1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay (at) cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay (at) cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57 #include <openssl/asn1.h> 58 #include <openssl/buf.h> 59 #include <openssl/digest.h> 60 #include <openssl/dsa.h> 61 #include <openssl/evp.h> 62 #include <openssl/rsa.h> 63 #include <openssl/stack.h> 64 #include <openssl/x509.h> 65 66 int X509_verify(X509 *a, EVP_PKEY *r) 67 { 68 if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) 69 return 0; 70 return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg, 71 a->signature, a->cert_info, r)); 72 } 73 74 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) 75 { 76 return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), 77 a->sig_alg, a->signature, a->req_info, r)); 78 } 79 80 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) 81 { 82 x->cert_info->enc.modified = 1; 83 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, 84 x->sig_alg, x->signature, x->cert_info, pkey, md)); 85 } 86 87 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) 88 { 89 x->cert_info->enc.modified = 1; 90 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), 91 x->cert_info->signature, 92 x->sig_alg, x->signature, x->cert_info, ctx); 93 } 94 95 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) 96 { 97 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL, 98 x->signature, x->req_info, pkey, md)); 99 } 100 101 int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) 102 { 103 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), 104 x->sig_alg, NULL, x->signature, x->req_info, 105 ctx); 106 } 107 108 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) 109 { 110 x->crl->enc.modified = 1; 111 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg, 112 x->sig_alg, x->signature, x->crl, pkey, md)); 113 } 114 115 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) 116 { 117 x->crl->enc.modified = 1; 118 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), 119 x->crl->sig_alg, x->sig_alg, x->signature, 120 x->crl, ctx); 121 } 122 123 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) 124 { 125 return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL, 126 x->signature, x->spkac, pkey, md)); 127 } 128 129 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *x, EVP_PKEY *pkey) 130 { 131 return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, 132 x->signature, x->spkac, pkey)); 133 } 134 135 #ifndef OPENSSL_NO_FP_API 136 X509 *d2i_X509_fp(FILE *fp, X509 **x509) 137 { 138 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); 139 } 140 141 int i2d_X509_fp(FILE *fp, X509 *x509) 142 { 143 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); 144 } 145 #endif 146 147 X509 *d2i_X509_bio(BIO *bp, X509 **x509) 148 { 149 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); 150 } 151 152 int i2d_X509_bio(BIO *bp, X509 *x509) 153 { 154 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); 155 } 156 157 #ifndef OPENSSL_NO_FP_API 158 X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) 159 { 160 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); 161 } 162 163 int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) 164 { 165 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); 166 } 167 #endif 168 169 X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) 170 { 171 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); 172 } 173 174 int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) 175 { 176 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); 177 } 178 179 #ifndef OPENSSL_NO_FP_API 180 X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) 181 { 182 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); 183 } 184 185 int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) 186 { 187 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); 188 } 189 #endif 190 191 X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) 192 { 193 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); 194 } 195 196 int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) 197 { 198 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); 199 } 200 201 #ifndef OPENSSL_NO_FP_API 202 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) 203 { 204 return ASN1_d2i_fp_of(RSA, RSA_new, d2i_RSAPrivateKey, fp, rsa); 205 } 206 207 int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa) 208 { 209 return ASN1_i2d_fp_of_const(RSA, i2d_RSAPrivateKey, fp, rsa); 210 } 211 212 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) 213 { 214 return ASN1_d2i_fp_of(RSA, RSA_new, d2i_RSAPublicKey, fp, rsa); 215 } 216 217 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) 218 { 219 return ASN1_d2i_fp((void *(*)(void)) 220 RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp, 221 (void **)rsa); 222 } 223 224 int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) 225 { 226 return ASN1_i2d_fp_of_const(RSA, i2d_RSAPublicKey, fp, rsa); 227 } 228 229 int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) 230 { 231 return ASN1_i2d_fp((I2D_OF_const(void))i2d_RSA_PUBKEY, fp, rsa); 232 } 233 #endif 234 235 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) 236 { 237 return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSAPrivateKey, bp, rsa); 238 } 239 240 int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa) 241 { 242 return ASN1_i2d_bio_of_const(RSA, i2d_RSAPrivateKey, bp, rsa); 243 } 244 245 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) 246 { 247 return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSAPublicKey, bp, rsa); 248 } 249 250 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) 251 { 252 return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa); 253 } 254 255 int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) 256 { 257 return ASN1_i2d_bio_of_const(RSA, i2d_RSAPublicKey, bp, rsa); 258 } 259 260 int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) 261 { 262 return ASN1_i2d_bio_of_const(RSA, i2d_RSA_PUBKEY, bp, rsa); 263 } 264 265 #ifndef OPENSSL_NO_DSA 266 # ifndef OPENSSL_NO_FP_API 267 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) 268 { 269 return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa); 270 } 271 272 int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) 273 { 274 return ASN1_i2d_fp_of_const(DSA, i2d_DSAPrivateKey, fp, dsa); 275 } 276 277 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) 278 { 279 return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa); 280 } 281 282 int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) 283 { 284 return ASN1_i2d_fp_of_const(DSA, i2d_DSA_PUBKEY, fp, dsa); 285 } 286 # endif 287 288 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) 289 { 290 return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa); 291 } 292 293 int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) 294 { 295 return ASN1_i2d_bio_of_const(DSA, i2d_DSAPrivateKey, bp, dsa); 296 } 297 298 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) 299 { 300 return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa); 301 } 302 303 int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) 304 { 305 return ASN1_i2d_bio_of_const(DSA, i2d_DSA_PUBKEY, bp, dsa); 306 } 307 308 #endif 309 310 #ifndef OPENSSL_NO_FP_API 311 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) 312 { 313 return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); 314 } 315 316 int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey) 317 { 318 return ASN1_i2d_fp_of_const(EC_KEY, i2d_EC_PUBKEY, fp, eckey); 319 } 320 321 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey) 322 { 323 return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey); 324 } 325 326 int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey) 327 { 328 return ASN1_i2d_fp_of_const(EC_KEY, i2d_ECPrivateKey, fp, eckey); 329 } 330 #endif 331 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) 332 { 333 return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey); 334 } 335 336 int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa) 337 { 338 return ASN1_i2d_bio_of_const(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa); 339 } 340 341 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey) 342 { 343 return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey); 344 } 345 346 int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey) 347 { 348 return ASN1_i2d_bio_of_const(EC_KEY, i2d_ECPrivateKey, bp, eckey); 349 } 350 351 int X509_pubkey_digest(const X509 *data, const EVP_MD *type, 352 unsigned char *md, unsigned int *len) 353 { 354 ASN1_BIT_STRING *key; 355 key = X509_get0_pubkey_bitstr(data); 356 if (!key) 357 return 0; 358 return EVP_Digest(key->data, key->length, md, len, type, NULL); 359 } 360 361 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, 362 unsigned int *len) 363 { 364 return (ASN1_item_digest 365 (ASN1_ITEM_rptr(X509), type, (char *)data, md, len)); 366 } 367 368 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, 369 unsigned char *md, unsigned int *len) 370 { 371 return (ASN1_item_digest 372 (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len)); 373 } 374 375 int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, 376 unsigned char *md, unsigned int *len) 377 { 378 return (ASN1_item_digest 379 (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len)); 380 } 381 382 int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, 383 unsigned char *md, unsigned int *len) 384 { 385 return (ASN1_item_digest 386 (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len)); 387 } 388 389 #ifndef OPENSSL_NO_FP_API 390 X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) 391 { 392 return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8); 393 } 394 395 int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8) 396 { 397 return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8); 398 } 399 #endif 400 401 X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) 402 { 403 return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8); 404 } 405 406 int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) 407 { 408 return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8); 409 } 410 411 #ifndef OPENSSL_NO_FP_API 412 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, 413 PKCS8_PRIV_KEY_INFO **p8inf) 414 { 415 return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, 416 d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf); 417 } 418 419 int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf) 420 { 421 return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp, 422 p8inf); 423 } 424 425 int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) 426 { 427 PKCS8_PRIV_KEY_INFO *p8inf; 428 int ret; 429 p8inf = EVP_PKEY2PKCS8(key); 430 if (!p8inf) 431 return 0; 432 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); 433 PKCS8_PRIV_KEY_INFO_free(p8inf); 434 return ret; 435 } 436 437 int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) 438 { 439 return ASN1_i2d_fp_of_const(EVP_PKEY, i2d_PrivateKey, fp, pkey); 440 } 441 442 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) 443 { 444 return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a); 445 } 446 447 int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) 448 { 449 return ASN1_i2d_fp_of_const(EVP_PKEY, i2d_PUBKEY, fp, pkey); 450 } 451 452 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) 453 { 454 return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a); 455 } 456 457 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, 458 PKCS8_PRIV_KEY_INFO **p8inf) 459 { 460 return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, 461 d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf); 462 } 463 464 int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf) 465 { 466 return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp, 467 p8inf); 468 } 469 470 int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) 471 { 472 PKCS8_PRIV_KEY_INFO *p8inf; 473 int ret; 474 p8inf = EVP_PKEY2PKCS8(key); 475 if (!p8inf) 476 return 0; 477 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); 478 PKCS8_PRIV_KEY_INFO_free(p8inf); 479 return ret; 480 } 481 #endif 482 483 int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey) 484 { 485 return ASN1_i2d_bio_of_const(EVP_PKEY, i2d_PrivateKey, bp, pkey); 486 } 487 488 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) 489 { 490 return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a); 491 } 492 493 int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) 494 { 495 return ASN1_i2d_bio_of_const(EVP_PKEY, i2d_PUBKEY, bp, pkey); 496 } 497 498 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) 499 { 500 return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a); 501 } 502