2
0

x_all.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685
  1. /*
  2. * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/buffer.h>
  12. #include <openssl/asn1.h>
  13. #include <openssl/evp.h>
  14. #include <openssl/x509.h>
  15. #include "crypto/x509.h"
  16. #include <openssl/ocsp.h>
  17. #include <openssl/rsa.h>
  18. #include <openssl/dsa.h>
  19. #include <openssl/x509v3.h>
  20. #ifndef OPENSSL_NO_SM2
  21. # include "crypto/asn1.h"
  22. # include "crypto/evp.h"
  23. static int common_verify_sm2(void *data, EVP_PKEY *pkey,
  24. int mdnid, int pknid, int req)
  25. {
  26. X509 *x = NULL;
  27. X509_REQ *r = NULL;
  28. EVP_MD_CTX *ctx = NULL;
  29. unsigned char *buf_in = NULL;
  30. int ret = -1, inl = 0;
  31. size_t inll = 0;
  32. EVP_PKEY_CTX *pctx = NULL;
  33. const EVP_MD *type = EVP_get_digestbynid(mdnid);
  34. ASN1_BIT_STRING *signature = NULL;
  35. ASN1_OCTET_STRING *sm2_id = NULL;
  36. ASN1_VALUE *tbv = NULL;
  37. if (type == NULL) {
  38. X509err(X509_F_COMMON_VERIFY_SM2,
  39. ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
  40. goto err;
  41. }
  42. if (pkey == NULL) {
  43. X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_PASSED_NULL_PARAMETER);
  44. return -1;
  45. }
  46. if (req == 1) {
  47. r = (X509_REQ *)data;
  48. signature = r->signature;
  49. sm2_id = r->sm2_id;
  50. tbv = (ASN1_VALUE *)&r->req_info;
  51. } else {
  52. x = (X509 *)data;
  53. signature = &x->signature;
  54. sm2_id = x->sm2_id;
  55. tbv = (ASN1_VALUE *)&x->cert_info;
  56. }
  57. if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
  58. X509err(X509_F_COMMON_VERIFY_SM2, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
  59. return -1;
  60. }
  61. ctx = EVP_MD_CTX_new();
  62. if (ctx == NULL) {
  63. X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_MALLOC_FAILURE);
  64. goto err;
  65. }
  66. /* Check public key OID matches public key type */
  67. if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
  68. X509err(X509_F_COMMON_VERIFY_SM2, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
  69. goto err;
  70. }
  71. if (!EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) {
  72. X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB);
  73. ret = 0;
  74. goto err;
  75. }
  76. pctx = EVP_PKEY_CTX_new(pkey, NULL);
  77. if (pctx == NULL) {
  78. X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB);
  79. ret = 0;
  80. goto err;
  81. }
  82. /* NOTE: we tolerate no actual ID, to provide maximum flexibility */
  83. if (sm2_id != NULL
  84. && EVP_PKEY_CTX_set1_id(pctx, sm2_id->data, sm2_id->length) != 1) {
  85. X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB);
  86. ret = 0;
  87. goto err;
  88. }
  89. EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
  90. if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) {
  91. X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB);
  92. ret = 0;
  93. goto err;
  94. }
  95. inl = ASN1_item_i2d(tbv, &buf_in,
  96. req == 1 ?
  97. ASN1_ITEM_rptr(X509_REQ_INFO) :
  98. ASN1_ITEM_rptr(X509_CINF));
  99. if (inl <= 0) {
  100. X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_INTERNAL_ERROR);
  101. goto err;
  102. }
  103. if (buf_in == NULL) {
  104. X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_MALLOC_FAILURE);
  105. goto err;
  106. }
  107. inll = inl;
  108. ret = EVP_DigestVerify(ctx, signature->data,
  109. (size_t)signature->length, buf_in, inl);
  110. if (ret <= 0) {
  111. X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB);
  112. goto err;
  113. }
  114. ret = 1;
  115. err:
  116. OPENSSL_clear_free(buf_in, inll);
  117. EVP_MD_CTX_free(ctx);
  118. EVP_PKEY_CTX_free(pctx);
  119. return ret;
  120. }
  121. static int x509_verify_sm2(X509 *x, EVP_PKEY *pkey, int mdnid, int pknid)
  122. {
  123. return common_verify_sm2(x, pkey, mdnid, pknid, 0);
  124. }
  125. static int x509_req_verify_sm2(X509_REQ *x, EVP_PKEY *pkey,
  126. int mdnid, int pknid)
  127. {
  128. return common_verify_sm2(x, pkey, mdnid, pknid, 1);
  129. }
  130. #endif
  131. int X509_verify(X509 *a, EVP_PKEY *r)
  132. {
  133. #ifndef OPENSSL_NO_SM2
  134. int mdnid, pknid;
  135. #endif
  136. if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature))
  137. return 0;
  138. #ifndef OPENSSL_NO_SM2
  139. /* Convert signature OID into digest and public key OIDs */
  140. if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->sig_alg.algorithm),
  141. &mdnid, &pknid)) {
  142. X509err(X509_F_X509_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
  143. return 0;
  144. }
  145. if (pknid == NID_sm2)
  146. return x509_verify_sm2(a, r, mdnid, pknid);
  147. #endif
  148. return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
  149. &a->signature, &a->cert_info, r));
  150. }
  151. int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
  152. {
  153. #ifndef OPENSSL_NO_SM2
  154. int mdnid, pknid;
  155. /* Convert signature OID into digest and public key OIDs */
  156. if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->sig_alg.algorithm),
  157. &mdnid, &pknid)) {
  158. X509err(X509_F_X509_REQ_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
  159. return 0;
  160. }
  161. if (pknid == NID_sm2)
  162. return x509_req_verify_sm2(a, r, mdnid, pknid);
  163. #endif
  164. return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
  165. &a->sig_alg, a->signature, &a->req_info, r));
  166. }
  167. int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
  168. {
  169. return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
  170. &a->sig_algor, a->signature, a->spkac, r));
  171. }
  172. int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
  173. {
  174. x->cert_info.enc.modified = 1;
  175. return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
  176. &x->sig_alg, &x->signature, &x->cert_info, pkey,
  177. md));
  178. }
  179. int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
  180. {
  181. x->cert_info.enc.modified = 1;
  182. return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
  183. &x->cert_info.signature,
  184. &x->sig_alg, &x->signature, &x->cert_info, ctx);
  185. }
  186. #ifndef OPENSSL_NO_OCSP
  187. int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
  188. {
  189. return OCSP_REQ_CTX_nbio_d2i(rctx,
  190. (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509));
  191. }
  192. #endif
  193. int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
  194. {
  195. return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
  196. x->signature, &x->req_info, pkey, md));
  197. }
  198. int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
  199. {
  200. return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
  201. &x->sig_alg, NULL, x->signature, &x->req_info,
  202. ctx);
  203. }
  204. int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
  205. {
  206. x->crl.enc.modified = 1;
  207. return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
  208. &x->sig_alg, &x->signature, &x->crl, pkey, md));
  209. }
  210. int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
  211. {
  212. x->crl.enc.modified = 1;
  213. return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
  214. &x->crl.sig_alg, &x->sig_alg, &x->signature,
  215. &x->crl, ctx);
  216. }
  217. #ifndef OPENSSL_NO_OCSP
  218. int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl)
  219. {
  220. return OCSP_REQ_CTX_nbio_d2i(rctx,
  221. (ASN1_VALUE **)pcrl,
  222. ASN1_ITEM_rptr(X509_CRL));
  223. }
  224. #endif
  225. int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
  226. {
  227. return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL,
  228. x->signature, x->spkac, pkey, md));
  229. }
  230. #ifndef OPENSSL_NO_STDIO
  231. X509 *d2i_X509_fp(FILE *fp, X509 **x509)
  232. {
  233. return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
  234. }
  235. int i2d_X509_fp(FILE *fp, const X509 *x509)
  236. {
  237. return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
  238. }
  239. #endif
  240. X509 *d2i_X509_bio(BIO *bp, X509 **x509)
  241. {
  242. return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
  243. }
  244. int i2d_X509_bio(BIO *bp, const X509 *x509)
  245. {
  246. return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
  247. }
  248. #ifndef OPENSSL_NO_STDIO
  249. X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
  250. {
  251. return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
  252. }
  253. int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl)
  254. {
  255. return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
  256. }
  257. #endif
  258. X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
  259. {
  260. return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
  261. }
  262. int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl)
  263. {
  264. return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
  265. }
  266. #ifndef OPENSSL_NO_STDIO
  267. PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
  268. {
  269. return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
  270. }
  271. int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7)
  272. {
  273. return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
  274. }
  275. #endif
  276. PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
  277. {
  278. return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
  279. }
  280. int i2d_PKCS7_bio(BIO *bp, const PKCS7 *p7)
  281. {
  282. return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
  283. }
  284. #ifndef OPENSSL_NO_STDIO
  285. X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
  286. {
  287. return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
  288. }
  289. int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req)
  290. {
  291. return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
  292. }
  293. #endif
  294. X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
  295. {
  296. return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
  297. }
  298. int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req)
  299. {
  300. return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
  301. }
  302. #ifndef OPENSSL_NO_RSA
  303. # ifndef OPENSSL_NO_STDIO
  304. RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
  305. {
  306. return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
  307. }
  308. int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa)
  309. {
  310. return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
  311. }
  312. RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
  313. {
  314. return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
  315. }
  316. RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
  317. {
  318. return ASN1_d2i_fp((void *(*)(void))
  319. RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp,
  320. (void **)rsa);
  321. }
  322. int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa)
  323. {
  324. return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
  325. }
  326. int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa)
  327. {
  328. return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
  329. }
  330. # endif
  331. RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
  332. {
  333. return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
  334. }
  335. int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa)
  336. {
  337. return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
  338. }
  339. RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
  340. {
  341. return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
  342. }
  343. RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
  344. {
  345. return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
  346. }
  347. int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa)
  348. {
  349. return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
  350. }
  351. int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa)
  352. {
  353. return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
  354. }
  355. #endif
  356. #ifndef OPENSSL_NO_DSA
  357. # ifndef OPENSSL_NO_STDIO
  358. DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
  359. {
  360. return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
  361. }
  362. int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa)
  363. {
  364. return ASN1_i2d_fp_of(DSA, i2d_DSAPrivateKey, fp, dsa);
  365. }
  366. DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
  367. {
  368. return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
  369. }
  370. int i2d_DSA_PUBKEY_fp(FILE *fp, const DSA *dsa)
  371. {
  372. return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
  373. }
  374. # endif
  375. DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
  376. {
  377. return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
  378. }
  379. int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa)
  380. {
  381. return ASN1_i2d_bio_of(DSA, i2d_DSAPrivateKey, bp, dsa);
  382. }
  383. DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
  384. {
  385. return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
  386. }
  387. int i2d_DSA_PUBKEY_bio(BIO *bp, const DSA *dsa)
  388. {
  389. return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
  390. }
  391. #endif
  392. #ifndef OPENSSL_NO_EC
  393. # ifndef OPENSSL_NO_STDIO
  394. EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
  395. {
  396. return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
  397. }
  398. int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey)
  399. {
  400. return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
  401. }
  402. EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
  403. {
  404. return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
  405. }
  406. int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey)
  407. {
  408. return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
  409. }
  410. # endif
  411. EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
  412. {
  413. return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
  414. }
  415. int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *ecdsa)
  416. {
  417. return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
  418. }
  419. EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
  420. {
  421. return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
  422. }
  423. int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey)
  424. {
  425. return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
  426. }
  427. #endif
  428. int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
  429. unsigned char *md, unsigned int *len)
  430. {
  431. ASN1_BIT_STRING *key;
  432. key = X509_get0_pubkey_bitstr(data);
  433. if (!key)
  434. return 0;
  435. return EVP_Digest(key->data, key->length, md, len, type, NULL);
  436. }
  437. int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
  438. unsigned int *len)
  439. {
  440. if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) {
  441. /* Asking for SHA1 and we already computed it. */
  442. if (len != NULL)
  443. *len = sizeof(data->sha1_hash);
  444. memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
  445. return 1;
  446. }
  447. return (ASN1_item_digest
  448. (ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
  449. }
  450. int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
  451. unsigned char *md, unsigned int *len)
  452. {
  453. if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) {
  454. /* Asking for SHA1; always computed in CRL d2i. */
  455. if (len != NULL)
  456. *len = sizeof(data->sha1_hash);
  457. memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
  458. return 1;
  459. }
  460. return (ASN1_item_digest
  461. (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
  462. }
  463. int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
  464. unsigned char *md, unsigned int *len)
  465. {
  466. return (ASN1_item_digest
  467. (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len));
  468. }
  469. int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
  470. unsigned char *md, unsigned int *len)
  471. {
  472. return (ASN1_item_digest
  473. (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len));
  474. }
  475. int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
  476. const EVP_MD *type, unsigned char *md,
  477. unsigned int *len)
  478. {
  479. return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
  480. (char *)data, md, len));
  481. }
  482. #ifndef OPENSSL_NO_STDIO
  483. X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
  484. {
  485. return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
  486. }
  487. int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8)
  488. {
  489. return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
  490. }
  491. #endif
  492. X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
  493. {
  494. return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
  495. }
  496. int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8)
  497. {
  498. return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
  499. }
  500. #ifndef OPENSSL_NO_STDIO
  501. PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
  502. PKCS8_PRIV_KEY_INFO **p8inf)
  503. {
  504. return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
  505. d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
  506. }
  507. int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf)
  508. {
  509. return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp,
  510. p8inf);
  511. }
  512. int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key)
  513. {
  514. PKCS8_PRIV_KEY_INFO *p8inf;
  515. int ret;
  516. p8inf = EVP_PKEY2PKCS8(key);
  517. if (p8inf == NULL)
  518. return 0;
  519. ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
  520. PKCS8_PRIV_KEY_INFO_free(p8inf);
  521. return ret;
  522. }
  523. int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey)
  524. {
  525. return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
  526. }
  527. EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
  528. {
  529. return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
  530. }
  531. int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey)
  532. {
  533. return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
  534. }
  535. EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
  536. {
  537. return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
  538. }
  539. #endif
  540. PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
  541. PKCS8_PRIV_KEY_INFO **p8inf)
  542. {
  543. return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
  544. d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
  545. }
  546. int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf)
  547. {
  548. return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp,
  549. p8inf);
  550. }
  551. int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key)
  552. {
  553. PKCS8_PRIV_KEY_INFO *p8inf;
  554. int ret;
  555. p8inf = EVP_PKEY2PKCS8(key);
  556. if (p8inf == NULL)
  557. return 0;
  558. ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
  559. PKCS8_PRIV_KEY_INFO_free(p8inf);
  560. return ret;
  561. }
  562. int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey)
  563. {
  564. return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
  565. }
  566. EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
  567. {
  568. return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
  569. }
  570. int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey)
  571. {
  572. return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
  573. }
  574. EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
  575. {
  576. return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
  577. }