x_all.c revision 296465 
1/* crypto/x509/x_all.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to.  The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 *    notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 *    notice, this list of conditions and the following disclaimer in the
30 *    documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 *    must display the following acknowledgement:
33 *    "This product includes cryptographic software written by
34 *     Eric Young (eay@cryptsoft.com)"
35 *    The word 'cryptographic' can be left out if the rouines from the library
36 *    being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 *    the apps directory (application code) you must include an acknowledgement:
39 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#undef SSLEAY_MACROS
61#include <openssl/stack.h>
62#include "cryptlib.h"
63#include <openssl/buffer.h>
64#include <openssl/asn1.h>
65#include <openssl/evp.h>
66#include <openssl/x509.h>
67#ifndef OPENSSL_NO_RSA
68# include <openssl/rsa.h>
69#endif
70#ifndef OPENSSL_NO_DSA
71# include <openssl/dsa.h>
72#endif
73
74int X509_verify(X509 *a, EVP_PKEY *r)
75{
76    if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
77        return 0;
78    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg,
79                             a->signature, a->cert_info, r));
80}
81
82int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
83{
84    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
85                             a->sig_alg, a->signature, a->req_info, r));
86}
87
88int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
89{
90    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
91                             a->sig_alg, a->signature, a->crl, r));
92}
93
94int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
95{
96    return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
97                             a->sig_algor, a->signature, a->spkac, r));
98}
99
100int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
101{
102    x->cert_info->enc.modified = 1;
103    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
104                           x->sig_alg, x->signature, x->cert_info, pkey, md));
105}
106
107int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
108{
109    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL,
110                           x->signature, x->req_info, pkey, md));
111}
112
113int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
114{
115    x->crl->enc.modified = 1;
116    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg,
117                           x->sig_alg, x->signature, x->crl, pkey, md));
118}
119
120int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
121{
122    return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL,
123                           x->signature, x->spkac, pkey, md));
124}
125
126#ifndef OPENSSL_NO_FP_API
127X509 *d2i_X509_fp(FILE *fp, X509 **x509)
128{
129    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
130}
131
132int i2d_X509_fp(FILE *fp, X509 *x509)
133{
134    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
135}
136#endif
137
138X509 *d2i_X509_bio(BIO *bp, X509 **x509)
139{
140    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
141}
142
143int i2d_X509_bio(BIO *bp, X509 *x509)
144{
145    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
146}
147
148#ifndef OPENSSL_NO_FP_API
149X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
150{
151    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
152}
153
154int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
155{
156    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
157}
158#endif
159
160X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
161{
162    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
163}
164
165int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
166{
167    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
168}
169
170#ifndef OPENSSL_NO_FP_API
171PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
172{
173    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
174}
175
176int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
177{
178    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
179}
180#endif
181
182PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
183{
184    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
185}
186
187int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
188{
189    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
190}
191
192#ifndef OPENSSL_NO_FP_API
193X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
194{
195    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
196}
197
198int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
199{
200    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
201}
202#endif
203
204X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
205{
206    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
207}
208
209int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
210{
211    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
212}
213
214#ifndef OPENSSL_NO_RSA
215
216# ifndef OPENSSL_NO_FP_API
217RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
218{
219    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
220}
221
222int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
223{
224    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
225}
226
227RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
228{
229    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
230}
231
232RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
233{
234    return ASN1_d2i_fp((void *(*)(void))
235                       RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp,
236                       (void **)rsa);
237}
238
239int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
240{
241    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
242}
243
244int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
245{
246    return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
247}
248# endif
249
250RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
251{
252    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
253}
254
255int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
256{
257    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
258}
259
260RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
261{
262    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
263}
264
265RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
266{
267    return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
268}
269
270int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
271{
272    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
273}
274
275int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
276{
277    return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
278}
279#endif
280
281#ifndef OPENSSL_NO_DSA
282# ifndef OPENSSL_NO_FP_API
283DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
284{
285    return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
286}
287
288int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
289{
290    return ASN1_i2d_fp_of_const(DSA, i2d_DSAPrivateKey, fp, dsa);
291}
292
293DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
294{
295    return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
296}
297
298int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
299{
300    return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
301}
302# endif
303
304DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
305{
306    return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
307}
308
309int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
310{
311    return ASN1_i2d_bio_of_const(DSA, i2d_DSAPrivateKey, bp, dsa);
312}
313
314DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
315{
316    return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
317}
318
319int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
320{
321    return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
322}
323
324#endif
325
326#ifndef OPENSSL_NO_EC
327# ifndef OPENSSL_NO_FP_API
328EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
329{
330    return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
331}
332
333int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
334{
335    return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
336}
337
338EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
339{
340    return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
341}
342
343int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
344{
345    return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
346}
347# endif
348EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
349{
350    return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
351}
352
353int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
354{
355    return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
356}
357
358EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
359{
360    return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
361}
362
363int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
364{
365    return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
366}
367#endif
368
369int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
370                       unsigned char *md, unsigned int *len)
371{
372    ASN1_BIT_STRING *key;
373    key = X509_get0_pubkey_bitstr(data);
374    if (!key)
375        return 0;
376    return EVP_Digest(key->data, key->length, md, len, type, NULL);
377}
378
379int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
380                unsigned int *len)
381{
382    return (ASN1_item_digest
383            (ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
384}
385
386int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
387                    unsigned char *md, unsigned int *len)
388{
389    return (ASN1_item_digest
390            (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
391}
392
393int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
394                    unsigned char *md, unsigned int *len)
395{
396    return (ASN1_item_digest
397            (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len));
398}
399
400int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
401                     unsigned char *md, unsigned int *len)
402{
403    return (ASN1_item_digest
404            (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len));
405}
406
407int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
408                                   const EVP_MD *type, unsigned char *md,
409                                   unsigned int *len)
410{
411    return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
412                             (char *)data, md, len));
413}
414
415#ifndef OPENSSL_NO_FP_API
416X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
417{
418    return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
419}
420
421int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
422{
423    return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
424}
425#endif
426
427X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
428{
429    return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
430}
431
432int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
433{
434    return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
435}
436
437#ifndef OPENSSL_NO_FP_API
438PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
439                                                PKCS8_PRIV_KEY_INFO **p8inf)
440{
441    return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
442                          d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
443}
444
445int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
446{
447    return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp,
448                          p8inf);
449}
450
451int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
452{
453    PKCS8_PRIV_KEY_INFO *p8inf;
454    int ret;
455    p8inf = EVP_PKEY2PKCS8(key);
456    if (!p8inf)
457        return 0;
458    ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
459    PKCS8_PRIV_KEY_INFO_free(p8inf);
460    return ret;
461}
462
463int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
464{
465    return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
466}
467
468EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
469{
470    return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
471}
472
473int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
474{
475    return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
476}
477
478EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
479{
480    return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
481}
482
483#endif
484
485PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
486                                                 PKCS8_PRIV_KEY_INFO **p8inf)
487{
488    return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
489                           d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
490}
491
492int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
493{
494    return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp,
495                           p8inf);
496}
497
498int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
499{
500    PKCS8_PRIV_KEY_INFO *p8inf;
501    int ret;
502    p8inf = EVP_PKEY2PKCS8(key);
503    if (!p8inf)
504        return 0;
505    ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
506    PKCS8_PRIV_KEY_INFO_free(p8inf);
507    return ret;
508}
509
510int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
511{
512    return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
513}
514
515EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
516{
517    return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
518}
519
520int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
521{
522    return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
523}
524
525EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
526{
527    return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
528}
529