projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
664d83b
)
Various function for commmon operations.
author
Dr. Stephen Henson
<steve@openssl.org>
Fri, 2 Feb 2001 00:45:54 +0000
(
00:45
+0000)
committer
Dr. Stephen Henson
<steve@openssl.org>
Fri, 2 Feb 2001 00:45:54 +0000
(
00:45
+0000)
12 files changed:
CHANGES
patch
|
blob
|
history
apps/ocsp.c
patch
|
blob
|
history
crypto/asn1/a_digest.c
patch
|
blob
|
history
crypto/asn1/n_pkey.c
patch
|
blob
|
history
crypto/evp/digest.c
patch
|
blob
|
history
crypto/evp/evp.h
patch
|
blob
|
history
crypto/ocsp/ocsp_lib.c
patch
|
blob
|
history
crypto/ocsp/ocsp_vfy.c
patch
|
blob
|
history
crypto/x509/x509.h
patch
|
blob
|
history
crypto/x509/x509_cmp.c
patch
|
blob
|
history
crypto/x509/x_all.c
patch
|
blob
|
history
crypto/x509v3/v3_skey.c
patch
|
blob
|
history
diff --git
a/CHANGES
b/CHANGES
index a19f241bb43c32a36c8647d4b820b3c0354ba222..8ccb3b9c08ae8aa30ac47647a5defac1b2f70111 100644
(file)
--- a/
CHANGES
+++ b/
CHANGES
@@
-3,6
+3,12
@@
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
+ *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
+ in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
+ structure from a certificate. X509_pubkey_digest() digests tha public_key
+ contents: this is used in various key identifiers.
+ [Steve Henson]
+
*) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
keyUsage if basicConstraints absent for a CA.
[Steve Henson]
*) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
keyUsage if basicConstraints absent for a CA.
[Steve Henson]
diff --git
a/apps/ocsp.c
b/apps/ocsp.c
index eaba15f3099172ef5a21a1c5aa450466cc83c956..cec2f2b8090f65a5c837498bbd53614be7b104b0 100644
(file)
--- a/
apps/ocsp.c
+++ b/
apps/ocsp.c
@@
-525,7
+525,7
@@
static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
if(!*req) *req = OCSP_REQUEST_new();
if(!*req) goto err;
iname = X509_get_subject_name(issuer);
if(!*req) *req = OCSP_REQUEST_new();
if(!*req) goto err;
iname = X509_get_subject_name(issuer);
- ikey =
issuer->cert_info->key->public_key
;
+ ikey =
X509_get0_pubkey_bitstr(issuer)
;
sno = s2i_ASN1_INTEGER(NULL, serial);
if(!sno)
{
sno = s2i_ASN1_INTEGER(NULL, serial);
if(!sno)
{
diff --git
a/crypto/asn1/a_digest.c
b/crypto/asn1/a_digest.c
index 6c12249d2cefb9f4c20e9de4083fe1eac0608846..3243beadd20077e4b04154d9b84a2a09d16ca5be 100644
(file)
--- a/
crypto/asn1/a_digest.c
+++ b/
crypto/asn1/a_digest.c
@@
-74,7
+74,6
@@
int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
unsigned char *md, unsigned int *len)
{
int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
unsigned char *md, unsigned int *len)
{
- EVP_MD_CTX ctx;
int i;
unsigned char *str,*p;
int i;
unsigned char *str,*p;
@@
-83,9
+82,7
@@
int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
p=str;
i2d(data,&p);
p=str;
i2d(data,&p);
- EVP_DigestInit(&ctx,type);
- EVP_DigestUpdate(&ctx,str,i);
- EVP_DigestFinal(&ctx,md,len);
+ EVP_Digest(str, i, md, len, type);
OPENSSL_free(str);
return(1);
}
OPENSSL_free(str);
return(1);
}
@@
-96,16
+93,13
@@
int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
unsigned char *md, unsigned int *len)
{
int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
unsigned char *md, unsigned int *len)
{
- EVP_MD_CTX ctx;
int i;
unsigned char *str = NULL;
i=ASN1_item_i2d(asn,&str, it);
if (!str) return(0);
int i;
unsigned char *str = NULL;
i=ASN1_item_i2d(asn,&str, it);
if (!str) return(0);
- EVP_DigestInit(&ctx,type);
- EVP_DigestUpdate(&ctx,str,i);
- EVP_DigestFinal(&ctx,md,len);
+ EVP_Digest(str, i, md, len, type);
OPENSSL_free(str);
return(1);
}
OPENSSL_free(str);
return(1);
}
diff --git
a/crypto/asn1/n_pkey.c
b/crypto/asn1/n_pkey.c
index 82a621224bb15947abd079ae97497dccc4d25cab..c7b92e3a5d7a71889f20d42a1d12e4a708a1d6e0 100644
(file)
--- a/
crypto/asn1/n_pkey.c
+++ b/
crypto/asn1/n_pkey.c
@@
-196,14
+196,11
@@
int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
i = strlen((char *)buf);
/* If the key is used for SGC the algorithm is modified a little. */
if(sgckey) {
i = strlen((char *)buf);
/* If the key is used for SGC the algorithm is modified a little. */
if(sgckey) {
- EVP_MD_CTX mctx;
- EVP_DigestInit(&mctx, EVP_md5());
- EVP_DigestUpdate(&mctx, buf, i);
- EVP_DigestFinal(&mctx, buf, NULL);
+ EVP_Digest(buf, i, buf, NULL, EVP_md5());
memcpy(buf + 16, "SGCKEYSALT", 10);
i = 26;
}
memcpy(buf + 16, "SGCKEYSALT", 10);
i = 26;
}
-
+
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
memset(buf,0,256);
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
memset(buf,0,256);
@@
-287,10
+284,7
@@
static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
i = strlen((char *)buf);
if(sgckey){
i = strlen((char *)buf);
if(sgckey){
- EVP_MD_CTX mctx;
- EVP_DigestInit(&mctx, EVP_md5());
- EVP_DigestUpdate(&mctx, buf, i);
- EVP_DigestFinal(&mctx, buf, NULL);
+ EVP_Digest(buf, i, buf, NULL, EVP_md5());
memcpy(buf + 16, "SGCKEYSALT", 10);
i = 26;
}
memcpy(buf + 16, "SGCKEYSALT", 10);
i = 26;
}
diff --git
a/crypto/evp/digest.c
b/crypto/evp/digest.c
index c560733568c7adde2fc5e912d086a05b49be0642..5c75a347b86213c7cfe06e11b99feda665f19593 100644
(file)
--- a/
crypto/evp/digest.c
+++ b/
crypto/evp/digest.c
@@
-89,4
+89,14
@@
int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in)
}
memcpy((char *)out,(char *)in,in->digest->ctx_size);
return 1;
}
memcpy((char *)out,(char *)in,in->digest->ctx_size);
return 1;
-}
+}
+
+int EVP_Digest(void *data, unsigned int count,
+ unsigned char *md, unsigned int *size, const EVP_MD *type)
+{
+ EVP_MD_CTX ctx;
+ EVP_DigestInit(&ctx, type);
+ EVP_DigestUpdate(&ctx, data, count);
+ EVP_DigestFinal(&ctx, md, size);
+ return 1;
+}
diff --git
a/crypto/evp/evp.h
b/crypto/evp/evp.h
index 17a0f306eb9b2857f0c1b2aa5e1a752a1a03709f..60578f9d5e4b97fb1ed4d71dbfa786ab4dee7469 100644
(file)
--- a/
crypto/evp/evp.h
+++ b/
crypto/evp/evp.h
@@
-559,6
+559,8
@@
void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
void EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
unsigned int cnt);
void EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
void EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
unsigned int cnt);
void EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+int EVP_Digest(void *data, unsigned int count,
+ unsigned char *md, unsigned int *size, const EVP_MD *type);
int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
void EVP_set_pw_prompt(char *prompt);
int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
void EVP_set_pw_prompt(char *prompt);
diff --git
a/crypto/ocsp/ocsp_lib.c
b/crypto/ocsp/ocsp_lib.c
index bdd4cfccffb21872ae137b4e67aef7de7fec4fc6..825d023e053ea359388f95cc736768243db6f4cb 100644
(file)
--- a/
crypto/ocsp/ocsp_lib.c
+++ b/
crypto/ocsp/ocsp_lib.c
@@
-82,7
+82,7
@@
OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
#endif
iname = X509_get_issuer_name(subject);
serial = X509_get_serialNumber(subject);
#endif
iname = X509_get_issuer_name(subject);
serial = X509_get_serialNumber(subject);
- ikey =
issuer->cert_info->key->public_key
;
+ ikey =
X509_get0_pubkey_bitstr(issuer)
;
return OCSP_cert_id_new(dgst, iname, ikey, serial);
}
return OCSP_cert_id_new(dgst, iname, ikey, serial);
}
@@
-97,7
+97,6
@@
OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
X509_ALGOR *alg;
OCSP_CERTID *cid = NULL;
unsigned char md[EVP_MAX_MD_SIZE];
X509_ALGOR *alg;
OCSP_CERTID *cid = NULL;
unsigned char md[EVP_MAX_MD_SIZE];
- EVP_MD_CTX ctx;
if (!(cid = OCSP_CERTID_new())) goto err;
if (!(cid = OCSP_CERTID_new())) goto err;
@@
-116,9
+115,7
@@
OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
/* Calculate the issuerKey hash, excluding tag and length */
if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
/* Calculate the issuerKey hash, excluding tag and length */
- EVP_DigestInit(&ctx,dgst);
- EVP_DigestUpdate(&ctx,issuerKey->data, issuerKey->length);
- EVP_DigestFinal(&ctx,md,&i);
+ EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst);
if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
@@
-186,7
+183,6
@@
OCSP_BASICRESP *OCSP_basic_response_new(int type, X509* cert)
{
time_t t;
OCSP_RESPID *rid;
{
time_t t;
OCSP_RESPID *rid;
- ASN1_BIT_STRING *bs;
OCSP_BASICRESP *rsp = NULL;
unsigned char md[SHA_DIGEST_LENGTH];
OCSP_BASICRESP *rsp = NULL;
unsigned char md[SHA_DIGEST_LENGTH];
@@
-205,9
+201,7
@@
OCSP_BASICRESP *OCSP_basic_response_new(int type, X509* cert)
/* SHA-1 hash of responder's public key
* (excluding the tag and length fields)
*/
/* SHA-1 hash of responder's public key
* (excluding the tag and length fields)
*/
- bs = cert->cert_info->key->public_key;
- SHA1(ASN1_STRING_data((ASN1_STRING*)bs),
- ASN1_STRING_length((ASN1_STRING*)bs), md);
+ X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
goto err;
if (!(ASN1_OCTET_STRING_set(rid->value.byKey,
if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
goto err;
if (!(ASN1_OCTET_STRING_set(rid->value.byKey,
diff --git
a/crypto/ocsp/ocsp_vfy.c
b/crypto/ocsp/ocsp_vfy.c
index 7470f1c04816df9a6f89bcb241b772c3db85c675..4ac7e821ec6cf7145db4e3911ac5099f208d8fa8 100644
(file)
--- a/
crypto/ocsp/ocsp_vfy.c
+++ b/
crypto/ocsp/ocsp_vfy.c
@@
-177,8
+177,6
@@
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
{
int i;
unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
{
int i;
unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
- ASN1_BIT_STRING *key;
- EVP_MD_CTX ctx;
X509 *x;
/* Easy if lookup by name */
X509 *x;
/* Easy if lookup by name */
@@
-194,10
+192,7
@@
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
for (i = 0; i < sk_X509_num(certs); i++)
{
x = sk_X509_value(certs, i);
for (i = 0; i < sk_X509_num(certs); i++)
{
x = sk_X509_value(certs, i);
- key = x->cert_info->key->public_key;
- EVP_DigestInit(&ctx,EVP_sha1());
- EVP_DigestUpdate(&ctx,key->data, key->length);
- EVP_DigestFinal(&ctx,tmphash,NULL);
+ X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
return x;
}
if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
return x;
}
@@
-294,9
+289,7
@@
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
if(cid)
{
const EVP_MD *dgst;
if(cid)
{
const EVP_MD *dgst;
- EVP_MD_CTX ctx;
X509_NAME *iname;
X509_NAME *iname;
- ASN1_BIT_STRING *ikey;
int mdlen;
unsigned char md[EVP_MAX_MD_SIZE];
if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)))
int mdlen;
unsigned char md[EVP_MAX_MD_SIZE];
if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)))
@@
-314,11
+307,7
@@
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
return -1;
if (memcmp(md, cid->issuerNameHash->data, mdlen))
return 0;
return -1;
if (memcmp(md, cid->issuerNameHash->data, mdlen))
return 0;
- ikey = cert->cert_info->key->public_key;
-
- EVP_DigestInit(&ctx,dgst);
- EVP_DigestUpdate(&ctx,ikey->data, ikey->length);
- EVP_DigestFinal(&ctx,md,NULL);
+ X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
if (memcmp(md, cid->issuerKeyHash->data, mdlen))
return 0;
if (memcmp(md, cid->issuerKeyHash->data, mdlen))
return 0;
diff --git
a/crypto/x509/x509.h
b/crypto/x509/x509.h
index 4b1957253dfdba780b78d2e2c971206457e4bee8..c3ec6bf4b5ae4d2d4ea6df19d998bb4f74b4e913 100644
(file)
--- a/
crypto/x509/x509.h
+++ b/
crypto/x509/x509.h
@@
-719,6
+719,8
@@
int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
int X509_digest(const X509 *data,const EVP_MD *type,
unsigned char *md, unsigned int *len);
int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
int X509_digest(const X509 *data,const EVP_MD *type,
unsigned char *md, unsigned int *len);
int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
@@
-937,6
+939,7
@@
int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
EVP_PKEY * X509_get_pubkey(X509 *x);
int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
EVP_PKEY * X509_get_pubkey(X509 *x);
+ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
int X509_REQ_set_version(X509_REQ *x,long version);
int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
int X509_REQ_set_version(X509_REQ *x,long version);
diff --git
a/crypto/x509/x509_cmp.c
b/crypto/x509/x509_cmp.c
index b147d573d2f9613788a66f11ef2e3bd11d1eed0c..7927155791c3e3d223d9f1cb4660b70127e3aeed 100644
(file)
--- a/
crypto/x509/x509_cmp.c
+++ b/
crypto/x509/x509_cmp.c
@@
-264,6
+264,12
@@
EVP_PKEY *X509_get_pubkey(X509 *x)
return(X509_PUBKEY_get(x->cert_info->key));
}
return(X509_PUBKEY_get(x->cert_info->key));
}
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+ {
+ if(!x) return NULL;
+ return x->cert_info->key->public_key;
+ }
+
int X509_check_private_key(X509 *x, EVP_PKEY *k)
{
EVP_PKEY *xk=NULL;
int X509_check_private_key(X509 *x, EVP_PKEY *k)
{
EVP_PKEY *xk=NULL;
diff --git
a/crypto/x509/x_all.c
b/crypto/x509/x_all.c
index 7095a2850e5968b0e9098de823e8c176359d656b..de53e67493aefb060483f6c81678ad83f7d99e0a 100644
(file)
--- a/
crypto/x509/x_all.c
+++ b/
crypto/x509/x_all.c
@@
-379,6
+379,15
@@
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
return ASN1_item_dup(&X509_NAME_ENTRY_it, ne);
}
return ASN1_item_dup(&X509_NAME_ENTRY_it, ne);
}
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+ unsigned int *len)
+ {
+ ASN1_BIT_STRING *key;
+ key = X509_get0_pubkey_bitstr(data);
+ if(!key) return 0;
+ return EVP_Digest(key->data, key->length, md, len, type);
+ }
+
int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
diff --git
a/crypto/x509v3/v3_skey.c
b/crypto/x509v3/v3_skey.c
index 58da456cb566d79036ab9f6590e12a7983a0d74d..3e1eb054307ff0f1625b6d3aa0739474dde69bf5 100644
(file)
--- a/
crypto/x509v3/v3_skey.c
+++ b/
crypto/x509v3/v3_skey.c
@@
-104,7
+104,6
@@
static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
ASN1_OCTET_STRING *oct;
ASN1_BIT_STRING *pk;
unsigned char pkey_dig[EVP_MAX_MD_SIZE];
ASN1_OCTET_STRING *oct;
ASN1_BIT_STRING *pk;
unsigned char pkey_dig[EVP_MAX_MD_SIZE];
- EVP_MD_CTX md;
unsigned int diglen;
if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
unsigned int diglen;
if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
@@
-130,9
+129,7
@@
static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
goto err;
}
goto err;
}
- EVP_DigestInit(&md, EVP_sha1());
- EVP_DigestUpdate(&md, pk->data, pk->length);
- EVP_DigestFinal(&md, pkey_dig, &diglen);
+ EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1());
if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);