1/* 2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* 11 * Low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14#include "internal/deprecated.h" 15 16#include <stdio.h> 17#include "internal/cryptlib.h" 18#include <openssl/buffer.h> 19#include <openssl/asn1.h> 20#include <openssl/evp.h> 21#include <openssl/x509.h> 22#include <openssl/http.h> 23#include <openssl/rsa.h> 24#include <openssl/dsa.h> 25#include <openssl/x509v3.h> 26#include "internal/asn1.h" 27#include "crypto/pkcs7.h" 28#include "crypto/x509.h" 29#include "crypto/rsa.h" 30 31int X509_verify(X509 *a, EVP_PKEY *r) 32{ 33 if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature) != 0) 34 return 0; 35 36 return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, 37 &a->signature, &a->cert_info, 38 a->distinguishing_id, r, a->libctx, a->propq); 39} 40 41int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OSSL_LIB_CTX *libctx, 42 const char *propq) 43{ 44 return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &a->sig_alg, 45 a->signature, &a->req_info, a->distinguishing_id, 46 r, libctx, propq); 47} 48 49int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) 50{ 51 return X509_REQ_verify_ex(a, r, NULL, NULL); 52} 53 54int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) 55{ 56 return ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), 57 &a->sig_algor, a->signature, a->spkac, r); 58} 59 60int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) 61{ 62 if (x == NULL) { 63 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); 64 return 0; 65 } 66 67 /* 68 * Setting the modified flag before signing it. This makes the cached 69 * encoding to be ignored, so even if the certificate fields have changed, 70 * they are signed correctly. 71 * The X509_sign_ctx, X509_REQ_sign{,_ctx}, X509_CRL_sign{,_ctx} functions 72 * which exist below are the same. 73 */ 74 x->cert_info.enc.modified = 1; 75 return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, 76 &x->sig_alg, &x->signature, &x->cert_info, NULL, 77 pkey, md, x->libctx, x->propq); 78} 79 80int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) 81{ 82 if (x == NULL) { 83 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); 84 return 0; 85 } 86 x->cert_info.enc.modified = 1; 87 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), 88 &x->cert_info.signature, 89 &x->sig_alg, &x->signature, &x->cert_info, ctx); 90} 91 92static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio, 93 int timeout, const ASN1_ITEM *it) 94{ 95 BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */, 96 bio, rbio, NULL /* cb */, NULL /* arg */, 97 1024 /* buf_size */, NULL /* headers */, 98 NULL /* expected_ct */, 1 /* expect_asn1 */, 99 OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout); 100 ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL); 101 102 BIO_free(mem); 103 return res; 104} 105 106X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) 107{ 108 return (X509 *)simple_get_asn1(url, bio, rbio, timeout, 109 ASN1_ITEM_rptr(X509)); 110} 111 112int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) 113{ 114 if (x == NULL) { 115 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); 116 return 0; 117 } 118 x->req_info.enc.modified = 1; 119 return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL, 120 x->signature, &x->req_info, NULL, 121 pkey, md, x->libctx, x->propq); 122} 123 124int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) 125{ 126 if (x == NULL) { 127 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); 128 return 0; 129 } 130 x->req_info.enc.modified = 1; 131 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), 132 &x->sig_alg, NULL, x->signature, &x->req_info, 133 ctx); 134} 135 136int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) 137{ 138 if (x == NULL) { 139 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); 140 return 0; 141 } 142 x->crl.enc.modified = 1; 143 return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg, 144 &x->sig_alg, &x->signature, &x->crl, NULL, 145 pkey, md, x->libctx, x->propq); 146} 147 148int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) 149{ 150 if (x == NULL) { 151 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); 152 return 0; 153 } 154 x->crl.enc.modified = 1; 155 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), 156 &x->crl.sig_alg, &x->sig_alg, &x->signature, 157 &x->crl, ctx); 158} 159 160X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) 161{ 162 return (X509_CRL *)simple_get_asn1(url, bio, rbio, timeout, 163 ASN1_ITEM_rptr(X509_CRL)); 164} 165 166int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) 167{ 168 return 169 ASN1_item_sign_ex(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, 170 x->signature, x->spkac, NULL, pkey, md, NULL, NULL); 171} 172 173#ifndef OPENSSL_NO_STDIO 174X509 *d2i_X509_fp(FILE *fp, X509 **x509) 175{ 176 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); 177} 178 179int i2d_X509_fp(FILE *fp, const X509 *x509) 180{ 181 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); 182} 183#endif 184 185X509 *d2i_X509_bio(BIO *bp, X509 **x509) 186{ 187 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); 188} 189 190int i2d_X509_bio(BIO *bp, const X509 *x509) 191{ 192 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); 193} 194 195#ifndef OPENSSL_NO_STDIO 196X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) 197{ 198 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); 199} 200 201int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl) 202{ 203 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); 204} 205#endif 206 207X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) 208{ 209 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); 210} 211 212int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl) 213{ 214 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); 215} 216 217#ifndef OPENSSL_NO_STDIO 218PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) 219{ 220 PKCS7 *ret; 221 OSSL_LIB_CTX *libctx = NULL; 222 const char *propq = NULL; 223 224 if (p7 != NULL && *p7 != NULL) { 225 libctx = (*p7)->ctx.libctx; 226 propq = (*p7)->ctx.propq; 227 } 228 229 ret = ASN1_item_d2i_fp_ex(ASN1_ITEM_rptr(PKCS7), fp, p7, libctx, propq); 230 if (ret != NULL) 231 ossl_pkcs7_resolve_libctx(ret); 232 return ret; 233} 234 235int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7) 236{ 237 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); 238} 239#endif 240 241PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) 242{ 243 PKCS7 *ret; 244 OSSL_LIB_CTX *libctx = NULL; 245 const char *propq = NULL; 246 247 if (p7 != NULL && *p7 != NULL) { 248 libctx = (*p7)->ctx.libctx; 249 propq = (*p7)->ctx.propq; 250 } 251 252 ret = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(PKCS7), bp, p7, libctx, propq); 253 if (ret != NULL) 254 ossl_pkcs7_resolve_libctx(ret); 255 return ret; 256} 257 258int i2d_PKCS7_bio(BIO *bp, const PKCS7 *p7) 259{ 260 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); 261} 262 263#ifndef OPENSSL_NO_STDIO 264X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) 265{ 266 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); 267} 268 269int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req) 270{ 271 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); 272} 273#endif 274 275X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) 276{ 277 OSSL_LIB_CTX *libctx = NULL; 278 const char *propq = NULL; 279 280 if (req != NULL && *req != NULL) { 281 libctx = (*req)->libctx; 282 propq = (*req)->propq; 283 } 284 285 return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(X509_REQ), bp, req, libctx, propq); 286} 287 288int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req) 289{ 290 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); 291} 292 293#ifndef OPENSSL_NO_STDIO 294RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) 295{ 296 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); 297} 298 299int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa) 300{ 301 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); 302} 303 304RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) 305{ 306 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); 307} 308 309RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) 310{ 311 return ASN1_d2i_fp((void *(*)(void)) 312 RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp, 313 (void **)rsa); 314} 315 316int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa) 317{ 318 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); 319} 320 321int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa) 322{ 323 return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa); 324} 325#endif 326 327RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) 328{ 329 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); 330} 331 332int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa) 333{ 334 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); 335} 336 337RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) 338{ 339 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); 340} 341 342RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) 343{ 344 return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa); 345} 346 347int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa) 348{ 349 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); 350} 351 352int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa) 353{ 354 return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa); 355} 356 357#ifndef OPENSSL_NO_DSA 358# ifndef OPENSSL_NO_STDIO 359DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) 360{ 361 return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa); 362} 363 364int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa) 365{ 366 return ASN1_i2d_fp_of(DSA, i2d_DSAPrivateKey, fp, dsa); 367} 368 369DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) 370{ 371 return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa); 372} 373 374int i2d_DSA_PUBKEY_fp(FILE *fp, const DSA *dsa) 375{ 376 return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa); 377} 378# endif 379 380DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) 381{ 382 return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa); 383} 384 385int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa) 386{ 387 return ASN1_i2d_bio_of(DSA, i2d_DSAPrivateKey, bp, dsa); 388} 389 390DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) 391{ 392 return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa); 393} 394 395int i2d_DSA_PUBKEY_bio(BIO *bp, const DSA *dsa) 396{ 397 return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa); 398} 399 400#endif 401 402#ifndef OPENSSL_NO_EC 403# ifndef OPENSSL_NO_STDIO 404EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) 405{ 406 return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); 407} 408 409int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey) 410{ 411 return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey); 412} 413 414EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey) 415{ 416 return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey); 417} 418 419int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey) 420{ 421 return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey); 422} 423# endif 424EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) 425{ 426 return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey); 427} 428 429int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *ecdsa) 430{ 431 return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa); 432} 433 434EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey) 435{ 436 return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey); 437} 438 439int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey) 440{ 441 return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey); 442} 443#endif 444 445int X509_pubkey_digest(const X509 *data, const EVP_MD *type, 446 unsigned char *md, unsigned int *len) 447{ 448 ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(data); 449 450 if (key == NULL) 451 return 0; 452 return EVP_Digest(key->data, key->length, md, len, type, NULL); 453} 454 455int X509_digest(const X509 *cert, const EVP_MD *md, unsigned char *data, 456 unsigned int *len) 457{ 458 if (EVP_MD_is_a(md, SN_sha1) && (cert->ex_flags & EXFLAG_SET) != 0 459 && (cert->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) { 460 /* Asking for SHA1 and we already computed it. */ 461 if (len != NULL) 462 *len = sizeof(cert->sha1_hash); 463 memcpy(data, cert->sha1_hash, sizeof(cert->sha1_hash)); 464 return 1; 465 } 466 return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509), md, (char *)cert, 467 data, len, cert->libctx, cert->propq); 468} 469 470/* calculate cert digest using the same hash algorithm as in its signature */ 471ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert, 472 EVP_MD **md_used, int *md_is_fallback) 473{ 474 unsigned int len; 475 unsigned char hash[EVP_MAX_MD_SIZE]; 476 int mdnid, pknid; 477 EVP_MD *md = NULL; 478 const char *md_name; 479 ASN1_OCTET_STRING *new; 480 481 if (md_used != NULL) 482 *md_used = NULL; 483 if (md_is_fallback != NULL) 484 *md_is_fallback = 0; 485 486 if (cert == NULL) { 487 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); 488 return NULL; 489 } 490 491 if (!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &mdnid, &pknid)) { 492 ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_SIGID_ALGS); 493 return NULL; 494 } 495 496 if (mdnid == NID_undef) { 497 if (pknid == EVP_PKEY_RSA_PSS) { 498 RSA_PSS_PARAMS *pss = ossl_rsa_pss_decode(&cert->sig_alg); 499 const EVP_MD *mgf1md, *mmd = NULL; 500 int saltlen, trailerfield; 501 502 if (pss == NULL 503 || !ossl_rsa_pss_get_param_unverified(pss, &mmd, &mgf1md, 504 &saltlen, 505 &trailerfield) 506 || mmd == NULL) { 507 RSA_PSS_PARAMS_free(pss); 508 ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); 509 return NULL; 510 } 511 RSA_PSS_PARAMS_free(pss); 512 /* Fetch explicitly and do not fallback */ 513 if ((md = EVP_MD_fetch(cert->libctx, EVP_MD_get0_name(mmd), 514 cert->propq)) == NULL) 515 /* Error code from fetch is sufficient */ 516 return NULL; 517 } else if (pknid != NID_undef) { 518 /* A known algorithm, but without a digest */ 519 switch (pknid) { 520 case NID_ED25519: /* Follow CMS default given in RFC8419 */ 521 md_name = "SHA512"; 522 break; 523 case NID_ED448: /* Follow CMS default given in RFC8419 */ 524 md_name = "SHAKE256"; 525 break; 526 default: /* Fall back to SHA-256 */ 527 md_name = "SHA256"; 528 break; 529 } 530 if ((md = EVP_MD_fetch(cert->libctx, md_name, 531 cert->propq)) == NULL) 532 return NULL; 533 if (md_is_fallback != NULL) 534 *md_is_fallback = 1; 535 } else { 536 /* A completely unknown algorithm */ 537 ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); 538 return NULL; 539 } 540 } else if ((md = EVP_MD_fetch(cert->libctx, OBJ_nid2sn(mdnid), 541 cert->propq)) == NULL 542 && (md = (EVP_MD *)EVP_get_digestbynid(mdnid)) == NULL) { 543 ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); 544 return NULL; 545 } 546 if (!X509_digest(cert, md, hash, &len) 547 || (new = ASN1_OCTET_STRING_new()) == NULL) 548 goto err; 549 if (ASN1_OCTET_STRING_set(new, hash, len)) { 550 if (md_used != NULL) 551 *md_used = md; 552 else 553 EVP_MD_free(md); 554 return new; 555 } 556 ASN1_OCTET_STRING_free(new); 557 err: 558 EVP_MD_free(md); 559 return NULL; 560} 561 562int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, 563 unsigned char *md, unsigned int *len) 564{ 565 if (type == NULL) { 566 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); 567 return 0; 568 } 569 if (EVP_MD_is_a(type, SN_sha1) 570 && (data->flags & EXFLAG_SET) != 0 571 && (data->flags & EXFLAG_NO_FINGERPRINT) == 0) { 572 /* Asking for SHA1; always computed in CRL d2i. */ 573 if (len != NULL) 574 *len = sizeof(data->sha1_hash); 575 memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); 576 return 1; 577 } 578 return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_CRL), type, (char *)data, 579 md, len, data->libctx, data->propq); 580} 581 582int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, 583 unsigned char *md, unsigned int *len) 584{ 585 return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_REQ), type, (char *)data, 586 md, len, data->libctx, data->propq); 587} 588 589int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, 590 unsigned char *md, unsigned int *len) 591{ 592 return ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME), type, (char *)data, 593 md, len); 594} 595 596int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, 597 const EVP_MD *type, unsigned char *md, 598 unsigned int *len) 599{ 600 return ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type, 601 (char *)data, md, len); 602} 603 604#ifndef OPENSSL_NO_STDIO 605X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) 606{ 607 return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8); 608} 609 610int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8) 611{ 612 return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8); 613} 614#endif 615 616X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) 617{ 618 return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8); 619} 620 621int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8) 622{ 623 return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8); 624} 625 626#ifndef OPENSSL_NO_STDIO 627X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk) 628{ 629 return ASN1_d2i_fp_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY, 630 fp, xpk); 631} 632 633int i2d_X509_PUBKEY_fp(FILE *fp, const X509_PUBKEY *xpk) 634{ 635 return ASN1_i2d_fp_of(X509_PUBKEY, i2d_X509_PUBKEY, fp, xpk); 636} 637#endif 638 639X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk) 640{ 641 return ASN1_d2i_bio_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY, 642 bp, xpk); 643} 644 645int i2d_X509_PUBKEY_bio(BIO *bp, const X509_PUBKEY *xpk) 646{ 647 return ASN1_i2d_bio_of(X509_PUBKEY, i2d_X509_PUBKEY, bp, xpk); 648} 649 650#ifndef OPENSSL_NO_STDIO 651PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, 652 PKCS8_PRIV_KEY_INFO **p8inf) 653{ 654 return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, 655 d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf); 656} 657 658int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf) 659{ 660 return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp, 661 p8inf); 662} 663 664int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key) 665{ 666 PKCS8_PRIV_KEY_INFO *p8inf; 667 int ret; 668 669 p8inf = EVP_PKEY2PKCS8(key); 670 if (p8inf == NULL) 671 return 0; 672 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); 673 PKCS8_PRIV_KEY_INFO_free(p8inf); 674 return ret; 675} 676 677int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey) 678{ 679 return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey); 680} 681 682EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) 683{ 684 return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a); 685} 686 687EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, 688 const char *propq) 689{ 690 BIO *b; 691 void *ret; 692 693 if ((b = BIO_new(BIO_s_file())) == NULL) { 694 ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); 695 return NULL; 696 } 697 BIO_set_fp(b, fp, BIO_NOCLOSE); 698 ret = d2i_PrivateKey_ex_bio(b, a, libctx, propq); 699 BIO_free(b); 700 return ret; 701} 702 703int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey) 704{ 705 return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey); 706} 707 708EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) 709{ 710 return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a); 711} 712 713#endif 714 715PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, 716 PKCS8_PRIV_KEY_INFO **p8inf) 717{ 718 return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, 719 d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf); 720} 721 722int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf) 723{ 724 return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp, 725 p8inf); 726} 727 728int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key) 729{ 730 PKCS8_PRIV_KEY_INFO *p8inf; 731 int ret; 732 733 p8inf = EVP_PKEY2PKCS8(key); 734 if (p8inf == NULL) 735 return 0; 736 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); 737 PKCS8_PRIV_KEY_INFO_free(p8inf); 738 return ret; 739} 740 741int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey) 742{ 743 return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey); 744} 745 746EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) 747{ 748 return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a); 749} 750 751EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, 752 const char *propq) 753{ 754 BUF_MEM *b = NULL; 755 const unsigned char *p; 756 void *ret = NULL; 757 int len; 758 759 len = asn1_d2i_read_bio(bp, &b); 760 if (len < 0) 761 goto err; 762 763 p = (unsigned char *)b->data; 764 ret = d2i_AutoPrivateKey_ex(a, &p, len, libctx, propq); 765 err: 766 BUF_MEM_free(b); 767 return ret; 768} 769 770int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey) 771{ 772 return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey); 773} 774 775EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) 776{ 777 return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a); 778} 779