x_all.c@ 107835

Last change on this file since 107835 was 104078, checked in by vboxsync, 11 months ago
openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
File size: 21.9 KB

Line
1	/*
2	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/*
11	* Low level APIs are deprecated for public use, but still ok for
12	* internal use.
13	*/
14	#include "internal/deprecated.h"
15
16	#include <stdio.h>
17	#include "internal/cryptlib.h"
18	#include <openssl/buffer.h>
19	#include <openssl/asn1.h>
20	#include <openssl/evp.h>
21	#include <openssl/x509.h>
22	#include <openssl/http.h>
23	#include <openssl/rsa.h>
24	#include <openssl/dsa.h>
25	#include <openssl/x509v3.h>
26	#include "internal/asn1.h"
27	#include "crypto/pkcs7.h"
28	#include "crypto/x509.h"
29	#include "crypto/rsa.h"
30
31	int X509_verify(X509 a, EVP_PKEY r)
32	{
33	if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature) != 0)
34	return 0;
35
36	return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
37	&a->signature, &a->cert_info,
38	a->distinguishing_id, r, a->libctx, a->propq);
39	}
40
41	int X509_REQ_verify_ex(X509_REQ a, EVP_PKEY r, OSSL_LIB_CTX *libctx,
42	const char *propq)
43	{
44	return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &a->sig_alg,
45	a->signature, &a->req_info, a->distinguishing_id,
46	r, libctx, propq);
47	}
48
49	int X509_REQ_verify(X509_REQ a, EVP_PKEY r)
50	{
51	return X509_REQ_verify_ex(a, r, NULL, NULL);
52	}
53
54	int NETSCAPE_SPKI_verify(NETSCAPE_SPKI a, EVP_PKEY r)
55	{
56	return ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
57	&a->sig_algor, a->signature, a->spkac, r);
58	}
59
60	int X509_sign(X509 x, EVP_PKEY pkey, const EVP_MD *md)
61	{
62	if (x == NULL) {
63	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
64	return 0;
65	}
66
67	/*
68	* Setting the modified flag before signing it. This makes the cached
69	* encoding to be ignored, so even if the certificate fields have changed,
70	* they are signed correctly.
71	* The X509_sign_ctx, X509_REQ_sign{,_ctx}, X509_CRL_sign{,_ctx} functions
72	* which exist below are the same.
73	*/
74	x->cert_info.enc.modified = 1;
75	return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
76	&x->sig_alg, &x->signature, &x->cert_info, NULL,
77	pkey, md, x->libctx, x->propq);
78	}
79
80	int X509_sign_ctx(X509 x, EVP_MD_CTX ctx)
81	{
82	if (x == NULL) {
83	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
84	return 0;
85	}
86	x->cert_info.enc.modified = 1;
87	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
88	&x->cert_info.signature,
89	&x->sig_alg, &x->signature, &x->cert_info, ctx);
90	}
91
92	static ASN1_VALUE simple_get_asn1(const char url, BIO bio, BIO rbio,
93	int timeout, const ASN1_ITEM *it)
94	{
95	BIO mem = OSSL_HTTP_get(url, NULL / proxy /, NULL / no_proxy */,
96	bio, rbio, NULL /* cb /, NULL / arg */,
97	1024 /* buf_size /, NULL / headers */,
98	NULL /* expected_ct /, 1 / expect_asn1 */,
99	OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout);
100	ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL);
101
102	BIO_free(mem);
103	return res;
104	}
105
106	X509 X509_load_http(const char url, BIO bio, BIO rbio, int timeout)
107	{
108	return (X509 *)simple_get_asn1(url, bio, rbio, timeout,
109	ASN1_ITEM_rptr(X509));
110	}
111
112	int X509_REQ_sign(X509_REQ x, EVP_PKEY pkey, const EVP_MD *md)
113	{
114	if (x == NULL) {
115	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
116	return 0;
117	}
118	x->req_info.enc.modified = 1;
119	return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
120	x->signature, &x->req_info, NULL,
121	pkey, md, x->libctx, x->propq);
122	}
123
124	int X509_REQ_sign_ctx(X509_REQ x, EVP_MD_CTX ctx)
125	{
126	if (x == NULL) {
127	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
128	return 0;
129	}
130	x->req_info.enc.modified = 1;
131	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
132	&x->sig_alg, NULL, x->signature, &x->req_info,
133	ctx);
134	}
135
136	int X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md)
137	{
138	if (x == NULL) {
139	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
140	return 0;
141	}
142	x->crl.enc.modified = 1;
143	return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
144	&x->sig_alg, &x->signature, &x->crl, NULL,
145	pkey, md, x->libctx, x->propq);
146	}
147
148	int X509_CRL_sign_ctx(X509_CRL x, EVP_MD_CTX ctx)
149	{
150	if (x == NULL) {
151	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
152	return 0;
153	}
154	x->crl.enc.modified = 1;
155	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
156	&x->crl.sig_alg, &x->sig_alg, &x->signature,
157	&x->crl, ctx);
158	}
159
160	X509_CRL X509_CRL_load_http(const char url, BIO bio, BIO rbio, int timeout)
161	{
162	return (X509_CRL *)simple_get_asn1(url, bio, rbio, timeout,
163	ASN1_ITEM_rptr(X509_CRL));
164	}
165
166	int NETSCAPE_SPKI_sign(NETSCAPE_SPKI x, EVP_PKEY pkey, const EVP_MD *md)
167	{
168	return
169	ASN1_item_sign_ex(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL,
170	x->signature, x->spkac, NULL, pkey, md, NULL, NULL);
171	}
172
173	#ifndef OPENSSL_NO_STDIO
174	X509 d2i_X509_fp(FILE fp, X509 **x509)
175	{
176	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
177	}
178
179	int i2d_X509_fp(FILE fp, const X509 x509)
180	{
181	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
182	}
183	#endif
184
185	X509 d2i_X509_bio(BIO bp, X509 **x509)
186	{
187	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
188	}
189
190	int i2d_X509_bio(BIO bp, const X509 x509)
191	{
192	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
193	}
194
195	#ifndef OPENSSL_NO_STDIO
196	X509_CRL d2i_X509_CRL_fp(FILE fp, X509_CRL **crl)
197	{
198	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
199	}
200
201	int i2d_X509_CRL_fp(FILE fp, const X509_CRL crl)
202	{
203	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
204	}
205	#endif
206
207	X509_CRL d2i_X509_CRL_bio(BIO bp, X509_CRL **crl)
208	{
209	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
210	}
211
212	int i2d_X509_CRL_bio(BIO bp, const X509_CRL crl)
213	{
214	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
215	}
216
217	#ifndef OPENSSL_NO_STDIO
218	PKCS7 d2i_PKCS7_fp(FILE fp, PKCS7 **p7)
219	{
220	PKCS7 *ret;
221	OSSL_LIB_CTX *libctx = NULL;
222	const char *propq = NULL;
223
224	if (p7 != NULL && *p7 != NULL) {
225	libctx = (*p7)->ctx.libctx;
226	propq = (*p7)->ctx.propq;
227	}
228
229	ret = ASN1_item_d2i_fp_ex(ASN1_ITEM_rptr(PKCS7), fp, p7, libctx, propq);
230	if (ret != NULL)
231	ossl_pkcs7_resolve_libctx(ret);
232	return ret;
233	}
234
235	int i2d_PKCS7_fp(FILE fp, const PKCS7 p7)
236	{
237	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
238	}
239	#endif
240
241	PKCS7 d2i_PKCS7_bio(BIO bp, PKCS7 **p7)
242	{
243	PKCS7 *ret;
244	OSSL_LIB_CTX *libctx = NULL;
245	const char *propq = NULL;
246
247	if (p7 != NULL && *p7 != NULL) {
248	libctx = (*p7)->ctx.libctx;
249	propq = (*p7)->ctx.propq;
250	}
251
252	ret = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(PKCS7), bp, p7, libctx, propq);
253	if (ret != NULL)
254	ossl_pkcs7_resolve_libctx(ret);
255	return ret;
256	}
257
258	int i2d_PKCS7_bio(BIO bp, const PKCS7 p7)
259	{
260	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
261	}
262
263	#ifndef OPENSSL_NO_STDIO
264	X509_REQ d2i_X509_REQ_fp(FILE fp, X509_REQ **req)
265	{
266	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
267	}
268
269	int i2d_X509_REQ_fp(FILE fp, const X509_REQ req)
270	{
271	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
272	}
273	#endif
274
275	X509_REQ d2i_X509_REQ_bio(BIO bp, X509_REQ **req)
276	{
277	OSSL_LIB_CTX *libctx = NULL;
278	const char *propq = NULL;
279
280	if (req != NULL && *req != NULL) {
281	libctx = (*req)->libctx;
282	propq = (*req)->propq;
283	}
284
285	return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(X509_REQ), bp, req, libctx, propq);
286	}
287
288	int i2d_X509_REQ_bio(BIO bp, const X509_REQ req)
289	{
290	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
291	}
292
293	#ifndef OPENSSL_NO_STDIO
294	RSA d2i_RSAPrivateKey_fp(FILE fp, RSA **rsa)
295	{
296	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
297	}
298
299	int i2d_RSAPrivateKey_fp(FILE fp, const RSA rsa)
300	{
301	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
302	}
303
304	RSA d2i_RSAPublicKey_fp(FILE fp, RSA **rsa)
305	{
306	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
307	}
308
309	RSA d2i_RSA_PUBKEY_fp(FILE fp, RSA **rsa)
310	{
311	return ASN1_d2i_fp((void ()(void))
312	RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp,
313	(void **)rsa);
314	}
315
316	int i2d_RSAPublicKey_fp(FILE fp, const RSA rsa)
317	{
318	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
319	}
320
321	int i2d_RSA_PUBKEY_fp(FILE fp, const RSA rsa)
322	{
323	return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
324	}
325	#endif
326
327	RSA d2i_RSAPrivateKey_bio(BIO bp, RSA **rsa)
328	{
329	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
330	}
331
332	int i2d_RSAPrivateKey_bio(BIO bp, const RSA rsa)
333	{
334	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
335	}
336
337	RSA d2i_RSAPublicKey_bio(BIO bp, RSA **rsa)
338	{
339	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
340	}
341
342	RSA d2i_RSA_PUBKEY_bio(BIO bp, RSA **rsa)
343	{
344	return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
345	}
346
347	int i2d_RSAPublicKey_bio(BIO bp, const RSA rsa)
348	{
349	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
350	}
351
352	int i2d_RSA_PUBKEY_bio(BIO bp, const RSA rsa)
353	{
354	return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
355	}
356
357	#ifndef OPENSSL_NO_DSA
358	# ifndef OPENSSL_NO_STDIO
359	DSA d2i_DSAPrivateKey_fp(FILE fp, DSA **dsa)
360	{
361	return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
362	}
363
364	int i2d_DSAPrivateKey_fp(FILE fp, const DSA dsa)
365	{
366	return ASN1_i2d_fp_of(DSA, i2d_DSAPrivateKey, fp, dsa);
367	}
368
369	DSA d2i_DSA_PUBKEY_fp(FILE fp, DSA **dsa)
370	{
371	return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
372	}
373
374	int i2d_DSA_PUBKEY_fp(FILE fp, const DSA dsa)
375	{
376	return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
377	}
378	# endif
379
380	DSA d2i_DSAPrivateKey_bio(BIO bp, DSA **dsa)
381	{
382	return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
383	}
384
385	int i2d_DSAPrivateKey_bio(BIO bp, const DSA dsa)
386	{
387	return ASN1_i2d_bio_of(DSA, i2d_DSAPrivateKey, bp, dsa);
388	}
389
390	DSA d2i_DSA_PUBKEY_bio(BIO bp, DSA **dsa)
391	{
392	return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
393	}
394
395	int i2d_DSA_PUBKEY_bio(BIO bp, const DSA dsa)
396	{
397	return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
398	}
399
400	#endif
401
402	#ifndef OPENSSL_NO_EC
403	# ifndef OPENSSL_NO_STDIO
404	EC_KEY d2i_EC_PUBKEY_fp(FILE fp, EC_KEY **eckey)
405	{
406	return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
407	}
408
409	int i2d_EC_PUBKEY_fp(FILE fp, const EC_KEY eckey)
410	{
411	return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
412	}
413
414	EC_KEY d2i_ECPrivateKey_fp(FILE fp, EC_KEY **eckey)
415	{
416	return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
417	}
418
419	int i2d_ECPrivateKey_fp(FILE fp, const EC_KEY eckey)
420	{
421	return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
422	}
423	# endif
424	EC_KEY d2i_EC_PUBKEY_bio(BIO bp, EC_KEY **eckey)
425	{
426	return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
427	}
428
429	int i2d_EC_PUBKEY_bio(BIO bp, const EC_KEY ecdsa)
430	{
431	return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
432	}
433
434	EC_KEY d2i_ECPrivateKey_bio(BIO bp, EC_KEY **eckey)
435	{
436	return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
437	}
438
439	int i2d_ECPrivateKey_bio(BIO bp, const EC_KEY eckey)
440	{
441	return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
442	}
443	#endif
444
445	int X509_pubkey_digest(const X509 data, const EVP_MD type,
446	unsigned char md, unsigned int len)
447	{
448	ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(data);
449
450	if (key == NULL)
451	return 0;
452	return EVP_Digest(key->data, key->length, md, len, type, NULL);
453	}
454
455	int X509_digest(const X509 cert, const EVP_MD md, unsigned char *data,
456	unsigned int *len)
457	{
458	if (EVP_MD_is_a(md, SN_sha1) && (cert->ex_flags & EXFLAG_SET) != 0
459	&& (cert->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) {
460	/* Asking for SHA1 and we already computed it. */
461	if (len != NULL)
462	*len = sizeof(cert->sha1_hash);
463	memcpy(data, cert->sha1_hash, sizeof(cert->sha1_hash));
464	return 1;
465	}
466	return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509), md, (char *)cert,
467	data, len, cert->libctx, cert->propq);
468	}
469
470	/* calculate cert digest using the same hash algorithm as in its signature */
471	ASN1_OCTET_STRING X509_digest_sig(const X509 cert,
472	EVP_MD *md_used, int md_is_fallback)
473	{
474	unsigned int len;
475	unsigned char hash[EVP_MAX_MD_SIZE];
476	int mdnid, pknid;
477	EVP_MD *md = NULL;
478	const char *md_name;
479	ASN1_OCTET_STRING *new;
480
481	if (md_used != NULL)
482	*md_used = NULL;
483	if (md_is_fallback != NULL)
484	*md_is_fallback = 0;
485
486	if (cert == NULL) {
487	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
488	return NULL;
489	}
490
491	if (!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &mdnid, &pknid)) {
492	ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_SIGID_ALGS);
493	return NULL;
494	}
495
496	if (mdnid == NID_undef) {
497	if (pknid == EVP_PKEY_RSA_PSS) {
498	RSA_PSS_PARAMS *pss = ossl_rsa_pss_decode(&cert->sig_alg);
499	const EVP_MD mgf1md, mmd = NULL;
500	int saltlen, trailerfield;
501
502	if (pss == NULL
503	\|\| !ossl_rsa_pss_get_param_unverified(pss, &mmd, &mgf1md,
504	&saltlen,
505	&trailerfield)
506	\|\| mmd == NULL) {
507	RSA_PSS_PARAMS_free(pss);
508	ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
509	return NULL;
510	}
511	RSA_PSS_PARAMS_free(pss);
512	/* Fetch explicitly and do not fallback */
513	if ((md = EVP_MD_fetch(cert->libctx, EVP_MD_get0_name(mmd),
514	cert->propq)) == NULL)
515	/* Error code from fetch is sufficient */
516	return NULL;
517	} else if (pknid != NID_undef) {
518	/* A known algorithm, but without a digest */
519	switch (pknid) {
520	case NID_ED25519: /* Follow CMS default given in RFC8419 */
521	md_name = "SHA512";
522	break;
523	case NID_ED448: /* Follow CMS default given in RFC8419 */
524	md_name = "SHAKE256";
525	break;
526	default: /* Fall back to SHA-256 */
527	md_name = "SHA256";
528	break;
529	}
530	if ((md = EVP_MD_fetch(cert->libctx, md_name,
531	cert->propq)) == NULL)
532	return NULL;
533	if (md_is_fallback != NULL)
534	*md_is_fallback = 1;
535	} else {
536	/* A completely unknown algorithm */
537	ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
538	return NULL;
539	}
540	} else if ((md = EVP_MD_fetch(cert->libctx, OBJ_nid2sn(mdnid),
541	cert->propq)) == NULL
542	&& (md = (EVP_MD *)EVP_get_digestbynid(mdnid)) == NULL) {
543	ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
544	return NULL;
545	}
546	if (!X509_digest(cert, md, hash, &len)
547	\|\| (new = ASN1_OCTET_STRING_new()) == NULL)
548	goto err;
549	if (ASN1_OCTET_STRING_set(new, hash, len)) {
550	if (md_used != NULL)
551	*md_used = md;
552	else
553	EVP_MD_free(md);
554	return new;
555	}
556	ASN1_OCTET_STRING_free(new);
557	err:
558	EVP_MD_free(md);
559	return NULL;
560	}
561
562	int X509_CRL_digest(const X509_CRL data, const EVP_MD type,
563	unsigned char md, unsigned int len)
564	{
565	if (type == NULL) {
566	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
567	return 0;
568	}
569	if (EVP_MD_is_a(type, SN_sha1)
570	&& (data->flags & EXFLAG_SET) != 0
571	&& (data->flags & EXFLAG_NO_FINGERPRINT) == 0) {
572	/* Asking for SHA1; always computed in CRL d2i. */
573	if (len != NULL)
574	*len = sizeof(data->sha1_hash);
575	memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
576	return 1;
577	}
578	return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_CRL), type, (char *)data,
579	md, len, data->libctx, data->propq);
580	}
581
582	int X509_REQ_digest(const X509_REQ data, const EVP_MD type,
583	unsigned char md, unsigned int len)
584	{
585	return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_REQ), type, (char *)data,
586	md, len, data->libctx, data->propq);
587	}
588
589	int X509_NAME_digest(const X509_NAME data, const EVP_MD type,
590	unsigned char md, unsigned int len)
591	{
592	return ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME), type, (char *)data,
593	md, len);
594	}
595
596	int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
597	const EVP_MD type, unsigned char md,
598	unsigned int *len)
599	{
600	return ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
601	(char *)data, md, len);
602	}
603
604	#ifndef OPENSSL_NO_STDIO
605	X509_SIG d2i_PKCS8_fp(FILE fp, X509_SIG **p8)
606	{
607	return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
608	}
609
610	int i2d_PKCS8_fp(FILE fp, const X509_SIG p8)
611	{
612	return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
613	}
614	#endif
615
616	X509_SIG d2i_PKCS8_bio(BIO bp, X509_SIG **p8)
617	{
618	return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
619	}
620
621	int i2d_PKCS8_bio(BIO bp, const X509_SIG p8)
622	{
623	return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
624	}
625
626	#ifndef OPENSSL_NO_STDIO
627	X509_PUBKEY d2i_X509_PUBKEY_fp(FILE fp, X509_PUBKEY **xpk)
628	{
629	return ASN1_d2i_fp_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY,
630	fp, xpk);
631	}
632
633	int i2d_X509_PUBKEY_fp(FILE fp, const X509_PUBKEY xpk)
634	{
635	return ASN1_i2d_fp_of(X509_PUBKEY, i2d_X509_PUBKEY, fp, xpk);
636	}
637	#endif
638
639	X509_PUBKEY d2i_X509_PUBKEY_bio(BIO bp, X509_PUBKEY **xpk)
640	{
641	return ASN1_d2i_bio_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY,
642	bp, xpk);
643	}
644
645	int i2d_X509_PUBKEY_bio(BIO bp, const X509_PUBKEY xpk)
646	{
647	return ASN1_i2d_bio_of(X509_PUBKEY, i2d_X509_PUBKEY, bp, xpk);
648	}
649
650	#ifndef OPENSSL_NO_STDIO
651	PKCS8_PRIV_KEY_INFO d2i_PKCS8_PRIV_KEY_INFO_fp(FILE fp,
652	PKCS8_PRIV_KEY_INFO **p8inf)
653	{
654	return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
655	d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
656	}
657
658	int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE fp, const PKCS8_PRIV_KEY_INFO p8inf)
659	{
660	return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp,
661	p8inf);
662	}
663
664	int i2d_PKCS8PrivateKeyInfo_fp(FILE fp, const EVP_PKEY key)
665	{
666	PKCS8_PRIV_KEY_INFO *p8inf;
667	int ret;
668
669	p8inf = EVP_PKEY2PKCS8(key);
670	if (p8inf == NULL)
671	return 0;
672	ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
673	PKCS8_PRIV_KEY_INFO_free(p8inf);
674	return ret;
675	}
676
677	int i2d_PrivateKey_fp(FILE fp, const EVP_PKEY pkey)
678	{
679	return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
680	}
681
682	EVP_PKEY d2i_PrivateKey_fp(FILE fp, EVP_PKEY **a)
683	{
684	return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
685	}
686
687	EVP_PKEY d2i_PrivateKey_ex_fp(FILE fp, EVP_PKEY *a, OSSL_LIB_CTX libctx,
688	const char *propq)
689	{
690	BIO *b;
691	void *ret;
692
693	if ((b = BIO_new(BIO_s_file())) == NULL) {
694	ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB);
695	return NULL;
696	}
697	BIO_set_fp(b, fp, BIO_NOCLOSE);
698	ret = d2i_PrivateKey_ex_bio(b, a, libctx, propq);
699	BIO_free(b);
700	return ret;
701	}
702
703	int i2d_PUBKEY_fp(FILE fp, const EVP_PKEY pkey)
704	{
705	return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
706	}
707
708	EVP_PKEY d2i_PUBKEY_fp(FILE fp, EVP_PKEY **a)
709	{
710	return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
711	}
712
713	#endif
714
715	PKCS8_PRIV_KEY_INFO d2i_PKCS8_PRIV_KEY_INFO_bio(BIO bp,
716	PKCS8_PRIV_KEY_INFO **p8inf)
717	{
718	return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
719	d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
720	}
721
722	int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO bp, const PKCS8_PRIV_KEY_INFO p8inf)
723	{
724	return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp,
725	p8inf);
726	}
727
728	int i2d_PKCS8PrivateKeyInfo_bio(BIO bp, const EVP_PKEY key)
729	{
730	PKCS8_PRIV_KEY_INFO *p8inf;
731	int ret;
732
733	p8inf = EVP_PKEY2PKCS8(key);
734	if (p8inf == NULL)
735	return 0;
736	ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
737	PKCS8_PRIV_KEY_INFO_free(p8inf);
738	return ret;
739	}
740
741	int i2d_PrivateKey_bio(BIO bp, const EVP_PKEY pkey)
742	{
743	return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
744	}
745
746	EVP_PKEY d2i_PrivateKey_bio(BIO bp, EVP_PKEY **a)
747	{
748	return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
749	}
750
751	EVP_PKEY d2i_PrivateKey_ex_bio(BIO bp, EVP_PKEY *a, OSSL_LIB_CTX libctx,
752	const char *propq)
753	{
754	BUF_MEM *b = NULL;
755	const unsigned char *p;
756	void *ret = NULL;
757	int len;
758
759	len = asn1_d2i_read_bio(bp, &b);
760	if (len < 0)
761	goto err;
762
763	p = (unsigned char *)b->data;
764	ret = d2i_AutoPrivateKey_ex(a, &p, len, libctx, propq);
765	err:
766	BUF_MEM_free(b);
767	return ret;
768	}
769
770	int i2d_PUBKEY_bio(BIO bp, const EVP_PKEY pkey)
771	{
772	return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
773	}
774
775	EVP_PKEY d2i_PUBKEY_bio(BIO bp, EVP_PKEY **a)
776	{
777	return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
778	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.1.7/crypto/x509/x_all.c@ 107835

Download in other formats: