x_all.c revision 277195 
1/* crypto/x509/x_all.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to.  The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 *    notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 *    notice, this list of conditions and the following disclaimer in the
30 *    documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 *    must display the following acknowledgement:
33 *    "This product includes cryptographic software written by
34 *     Eric Young (eay@cryptsoft.com)"
35 *    The word 'cryptographic' can be left out if the rouines from the library
36 *    being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 *    the apps directory (application code) you must include an acknowledgement:
39 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#undef SSLEAY_MACROS
61#include <openssl/stack.h>
62#include "cryptlib.h"
63#include <openssl/buffer.h>
64#include <openssl/asn1.h>
65#include <openssl/evp.h>
66#include <openssl/x509.h>
67#ifndef OPENSSL_NO_RSA
68#include <openssl/rsa.h>
69#endif
70#ifndef OPENSSL_NO_DSA
71#include <openssl/dsa.h>
72#endif
73
74int X509_verify(X509 *a, EVP_PKEY *r)
75	{
76	if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
77		return 0;
78	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
79		a->signature,a->cert_info,r));
80	}
81
82int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
83	{
84	return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
85		a->sig_alg,a->signature,a->req_info,r));
86	}
87
88int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
89	{
90	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
91		a->sig_alg, a->signature,a->crl,r));
92	}
93
94int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
95	{
96	return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
97		a->sig_algor,a->signature,a->spkac,r));
98	}
99
100int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
101	{
102	x->cert_info->enc.modified = 1;
103	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
104		x->sig_alg, x->signature, x->cert_info,pkey,md));
105	}
106
107int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
108	{
109	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
110		x->signature, x->req_info,pkey,md));
111	}
112
113int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
114	{
115	x->crl->enc.modified = 1;
116	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
117		x->sig_alg, x->signature, x->crl,pkey,md));
118	}
119
120int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
121	{
122	return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
123		x->signature, x->spkac,pkey,md));
124	}
125
126#ifndef OPENSSL_NO_FP_API
127X509 *d2i_X509_fp(FILE *fp, X509 **x509)
128	{
129	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
130	}
131
132int i2d_X509_fp(FILE *fp, X509 *x509)
133	{
134	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
135	}
136#endif
137
138X509 *d2i_X509_bio(BIO *bp, X509 **x509)
139	{
140	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
141	}
142
143int i2d_X509_bio(BIO *bp, X509 *x509)
144	{
145	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
146	}
147
148#ifndef OPENSSL_NO_FP_API
149X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
150	{
151	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
152	}
153
154int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
155	{
156	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
157	}
158#endif
159
160X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
161	{
162	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
163	}
164
165int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
166	{
167	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
168	}
169
170#ifndef OPENSSL_NO_FP_API
171PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
172	{
173	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
174	}
175
176int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
177	{
178	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
179	}
180#endif
181
182PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
183	{
184	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
185	}
186
187int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
188	{
189	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
190	}
191
192#ifndef OPENSSL_NO_FP_API
193X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
194	{
195	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
196	}
197
198int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
199	{
200	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
201	}
202#endif
203
204X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
205	{
206	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
207	}
208
209int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
210	{
211	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
212	}
213
214#ifndef OPENSSL_NO_RSA
215
216#ifndef OPENSSL_NO_FP_API
217RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
218	{
219	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
220	}
221
222int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
223	{
224	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
225	}
226
227RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
228	{
229	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
230	}
231
232
233RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
234	{
235	return ASN1_d2i_fp((void *(*)(void))
236			   RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp,
237			   (void **)rsa);
238	}
239
240int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
241	{
242	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
243	}
244
245int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
246	{
247	return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa);
248	}
249#endif
250
251RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
252	{
253	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
254	}
255
256int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
257	{
258	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
259	}
260
261RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
262	{
263	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
264	}
265
266
267RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
268	{
269	return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa);
270	}
271
272int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
273	{
274	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
275	}
276
277int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
278	{
279	return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa);
280	}
281#endif
282
283#ifndef OPENSSL_NO_DSA
284#ifndef OPENSSL_NO_FP_API
285DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
286	{
287	return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa);
288	}
289
290int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
291	{
292	return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa);
293	}
294
295DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
296	{
297	return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa);
298	}
299
300int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
301	{
302	return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa);
303	}
304#endif
305
306DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
307	{
308	return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa
309);
310	}
311
312int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
313	{
314	return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa);
315	}
316
317DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
318	{
319	return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa);
320	}
321
322int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
323	{
324	return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa);
325	}
326
327#endif
328
329#ifndef OPENSSL_NO_EC
330#ifndef OPENSSL_NO_FP_API
331EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
332	{
333	return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey);
334	}
335
336int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
337	{
338	return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey);
339	}
340
341EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
342	{
343	return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey);
344	}
345
346int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
347	{
348	return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey);
349	}
350#endif
351EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
352	{
353	return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey);
354	}
355
356int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
357	{
358	return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa);
359	}
360
361EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
362	{
363	return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey);
364	}
365
366int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
367	{
368	return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey);
369	}
370#endif
371
372
373int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
374	     unsigned int *len)
375	{
376	ASN1_BIT_STRING *key;
377	key = X509_get0_pubkey_bitstr(data);
378	if(!key) return 0;
379	return EVP_Digest(key->data, key->length, md, len, type, NULL);
380	}
381
382int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
383	     unsigned int *len)
384	{
385	return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
386	}
387
388int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
389	     unsigned int *len)
390	{
391	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
392	}
393
394int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
395	     unsigned int *len)
396	{
397	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
398	}
399
400int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
401	     unsigned int *len)
402	{
403	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
404	}
405
406int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
407	     unsigned char *md, unsigned int *len)
408	{
409	return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
410		(char *)data,md,len));
411	}
412
413
414#ifndef OPENSSL_NO_FP_API
415X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
416	{
417	return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8);
418	}
419
420int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
421	{
422	return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8);
423	}
424#endif
425
426X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
427	{
428	return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8);
429	}
430
431int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
432	{
433	return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8);
434	}
435
436#ifndef OPENSSL_NO_FP_API
437PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
438						 PKCS8_PRIV_KEY_INFO **p8inf)
439	{
440	return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
441			      d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf);
442	}
443
444int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
445	{
446	return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp,
447			      p8inf);
448	}
449
450int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
451	{
452	PKCS8_PRIV_KEY_INFO *p8inf;
453	int ret;
454	p8inf = EVP_PKEY2PKCS8(key);
455	if(!p8inf) return 0;
456	ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
457	PKCS8_PRIV_KEY_INFO_free(p8inf);
458	return ret;
459	}
460
461int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
462	{
463	return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey);
464	}
465
466EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
467{
468	return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a);
469}
470
471int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
472	{
473	return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey);
474	}
475
476EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
477{
478	return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a);
479}
480
481#endif
482
483PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
484						 PKCS8_PRIV_KEY_INFO **p8inf)
485	{
486	return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
487			    d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf);
488	}
489
490int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
491	{
492	return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp,
493			       p8inf);
494	}
495
496int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
497	{
498	PKCS8_PRIV_KEY_INFO *p8inf;
499	int ret;
500	p8inf = EVP_PKEY2PKCS8(key);
501	if(!p8inf) return 0;
502	ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
503	PKCS8_PRIV_KEY_INFO_free(p8inf);
504	return ret;
505	}
506
507int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
508	{
509	return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey);
510	}
511
512EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
513	{
514	return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a);
515	}
516
517int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
518	{
519	return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey);
520	}
521
522EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
523	{
524	return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a);
525	}
526