]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/x509/x_all.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add RFC 5755 attribute certificate support
[thirdparty/openssl.git] / crypto / x509 / x_all.c
1 /*
2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * Low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <stdio.h>
17 #include "internal/cryptlib.h"
18 #include <openssl/buffer.h>
19 #include <openssl/asn1.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/http.h>
23 #include <openssl/rsa.h>
24 #include <openssl/dsa.h>
25 #include <openssl/x509v3.h>
26 #include "internal/asn1.h"
27 #include "crypto/pkcs7.h"
28 #include "crypto/x509.h"
29 #include "crypto/x509_acert.h"
30 #include "crypto/rsa.h"
31
32 int X509_verify(X509 *a, EVP_PKEY *r)
33 {
34 if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature) != 0)
35 return 0;
36
37 return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
38 &a->signature, &a->cert_info,
39 a->distinguishing_id, r, a->libctx, a->propq);
40 }
41
42 int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OSSL_LIB_CTX *libctx,
43 const char *propq)
44 {
45 return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &a->sig_alg,
46 a->signature, &a->req_info, a->distinguishing_id,
47 r, libctx, propq);
48 }
49
50 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
51 {
52 return X509_REQ_verify_ex(a, r, NULL, NULL);
53 }
54
55 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
56 {
57 return ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
58 &a->sig_algor, a->signature, a->spkac, r);
59 }
60
61 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
62 {
63 if (x == NULL) {
64 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
65 return 0;
66 }
67 if (sk_X509_EXTENSION_num(X509_get0_extensions(x)) > 0
68 && !X509_set_version(x, X509_VERSION_3))
69 return 0;
70
71 /*
72 * Setting the modified flag before signing it. This makes the cached
73 * encoding to be ignored, so even if the certificate fields have changed,
74 * they are signed correctly.
75 * The X509_sign_ctx, X509_REQ_sign{,_ctx}, X509_CRL_sign{,_ctx} functions
76 * which exist below are the same.
77 */
78 x->cert_info.enc.modified = 1;
79 return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
80 &x->sig_alg, &x->signature, &x->cert_info, NULL,
81 pkey, md, x->libctx, x->propq);
82 }
83
84 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
85 {
86 if (x == NULL) {
87 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
88 return 0;
89 }
90 if (sk_X509_EXTENSION_num(X509_get0_extensions(x)) > 0
91 && !X509_set_version(x, X509_VERSION_3))
92 return 0;
93 x->cert_info.enc.modified = 1;
94 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
95 &x->cert_info.signature,
96 &x->sig_alg, &x->signature, &x->cert_info, ctx);
97 }
98
99 static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
100 int timeout, const ASN1_ITEM *it)
101 {
102 #ifndef OPENSSL_NO_HTTP
103 BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */,
104 bio, rbio, NULL /* cb */, NULL /* arg */,
105 1024 /* buf_size */, NULL /* headers */,
106 NULL /* expected_ct */, 1 /* expect_asn1 */,
107 OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout);
108 ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL);
109
110 BIO_free(mem);
111 return res;
112 #else
113 return 0;
114 #endif
115 }
116
117 X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout)
118 {
119 return (X509 *)simple_get_asn1(url, bio, rbio, timeout,
120 ASN1_ITEM_rptr(X509));
121 }
122
123 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
124 {
125 if (x == NULL) {
126 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
127 return 0;
128 }
129 x->req_info.enc.modified = 1;
130 return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
131 x->signature, &x->req_info, NULL,
132 pkey, md, x->libctx, x->propq);
133 }
134
135 int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
136 {
137 if (x == NULL) {
138 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
139 return 0;
140 }
141 x->req_info.enc.modified = 1;
142 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
143 &x->sig_alg, NULL, x->signature, &x->req_info,
144 ctx);
145 }
146
147 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
148 {
149 if (x == NULL) {
150 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
151 return 0;
152 }
153 x->crl.enc.modified = 1;
154 return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
155 &x->sig_alg, &x->signature, &x->crl, NULL,
156 pkey, md, x->libctx, x->propq);
157 }
158
159 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
160 {
161 if (x == NULL) {
162 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
163 return 0;
164 }
165 x->crl.enc.modified = 1;
166 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
167 &x->crl.sig_alg, &x->sig_alg, &x->signature,
168 &x->crl, ctx);
169 }
170
171 X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout)
172 {
173 return (X509_CRL *)simple_get_asn1(url, bio, rbio, timeout,
174 ASN1_ITEM_rptr(X509_CRL));
175 }
176
177 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
178 {
179 return
180 ASN1_item_sign_ex(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL,
181 x->signature, x->spkac, NULL, pkey, md, NULL, NULL);
182 }
183
184 #ifndef OPENSSL_NO_STDIO
185 X509 *d2i_X509_fp(FILE *fp, X509 **x509)
186 {
187 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
188 }
189
190 int i2d_X509_fp(FILE *fp, const X509 *x509)
191 {
192 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
193 }
194 #endif
195
196 X509 *d2i_X509_bio(BIO *bp, X509 **x509)
197 {
198 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
199 }
200
201 int i2d_X509_bio(BIO *bp, const X509 *x509)
202 {
203 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
204 }
205
206 #ifndef OPENSSL_NO_STDIO
207 X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
208 {
209 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
210 }
211
212 int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl)
213 {
214 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
215 }
216 #endif
217
218 X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
219 {
220 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
221 }
222
223 int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl)
224 {
225 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
226 }
227
228 #ifndef OPENSSL_NO_STDIO
229 PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
230 {
231 PKCS7 *ret;
232 OSSL_LIB_CTX *libctx = NULL;
233 const char *propq = NULL;
234
235 if (p7 != NULL && *p7 != NULL) {
236 libctx = (*p7)->ctx.libctx;
237 propq = (*p7)->ctx.propq;
238 }
239
240 ret = ASN1_item_d2i_fp_ex(ASN1_ITEM_rptr(PKCS7), fp, p7, libctx, propq);
241 if (ret != NULL)
242 ossl_pkcs7_resolve_libctx(ret);
243 return ret;
244 }
245
246 int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7)
247 {
248 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
249 }
250 #endif
251
252 PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
253 {
254 PKCS7 *ret;
255 OSSL_LIB_CTX *libctx = NULL;
256 const char *propq = NULL;
257
258 if (p7 != NULL && *p7 != NULL) {
259 libctx = (*p7)->ctx.libctx;
260 propq = (*p7)->ctx.propq;
261 }
262
263 ret = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(PKCS7), bp, p7, libctx, propq);
264 if (ret != NULL)
265 ossl_pkcs7_resolve_libctx(ret);
266 return ret;
267 }
268
269 int i2d_PKCS7_bio(BIO *bp, const PKCS7 *p7)
270 {
271 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
272 }
273
274 #ifndef OPENSSL_NO_STDIO
275 X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
276 {
277 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
278 }
279
280 int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req)
281 {
282 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
283 }
284 #endif
285
286 X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
287 {
288 OSSL_LIB_CTX *libctx = NULL;
289 const char *propq = NULL;
290
291 if (req != NULL && *req != NULL) {
292 libctx = (*req)->libctx;
293 propq = (*req)->propq;
294 }
295
296 return
297 ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(X509_REQ), bp, req, libctx, propq);
298 }
299
300 int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req)
301 {
302 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
303 }
304
305 #ifndef OPENSSL_NO_STDIO
306 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
307 {
308 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
309 }
310
311 int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa)
312 {
313 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
314 }
315
316 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
317 {
318 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
319 }
320
321 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
322 {
323 return ASN1_d2i_fp((void *(*)(void))
324 RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp,
325 (void **)rsa);
326 }
327
328 int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa)
329 {
330 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
331 }
332
333 int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa)
334 {
335 return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
336 }
337 #endif
338
339 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
340 {
341 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
342 }
343
344 int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa)
345 {
346 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
347 }
348
349 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
350 {
351 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
352 }
353
354 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
355 {
356 return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
357 }
358
359 int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa)
360 {
361 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
362 }
363
364 int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa)
365 {
366 return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
367 }
368
369 #ifndef OPENSSL_NO_DSA
370 # ifndef OPENSSL_NO_STDIO
371 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
372 {
373 return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
374 }
375
376 int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa)
377 {
378 return ASN1_i2d_fp_of(DSA, i2d_DSAPrivateKey, fp, dsa);
379 }
380
381 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
382 {
383 return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
384 }
385
386 int i2d_DSA_PUBKEY_fp(FILE *fp, const DSA *dsa)
387 {
388 return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
389 }
390 # endif
391
392 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
393 {
394 return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
395 }
396
397 int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa)
398 {
399 return ASN1_i2d_bio_of(DSA, i2d_DSAPrivateKey, bp, dsa);
400 }
401
402 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
403 {
404 return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
405 }
406
407 int i2d_DSA_PUBKEY_bio(BIO *bp, const DSA *dsa)
408 {
409 return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
410 }
411
412 #endif
413
414 #ifndef OPENSSL_NO_EC
415 # ifndef OPENSSL_NO_STDIO
416 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
417 {
418 return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
419 }
420
421 int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey)
422 {
423 return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
424 }
425
426 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
427 {
428 return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
429 }
430
431 int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey)
432 {
433 return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
434 }
435 # endif
436 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
437 {
438 return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
439 }
440
441 int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *ecdsa)
442 {
443 return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
444 }
445
446 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
447 {
448 return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
449 }
450
451 int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey)
452 {
453 return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
454 }
455 #endif
456
457 int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
458 unsigned char *md, unsigned int *len)
459 {
460 ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(data);
461
462 if (key == NULL)
463 return 0;
464 return EVP_Digest(key->data, key->length, md, len, type, NULL);
465 }
466
467 int X509_digest(const X509 *cert, const EVP_MD *md, unsigned char *data,
468 unsigned int *len)
469 {
470 if (EVP_MD_is_a(md, SN_sha1) && (cert->ex_flags & EXFLAG_SET) != 0
471 && (cert->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) {
472 /* Asking for SHA1 and we already computed it. */
473 if (len != NULL)
474 *len = sizeof(cert->sha1_hash);
475 memcpy(data, cert->sha1_hash, sizeof(cert->sha1_hash));
476 return 1;
477 }
478 return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509), md, (char *)cert,
479 data, len, cert->libctx, cert->propq);
480 }
481
482 /* calculate cert digest using the same hash algorithm as in its signature */
483 ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert,
484 EVP_MD **md_used, int *md_is_fallback)
485 {
486 unsigned int len;
487 unsigned char hash[EVP_MAX_MD_SIZE];
488 int mdnid, pknid;
489 EVP_MD *md = NULL;
490 const char *md_name;
491 ASN1_OCTET_STRING *new;
492
493 if (md_used != NULL)
494 *md_used = NULL;
495 if (md_is_fallback != NULL)
496 *md_is_fallback = 0;
497
498 if (cert == NULL) {
499 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
500 return NULL;
501 }
502
503 if (!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &mdnid, &pknid)) {
504 ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_SIGID_ALGS);
505 return NULL;
506 }
507
508 if (mdnid == NID_undef) {
509 if (pknid == EVP_PKEY_RSA_PSS) {
510 RSA_PSS_PARAMS *pss = ossl_rsa_pss_decode(&cert->sig_alg);
511 const EVP_MD *mgf1md, *mmd = NULL;
512 int saltlen, trailerfield;
513
514 if (pss == NULL
515 || !ossl_rsa_pss_get_param_unverified(pss, &mmd, &mgf1md,
516 &saltlen,
517 &trailerfield)
518 || mmd == NULL) {
519 RSA_PSS_PARAMS_free(pss);
520 ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
521 return NULL;
522 }
523 RSA_PSS_PARAMS_free(pss);
524 /* Fetch explicitly and do not fallback */
525 if ((md = EVP_MD_fetch(cert->libctx, EVP_MD_get0_name(mmd),
526 cert->propq)) == NULL)
527 /* Error code from fetch is sufficient */
528 return NULL;
529 } else if (pknid != NID_undef) {
530 /* A known algorithm, but without a digest */
531 switch (pknid) {
532 case NID_ED25519: /* Follow CMS default given in RFC8419 */
533 md_name = "SHA512";
534 break;
535 case NID_ED448: /* Follow CMS default given in RFC8419 */
536 md_name = "SHAKE256";
537 break;
538 default: /* Fall back to SHA-256 */
539 md_name = "SHA256";
540 break;
541 }
542 if ((md = EVP_MD_fetch(cert->libctx, md_name,
543 cert->propq)) == NULL)
544 return NULL;
545 if (md_is_fallback != NULL)
546 *md_is_fallback = 1;
547 } else {
548 /* A completely unknown algorithm */
549 ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
550 return NULL;
551 }
552 } else if ((md = EVP_MD_fetch(cert->libctx, OBJ_nid2sn(mdnid),
553 cert->propq)) == NULL
554 && (md = (EVP_MD *)EVP_get_digestbynid(mdnid)) == NULL) {
555 ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
556 return NULL;
557 }
558 if (!X509_digest(cert, md, hash, &len)
559 || (new = ASN1_OCTET_STRING_new()) == NULL)
560 goto err;
561 if (ASN1_OCTET_STRING_set(new, hash, len)) {
562 if (md_used != NULL)
563 *md_used = md;
564 else
565 EVP_MD_free(md);
566 return new;
567 }
568 ASN1_OCTET_STRING_free(new);
569 err:
570 EVP_MD_free(md);
571 return NULL;
572 }
573
574 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
575 unsigned char *md, unsigned int *len)
576 {
577 if (type == NULL) {
578 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
579 return 0;
580 }
581 if (EVP_MD_is_a(type, SN_sha1)
582 && (data->flags & EXFLAG_SET) != 0
583 && (data->flags & EXFLAG_NO_FINGERPRINT) == 0) {
584 /* Asking for SHA1; always computed in CRL d2i. */
585 if (len != NULL)
586 *len = sizeof(data->sha1_hash);
587 memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
588 return 1;
589 }
590 return
591 ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_CRL), type, (char *)data,
592 md, len, data->libctx, data->propq);
593 }
594
595 int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
596 unsigned char *md, unsigned int *len)
597 {
598 return
599 ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_REQ), type, (char *)data,
600 md, len, data->libctx, data->propq);
601 }
602
603 int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
604 unsigned char *md, unsigned int *len)
605 {
606 return ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME), type, (char *)data,
607 md, len);
608 }
609
610 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
611 const EVP_MD *type, unsigned char *md,
612 unsigned int *len)
613 {
614 return ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
615 (char *)data, md, len);
616 }
617
618 #ifndef OPENSSL_NO_STDIO
619 X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
620 {
621 return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
622 }
623
624 int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8)
625 {
626 return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
627 }
628 #endif
629
630 X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
631 {
632 return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
633 }
634
635 int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8)
636 {
637 return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
638 }
639
640 #ifndef OPENSSL_NO_STDIO
641 X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk)
642 {
643 return ASN1_d2i_fp_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY,
644 fp, xpk);
645 }
646
647 int i2d_X509_PUBKEY_fp(FILE *fp, const X509_PUBKEY *xpk)
648 {
649 return ASN1_i2d_fp_of(X509_PUBKEY, i2d_X509_PUBKEY, fp, xpk);
650 }
651 #endif
652
653 X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk)
654 {
655 return ASN1_d2i_bio_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY,
656 bp, xpk);
657 }
658
659 int i2d_X509_PUBKEY_bio(BIO *bp, const X509_PUBKEY *xpk)
660 {
661 return ASN1_i2d_bio_of(X509_PUBKEY, i2d_X509_PUBKEY, bp, xpk);
662 }
663
664 #ifndef OPENSSL_NO_STDIO
665 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
666 PKCS8_PRIV_KEY_INFO **p8inf)
667 {
668 return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
669 d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
670 }
671
672 int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf)
673 {
674 return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp,
675 p8inf);
676 }
677
678 int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key)
679 {
680 PKCS8_PRIV_KEY_INFO *p8inf;
681 int ret;
682
683 p8inf = EVP_PKEY2PKCS8(key);
684 if (p8inf == NULL)
685 return 0;
686 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
687 PKCS8_PRIV_KEY_INFO_free(p8inf);
688 return ret;
689 }
690
691 int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey)
692 {
693 return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
694 }
695
696 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
697 {
698 return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
699 }
700
701 EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
702 const char *propq)
703 {
704 BIO *b;
705 void *ret;
706
707 if ((b = BIO_new(BIO_s_file())) == NULL) {
708 ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB);
709 return NULL;
710 }
711 BIO_set_fp(b, fp, BIO_NOCLOSE);
712 ret = d2i_PrivateKey_ex_bio(b, a, libctx, propq);
713 BIO_free(b);
714 return ret;
715 }
716
717 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey)
718 {
719 return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
720 }
721
722 EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
723 const char *propq)
724 {
725 BIO *b;
726 void *ret;
727
728 if ((b = BIO_new(BIO_s_file())) == NULL) {
729 ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB);
730 return NULL;
731 }
732 BIO_set_fp(b, fp, BIO_NOCLOSE);
733 ret = d2i_PUBKEY_ex_bio(b, a, libctx, propq);
734 BIO_free(b);
735 return ret;
736 }
737
738 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
739 {
740 return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
741 }
742
743 #endif
744
745 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
746 PKCS8_PRIV_KEY_INFO **p8inf)
747 {
748 return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
749 d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
750 }
751
752 int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf)
753 {
754 return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp,
755 p8inf);
756 }
757
758 int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key)
759 {
760 PKCS8_PRIV_KEY_INFO *p8inf;
761 int ret;
762
763 p8inf = EVP_PKEY2PKCS8(key);
764 if (p8inf == NULL)
765 return 0;
766 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
767 PKCS8_PRIV_KEY_INFO_free(p8inf);
768 return ret;
769 }
770
771 int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey)
772 {
773 return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
774 }
775
776 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
777 {
778 return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
779 }
780
781 EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
782 const char *propq)
783 {
784 BUF_MEM *b = NULL;
785 const unsigned char *p;
786 void *ret = NULL;
787 int len;
788
789 len = asn1_d2i_read_bio(bp, &b);
790 if (len < 0)
791 goto err;
792
793 p = (unsigned char *)b->data;
794 ret = d2i_AutoPrivateKey_ex(a, &p, len, libctx, propq);
795 err:
796 BUF_MEM_free(b);
797 return ret;
798 }
799
800 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey)
801 {
802 return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
803 }
804
805 EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
806 const char *propq)
807 {
808 BUF_MEM *b = NULL;
809 const unsigned char *p;
810 void *ret = NULL;
811 int len;
812
813 len = asn1_d2i_read_bio(bp, &b);
814 if (len < 0)
815 goto err;
816
817 p = (unsigned char *)b->data;
818 ret = d2i_PUBKEY_ex(a, &p, len, libctx, propq);
819 err:
820 BUF_MEM_free(b);
821 return ret;
822 }
823
824 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
825 {
826 return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
827 }
828
829 #ifndef OPENSSL_NO_STDIO
830 X509_ACERT *d2i_X509_ACERT_fp(FILE *fp, X509_ACERT **acert)
831 {
832 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_ACERT), fp, acert);
833 }
834
835 int i2d_X509_ACERT_fp(FILE *fp, const X509_ACERT *acert)
836 {
837 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_ACERT), fp, acert);
838 }
839 #endif
840
841 X509_ACERT *d2i_X509_ACERT_bio(BIO *bp, X509_ACERT **acert)
842 {
843 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_ACERT), bp, acert);
844 }
845
846 int i2d_X509_ACERT_bio(BIO *bp, const X509_ACERT *acert)
847 {
848 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_ACERT), bp, acert);
849 }
A mirror of the official openssl repository