1 /* 2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include "internal/cryptlib.h" 12 #include <openssl/buffer.h> 13 #include <openssl/asn1.h> 14 #include <openssl/evp.h> 15 #include <openssl/x509.h> 16 #include "crypto/x509.h" 17 #include <openssl/ocsp.h> 18 #include <openssl/rsa.h> 19 #include <openssl/dsa.h> 20 #include <openssl/x509v3.h> 21 22 int X509_verify(X509 *a, EVP_PKEY *r) 23 { 24 if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature)) 25 return 0; 26 return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, 27 &a->signature, &a->cert_info, r)); 28 } 29 30 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) 31 { 32 return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), 33 &a->sig_alg, a->signature, &a->req_info, r)); 34 } 35 36 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) 37 { 38 return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), 39 &a->sig_algor, a->signature, a->spkac, r)); 40 } 41 42 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) 43 { 44 /* 45 * Setting the modified flag before signing it. This makes the cached 46 * encoding to be ignored, so even if the certificate fields have changed, 47 * they are signed correctly. 48 * The X509_sign_ctx, X509_REQ_sign{,_ctx}, X509_CRL_sign{,_ctx} functions 49 * which exist below are the same. 50 */ 51 x->cert_info.enc.modified = 1; 52 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, 53 &x->sig_alg, &x->signature, &x->cert_info, pkey, 54 md)); 55 } 56 57 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) 58 { 59 x->cert_info.enc.modified = 1; 60 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), 61 &x->cert_info.signature, 62 &x->sig_alg, &x->signature, &x->cert_info, ctx); 63 } 64 65 #ifndef OPENSSL_NO_OCSP 66 int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert) 67 { 68 return OCSP_REQ_CTX_nbio_d2i(rctx, 69 (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509)); 70 } 71 #endif 72 73 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) 74 { 75 x->req_info.enc.modified = 1; 76 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL, 77 x->signature, &x->req_info, pkey, md)); 78 } 79 80 int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) 81 { 82 x->req_info.enc.modified = 1; 83 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), 84 &x->sig_alg, NULL, x->signature, &x->req_info, 85 ctx); 86 } 87 88 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) 89 { 90 x->crl.enc.modified = 1; 91 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg, 92 &x->sig_alg, &x->signature, &x->crl, pkey, md)); 93 } 94 95 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) 96 { 97 x->crl.enc.modified = 1; 98 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), 99 &x->crl.sig_alg, &x->sig_alg, &x->signature, 100 &x->crl, ctx); 101 } 102 103 #ifndef OPENSSL_NO_OCSP 104 int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) 105 { 106 return OCSP_REQ_CTX_nbio_d2i(rctx, 107 (ASN1_VALUE **)pcrl, 108 ASN1_ITEM_rptr(X509_CRL)); 109 } 110 #endif 111 112 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) 113 { 114 return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, 115 x->signature, x->spkac, pkey, md)); 116 } 117 118 #ifndef OPENSSL_NO_STDIO 119 X509 *d2i_X509_fp(FILE *fp, X509 **x509) 120 { 121 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); 122 } 123 124 int i2d_X509_fp(FILE *fp, X509 *x509) 125 { 126 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); 127 } 128 #endif 129 130 X509 *d2i_X509_bio(BIO *bp, X509 **x509) 131 { 132 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); 133 } 134 135 int i2d_X509_bio(BIO *bp, X509 *x509) 136 { 137 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); 138 } 139 140 #ifndef OPENSSL_NO_STDIO 141 X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) 142 { 143 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); 144 } 145 146 int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) 147 { 148 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); 149 } 150 #endif 151 152 X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) 153 { 154 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); 155 } 156 157 int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) 158 { 159 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); 160 } 161 162 #ifndef OPENSSL_NO_STDIO 163 PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) 164 { 165 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); 166 } 167 168 int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7) 169 { 170 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); 171 } 172 #endif 173 174 PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) 175 { 176 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); 177 } 178 179 int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) 180 { 181 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); 182 } 183 184 #ifndef OPENSSL_NO_STDIO 185 X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) 186 { 187 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); 188 } 189 190 int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) 191 { 192 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); 193 } 194 #endif 195 196 X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) 197 { 198 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); 199 } 200 201 int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) 202 { 203 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); 204 } 205 206 #ifndef OPENSSL_NO_RSA 207 208 # ifndef OPENSSL_NO_STDIO 209 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) 210 { 211 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); 212 } 213 214 int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa) 215 { 216 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); 217 } 218 219 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) 220 { 221 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); 222 } 223 224 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) 225 { 226 return ASN1_d2i_fp((void *(*)(void)) 227 RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp, 228 (void **)rsa); 229 } 230 231 int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) 232 { 233 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); 234 } 235 236 int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) 237 { 238 return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa); 239 } 240 # endif 241 242 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) 243 { 244 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); 245 } 246 247 int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa) 248 { 249 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); 250 } 251 252 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) 253 { 254 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); 255 } 256 257 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) 258 { 259 return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa); 260 } 261 262 int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) 263 { 264 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); 265 } 266 267 int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) 268 { 269 return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa); 270 } 271 #endif 272 273 #ifndef OPENSSL_NO_DSA 274 # ifndef OPENSSL_NO_STDIO 275 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) 276 { 277 return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa); 278 } 279 280 int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) 281 { 282 return ASN1_i2d_fp_of_const(DSA, i2d_DSAPrivateKey, fp, dsa); 283 } 284 285 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) 286 { 287 return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa); 288 } 289 290 int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) 291 { 292 return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa); 293 } 294 # endif 295 296 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) 297 { 298 return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa); 299 } 300 301 int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) 302 { 303 return ASN1_i2d_bio_of_const(DSA, i2d_DSAPrivateKey, bp, dsa); 304 } 305 306 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) 307 { 308 return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa); 309 } 310 311 int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) 312 { 313 return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa); 314 } 315 316 #endif 317 318 #ifndef OPENSSL_NO_EC 319 # ifndef OPENSSL_NO_STDIO 320 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) 321 { 322 return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); 323 } 324 325 int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey) 326 { 327 return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey); 328 } 329 330 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey) 331 { 332 return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey); 333 } 334 335 int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey) 336 { 337 return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey); 338 } 339 # endif 340 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) 341 { 342 return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey); 343 } 344 345 int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa) 346 { 347 return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa); 348 } 349 350 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey) 351 { 352 return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey); 353 } 354 355 int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey) 356 { 357 return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey); 358 } 359 #endif 360 361 int X509_pubkey_digest(const X509 *data, const EVP_MD *type, 362 unsigned char *md, unsigned int *len) 363 { 364 ASN1_BIT_STRING *key; 365 key = X509_get0_pubkey_bitstr(data); 366 if (!key) 367 return 0; 368 return EVP_Digest(key->data, key->length, md, len, type, NULL); 369 } 370 371 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, 372 unsigned int *len) 373 { 374 if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0 375 && (data->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) { 376 /* Asking for SHA1 and we already computed it. */ 377 if (len != NULL) 378 *len = sizeof(data->sha1_hash); 379 memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); 380 return 1; 381 } 382 return (ASN1_item_digest 383 (ASN1_ITEM_rptr(X509), type, (char *)data, md, len)); 384 } 385 386 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, 387 unsigned char *md, unsigned int *len) 388 { 389 if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0 390 && (data->flags & EXFLAG_INVALID) == 0) { 391 /* Asking for SHA1; always computed in CRL d2i. */ 392 if (len != NULL) 393 *len = sizeof(data->sha1_hash); 394 memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); 395 return 1; 396 } 397 return (ASN1_item_digest 398 (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len)); 399 } 400 401 int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, 402 unsigned char *md, unsigned int *len) 403 { 404 return (ASN1_item_digest 405 (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len)); 406 } 407 408 int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, 409 unsigned char *md, unsigned int *len) 410 { 411 return (ASN1_item_digest 412 (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len)); 413 } 414 415 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, 416 const EVP_MD *type, unsigned char *md, 417 unsigned int *len) 418 { 419 return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type, 420 (char *)data, md, len)); 421 } 422 423 #ifndef OPENSSL_NO_STDIO 424 X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) 425 { 426 return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8); 427 } 428 429 int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8) 430 { 431 return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8); 432 } 433 #endif 434 435 X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) 436 { 437 return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8); 438 } 439 440 int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) 441 { 442 return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8); 443 } 444 445 #ifndef OPENSSL_NO_STDIO 446 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, 447 PKCS8_PRIV_KEY_INFO **p8inf) 448 { 449 return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, 450 d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf); 451 } 452 453 int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf) 454 { 455 return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp, 456 p8inf); 457 } 458 459 int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) 460 { 461 PKCS8_PRIV_KEY_INFO *p8inf; 462 int ret; 463 p8inf = EVP_PKEY2PKCS8(key); 464 if (!p8inf) 465 return 0; 466 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); 467 PKCS8_PRIV_KEY_INFO_free(p8inf); 468 return ret; 469 } 470 471 int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) 472 { 473 return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey); 474 } 475 476 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) 477 { 478 return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a); 479 } 480 481 int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) 482 { 483 return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey); 484 } 485 486 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) 487 { 488 return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a); 489 } 490 491 #endif 492 493 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, 494 PKCS8_PRIV_KEY_INFO **p8inf) 495 { 496 return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, 497 d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf); 498 } 499 500 int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf) 501 { 502 return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp, 503 p8inf); 504 } 505 506 int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) 507 { 508 PKCS8_PRIV_KEY_INFO *p8inf; 509 int ret; 510 p8inf = EVP_PKEY2PKCS8(key); 511 if (!p8inf) 512 return 0; 513 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); 514 PKCS8_PRIV_KEY_INFO_free(p8inf); 515 return ret; 516 } 517 518 int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey) 519 { 520 return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey); 521 } 522 523 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) 524 { 525 return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a); 526 } 527 528 int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) 529 { 530 return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey); 531 } 532 533 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) 534 { 535 return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a); 536 } 537