1 | /* |
2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #include <stdio.h> |
11 | #include "internal/cryptlib.h" |
12 | #include <openssl/buffer.h> |
13 | #include <openssl/asn1.h> |
14 | #include <openssl/evp.h> |
15 | #include <openssl/x509.h> |
16 | #include "crypto/x509.h" |
17 | #include <openssl/ocsp.h> |
18 | #include <openssl/rsa.h> |
19 | #include <openssl/dsa.h> |
20 | #include <openssl/x509v3.h> |
21 | |
22 | #ifndef OPENSSL_NO_SM2 |
23 | |
24 | # include "crypto/asn1.h" |
25 | # include "crypto/evp.h" |
26 | |
27 | static int common_verify_sm2(void *data, EVP_PKEY *pkey, |
28 | int mdnid, int pknid, int req) |
29 | { |
30 | X509 *x = NULL; |
31 | X509_REQ *r = NULL; |
32 | EVP_MD_CTX *ctx = NULL; |
33 | unsigned char *buf_in = NULL; |
34 | int ret = -1, inl = 0; |
35 | size_t inll = 0; |
36 | EVP_PKEY_CTX *pctx = NULL; |
37 | const EVP_MD *type = EVP_get_digestbynid(mdnid); |
38 | ASN1_BIT_STRING *signature = NULL; |
39 | ASN1_OCTET_STRING *sm2_id = NULL; |
40 | ASN1_VALUE *tbv = NULL; |
41 | |
42 | if (type == NULL) { |
43 | X509err(X509_F_COMMON_VERIFY_SM2, |
44 | ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); |
45 | goto err; |
46 | } |
47 | |
48 | if (pkey == NULL) { |
49 | X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_PASSED_NULL_PARAMETER); |
50 | return -1; |
51 | } |
52 | |
53 | if (req == 1) { |
54 | r = (X509_REQ *)data; |
55 | signature = r->signature; |
56 | sm2_id = r->sm2_id; |
57 | tbv = (ASN1_VALUE *)&r->req_info; |
58 | } else { |
59 | x = (X509 *)data; |
60 | signature = &x->signature; |
61 | sm2_id = x->sm2_id; |
62 | tbv = (ASN1_VALUE *)&x->cert_info; |
63 | } |
64 | |
65 | if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { |
66 | X509err(X509_F_COMMON_VERIFY_SM2, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); |
67 | return -1; |
68 | } |
69 | |
70 | ctx = EVP_MD_CTX_new(); |
71 | if (ctx == NULL) { |
72 | X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_MALLOC_FAILURE); |
73 | goto err; |
74 | } |
75 | |
76 | /* Check public key OID matches public key type */ |
77 | if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { |
78 | X509err(X509_F_COMMON_VERIFY_SM2, ASN1_R_WRONG_PUBLIC_KEY_TYPE); |
79 | goto err; |
80 | } |
81 | |
82 | if (!EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) { |
83 | X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB); |
84 | ret = 0; |
85 | goto err; |
86 | } |
87 | pctx = EVP_PKEY_CTX_new(pkey, NULL); |
88 | if (pctx == NULL) { |
89 | X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB); |
90 | ret = 0; |
91 | goto err; |
92 | } |
93 | /* NOTE: we tolerate no actual ID, to provide maximum flexibility */ |
94 | if (sm2_id != NULL |
95 | && EVP_PKEY_CTX_set1_id(pctx, sm2_id->data, sm2_id->length) != 1) { |
96 | X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB); |
97 | ret = 0; |
98 | goto err; |
99 | } |
100 | EVP_MD_CTX_set_pkey_ctx(ctx, pctx); |
101 | |
102 | if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { |
103 | X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB); |
104 | ret = 0; |
105 | goto err; |
106 | } |
107 | |
108 | inl = ASN1_item_i2d(tbv, &buf_in, |
109 | req == 1 ? |
110 | ASN1_ITEM_rptr(X509_REQ_INFO) : |
111 | ASN1_ITEM_rptr(X509_CINF)); |
112 | if (inl <= 0) { |
113 | X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_INTERNAL_ERROR); |
114 | goto err; |
115 | } |
116 | if (buf_in == NULL) { |
117 | X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_MALLOC_FAILURE); |
118 | goto err; |
119 | } |
120 | inll = inl; |
121 | |
122 | ret = EVP_DigestVerify(ctx, signature->data, |
123 | (size_t)signature->length, buf_in, inl); |
124 | if (ret <= 0) { |
125 | X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB); |
126 | goto err; |
127 | } |
128 | ret = 1; |
129 | err: |
130 | OPENSSL_clear_free(buf_in, inll); |
131 | EVP_MD_CTX_free(ctx); |
132 | EVP_PKEY_CTX_free(pctx); |
133 | return ret; |
134 | } |
135 | |
136 | static int x509_verify_sm2(X509 *x, EVP_PKEY *pkey, int mdnid, int pknid) |
137 | { |
138 | return common_verify_sm2(x, pkey, mdnid, pknid, 0); |
139 | } |
140 | |
141 | static int x509_req_verify_sm2(X509_REQ *x, EVP_PKEY *pkey, |
142 | int mdnid, int pknid) |
143 | { |
144 | return common_verify_sm2(x, pkey, mdnid, pknid, 1); |
145 | } |
146 | |
147 | #endif |
148 | |
149 | int X509_verify(X509 *a, EVP_PKEY *r) |
150 | { |
151 | #ifndef OPENSSL_NO_SM2 |
152 | int mdnid, pknid; |
153 | #endif |
154 | |
155 | if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature)) |
156 | return 0; |
157 | |
158 | #ifndef OPENSSL_NO_SM2 |
159 | /* Convert signature OID into digest and public key OIDs */ |
160 | if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->sig_alg.algorithm), |
161 | &mdnid, &pknid)) { |
162 | X509err(X509_F_X509_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); |
163 | return 0; |
164 | } |
165 | |
166 | if (pknid == NID_sm2) |
167 | return x509_verify_sm2(a, r, mdnid, pknid); |
168 | #endif |
169 | |
170 | return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, |
171 | &a->signature, &a->cert_info, r)); |
172 | } |
173 | |
174 | int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) |
175 | { |
176 | #ifndef OPENSSL_NO_SM2 |
177 | int mdnid, pknid; |
178 | |
179 | /* Convert signature OID into digest and public key OIDs */ |
180 | if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->sig_alg.algorithm), |
181 | &mdnid, &pknid)) { |
182 | X509err(X509_F_X509_REQ_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); |
183 | return 0; |
184 | } |
185 | |
186 | if (pknid == NID_sm2) |
187 | return x509_req_verify_sm2(a, r, mdnid, pknid); |
188 | #endif |
189 | |
190 | return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), |
191 | &a->sig_alg, a->signature, &a->req_info, r)); |
192 | } |
193 | |
194 | int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) |
195 | { |
196 | return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), |
197 | &a->sig_algor, a->signature, a->spkac, r)); |
198 | } |
199 | |
200 | int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) |
201 | { |
202 | x->cert_info.enc.modified = 1; |
203 | return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, |
204 | &x->sig_alg, &x->signature, &x->cert_info, pkey, |
205 | md)); |
206 | } |
207 | |
208 | int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) |
209 | { |
210 | x->cert_info.enc.modified = 1; |
211 | return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), |
212 | &x->cert_info.signature, |
213 | &x->sig_alg, &x->signature, &x->cert_info, ctx); |
214 | } |
215 | |
216 | #ifndef OPENSSL_NO_OCSP |
217 | int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert) |
218 | { |
219 | return OCSP_REQ_CTX_nbio_d2i(rctx, |
220 | (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509)); |
221 | } |
222 | #endif |
223 | |
224 | int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) |
225 | { |
226 | return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL, |
227 | x->signature, &x->req_info, pkey, md)); |
228 | } |
229 | |
230 | int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) |
231 | { |
232 | return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), |
233 | &x->sig_alg, NULL, x->signature, &x->req_info, |
234 | ctx); |
235 | } |
236 | |
237 | int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) |
238 | { |
239 | x->crl.enc.modified = 1; |
240 | return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg, |
241 | &x->sig_alg, &x->signature, &x->crl, pkey, md)); |
242 | } |
243 | |
244 | int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) |
245 | { |
246 | x->crl.enc.modified = 1; |
247 | return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), |
248 | &x->crl.sig_alg, &x->sig_alg, &x->signature, |
249 | &x->crl, ctx); |
250 | } |
251 | |
252 | #ifndef OPENSSL_NO_OCSP |
253 | int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) |
254 | { |
255 | return OCSP_REQ_CTX_nbio_d2i(rctx, |
256 | (ASN1_VALUE **)pcrl, |
257 | ASN1_ITEM_rptr(X509_CRL)); |
258 | } |
259 | #endif |
260 | |
261 | int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) |
262 | { |
263 | return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, |
264 | x->signature, x->spkac, pkey, md)); |
265 | } |
266 | |
267 | #ifndef OPENSSL_NO_STDIO |
268 | X509 *d2i_X509_fp(FILE *fp, X509 **x509) |
269 | { |
270 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); |
271 | } |
272 | |
273 | int i2d_X509_fp(FILE *fp, const X509 *x509) |
274 | { |
275 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); |
276 | } |
277 | #endif |
278 | |
279 | X509 *d2i_X509_bio(BIO *bp, X509 **x509) |
280 | { |
281 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); |
282 | } |
283 | |
284 | int i2d_X509_bio(BIO *bp, const X509 *x509) |
285 | { |
286 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); |
287 | } |
288 | |
289 | #ifndef OPENSSL_NO_STDIO |
290 | X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) |
291 | { |
292 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); |
293 | } |
294 | |
295 | int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl) |
296 | { |
297 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); |
298 | } |
299 | #endif |
300 | |
301 | X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) |
302 | { |
303 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); |
304 | } |
305 | |
306 | int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl) |
307 | { |
308 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); |
309 | } |
310 | |
311 | #ifndef OPENSSL_NO_STDIO |
312 | PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) |
313 | { |
314 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); |
315 | } |
316 | |
317 | int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7) |
318 | { |
319 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); |
320 | } |
321 | #endif |
322 | |
323 | PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) |
324 | { |
325 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); |
326 | } |
327 | |
328 | int i2d_PKCS7_bio(BIO *bp, const PKCS7 *p7) |
329 | { |
330 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); |
331 | } |
332 | |
333 | #ifndef OPENSSL_NO_STDIO |
334 | X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) |
335 | { |
336 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); |
337 | } |
338 | |
339 | int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req) |
340 | { |
341 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); |
342 | } |
343 | #endif |
344 | |
345 | X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) |
346 | { |
347 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); |
348 | } |
349 | |
350 | int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req) |
351 | { |
352 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); |
353 | } |
354 | |
355 | #ifndef OPENSSL_NO_RSA |
356 | |
357 | # ifndef OPENSSL_NO_STDIO |
358 | RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) |
359 | { |
360 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); |
361 | } |
362 | |
363 | int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa) |
364 | { |
365 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); |
366 | } |
367 | |
368 | RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) |
369 | { |
370 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); |
371 | } |
372 | |
373 | RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) |
374 | { |
375 | return ASN1_d2i_fp((void *(*)(void)) |
376 | RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp, |
377 | (void **)rsa); |
378 | } |
379 | |
380 | int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa) |
381 | { |
382 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); |
383 | } |
384 | |
385 | int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa) |
386 | { |
387 | return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa); |
388 | } |
389 | # endif |
390 | |
391 | RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) |
392 | { |
393 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); |
394 | } |
395 | |
396 | int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa) |
397 | { |
398 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); |
399 | } |
400 | |
401 | RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) |
402 | { |
403 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); |
404 | } |
405 | |
406 | RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) |
407 | { |
408 | return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa); |
409 | } |
410 | |
411 | int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa) |
412 | { |
413 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); |
414 | } |
415 | |
416 | int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa) |
417 | { |
418 | return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa); |
419 | } |
420 | #endif |
421 | |
422 | #ifndef OPENSSL_NO_DSA |
423 | # ifndef OPENSSL_NO_STDIO |
424 | DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) |
425 | { |
426 | return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa); |
427 | } |
428 | |
429 | int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa) |
430 | { |
431 | return ASN1_i2d_fp_of(DSA, i2d_DSAPrivateKey, fp, dsa); |
432 | } |
433 | |
434 | DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) |
435 | { |
436 | return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa); |
437 | } |
438 | |
439 | int i2d_DSA_PUBKEY_fp(FILE *fp, const DSA *dsa) |
440 | { |
441 | return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa); |
442 | } |
443 | # endif |
444 | |
445 | DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) |
446 | { |
447 | return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa); |
448 | } |
449 | |
450 | int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa) |
451 | { |
452 | return ASN1_i2d_bio_of(DSA, i2d_DSAPrivateKey, bp, dsa); |
453 | } |
454 | |
455 | DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) |
456 | { |
457 | return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa); |
458 | } |
459 | |
460 | int i2d_DSA_PUBKEY_bio(BIO *bp, const DSA *dsa) |
461 | { |
462 | return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa); |
463 | } |
464 | |
465 | #endif |
466 | |
467 | #ifndef OPENSSL_NO_EC |
468 | # ifndef OPENSSL_NO_STDIO |
469 | EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) |
470 | { |
471 | return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); |
472 | } |
473 | |
474 | int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey) |
475 | { |
476 | return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey); |
477 | } |
478 | |
479 | EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey) |
480 | { |
481 | return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey); |
482 | } |
483 | |
484 | int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey) |
485 | { |
486 | return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey); |
487 | } |
488 | # endif |
489 | EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) |
490 | { |
491 | return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey); |
492 | } |
493 | |
494 | int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *ecdsa) |
495 | { |
496 | return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa); |
497 | } |
498 | |
499 | EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey) |
500 | { |
501 | return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey); |
502 | } |
503 | |
504 | int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey) |
505 | { |
506 | return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey); |
507 | } |
508 | #endif |
509 | |
510 | int X509_pubkey_digest(const X509 *data, const EVP_MD *type, |
511 | unsigned char *md, unsigned int *len) |
512 | { |
513 | ASN1_BIT_STRING *key; |
514 | key = X509_get0_pubkey_bitstr(data); |
515 | if (!key) |
516 | return 0; |
517 | return EVP_Digest(key->data, key->length, md, len, type, NULL); |
518 | } |
519 | |
520 | int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, |
521 | unsigned int *len) |
522 | { |
523 | if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) { |
524 | /* Asking for SHA1 and we already computed it. */ |
525 | if (len != NULL) |
526 | *len = sizeof(data->sha1_hash); |
527 | memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); |
528 | return 1; |
529 | } |
530 | return (ASN1_item_digest |
531 | (ASN1_ITEM_rptr(X509), type, (char *)data, md, len)); |
532 | } |
533 | |
534 | int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, |
535 | unsigned char *md, unsigned int *len) |
536 | { |
537 | if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) { |
538 | /* Asking for SHA1; always computed in CRL d2i. */ |
539 | if (len != NULL) |
540 | *len = sizeof(data->sha1_hash); |
541 | memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); |
542 | return 1; |
543 | } |
544 | return (ASN1_item_digest |
545 | (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len)); |
546 | } |
547 | |
548 | int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, |
549 | unsigned char *md, unsigned int *len) |
550 | { |
551 | return (ASN1_item_digest |
552 | (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len)); |
553 | } |
554 | |
555 | int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, |
556 | unsigned char *md, unsigned int *len) |
557 | { |
558 | return (ASN1_item_digest |
559 | (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len)); |
560 | } |
561 | |
562 | int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, |
563 | const EVP_MD *type, unsigned char *md, |
564 | unsigned int *len) |
565 | { |
566 | return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type, |
567 | (char *)data, md, len)); |
568 | } |
569 | |
570 | #ifndef OPENSSL_NO_STDIO |
571 | X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) |
572 | { |
573 | return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8); |
574 | } |
575 | |
576 | int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8) |
577 | { |
578 | return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8); |
579 | } |
580 | #endif |
581 | |
582 | X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) |
583 | { |
584 | return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8); |
585 | } |
586 | |
587 | int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8) |
588 | { |
589 | return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8); |
590 | } |
591 | |
592 | #ifndef OPENSSL_NO_STDIO |
593 | X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk) |
594 | { |
595 | return ASN1_d2i_fp_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY, |
596 | fp, xpk); |
597 | } |
598 | |
599 | int i2d_X509_PUBKEY_fp(FILE *fp, const X509_PUBKEY *xpk) |
600 | { |
601 | return ASN1_i2d_fp_of(X509_PUBKEY, i2d_X509_PUBKEY, fp, xpk); |
602 | } |
603 | #endif |
604 | |
605 | X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk) |
606 | { |
607 | return ASN1_d2i_bio_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY, |
608 | bp, xpk); |
609 | } |
610 | |
611 | int i2d_X509_PUBKEY_bio(BIO *bp, const X509_PUBKEY *xpk) |
612 | { |
613 | return ASN1_i2d_bio_of(X509_PUBKEY, i2d_X509_PUBKEY, bp, xpk); |
614 | } |
615 | |
616 | #ifndef OPENSSL_NO_STDIO |
617 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, |
618 | PKCS8_PRIV_KEY_INFO **p8inf) |
619 | { |
620 | return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, |
621 | d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf); |
622 | } |
623 | |
624 | int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf) |
625 | { |
626 | return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp, |
627 | p8inf); |
628 | } |
629 | |
630 | int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key) |
631 | { |
632 | PKCS8_PRIV_KEY_INFO *p8inf; |
633 | int ret; |
634 | |
635 | p8inf = EVP_PKEY2PKCS8(key); |
636 | if (p8inf == NULL) |
637 | return 0; |
638 | ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); |
639 | PKCS8_PRIV_KEY_INFO_free(p8inf); |
640 | return ret; |
641 | } |
642 | |
643 | int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey) |
644 | { |
645 | return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey); |
646 | } |
647 | |
648 | EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) |
649 | { |
650 | return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a); |
651 | } |
652 | |
653 | int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey) |
654 | { |
655 | return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey); |
656 | } |
657 | |
658 | EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) |
659 | { |
660 | return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a); |
661 | } |
662 | |
663 | #endif |
664 | |
665 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, |
666 | PKCS8_PRIV_KEY_INFO **p8inf) |
667 | { |
668 | return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, |
669 | d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf); |
670 | } |
671 | |
672 | int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf) |
673 | { |
674 | return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp, |
675 | p8inf); |
676 | } |
677 | |
678 | int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key) |
679 | { |
680 | PKCS8_PRIV_KEY_INFO *p8inf; |
681 | int ret; |
682 | |
683 | p8inf = EVP_PKEY2PKCS8(key); |
684 | if (p8inf == NULL) |
685 | return 0; |
686 | ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); |
687 | PKCS8_PRIV_KEY_INFO_free(p8inf); |
688 | return ret; |
689 | } |
690 | |
691 | int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey) |
692 | { |
693 | return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey); |
694 | } |
695 | |
696 | EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) |
697 | { |
698 | return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a); |
699 | } |
700 | |
701 | int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey) |
702 | { |
703 | return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey); |
704 | } |
705 | |
706 | EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) |
707 | { |
708 | return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a); |
709 | } |
710 | |