1/* crypto/x509/x_all.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59#include <stdio.h> 60#undef SSLEAY_MACROS 61#include <openssl/stack.h> 62#include "cryptlib.h" 63#include <openssl/buffer.h> 64#include <openssl/asn1.h> 65#include <openssl/evp.h> 66#include <openssl/x509.h> 67#ifndef OPENSSL_NO_RSA 68#include <openssl/rsa.h> 69#endif 70#ifndef OPENSSL_NO_DSA 71#include <openssl/dsa.h> 72#endif 73 74int X509_verify(X509 *a, EVP_PKEY *r) 75 { 76 return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, 77 a->signature,a->cert_info,r)); 78 } 79 80int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) 81 { 82 return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), 83 a->sig_alg,a->signature,a->req_info,r)); 84 } 85 86int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r) 87 { 88 return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), 89 a->sig_alg, a->signature,a->crl,r)); 90 } 91 92int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) 93 { 94 return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), 95 a->sig_algor,a->signature,a->spkac,r)); 96 } 97 98int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) 99 { 100 x->cert_info->enc.modified = 1; 101 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, 102 x->sig_alg, x->signature, x->cert_info,pkey,md)); 103 } 104 105int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) 106 { 107 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL, 108 x->signature, x->req_info,pkey,md)); 109 } 110 111int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) 112 { 113 x->crl->enc.modified = 1; 114 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg, 115 x->sig_alg, x->signature, x->crl,pkey,md)); 116 } 117 118int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) 119 { 120 return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL, 121 x->signature, x->spkac,pkey,md)); 122 } 123 124#ifndef OPENSSL_NO_FP_API 125X509 *d2i_X509_fp(FILE *fp, X509 **x509) 126 { 127 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); 128 } 129 130int i2d_X509_fp(FILE *fp, X509 *x509) 131 { 132 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); 133 } 134#endif 135 136X509 *d2i_X509_bio(BIO *bp, X509 **x509) 137 { 138 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); 139 } 140 141int i2d_X509_bio(BIO *bp, X509 *x509) 142 { 143 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); 144 } 145 146#ifndef OPENSSL_NO_FP_API 147X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) 148 { 149 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); 150 } 151 152int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) 153 { 154 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); 155 } 156#endif 157 158X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) 159 { 160 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); 161 } 162 163int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) 164 { 165 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); 166 } 167 168#ifndef OPENSSL_NO_FP_API 169PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) 170 { 171 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); 172 } 173 174int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7) 175 { 176 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); 177 } 178#endif 179 180PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) 181 { 182 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); 183 } 184 185int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) 186 { 187 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); 188 } 189 190#ifndef OPENSSL_NO_FP_API 191X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) 192 { 193 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); 194 } 195 196int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) 197 { 198 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); 199 } 200#endif 201 202X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) 203 { 204 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); 205 } 206 207int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) 208 { 209 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); 210 } 211 212#ifndef OPENSSL_NO_RSA 213 214#ifndef OPENSSL_NO_FP_API 215RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) 216 { 217 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); 218 } 219 220int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa) 221 { 222 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); 223 } 224 225RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) 226 { 227 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); 228 } 229 230 231RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) 232 { 233 return ASN1_d2i_fp((void *(*)(void)) 234 RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp, 235 (void **)rsa); 236 } 237 238int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) 239 { 240 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); 241 } 242 243int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) 244 { 245 return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa); 246 } 247#endif 248 249RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) 250 { 251 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); 252 } 253 254int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa) 255 { 256 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); 257 } 258 259RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) 260 { 261 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); 262 } 263 264 265RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) 266 { 267 return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa); 268 } 269 270int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) 271 { 272 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); 273 } 274 275int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) 276 { 277 return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa); 278 } 279#endif 280 281#ifndef OPENSSL_NO_DSA 282#ifndef OPENSSL_NO_FP_API 283DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) 284 { 285 return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa); 286 } 287 288int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) 289 { 290 return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa); 291 } 292 293DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) 294 { 295 return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa); 296 } 297 298int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) 299 { 300 return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa); 301 } 302#endif 303 304DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) 305 { 306 return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa 307); 308 } 309 310int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) 311 { 312 return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa); 313 } 314 315DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) 316 { 317 return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa); 318 } 319 320int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) 321 { 322 return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa); 323 } 324 325#endif 326 327#ifndef OPENSSL_NO_EC 328#ifndef OPENSSL_NO_FP_API 329EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) 330 { 331 return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey); 332 } 333 334int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey) 335 { 336 return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey); 337 } 338 339EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey) 340 { 341 return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey); 342 } 343 344int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey) 345 { 346 return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey); 347 } 348#endif 349EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) 350 { 351 return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey); 352 } 353 354int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa) 355 { 356 return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa); 357 } 358 359EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey) 360 { 361 return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey); 362 } 363 364int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey) 365 { 366 return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey); 367 } 368#endif 369 370 371int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, 372 unsigned int *len) 373 { 374 ASN1_BIT_STRING *key; 375 key = X509_get0_pubkey_bitstr(data); 376 if(!key) return 0; 377 return EVP_Digest(key->data, key->length, md, len, type, NULL); 378 } 379 380int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, 381 unsigned int *len) 382 { 383 return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len)); 384 } 385 386int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, 387 unsigned int *len) 388 { 389 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len)); 390 } 391 392int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, 393 unsigned int *len) 394 { 395 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len)); 396 } 397 398int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, 399 unsigned int *len) 400 { 401 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len)); 402 } 403 404int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type, 405 unsigned char *md, unsigned int *len) 406 { 407 return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type, 408 (char *)data,md,len)); 409 } 410 411 412#ifndef OPENSSL_NO_FP_API 413X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) 414 { 415 return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8); 416 } 417 418int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8) 419 { 420 return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8); 421 } 422#endif 423 424X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) 425 { 426 return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8); 427 } 428 429int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) 430 { 431 return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8); 432 } 433 434#ifndef OPENSSL_NO_FP_API 435PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, 436 PKCS8_PRIV_KEY_INFO **p8inf) 437 { 438 return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, 439 d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf); 440 } 441 442int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf) 443 { 444 return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp, 445 p8inf); 446 } 447 448int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) 449 { 450 PKCS8_PRIV_KEY_INFO *p8inf; 451 int ret; 452 p8inf = EVP_PKEY2PKCS8(key); 453 if(!p8inf) return 0; 454 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); 455 PKCS8_PRIV_KEY_INFO_free(p8inf); 456 return ret; 457 } 458 459int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) 460 { 461 return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey); 462 } 463 464EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) 465{ 466 return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a); 467} 468 469int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) 470 { 471 return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey); 472 } 473 474EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) 475{ 476 return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a); 477} 478 479#endif 480 481PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, 482 PKCS8_PRIV_KEY_INFO **p8inf) 483 { 484 return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, 485 d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf); 486 } 487 488int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf) 489 { 490 return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp, 491 p8inf); 492 } 493 494int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) 495 { 496 PKCS8_PRIV_KEY_INFO *p8inf; 497 int ret; 498 p8inf = EVP_PKEY2PKCS8(key); 499 if(!p8inf) return 0; 500 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); 501 PKCS8_PRIV_KEY_INFO_free(p8inf); 502 return ret; 503 } 504 505int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey) 506 { 507 return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey); 508 } 509 510EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) 511 { 512 return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a); 513 } 514 515int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) 516 { 517 return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey); 518 } 519 520EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) 521 { 522 return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a); 523 } 524