]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/x509/x_all.c
Fix error handling in x509v3_cache_extensions and related functions
[thirdparty/openssl.git] / crypto / x509 / x_all.c
1 /*
2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include <openssl/buffer.h>
13 #include <openssl/asn1.h>
14 #include <openssl/evp.h>
15 #include <openssl/x509.h>
16 #include "crypto/x509.h"
17 #include <openssl/ocsp.h>
18 #include <openssl/rsa.h>
19 #include <openssl/dsa.h>
20 #include <openssl/x509v3.h>
21
22 int X509_verify(X509 *a, EVP_PKEY *r)
23 {
24 if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature))
25 return 0;
26 return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
27 &a->signature, &a->cert_info, r));
28 }
29
30 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
31 {
32 return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
33 &a->sig_alg, a->signature, &a->req_info, r));
34 }
35
36 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
37 {
38 return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
39 &a->sig_algor, a->signature, a->spkac, r));
40 }
41
42 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
43 {
44 x->cert_info.enc.modified = 1;
45 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
46 &x->sig_alg, &x->signature, &x->cert_info, pkey,
47 md));
48 }
49
50 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
51 {
52 x->cert_info.enc.modified = 1;
53 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
54 &x->cert_info.signature,
55 &x->sig_alg, &x->signature, &x->cert_info, ctx);
56 }
57
58 #ifndef OPENSSL_NO_OCSP
59 int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
60 {
61 return OCSP_REQ_CTX_nbio_d2i(rctx,
62 (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509));
63 }
64 #endif
65
66 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
67 {
68 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
69 x->signature, &x->req_info, pkey, md));
70 }
71
72 int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
73 {
74 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
75 &x->sig_alg, NULL, x->signature, &x->req_info,
76 ctx);
77 }
78
79 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
80 {
81 x->crl.enc.modified = 1;
82 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
83 &x->sig_alg, &x->signature, &x->crl, pkey, md));
84 }
85
86 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
87 {
88 x->crl.enc.modified = 1;
89 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
90 &x->crl.sig_alg, &x->sig_alg, &x->signature,
91 &x->crl, ctx);
92 }
93
94 #ifndef OPENSSL_NO_OCSP
95 int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl)
96 {
97 return OCSP_REQ_CTX_nbio_d2i(rctx,
98 (ASN1_VALUE **)pcrl,
99 ASN1_ITEM_rptr(X509_CRL));
100 }
101 #endif
102
103 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
104 {
105 return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL,
106 x->signature, x->spkac, pkey, md));
107 }
108
109 #ifndef OPENSSL_NO_STDIO
110 X509 *d2i_X509_fp(FILE *fp, X509 **x509)
111 {
112 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
113 }
114
115 int i2d_X509_fp(FILE *fp, X509 *x509)
116 {
117 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
118 }
119 #endif
120
121 X509 *d2i_X509_bio(BIO *bp, X509 **x509)
122 {
123 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
124 }
125
126 int i2d_X509_bio(BIO *bp, X509 *x509)
127 {
128 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
129 }
130
131 #ifndef OPENSSL_NO_STDIO
132 X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
133 {
134 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
135 }
136
137 int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
138 {
139 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
140 }
141 #endif
142
143 X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
144 {
145 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
146 }
147
148 int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
149 {
150 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
151 }
152
153 #ifndef OPENSSL_NO_STDIO
154 PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
155 {
156 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
157 }
158
159 int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
160 {
161 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
162 }
163 #endif
164
165 PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
166 {
167 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
168 }
169
170 int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
171 {
172 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
173 }
174
175 #ifndef OPENSSL_NO_STDIO
176 X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
177 {
178 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
179 }
180
181 int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
182 {
183 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
184 }
185 #endif
186
187 X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
188 {
189 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
190 }
191
192 int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
193 {
194 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
195 }
196
197 #ifndef OPENSSL_NO_RSA
198
199 # ifndef OPENSSL_NO_STDIO
200 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
201 {
202 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
203 }
204
205 int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
206 {
207 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
208 }
209
210 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
211 {
212 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
213 }
214
215 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
216 {
217 return ASN1_d2i_fp((void *(*)(void))
218 RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp,
219 (void **)rsa);
220 }
221
222 int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
223 {
224 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
225 }
226
227 int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
228 {
229 return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
230 }
231 # endif
232
233 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
234 {
235 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
236 }
237
238 int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
239 {
240 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
241 }
242
243 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
244 {
245 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
246 }
247
248 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
249 {
250 return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
251 }
252
253 int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
254 {
255 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
256 }
257
258 int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
259 {
260 return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
261 }
262 #endif
263
264 #ifndef OPENSSL_NO_DSA
265 # ifndef OPENSSL_NO_STDIO
266 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
267 {
268 return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
269 }
270
271 int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
272 {
273 return ASN1_i2d_fp_of_const(DSA, i2d_DSAPrivateKey, fp, dsa);
274 }
275
276 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
277 {
278 return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
279 }
280
281 int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
282 {
283 return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
284 }
285 # endif
286
287 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
288 {
289 return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
290 }
291
292 int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
293 {
294 return ASN1_i2d_bio_of_const(DSA, i2d_DSAPrivateKey, bp, dsa);
295 }
296
297 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
298 {
299 return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
300 }
301
302 int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
303 {
304 return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
305 }
306
307 #endif
308
309 #ifndef OPENSSL_NO_EC
310 # ifndef OPENSSL_NO_STDIO
311 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
312 {
313 return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
314 }
315
316 int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
317 {
318 return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
319 }
320
321 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
322 {
323 return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
324 }
325
326 int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
327 {
328 return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
329 }
330 # endif
331 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
332 {
333 return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
334 }
335
336 int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
337 {
338 return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
339 }
340
341 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
342 {
343 return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
344 }
345
346 int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
347 {
348 return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
349 }
350 #endif
351
352 int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
353 unsigned char *md, unsigned int *len)
354 {
355 ASN1_BIT_STRING *key;
356 key = X509_get0_pubkey_bitstr(data);
357 if (!key)
358 return 0;
359 return EVP_Digest(key->data, key->length, md, len, type, NULL);
360 }
361
362 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
363 unsigned int *len)
364 {
365 if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0
366 && (data->ex_flags & EXFLAG_INVALID) == 0) {
367 /* Asking for SHA1 and we already computed it. */
368 if (len != NULL)
369 *len = sizeof(data->sha1_hash);
370 memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
371 return 1;
372 }
373 return (ASN1_item_digest
374 (ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
375 }
376
377 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
378 unsigned char *md, unsigned int *len)
379 {
380 if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0
381 && (data->flags & EXFLAG_INVALID) == 0) {
382 /* Asking for SHA1; always computed in CRL d2i. */
383 if (len != NULL)
384 *len = sizeof(data->sha1_hash);
385 memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
386 return 1;
387 }
388 return (ASN1_item_digest
389 (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
390 }
391
392 int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
393 unsigned char *md, unsigned int *len)
394 {
395 return (ASN1_item_digest
396 (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len));
397 }
398
399 int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
400 unsigned char *md, unsigned int *len)
401 {
402 return (ASN1_item_digest
403 (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len));
404 }
405
406 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
407 const EVP_MD *type, unsigned char *md,
408 unsigned int *len)
409 {
410 return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
411 (char *)data, md, len));
412 }
413
414 #ifndef OPENSSL_NO_STDIO
415 X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
416 {
417 return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
418 }
419
420 int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
421 {
422 return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
423 }
424 #endif
425
426 X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
427 {
428 return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
429 }
430
431 int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
432 {
433 return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
434 }
435
436 #ifndef OPENSSL_NO_STDIO
437 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
438 PKCS8_PRIV_KEY_INFO **p8inf)
439 {
440 return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
441 d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
442 }
443
444 int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
445 {
446 return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp,
447 p8inf);
448 }
449
450 int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
451 {
452 PKCS8_PRIV_KEY_INFO *p8inf;
453 int ret;
454 p8inf = EVP_PKEY2PKCS8(key);
455 if (!p8inf)
456 return 0;
457 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
458 PKCS8_PRIV_KEY_INFO_free(p8inf);
459 return ret;
460 }
461
462 int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
463 {
464 return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
465 }
466
467 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
468 {
469 return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
470 }
471
472 int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
473 {
474 return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
475 }
476
477 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
478 {
479 return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
480 }
481
482 #endif
483
484 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
485 PKCS8_PRIV_KEY_INFO **p8inf)
486 {
487 return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
488 d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
489 }
490
491 int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
492 {
493 return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp,
494 p8inf);
495 }
496
497 int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
498 {
499 PKCS8_PRIV_KEY_INFO *p8inf;
500 int ret;
501 p8inf = EVP_PKEY2PKCS8(key);
502 if (!p8inf)
503 return 0;
504 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
505 PKCS8_PRIV_KEY_INFO_free(p8inf);
506 return ret;
507 }
508
509 int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
510 {
511 return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
512 }
513
514 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
515 {
516 return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
517 }
518
519 int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
520 {
521 return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
522 }
523
524 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
525 {
526 return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
527 }