x_all.c revision 1.19 
1/* $OpenBSD: x_all.c,v 1.19 2015/01/28 04:14:31 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to.  The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 *    notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 *    notice, this list of conditions and the following disclaimer in the
30 *    documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 *    must display the following acknowledgement:
33 *    "This product includes cryptographic software written by
34 *     Eric Young (eay@cryptsoft.com)"
35 *    The word 'cryptographic' can be left out if the rouines from the library
36 *    being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 *    the apps directory (application code) you must include an acknowledgement:
39 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#include <openssl/asn1.h>
64#include <openssl/buffer.h>
65#include <openssl/evp.h>
66#include <openssl/stack.h>
67#include <openssl/x509.h>
68
69#ifndef OPENSSL_NO_DSA
70#include <openssl/dsa.h>
71#endif
72#ifndef OPENSSL_NO_RSA
73#include <openssl/rsa.h>
74#endif
75
76int
77X509_verify(X509 *a, EVP_PKEY *r)
78{
79	if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
80		return 0;
81	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg,
82	    a->signature, a->cert_info, r));
83}
84
85int
86X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
87{
88	return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
89	    a->sig_alg, a->signature, a->req_info, r));
90}
91
92int
93NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
94{
95	return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
96	    a->sig_algor, a->signature, a->spkac, r));
97}
98
99int
100X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
101{
102	x->cert_info->enc.modified = 1;
103	return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF),
104	    x->cert_info->signature, x->sig_alg, x->signature,
105	    x->cert_info, pkey, md));
106}
107
108int
109X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
110{
111	x->cert_info->enc.modified = 1;
112	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
113	    x->cert_info->signature, x->sig_alg, x->signature,
114	    x->cert_info, ctx);
115}
116
117int
118X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
119{
120	return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),
121	    x->sig_alg, NULL, x->signature, x->req_info, pkey, md));
122}
123
124int
125X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
126{
127	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
128	    x->sig_alg, NULL, x->signature, x->req_info, ctx);
129}
130
131int
132X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
133{
134	x->crl->enc.modified = 1;
135	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg,
136	    x->sig_alg, x->signature, x->crl, pkey, md));
137}
138
139int
140X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
141{
142	x->crl->enc.modified = 1;
143	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
144	    x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
145}
146
147int
148NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
149{
150	return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
151	    x->sig_algor, NULL, x->signature, x->spkac, pkey, md));
152}
153
154X509 *
155d2i_X509_fp(FILE *fp, X509 **x509)
156{
157	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
158}
159
160int
161i2d_X509_fp(FILE *fp, X509 *x509)
162{
163	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
164}
165
166X509 *
167d2i_X509_bio(BIO *bp, X509 **x509)
168{
169	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
170}
171
172int
173i2d_X509_bio(BIO *bp, X509 *x509)
174{
175	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
176}
177
178X509_CRL *
179d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
180{
181	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
182}
183
184int
185i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
186{
187	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
188}
189
190X509_CRL *
191d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
192{
193	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
194}
195
196int
197i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
198{
199	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
200}
201
202PKCS7 *
203d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
204{
205	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
206}
207
208int
209i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
210{
211	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
212}
213
214PKCS7 *
215d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
216{
217	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
218}
219
220int
221i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
222{
223	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
224}
225
226X509_REQ *
227d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
228{
229	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
230}
231
232int
233i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
234{
235	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
236}
237
238X509_REQ *
239d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
240{
241	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
242}
243
244int
245i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
246{
247	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
248}
249
250#ifndef OPENSSL_NO_RSA
251
252RSA *
253d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
254{
255	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
256}
257
258int
259i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
260{
261	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
262}
263
264RSA *
265d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
266{
267	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
268}
269
270
271RSA *
272d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
273{
274	return ASN1_d2i_fp((void *(*)(void))RSA_new,
275	    (D2I_OF(void))d2i_RSA_PUBKEY, fp, (void **)rsa);
276}
277
278int
279i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
280{
281	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
282}
283
284int
285i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
286{
287	return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
288}
289
290RSA *
291d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
292{
293	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
294}
295
296int
297i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
298{
299	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
300}
301
302RSA *
303d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
304{
305	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
306}
307
308
309RSA *
310d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
311{
312	return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
313}
314
315int
316i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
317{
318	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
319}
320
321int
322i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
323{
324	return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
325}
326#endif
327
328#ifndef OPENSSL_NO_DSA
329DSA *
330d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
331{
332	return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
333}
334
335int
336i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
337{
338	return ASN1_i2d_fp_of_const(DSA, i2d_DSAPrivateKey, fp, dsa);
339}
340
341DSA *
342d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
343{
344	return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
345}
346
347int
348i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
349{
350	return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
351}
352
353DSA *
354d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
355{
356	return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
357}
358
359int
360i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
361{
362	return ASN1_i2d_bio_of_const(DSA, i2d_DSAPrivateKey, bp, dsa);
363}
364
365DSA *
366d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
367{
368	return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
369}
370
371int
372i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
373{
374	return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
375}
376
377#endif
378
379#ifndef OPENSSL_NO_EC
380EC_KEY *
381d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
382{
383	return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
384}
385
386int
387i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
388{
389	return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
390}
391
392EC_KEY *
393d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
394{
395	return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
396}
397
398int
399i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
400{
401	return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
402}
403EC_KEY *
404d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
405{
406	return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
407}
408
409int
410i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
411{
412	return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
413}
414
415EC_KEY *
416d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
417{
418	return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
419}
420
421int
422i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
423{
424	return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
425}
426#endif
427
428
429int
430X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
431    unsigned int *len)
432{
433	ASN1_BIT_STRING *key;
434	key = X509_get0_pubkey_bitstr(data);
435	if (!key)
436		return 0;
437	return EVP_Digest(key->data, key->length, md, len, type, NULL);
438}
439
440int
441X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
442    unsigned int *len)
443{
444	return (ASN1_item_digest(ASN1_ITEM_rptr(X509), type, (char *)data,
445	    md, len));
446}
447
448int
449X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
450    unsigned int *len)
451{
452	return (ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL), type, (char *)data,
453	    md, len));
454}
455
456int
457X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
458    unsigned int *len)
459{
460	return (ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ), type, (char *)data,
461	    md, len));
462}
463
464int
465X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
466    unsigned int *len)
467{
468	return (ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME), type, (char *)data,
469	    md, len));
470}
471
472int
473PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
474    const EVP_MD *type, unsigned char *md, unsigned int *len)
475{
476	return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
477	    (char *)data, md, len));
478}
479
480
481X509_SIG *
482d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
483{
484	return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
485}
486
487int
488i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
489{
490	return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
491}
492
493X509_SIG *
494d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
495{
496	return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
497}
498
499int
500i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
501{
502	return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
503}
504
505PKCS8_PRIV_KEY_INFO *
506d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO **p8inf)
507{
508	return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
509	    d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
510}
511
512int
513i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
514{
515	return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO,
516	    fp, p8inf);
517}
518
519int
520i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
521{
522	PKCS8_PRIV_KEY_INFO *p8inf;
523	int ret;
524	p8inf = EVP_PKEY2PKCS8(key);
525	if (!p8inf)
526		return 0;
527	ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
528	PKCS8_PRIV_KEY_INFO_free(p8inf);
529	return ret;
530}
531
532int
533i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
534{
535	return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
536}
537
538EVP_PKEY *
539d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
540{
541	return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey,
542	    fp, a);
543}
544
545int
546i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
547{
548	return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
549}
550
551EVP_PKEY *
552d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
553{
554	return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
555}
556
557
558PKCS8_PRIV_KEY_INFO *
559d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO **p8inf)
560{
561	return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
562	    d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
563}
564
565int
566i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
567{
568	return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO,
569	    bp, p8inf);
570}
571
572int
573i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
574{
575	PKCS8_PRIV_KEY_INFO *p8inf;
576	int ret;
577
578	p8inf = EVP_PKEY2PKCS8(key);
579	if (!p8inf)
580		return 0;
581	ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
582	PKCS8_PRIV_KEY_INFO_free(p8inf);
583	return ret;
584}
585
586int
587i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
588{
589	return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
590}
591
592EVP_PKEY *
593d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
594{
595	return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey,
596	    bp, a);
597}
598
599int
600i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
601{
602	return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
603}
604
605EVP_PKEY *
606d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
607{
608	return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
609}
610