Various function for commmon operations.

This commit is contained in:
Dr. Stephen Henson 2001-02-02 00:45:54 +00:00
parent 664d83bb23
commit 88ce56f8c1
12 changed files with 49 additions and 45 deletions

View file

@ -3,6 +3,12 @@
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
*) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
structure from a certificate. X509_pubkey_digest() digests tha public_key
contents: this is used in various key identifiers.
[Steve Henson]
*) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
keyUsage if basicConstraints absent for a CA.
[Steve Henson]

View file

@ -525,7 +525,7 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
if(!*req) *req = OCSP_REQUEST_new();
if(!*req) goto err;
iname = X509_get_subject_name(issuer);
ikey = issuer->cert_info->key->public_key;
ikey = X509_get0_pubkey_bitstr(issuer);
sno = s2i_ASN1_INTEGER(NULL, serial);
if(!sno)
{

View file

@ -74,7 +74,6 @@
int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
unsigned char *md, unsigned int *len)
{
EVP_MD_CTX ctx;
int i;
unsigned char *str,*p;
@ -83,9 +82,7 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
p=str;
i2d(data,&p);
EVP_DigestInit(&ctx,type);
EVP_DigestUpdate(&ctx,str,i);
EVP_DigestFinal(&ctx,md,len);
EVP_Digest(str, i, md, len, type);
OPENSSL_free(str);
return(1);
}
@ -96,16 +93,13 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
unsigned char *md, unsigned int *len)
{
EVP_MD_CTX ctx;
int i;
unsigned char *str = NULL;
i=ASN1_item_i2d(asn,&str, it);
if (!str) return(0);
EVP_DigestInit(&ctx,type);
EVP_DigestUpdate(&ctx,str,i);
EVP_DigestFinal(&ctx,md,len);
EVP_Digest(str, i, md, len, type);
OPENSSL_free(str);
return(1);
}

View file

@ -196,14 +196,11 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
i = strlen((char *)buf);
/* If the key is used for SGC the algorithm is modified a little. */
if(sgckey) {
EVP_MD_CTX mctx;
EVP_DigestInit(&mctx, EVP_md5());
EVP_DigestUpdate(&mctx, buf, i);
EVP_DigestFinal(&mctx, buf, NULL);
EVP_Digest(buf, i, buf, NULL, EVP_md5());
memcpy(buf + 16, "SGCKEYSALT", 10);
i = 26;
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
memset(buf,0,256);
@ -287,10 +284,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
i = strlen((char *)buf);
if(sgckey){
EVP_MD_CTX mctx;
EVP_DigestInit(&mctx, EVP_md5());
EVP_DigestUpdate(&mctx, buf, i);
EVP_DigestFinal(&mctx, buf, NULL);
EVP_Digest(buf, i, buf, NULL, EVP_md5());
memcpy(buf + 16, "SGCKEYSALT", 10);
i = 26;
}

View file

@ -89,4 +89,14 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in)
}
memcpy((char *)out,(char *)in,in->digest->ctx_size);
return 1;
}
}
int EVP_Digest(void *data, unsigned int count,
unsigned char *md, unsigned int *size, const EVP_MD *type)
{
EVP_MD_CTX ctx;
EVP_DigestInit(&ctx, type);
EVP_DigestUpdate(&ctx, data, count);
EVP_DigestFinal(&ctx, md, size);
return 1;
}

View file

@ -559,6 +559,8 @@ void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
void EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
unsigned int cnt);
void EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
int EVP_Digest(void *data, unsigned int count,
unsigned char *md, unsigned int *size, const EVP_MD *type);
int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
void EVP_set_pw_prompt(char *prompt);

View file

@ -82,7 +82,7 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
#endif
iname = X509_get_issuer_name(subject);
serial = X509_get_serialNumber(subject);
ikey = issuer->cert_info->key->public_key;
ikey = X509_get0_pubkey_bitstr(issuer);
return OCSP_cert_id_new(dgst, iname, ikey, serial);
}
@ -97,7 +97,6 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
X509_ALGOR *alg;
OCSP_CERTID *cid = NULL;
unsigned char md[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
if (!(cid = OCSP_CERTID_new())) goto err;
@ -116,9 +115,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
/* Calculate the issuerKey hash, excluding tag and length */
EVP_DigestInit(&ctx,dgst);
EVP_DigestUpdate(&ctx,issuerKey->data, issuerKey->length);
EVP_DigestFinal(&ctx,md,&i);
EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst);
if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
@ -186,7 +183,6 @@ OCSP_BASICRESP *OCSP_basic_response_new(int type, X509* cert)
{
time_t t;
OCSP_RESPID *rid;
ASN1_BIT_STRING *bs;
OCSP_BASICRESP *rsp = NULL;
unsigned char md[SHA_DIGEST_LENGTH];
@ -205,9 +201,7 @@ OCSP_BASICRESP *OCSP_basic_response_new(int type, X509* cert)
/* SHA-1 hash of responder's public key
* (excluding the tag and length fields)
*/
bs = cert->cert_info->key->public_key;
SHA1(ASN1_STRING_data((ASN1_STRING*)bs),
ASN1_STRING_length((ASN1_STRING*)bs), md);
X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
goto err;
if (!(ASN1_OCTET_STRING_set(rid->value.byKey,

View file

@ -177,8 +177,6 @@ static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
{
int i;
unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
ASN1_BIT_STRING *key;
EVP_MD_CTX ctx;
X509 *x;
/* Easy if lookup by name */
@ -194,10 +192,7 @@ static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
for (i = 0; i < sk_X509_num(certs); i++)
{
x = sk_X509_value(certs, i);
key = x->cert_info->key->public_key;
EVP_DigestInit(&ctx,EVP_sha1());
EVP_DigestUpdate(&ctx,key->data, key->length);
EVP_DigestFinal(&ctx,tmphash,NULL);
X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
return x;
}
@ -294,9 +289,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
if(cid)
{
const EVP_MD *dgst;
EVP_MD_CTX ctx;
X509_NAME *iname;
ASN1_BIT_STRING *ikey;
int mdlen;
unsigned char md[EVP_MAX_MD_SIZE];
if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)))
@ -314,11 +307,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
return -1;
if (memcmp(md, cid->issuerNameHash->data, mdlen))
return 0;
ikey = cert->cert_info->key->public_key;
EVP_DigestInit(&ctx,dgst);
EVP_DigestUpdate(&ctx,ikey->data, ikey->length);
EVP_DigestFinal(&ctx,md,NULL);
X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
if (memcmp(md, cid->issuerKeyHash->data, mdlen))
return 0;

View file

@ -719,6 +719,8 @@ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
unsigned char *md, unsigned int *len);
int X509_digest(const X509 *data,const EVP_MD *type,
unsigned char *md, unsigned int *len);
int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
@ -937,6 +939,7 @@ int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
EVP_PKEY * X509_get_pubkey(X509 *x);
ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
int X509_REQ_set_version(X509_REQ *x,long version);

View file

@ -264,6 +264,12 @@ EVP_PKEY *X509_get_pubkey(X509 *x)
return(X509_PUBKEY_get(x->cert_info->key));
}
ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
{
if(!x) return NULL;
return x->cert_info->key->public_key;
}
int X509_check_private_key(X509 *x, EVP_PKEY *k)
{
EVP_PKEY *xk=NULL;

View file

@ -379,6 +379,15 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
return ASN1_item_dup(&X509_NAME_ENTRY_it, ne);
}
int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
ASN1_BIT_STRING *key;
key = X509_get0_pubkey_bitstr(data);
if(!key) return 0;
return EVP_Digest(key->data, key->length, md, len, type);
}
int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{

View file

@ -104,7 +104,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
ASN1_OCTET_STRING *oct;
ASN1_BIT_STRING *pk;
unsigned char pkey_dig[EVP_MAX_MD_SIZE];
EVP_MD_CTX md;
unsigned int diglen;
if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
@ -130,9 +129,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
goto err;
}
EVP_DigestInit(&md, EVP_sha1());
EVP_DigestUpdate(&md, pk->data, pk->length);
EVP_DigestFinal(&md, pkey_dig, &diglen);
EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1());
if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);