diff options
Diffstat (limited to 'crypto/x509/x_all.c')
-rw-r--r-- | crypto/x509/x_all.c | 153 |
1 files changed, 60 insertions, 93 deletions
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 0f26c546d835..24e4114601ca 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -1,159 +1,112 @@ -/* crypto/x509/x_all.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include <openssl/stack.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/buffer.h> #include <openssl/asn1.h> #include <openssl/evp.h> #include <openssl/x509.h> +#include "internal/x509_int.h" #include <openssl/ocsp.h> -#ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -#endif -#ifndef OPENSSL_NO_DSA -# include <openssl/dsa.h> -#endif +#include <openssl/rsa.h> +#include <openssl/dsa.h> +#include <openssl/x509v3.h> int X509_verify(X509 *a, EVP_PKEY *r) { - if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) + if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature)) return 0; - return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg, - a->signature, a->cert_info, r)); + return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, + &a->signature, &a->cert_info, r)); } int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) { return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), - a->sig_alg, a->signature, a->req_info, r)); + &a->sig_alg, a->signature, &a->req_info, r)); } int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) { return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), - a->sig_algor, a->signature, a->spkac, r)); + &a->sig_algor, a->signature, a->spkac, r)); } int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { - x->cert_info->enc.modified = 1; - return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, - x->sig_alg, x->signature, x->cert_info, pkey, md)); + x->cert_info.enc.modified = 1; + return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, + &x->sig_alg, &x->signature, &x->cert_info, pkey, + md)); } int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) { - x->cert_info->enc.modified = 1; + x->cert_info.enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), - x->cert_info->signature, - x->sig_alg, x->signature, x->cert_info, ctx); + &x->cert_info.signature, + &x->sig_alg, &x->signature, &x->cert_info, ctx); } +#ifndef OPENSSL_NO_OCSP int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert) { return OCSP_REQ_CTX_nbio_d2i(rctx, (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509)); } +#endif int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) { - return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL, - x->signature, x->req_info, pkey, md)); + return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL, + x->signature, &x->req_info, pkey, md)); } int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) { return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), - x->sig_alg, NULL, x->signature, x->req_info, + &x->sig_alg, NULL, x->signature, &x->req_info, ctx); } int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) { - x->crl->enc.modified = 1; - return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg, - x->sig_alg, x->signature, x->crl, pkey, md)); + x->crl.enc.modified = 1; + return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg, + &x->sig_alg, &x->signature, &x->crl, pkey, md)); } int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) { - x->crl->enc.modified = 1; + x->crl.enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), - x->crl->sig_alg, x->sig_alg, x->signature, - x->crl, ctx); + &x->crl.sig_alg, &x->sig_alg, &x->signature, + &x->crl, ctx); } +#ifndef OPENSSL_NO_OCSP int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) { return OCSP_REQ_CTX_nbio_d2i(rctx, (ASN1_VALUE **)pcrl, ASN1_ITEM_rptr(X509_CRL)); } +#endif int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) { - return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL, + return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, x->signature, x->spkac, pkey, md)); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO X509 *d2i_X509_fp(FILE *fp, X509 **x509) { return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); @@ -175,7 +128,7 @@ int i2d_X509_bio(BIO *bp, X509 *x509) return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) { return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); @@ -197,7 +150,7 @@ int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) { return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); @@ -219,7 +172,7 @@ int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) { return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); @@ -243,7 +196,7 @@ int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) #ifndef OPENSSL_NO_RSA -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) { return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); @@ -309,7 +262,7 @@ int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) #endif #ifndef OPENSSL_NO_DSA -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) { return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa); @@ -354,7 +307,7 @@ int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) #endif #ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) { return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); @@ -409,6 +362,13 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD *type, int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { + if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) { + /* Asking for SHA1 and we already computed it. */ + if (len != NULL) + *len = sizeof(data->sha1_hash); + memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); + return 1; + } return (ASN1_item_digest (ASN1_ITEM_rptr(X509), type, (char *)data, md, len)); } @@ -416,6 +376,13 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { + if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) { + /* Asking for SHA1; always computed in CRL d2i. */ + if (len != NULL) + *len = sizeof(data->sha1_hash); + memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); + return 1; + } return (ASN1_item_digest (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len)); } @@ -442,7 +409,7 @@ int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, (char *)data, md, len)); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) { return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8); @@ -464,7 +431,7 @@ int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO **p8inf) { |