkey
);
776 EVP_PKEY
*d2i_PrivateKey_bio(BIO
*bp
, EVP_PKEY
**a
)
778 return ASN1_d2i_bio_of(EVP_PKEY
, EVP_PKEY_new
, d2i_AutoPrivateKey
, bp
, a
);
781 EVP_PKEY
*d2i_PrivateKey_ex_bio(BIO
*bp
, EVP_PKEY
**a
, OSSL_LIB_CTX
*libctx
,
785 const unsigned char *p
;
789 len
= asn1_d2i_read_bio(bp
, &b
);
793 p
= (unsigned char *)b
->data
;
794 ret
= d2i_AutoPrivateKey_ex(a
, &p
, len
, libctx
, propq
);
800 int i2d_PUBKEY_bio(BIO
*bp
, const EVP_PKEY
*pkey
)
802 return ASN1_i2d_bio_of(EVP_PKEY
, i2d_PUBKEY
, bp
, pkey
);
805 EVP_PKEY
*d2i_PUBKEY_ex_bio(BIO
*bp
, EVP_PKEY
**a
, OSSL_LIB_CTX
*libctx
,
809 const unsigned char *p
;
813 len
= asn1_d2i_read_bio(bp
, &b
);
817 p
= (unsigned char *)b
->data
;
818 ret
= d2i_PUBKEY_ex(a
, &p
, len
, libctx
, propq
);
824 EVP_PKEY
*d2i_PUBKEY_bio(BIO
*bp
, EVP_PKEY
**a
)
826 return ASN1_d2i_bio_of(EVP_PKEY
, EVP_PKEY_new
, d2i_PUBKEY
, bp
, a
);
829 #ifndef OPENSSL_NO_STDIO
830 X509_ACERT
*d2i_X509_ACERT_fp(FILE *fp
, X509_ACERT
**acert
)
832 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_ACERT
), fp
, acert
);
835 int i2d_X509_ACERT_fp(FILE *fp
, const X509_ACERT
*acert
)
837 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_ACERT
), fp
, acert
);
841 X509_ACERT
*d2i_X509_ACERT_bio(BIO
*bp
, X509_ACERT
**acert
)
843 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_ACERT
), bp
, acert
);
846 int i2d_X509_ACERT_bio(BIO
*bp
, const X509_ACERT
*acert
)
848 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_ACERT
), bp
, acert
);