1/* crypto/x509/x_all.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59#include <stdio.h> 60#undef SSLEAY_MACROS 61#include <openssl/stack.h> 62#include "cryptlib.h" 63#include <openssl/buffer.h> 64#include <openssl/asn1.h> 65#include <openssl/evp.h> 66#include <openssl/x509.h> 67#ifndef OPENSSL_NO_RSA 68#include <openssl/rsa.h> 69#endif 70#ifndef OPENSSL_NO_DSA 71#include <openssl/dsa.h> 72#endif 73 74int X509_verify(X509 *a, EVP_PKEY *r) 75 { 76 return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, 77 a->signature,a->cert_info,r)); 78 } 79 80int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) 81 { 82 return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), 83 a->sig_alg,a->signature,a->req_info,r)); 84 } 85 86int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r) 87 { 88 return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), 89 a->sig_alg, a->signature,a->crl,r)); 90 } 91 92int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) 93 { 94 return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), 95 a->sig_algor,a->signature,a->spkac,r)); 96 } 97 98int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) 99 { 100 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, 101 x->sig_alg, x->signature, x->cert_info,pkey,md)); 102 } 103 104int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) 105 { 106 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL, 107 x->signature, x->req_info,pkey,md)); 108 } 109 110int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) 111 { 112 x->crl->enc.modified = 1; 113 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg, 114 x->sig_alg, x->signature, x->crl,pkey,md)); 115 } 116 117int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) 118 { 119 return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL, 120 x->signature, x->spkac,pkey,md)); 121 } 122 123#ifndef OPENSSL_NO_FP_API 124X509 *d2i_X509_fp(FILE *fp, X509 **x509) 125 { 126 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); 127 } 128 129int i2d_X509_fp(FILE *fp, X509 *x509) 130 { 131 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); 132 } 133#endif 134 135X509 *d2i_X509_bio(BIO *bp, X509 **x509) 136 { 137 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); 138 } 139 140int i2d_X509_bio(BIO *bp, X509 *x509) 141 { 142 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); 143 } 144 145#ifndef OPENSSL_NO_FP_API 146X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) 147 { 148 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); 149 } 150 151int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) 152 { 153 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); 154 } 155#endif 156 157X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) 158 { 159 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); 160 } 161 162int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) 163 { 164 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); 165 } 166 167#ifndef OPENSSL_NO_FP_API 168PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) 169 { 170 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); 171 } 172 173int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7) 174 { 175 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); 176 } 177#endif 178 179PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) 180 { 181 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); 182 } 183 184int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) 185 { 186 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); 187 } 188 189#ifndef OPENSSL_NO_FP_API 190X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) 191 { 192 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); 193 } 194 195int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) 196 { 197 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); 198 } 199#endif 200 201X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) 202 { 203 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); 204 } 205 206int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) 207 { 208 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); 209 } 210 211#ifndef OPENSSL_NO_RSA 212 213#ifndef OPENSSL_NO_FP_API 214RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) 215 { 216 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); 217 } 218 219int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa) 220 { 221 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); 222 } 223 224RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) 225 { 226 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); 227 } 228 229 230RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) 231 { 232 return ASN1_d2i_fp((void *(*)(void)) 233 RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp, 234 (void **)rsa); 235 } 236 237int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) 238 { 239 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); 240 } 241 242int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) 243 { 244 return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa); 245 } 246#endif 247 248RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) 249 { 250 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); 251 } 252 253int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa) 254 { 255 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); 256 } 257 258RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) 259 { 260 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); 261 } 262 263 264RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) 265 { 266 return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa); 267 } 268 269int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) 270 { 271 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); 272 } 273 274int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) 275 { 276 return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa); 277 } 278#endif 279 280#ifndef OPENSSL_NO_DSA 281#ifndef OPENSSL_NO_FP_API 282DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) 283 { 284 return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa); 285 } 286 287int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) 288 { 289 return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa); 290 } 291 292DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) 293 { 294 return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa); 295 } 296 297int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) 298 { 299 return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa); 300 } 301#endif 302 303DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) 304 { 305 return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa 306); 307 } 308 309int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) 310 { 311 return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa); 312 } 313 314DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) 315 { 316 return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa); 317 } 318 319int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) 320 { 321 return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa); 322 } 323 324#endif 325 326#ifndef OPENSSL_NO_EC 327#ifndef OPENSSL_NO_FP_API 328EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) 329 { 330 return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey); 331 } 332 333int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey) 334 { 335 return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey); 336 } 337 338EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey) 339 { 340 return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey); 341 } 342 343int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey) 344 { 345 return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey); 346 } 347#endif 348EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) 349 { 350 return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey); 351 } 352 353int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa) 354 { 355 return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa); 356 } 357 358EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey) 359 { 360 return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey); 361 } 362 363int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey) 364 { 365 return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey); 366 } 367#endif 368 369 370int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, 371 unsigned int *len) 372 { 373 ASN1_BIT_STRING *key; 374 key = X509_get0_pubkey_bitstr(data); 375 if(!key) return 0; 376 return EVP_Digest(key->data, key->length, md, len, type, NULL); 377 } 378 379int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, 380 unsigned int *len) 381 { 382 return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len)); 383 } 384 385int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, 386 unsigned int *len) 387 { 388 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len)); 389 } 390 391int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, 392 unsigned int *len) 393 { 394 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len)); 395 } 396 397int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, 398 unsigned int *len) 399 { 400 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len)); 401 } 402 403int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type, 404 unsigned char *md, unsigned int *len) 405 { 406 return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type, 407 (char *)data,md,len)); 408 } 409 410 411#ifndef OPENSSL_NO_FP_API 412X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) 413 { 414 return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8); 415 } 416 417int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8) 418 { 419 return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8); 420 } 421#endif 422 423X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) 424 { 425 return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8); 426 } 427 428int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) 429 { 430 return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8); 431 } 432 433#ifndef OPENSSL_NO_FP_API 434PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, 435 PKCS8_PRIV_KEY_INFO **p8inf) 436 { 437 return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, 438 d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf); 439 } 440 441int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf) 442 { 443 return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp, 444 p8inf); 445 } 446 447int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) 448 { 449 PKCS8_PRIV_KEY_INFO *p8inf; 450 int ret; 451 p8inf = EVP_PKEY2PKCS8(key); 452 if(!p8inf) return 0; 453 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); 454 PKCS8_PRIV_KEY_INFO_free(p8inf); 455 return ret; 456 } 457 458int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) 459 { 460 return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey); 461 } 462 463EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) 464{ 465 return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a); 466} 467 468int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) 469 { 470 return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey); 471 } 472 473EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) 474{ 475 return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a); 476} 477 478#endif 479 480PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, 481 PKCS8_PRIV_KEY_INFO **p8inf) 482 { 483 return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, 484 d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf); 485 } 486 487int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf) 488 { 489 return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp, 490 p8inf); 491 } 492 493int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) 494 { 495 PKCS8_PRIV_KEY_INFO *p8inf; 496 int ret; 497 p8inf = EVP_PKEY2PKCS8(key); 498 if(!p8inf) return 0; 499 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); 500 PKCS8_PRIV_KEY_INFO_free(p8inf); 501 return ret; 502 } 503 504int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey) 505 { 506 return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey); 507 } 508 509EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) 510 { 511 return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a); 512 } 513 514int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) 515 { 516 return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey); 517 } 518 519EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) 520 { 521 return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a); 522 } 523