x_all.c@ 108358

最後變更在這個檔案從108358是 108206,由 vboxsync 提交於 6 週前
openssl-3.3.2: Exported all files to OSE and removed .scm-settings bugref:10757
屬性 svn:eol-style 設為 `native` 屬性 svn:keywords 設為 `Author Date Id Revision`
檔案大小: 23.0 KB

行
1	/*
2	* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/*
11	* Low level APIs are deprecated for public use, but still ok for
12	* internal use.
13	*/
14	#include "internal/deprecated.h"
15
16	#include <stdio.h>
17	#include "internal/cryptlib.h"
18	#include <openssl/buffer.h>
19	#include <openssl/asn1.h>
20	#include <openssl/evp.h>
21	#include <openssl/x509.h>
22	#include <openssl/http.h>
23	#include <openssl/rsa.h>
24	#include <openssl/dsa.h>
25	#include <openssl/x509v3.h>
26	#include "internal/asn1.h"
27	#include "crypto/pkcs7.h"
28	#include "crypto/x509.h"
29	#include "crypto/rsa.h"
30
31	int X509_verify(X509 a, EVP_PKEY r)
32	{
33	if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature) != 0)
34	return 0;
35
36	return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
37	&a->signature, &a->cert_info,
38	a->distinguishing_id, r, a->libctx, a->propq);
39	}
40
41	int X509_REQ_verify_ex(X509_REQ a, EVP_PKEY r, OSSL_LIB_CTX *libctx,
42	const char *propq)
43	{
44	return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &a->sig_alg,
45	a->signature, &a->req_info, a->distinguishing_id,
46	r, libctx, propq);
47	}
48
49	int X509_REQ_verify(X509_REQ a, EVP_PKEY r)
50	{
51	return X509_REQ_verify_ex(a, r, NULL, NULL);
52	}
53
54	int NETSCAPE_SPKI_verify(NETSCAPE_SPKI a, EVP_PKEY r)
55	{
56	return ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
57	&a->sig_algor, a->signature, a->spkac, r);
58	}
59
60	int X509_sign(X509 x, EVP_PKEY pkey, const EVP_MD *md)
61	{
62	if (x == NULL) {
63	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
64	return 0;
65	}
66	if (sk_X509_EXTENSION_num(X509_get0_extensions(x)) > 0
67	&& !X509_set_version(x, X509_VERSION_3))
68	return 0;
69
70	/*
71	* Setting the modified flag before signing it. This makes the cached
72	* encoding to be ignored, so even if the certificate fields have changed,
73	* they are signed correctly.
74	* The X509_sign_ctx, X509_REQ_sign{,_ctx}, X509_CRL_sign{,_ctx} functions
75	* which exist below are the same.
76	*/
77	x->cert_info.enc.modified = 1;
78	return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
79	&x->sig_alg, &x->signature, &x->cert_info, NULL,
80	pkey, md, x->libctx, x->propq);
81	}
82
83	int X509_sign_ctx(X509 x, EVP_MD_CTX ctx)
84	{
85	if (x == NULL) {
86	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
87	return 0;
88	}
89	if (sk_X509_EXTENSION_num(X509_get0_extensions(x)) > 0
90	&& !X509_set_version(x, X509_VERSION_3))
91	return 0;
92	x->cert_info.enc.modified = 1;
93	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
94	&x->cert_info.signature,
95	&x->sig_alg, &x->signature, &x->cert_info, ctx);
96	}
97
98	static ASN1_VALUE simple_get_asn1(const char url, BIO bio, BIO rbio,
99	int timeout, const ASN1_ITEM *it)
100	{
101	#ifndef OPENSSL_NO_HTTP
102	BIO mem = OSSL_HTTP_get(url, NULL / proxy /, NULL / no_proxy */,
103	bio, rbio, NULL /* cb /, NULL / arg */,
104	1024 /* buf_size /, NULL / headers */,
105	NULL /* expected_ct /, 1 / expect_asn1 */,
106	OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout);
107	ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL);
108
109	BIO_free(mem);
110	return res;
111	#else
112	return 0;
113	#endif
114	}
115
116	X509 X509_load_http(const char url, BIO bio, BIO rbio, int timeout)
117	{
118	return (X509 *)simple_get_asn1(url, bio, rbio, timeout,
119	ASN1_ITEM_rptr(X509));
120	}
121
122	int X509_REQ_sign(X509_REQ x, EVP_PKEY pkey, const EVP_MD *md)
123	{
124	if (x == NULL) {
125	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
126	return 0;
127	}
128	x->req_info.enc.modified = 1;
129	return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
130	x->signature, &x->req_info, NULL,
131	pkey, md, x->libctx, x->propq);
132	}
133
134	int X509_REQ_sign_ctx(X509_REQ x, EVP_MD_CTX ctx)
135	{
136	if (x == NULL) {
137	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
138	return 0;
139	}
140	x->req_info.enc.modified = 1;
141	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
142	&x->sig_alg, NULL, x->signature, &x->req_info,
143	ctx);
144	}
145
146	int X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md)
147	{
148	if (x == NULL) {
149	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
150	return 0;
151	}
152	x->crl.enc.modified = 1;
153	return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
154	&x->sig_alg, &x->signature, &x->crl, NULL,
155	pkey, md, x->libctx, x->propq);
156	}
157
158	int X509_CRL_sign_ctx(X509_CRL x, EVP_MD_CTX ctx)
159	{
160	if (x == NULL) {
161	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
162	return 0;
163	}
164	x->crl.enc.modified = 1;
165	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
166	&x->crl.sig_alg, &x->sig_alg, &x->signature,
167	&x->crl, ctx);
168	}
169
170	X509_CRL X509_CRL_load_http(const char url, BIO bio, BIO rbio, int timeout)
171	{
172	return (X509_CRL *)simple_get_asn1(url, bio, rbio, timeout,
173	ASN1_ITEM_rptr(X509_CRL));
174	}
175
176	int NETSCAPE_SPKI_sign(NETSCAPE_SPKI x, EVP_PKEY pkey, const EVP_MD *md)
177	{
178	return
179	ASN1_item_sign_ex(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL,
180	x->signature, x->spkac, NULL, pkey, md, NULL, NULL);
181	}
182
183	#ifndef OPENSSL_NO_STDIO
184	X509 d2i_X509_fp(FILE fp, X509 **x509)
185	{
186	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
187	}
188
189	int i2d_X509_fp(FILE fp, const X509 x509)
190	{
191	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
192	}
193	#endif
194
195	X509 d2i_X509_bio(BIO bp, X509 **x509)
196	{
197	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
198	}
199
200	int i2d_X509_bio(BIO bp, const X509 x509)
201	{
202	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
203	}
204
205	#ifndef OPENSSL_NO_STDIO
206	X509_CRL d2i_X509_CRL_fp(FILE fp, X509_CRL **crl)
207	{
208	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
209	}
210
211	int i2d_X509_CRL_fp(FILE fp, const X509_CRL crl)
212	{
213	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
214	}
215	#endif
216
217	X509_CRL d2i_X509_CRL_bio(BIO bp, X509_CRL **crl)
218	{
219	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
220	}
221
222	int i2d_X509_CRL_bio(BIO bp, const X509_CRL crl)
223	{
224	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
225	}
226
227	#ifndef OPENSSL_NO_STDIO
228	PKCS7 d2i_PKCS7_fp(FILE fp, PKCS7 **p7)
229	{
230	PKCS7 *ret;
231	OSSL_LIB_CTX *libctx = NULL;
232	const char *propq = NULL;
233
234	if (p7 != NULL && *p7 != NULL) {
235	libctx = (*p7)->ctx.libctx;
236	propq = (*p7)->ctx.propq;
237	}
238
239	ret = ASN1_item_d2i_fp_ex(ASN1_ITEM_rptr(PKCS7), fp, p7, libctx, propq);
240	if (ret != NULL)
241	ossl_pkcs7_resolve_libctx(ret);
242	return ret;
243	}
244
245	int i2d_PKCS7_fp(FILE fp, const PKCS7 p7)
246	{
247	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
248	}
249	#endif
250
251	PKCS7 d2i_PKCS7_bio(BIO bp, PKCS7 **p7)
252	{
253	PKCS7 *ret;
254	OSSL_LIB_CTX *libctx = NULL;
255	const char *propq = NULL;
256
257	if (p7 != NULL && *p7 != NULL) {
258	libctx = (*p7)->ctx.libctx;
259	propq = (*p7)->ctx.propq;
260	}
261
262	ret = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(PKCS7), bp, p7, libctx, propq);
263	if (ret != NULL)
264	ossl_pkcs7_resolve_libctx(ret);
265	return ret;
266	}
267
268	int i2d_PKCS7_bio(BIO bp, const PKCS7 p7)
269	{
270	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
271	}
272
273	#ifndef OPENSSL_NO_STDIO
274	X509_REQ d2i_X509_REQ_fp(FILE fp, X509_REQ **req)
275	{
276	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
277	}
278
279	int i2d_X509_REQ_fp(FILE fp, const X509_REQ req)
280	{
281	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
282	}
283	#endif
284
285	X509_REQ d2i_X509_REQ_bio(BIO bp, X509_REQ **req)
286	{
287	OSSL_LIB_CTX *libctx = NULL;
288	const char *propq = NULL;
289
290	if (req != NULL && *req != NULL) {
291	libctx = (*req)->libctx;
292	propq = (*req)->propq;
293	}
294
295	return
296	ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(X509_REQ), bp, req, libctx, propq);
297	}
298
299	int i2d_X509_REQ_bio(BIO bp, const X509_REQ req)
300	{
301	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
302	}
303
304	#ifndef OPENSSL_NO_STDIO
305	RSA d2i_RSAPrivateKey_fp(FILE fp, RSA **rsa)
306	{
307	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
308	}
309
310	int i2d_RSAPrivateKey_fp(FILE fp, const RSA rsa)
311	{
312	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
313	}
314
315	RSA d2i_RSAPublicKey_fp(FILE fp, RSA **rsa)
316	{
317	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
318	}
319
320	RSA d2i_RSA_PUBKEY_fp(FILE fp, RSA **rsa)
321	{
322	return ASN1_d2i_fp((void ()(void))
323	RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp,
324	(void **)rsa);
325	}
326
327	int i2d_RSAPublicKey_fp(FILE fp, const RSA rsa)
328	{
329	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
330	}
331
332	int i2d_RSA_PUBKEY_fp(FILE fp, const RSA rsa)
333	{
334	return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
335	}
336	#endif
337
338	RSA d2i_RSAPrivateKey_bio(BIO bp, RSA **rsa)
339	{
340	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
341	}
342
343	int i2d_RSAPrivateKey_bio(BIO bp, const RSA rsa)
344	{
345	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
346	}
347
348	RSA d2i_RSAPublicKey_bio(BIO bp, RSA **rsa)
349	{
350	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
351	}
352
353	RSA d2i_RSA_PUBKEY_bio(BIO bp, RSA **rsa)
354	{
355	return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
356	}
357
358	int i2d_RSAPublicKey_bio(BIO bp, const RSA rsa)
359	{
360	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
361	}
362
363	int i2d_RSA_PUBKEY_bio(BIO bp, const RSA rsa)
364	{
365	return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
366	}
367
368	#ifndef OPENSSL_NO_DSA
369	# ifndef OPENSSL_NO_STDIO
370	DSA d2i_DSAPrivateKey_fp(FILE fp, DSA **dsa)
371	{
372	return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
373	}
374
375	int i2d_DSAPrivateKey_fp(FILE fp, const DSA dsa)
376	{
377	return ASN1_i2d_fp_of(DSA, i2d_DSAPrivateKey, fp, dsa);
378	}
379
380	DSA d2i_DSA_PUBKEY_fp(FILE fp, DSA **dsa)
381	{
382	return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
383	}
384
385	int i2d_DSA_PUBKEY_fp(FILE fp, const DSA dsa)
386	{
387	return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
388	}
389	# endif
390
391	DSA d2i_DSAPrivateKey_bio(BIO bp, DSA **dsa)
392	{
393	return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
394	}
395
396	int i2d_DSAPrivateKey_bio(BIO bp, const DSA dsa)
397	{
398	return ASN1_i2d_bio_of(DSA, i2d_DSAPrivateKey, bp, dsa);
399	}
400
401	DSA d2i_DSA_PUBKEY_bio(BIO bp, DSA **dsa)
402	{
403	return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
404	}
405
406	int i2d_DSA_PUBKEY_bio(BIO bp, const DSA dsa)
407	{
408	return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
409	}
410
411	#endif
412
413	#ifndef OPENSSL_NO_EC
414	# ifndef OPENSSL_NO_STDIO
415	EC_KEY d2i_EC_PUBKEY_fp(FILE fp, EC_KEY **eckey)
416	{
417	return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
418	}
419
420	int i2d_EC_PUBKEY_fp(FILE fp, const EC_KEY eckey)
421	{
422	return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
423	}
424
425	EC_KEY d2i_ECPrivateKey_fp(FILE fp, EC_KEY **eckey)
426	{
427	return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
428	}
429
430	int i2d_ECPrivateKey_fp(FILE fp, const EC_KEY eckey)
431	{
432	return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
433	}
434	# endif
435	EC_KEY d2i_EC_PUBKEY_bio(BIO bp, EC_KEY **eckey)
436	{
437	return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
438	}
439
440	int i2d_EC_PUBKEY_bio(BIO bp, const EC_KEY ecdsa)
441	{
442	return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
443	}
444
445	EC_KEY d2i_ECPrivateKey_bio(BIO bp, EC_KEY **eckey)
446	{
447	return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
448	}
449
450	int i2d_ECPrivateKey_bio(BIO bp, const EC_KEY eckey)
451	{
452	return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
453	}
454	#endif
455
456	int X509_pubkey_digest(const X509 data, const EVP_MD type,
457	unsigned char md, unsigned int len)
458	{
459	ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(data);
460
461	if (key == NULL)
462	return 0;
463	return EVP_Digest(key->data, key->length, md, len, type, NULL);
464	}
465
466	int X509_digest(const X509 cert, const EVP_MD md, unsigned char *data,
467	unsigned int *len)
468	{
469	if (EVP_MD_is_a(md, SN_sha1) && (cert->ex_flags & EXFLAG_SET) != 0
470	&& (cert->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) {
471	/* Asking for SHA1 and we already computed it. */
472	if (len != NULL)
473	*len = sizeof(cert->sha1_hash);
474	memcpy(data, cert->sha1_hash, sizeof(cert->sha1_hash));
475	return 1;
476	}
477	return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509), md, (char *)cert,
478	data, len, cert->libctx, cert->propq);
479	}
480
481	/* calculate cert digest using the same hash algorithm as in its signature */
482	ASN1_OCTET_STRING X509_digest_sig(const X509 cert,
483	EVP_MD *md_used, int md_is_fallback)
484	{
485	unsigned int len;
486	unsigned char hash[EVP_MAX_MD_SIZE];
487	int mdnid, pknid;
488	EVP_MD *md = NULL;
489	const char *md_name;
490	ASN1_OCTET_STRING *new;
491
492	if (md_used != NULL)
493	*md_used = NULL;
494	if (md_is_fallback != NULL)
495	*md_is_fallback = 0;
496
497	if (cert == NULL) {
498	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
499	return NULL;
500	}
501
502	if (!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &mdnid, &pknid)) {
503	ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_SIGID_ALGS);
504	return NULL;
505	}
506
507	if (mdnid == NID_undef) {
508	if (pknid == EVP_PKEY_RSA_PSS) {
509	RSA_PSS_PARAMS *pss = ossl_rsa_pss_decode(&cert->sig_alg);
510	const EVP_MD mgf1md, mmd = NULL;
511	int saltlen, trailerfield;
512
513	if (pss == NULL
514	\|\| !ossl_rsa_pss_get_param_unverified(pss, &mmd, &mgf1md,
515	&saltlen,
516	&trailerfield)
517	\|\| mmd == NULL) {
518	RSA_PSS_PARAMS_free(pss);
519	ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
520	return NULL;
521	}
522	RSA_PSS_PARAMS_free(pss);
523	/* Fetch explicitly and do not fallback */
524	if ((md = EVP_MD_fetch(cert->libctx, EVP_MD_get0_name(mmd),
525	cert->propq)) == NULL)
526	/* Error code from fetch is sufficient */
527	return NULL;
528	} else if (pknid != NID_undef) {
529	/* A known algorithm, but without a digest */
530	switch (pknid) {
531	case NID_ED25519: /* Follow CMS default given in RFC8419 */
532	md_name = "SHA512";
533	break;
534	case NID_ED448: /* Follow CMS default given in RFC8419 */
535	md_name = "SHAKE256";
536	break;
537	default: /* Fall back to SHA-256 */
538	md_name = "SHA256";
539	break;
540	}
541	if ((md = EVP_MD_fetch(cert->libctx, md_name,
542	cert->propq)) == NULL)
543	return NULL;
544	if (md_is_fallback != NULL)
545	*md_is_fallback = 1;
546	} else {
547	/* A completely unknown algorithm */
548	ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
549	return NULL;
550	}
551	} else if ((md = EVP_MD_fetch(cert->libctx, OBJ_nid2sn(mdnid),
552	cert->propq)) == NULL
553	&& (md = (EVP_MD *)EVP_get_digestbynid(mdnid)) == NULL) {
554	ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
555	return NULL;
556	}
557	if (!X509_digest(cert, md, hash, &len)
558	\|\| (new = ASN1_OCTET_STRING_new()) == NULL)
559	goto err;
560	if (ASN1_OCTET_STRING_set(new, hash, len)) {
561	if (md_used != NULL)
562	*md_used = md;
563	else
564	EVP_MD_free(md);
565	return new;
566	}
567	ASN1_OCTET_STRING_free(new);
568	err:
569	EVP_MD_free(md);
570	return NULL;
571	}
572
573	int X509_CRL_digest(const X509_CRL data, const EVP_MD type,
574	unsigned char md, unsigned int len)
575	{
576	if (type == NULL) {
577	ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
578	return 0;
579	}
580	if (EVP_MD_is_a(type, SN_sha1)
581	&& (data->flags & EXFLAG_SET) != 0
582	&& (data->flags & EXFLAG_NO_FINGERPRINT) == 0) {
583	/* Asking for SHA1; always computed in CRL d2i. */
584	if (len != NULL)
585	*len = sizeof(data->sha1_hash);
586	memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
587	return 1;
588	}
589	return
590	ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_CRL), type, (char *)data,
591	md, len, data->libctx, data->propq);
592	}
593
594	int X509_REQ_digest(const X509_REQ data, const EVP_MD type,
595	unsigned char md, unsigned int len)
596	{
597	return
598	ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_REQ), type, (char *)data,
599	md, len, data->libctx, data->propq);
600	}
601
602	int X509_NAME_digest(const X509_NAME data, const EVP_MD type,
603	unsigned char md, unsigned int len)
604	{
605	return ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME), type, (char *)data,
606	md, len);
607	}
608
609	int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
610	const EVP_MD type, unsigned char md,
611	unsigned int *len)
612	{
613	return ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
614	(char *)data, md, len);
615	}
616
617	#ifndef OPENSSL_NO_STDIO
618	X509_SIG d2i_PKCS8_fp(FILE fp, X509_SIG **p8)
619	{
620	return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
621	}
622
623	int i2d_PKCS8_fp(FILE fp, const X509_SIG p8)
624	{
625	return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
626	}
627	#endif
628
629	X509_SIG d2i_PKCS8_bio(BIO bp, X509_SIG **p8)
630	{
631	return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
632	}
633
634	int i2d_PKCS8_bio(BIO bp, const X509_SIG p8)
635	{
636	return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
637	}
638
639	#ifndef OPENSSL_NO_STDIO
640	X509_PUBKEY d2i_X509_PUBKEY_fp(FILE fp, X509_PUBKEY **xpk)
641	{
642	return ASN1_d2i_fp_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY,
643	fp, xpk);
644	}
645
646	int i2d_X509_PUBKEY_fp(FILE fp, const X509_PUBKEY xpk)
647	{
648	return ASN1_i2d_fp_of(X509_PUBKEY, i2d_X509_PUBKEY, fp, xpk);
649	}
650	#endif
651
652	X509_PUBKEY d2i_X509_PUBKEY_bio(BIO bp, X509_PUBKEY **xpk)
653	{
654	return ASN1_d2i_bio_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY,
655	bp, xpk);
656	}
657
658	int i2d_X509_PUBKEY_bio(BIO bp, const X509_PUBKEY xpk)
659	{
660	return ASN1_i2d_bio_of(X509_PUBKEY, i2d_X509_PUBKEY, bp, xpk);
661	}
662
663	#ifndef OPENSSL_NO_STDIO
664	PKCS8_PRIV_KEY_INFO d2i_PKCS8_PRIV_KEY_INFO_fp(FILE fp,
665	PKCS8_PRIV_KEY_INFO **p8inf)
666	{
667	return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
668	d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
669	}
670
671	int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE fp, const PKCS8_PRIV_KEY_INFO p8inf)
672	{
673	return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp,
674	p8inf);
675	}
676
677	int i2d_PKCS8PrivateKeyInfo_fp(FILE fp, const EVP_PKEY key)
678	{
679	PKCS8_PRIV_KEY_INFO *p8inf;
680	int ret;
681
682	p8inf = EVP_PKEY2PKCS8(key);
683	if (p8inf == NULL)
684	return 0;
685	ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
686	PKCS8_PRIV_KEY_INFO_free(p8inf);
687	return ret;
688	}
689
690	int i2d_PrivateKey_fp(FILE fp, const EVP_PKEY pkey)
691	{
692	return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
693	}
694
695	EVP_PKEY d2i_PrivateKey_fp(FILE fp, EVP_PKEY **a)
696	{
697	return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
698	}
699
700	EVP_PKEY d2i_PrivateKey_ex_fp(FILE fp, EVP_PKEY *a, OSSL_LIB_CTX libctx,
701	const char *propq)
702	{
703	BIO *b;
704	void *ret;
705
706	if ((b = BIO_new(BIO_s_file())) == NULL) {
707	ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB);
708	return NULL;
709	}
710	BIO_set_fp(b, fp, BIO_NOCLOSE);
711	ret = d2i_PrivateKey_ex_bio(b, a, libctx, propq);
712	BIO_free(b);
713	return ret;
714	}
715
716	int i2d_PUBKEY_fp(FILE fp, const EVP_PKEY pkey)
717	{
718	return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
719	}
720
721	EVP_PKEY d2i_PUBKEY_ex_fp(FILE fp, EVP_PKEY *a, OSSL_LIB_CTX libctx,
722	const char *propq)
723	{
724	BIO *b;
725	void *ret;
726
727	if ((b = BIO_new(BIO_s_file())) == NULL) {
728	ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB);
729	return NULL;
730	}
731	BIO_set_fp(b, fp, BIO_NOCLOSE);
732	ret = d2i_PUBKEY_ex_bio(b, a, libctx, propq);
733	BIO_free(b);
734	return ret;
735	}
736
737	EVP_PKEY d2i_PUBKEY_fp(FILE fp, EVP_PKEY **a)
738	{
739	return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
740	}
741
742	#endif
743
744	PKCS8_PRIV_KEY_INFO d2i_PKCS8_PRIV_KEY_INFO_bio(BIO bp,
745	PKCS8_PRIV_KEY_INFO **p8inf)
746	{
747	return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
748	d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
749	}
750
751	int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO bp, const PKCS8_PRIV_KEY_INFO p8inf)
752	{
753	return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp,
754	p8inf);
755	}
756
757	int i2d_PKCS8PrivateKeyInfo_bio(BIO bp, const EVP_PKEY key)
758	{
759	PKCS8_PRIV_KEY_INFO *p8inf;
760	int ret;
761
762	p8inf = EVP_PKEY2PKCS8(key);
763	if (p8inf == NULL)
764	return 0;
765	ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
766	PKCS8_PRIV_KEY_INFO_free(p8inf);
767	return ret;
768	}
769
770	int i2d_PrivateKey_bio(BIO bp, const EVP_PKEY pkey)
771	{
772	return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
773	}
774
775	EVP_PKEY d2i_PrivateKey_bio(BIO bp, EVP_PKEY **a)
776	{
777	return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
778	}
779
780	EVP_PKEY d2i_PrivateKey_ex_bio(BIO bp, EVP_PKEY *a, OSSL_LIB_CTX libctx,
781	const char *propq)
782	{
783	BUF_MEM *b = NULL;
784	const unsigned char *p;
785	void *ret = NULL;
786	int len;
787
788	len = asn1_d2i_read_bio(bp, &b);
789	if (len < 0)
790	goto err;
791
792	p = (unsigned char *)b->data;
793	ret = d2i_AutoPrivateKey_ex(a, &p, len, libctx, propq);
794	err:
795	BUF_MEM_free(b);
796	return ret;
797	}
798
799	int i2d_PUBKEY_bio(BIO bp, const EVP_PKEY pkey)
800	{
801	return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
802	}
803
804	EVP_PKEY d2i_PUBKEY_ex_bio(BIO bp, EVP_PKEY *a, OSSL_LIB_CTX libctx,
805	const char *propq)
806	{
807	BUF_MEM *b = NULL;
808	const unsigned char *p;
809	void *ret = NULL;
810	int len;
811
812	len = asn1_d2i_read_bio(bp, &b);
813	if (len < 0)
814	goto err;
815
816	p = (unsigned char *)b->data;
817	ret = d2i_PUBKEY_ex(a, &p, len, libctx, propq);
818	err:
819	BUF_MEM_free(b);
820	return ret;
821	}
822
823	EVP_PKEY d2i_PUBKEY_bio(BIO bp, EVP_PKEY **a)
824	{
825	return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
826	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.3.2/crypto/x509/x_all.c@ 108358

以其他格式下載: