]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/x509/x_all.c
2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/buffer.h>
13 #include <openssl/asn1.h>
14 #include <openssl/evp.h>
15 #include <openssl/x509.h>
16 #include "crypto/x509.h"
17 #include <openssl/ocsp.h>
18 #include <openssl/rsa.h>
19 #include <openssl/dsa.h>
20 #include <openssl/x509v3.h>
22 int X509_verify(X509
*a
, EVP_PKEY
*r
)
24 if (X509_ALGOR_cmp(&a
->sig_alg
, &a
->cert_info
.signature
))
26 return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF
), &a
->sig_alg
,
27 &a
->signature
, &a
->cert_info
, r
));
30 int X509_REQ_verify(X509_REQ
*a
, EVP_PKEY
*r
)
32 return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO
),
33 &a
->sig_alg
, a
->signature
, &a
->req_info
, r
));
36 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI
*a
, EVP_PKEY
*r
)
38 return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC
),
39 &a
->sig_algor
, a
->signature
, a
->spkac
, r
));
42 int X509_sign(X509
*x
, EVP_PKEY
*pkey
, const EVP_MD
*md
)
44 x
->cert_info
.enc
.modified
= 1;
45 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF
), &x
->cert_info
.signature
,
46 &x
->sig_alg
, &x
->signature
, &x
->cert_info
, pkey
,
50 int X509_sign_ctx(X509
*x
, EVP_MD_CTX
*ctx
)
52 x
->cert_info
.enc
.modified
= 1;
53 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF
),
54 &x
->cert_info
.signature
,
55 &x
->sig_alg
, &x
->signature
, &x
->cert_info
, ctx
);
58 #ifndef OPENSSL_NO_OCSP
59 int X509_http_nbio(OCSP_REQ_CTX
*rctx
, X509
**pcert
)
61 return OCSP_REQ_CTX_nbio_d2i(rctx
,
62 (ASN1_VALUE
**)pcert
, ASN1_ITEM_rptr(X509
));
66 int X509_REQ_sign(X509_REQ
*x
, EVP_PKEY
*pkey
, const EVP_MD
*md
)
68 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO
), &x
->sig_alg
, NULL
,
69 x
->signature
, &x
->req_info
, pkey
, md
));
72 int X509_REQ_sign_ctx(X509_REQ
*x
, EVP_MD_CTX
*ctx
)
74 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO
),
75 &x
->sig_alg
, NULL
, x
->signature
, &x
->req_info
,
79 int X509_CRL_sign(X509_CRL
*x
, EVP_PKEY
*pkey
, const EVP_MD
*md
)
81 x
->crl
.enc
.modified
= 1;
82 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO
), &x
->crl
.sig_alg
,
83 &x
->sig_alg
, &x
->signature
, &x
->crl
, pkey
, md
));
86 int X509_CRL_sign_ctx(X509_CRL
*x
, EVP_MD_CTX
*ctx
)
88 x
->crl
.enc
.modified
= 1;
89 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO
),
90 &x
->crl
.sig_alg
, &x
->sig_alg
, &x
->signature
,
94 #ifndef OPENSSL_NO_OCSP
95 int X509_CRL_http_nbio(OCSP_REQ_CTX
*rctx
, X509_CRL
**pcrl
)
97 return OCSP_REQ_CTX_nbio_d2i(rctx
,
99 ASN1_ITEM_rptr(X509_CRL
));
103 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI
*x
, EVP_PKEY
*pkey
, const EVP_MD
*md
)
105 return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC
), &x
->sig_algor
, NULL
,
106 x
->signature
, x
->spkac
, pkey
, md
));
109 #ifndef OPENSSL_NO_STDIO
110 X509
*d2i_X509_fp(FILE *fp
, X509
**x509
)
112 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509
), fp
, x509
);
115 int i2d_X509_fp(FILE *fp
, X509
*x509
)
117 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509
), fp
, x509
);
121 X509
*d2i_X509_bio(BIO
*bp
, X509
**x509
)
123 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509
), bp
, x509
);
126 int i2d_X509_bio(BIO
*bp
, X509
*x509
)
128 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509
), bp
, x509
);
131 #ifndef OPENSSL_NO_STDIO
132 X509_CRL
*d2i_X509_CRL_fp(FILE *fp
, X509_CRL
**crl
)
134 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL
), fp
, crl
);
137 int i2d_X509_CRL_fp(FILE *fp
, X509_CRL
*crl
)
139 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL
), fp
, crl
);
143 X509_CRL
*d2i_X509_CRL_bio(BIO
*bp
, X509_CRL
**crl
)
145 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL
), bp
, crl
);
148 int i2d_X509_CRL_bio(BIO
*bp
, X509_CRL
*crl
)
150 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL
), bp
, crl
);
153 #ifndef OPENSSL_NO_STDIO
154 PKCS7
*d2i_PKCS7_fp(FILE *fp
, PKCS7
**p7
)
156 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7
), fp
, p7
);
159 int i2d_PKCS7_fp(FILE *fp
, PKCS7
*p7
)
161 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7
), fp
, p7
);
165 PKCS7
*d2i_PKCS7_bio(BIO
*bp
, PKCS7
**p7
)
167 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7
), bp
, p7
);
170 int i2d_PKCS7_bio(BIO
*bp
, PKCS7
*p7
)
172 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7
), bp
, p7
);
175 #ifndef OPENSSL_NO_STDIO
176 X509_REQ
*d2i_X509_REQ_fp(FILE *fp
, X509_REQ
**req
)
178 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ
), fp
, req
);
181 int i2d_X509_REQ_fp(FILE *fp
, X509_REQ
*req
)
183 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ
), fp
, req
);
187 X509_REQ
*d2i_X509_REQ_bio(BIO
*bp
, X509_REQ
**req
)
189 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ
), bp
, req
);
192 int i2d_X509_REQ_bio(BIO
*bp
, X509_REQ
*req
)
194 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ
), bp
, req
);
197 #ifndef OPENSSL_NO_RSA
199 # ifndef OPENSSL_NO_STDIO
200 RSA
*d2i_RSAPrivateKey_fp(FILE *fp
, RSA
**rsa
)
202 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey
), fp
, rsa
);
205 int i2d_RSAPrivateKey_fp(FILE *fp
, RSA
*rsa
)
207 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey
), fp
, rsa
);
210 RSA
*d2i_RSAPublicKey_fp(FILE *fp
, RSA
**rsa
)
212 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey
), fp
, rsa
);
215 RSA
*d2i_RSA_PUBKEY_fp(FILE *fp
, RSA
**rsa
)
217 return ASN1_d2i_fp((void *(*)(void))
218 RSA_new
, (D2I_OF(void)) d2i_RSA_PUBKEY
, fp
,
222 int i2d_RSAPublicKey_fp(FILE *fp
, RSA
*rsa
)
224 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey
), fp
, rsa
);
227 int i2d_RSA_PUBKEY_fp(FILE *fp
, RSA
*rsa
)
229 return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY
, fp
, rsa
);
233 RSA
*d2i_RSAPrivateKey_bio(BIO
*bp
, RSA
**rsa
)
235 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey
), bp
, rsa
);
238 int i2d_RSAPrivateKey_bio(BIO
*bp
, RSA
*rsa
)
240 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey
), bp
, rsa
);
243 RSA
*d2i_RSAPublicKey_bio(BIO
*bp
, RSA
**rsa
)
245 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey
), bp
, rsa
);
248 RSA
*d2i_RSA_PUBKEY_bio(BIO
*bp
, RSA
**rsa
)
250 return ASN1_d2i_bio_of(RSA
, RSA_new
, d2i_RSA_PUBKEY
, bp
, rsa
);
253 int i2d_RSAPublicKey_bio(BIO
*bp
, RSA
*rsa
)
255 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey
), bp
, rsa
);
258 int i2d_RSA_PUBKEY_bio(BIO
*bp
, RSA
*rsa
)
260 return ASN1_i2d_bio_of(RSA
, i2d_RSA_PUBKEY
, bp
, rsa
);
264 #ifndef OPENSSL_NO_DSA
265 # ifndef OPENSSL_NO_STDIO
266 DSA
*d2i_DSAPrivateKey_fp(FILE *fp
, DSA
**dsa
)
268 return ASN1_d2i_fp_of(DSA
, DSA_new
, d2i_DSAPrivateKey
, fp
, dsa
);
271 int i2d_DSAPrivateKey_fp(FILE *fp
, DSA
*dsa
)
273 return ASN1_i2d_fp_of_const(DSA
, i2d_DSAPrivateKey
, fp
, dsa
);
276 DSA
*d2i_DSA_PUBKEY_fp(FILE *fp
, DSA
**dsa
)
278 return ASN1_d2i_fp_of(DSA
, DSA_new
, d2i_DSA_PUBKEY
, fp
, dsa
);
281 int i2d_DSA_PUBKEY_fp(FILE *fp
, DSA
*dsa
)
283 return ASN1_i2d_fp_of(DSA
, i2d_DSA_PUBKEY
, fp
, dsa
);
287 DSA
*d2i_DSAPrivateKey_bio(BIO
*bp
, DSA
**dsa
)
289 return ASN1_d2i_bio_of(DSA
, DSA_new
, d2i_DSAPrivateKey
, bp
, dsa
);
292 int i2d_DSAPrivateKey_bio(BIO
*bp
, DSA
*dsa
)
294 return ASN1_i2d_bio_of_const(DSA
, i2d_DSAPrivateKey
, bp
, dsa
);
297 DSA
*d2i_DSA_PUBKEY_bio(BIO
*bp
, DSA
**dsa
)
299 return ASN1_d2i_bio_of(DSA
, DSA_new
, d2i_DSA_PUBKEY
, bp
, dsa
);
302 int i2d_DSA_PUBKEY_bio(BIO
*bp
, DSA
*dsa
)
304 return ASN1_i2d_bio_of(DSA
, i2d_DSA_PUBKEY
, bp
, dsa
);
309 #ifndef OPENSSL_NO_EC
310 # ifndef OPENSSL_NO_STDIO
311 EC_KEY
*d2i_EC_PUBKEY_fp(FILE *fp
, EC_KEY
**eckey
)
313 return ASN1_d2i_fp_of(EC_KEY
, EC_KEY_new
, d2i_EC_PUBKEY
, fp
, eckey
);
316 int i2d_EC_PUBKEY_fp(FILE *fp
, EC_KEY
*eckey
)
318 return ASN1_i2d_fp_of(EC_KEY
, i2d_EC_PUBKEY
, fp
, eckey
);
321 EC_KEY
*d2i_ECPrivateKey_fp(FILE *fp
, EC_KEY
**eckey
)
323 return ASN1_d2i_fp_of(EC_KEY
, EC_KEY_new
, d2i_ECPrivateKey
, fp
, eckey
);
326 int i2d_ECPrivateKey_fp(FILE *fp
, EC_KEY
*eckey
)
328 return ASN1_i2d_fp_of(EC_KEY
, i2d_ECPrivateKey
, fp
, eckey
);
331 EC_KEY
*d2i_EC_PUBKEY_bio(BIO
*bp
, EC_KEY
**eckey
)
333 return ASN1_d2i_bio_of(EC_KEY
, EC_KEY_new
, d2i_EC_PUBKEY
, bp
, eckey
);
336 int i2d_EC_PUBKEY_bio(BIO
*bp
, EC_KEY
*ecdsa
)
338 return ASN1_i2d_bio_of(EC_KEY
, i2d_EC_PUBKEY
, bp
, ecdsa
);
341 EC_KEY
*d2i_ECPrivateKey_bio(BIO
*bp
, EC_KEY
**eckey
)
343 return ASN1_d2i_bio_of(EC_KEY
, EC_KEY_new
, d2i_ECPrivateKey
, bp
, eckey
);
346 int i2d_ECPrivateKey_bio(BIO
*bp
, EC_KEY
*eckey
)
348 return ASN1_i2d_bio_of(EC_KEY
, i2d_ECPrivateKey
, bp
, eckey
);
352 int X509_pubkey_digest(const X509
*data
, const EVP_MD
*type
,
353 unsigned char *md
, unsigned int *len
)
355 ASN1_BIT_STRING
*key
;
356 key
= X509_get0_pubkey_bitstr(data
);
359 return EVP_Digest(key
->data
, key
->length
, md
, len
, type
, NULL
);
362 int X509_digest(const X509
*data
, const EVP_MD
*type
, unsigned char *md
,
365 if (type
== EVP_sha1() && (data
->ex_flags
& EXFLAG_SET
) != 0
366 && (data
->ex_flags
& EXFLAG_INVALID
) == 0) {
367 /* Asking for SHA1 and we already computed it. */
369 *len
= sizeof(data
->sha1_hash
);
370 memcpy(md
, data
->sha1_hash
, sizeof(data
->sha1_hash
));
373 return (ASN1_item_digest
374 (ASN1_ITEM_rptr(X509
), type
, (char *)data
, md
, len
));
377 int X509_CRL_digest(const X509_CRL
*data
, const EVP_MD
*type
,
378 unsigned char *md
, unsigned int *len
)
380 if (type
== EVP_sha1() && (data
->flags
& EXFLAG_SET
) != 0
381 && (data
->flags
& EXFLAG_INVALID
) == 0) {
382 /* Asking for SHA1; always computed in CRL d2i. */
384 *len
= sizeof(data
->sha1_hash
);
385 memcpy(md
, data
->sha1_hash
, sizeof(data
->sha1_hash
));
388 return (ASN1_item_digest
389 (ASN1_ITEM_rptr(X509_CRL
), type
, (char *)data
, md
, len
));
392 int X509_REQ_digest(const X509_REQ
*data
, const EVP_MD
*type
,
393 unsigned char *md
, unsigned int *len
)
395 return (ASN1_item_digest
396 (ASN1_ITEM_rptr(X509_REQ
), type
, (char *)data
, md
, len
));
399 int X509_NAME_digest(const X509_NAME
*data
, const EVP_MD
*type
,
400 unsigned char *md
, unsigned int *len
)
402 return (ASN1_item_digest
403 (ASN1_ITEM_rptr(X509_NAME
), type
, (char *)data
, md
, len
));
406 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL
*data
,
407 const EVP_MD
*type
, unsigned char *md
,
410 return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL
), type
,
411 (char *)data
, md
, len
));
414 #ifndef OPENSSL_NO_STDIO
415 X509_SIG
*d2i_PKCS8_fp(FILE *fp
, X509_SIG
**p8
)
417 return ASN1_d2i_fp_of(X509_SIG
, X509_SIG_new
, d2i_X509_SIG
, fp
, p8
);
420 int i2d_PKCS8_fp(FILE *fp
, X509_SIG
*p8
)
422 return ASN1_i2d_fp_of(X509_SIG
, i2d_X509_SIG
, fp
, p8
);
426 X509_SIG
*d2i_PKCS8_bio(BIO
*bp
, X509_SIG
**p8
)
428 return ASN1_d2i_bio_of(X509_SIG
, X509_SIG_new
, d2i_X509_SIG
, bp
, p8
);
431 int i2d_PKCS8_bio(BIO
*bp
, X509_SIG
*p8
)
433 return ASN1_i2d_bio_of(X509_SIG
, i2d_X509_SIG
, bp
, p8
);
436 #ifndef OPENSSL_NO_STDIO
437 PKCS8_PRIV_KEY_INFO
*d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp
,
438 PKCS8_PRIV_KEY_INFO
**p8inf
)
440 return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO
, PKCS8_PRIV_KEY_INFO_new
,
441 d2i_PKCS8_PRIV_KEY_INFO
, fp
, p8inf
);
444 int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp
, PKCS8_PRIV_KEY_INFO
*p8inf
)
446 return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO
, i2d_PKCS8_PRIV_KEY_INFO
, fp
,
450 int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp
, EVP_PKEY
*key
)
452 PKCS8_PRIV_KEY_INFO
*p8inf
;
454 p8inf
= EVP_PKEY2PKCS8(key
);
457 ret
= i2d_PKCS8_PRIV_KEY_INFO_fp(fp
, p8inf
);
458 PKCS8_PRIV_KEY_INFO_free(p8inf
);
462 int i2d_PrivateKey_fp(FILE *fp
, EVP_PKEY
*pkey
)
464 return ASN1_i2d_fp_of(EVP_PKEY
, i2d_PrivateKey
, fp
, pkey
);
467 EVP_PKEY
*d2i_PrivateKey_fp(FILE *fp
, EVP_PKEY
**a
)
469 return ASN1_d2i_fp_of(EVP_PKEY
, EVP_PKEY_new
, d2i_AutoPrivateKey
, fp
, a
);
472 int i2d_PUBKEY_fp(FILE *fp
, EVP_PKEY
*pkey
)
474 return ASN1_i2d_fp_of(EVP_PKEY
, i2d_PUBKEY
, fp
, pkey
);
477 EVP_PKEY
*d2i_PUBKEY_fp(FILE *fp
, EVP_PKEY
**a
)
479 return ASN1_d2i_fp_of(EVP_PKEY
, EVP_PKEY_new
, d2i_PUBKEY
, fp
, a
);
484 PKCS8_PRIV_KEY_INFO
*d2i_PKCS8_PRIV_KEY_INFO_bio(BIO
*bp
,
485 PKCS8_PRIV_KEY_INFO
**p8inf
)
487 return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO
, PKCS8_PRIV_KEY_INFO_new
,
488 d2i_PKCS8_PRIV_KEY_INFO
, bp
, p8inf
);
491 int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO
*bp
, PKCS8_PRIV_KEY_INFO
*p8inf
)
493 return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO
, i2d_PKCS8_PRIV_KEY_INFO
, bp
,
497 int i2d_PKCS8PrivateKeyInfo_bio(BIO
*bp
, EVP_PKEY
*key
)
499 PKCS8_PRIV_KEY_INFO
*p8inf
;
501 p8inf
= EVP_PKEY2PKCS8(key
);
504 ret
= i2d_PKCS8_PRIV_KEY_INFO_bio(bp
, p8inf
);
505 PKCS8_PRIV_KEY_INFO_free(p8inf
);
509 int i2d_PrivateKey_bio(BIO
*bp
, EVP_PKEY
*pkey
)
511 return ASN1_i2d_bio_of(EVP_PKEY
, i2d_PrivateKey
, bp
, pkey
);
514 EVP_PKEY
*d2i_PrivateKey_bio(BIO
*bp
, EVP_PKEY
**a
)
516 return ASN1_d2i_bio_of(EVP_PKEY
, EVP_PKEY_new
, d2i_AutoPrivateKey
, bp
, a
);
519 int i2d_PUBKEY_bio(BIO
*bp
, EVP_PKEY
*pkey
)
521 return ASN1_i2d_bio_of(EVP_PKEY
, i2d_PUBKEY
, bp
, pkey
);
524 EVP_PKEY
*d2i_PUBKEY_bio(BIO
*bp
, EVP_PKEY
**a
)
526 return ASN1_d2i_bio_of(EVP_PKEY
, EVP_PKEY_new
, d2i_PUBKEY
, bp
, a
);