Coverage Report

Created: 2025-06-13 06:58

/src/openssl31/crypto/x509/x_all.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
/*
11
 * Low level APIs are deprecated for public use, but still ok for
12
 * internal use.
13
 */
14
#include "internal/deprecated.h"
15
16
#include <stdio.h>
17
#include "internal/cryptlib.h"
18
#include <openssl/buffer.h>
19
#include <openssl/asn1.h>
20
#include <openssl/evp.h>
21
#include <openssl/x509.h>
22
#include <openssl/http.h>
23
#include <openssl/rsa.h>
24
#include <openssl/dsa.h>
25
#include <openssl/x509v3.h>
26
#include "internal/asn1.h"
27
#include "crypto/pkcs7.h"
28
#include "crypto/x509.h"
29
#include "crypto/rsa.h"
30
31
int X509_verify(X509 *a, EVP_PKEY *r)
32
2.24k
{
33
2.24k
    if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature) != 0)
34
1.34k
        return 0;
35
36
900
    return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
37
900
                               &a->signature, &a->cert_info,
38
900
                               a->distinguishing_id, r, a->libctx, a->propq);
39
2.24k
}
40
41
int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OSSL_LIB_CTX *libctx,
42
                       const char *propq)
43
1.95k
{
44
1.95k
    return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &a->sig_alg,
45
1.95k
                               a->signature, &a->req_info, a->distinguishing_id,
46
1.95k
                               r, libctx, propq);
47
1.95k
}
48
49
int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
50
0
{
51
0
    return X509_REQ_verify_ex(a, r, NULL, NULL);
52
0
}
53
54
int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
55
0
{
56
0
    return ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
57
0
                            &a->sig_algor, a->signature, a->spkac, r);
58
0
}
59
60
int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
61
0
{
62
0
    if (x == NULL) {
63
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
64
0
        return 0;
65
0
    }
66
67
    /*
68
     * Setting the modified flag before signing it. This makes the cached
69
     * encoding to be ignored, so even if the certificate fields have changed,
70
     * they are signed correctly.
71
     * The X509_sign_ctx, X509_REQ_sign{,_ctx}, X509_CRL_sign{,_ctx} functions
72
     * which exist below are the same.
73
     */
74
0
    x->cert_info.enc.modified = 1;
75
0
    return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
76
0
                             &x->sig_alg, &x->signature, &x->cert_info, NULL,
77
0
                             pkey, md, x->libctx, x->propq);
78
0
}
79
80
int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
81
0
{
82
0
    if (x == NULL) {
83
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
84
0
        return 0;
85
0
    }
86
0
    x->cert_info.enc.modified = 1;
87
0
    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
88
0
                              &x->cert_info.signature,
89
0
                              &x->sig_alg, &x->signature, &x->cert_info, ctx);
90
0
}
91
92
static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
93
                                   int timeout, const ASN1_ITEM *it)
94
0
{
95
0
    size_t max_resp_len = (it == ASN1_ITEM_rptr(X509_CRL)) ?
96
0
        OSSL_HTTP_DEFAULT_MAX_CRL_LEN : OSSL_HTTP_DEFAULT_MAX_RESP_LEN;
97
0
    BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */,
98
0
                             bio, rbio, NULL /* cb */, NULL /* arg */,
99
0
                             1024 /* buf_size */, NULL /* headers */,
100
0
                             NULL /* expected_ct */, 1 /* expect_asn1 */,
101
0
                             max_resp_len, timeout);
102
0
    ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL);
103
104
0
    BIO_free(mem);
105
0
    return res;
106
0
}
107
108
X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout)
109
0
{
110
0
    return (X509 *)simple_get_asn1(url, bio, rbio, timeout,
111
0
                                   ASN1_ITEM_rptr(X509));
112
0
}
113
114
int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
115
0
{
116
0
    if (x == NULL) {
117
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
118
0
        return 0;
119
0
    }
120
0
    x->req_info.enc.modified = 1;
121
0
    return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
122
0
                             x->signature, &x->req_info, NULL,
123
0
                             pkey, md, x->libctx, x->propq);
124
0
}
125
126
int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
127
0
{
128
0
    if (x == NULL) {
129
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
130
0
        return 0;
131
0
    }
132
0
    x->req_info.enc.modified = 1;
133
0
    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
134
0
                              &x->sig_alg, NULL, x->signature, &x->req_info,
135
0
                              ctx);
136
0
}
137
138
int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
139
0
{
140
0
    if (x == NULL) {
141
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
142
0
        return 0;
143
0
    }
144
0
    x->crl.enc.modified = 1;
145
0
    return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
146
0
                             &x->sig_alg, &x->signature, &x->crl, NULL,
147
0
                             pkey, md, x->libctx, x->propq);
148
0
}
149
150
int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
151
0
{
152
0
    if (x == NULL) {
153
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
154
0
        return 0;
155
0
    }
156
0
    x->crl.enc.modified = 1;
157
0
    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
158
0
                              &x->crl.sig_alg, &x->sig_alg, &x->signature,
159
0
                              &x->crl, ctx);
160
0
}
161
162
X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout)
163
0
{
164
0
    return (X509_CRL *)simple_get_asn1(url, bio, rbio, timeout,
165
0
                                       ASN1_ITEM_rptr(X509_CRL));
166
0
}
167
168
int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
169
0
{
170
0
    return
171
0
        ASN1_item_sign_ex(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL,
172
0
                          x->signature, x->spkac, NULL, pkey, md, NULL, NULL);
173
0
}
174
175
#ifndef OPENSSL_NO_STDIO
176
X509 *d2i_X509_fp(FILE *fp, X509 **x509)
177
0
{
178
0
    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
179
0
}
180
181
int i2d_X509_fp(FILE *fp, const X509 *x509)
182
0
{
183
0
    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
184
0
}
185
#endif
186
187
X509 *d2i_X509_bio(BIO *bp, X509 **x509)
188
0
{
189
0
    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
190
0
}
191
192
int i2d_X509_bio(BIO *bp, const X509 *x509)
193
0
{
194
0
    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
195
0
}
196
197
#ifndef OPENSSL_NO_STDIO
198
X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
199
0
{
200
0
    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
201
0
}
202
203
int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl)
204
0
{
205
0
    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
206
0
}
207
#endif
208
209
X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
210
0
{
211
0
    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
212
0
}
213
214
int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl)
215
0
{
216
0
    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
217
0
}
218
219
#ifndef OPENSSL_NO_STDIO
220
PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
221
0
{
222
0
    PKCS7 *ret;
223
0
    OSSL_LIB_CTX *libctx = NULL;
224
0
    const char *propq = NULL;
225
226
0
    if (p7 != NULL && *p7 != NULL) {
227
0
        libctx = (*p7)->ctx.libctx;
228
0
        propq = (*p7)->ctx.propq;
229
0
    }
230
231
0
    ret = ASN1_item_d2i_fp_ex(ASN1_ITEM_rptr(PKCS7), fp, p7, libctx, propq);
232
0
    if (ret != NULL)
233
0
        ossl_pkcs7_resolve_libctx(ret);
234
0
    return ret;
235
0
}
236
237
int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7)
238
0
{
239
0
    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
240
0
}
241
#endif
242
243
PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
244
0
{
245
0
    PKCS7 *ret;
246
0
    OSSL_LIB_CTX *libctx = NULL;
247
0
    const char *propq = NULL;
248
249
0
    if (p7 != NULL && *p7 != NULL) {
250
0
        libctx = (*p7)->ctx.libctx;
251
0
        propq = (*p7)->ctx.propq;
252
0
    }
253
254
0
    ret = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(PKCS7), bp, p7, libctx, propq);
255
0
    if (ret != NULL)
256
0
        ossl_pkcs7_resolve_libctx(ret);
257
0
    return ret;
258
0
}
259
260
int i2d_PKCS7_bio(BIO *bp, const PKCS7 *p7)
261
0
{
262
0
    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
263
0
}
264
265
#ifndef OPENSSL_NO_STDIO
266
X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
267
0
{
268
0
    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
269
0
}
270
271
int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req)
272
0
{
273
0
    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
274
0
}
275
#endif
276
277
X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
278
0
{
279
0
    OSSL_LIB_CTX *libctx = NULL;
280
0
    const char *propq = NULL;
281
282
0
    if (req != NULL && *req != NULL) {
283
0
        libctx = (*req)->libctx;
284
0
        propq = (*req)->propq;
285
0
    }
286
287
0
    return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(X509_REQ), bp, req, libctx, propq);
288
0
}
289
290
int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req)
291
0
{
292
0
    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
293
0
}
294
295
#ifndef OPENSSL_NO_STDIO
296
RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
297
0
{
298
0
    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
299
0
}
300
301
int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa)
302
0
{
303
0
    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
304
0
}
305
306
RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
307
0
{
308
0
    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
309
0
}
310
311
RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
312
0
{
313
0
    return ASN1_d2i_fp((void *(*)(void))
314
0
                       RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp,
315
0
                       (void **)rsa);
316
0
}
317
318
int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa)
319
0
{
320
0
    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
321
0
}
322
323
int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa)
324
0
{
325
0
    return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
326
0
}
327
#endif
328
329
RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
330
0
{
331
0
    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
332
0
}
333
334
int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa)
335
0
{
336
0
    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
337
0
}
338
339
RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
340
0
{
341
0
    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
342
0
}
343
344
RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
345
0
{
346
0
    return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
347
0
}
348
349
int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa)
350
0
{
351
0
    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
352
0
}
353
354
int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa)
355
0
{
356
0
    return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
357
0
}
358
359
#ifndef OPENSSL_NO_DSA
360
# ifndef OPENSSL_NO_STDIO
361
DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
362
0
{
363
0
    return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
364
0
}
365
366
int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa)
367
0
{
368
0
    return ASN1_i2d_fp_of(DSA, i2d_DSAPrivateKey, fp, dsa);
369
0
}
370
371
DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
372
0
{
373
0
    return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
374
0
}
375
376
int i2d_DSA_PUBKEY_fp(FILE *fp, const DSA *dsa)
377
0
{
378
0
    return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
379
0
}
380
# endif
381
382
DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
383
0
{
384
0
    return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
385
0
}
386
387
int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa)
388
0
{
389
0
    return ASN1_i2d_bio_of(DSA, i2d_DSAPrivateKey, bp, dsa);
390
0
}
391
392
DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
393
0
{
394
0
    return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
395
0
}
396
397
int i2d_DSA_PUBKEY_bio(BIO *bp, const DSA *dsa)
398
0
{
399
0
    return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
400
0
}
401
402
#endif
403
404
#ifndef OPENSSL_NO_EC
405
# ifndef OPENSSL_NO_STDIO
406
EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
407
0
{
408
0
    return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
409
0
}
410
411
int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey)
412
0
{
413
0
    return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
414
0
}
415
416
EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
417
0
{
418
0
    return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
419
0
}
420
421
int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey)
422
0
{
423
0
    return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
424
0
}
425
# endif
426
EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
427
0
{
428
0
    return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
429
0
}
430
431
int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *ecdsa)
432
0
{
433
0
    return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
434
0
}
435
436
EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
437
0
{
438
0
    return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
439
0
}
440
441
int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey)
442
0
{
443
0
    return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
444
0
}
445
#endif
446
447
int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
448
                       unsigned char *md, unsigned int *len)
449
71
{
450
71
    ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(data);
451
452
71
    if (key == NULL)
453
0
        return 0;
454
71
    return EVP_Digest(key->data, key->length, md, len, type, NULL);
455
71
}
456
457
int X509_digest(const X509 *cert, const EVP_MD *md, unsigned char *data,
458
                unsigned int *len)
459
108k
{
460
108k
    if (EVP_MD_is_a(md, SN_sha1) && (cert->ex_flags & EXFLAG_SET) != 0
461
108k
            && (cert->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) {
462
        /* Asking for SHA1 and we already computed it. */
463
0
        if (len != NULL)
464
0
            *len = sizeof(cert->sha1_hash);
465
0
        memcpy(data, cert->sha1_hash, sizeof(cert->sha1_hash));
466
0
        return 1;
467
0
    }
468
108k
    return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509), md, (char *)cert,
469
108k
                                    data, len, cert->libctx, cert->propq);
470
108k
}
471
472
/* calculate cert digest using the same hash algorithm as in its signature */
473
ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert,
474
                                   EVP_MD **md_used, int *md_is_fallback)
475
0
{
476
0
    unsigned int len;
477
0
    unsigned char hash[EVP_MAX_MD_SIZE];
478
0
    int mdnid, pknid;
479
0
    EVP_MD *md = NULL;
480
0
    const char *md_name;
481
0
    ASN1_OCTET_STRING *new;
482
483
0
    if (md_used != NULL)
484
0
        *md_used = NULL;
485
0
    if (md_is_fallback != NULL)
486
0
        *md_is_fallback = 0;
487
488
0
    if (cert == NULL) {
489
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
490
0
        return NULL;
491
0
    }
492
493
0
    if (!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &mdnid, &pknid)) {
494
0
        ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_SIGID_ALGS);
495
0
        return NULL;
496
0
    }
497
498
0
    if (mdnid == NID_undef) {
499
0
        if (pknid == EVP_PKEY_RSA_PSS) {
500
0
            RSA_PSS_PARAMS *pss = ossl_rsa_pss_decode(&cert->sig_alg);
501
0
            const EVP_MD *mgf1md, *mmd = NULL;
502
0
            int saltlen, trailerfield;
503
504
0
            if (pss == NULL
505
0
                || !ossl_rsa_pss_get_param_unverified(pss, &mmd, &mgf1md,
506
0
                                                      &saltlen,
507
0
                                                      &trailerfield)
508
0
                || mmd == NULL) {
509
0
                RSA_PSS_PARAMS_free(pss);
510
0
                ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
511
0
                return NULL;
512
0
            }
513
0
            RSA_PSS_PARAMS_free(pss);
514
            /* Fetch explicitly and do not fallback */
515
0
            if ((md = EVP_MD_fetch(cert->libctx, EVP_MD_get0_name(mmd),
516
0
                                   cert->propq)) == NULL)
517
                /* Error code from fetch is sufficient */
518
0
                return NULL;
519
0
        } else if (pknid != NID_undef) {
520
            /* A known algorithm, but without a digest */
521
0
            switch (pknid) {
522
0
            case NID_ED25519: /* Follow CMS default given in RFC8419 */
523
0
                md_name = "SHA512";
524
0
                break;
525
0
            case NID_ED448: /* Follow CMS default given in RFC8419 */
526
0
                md_name = "SHAKE256";
527
0
                break;
528
0
            default: /* Fall back to SHA-256 */
529
0
                md_name = "SHA256";
530
0
                break;
531
0
            }
532
0
            if ((md = EVP_MD_fetch(cert->libctx, md_name,
533
0
                                   cert->propq)) == NULL)
534
0
                return NULL;
535
0
            if (md_is_fallback != NULL)
536
0
                *md_is_fallback = 1;
537
0
        } else {
538
            /* A completely unknown algorithm */
539
0
            ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
540
0
            return NULL;
541
0
        }
542
0
    } else if ((md = EVP_MD_fetch(cert->libctx, OBJ_nid2sn(mdnid),
543
0
                                  cert->propq)) == NULL
544
0
               && (md = (EVP_MD *)EVP_get_digestbynid(mdnid)) == NULL) {
545
0
        ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
546
0
        return NULL;
547
0
    }
548
0
    if (!X509_digest(cert, md, hash, &len)
549
0
            || (new = ASN1_OCTET_STRING_new()) == NULL)
550
0
        goto err;
551
0
    if (ASN1_OCTET_STRING_set(new, hash, len)) {
552
0
        if (md_used != NULL)
553
0
            *md_used = md;
554
0
        else
555
0
            EVP_MD_free(md);
556
0
        return new;
557
0
    }
558
0
    ASN1_OCTET_STRING_free(new);
559
0
 err:
560
0
    EVP_MD_free(md);
561
0
    return NULL;
562
0
}
563
564
int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
565
                    unsigned char *md, unsigned int *len)
566
176k
{
567
176k
    if (type == NULL) {
568
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
569
0
        return 0;
570
0
    }
571
176k
    if (EVP_MD_is_a(type, SN_sha1)
572
176k
            && (data->flags & EXFLAG_SET) != 0
573
176k
            && (data->flags & EXFLAG_NO_FINGERPRINT) == 0) {
574
        /* Asking for SHA1; always computed in CRL d2i. */
575
0
        if (len != NULL)
576
0
            *len = sizeof(data->sha1_hash);
577
0
        memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
578
0
        return 1;
579
0
    }
580
176k
    return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_CRL), type, (char *)data,
581
176k
                                    md, len, data->libctx, data->propq);
582
176k
}
583
584
int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
585
                    unsigned char *md, unsigned int *len)
586
0
{
587
0
    return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_REQ), type, (char *)data,
588
0
                                    md, len, data->libctx, data->propq);
589
0
}
590
591
int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
592
                     unsigned char *md, unsigned int *len)
593
626
{
594
626
    return ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME), type, (char *)data,
595
626
                            md, len);
596
626
}
597
598
int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
599
                                   const EVP_MD *type, unsigned char *md,
600
                                   unsigned int *len)
601
0
{
602
0
    return ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
603
0
                            (char *)data, md, len);
604
0
}
605
606
#ifndef OPENSSL_NO_STDIO
607
X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
608
0
{
609
0
    return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
610
0
}
611
612
int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8)
613
0
{
614
0
    return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
615
0
}
616
#endif
617
618
X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
619
0
{
620
0
    return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
621
0
}
622
623
int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8)
624
0
{
625
0
    return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
626
0
}
627
628
#ifndef OPENSSL_NO_STDIO
629
X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk)
630
0
{
631
0
    return ASN1_d2i_fp_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY,
632
0
                          fp, xpk);
633
0
}
634
635
int i2d_X509_PUBKEY_fp(FILE *fp, const X509_PUBKEY *xpk)
636
0
{
637
0
    return ASN1_i2d_fp_of(X509_PUBKEY, i2d_X509_PUBKEY, fp, xpk);
638
0
}
639
#endif
640
641
X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk)
642
0
{
643
0
    return ASN1_d2i_bio_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY,
644
0
                           bp, xpk);
645
0
}
646
647
int i2d_X509_PUBKEY_bio(BIO *bp, const X509_PUBKEY *xpk)
648
0
{
649
0
    return ASN1_i2d_bio_of(X509_PUBKEY, i2d_X509_PUBKEY, bp, xpk);
650
0
}
651
652
#ifndef OPENSSL_NO_STDIO
653
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
654
                                                PKCS8_PRIV_KEY_INFO **p8inf)
655
0
{
656
0
    return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
657
0
                          d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
658
0
}
659
660
int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf)
661
0
{
662
0
    return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp,
663
0
                          p8inf);
664
0
}
665
666
int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key)
667
0
{
668
0
    PKCS8_PRIV_KEY_INFO *p8inf;
669
0
    int ret;
670
671
0
    p8inf = EVP_PKEY2PKCS8(key);
672
0
    if (p8inf == NULL)
673
0
        return 0;
674
0
    ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
675
0
    PKCS8_PRIV_KEY_INFO_free(p8inf);
676
0
    return ret;
677
0
}
678
679
int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey)
680
0
{
681
0
    return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
682
0
}
683
684
EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
685
0
{
686
0
    return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
687
0
}
688
689
EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
690
                               const char *propq)
691
0
{
692
0
    BIO *b;
693
0
    void *ret;
694
695
0
    if ((b = BIO_new(BIO_s_file())) == NULL) {
696
0
        ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB);
697
0
        return NULL;
698
0
    }
699
0
    BIO_set_fp(b, fp, BIO_NOCLOSE);
700
0
    ret = d2i_PrivateKey_ex_bio(b, a, libctx, propq);
701
0
    BIO_free(b);
702
0
    return ret;
703
0
}
704
705
int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey)
706
0
{
707
0
    return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
708
0
}
709
710
EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
711
0
{
712
0
    return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
713
0
}
714
715
#endif
716
717
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
718
                                                 PKCS8_PRIV_KEY_INFO **p8inf)
719
0
{
720
0
    return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
721
0
                           d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
722
0
}
723
724
int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf)
725
105
{
726
105
    return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp,
727
105
                           p8inf);
728
105
}
729
730
int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key)
731
0
{
732
0
    PKCS8_PRIV_KEY_INFO *p8inf;
733
0
    int ret;
734
735
0
    p8inf = EVP_PKEY2PKCS8(key);
736
0
    if (p8inf == NULL)
737
0
        return 0;
738
0
    ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
739
0
    PKCS8_PRIV_KEY_INFO_free(p8inf);
740
0
    return ret;
741
0
}
742
743
int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey)
744
0
{
745
0
    return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
746
0
}
747
748
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
749
0
{
750
0
    return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
751
0
}
752
753
EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx,
754
                                const char *propq)
755
0
{
756
0
    BUF_MEM *b = NULL;
757
0
    const unsigned char *p;
758
0
    void *ret = NULL;
759
0
    int len;
760
761
0
    len = asn1_d2i_read_bio(bp, &b);
762
0
    if (len < 0)
763
0
        goto err;
764
765
0
    p = (unsigned char *)b->data;
766
0
    ret = d2i_AutoPrivateKey_ex(a, &p, len, libctx, propq);
767
0
 err:
768
0
    BUF_MEM_free(b);
769
0
    return ret;
770
0
}
771
772
int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey)
773
0
{
774
0
    return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
775
0
}
776
777
EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
778
0
{
779
0
    return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
780
0
}