summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2005-03-12 00:02:08 +0000
committercvs2svn <admin@example.com>2005-03-12 00:02:08 +0000
commit259e36b1c57849c281afb8526bab11e7ba2592e2 (patch)
treed0e478b7669f593934b32e564b5611b40796a4b1 /src/lib/libcrypto/x509
parent9a03506f8308b6023a12f108a2072feb958607a6 (diff)
downloadopenbsd-OPENBSD_3_7_BASE.tar.gz
openbsd-OPENBSD_3_7_BASE.tar.bz2
openbsd-OPENBSD_3_7_BASE.zip
This commit was manufactured by cvs2git to create tag 'OPENBSD_3_7_BASE'.OPENBSD_3_7_BASE
Diffstat (limited to 'src/lib/libcrypto/x509')
-rw-r--r--src/lib/libcrypto/x509/by_dir.c381
-rw-r--r--src/lib/libcrypto/x509/by_file.c300
-rw-r--r--src/lib/libcrypto/x509/x509.h1258
-rw-r--r--src/lib/libcrypto/x509/x509_att.c326
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c418
-rw-r--r--src/lib/libcrypto/x509/x509_d2.c107
-rw-r--r--src/lib/libcrypto/x509/x509_def.c81
-rw-r--r--src/lib/libcrypto/x509/x509_err.c156
-rw-r--r--src/lib/libcrypto/x509/x509_ext.c210
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c557
-rw-r--r--src/lib/libcrypto/x509/x509_obj.c226
-rw-r--r--src/lib/libcrypto/x509/x509_r2x.c110
-rw-r--r--src/lib/libcrypto/x509/x509_req.c278
-rw-r--r--src/lib/libcrypto/x509/x509_set.c150
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c287
-rw-r--r--src/lib/libcrypto/x509/x509_txt.c162
-rw-r--r--src/lib/libcrypto/x509/x509_v3.c268
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c1228
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h416
-rw-r--r--src/lib/libcrypto/x509/x509cset.c169
-rw-r--r--src/lib/libcrypto/x509/x509name.c383
-rw-r--r--src/lib/libcrypto/x509/x509rset.c83
-rw-r--r--src/lib/libcrypto/x509/x509spki.c120
-rw-r--r--src/lib/libcrypto/x509/x509type.c115
-rw-r--r--src/lib/libcrypto/x509/x_all.c488
25 files changed, 0 insertions, 8277 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
deleted file mode 100644
index 6207340472..0000000000
--- a/src/lib/libcrypto/x509/by_dir.c
+++ /dev/null
@@ -1,381 +0,0 @@
1/* crypto/x509/by_dir.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64
65#ifndef NO_SYS_TYPES_H
66# include <sys/types.h>
67#endif
68#ifdef MAC_OS_pre_X
69# include <stat.h>
70#else
71# include <sys/stat.h>
72#endif
73
74#include <openssl/lhash.h>
75#include <openssl/x509.h>
76
77typedef struct lookup_dir_st
78 {
79 BUF_MEM *buffer;
80 int num_dirs;
81 char **dirs;
82 int *dirs_type;
83 int num_dirs_alloced;
84 } BY_DIR;
85
86static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
87 char **ret);
88static int new_dir(X509_LOOKUP *lu);
89static void free_dir(X509_LOOKUP *lu);
90static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
91static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
92 X509_OBJECT *ret);
93X509_LOOKUP_METHOD x509_dir_lookup=
94 {
95 "Load certs from files in a directory",
96 new_dir, /* new */
97 free_dir, /* free */
98 NULL, /* init */
99 NULL, /* shutdown */
100 dir_ctrl, /* ctrl */
101 get_cert_by_subject, /* get_by_subject */
102 NULL, /* get_by_issuer_serial */
103 NULL, /* get_by_fingerprint */
104 NULL, /* get_by_alias */
105 };
106
107X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
108 {
109 return(&x509_dir_lookup);
110 }
111
112static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
113 char **retp)
114 {
115 int ret=0;
116 BY_DIR *ld;
117 char *dir;
118
119 ld=(BY_DIR *)ctx->method_data;
120
121 switch (cmd)
122 {
123 case X509_L_ADD_DIR:
124 if (argl == X509_FILETYPE_DEFAULT)
125 {
126 ret=add_cert_dir(ld,X509_get_default_cert_dir(),
127 X509_FILETYPE_PEM);
128 if (!ret)
129 {
130 X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
131 }
132 else
133 {
134 dir=(char *)Getenv(X509_get_default_cert_dir_env());
135 ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
136 }
137 }
138 else
139 ret=add_cert_dir(ld,argp,(int)argl);
140 break;
141 }
142 return(ret);
143 }
144
145static int new_dir(X509_LOOKUP *lu)
146 {
147 BY_DIR *a;
148
149 if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
150 return(0);
151 if ((a->buffer=BUF_MEM_new()) == NULL)
152 {
153 OPENSSL_free(a);
154 return(0);
155 }
156 a->num_dirs=0;
157 a->dirs=NULL;
158 a->dirs_type=NULL;
159 a->num_dirs_alloced=0;
160 lu->method_data=(char *)a;
161 return(1);
162 }
163
164static void free_dir(X509_LOOKUP *lu)
165 {
166 BY_DIR *a;
167 int i;
168
169 a=(BY_DIR *)lu->method_data;
170 for (i=0; i<a->num_dirs; i++)
171 if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
172 if (a->dirs != NULL) OPENSSL_free(a->dirs);
173 if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
174 if (a->buffer != NULL) BUF_MEM_free(a->buffer);
175 OPENSSL_free(a);
176 }
177
178static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
179 {
180 int j,len;
181 int *ip;
182 const char *s,*ss,*p;
183 char **pp;
184
185 if (dir == NULL || !*dir)
186 {
187 X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
188 return 0;
189 }
190
191 s=dir;
192 p=s;
193 for (;;)
194 {
195 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
196 {
197 ss=s;
198 s=p+1;
199 len=(int)(p-ss);
200 if (len == 0) continue;
201 for (j=0; j<ctx->num_dirs; j++)
202 if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
203 continue;
204 if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
205 {
206 ctx->num_dirs_alloced+=10;
207 pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
208 sizeof(char *));
209 ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
210 sizeof(int));
211 if ((pp == NULL) || (ip == NULL))
212 {
213 X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
214 return(0);
215 }
216 memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
217 sizeof(char *));
218 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
219 sizeof(int));
220 if (ctx->dirs != NULL)
221 OPENSSL_free(ctx->dirs);
222 if (ctx->dirs_type != NULL)
223 OPENSSL_free(ctx->dirs_type);
224 ctx->dirs=pp;
225 ctx->dirs_type=ip;
226 }
227 ctx->dirs_type[ctx->num_dirs]=type;
228 ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
229 if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
230 strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
231 ctx->dirs[ctx->num_dirs][len]='\0';
232 ctx->num_dirs++;
233 }
234 if (*p == '\0') break;
235 p++;
236 }
237 return(1);
238 }
239
240static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
241 X509_OBJECT *ret)
242 {
243 BY_DIR *ctx;
244 union {
245 struct {
246 X509 st_x509;
247 X509_CINF st_x509_cinf;
248 } x509;
249 struct {
250 X509_CRL st_crl;
251 X509_CRL_INFO st_crl_info;
252 } crl;
253 } data;
254 int ok=0;
255 int i,j,k;
256 unsigned long h;
257 BUF_MEM *b=NULL;
258 struct stat st;
259 X509_OBJECT stmp,*tmp;
260 const char *postfix="";
261
262 if (name == NULL) return(0);
263
264 stmp.type=type;
265 if (type == X509_LU_X509)
266 {
267 data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
268 data.x509.st_x509_cinf.subject=name;
269 stmp.data.x509= &data.x509.st_x509;
270 postfix="";
271 }
272 else if (type == X509_LU_CRL)
273 {
274 data.crl.st_crl.crl= &data.crl.st_crl_info;
275 data.crl.st_crl_info.issuer=name;
276 stmp.data.crl= &data.crl.st_crl;
277 postfix="r";
278 }
279 else
280 {
281 X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
282 goto finish;
283 }
284
285 if ((b=BUF_MEM_new()) == NULL)
286 {
287 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
288 goto finish;
289 }
290
291 ctx=(BY_DIR *)xl->method_data;
292
293 h=X509_NAME_hash(name);
294 for (i=0; i<ctx->num_dirs; i++)
295 {
296 j=strlen(ctx->dirs[i])+1+8+6+1+1;
297 if (!BUF_MEM_grow(b,j))
298 {
299 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
300 goto finish;
301 }
302 k=0;
303 for (;;)
304 {
305 char c = '/';
306#ifdef OPENSSL_SYS_VMS
307 c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
308 if (c != ':' && c != '>' && c != ']')
309 {
310 /* If no separator is present, we assume the
311 directory specifier is a logical name, and
312 add a colon. We really should use better
313 VMS routines for merging things like this,
314 but this will do for now...
315 -- Richard Levitte */
316 c = ':';
317 }
318 else
319 {
320 c = '\0';
321 }
322#endif
323 if (c == '\0')
324 {
325 /* This is special. When c == '\0', no
326 directory separator should be added. */
327 BIO_snprintf(b->data,b->max,
328 "%s%08lx.%s%d",ctx->dirs[i],h,
329 postfix,k);
330 }
331 else
332 {
333 BIO_snprintf(b->data,b->max,
334 "%s%c%08lx.%s%d",ctx->dirs[i],c,h,
335 postfix,k);
336 }
337 k++;
338 if (stat(b->data,&st) < 0)
339 break;
340 /* found one. */
341 if (type == X509_LU_X509)
342 {
343 if ((X509_load_cert_file(xl,b->data,
344 ctx->dirs_type[i])) == 0)
345 break;
346 }
347 else if (type == X509_LU_CRL)
348 {
349 if ((X509_load_crl_file(xl,b->data,
350 ctx->dirs_type[i])) == 0)
351 break;
352 }
353 /* else case will caught higher up */
354 }
355
356 /* we have added it to the cache so now pull
357 * it out again */
358 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
359 j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
360 if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
361 else tmp = NULL;
362 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
363
364 if (tmp != NULL)
365 {
366 ok=1;
367 ret->type=tmp->type;
368 memcpy(&ret->data,&tmp->data,sizeof(ret->data));
369 /* If we were going to up the reference count,
370 * we would need to do it on a perl 'type'
371 * basis */
372 /* CRYPTO_add(&tmp->data.x509->references,1,
373 CRYPTO_LOCK_X509);*/
374 goto finish;
375 }
376 }
377finish:
378 if (b != NULL) BUF_MEM_free(b);
379 return(ok);
380 }
381
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
deleted file mode 100644
index b4b04183d0..0000000000
--- a/src/lib/libcrypto/x509/by_file.c
+++ /dev/null
@@ -1,300 +0,0 @@
1/* crypto/x509/by_file.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/lhash.h>
65#include <openssl/buffer.h>
66#include <openssl/x509.h>
67#include <openssl/pem.h>
68
69#ifndef OPENSSL_NO_STDIO
70
71static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
72 long argl, char **ret);
73X509_LOOKUP_METHOD x509_file_lookup=
74 {
75 "Load file into cache",
76 NULL, /* new */
77 NULL, /* free */
78 NULL, /* init */
79 NULL, /* shutdown */
80 by_file_ctrl, /* ctrl */
81 NULL, /* get_by_subject */
82 NULL, /* get_by_issuer_serial */
83 NULL, /* get_by_fingerprint */
84 NULL, /* get_by_alias */
85 };
86
87X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
88 {
89 return(&x509_file_lookup);
90 }
91
92static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
93 char **ret)
94 {
95 int ok=0;
96 char *file;
97
98 switch (cmd)
99 {
100 case X509_L_FILE_LOAD:
101 if (argl == X509_FILETYPE_DEFAULT)
102 {
103 file = (char *)Getenv(X509_get_default_cert_file_env());
104 if (file)
105 ok = (X509_load_cert_crl_file(ctx,file,
106 X509_FILETYPE_PEM) != 0);
107
108 else
109 ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
110 X509_FILETYPE_PEM) != 0);
111
112 if (!ok)
113 {
114 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
115 }
116 }
117 else
118 {
119 if(argl == X509_FILETYPE_PEM)
120 ok = (X509_load_cert_crl_file(ctx,argp,
121 X509_FILETYPE_PEM) != 0);
122 else
123 ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
124 }
125 break;
126 }
127 return(ok);
128 }
129
130int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
131 {
132 int ret=0;
133 BIO *in=NULL;
134 int i,count=0;
135 X509 *x=NULL;
136
137 if (file == NULL) return(1);
138 in=BIO_new(BIO_s_file_internal());
139
140 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
141 {
142 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
143 goto err;
144 }
145
146 if (type == X509_FILETYPE_PEM)
147 {
148 for (;;)
149 {
150 x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
151 if (x == NULL)
152 {
153 if ((ERR_GET_REASON(ERR_peek_error()) ==
154 PEM_R_NO_START_LINE) && (count > 0))
155 {
156 ERR_clear_error();
157 break;
158 }
159 else
160 {
161 X509err(X509_F_X509_LOAD_CERT_FILE,
162 ERR_R_PEM_LIB);
163 goto err;
164 }
165 }
166 i=X509_STORE_add_cert(ctx->store_ctx,x);
167 if (!i) goto err;
168 count++;
169 X509_free(x);
170 x=NULL;
171 }
172 ret=count;
173 }
174 else if (type == X509_FILETYPE_ASN1)
175 {
176 x=d2i_X509_bio(in,NULL);
177 if (x == NULL)
178 {
179 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
180 goto err;
181 }
182 i=X509_STORE_add_cert(ctx->store_ctx,x);
183 if (!i) goto err;
184 ret=i;
185 }
186 else
187 {
188 X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
189 goto err;
190 }
191err:
192 if (x != NULL) X509_free(x);
193 if (in != NULL) BIO_free(in);
194 return(ret);
195 }
196
197int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
198 {
199 int ret=0;
200 BIO *in=NULL;
201 int i,count=0;
202 X509_CRL *x=NULL;
203
204 if (file == NULL) return(1);
205 in=BIO_new(BIO_s_file_internal());
206
207 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
208 {
209 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
210 goto err;
211 }
212
213 if (type == X509_FILETYPE_PEM)
214 {
215 for (;;)
216 {
217 x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
218 if (x == NULL)
219 {
220 if ((ERR_GET_REASON(ERR_peek_error()) ==
221 PEM_R_NO_START_LINE) && (count > 0))
222 {
223 ERR_clear_error();
224 break;
225 }
226 else
227 {
228 X509err(X509_F_X509_LOAD_CRL_FILE,
229 ERR_R_PEM_LIB);
230 goto err;
231 }
232 }
233 i=X509_STORE_add_crl(ctx->store_ctx,x);
234 if (!i) goto err;
235 count++;
236 X509_CRL_free(x);
237 x=NULL;
238 }
239 ret=count;
240 }
241 else if (type == X509_FILETYPE_ASN1)
242 {
243 x=d2i_X509_CRL_bio(in,NULL);
244 if (x == NULL)
245 {
246 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
247 goto err;
248 }
249 i=X509_STORE_add_crl(ctx->store_ctx,x);
250 if (!i) goto err;
251 ret=i;
252 }
253 else
254 {
255 X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
256 goto err;
257 }
258err:
259 if (x != NULL) X509_CRL_free(x);
260 if (in != NULL) BIO_free(in);
261 return(ret);
262 }
263
264int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
265{
266 STACK_OF(X509_INFO) *inf;
267 X509_INFO *itmp;
268 BIO *in;
269 int i, count = 0;
270 if(type != X509_FILETYPE_PEM)
271 return X509_load_cert_file(ctx, file, type);
272 in = BIO_new_file(file, "r");
273 if(!in) {
274 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
275 return 0;
276 }
277 inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
278 BIO_free(in);
279 if(!inf) {
280 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
281 return 0;
282 }
283 for(i = 0; i < sk_X509_INFO_num(inf); i++) {
284 itmp = sk_X509_INFO_value(inf, i);
285 if(itmp->x509) {
286 X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
287 count++;
288 }
289 if(itmp->crl) {
290 X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
291 count++;
292 }
293 }
294 sk_X509_INFO_pop_free(inf, X509_INFO_free);
295 return count;
296}
297
298
299#endif /* OPENSSL_NO_STDIO */
300
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
deleted file mode 100644
index 8d0c7e2e17..0000000000
--- a/src/lib/libcrypto/x509/x509.h
+++ /dev/null
@@ -1,1258 +0,0 @@
1/* crypto/x509/x509.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_H
60#define HEADER_X509_H
61
62#include <openssl/symhacks.h>
63#ifndef OPENSSL_NO_BUFFER
64#include <openssl/buffer.h>
65#endif
66#ifndef OPENSSL_NO_EVP
67#include <openssl/evp.h>
68#endif
69#ifndef OPENSSL_NO_BIO
70#include <openssl/bio.h>
71#endif
72#include <openssl/stack.h>
73#include <openssl/asn1.h>
74#include <openssl/safestack.h>
75
76#ifndef OPENSSL_NO_RSA
77#include <openssl/rsa.h>
78#endif
79
80#ifndef OPENSSL_NO_DSA
81#include <openssl/dsa.h>
82#endif
83
84#ifndef OPENSSL_NO_DH
85#include <openssl/dh.h>
86#endif
87#ifndef OPENSSL_NO_SHA
88#include <openssl/sha.h>
89#endif
90#include <openssl/e_os2.h>
91#include <openssl/ossl_typ.h>
92
93#ifdef __cplusplus
94extern "C" {
95#endif
96
97#ifdef OPENSSL_SYS_WIN32
98/* Under Win32 this is defined in wincrypt.h */
99#undef X509_NAME
100#endif
101
102#define X509_FILETYPE_PEM 1
103#define X509_FILETYPE_ASN1 2
104#define X509_FILETYPE_DEFAULT 3
105
106#define X509v3_KU_DIGITAL_SIGNATURE 0x0080
107#define X509v3_KU_NON_REPUDIATION 0x0040
108#define X509v3_KU_KEY_ENCIPHERMENT 0x0020
109#define X509v3_KU_DATA_ENCIPHERMENT 0x0010
110#define X509v3_KU_KEY_AGREEMENT 0x0008
111#define X509v3_KU_KEY_CERT_SIGN 0x0004
112#define X509v3_KU_CRL_SIGN 0x0002
113#define X509v3_KU_ENCIPHER_ONLY 0x0001
114#define X509v3_KU_DECIPHER_ONLY 0x8000
115#define X509v3_KU_UNDEF 0xffff
116
117typedef struct X509_objects_st
118 {
119 int nid;
120 int (*a2i)();
121 int (*i2a)();
122 } X509_OBJECTS;
123
124struct X509_algor_st
125 {
126 ASN1_OBJECT *algorithm;
127 ASN1_TYPE *parameter;
128 } /* X509_ALGOR */;
129
130DECLARE_STACK_OF(X509_ALGOR)
131DECLARE_ASN1_SET_OF(X509_ALGOR)
132
133typedef struct X509_val_st
134 {
135 ASN1_TIME *notBefore;
136 ASN1_TIME *notAfter;
137 } X509_VAL;
138
139typedef struct X509_pubkey_st
140 {
141 X509_ALGOR *algor;
142 ASN1_BIT_STRING *public_key;
143 EVP_PKEY *pkey;
144 } X509_PUBKEY;
145
146typedef struct X509_sig_st
147 {
148 X509_ALGOR *algor;
149 ASN1_OCTET_STRING *digest;
150 } X509_SIG;
151
152typedef struct X509_name_entry_st
153 {
154 ASN1_OBJECT *object;
155 ASN1_STRING *value;
156 int set;
157 int size; /* temp variable */
158 } X509_NAME_ENTRY;
159
160DECLARE_STACK_OF(X509_NAME_ENTRY)
161DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
162
163/* we always keep X509_NAMEs in 2 forms. */
164struct X509_name_st
165 {
166 STACK_OF(X509_NAME_ENTRY) *entries;
167 int modified; /* true if 'bytes' needs to be built */
168#ifndef OPENSSL_NO_BUFFER
169 BUF_MEM *bytes;
170#else
171 char *bytes;
172#endif
173 unsigned long hash; /* Keep the hash around for lookups */
174 } /* X509_NAME */;
175
176DECLARE_STACK_OF(X509_NAME)
177
178#define X509_EX_V_NETSCAPE_HACK 0x8000
179#define X509_EX_V_INIT 0x0001
180typedef struct X509_extension_st
181 {
182 ASN1_OBJECT *object;
183 ASN1_BOOLEAN critical;
184 ASN1_OCTET_STRING *value;
185 } X509_EXTENSION;
186
187DECLARE_STACK_OF(X509_EXTENSION)
188DECLARE_ASN1_SET_OF(X509_EXTENSION)
189
190/* a sequence of these are used */
191typedef struct x509_attributes_st
192 {
193 ASN1_OBJECT *object;
194 int single; /* 0 for a set, 1 for a single item (which is wrong) */
195 union {
196 char *ptr;
197/* 0 */ STACK_OF(ASN1_TYPE) *set;
198/* 1 */ ASN1_TYPE *single;
199 } value;
200 } X509_ATTRIBUTE;
201
202DECLARE_STACK_OF(X509_ATTRIBUTE)
203DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
204
205
206typedef struct X509_req_info_st
207 {
208 ASN1_ENCODING enc;
209 ASN1_INTEGER *version;
210 X509_NAME *subject;
211 X509_PUBKEY *pubkey;
212 /* d=2 hl=2 l= 0 cons: cont: 00 */
213 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
214 } X509_REQ_INFO;
215
216typedef struct X509_req_st
217 {
218 X509_REQ_INFO *req_info;
219 X509_ALGOR *sig_alg;
220 ASN1_BIT_STRING *signature;
221 int references;
222 } X509_REQ;
223
224typedef struct x509_cinf_st
225 {
226 ASN1_INTEGER *version; /* [ 0 ] default of v1 */
227 ASN1_INTEGER *serialNumber;
228 X509_ALGOR *signature;
229 X509_NAME *issuer;
230 X509_VAL *validity;
231 X509_NAME *subject;
232 X509_PUBKEY *key;
233 ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
234 ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
235 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
236 } X509_CINF;
237
238/* This stuff is certificate "auxiliary info"
239 * it contains details which are useful in certificate
240 * stores and databases. When used this is tagged onto
241 * the end of the certificate itself
242 */
243
244typedef struct x509_cert_aux_st
245 {
246 STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
247 STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
248 ASN1_UTF8STRING *alias; /* "friendly name" */
249 ASN1_OCTET_STRING *keyid; /* key id of private key */
250 STACK_OF(X509_ALGOR) *other; /* other unspecified info */
251 } X509_CERT_AUX;
252
253struct x509_st
254 {
255 X509_CINF *cert_info;
256 X509_ALGOR *sig_alg;
257 ASN1_BIT_STRING *signature;
258 int valid;
259 int references;
260 char *name;
261 CRYPTO_EX_DATA ex_data;
262 /* These contain copies of various extension values */
263 long ex_pathlen;
264 unsigned long ex_flags;
265 unsigned long ex_kusage;
266 unsigned long ex_xkusage;
267 unsigned long ex_nscert;
268 ASN1_OCTET_STRING *skid;
269 struct AUTHORITY_KEYID_st *akid;
270#ifndef OPENSSL_NO_SHA
271 unsigned char sha1_hash[SHA_DIGEST_LENGTH];
272#endif
273 X509_CERT_AUX *aux;
274 } /* X509 */;
275
276DECLARE_STACK_OF(X509)
277DECLARE_ASN1_SET_OF(X509)
278
279/* This is used for a table of trust checking functions */
280
281typedef struct x509_trust_st {
282 int trust;
283 int flags;
284 int (*check_trust)(struct x509_trust_st *, X509 *, int);
285 char *name;
286 int arg1;
287 void *arg2;
288} X509_TRUST;
289
290DECLARE_STACK_OF(X509_TRUST)
291
292/* standard trust ids */
293
294#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */
295
296#define X509_TRUST_COMPAT 1
297#define X509_TRUST_SSL_CLIENT 2
298#define X509_TRUST_SSL_SERVER 3
299#define X509_TRUST_EMAIL 4
300#define X509_TRUST_OBJECT_SIGN 5
301#define X509_TRUST_OCSP_SIGN 6
302#define X509_TRUST_OCSP_REQUEST 7
303
304/* Keep these up to date! */
305#define X509_TRUST_MIN 1
306#define X509_TRUST_MAX 7
307
308
309/* trust_flags values */
310#define X509_TRUST_DYNAMIC 1
311#define X509_TRUST_DYNAMIC_NAME 2
312
313/* check_trust return codes */
314
315#define X509_TRUST_TRUSTED 1
316#define X509_TRUST_REJECTED 2
317#define X509_TRUST_UNTRUSTED 3
318
319/* Flags for X509_print_ex() */
320
321#define X509_FLAG_COMPAT 0
322#define X509_FLAG_NO_HEADER 1L
323#define X509_FLAG_NO_VERSION (1L << 1)
324#define X509_FLAG_NO_SERIAL (1L << 2)
325#define X509_FLAG_NO_SIGNAME (1L << 3)
326#define X509_FLAG_NO_ISSUER (1L << 4)
327#define X509_FLAG_NO_VALIDITY (1L << 5)
328#define X509_FLAG_NO_SUBJECT (1L << 6)
329#define X509_FLAG_NO_PUBKEY (1L << 7)
330#define X509_FLAG_NO_EXTENSIONS (1L << 8)
331#define X509_FLAG_NO_SIGDUMP (1L << 9)
332#define X509_FLAG_NO_AUX (1L << 10)
333#define X509_FLAG_NO_ATTRIBUTES (1L << 11)
334
335/* Flags specific to X509_NAME_print_ex() */
336
337/* The field separator information */
338
339#define XN_FLAG_SEP_MASK (0xf << 16)
340
341#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */
342#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */
343#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */
344#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */
345#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */
346
347#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */
348
349/* How the field name is shown */
350
351#define XN_FLAG_FN_MASK (0x3 << 21)
352
353#define XN_FLAG_FN_SN 0 /* Object short name */
354#define XN_FLAG_FN_LN (1 << 21) /* Object long name */
355#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */
356#define XN_FLAG_FN_NONE (3 << 21) /* No field names */
357
358#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */
359
360/* This determines if we dump fields we don't recognise:
361 * RFC2253 requires this.
362 */
363
364#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
365
366#define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 characters */
367
368/* Complete set of RFC2253 flags */
369
370#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
371 XN_FLAG_SEP_COMMA_PLUS | \
372 XN_FLAG_DN_REV | \
373 XN_FLAG_FN_SN | \
374 XN_FLAG_DUMP_UNKNOWN_FIELDS)
375
376/* readable oneline form */
377
378#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
379 ASN1_STRFLGS_ESC_QUOTE | \
380 XN_FLAG_SEP_CPLUS_SPC | \
381 XN_FLAG_SPC_EQ | \
382 XN_FLAG_FN_SN)
383
384/* readable multiline form */
385
386#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
387 ASN1_STRFLGS_ESC_MSB | \
388 XN_FLAG_SEP_MULTILINE | \
389 XN_FLAG_SPC_EQ | \
390 XN_FLAG_FN_LN | \
391 XN_FLAG_FN_ALIGN)
392
393typedef struct X509_revoked_st
394 {
395 ASN1_INTEGER *serialNumber;
396 ASN1_TIME *revocationDate;
397 STACK_OF(X509_EXTENSION) /* optional */ *extensions;
398 int sequence; /* load sequence */
399 } X509_REVOKED;
400
401DECLARE_STACK_OF(X509_REVOKED)
402DECLARE_ASN1_SET_OF(X509_REVOKED)
403
404typedef struct X509_crl_info_st
405 {
406 ASN1_INTEGER *version;
407 X509_ALGOR *sig_alg;
408 X509_NAME *issuer;
409 ASN1_TIME *lastUpdate;
410 ASN1_TIME *nextUpdate;
411 STACK_OF(X509_REVOKED) *revoked;
412 STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
413 } X509_CRL_INFO;
414
415struct X509_crl_st
416 {
417 /* actual signature */
418 X509_CRL_INFO *crl;
419 X509_ALGOR *sig_alg;
420 ASN1_BIT_STRING *signature;
421 int references;
422 } /* X509_CRL */;
423
424DECLARE_STACK_OF(X509_CRL)
425DECLARE_ASN1_SET_OF(X509_CRL)
426
427typedef struct private_key_st
428 {
429 int version;
430 /* The PKCS#8 data types */
431 X509_ALGOR *enc_algor;
432 ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
433
434 /* When decrypted, the following will not be NULL */
435 EVP_PKEY *dec_pkey;
436
437 /* used to encrypt and decrypt */
438 int key_length;
439 char *key_data;
440 int key_free; /* true if we should auto free key_data */
441
442 /* expanded version of 'enc_algor' */
443 EVP_CIPHER_INFO cipher;
444
445 int references;
446 } X509_PKEY;
447
448#ifndef OPENSSL_NO_EVP
449typedef struct X509_info_st
450 {
451 X509 *x509;
452 X509_CRL *crl;
453 X509_PKEY *x_pkey;
454
455 EVP_CIPHER_INFO enc_cipher;
456 int enc_len;
457 char *enc_data;
458
459 int references;
460 } X509_INFO;
461
462DECLARE_STACK_OF(X509_INFO)
463#endif
464
465/* The next 2 structures and their 8 routines were sent to me by
466 * Pat Richard <patr@x509.com> and are used to manipulate
467 * Netscapes spki structures - useful if you are writing a CA web page
468 */
469typedef struct Netscape_spkac_st
470 {
471 X509_PUBKEY *pubkey;
472 ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
473 } NETSCAPE_SPKAC;
474
475typedef struct Netscape_spki_st
476 {
477 NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
478 X509_ALGOR *sig_algor;
479 ASN1_BIT_STRING *signature;
480 } NETSCAPE_SPKI;
481
482/* Netscape certificate sequence structure */
483typedef struct Netscape_certificate_sequence
484 {
485 ASN1_OBJECT *type;
486 STACK_OF(X509) *certs;
487 } NETSCAPE_CERT_SEQUENCE;
488
489/* Unused (and iv length is wrong)
490typedef struct CBCParameter_st
491 {
492 unsigned char iv[8];
493 } CBC_PARAM;
494*/
495
496/* Password based encryption structure */
497
498typedef struct PBEPARAM_st {
499ASN1_OCTET_STRING *salt;
500ASN1_INTEGER *iter;
501} PBEPARAM;
502
503/* Password based encryption V2 structures */
504
505typedef struct PBE2PARAM_st {
506X509_ALGOR *keyfunc;
507X509_ALGOR *encryption;
508} PBE2PARAM;
509
510typedef struct PBKDF2PARAM_st {
511ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */
512ASN1_INTEGER *iter;
513ASN1_INTEGER *keylength;
514X509_ALGOR *prf;
515} PBKDF2PARAM;
516
517
518/* PKCS#8 private key info structure */
519
520typedef struct pkcs8_priv_key_info_st
521 {
522 int broken; /* Flag for various broken formats */
523#define PKCS8_OK 0
524#define PKCS8_NO_OCTET 1
525#define PKCS8_EMBEDDED_PARAM 2
526#define PKCS8_NS_DB 3
527 ASN1_INTEGER *version;
528 X509_ALGOR *pkeyalg;
529 ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
530 STACK_OF(X509_ATTRIBUTE) *attributes;
531 } PKCS8_PRIV_KEY_INFO;
532
533#ifdef __cplusplus
534}
535#endif
536
537#include <openssl/x509_vfy.h>
538#include <openssl/pkcs7.h>
539
540#ifdef __cplusplus
541extern "C" {
542#endif
543
544#ifdef SSLEAY_MACROS
545#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
546 a->signature,(char *)a->cert_info,r)
547#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
548 a->sig_alg,a->signature,(char *)a->req_info,r)
549#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
550 a->sig_alg, a->signature,(char *)a->crl,r)
551
552#define X509_sign(x,pkey,md) \
553 ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
554 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
555#define X509_REQ_sign(x,pkey,md) \
556 ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
557 x->signature, (char *)x->req_info,pkey,md)
558#define X509_CRL_sign(x,pkey,md) \
559 ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
560 x->signature, (char *)x->crl,pkey,md)
561#define NETSCAPE_SPKI_sign(x,pkey,md) \
562 ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
563 x->signature, (char *)x->spkac,pkey,md)
564
565#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
566 (char *(*)())d2i_X509,(char *)x509)
567#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
568 (int (*)())i2d_X509_ATTRIBUTE, \
569 (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
570#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
571 (int (*)())i2d_X509_EXTENSION, \
572 (char *(*)())d2i_X509_EXTENSION,(char *)ex)
573#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
574 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
575#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
576#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
577 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
578#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
579
580#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
581 (char *(*)())d2i_X509_CRL,(char *)crl)
582#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
583 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
584 (unsigned char **)(crl))
585#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
586 (unsigned char *)crl)
587#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
588 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
589 (unsigned char **)(crl))
590#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
591 (unsigned char *)crl)
592
593#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
594 (char *(*)())d2i_PKCS7,(char *)p7)
595#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
596 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
597 (unsigned char **)(p7))
598#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
599 (unsigned char *)p7)
600#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
601 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
602 (unsigned char **)(p7))
603#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
604 (unsigned char *)p7)
605
606#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
607 (char *(*)())d2i_X509_REQ,(char *)req)
608#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
609 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
610 (unsigned char **)(req))
611#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
612 (unsigned char *)req)
613#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
614 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
615 (unsigned char **)(req))
616#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
617 (unsigned char *)req)
618
619#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
620 (char *(*)())d2i_RSAPublicKey,(char *)rsa)
621#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
622 (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
623
624#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
625 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
626 (unsigned char **)(rsa))
627#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
628 (unsigned char *)rsa)
629#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
630 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
631 (unsigned char **)(rsa))
632#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
633 (unsigned char *)rsa)
634
635#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
636 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
637 (unsigned char **)(rsa))
638#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
639 (unsigned char *)rsa)
640#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
641 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
642 (unsigned char **)(rsa))
643#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
644 (unsigned char *)rsa)
645
646#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
647 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
648 (unsigned char **)(dsa))
649#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
650 (unsigned char *)dsa)
651#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
652 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
653 (unsigned char **)(dsa))
654#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
655 (unsigned char *)dsa)
656
657#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
658 (char *(*)())d2i_X509_ALGOR,(char *)xn)
659
660#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
661 (char *(*)())d2i_X509_NAME,(char *)xn)
662#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
663 (int (*)())i2d_X509_NAME_ENTRY, \
664 (char *(*)())d2i_X509_NAME_ENTRY,\
665 (char *)ne)
666
667#define X509_digest(data,type,md,len) \
668 ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
669#define X509_NAME_digest(data,type,md,len) \
670 ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
671#ifndef PKCS7_ISSUER_AND_SERIAL_digest
672#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
673 ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
674 (char *)data,md,len)
675#endif
676#endif
677
678#define X509_EXT_PACK_UNKNOWN 1
679#define X509_EXT_PACK_STRING 2
680
681#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
682/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
683#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
684#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
685#define X509_extract_key(x) X509_get_pubkey(x) /*****/
686#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
687#define X509_REQ_get_subject_name(x) ((x)->req_info->subject)
688#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
689#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
690#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
691
692#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
693#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
694#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
695#define X509_CRL_get_issuer(x) ((x)->crl->issuer)
696#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
697
698/* This one is only used so that a binary form can output, as in
699 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
700#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
701
702
703const char *X509_verify_cert_error_string(long n);
704
705#ifndef SSLEAY_MACROS
706#ifndef OPENSSL_NO_EVP
707int X509_verify(X509 *a, EVP_PKEY *r);
708
709int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
710int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
711int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
712
713NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
714char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
715EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
716int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
717
718int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
719
720int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
721
722int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
723int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
724int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
725int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
726
727int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
728 unsigned char *md, unsigned int *len);
729int X509_digest(const X509 *data,const EVP_MD *type,
730 unsigned char *md, unsigned int *len);
731int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
732 unsigned char *md, unsigned int *len);
733int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
734 unsigned char *md, unsigned int *len);
735int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
736 unsigned char *md, unsigned int *len);
737#endif
738
739#ifndef OPENSSL_NO_FP_API
740X509 *d2i_X509_fp(FILE *fp, X509 **x509);
741int i2d_X509_fp(FILE *fp,X509 *x509);
742X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
743int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
744X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
745int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
746#ifndef OPENSSL_NO_RSA
747RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
748int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
749RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
750int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
751RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
752int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
753#endif
754#ifndef OPENSSL_NO_DSA
755DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
756int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
757DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
758int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
759#endif
760X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
761int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
762PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
763 PKCS8_PRIV_KEY_INFO **p8inf);
764int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
765int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
766int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
767EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
768int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
769EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
770#endif
771
772#ifndef OPENSSL_NO_BIO
773X509 *d2i_X509_bio(BIO *bp,X509 **x509);
774int i2d_X509_bio(BIO *bp,X509 *x509);
775X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
776int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
777X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
778int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
779#ifndef OPENSSL_NO_RSA
780RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
781int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
782RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
783int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
784RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
785int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
786#endif
787#ifndef OPENSSL_NO_DSA
788DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
789int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
790DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
791int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
792#endif
793X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
794int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
795PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
796 PKCS8_PRIV_KEY_INFO **p8inf);
797int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
798int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
799int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
800EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
801int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
802EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
803#endif
804
805X509 *X509_dup(X509 *x509);
806X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
807X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
808X509_CRL *X509_CRL_dup(X509_CRL *crl);
809X509_REQ *X509_REQ_dup(X509_REQ *req);
810X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
811X509_NAME *X509_NAME_dup(X509_NAME *xn);
812X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
813
814#endif /* !SSLEAY_MACROS */
815
816int X509_cmp_time(ASN1_TIME *s, time_t *t);
817int X509_cmp_current_time(ASN1_TIME *s);
818ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
819ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj);
820
821const char * X509_get_default_cert_area(void );
822const char * X509_get_default_cert_dir(void );
823const char * X509_get_default_cert_file(void );
824const char * X509_get_default_cert_dir_env(void );
825const char * X509_get_default_cert_file_env(void );
826const char * X509_get_default_private_dir(void );
827
828X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
829X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
830
831DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
832DECLARE_ASN1_FUNCTIONS(X509_VAL)
833
834DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
835
836int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
837EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
838int X509_get_pubkey_parameters(EVP_PKEY *pkey,
839 STACK_OF(X509) *chain);
840int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
841EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
842 long length);
843#ifndef OPENSSL_NO_RSA
844int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
845RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
846 long length);
847#endif
848#ifndef OPENSSL_NO_DSA
849int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
850DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
851 long length);
852#endif
853
854DECLARE_ASN1_FUNCTIONS(X509_SIG)
855DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
856DECLARE_ASN1_FUNCTIONS(X509_REQ)
857
858DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
859X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
860
861DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
862
863DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
864
865DECLARE_ASN1_FUNCTIONS(X509_NAME)
866
867int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
868
869DECLARE_ASN1_FUNCTIONS(X509_CINF)
870
871DECLARE_ASN1_FUNCTIONS(X509)
872DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
873
874int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
875 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
876int X509_set_ex_data(X509 *r, int idx, void *arg);
877void *X509_get_ex_data(X509 *r, int idx);
878int i2d_X509_AUX(X509 *a,unsigned char **pp);
879X509 * d2i_X509_AUX(X509 **a,unsigned char **pp,long length);
880
881int X509_alias_set1(X509 *x, unsigned char *name, int len);
882int X509_keyid_set1(X509 *x, unsigned char *id, int len);
883unsigned char * X509_alias_get0(X509 *x, int *len);
884int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
885int X509_TRUST_set(int *t, int trust);
886int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
887int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
888void X509_trust_clear(X509 *x);
889void X509_reject_clear(X509 *x);
890
891DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
892DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
893DECLARE_ASN1_FUNCTIONS(X509_CRL)
894
895int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
896
897X509_PKEY * X509_PKEY_new(void );
898void X509_PKEY_free(X509_PKEY *a);
899int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
900X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
901
902DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
903DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
904DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
905
906#ifndef OPENSSL_NO_EVP
907X509_INFO * X509_INFO_new(void);
908void X509_INFO_free(X509_INFO *a);
909char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
910
911int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
912 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
913
914int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data,
915 unsigned char *md,unsigned int *len);
916
917int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
918 ASN1_BIT_STRING *signature,
919 char *data,EVP_PKEY *pkey, const EVP_MD *type);
920
921int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
922 unsigned char *md,unsigned int *len);
923
924int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
925 ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);
926
927int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
928 ASN1_BIT_STRING *signature,
929 void *data, EVP_PKEY *pkey, const EVP_MD *type);
930#endif
931
932int X509_set_version(X509 *x,long version);
933int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
934ASN1_INTEGER * X509_get_serialNumber(X509 *x);
935int X509_set_issuer_name(X509 *x, X509_NAME *name);
936X509_NAME * X509_get_issuer_name(X509 *a);
937int X509_set_subject_name(X509 *x, X509_NAME *name);
938X509_NAME * X509_get_subject_name(X509 *a);
939int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
940int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
941int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
942EVP_PKEY * X509_get_pubkey(X509 *x);
943ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
944int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
945
946int X509_REQ_set_version(X509_REQ *x,long version);
947int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
948int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
949EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
950int X509_REQ_extension_nid(int nid);
951int * X509_REQ_get_extension_nids(void);
952void X509_REQ_set_extension_nids(int *nids);
953STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
954int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
955 int nid);
956int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
957int X509_REQ_get_attr_count(const X509_REQ *req);
958int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
959 int lastpos);
960int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
961 int lastpos);
962X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
963X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
964int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
965int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
966 const ASN1_OBJECT *obj, int type,
967 const unsigned char *bytes, int len);
968int X509_REQ_add1_attr_by_NID(X509_REQ *req,
969 int nid, int type,
970 const unsigned char *bytes, int len);
971int X509_REQ_add1_attr_by_txt(X509_REQ *req,
972 const char *attrname, int type,
973 const unsigned char *bytes, int len);
974
975int X509_CRL_set_version(X509_CRL *x, long version);
976int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
977int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
978int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
979int X509_CRL_sort(X509_CRL *crl);
980
981int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
982int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
983
984int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
985
986int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
987unsigned long X509_issuer_and_serial_hash(X509 *a);
988
989int X509_issuer_name_cmp(const X509 *a, const X509 *b);
990unsigned long X509_issuer_name_hash(X509 *a);
991
992int X509_subject_name_cmp(const X509 *a, const X509 *b);
993unsigned long X509_subject_name_hash(X509 *x);
994
995int X509_cmp(const X509 *a, const X509 *b);
996int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
997unsigned long X509_NAME_hash(X509_NAME *x);
998
999int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
1000#ifndef OPENSSL_NO_FP_API
1001int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
1002int X509_print_fp(FILE *bp,X509 *x);
1003int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
1004int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
1005int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
1006#endif
1007
1008#ifndef OPENSSL_NO_BIO
1009int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
1010int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
1011int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
1012int X509_print(BIO *bp,X509 *x);
1013int X509_ocspid_print(BIO *bp,X509 *x);
1014int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
1015int X509_CRL_print(BIO *bp,X509_CRL *x);
1016int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
1017int X509_REQ_print(BIO *bp,X509_REQ *req);
1018#endif
1019
1020int X509_NAME_entry_count(X509_NAME *name);
1021int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
1022 char *buf,int len);
1023int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
1024 char *buf,int len);
1025
1026/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
1027 * lastpos, search after that position on. */
1028int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
1029int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
1030 int lastpos);
1031X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
1032X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
1033int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
1034 int loc, int set);
1035int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
1036 unsigned char *bytes, int len, int loc, int set);
1037int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
1038 unsigned char *bytes, int len, int loc, int set);
1039X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
1040 char *field, int type, unsigned char *bytes, int len);
1041X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
1042 int type,unsigned char *bytes, int len);
1043int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
1044 unsigned char *bytes, int len, int loc, int set);
1045X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
1046 ASN1_OBJECT *obj, int type,unsigned char *bytes,
1047 int len);
1048int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
1049 ASN1_OBJECT *obj);
1050int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
1051 unsigned char *bytes, int len);
1052ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
1053ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
1054
1055int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
1056int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
1057 int nid, int lastpos);
1058int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
1059 ASN1_OBJECT *obj,int lastpos);
1060int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
1061 int crit, int lastpos);
1062X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
1063X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
1064STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
1065 X509_EXTENSION *ex, int loc);
1066
1067int X509_get_ext_count(X509 *x);
1068int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
1069int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
1070int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
1071X509_EXTENSION *X509_get_ext(X509 *x, int loc);
1072X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
1073int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
1074void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
1075int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
1076 unsigned long flags);
1077
1078int X509_CRL_get_ext_count(X509_CRL *x);
1079int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
1080int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
1081int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
1082X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
1083X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
1084int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
1085void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
1086int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
1087 unsigned long flags);
1088
1089int X509_REVOKED_get_ext_count(X509_REVOKED *x);
1090int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
1091int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
1092int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
1093X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
1094X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
1095int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
1096void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
1097int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
1098 unsigned long flags);
1099
1100X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
1101 int nid, int crit, ASN1_OCTET_STRING *data);
1102X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
1103 ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
1104int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
1105int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
1106int X509_EXTENSION_set_data(X509_EXTENSION *ex,
1107 ASN1_OCTET_STRING *data);
1108ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
1109ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
1110int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
1111
1112int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
1113int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
1114 int lastpos);
1115int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
1116 int lastpos);
1117X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
1118X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
1119STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
1120 X509_ATTRIBUTE *attr);
1121STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
1122 const ASN1_OBJECT *obj, int type,
1123 const unsigned char *bytes, int len);
1124STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
1125 int nid, int type,
1126 const unsigned char *bytes, int len);
1127STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
1128 const char *attrname, int type,
1129 const unsigned char *bytes, int len);
1130X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
1131 int atrtype, const void *data, int len);
1132X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
1133 const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
1134X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
1135 const char *atrname, int type, const unsigned char *bytes, int len);
1136int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
1137int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
1138void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
1139 int atrtype, void *data);
1140int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
1141ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
1142ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
1143
1144int X509_verify_cert(X509_STORE_CTX *ctx);
1145
1146/* lookup a cert from a X509 STACK */
1147X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
1148 ASN1_INTEGER *serial);
1149X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
1150
1151DECLARE_ASN1_FUNCTIONS(PBEPARAM)
1152DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
1153DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
1154
1155X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
1156X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
1157 unsigned char *salt, int saltlen);
1158
1159/* PKCS#8 utilities */
1160
1161DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
1162
1163EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
1164PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
1165PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
1166PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
1167
1168int X509_check_trust(X509 *x, int id, int flags);
1169int X509_TRUST_get_count(void);
1170X509_TRUST * X509_TRUST_get0(int idx);
1171int X509_TRUST_get_by_id(int id);
1172int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
1173 char *name, int arg1, void *arg2);
1174void X509_TRUST_cleanup(void);
1175int X509_TRUST_get_flags(X509_TRUST *xp);
1176char *X509_TRUST_get0_name(X509_TRUST *xp);
1177int X509_TRUST_get_trust(X509_TRUST *xp);
1178
1179/* BEGIN ERROR CODES */
1180/* The following lines are auto generated by the script mkerr.pl. Any changes
1181 * made after this point may be overwritten when the script is next run.
1182 */
1183void ERR_load_X509_strings(void);
1184
1185/* Error codes for the X509 functions. */
1186
1187/* Function codes. */
1188#define X509_F_ADD_CERT_DIR 100
1189#define X509_F_BY_FILE_CTRL 101
1190#define X509_F_DIR_CTRL 102
1191#define X509_F_GET_CERT_BY_SUBJECT 103
1192#define X509_F_NETSCAPE_SPKI_B64_DECODE 129
1193#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130
1194#define X509_F_X509V3_ADD_EXT 104
1195#define X509_F_X509_ADD_ATTR 135
1196#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136
1197#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137
1198#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140
1199#define X509_F_X509_ATTRIBUTE_GET0_DATA 139
1200#define X509_F_X509_ATTRIBUTE_SET1_DATA 138
1201#define X509_F_X509_CHECK_PRIVATE_KEY 128
1202#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
1203#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
1204#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
1205#define X509_F_X509_LOAD_CERT_CRL_FILE 132
1206#define X509_F_X509_LOAD_CERT_FILE 111
1207#define X509_F_X509_LOAD_CRL_FILE 112
1208#define X509_F_X509_NAME_ADD_ENTRY 113
1209#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
1210#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131
1211#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
1212#define X509_F_X509_NAME_ONELINE 116
1213#define X509_F_X509_NAME_PRINT 117
1214#define X509_F_X509_PRINT_FP 118
1215#define X509_F_X509_PUBKEY_GET 119
1216#define X509_F_X509_PUBKEY_SET 120
1217#define X509_F_X509_REQ_PRINT 121
1218#define X509_F_X509_REQ_PRINT_FP 122
1219#define X509_F_X509_REQ_TO_X509 123
1220#define X509_F_X509_STORE_ADD_CERT 124
1221#define X509_F_X509_STORE_ADD_CRL 125
1222#define X509_F_X509_STORE_CTX_INIT 143
1223#define X509_F_X509_STORE_CTX_NEW 142
1224#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
1225#define X509_F_X509_TO_X509_REQ 126
1226#define X509_F_X509_TRUST_ADD 133
1227#define X509_F_X509_TRUST_SET 141
1228#define X509_F_X509_VERIFY_CERT 127
1229
1230/* Reason codes. */
1231#define X509_R_BAD_X509_FILETYPE 100
1232#define X509_R_BASE64_DECODE_ERROR 118
1233#define X509_R_CANT_CHECK_DH_KEY 114
1234#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
1235#define X509_R_ERR_ASN1_LIB 102
1236#define X509_R_INVALID_DIRECTORY 113
1237#define X509_R_INVALID_FIELD_NAME 119
1238#define X509_R_INVALID_TRUST 123
1239#define X509_R_KEY_TYPE_MISMATCH 115
1240#define X509_R_KEY_VALUES_MISMATCH 116
1241#define X509_R_LOADING_CERT_DIR 103
1242#define X509_R_LOADING_DEFAULTS 104
1243#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
1244#define X509_R_SHOULD_RETRY 106
1245#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
1246#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
1247#define X509_R_UNKNOWN_KEY_TYPE 117
1248#define X509_R_UNKNOWN_NID 109
1249#define X509_R_UNKNOWN_PURPOSE_ID 121
1250#define X509_R_UNKNOWN_TRUST_ID 120
1251#define X509_R_UNSUPPORTED_ALGORITHM 111
1252#define X509_R_WRONG_LOOKUP_TYPE 112
1253#define X509_R_WRONG_TYPE 122
1254
1255#ifdef __cplusplus
1256}
1257#endif
1258#endif
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
deleted file mode 100644
index 0bae3d32a1..0000000000
--- a/src/lib/libcrypto/x509/x509_att.c
+++ /dev/null
@@ -1,326 +0,0 @@
1/* crypto/x509/x509_att.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
69{
70 if (!x) return 0;
71 return(sk_X509_ATTRIBUTE_num(x));
72}
73
74int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
75 int lastpos)
76{
77 ASN1_OBJECT *obj;
78
79 obj=OBJ_nid2obj(nid);
80 if (obj == NULL) return(-2);
81 return(X509at_get_attr_by_OBJ(x,obj,lastpos));
82}
83
84int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
85 int lastpos)
86{
87 int n;
88 X509_ATTRIBUTE *ex;
89
90 if (sk == NULL) return(-1);
91 lastpos++;
92 if (lastpos < 0)
93 lastpos=0;
94 n=sk_X509_ATTRIBUTE_num(sk);
95 for ( ; lastpos < n; lastpos++)
96 {
97 ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
98 if (OBJ_cmp(ex->object,obj) == 0)
99 return(lastpos);
100 }
101 return(-1);
102}
103
104X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
105{
106 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
107 return NULL;
108 else
109 return sk_X509_ATTRIBUTE_value(x,loc);
110}
111
112X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
113{
114 X509_ATTRIBUTE *ret;
115
116 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
117 return(NULL);
118 ret=sk_X509_ATTRIBUTE_delete(x,loc);
119 return(ret);
120}
121
122STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
123 X509_ATTRIBUTE *attr)
124{
125 X509_ATTRIBUTE *new_attr=NULL;
126 STACK_OF(X509_ATTRIBUTE) *sk=NULL;
127
128 if ((x != NULL) && (*x == NULL))
129 {
130 if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
131 goto err;
132 }
133 else
134 sk= *x;
135
136 if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
137 goto err2;
138 if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
139 goto err;
140 if ((x != NULL) && (*x == NULL))
141 *x=sk;
142 return(sk);
143err:
144 X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE);
145err2:
146 if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
147 if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
148 return(NULL);
149}
150
151STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
152 const ASN1_OBJECT *obj, int type,
153 const unsigned char *bytes, int len)
154{
155 X509_ATTRIBUTE *attr;
156 STACK_OF(X509_ATTRIBUTE) *ret;
157 attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
158 if(!attr) return 0;
159 ret = X509at_add1_attr(x, attr);
160 X509_ATTRIBUTE_free(attr);
161 return ret;
162}
163
164STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
165 int nid, int type,
166 const unsigned char *bytes, int len)
167{
168 X509_ATTRIBUTE *attr;
169 STACK_OF(X509_ATTRIBUTE) *ret;
170 attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
171 if(!attr) return 0;
172 ret = X509at_add1_attr(x, attr);
173 X509_ATTRIBUTE_free(attr);
174 return ret;
175}
176
177STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
178 const char *attrname, int type,
179 const unsigned char *bytes, int len)
180{
181 X509_ATTRIBUTE *attr;
182 STACK_OF(X509_ATTRIBUTE) *ret;
183 attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
184 if(!attr) return 0;
185 ret = X509at_add1_attr(x, attr);
186 X509_ATTRIBUTE_free(attr);
187 return ret;
188}
189
190X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
191 int atrtype, const void *data, int len)
192{
193 ASN1_OBJECT *obj;
194 X509_ATTRIBUTE *ret;
195
196 obj=OBJ_nid2obj(nid);
197 if (obj == NULL)
198 {
199 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
200 return(NULL);
201 }
202 ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
203 if (ret == NULL) ASN1_OBJECT_free(obj);
204 return(ret);
205}
206
207X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
208 const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
209{
210 X509_ATTRIBUTE *ret;
211
212 if ((attr == NULL) || (*attr == NULL))
213 {
214 if ((ret=X509_ATTRIBUTE_new()) == NULL)
215 {
216 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
217 return(NULL);
218 }
219 }
220 else
221 ret= *attr;
222
223 if (!X509_ATTRIBUTE_set1_object(ret,obj))
224 goto err;
225 if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
226 goto err;
227
228 if ((attr != NULL) && (*attr == NULL)) *attr=ret;
229 return(ret);
230err:
231 if ((attr == NULL) || (ret != *attr))
232 X509_ATTRIBUTE_free(ret);
233 return(NULL);
234}
235
236X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
237 const char *atrname, int type, const unsigned char *bytes, int len)
238 {
239 ASN1_OBJECT *obj;
240 X509_ATTRIBUTE *nattr;
241
242 obj=OBJ_txt2obj(atrname, 0);
243 if (obj == NULL)
244 {
245 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
246 X509_R_INVALID_FIELD_NAME);
247 ERR_add_error_data(2, "name=", atrname);
248 return(NULL);
249 }
250 nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
251 ASN1_OBJECT_free(obj);
252 return nattr;
253 }
254
255int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
256{
257 if ((attr == NULL) || (obj == NULL))
258 return(0);
259 ASN1_OBJECT_free(attr->object);
260 attr->object=OBJ_dup(obj);
261 return(1);
262}
263
264int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
265{
266 ASN1_TYPE *ttmp;
267 ASN1_STRING *stmp;
268 int atype;
269 if (!attr) return 0;
270 if(attrtype & MBSTRING_FLAG) {
271 stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
272 OBJ_obj2nid(attr->object));
273 if(!stmp) {
274 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
275 return 0;
276 }
277 atype = stmp->type;
278 } else {
279 if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
280 if(!ASN1_STRING_set(stmp, data, len)) goto err;
281 atype = attrtype;
282 }
283 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
284 if(!(ttmp = ASN1_TYPE_new())) goto err;
285 if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
286 attr->single = 0;
287 ASN1_TYPE_set(ttmp, atype, stmp);
288 return 1;
289 err:
290 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
291 return 0;
292}
293
294int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
295{
296 if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
297 if(attr->value.single) return 1;
298 return 0;
299}
300
301ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
302{
303 if (attr == NULL) return(NULL);
304 return(attr->object);
305}
306
307void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
308 int atrtype, void *data)
309{
310 ASN1_TYPE *ttmp;
311 ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
312 if(!ttmp) return NULL;
313 if(atrtype != ASN1_TYPE_get(ttmp)){
314 X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
315 return NULL;
316 }
317 return ttmp->value.ptr;
318}
319
320ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
321{
322 if (attr == NULL) return(NULL);
323 if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
324 if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
325 else return attr->value.single;
326}
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
deleted file mode 100644
index f460102f49..0000000000
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ /dev/null
@@ -1,418 +0,0 @@
1/* crypto/x509/x509_cmp.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <ctype.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/x509.h>
65#include <openssl/x509v3.h>
66
67int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
68 {
69 int i;
70 X509_CINF *ai,*bi;
71
72 ai=a->cert_info;
73 bi=b->cert_info;
74 i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
75 if (i) return(i);
76 return(X509_NAME_cmp(ai->issuer,bi->issuer));
77 }
78
79#ifndef OPENSSL_NO_MD5
80unsigned long X509_issuer_and_serial_hash(X509 *a)
81 {
82 unsigned long ret=0;
83 EVP_MD_CTX ctx;
84 unsigned char md[16];
85 char *f;
86
87 EVP_MD_CTX_init(&ctx);
88 f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
89 ret=strlen(f);
90 EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
91 EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
92 OPENSSL_free(f);
93 EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
94 (unsigned long)a->cert_info->serialNumber->length);
95 EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
96 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
97 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
98 )&0xffffffffL;
99 EVP_MD_CTX_cleanup(&ctx);
100 return(ret);
101 }
102#endif
103
104int X509_issuer_name_cmp(const X509 *a, const X509 *b)
105 {
106 return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
107 }
108
109int X509_subject_name_cmp(const X509 *a, const X509 *b)
110 {
111 return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
112 }
113
114int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
115 {
116 return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
117 }
118
119X509_NAME *X509_get_issuer_name(X509 *a)
120 {
121 return(a->cert_info->issuer);
122 }
123
124unsigned long X509_issuer_name_hash(X509 *x)
125 {
126 return(X509_NAME_hash(x->cert_info->issuer));
127 }
128
129X509_NAME *X509_get_subject_name(X509 *a)
130 {
131 return(a->cert_info->subject);
132 }
133
134ASN1_INTEGER *X509_get_serialNumber(X509 *a)
135 {
136 return(a->cert_info->serialNumber);
137 }
138
139unsigned long X509_subject_name_hash(X509 *x)
140 {
141 return(X509_NAME_hash(x->cert_info->subject));
142 }
143
144#ifndef OPENSSL_NO_SHA
145/* Compare two certificates: they must be identical for
146 * this to work. NB: Although "cmp" operations are generally
147 * prototyped to take "const" arguments (eg. for use in
148 * STACKs), the way X509 handling is - these operations may
149 * involve ensuring the hashes are up-to-date and ensuring
150 * certain cert information is cached. So this is the point
151 * where the "depth-first" constification tree has to halt
152 * with an evil cast.
153 */
154int X509_cmp(const X509 *a, const X509 *b)
155{
156 /* ensure hash is valid */
157 X509_check_purpose((X509 *)a, -1, 0);
158 X509_check_purpose((X509 *)b, -1, 0);
159
160 return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
161}
162#endif
163
164
165/* Case insensitive string comparision */
166static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
167{
168 int i;
169
170 if (a->length != b->length)
171 return (a->length - b->length);
172
173 for (i=0; i<a->length; i++)
174 {
175 int ca, cb;
176
177 ca = tolower(a->data[i]);
178 cb = tolower(b->data[i]);
179
180 if (ca != cb)
181 return(ca-cb);
182 }
183 return 0;
184}
185
186/* Case insensitive string comparision with space normalization
187 * Space normalization - ignore leading, trailing spaces,
188 * multiple spaces between characters are replaced by single space
189 */
190static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
191{
192 unsigned char *pa = NULL, *pb = NULL;
193 int la, lb;
194
195 la = a->length;
196 lb = b->length;
197 pa = a->data;
198 pb = b->data;
199
200 /* skip leading spaces */
201 while (la > 0 && isspace(*pa))
202 {
203 la--;
204 pa++;
205 }
206 while (lb > 0 && isspace(*pb))
207 {
208 lb--;
209 pb++;
210 }
211
212 /* skip trailing spaces */
213 while (la > 0 && isspace(pa[la-1]))
214 la--;
215 while (lb > 0 && isspace(pb[lb-1]))
216 lb--;
217
218 /* compare strings with space normalization */
219 while (la > 0 && lb > 0)
220 {
221 int ca, cb;
222
223 /* compare character */
224 ca = tolower(*pa);
225 cb = tolower(*pb);
226 if (ca != cb)
227 return (ca - cb);
228
229 pa++; pb++;
230 la--; lb--;
231
232 if (la <= 0 || lb <= 0)
233 break;
234
235 /* is white space next character ? */
236 if (isspace(*pa) && isspace(*pb))
237 {
238 /* skip remaining white spaces */
239 while (la > 0 && isspace(*pa))
240 {
241 la--;
242 pa++;
243 }
244 while (lb > 0 && isspace(*pb))
245 {
246 lb--;
247 pb++;
248 }
249 }
250 }
251 if (la > 0 || lb > 0)
252 return la - lb;
253
254 return 0;
255}
256
257int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
258 {
259 int i,j;
260 X509_NAME_ENTRY *na,*nb;
261
262 if (sk_X509_NAME_ENTRY_num(a->entries)
263 != sk_X509_NAME_ENTRY_num(b->entries))
264 return sk_X509_NAME_ENTRY_num(a->entries)
265 -sk_X509_NAME_ENTRY_num(b->entries);
266 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
267 {
268 na=sk_X509_NAME_ENTRY_value(a->entries,i);
269 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
270 j=na->value->type-nb->value->type;
271 if (j) return(j);
272 if (na->value->type == V_ASN1_PRINTABLESTRING)
273 j=nocase_spacenorm_cmp(na->value, nb->value);
274 else if (na->value->type == V_ASN1_IA5STRING
275 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
276 j=nocase_cmp(na->value, nb->value);
277 else
278 {
279 j=na->value->length-nb->value->length;
280 if (j) return(j);
281 j=memcmp(na->value->data,nb->value->data,
282 na->value->length);
283 }
284 if (j) return(j);
285 j=na->set-nb->set;
286 if (j) return(j);
287 }
288
289 /* We will check the object types after checking the values
290 * since the values will more often be different than the object
291 * types. */
292 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
293 {
294 na=sk_X509_NAME_ENTRY_value(a->entries,i);
295 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
296 j=OBJ_cmp(na->object,nb->object);
297 if (j) return(j);
298 }
299 return(0);
300 }
301
302#ifndef OPENSSL_NO_MD5
303/* I now DER encode the name and hash it. Since I cache the DER encoding,
304 * this is reasonably efficient. */
305unsigned long X509_NAME_hash(X509_NAME *x)
306 {
307 unsigned long ret=0;
308 unsigned char md[16];
309
310 /* Make sure X509_NAME structure contains valid cached encoding */
311 i2d_X509_NAME(x,NULL);
312 EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
313
314 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
315 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
316 )&0xffffffffL;
317 return(ret);
318 }
319#endif
320
321/* Search a stack of X509 for a match */
322X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
323 ASN1_INTEGER *serial)
324 {
325 int i;
326 X509_CINF cinf;
327 X509 x,*x509=NULL;
328
329 if(!sk) return NULL;
330
331 x.cert_info= &cinf;
332 cinf.serialNumber=serial;
333 cinf.issuer=name;
334
335 for (i=0; i<sk_X509_num(sk); i++)
336 {
337 x509=sk_X509_value(sk,i);
338 if (X509_issuer_and_serial_cmp(x509,&x) == 0)
339 return(x509);
340 }
341 return(NULL);
342 }
343
344X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
345 {
346 X509 *x509;
347 int i;
348
349 for (i=0; i<sk_X509_num(sk); i++)
350 {
351 x509=sk_X509_value(sk,i);
352 if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
353 return(x509);
354 }
355 return(NULL);
356 }
357
358EVP_PKEY *X509_get_pubkey(X509 *x)
359 {
360 if ((x == NULL) || (x->cert_info == NULL))
361 return(NULL);
362 return(X509_PUBKEY_get(x->cert_info->key));
363 }
364
365ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
366 {
367 if(!x) return NULL;
368 return x->cert_info->key->public_key;
369 }
370
371int X509_check_private_key(X509 *x, EVP_PKEY *k)
372 {
373 EVP_PKEY *xk=NULL;
374 int ok=0;
375
376 xk=X509_get_pubkey(x);
377 if (xk->type != k->type)
378 {
379 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
380 goto err;
381 }
382 switch (k->type)
383 {
384#ifndef OPENSSL_NO_RSA
385 case EVP_PKEY_RSA:
386 if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
387 || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
388 {
389 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
390 goto err;
391 }
392 break;
393#endif
394#ifndef OPENSSL_NO_DSA
395 case EVP_PKEY_DSA:
396 if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
397 {
398 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
399 goto err;
400 }
401 break;
402#endif
403#ifndef OPENSSL_NO_DH
404 case EVP_PKEY_DH:
405 /* No idea */
406 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
407 goto err;
408#endif
409 default:
410 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
411 goto err;
412 }
413
414 ok=1;
415err:
416 EVP_PKEY_free(xk);
417 return(ok);
418 }
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
deleted file mode 100644
index 51410cfd1a..0000000000
--- a/src/lib/libcrypto/x509/x509_d2.c
+++ /dev/null
@@ -1,107 +0,0 @@
1/* crypto/x509/x509_d2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/crypto.h>
62#include <openssl/x509.h>
63
64#ifndef OPENSSL_NO_STDIO
65int X509_STORE_set_default_paths(X509_STORE *ctx)
66 {
67 X509_LOOKUP *lookup;
68
69 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
70 if (lookup == NULL) return(0);
71 X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
72
73 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
74 if (lookup == NULL) return(0);
75 X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
76
77 /* clear any errors */
78 ERR_clear_error();
79
80 return(1);
81 }
82
83int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
84 const char *path)
85 {
86 X509_LOOKUP *lookup;
87
88 if (file != NULL)
89 {
90 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
91 if (lookup == NULL) return(0);
92 if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
93 return(0);
94 }
95 if (path != NULL)
96 {
97 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
98 if (lookup == NULL) return(0);
99 if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
100 return(0);
101 }
102 if ((path == NULL) && (file == NULL))
103 return(0);
104 return(1);
105 }
106
107#endif
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
deleted file mode 100644
index e0ac151a76..0000000000
--- a/src/lib/libcrypto/x509/x509_def.c
+++ /dev/null
@@ -1,81 +0,0 @@
1/* crypto/x509/x509_def.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/crypto.h>
62#include <openssl/x509.h>
63
64const char *X509_get_default_private_dir(void)
65 { return(X509_PRIVATE_DIR); }
66
67const char *X509_get_default_cert_area(void)
68 { return(X509_CERT_AREA); }
69
70const char *X509_get_default_cert_dir(void)
71 { return(X509_CERT_DIR); }
72
73const char *X509_get_default_cert_file(void)
74 { return(X509_CERT_FILE); }
75
76const char *X509_get_default_cert_dir_env(void)
77 { return(X509_CERT_DIR_EVP); }
78
79const char *X509_get_default_cert_file_env(void)
80 { return(X509_CERT_FILE_EVP); }
81
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
deleted file mode 100644
index 5bbf4acf76..0000000000
--- a/src/lib/libcrypto/x509/x509_err.c
+++ /dev/null
@@ -1,156 +0,0 @@
1/* crypto/x509/x509_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/x509.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA X509_str_functs[]=
68 {
69{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"},
70{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"},
71{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"},
72{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"},
73{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"},
74{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"},
75{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"},
76{ERR_PACK(0,X509_F_X509_ADD_ATTR,0), "X509_ADD_ATTR"},
77{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"},
78{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"},
79{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0), "X509_ATTRIBUTE_create_by_txt"},
80{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"},
81{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"},
82{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"},
83{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
84{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
85{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
86{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"},
87{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"},
88{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"},
89{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"},
90{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"},
91{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0), "X509_NAME_ENTRY_create_by_txt"},
92{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"},
93{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"},
94{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"},
95{ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"},
96{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"},
97{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"},
98{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"},
99{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"},
100{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
101{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"},
102{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"},
103{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0), "X509_STORE_CTX_init"},
104{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0), "X509_STORE_CTX_new"},
105{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"},
106{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
107{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"},
108{ERR_PACK(0,X509_F_X509_TRUST_SET,0), "X509_TRUST_set"},
109{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
110{0,NULL}
111 };
112
113static ERR_STRING_DATA X509_str_reasons[]=
114 {
115{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
116{X509_R_BASE64_DECODE_ERROR ,"base64 decode error"},
117{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"},
118{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
119{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
120{X509_R_INVALID_DIRECTORY ,"invalid directory"},
121{X509_R_INVALID_FIELD_NAME ,"invalid field name"},
122{X509_R_INVALID_TRUST ,"invalid trust"},
123{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"},
124{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"},
125{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
126{X509_R_LOADING_DEFAULTS ,"loading defaults"},
127{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"},
128{X509_R_SHOULD_RETRY ,"should retry"},
129{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
130{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
131{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"},
132{X509_R_UNKNOWN_NID ,"unknown nid"},
133{X509_R_UNKNOWN_PURPOSE_ID ,"unknown purpose id"},
134{X509_R_UNKNOWN_TRUST_ID ,"unknown trust id"},
135{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},
136{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"},
137{X509_R_WRONG_TYPE ,"wrong type"},
138{0,NULL}
139 };
140
141#endif
142
143void ERR_load_X509_strings(void)
144 {
145 static int init=1;
146
147 if (init)
148 {
149 init=0;
150#ifndef OPENSSL_NO_ERR
151 ERR_load_strings(ERR_LIB_X509,X509_str_functs);
152 ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
153#endif
154
155 }
156 }
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
deleted file mode 100644
index e7fdacb5e4..0000000000
--- a/src/lib/libcrypto/x509/x509_ext.c
+++ /dev/null
@@ -1,210 +0,0 @@
1/* crypto/x509/x509_ext.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68
69int X509_CRL_get_ext_count(X509_CRL *x)
70 {
71 return(X509v3_get_ext_count(x->crl->extensions));
72 }
73
74int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
75 {
76 return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
77 }
78
79int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
80 {
81 return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
82 }
83
84int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
85 {
86 return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
87 }
88
89X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
90 {
91 return(X509v3_get_ext(x->crl->extensions,loc));
92 }
93
94X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
95 {
96 return(X509v3_delete_ext(x->crl->extensions,loc));
97 }
98
99void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
100{
101 return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
102}
103
104int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
105 unsigned long flags)
106{
107 return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
108}
109
110int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
111 {
112 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
113 }
114
115int X509_get_ext_count(X509 *x)
116 {
117 return(X509v3_get_ext_count(x->cert_info->extensions));
118 }
119
120int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
121 {
122 return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
123 }
124
125int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
126 {
127 return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
128 }
129
130int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
131 {
132 return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
133 }
134
135X509_EXTENSION *X509_get_ext(X509 *x, int loc)
136 {
137 return(X509v3_get_ext(x->cert_info->extensions,loc));
138 }
139
140X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
141 {
142 return(X509v3_delete_ext(x->cert_info->extensions,loc));
143 }
144
145int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
146 {
147 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
148 }
149
150void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
151{
152 return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
153}
154
155int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
156 unsigned long flags)
157{
158 return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
159 flags);
160}
161
162int X509_REVOKED_get_ext_count(X509_REVOKED *x)
163 {
164 return(X509v3_get_ext_count(x->extensions));
165 }
166
167int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
168 {
169 return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
170 }
171
172int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
173 int lastpos)
174 {
175 return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
176 }
177
178int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
179 {
180 return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
181 }
182
183X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
184 {
185 return(X509v3_get_ext(x->extensions,loc));
186 }
187
188X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
189 {
190 return(X509v3_delete_ext(x->extensions,loc));
191 }
192
193int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
194 {
195 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
196 }
197
198void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
199{
200 return X509V3_get_d2i(x->extensions, nid, crit, idx);
201}
202
203int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
204 unsigned long flags)
205{
206 return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
207}
208
209IMPLEMENT_STACK_OF(X509_EXTENSION)
210IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
deleted file mode 100644
index b780dae5e2..0000000000
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ /dev/null
@@ -1,557 +0,0 @@
1/* crypto/x509/x509_lu.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/lhash.h>
62#include <openssl/x509.h>
63#include <openssl/x509v3.h>
64
65X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
66 {
67 X509_LOOKUP *ret;
68
69 ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
70 if (ret == NULL) return NULL;
71
72 ret->init=0;
73 ret->skip=0;
74 ret->method=method;
75 ret->method_data=NULL;
76 ret->store_ctx=NULL;
77 if ((method->new_item != NULL) && !method->new_item(ret))
78 {
79 OPENSSL_free(ret);
80 return NULL;
81 }
82 return ret;
83 }
84
85void X509_LOOKUP_free(X509_LOOKUP *ctx)
86 {
87 if (ctx == NULL) return;
88 if ( (ctx->method != NULL) &&
89 (ctx->method->free != NULL))
90 ctx->method->free(ctx);
91 OPENSSL_free(ctx);
92 }
93
94int X509_LOOKUP_init(X509_LOOKUP *ctx)
95 {
96 if (ctx->method == NULL) return 0;
97 if (ctx->method->init != NULL)
98 return ctx->method->init(ctx);
99 else
100 return 1;
101 }
102
103int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
104 {
105 if (ctx->method == NULL) return 0;
106 if (ctx->method->shutdown != NULL)
107 return ctx->method->shutdown(ctx);
108 else
109 return 1;
110 }
111
112int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
113 char **ret)
114 {
115 if (ctx->method == NULL) return -1;
116 if (ctx->method->ctrl != NULL)
117 return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
118 else
119 return 1;
120 }
121
122int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
123 X509_OBJECT *ret)
124 {
125 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
126 return X509_LU_FAIL;
127 if (ctx->skip) return 0;
128 return ctx->method->get_by_subject(ctx,type,name,ret);
129 }
130
131int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
132 ASN1_INTEGER *serial, X509_OBJECT *ret)
133 {
134 if ((ctx->method == NULL) ||
135 (ctx->method->get_by_issuer_serial == NULL))
136 return X509_LU_FAIL;
137 return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
138 }
139
140int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
141 unsigned char *bytes, int len, X509_OBJECT *ret)
142 {
143 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
144 return X509_LU_FAIL;
145 return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
146 }
147
148int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
149 X509_OBJECT *ret)
150 {
151 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
152 return X509_LU_FAIL;
153 return ctx->method->get_by_alias(ctx,type,str,len,ret);
154 }
155
156
157static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
158 {
159 int ret;
160
161 ret=((*a)->type - (*b)->type);
162 if (ret) return ret;
163 switch ((*a)->type)
164 {
165 case X509_LU_X509:
166 ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
167 break;
168 case X509_LU_CRL:
169 ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
170 break;
171 default:
172 /* abort(); */
173 return 0;
174 }
175 return ret;
176 }
177
178X509_STORE *X509_STORE_new(void)
179 {
180 X509_STORE *ret;
181
182 if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
183 return NULL;
184 ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
185 ret->cache=1;
186 ret->get_cert_methods=sk_X509_LOOKUP_new_null();
187 ret->verify=0;
188 ret->verify_cb=0;
189
190 ret->purpose = 0;
191 ret->trust = 0;
192
193 ret->flags = 0;
194
195 ret->get_issuer = 0;
196 ret->check_issued = 0;
197 ret->check_revocation = 0;
198 ret->get_crl = 0;
199 ret->check_crl = 0;
200 ret->cert_crl = 0;
201 ret->cleanup = 0;
202
203 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
204 ret->references=1;
205 ret->depth=0;
206 return ret;
207 }
208
209static void cleanup(X509_OBJECT *a)
210 {
211 if (a->type == X509_LU_X509)
212 {
213 X509_free(a->data.x509);
214 }
215 else if (a->type == X509_LU_CRL)
216 {
217 X509_CRL_free(a->data.crl);
218 }
219 else
220 {
221 /* abort(); */
222 }
223
224 OPENSSL_free(a);
225 }
226
227void X509_STORE_free(X509_STORE *vfy)
228 {
229 int i;
230 STACK_OF(X509_LOOKUP) *sk;
231 X509_LOOKUP *lu;
232
233 if (vfy == NULL)
234 return;
235
236 sk=vfy->get_cert_methods;
237 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
238 {
239 lu=sk_X509_LOOKUP_value(sk,i);
240 X509_LOOKUP_shutdown(lu);
241 X509_LOOKUP_free(lu);
242 }
243 sk_X509_LOOKUP_free(sk);
244 sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
245
246 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
247 OPENSSL_free(vfy);
248 }
249
250X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
251 {
252 int i;
253 STACK_OF(X509_LOOKUP) *sk;
254 X509_LOOKUP *lu;
255
256 sk=v->get_cert_methods;
257 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
258 {
259 lu=sk_X509_LOOKUP_value(sk,i);
260 if (m == lu->method)
261 {
262 return lu;
263 }
264 }
265 /* a new one */
266 lu=X509_LOOKUP_new(m);
267 if (lu == NULL)
268 return NULL;
269 else
270 {
271 lu->store_ctx=v;
272 if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
273 return lu;
274 else
275 {
276 X509_LOOKUP_free(lu);
277 return NULL;
278 }
279 }
280 }
281
282int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
283 X509_OBJECT *ret)
284 {
285 X509_STORE *ctx=vs->ctx;
286 X509_LOOKUP *lu;
287 X509_OBJECT stmp,*tmp;
288 int i,j;
289
290 tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
291
292 if (tmp == NULL)
293 {
294 for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
295 {
296 lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
297 j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
298 if (j < 0)
299 {
300 vs->current_method=j;
301 return j;
302 }
303 else if (j)
304 {
305 tmp= &stmp;
306 break;
307 }
308 }
309 vs->current_method=0;
310 if (tmp == NULL)
311 return 0;
312 }
313
314/* if (ret->data.ptr != NULL)
315 X509_OBJECT_free_contents(ret); */
316
317 ret->type=tmp->type;
318 ret->data.ptr=tmp->data.ptr;
319
320 X509_OBJECT_up_ref_count(ret);
321
322 return 1;
323 }
324
325int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
326 {
327 X509_OBJECT *obj;
328 int ret=1;
329
330 if (x == NULL) return 0;
331 obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
332 if (obj == NULL)
333 {
334 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
335 return 0;
336 }
337 obj->type=X509_LU_X509;
338 obj->data.x509=x;
339
340 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
341
342 X509_OBJECT_up_ref_count(obj);
343
344
345 if (X509_OBJECT_retrieve_match(ctx->objs, obj))
346 {
347 X509_OBJECT_free_contents(obj);
348 OPENSSL_free(obj);
349 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
350 ret=0;
351 }
352 else sk_X509_OBJECT_push(ctx->objs, obj);
353
354 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
355
356 return ret;
357 }
358
359int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
360 {
361 X509_OBJECT *obj;
362 int ret=1;
363
364 if (x == NULL) return 0;
365 obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
366 if (obj == NULL)
367 {
368 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
369 return 0;
370 }
371 obj->type=X509_LU_CRL;
372 obj->data.crl=x;
373
374 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
375
376 X509_OBJECT_up_ref_count(obj);
377
378 if (X509_OBJECT_retrieve_match(ctx->objs, obj))
379 {
380 X509_OBJECT_free_contents(obj);
381 OPENSSL_free(obj);
382 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
383 ret=0;
384 }
385 else sk_X509_OBJECT_push(ctx->objs, obj);
386
387 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
388
389 return ret;
390 }
391
392void X509_OBJECT_up_ref_count(X509_OBJECT *a)
393 {
394 switch (a->type)
395 {
396 case X509_LU_X509:
397 CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
398 break;
399 case X509_LU_CRL:
400 CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
401 break;
402 }
403 }
404
405void X509_OBJECT_free_contents(X509_OBJECT *a)
406 {
407 switch (a->type)
408 {
409 case X509_LU_X509:
410 X509_free(a->data.x509);
411 break;
412 case X509_LU_CRL:
413 X509_CRL_free(a->data.crl);
414 break;
415 }
416 }
417
418int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
419 X509_NAME *name)
420 {
421 X509_OBJECT stmp;
422 X509 x509_s;
423 X509_CINF cinf_s;
424 X509_CRL crl_s;
425 X509_CRL_INFO crl_info_s;
426
427 stmp.type=type;
428 switch (type)
429 {
430 case X509_LU_X509:
431 stmp.data.x509= &x509_s;
432 x509_s.cert_info= &cinf_s;
433 cinf_s.subject=name;
434 break;
435 case X509_LU_CRL:
436 stmp.data.crl= &crl_s;
437 crl_s.crl= &crl_info_s;
438 crl_info_s.issuer=name;
439 break;
440 default:
441 /* abort(); */
442 return -1;
443 }
444
445 return sk_X509_OBJECT_find(h,&stmp);
446 }
447
448X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
449 X509_NAME *name)
450{
451 int idx;
452 idx = X509_OBJECT_idx_by_subject(h, type, name);
453 if (idx==-1) return NULL;
454 return sk_X509_OBJECT_value(h, idx);
455}
456
457X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
458{
459 int idx, i;
460 X509_OBJECT *obj;
461 idx = sk_X509_OBJECT_find(h, x);
462 if (idx == -1) return NULL;
463 if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
464 for (i = idx; i < sk_X509_OBJECT_num(h); i++)
465 {
466 obj = sk_X509_OBJECT_value(h, i);
467 if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
468 return NULL;
469 if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
470 return obj;
471 }
472 return NULL;
473}
474
475
476/* Try to get issuer certificate from store. Due to limitations
477 * of the API this can only retrieve a single certificate matching
478 * a given subject name. However it will fill the cache with all
479 * matching certificates, so we can examine the cache for all
480 * matches.
481 *
482 * Return values are:
483 * 1 lookup successful.
484 * 0 certificate not found.
485 * -1 some other error.
486 */
487
488
489int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
490{
491 X509_NAME *xn;
492 X509_OBJECT obj, *pobj;
493 int i, ok, idx;
494 xn=X509_get_issuer_name(x);
495 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
496 if (ok != X509_LU_X509)
497 {
498 if (ok == X509_LU_RETRY)
499 {
500 X509_OBJECT_free_contents(&obj);
501 X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
502 return -1;
503 }
504 else if (ok != X509_LU_FAIL)
505 {
506 X509_OBJECT_free_contents(&obj);
507 /* not good :-(, break anyway */
508 return -1;
509 }
510 return 0;
511 }
512 /* If certificate matches all OK */
513 if (ctx->check_issued(ctx, x, obj.data.x509))
514 {
515 *issuer = obj.data.x509;
516 return 1;
517 }
518 X509_OBJECT_free_contents(&obj);
519 /* Else find index of first matching cert */
520 idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
521 /* This shouldn't normally happen since we already have one match */
522 if (idx == -1) return 0;
523
524 /* Look through all matching certificates for a suitable issuer */
525 for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
526 {
527 pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
528 /* See if we've ran out of matches */
529 if (pobj->type != X509_LU_X509) return 0;
530 if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
531 if (ctx->check_issued(ctx, x, pobj->data.x509))
532 {
533 *issuer = pobj->data.x509;
534 X509_OBJECT_up_ref_count(pobj);
535 return 1;
536 }
537 }
538 return 0;
539}
540
541void X509_STORE_set_flags(X509_STORE *ctx, long flags)
542 {
543 ctx->flags |= flags;
544 }
545
546int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
547 {
548 return X509_PURPOSE_set(&ctx->purpose, purpose);
549 }
550
551int X509_STORE_set_trust(X509_STORE *ctx, int trust)
552 {
553 return X509_TRUST_set(&ctx->trust, trust);
554 }
555
556IMPLEMENT_STACK_OF(X509_LOOKUP)
557IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
deleted file mode 100644
index 1e718f76eb..0000000000
--- a/src/lib/libcrypto/x509/x509_obj.c
+++ /dev/null
@@ -1,226 +0,0 @@
1/* crypto/x509/x509_obj.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/lhash.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64#include <openssl/buffer.h>
65
66char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
67 {
68 X509_NAME_ENTRY *ne;
69int i;
70 int n,lold,l,l1,l2,num,j,type;
71 const char *s;
72 char *p;
73 unsigned char *q;
74 BUF_MEM *b=NULL;
75 static char hex[17]="0123456789ABCDEF";
76 int gs_doit[4];
77 char tmp_buf[80];
78#ifdef CHARSET_EBCDIC
79 char ebcdic_buf[1024];
80#endif
81
82 if (buf == NULL)
83 {
84 if ((b=BUF_MEM_new()) == NULL) goto err;
85 if (!BUF_MEM_grow(b,200)) goto err;
86 b->data[0]='\0';
87 len=200;
88 }
89 if (a == NULL)
90 {
91 if(b)
92 {
93 buf=b->data;
94 OPENSSL_free(b);
95 }
96 strncpy(buf,"NO X509_NAME",len);
97 buf[len-1]='\0';
98 return buf;
99 }
100
101 len--; /* space for '\0' */
102 l=0;
103 for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
104 {
105 ne=sk_X509_NAME_ENTRY_value(a->entries,i);
106 n=OBJ_obj2nid(ne->object);
107 if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
108 {
109 i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
110 s=tmp_buf;
111 }
112 l1=strlen(s);
113
114 type=ne->value->type;
115 num=ne->value->length;
116 q=ne->value->data;
117#ifdef CHARSET_EBCDIC
118 if (type == V_ASN1_GENERALSTRING ||
119 type == V_ASN1_VISIBLESTRING ||
120 type == V_ASN1_PRINTABLESTRING ||
121 type == V_ASN1_TELETEXSTRING ||
122 type == V_ASN1_VISIBLESTRING ||
123 type == V_ASN1_IA5STRING) {
124 ascii2ebcdic(ebcdic_buf, q,
125 (num > sizeof ebcdic_buf)
126 ? sizeof ebcdic_buf : num);
127 q=ebcdic_buf;
128 }
129#endif
130
131 if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
132 {
133 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
134 for (j=0; j<num; j++)
135 if (q[j] != 0) gs_doit[j&3]=1;
136
137 if (gs_doit[0]|gs_doit[1]|gs_doit[2])
138 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
139 else
140 {
141 gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
142 gs_doit[3]=1;
143 }
144 }
145 else
146 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
147
148 for (l2=j=0; j<num; j++)
149 {
150 if (!gs_doit[j&3]) continue;
151 l2++;
152#ifndef CHARSET_EBCDIC
153 if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
154#else
155 if ((os_toascii[q[j]] < os_toascii[' ']) ||
156 (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
157#endif
158 }
159
160 lold=l;
161 l+=1+l1+1+l2;
162 if (b != NULL)
163 {
164 if (!BUF_MEM_grow(b,l+1)) goto err;
165 p= &(b->data[lold]);
166 }
167 else if (l > len)
168 {
169 break;
170 }
171 else
172 p= &(buf[lold]);
173 *(p++)='/';
174 memcpy(p,s,(unsigned int)l1); p+=l1;
175 *(p++)='=';
176
177#ifndef CHARSET_EBCDIC /* q was assigned above already. */
178 q=ne->value->data;
179#endif
180
181 for (j=0; j<num; j++)
182 {
183 if (!gs_doit[j&3]) continue;
184#ifndef CHARSET_EBCDIC
185 n=q[j];
186 if ((n < ' ') || (n > '~'))
187 {
188 *(p++)='\\';
189 *(p++)='x';
190 *(p++)=hex[(n>>4)&0x0f];
191 *(p++)=hex[n&0x0f];
192 }
193 else
194 *(p++)=n;
195#else
196 n=os_toascii[q[j]];
197 if ((n < os_toascii[' ']) ||
198 (n > os_toascii['~']))
199 {
200 *(p++)='\\';
201 *(p++)='x';
202 *(p++)=hex[(n>>4)&0x0f];
203 *(p++)=hex[n&0x0f];
204 }
205 else
206 *(p++)=q[j];
207#endif
208 }
209 *p='\0';
210 }
211 if (b != NULL)
212 {
213 p=b->data;
214 OPENSSL_free(b);
215 }
216 else
217 p=buf;
218 if (i == 0)
219 *p = '\0';
220 return(p);
221err:
222 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
223 if (b != NULL) BUF_MEM_free(b);
224 return(NULL);
225 }
226
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
deleted file mode 100644
index db051033d9..0000000000
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ /dev/null
@@ -1,110 +0,0 @@
1/* crypto/x509/x509_r2x.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/evp.h>
63#include <openssl/asn1.h>
64#include <openssl/x509.h>
65#include <openssl/objects.h>
66#include <openssl/buffer.h>
67
68X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
69 {
70 X509 *ret=NULL;
71 X509_CINF *xi=NULL;
72 X509_NAME *xn;
73
74 if ((ret=X509_new()) == NULL)
75 {
76 X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
77 goto err;
78 }
79
80 /* duplicate the request */
81 xi=ret->cert_info;
82
83 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
84 {
85 if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
86 if (!ASN1_INTEGER_set(xi->version,2)) goto err;
87/* xi->extensions=ri->attributes; <- bad, should not ever be done
88 ri->attributes=NULL; */
89 }
90
91 xn=X509_REQ_get_subject_name(r);
92 X509_set_subject_name(ret,X509_NAME_dup(xn));
93 X509_set_issuer_name(ret,X509_NAME_dup(xn));
94
95 X509_gmtime_adj(xi->validity->notBefore,0);
96 X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days);
97
98 X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
99
100 if (!X509_sign(ret,pkey,EVP_md5()))
101 goto err;
102 if (0)
103 {
104err:
105 X509_free(ret);
106 ret=NULL;
107 }
108 return(ret);
109 }
110
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
deleted file mode 100644
index 0affa3bf30..0000000000
--- a/src/lib/libcrypto/x509/x509_req.c
+++ /dev/null
@@ -1,278 +0,0 @@
1/* crypto/x509/x509_req.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/evp.h>
63#include <openssl/asn1.h>
64#include <openssl/x509.h>
65#include <openssl/objects.h>
66#include <openssl/buffer.h>
67#include <openssl/pem.h>
68
69X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
70 {
71 X509_REQ *ret;
72 X509_REQ_INFO *ri;
73 int i;
74 EVP_PKEY *pktmp;
75
76 ret=X509_REQ_new();
77 if (ret == NULL)
78 {
79 X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
80 goto err;
81 }
82
83 ri=ret->req_info;
84
85 ri->version->length=1;
86 ri->version->data=(unsigned char *)OPENSSL_malloc(1);
87 if (ri->version->data == NULL) goto err;
88 ri->version->data[0]=0; /* version == 0 */
89
90 if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
91 goto err;
92
93 pktmp = X509_get_pubkey(x);
94 i=X509_REQ_set_pubkey(ret,pktmp);
95 EVP_PKEY_free(pktmp);
96 if (!i) goto err;
97
98 if (pkey != NULL)
99 {
100 if (!X509_REQ_sign(ret,pkey,md))
101 goto err;
102 }
103 return(ret);
104err:
105 X509_REQ_free(ret);
106 return(NULL);
107 }
108
109EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
110 {
111 if ((req == NULL) || (req->req_info == NULL))
112 return(NULL);
113 return(X509_PUBKEY_get(req->req_info->pubkey));
114 }
115
116/* It seems several organisations had the same idea of including a list of
117 * extensions in a certificate request. There are at least two OIDs that are
118 * used and there may be more: so the list is configurable.
119 */
120
121static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};
122
123static int *ext_nids = ext_nid_list;
124
125int X509_REQ_extension_nid(int req_nid)
126{
127 int i, nid;
128 for(i = 0; ; i++) {
129 nid = ext_nids[i];
130 if(nid == NID_undef) return 0;
131 else if (req_nid == nid) return 1;
132 }
133}
134
135int *X509_REQ_get_extension_nids(void)
136{
137 return ext_nids;
138}
139
140void X509_REQ_set_extension_nids(int *nids)
141{
142 ext_nids = nids;
143}
144
145STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
146{
147 X509_ATTRIBUTE *attr;
148 STACK_OF(X509_ATTRIBUTE) *sk;
149 ASN1_TYPE *ext = NULL;
150 int i;
151 unsigned char *p;
152 if ((req == NULL) || (req->req_info == NULL))
153 return(NULL);
154 sk=req->req_info->attributes;
155 if (!sk) return NULL;
156 for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
157 attr = sk_X509_ATTRIBUTE_value(sk, i);
158 if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {
159 if(attr->single) ext = attr->value.single;
160 else if(sk_ASN1_TYPE_num(attr->value.set))
161 ext = sk_ASN1_TYPE_value(attr->value.set, 0);
162 break;
163 }
164 }
165 if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL;
166 p = ext->value.sequence->data;
167 return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
168 ext->value.sequence->length,
169 d2i_X509_EXTENSION, X509_EXTENSION_free,
170 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
171}
172
173/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
174 * in case we want to create a non standard one.
175 */
176
177int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
178 int nid)
179{
180 unsigned char *p = NULL, *q;
181 long len;
182 ASN1_TYPE *at = NULL;
183 X509_ATTRIBUTE *attr = NULL;
184 if(!(at = ASN1_TYPE_new()) ||
185 !(at->value.sequence = ASN1_STRING_new())) goto err;
186
187 at->type = V_ASN1_SEQUENCE;
188 /* Generate encoding of extensions */
189 len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
190 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
191 if(!(p = OPENSSL_malloc(len))) goto err;
192 q = p;
193 i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
194 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
195 at->value.sequence->data = p;
196 p = NULL;
197 at->value.sequence->length = len;
198 if(!(attr = X509_ATTRIBUTE_new())) goto err;
199 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
200 if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
201 at = NULL;
202 attr->single = 0;
203 attr->object = OBJ_nid2obj(nid);
204 if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
205 return 1;
206 err:
207 if(p) OPENSSL_free(p);
208 X509_ATTRIBUTE_free(attr);
209 ASN1_TYPE_free(at);
210 return 0;
211}
212/* This is the normal usage: use the "official" OID */
213int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
214{
215 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
216}
217
218/* Request attribute functions */
219
220int X509_REQ_get_attr_count(const X509_REQ *req)
221{
222 return X509at_get_attr_count(req->req_info->attributes);
223}
224
225int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
226 int lastpos)
227{
228 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
229}
230
231int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
232 int lastpos)
233{
234 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
235}
236
237X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
238{
239 return X509at_get_attr(req->req_info->attributes, loc);
240}
241
242X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
243{
244 return X509at_delete_attr(req->req_info->attributes, loc);
245}
246
247int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
248{
249 if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
250 return 0;
251}
252
253int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
254 const ASN1_OBJECT *obj, int type,
255 const unsigned char *bytes, int len)
256{
257 if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
258 type, bytes, len)) return 1;
259 return 0;
260}
261
262int X509_REQ_add1_attr_by_NID(X509_REQ *req,
263 int nid, int type,
264 const unsigned char *bytes, int len)
265{
266 if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
267 type, bytes, len)) return 1;
268 return 0;
269}
270
271int X509_REQ_add1_attr_by_txt(X509_REQ *req,
272 const char *attrname, int type,
273 const unsigned char *bytes, int len)
274{
275 if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
276 type, bytes, len)) return 1;
277 return 0;
278}
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
deleted file mode 100644
index aaf61ca062..0000000000
--- a/src/lib/libcrypto/x509/x509_set.c
+++ /dev/null
@@ -1,150 +0,0 @@
1/* crypto/x509/x509_set.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_set_version(X509 *x, long version)
67 {
68 if (x == NULL) return(0);
69 if (x->cert_info->version == NULL)
70 {
71 if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
72 return(0);
73 }
74 return(ASN1_INTEGER_set(x->cert_info->version,version));
75 }
76
77int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
78 {
79 ASN1_INTEGER *in;
80
81 if (x == NULL) return(0);
82 in=x->cert_info->serialNumber;
83 if (in != serial)
84 {
85 in=M_ASN1_INTEGER_dup(serial);
86 if (in != NULL)
87 {
88 M_ASN1_INTEGER_free(x->cert_info->serialNumber);
89 x->cert_info->serialNumber=in;
90 }
91 }
92 return(in != NULL);
93 }
94
95int X509_set_issuer_name(X509 *x, X509_NAME *name)
96 {
97 if ((x == NULL) || (x->cert_info == NULL)) return(0);
98 return(X509_NAME_set(&x->cert_info->issuer,name));
99 }
100
101int X509_set_subject_name(X509 *x, X509_NAME *name)
102 {
103 if ((x == NULL) || (x->cert_info == NULL)) return(0);
104 return(X509_NAME_set(&x->cert_info->subject,name));
105 }
106
107int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
108 {
109 ASN1_TIME *in;
110
111 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
112 in=x->cert_info->validity->notBefore;
113 if (in != tm)
114 {
115 in=M_ASN1_TIME_dup(tm);
116 if (in != NULL)
117 {
118 M_ASN1_TIME_free(x->cert_info->validity->notBefore);
119 x->cert_info->validity->notBefore=in;
120 }
121 }
122 return(in != NULL);
123 }
124
125int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
126 {
127 ASN1_TIME *in;
128
129 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
130 in=x->cert_info->validity->notAfter;
131 if (in != tm)
132 {
133 in=M_ASN1_TIME_dup(tm);
134 if (in != NULL)
135 {
136 M_ASN1_TIME_free(x->cert_info->validity->notAfter);
137 x->cert_info->validity->notAfter=in;
138 }
139 }
140 return(in != NULL);
141 }
142
143int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
144 {
145 if ((x == NULL) || (x->cert_info == NULL)) return(0);
146 return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
147 }
148
149
150
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
deleted file mode 100644
index 881252608d..0000000000
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ /dev/null
@@ -1,287 +0,0 @@
1/* x509_trs.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63
64static int tr_cmp(const X509_TRUST * const *a,
65 const X509_TRUST * const *b);
66static void trtable_free(X509_TRUST *p);
67
68static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
69static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
70static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
71
72static int obj_trust(int id, X509 *x, int flags);
73static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
74
75/* WARNING: the following table should be kept in order of trust
76 * and without any gaps so we can just subtract the minimum trust
77 * value to get an index into the table
78 */
79
80static X509_TRUST trstandard[] = {
81{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
82{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
83{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
84{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
85{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
86{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
87{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
88};
89
90#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
91
92IMPLEMENT_STACK_OF(X509_TRUST)
93
94static STACK_OF(X509_TRUST) *trtable = NULL;
95
96static int tr_cmp(const X509_TRUST * const *a,
97 const X509_TRUST * const *b)
98{
99 return (*a)->trust - (*b)->trust;
100}
101
102int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
103{
104 int (*oldtrust)(int , X509 *, int);
105 oldtrust = default_trust;
106 default_trust = trust;
107 return oldtrust;
108}
109
110
111int X509_check_trust(X509 *x, int id, int flags)
112{
113 X509_TRUST *pt;
114 int idx;
115 if(id == -1) return 1;
116 idx = X509_TRUST_get_by_id(id);
117 if(idx == -1) return default_trust(id, x, flags);
118 pt = X509_TRUST_get0(idx);
119 return pt->check_trust(pt, x, flags);
120}
121
122int X509_TRUST_get_count(void)
123{
124 if(!trtable) return X509_TRUST_COUNT;
125 return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
126}
127
128X509_TRUST * X509_TRUST_get0(int idx)
129{
130 if(idx < 0) return NULL;
131 if(idx < X509_TRUST_COUNT) return trstandard + idx;
132 return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
133}
134
135int X509_TRUST_get_by_id(int id)
136{
137 X509_TRUST tmp;
138 int idx;
139 if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
140 return id - X509_TRUST_MIN;
141 tmp.trust = id;
142 if(!trtable) return -1;
143 idx = sk_X509_TRUST_find(trtable, &tmp);
144 if(idx == -1) return -1;
145 return idx + X509_TRUST_COUNT;
146}
147
148int X509_TRUST_set(int *t, int trust)
149{
150 if(X509_TRUST_get_by_id(trust) == -1) {
151 X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
152 return 0;
153 }
154 *t = trust;
155 return 1;
156}
157
158int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
159 char *name, int arg1, void *arg2)
160{
161 int idx;
162 X509_TRUST *trtmp;
163 /* This is set according to what we change: application can't set it */
164 flags &= ~X509_TRUST_DYNAMIC;
165 /* This will always be set for application modified trust entries */
166 flags |= X509_TRUST_DYNAMIC_NAME;
167 /* Get existing entry if any */
168 idx = X509_TRUST_get_by_id(id);
169 /* Need a new entry */
170 if(idx == -1) {
171 if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
172 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
173 return 0;
174 }
175 trtmp->flags = X509_TRUST_DYNAMIC;
176 } else trtmp = X509_TRUST_get0(idx);
177
178 /* OPENSSL_free existing name if dynamic */
179 if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
180 /* dup supplied name */
181 if(!(trtmp->name = BUF_strdup(name))) {
182 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
183 return 0;
184 }
185 /* Keep the dynamic flag of existing entry */
186 trtmp->flags &= X509_TRUST_DYNAMIC;
187 /* Set all other flags */
188 trtmp->flags |= flags;
189
190 trtmp->trust = id;
191 trtmp->check_trust = ck;
192 trtmp->arg1 = arg1;
193 trtmp->arg2 = arg2;
194
195 /* If its a new entry manage the dynamic table */
196 if(idx == -1) {
197 if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
198 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
199 return 0;
200 }
201 if (!sk_X509_TRUST_push(trtable, trtmp)) {
202 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
203 return 0;
204 }
205 }
206 return 1;
207}
208
209static void trtable_free(X509_TRUST *p)
210 {
211 if(!p) return;
212 if (p->flags & X509_TRUST_DYNAMIC)
213 {
214 if (p->flags & X509_TRUST_DYNAMIC_NAME)
215 OPENSSL_free(p->name);
216 OPENSSL_free(p);
217 }
218 }
219
220void X509_TRUST_cleanup(void)
221{
222 int i;
223 for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
224 sk_X509_TRUST_pop_free(trtable, trtable_free);
225 trtable = NULL;
226}
227
228int X509_TRUST_get_flags(X509_TRUST *xp)
229{
230 return xp->flags;
231}
232
233char *X509_TRUST_get0_name(X509_TRUST *xp)
234{
235 return xp->name;
236}
237
238int X509_TRUST_get_trust(X509_TRUST *xp)
239{
240 return xp->trust;
241}
242
243static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
244{
245 if(x->aux && (x->aux->trust || x->aux->reject))
246 return obj_trust(trust->arg1, x, flags);
247 /* we don't have any trust settings: for compatibility
248 * we return trusted if it is self signed
249 */
250 return trust_compat(trust, x, flags);
251}
252
253static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
254{
255 if(x->aux) return obj_trust(trust->arg1, x, flags);
256 return X509_TRUST_UNTRUSTED;
257}
258
259static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
260{
261 X509_check_purpose(x, -1, 0);
262 if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
263 else return X509_TRUST_UNTRUSTED;
264}
265
266static int obj_trust(int id, X509 *x, int flags)
267{
268 ASN1_OBJECT *obj;
269 int i;
270 X509_CERT_AUX *ax;
271 ax = x->aux;
272 if(!ax) return X509_TRUST_UNTRUSTED;
273 if(ax->reject) {
274 for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
275 obj = sk_ASN1_OBJECT_value(ax->reject, i);
276 if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
277 }
278 }
279 if(ax->trust) {
280 for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
281 obj = sk_ASN1_OBJECT_value(ax->trust, i);
282 if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
283 }
284 }
285 return X509_TRUST_UNTRUSTED;
286}
287
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
deleted file mode 100644
index e31ebc6741..0000000000
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ /dev/null
@@ -1,162 +0,0 @@
1/* crypto/x509/x509_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/lhash.h>
65#include <openssl/buffer.h>
66#include <openssl/evp.h>
67#include <openssl/asn1.h>
68#include <openssl/x509.h>
69#include <openssl/objects.h>
70
71const char *X509_verify_cert_error_string(long n)
72 {
73 static char buf[100];
74
75 switch ((int)n)
76 {
77 case X509_V_OK:
78 return("ok");
79 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
80 return("unable to get issuer certificate");
81 case X509_V_ERR_UNABLE_TO_GET_CRL:
82 return("unable to get certificate CRL");
83 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
84 return("unable to decrypt certificate's signature");
85 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
86 return("unable to decrypt CRL's signature");
87 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
88 return("unable to decode issuer public key");
89 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
90 return("certificate signature failure");
91 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
92 return("CRL signature failure");
93 case X509_V_ERR_CERT_NOT_YET_VALID:
94 return("certificate is not yet valid");
95 case X509_V_ERR_CRL_NOT_YET_VALID:
96 return("CRL is not yet valid");
97 case X509_V_ERR_CERT_HAS_EXPIRED:
98 return("certificate has expired");
99 case X509_V_ERR_CRL_HAS_EXPIRED:
100 return("CRL has expired");
101 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
102 return("format error in certificate's notBefore field");
103 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
104 return("format error in certificate's notAfter field");
105 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
106 return("format error in CRL's lastUpdate field");
107 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
108 return("format error in CRL's nextUpdate field");
109 case X509_V_ERR_OUT_OF_MEM:
110 return("out of memory");
111 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
112 return("self signed certificate");
113 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
114 return("self signed certificate in certificate chain");
115 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
116 return("unable to get local issuer certificate");
117 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
118 return("unable to verify the first certificate");
119 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
120 return("certificate chain too long");
121 case X509_V_ERR_CERT_REVOKED:
122 return("certificate revoked");
123 case X509_V_ERR_INVALID_CA:
124 return ("invalid CA certificate");
125 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
126 return ("path length constraint exceeded");
127 case X509_V_ERR_INVALID_PURPOSE:
128 return ("unsupported certificate purpose");
129 case X509_V_ERR_CERT_UNTRUSTED:
130 return ("certificate not trusted");
131 case X509_V_ERR_CERT_REJECTED:
132 return ("certificate rejected");
133 case X509_V_ERR_APPLICATION_VERIFICATION:
134 return("application verification failure");
135 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
136 return("subject issuer mismatch");
137 case X509_V_ERR_AKID_SKID_MISMATCH:
138 return("authority and subject key identifier mismatch");
139 case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
140 return("authority and issuer serial number mismatch");
141 case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
142 return("key usage does not include certificate signing");
143
144 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
145 return("unable to get CRL issuer certificate");
146
147 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
148 return("unhandled critical extension");
149
150 case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
151 return("key usage does not include CRL signing");
152
153 case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
154 return("unhandled critical CRL extension");
155
156 default:
157 BIO_snprintf(buf,sizeof buf,"error number %ld",n);
158 return(buf);
159 }
160 }
161
162
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
deleted file mode 100644
index 67b1796a92..0000000000
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ /dev/null
@@ -1,268 +0,0 @@
1/* crypto/x509/x509_v3.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
69 {
70 if (x == NULL) return(0);
71 return(sk_X509_EXTENSION_num(x));
72 }
73
74int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
75 int lastpos)
76 {
77 ASN1_OBJECT *obj;
78
79 obj=OBJ_nid2obj(nid);
80 if (obj == NULL) return(-2);
81 return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
82 }
83
84int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
85 int lastpos)
86 {
87 int n;
88 X509_EXTENSION *ex;
89
90 if (sk == NULL) return(-1);
91 lastpos++;
92 if (lastpos < 0)
93 lastpos=0;
94 n=sk_X509_EXTENSION_num(sk);
95 for ( ; lastpos < n; lastpos++)
96 {
97 ex=sk_X509_EXTENSION_value(sk,lastpos);
98 if (OBJ_cmp(ex->object,obj) == 0)
99 return(lastpos);
100 }
101 return(-1);
102 }
103
104int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
105 int lastpos)
106 {
107 int n;
108 X509_EXTENSION *ex;
109
110 if (sk == NULL) return(-1);
111 lastpos++;
112 if (lastpos < 0)
113 lastpos=0;
114 n=sk_X509_EXTENSION_num(sk);
115 for ( ; lastpos < n; lastpos++)
116 {
117 ex=sk_X509_EXTENSION_value(sk,lastpos);
118 if ( ((ex->critical > 0) && crit) ||
119 ((ex->critical <= 0) && !crit))
120 return(lastpos);
121 }
122 return(-1);
123 }
124
125X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
126 {
127 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
128 return NULL;
129 else
130 return sk_X509_EXTENSION_value(x,loc);
131 }
132
133X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
134 {
135 X509_EXTENSION *ret;
136
137 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
138 return(NULL);
139 ret=sk_X509_EXTENSION_delete(x,loc);
140 return(ret);
141 }
142
143STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
144 X509_EXTENSION *ex, int loc)
145 {
146 X509_EXTENSION *new_ex=NULL;
147 int n;
148 STACK_OF(X509_EXTENSION) *sk=NULL;
149
150 if ((x != NULL) && (*x == NULL))
151 {
152 if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
153 goto err;
154 }
155 else
156 sk= *x;
157
158 n=sk_X509_EXTENSION_num(sk);
159 if (loc > n) loc=n;
160 else if (loc < 0) loc=n;
161
162 if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
163 goto err2;
164 if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
165 goto err;
166 if ((x != NULL) && (*x == NULL))
167 *x=sk;
168 return(sk);
169err:
170 X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
171err2:
172 if (new_ex != NULL) X509_EXTENSION_free(new_ex);
173 if (sk != NULL) sk_X509_EXTENSION_free(sk);
174 return(NULL);
175 }
176
177X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
178 int crit, ASN1_OCTET_STRING *data)
179 {
180 ASN1_OBJECT *obj;
181 X509_EXTENSION *ret;
182
183 obj=OBJ_nid2obj(nid);
184 if (obj == NULL)
185 {
186 X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
187 return(NULL);
188 }
189 ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
190 if (ret == NULL) ASN1_OBJECT_free(obj);
191 return(ret);
192 }
193
194X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
195 ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
196 {
197 X509_EXTENSION *ret;
198
199 if ((ex == NULL) || (*ex == NULL))
200 {
201 if ((ret=X509_EXTENSION_new()) == NULL)
202 {
203 X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
204 return(NULL);
205 }
206 }
207 else
208 ret= *ex;
209
210 if (!X509_EXTENSION_set_object(ret,obj))
211 goto err;
212 if (!X509_EXTENSION_set_critical(ret,crit))
213 goto err;
214 if (!X509_EXTENSION_set_data(ret,data))
215 goto err;
216
217 if ((ex != NULL) && (*ex == NULL)) *ex=ret;
218 return(ret);
219err:
220 if ((ex == NULL) || (ret != *ex))
221 X509_EXTENSION_free(ret);
222 return(NULL);
223 }
224
225int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
226 {
227 if ((ex == NULL) || (obj == NULL))
228 return(0);
229 ASN1_OBJECT_free(ex->object);
230 ex->object=OBJ_dup(obj);
231 return(1);
232 }
233
234int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
235 {
236 if (ex == NULL) return(0);
237 ex->critical=(crit)?0xFF:-1;
238 return(1);
239 }
240
241int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
242 {
243 int i;
244
245 if (ex == NULL) return(0);
246 i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
247 if (!i) return(0);
248 return(1);
249 }
250
251ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
252 {
253 if (ex == NULL) return(NULL);
254 return(ex->object);
255 }
256
257ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
258 {
259 if (ex == NULL) return(NULL);
260 return(ex->value);
261 }
262
263int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
264 {
265 if (ex == NULL) return(0);
266 if(ex->critical > 0) return 1;
267 return 0;
268 }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
deleted file mode 100644
index 2e4d0b823a..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ /dev/null
@@ -1,1228 +0,0 @@
1/* crypto/x509/x509_vfy.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/crypto.h>
65#include <openssl/lhash.h>
66#include <openssl/buffer.h>
67#include <openssl/evp.h>
68#include <openssl/asn1.h>
69#include <openssl/x509.h>
70#include <openssl/x509v3.h>
71#include <openssl/objects.h>
72
73static int null_callback(int ok,X509_STORE_CTX *e);
74static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
75static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
76static int check_chain_purpose(X509_STORE_CTX *ctx);
77static int check_trust(X509_STORE_CTX *ctx);
78static int check_revocation(X509_STORE_CTX *ctx);
79static int check_cert(X509_STORE_CTX *ctx);
80static int internal_verify(X509_STORE_CTX *ctx);
81const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
82
83
84static int null_callback(int ok, X509_STORE_CTX *e)
85 {
86 return ok;
87 }
88
89#if 0
90static int x509_subject_cmp(X509 **a, X509 **b)
91 {
92 return X509_subject_name_cmp(*a,*b);
93 }
94#endif
95
96int X509_verify_cert(X509_STORE_CTX *ctx)
97 {
98 X509 *x,*xtmp,*chain_ss=NULL;
99 X509_NAME *xn;
100 int depth,i,ok=0;
101 int num;
102 int (*cb)();
103 STACK_OF(X509) *sktmp=NULL;
104
105 if (ctx->cert == NULL)
106 {
107 X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
108 return -1;
109 }
110
111 cb=ctx->verify_cb;
112
113 /* first we make sure the chain we are going to build is
114 * present and that the first entry is in place */
115 if (ctx->chain == NULL)
116 {
117 if ( ((ctx->chain=sk_X509_new_null()) == NULL) ||
118 (!sk_X509_push(ctx->chain,ctx->cert)))
119 {
120 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
121 goto end;
122 }
123 CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
124 ctx->last_untrusted=1;
125 }
126
127 /* We use a temporary STACK so we can chop and hack at it */
128 if (ctx->untrusted != NULL
129 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
130 {
131 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
132 goto end;
133 }
134
135 num=sk_X509_num(ctx->chain);
136 x=sk_X509_value(ctx->chain,num-1);
137 depth=ctx->depth;
138
139
140 for (;;)
141 {
142 /* If we have enough, we break */
143 if (depth < num) break; /* FIXME: If this happens, we should take
144 * note of it and, if appropriate, use the
145 * X509_V_ERR_CERT_CHAIN_TOO_LONG error
146 * code later.
147 */
148
149 /* If we are self signed, we break */
150 xn=X509_get_issuer_name(x);
151 if (ctx->check_issued(ctx, x,x)) break;
152
153 /* If we were passed a cert chain, use it first */
154 if (ctx->untrusted != NULL)
155 {
156 xtmp=find_issuer(ctx, sktmp,x);
157 if (xtmp != NULL)
158 {
159 if (!sk_X509_push(ctx->chain,xtmp))
160 {
161 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
162 goto end;
163 }
164 CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
165 sk_X509_delete_ptr(sktmp,xtmp);
166 ctx->last_untrusted++;
167 x=xtmp;
168 num++;
169 /* reparse the full chain for
170 * the next one */
171 continue;
172 }
173 }
174 break;
175 }
176
177 /* at this point, chain should contain a list of untrusted
178 * certificates. We now need to add at least one trusted one,
179 * if possible, otherwise we complain. */
180
181 /* Examine last certificate in chain and see if it
182 * is self signed.
183 */
184
185 i=sk_X509_num(ctx->chain);
186 x=sk_X509_value(ctx->chain,i-1);
187 xn = X509_get_subject_name(x);
188 if (ctx->check_issued(ctx, x, x))
189 {
190 /* we have a self signed certificate */
191 if (sk_X509_num(ctx->chain) == 1)
192 {
193 /* We have a single self signed certificate: see if
194 * we can find it in the store. We must have an exact
195 * match to avoid possible impersonation.
196 */
197 ok = ctx->get_issuer(&xtmp, ctx, x);
198 if ((ok <= 0) || X509_cmp(x, xtmp))
199 {
200 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
201 ctx->current_cert=x;
202 ctx->error_depth=i-1;
203 if (ok == 1) X509_free(xtmp);
204 ok=cb(0,ctx);
205 if (!ok) goto end;
206 }
207 else
208 {
209 /* We have a match: replace certificate with store version
210 * so we get any trust settings.
211 */
212 X509_free(x);
213 x = xtmp;
214 sk_X509_set(ctx->chain, i - 1, x);
215 ctx->last_untrusted=0;
216 }
217 }
218 else
219 {
220 /* extract and save self signed certificate for later use */
221 chain_ss=sk_X509_pop(ctx->chain);
222 ctx->last_untrusted--;
223 num--;
224 x=sk_X509_value(ctx->chain,num-1);
225 }
226 }
227
228 /* We now lookup certs from the certificate store */
229 for (;;)
230 {
231 /* If we have enough, we break */
232 if (depth < num) break;
233
234 /* If we are self signed, we break */
235 xn=X509_get_issuer_name(x);
236 if (ctx->check_issued(ctx,x,x)) break;
237
238 ok = ctx->get_issuer(&xtmp, ctx, x);
239
240 if (ok < 0) return ok;
241 if (ok == 0) break;
242
243 x = xtmp;
244 if (!sk_X509_push(ctx->chain,x))
245 {
246 X509_free(xtmp);
247 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
248 return 0;
249 }
250 num++;
251 }
252
253 /* we now have our chain, lets check it... */
254 xn=X509_get_issuer_name(x);
255
256 /* Is last certificate looked up self signed? */
257 if (!ctx->check_issued(ctx,x,x))
258 {
259 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
260 {
261 if (ctx->last_untrusted >= num)
262 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
263 else
264 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
265 ctx->current_cert=x;
266 }
267 else
268 {
269
270 sk_X509_push(ctx->chain,chain_ss);
271 num++;
272 ctx->last_untrusted=num;
273 ctx->current_cert=chain_ss;
274 ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
275 chain_ss=NULL;
276 }
277
278 ctx->error_depth=num-1;
279 ok=cb(0,ctx);
280 if (!ok) goto end;
281 }
282
283 /* We have the chain complete: now we need to check its purpose */
284 if (ctx->purpose > 0) ok = check_chain_purpose(ctx);
285
286 if (!ok) goto end;
287
288 /* The chain extensions are OK: check trust */
289
290 if (ctx->trust > 0) ok = check_trust(ctx);
291
292 if (!ok) goto end;
293
294 /* We may as well copy down any DSA parameters that are required */
295 X509_get_pubkey_parameters(NULL,ctx->chain);
296
297 /* Check revocation status: we do this after copying parameters
298 * because they may be needed for CRL signature verification.
299 */
300
301 ok = ctx->check_revocation(ctx);
302 if(!ok) goto end;
303
304 /* At this point, we have a chain and just need to verify it */
305 if (ctx->verify != NULL)
306 ok=ctx->verify(ctx);
307 else
308 ok=internal_verify(ctx);
309 if (0)
310 {
311end:
312 X509_get_pubkey_parameters(NULL,ctx->chain);
313 }
314 if (sktmp != NULL) sk_X509_free(sktmp);
315 if (chain_ss != NULL) X509_free(chain_ss);
316 return ok;
317 }
318
319
320/* Given a STACK_OF(X509) find the issuer of cert (if any)
321 */
322
323static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
324{
325 int i;
326 X509 *issuer;
327 for (i = 0; i < sk_X509_num(sk); i++)
328 {
329 issuer = sk_X509_value(sk, i);
330 if (ctx->check_issued(ctx, x, issuer))
331 return issuer;
332 }
333 return NULL;
334}
335
336/* Given a possible certificate and issuer check them */
337
338static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
339{
340 int ret;
341 ret = X509_check_issued(issuer, x);
342 if (ret == X509_V_OK)
343 return 1;
344 /* If we haven't asked for issuer errors don't set ctx */
345 if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
346 return 0;
347
348 ctx->error = ret;
349 ctx->current_cert = x;
350 ctx->current_issuer = issuer;
351 return ctx->verify_cb(0, ctx);
352 return 0;
353}
354
355/* Alternative lookup method: look from a STACK stored in other_ctx */
356
357static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
358{
359 *issuer = find_issuer(ctx, ctx->other_ctx, x);
360 if (*issuer)
361 {
362 CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
363 return 1;
364 }
365 else
366 return 0;
367}
368
369
370/* Check a certificate chains extensions for consistency
371 * with the supplied purpose
372 */
373
374static int check_chain_purpose(X509_STORE_CTX *ctx)
375{
376#ifdef OPENSSL_NO_CHAIN_VERIFY
377 return 1;
378#else
379 int i, ok=0;
380 X509 *x;
381 int (*cb)();
382 cb=ctx->verify_cb;
383 /* Check all untrusted certificates */
384 for (i = 0; i < ctx->last_untrusted; i++)
385 {
386 int ret;
387 x = sk_X509_value(ctx->chain, i);
388 if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
389 && (x->ex_flags & EXFLAG_CRITICAL))
390 {
391 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
392 ctx->error_depth = i;
393 ctx->current_cert = x;
394 ok=cb(0,ctx);
395 if (!ok) goto end;
396 }
397 ret = X509_check_purpose(x, ctx->purpose, i);
398 if ((ret == 0)
399 || ((ctx->flags & X509_V_FLAG_X509_STRICT)
400 && (ret != 1)))
401 {
402 if (i)
403 ctx->error = X509_V_ERR_INVALID_CA;
404 else
405 ctx->error = X509_V_ERR_INVALID_PURPOSE;
406 ctx->error_depth = i;
407 ctx->current_cert = x;
408 ok=cb(0,ctx);
409 if (!ok) goto end;
410 }
411 /* Check pathlen */
412 if ((i > 1) && (x->ex_pathlen != -1)
413 && (i > (x->ex_pathlen + 1)))
414 {
415 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
416 ctx->error_depth = i;
417 ctx->current_cert = x;
418 ok=cb(0,ctx);
419 if (!ok) goto end;
420 }
421 }
422 ok = 1;
423 end:
424 return ok;
425#endif
426}
427
428static int check_trust(X509_STORE_CTX *ctx)
429{
430#ifdef OPENSSL_NO_CHAIN_VERIFY
431 return 1;
432#else
433 int i, ok;
434 X509 *x;
435 int (*cb)();
436 cb=ctx->verify_cb;
437/* For now just check the last certificate in the chain */
438 i = sk_X509_num(ctx->chain) - 1;
439 x = sk_X509_value(ctx->chain, i);
440 ok = X509_check_trust(x, ctx->trust, 0);
441 if (ok == X509_TRUST_TRUSTED)
442 return 1;
443 ctx->error_depth = i;
444 ctx->current_cert = x;
445 if (ok == X509_TRUST_REJECTED)
446 ctx->error = X509_V_ERR_CERT_REJECTED;
447 else
448 ctx->error = X509_V_ERR_CERT_UNTRUSTED;
449 ok = cb(0, ctx);
450 return ok;
451#endif
452}
453
454static int check_revocation(X509_STORE_CTX *ctx)
455 {
456 int i, last, ok;
457 if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
458 return 1;
459 if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
460 last = sk_X509_num(ctx->chain) - 1;
461 else
462 last = 0;
463 for(i = 0; i <= last; i++)
464 {
465 ctx->error_depth = i;
466 ok = check_cert(ctx);
467 if (!ok) return ok;
468 }
469 return 1;
470 }
471
472static int check_cert(X509_STORE_CTX *ctx)
473 {
474 X509_CRL *crl = NULL;
475 X509 *x;
476 int ok, cnum;
477 cnum = ctx->error_depth;
478 x = sk_X509_value(ctx->chain, cnum);
479 ctx->current_cert = x;
480 /* Try to retrieve relevant CRL */
481 ok = ctx->get_crl(ctx, &crl, x);
482 /* If error looking up CRL, nothing we can do except
483 * notify callback
484 */
485 if(!ok)
486 {
487 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
488 ok = ctx->verify_cb(0, ctx);
489 goto err;
490 }
491 ctx->current_crl = crl;
492 ok = ctx->check_crl(ctx, crl);
493 if (!ok) goto err;
494 ok = ctx->cert_crl(ctx, crl, x);
495 err:
496 ctx->current_crl = NULL;
497 X509_CRL_free(crl);
498 return ok;
499
500 }
501
502/* Retrieve CRL corresponding to certificate: currently just a
503 * subject lookup: maybe use AKID later...
504 * Also might look up any included CRLs too (e.g PKCS#7 signedData).
505 */
506static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x)
507 {
508 int ok;
509 X509_OBJECT xobj;
510 ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj);
511 if (!ok) return 0;
512 *crl = xobj.data.crl;
513 return 1;
514 }
515
516/* Check CRL validity */
517static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
518 {
519 X509 *issuer = NULL;
520 EVP_PKEY *ikey = NULL;
521 int ok = 0, chnum, cnum, i;
522 time_t *ptime;
523 cnum = ctx->error_depth;
524 chnum = sk_X509_num(ctx->chain) - 1;
525 /* Find CRL issuer: if not last certificate then issuer
526 * is next certificate in chain.
527 */
528 if(cnum < chnum)
529 issuer = sk_X509_value(ctx->chain, cnum + 1);
530 else
531 {
532 issuer = sk_X509_value(ctx->chain, chnum);
533 /* If not self signed, can't check signature */
534 if(!ctx->check_issued(ctx, issuer, issuer))
535 {
536 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
537 ok = ctx->verify_cb(0, ctx);
538 if(!ok) goto err;
539 }
540 }
541
542 if(issuer)
543 {
544 /* Check for cRLSign bit if keyUsage present */
545 if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
546 !(issuer->ex_kusage & KU_CRL_SIGN))
547 {
548 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
549 ok = ctx->verify_cb(0, ctx);
550 if(!ok) goto err;
551 }
552
553 /* Attempt to get issuer certificate public key */
554 ikey = X509_get_pubkey(issuer);
555
556 if(!ikey)
557 {
558 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
559 ok = ctx->verify_cb(0, ctx);
560 if (!ok) goto err;
561 }
562 else
563 {
564 /* Verify CRL signature */
565 if(X509_CRL_verify(crl, ikey) <= 0)
566 {
567 ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
568 ok = ctx->verify_cb(0, ctx);
569 if (!ok) goto err;
570 }
571 }
572 }
573
574 /* OK, CRL signature valid check times */
575 if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
576 ptime = &ctx->check_time;
577 else
578 ptime = NULL;
579
580 i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
581 if (i == 0)
582 {
583 ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
584 ok = ctx->verify_cb(0, ctx);
585 if (!ok) goto err;
586 }
587
588 if (i > 0)
589 {
590 ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
591 ok = ctx->verify_cb(0, ctx);
592 if (!ok) goto err;
593 }
594
595 if(X509_CRL_get_nextUpdate(crl))
596 {
597 i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
598
599 if (i == 0)
600 {
601 ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
602 ok = ctx->verify_cb(0, ctx);
603 if (!ok) goto err;
604 }
605
606 if (i < 0)
607 {
608 ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
609 ok = ctx->verify_cb(0, ctx);
610 if (!ok) goto err;
611 }
612 }
613
614 ok = 1;
615
616 err:
617 EVP_PKEY_free(ikey);
618 return ok;
619 }
620
621/* Check certificate against CRL */
622static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
623 {
624 int idx, ok;
625 X509_REVOKED rtmp;
626 STACK_OF(X509_EXTENSION) *exts;
627 X509_EXTENSION *ext;
628 /* Look for serial number of certificate in CRL */
629 rtmp.serialNumber = X509_get_serialNumber(x);
630 idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
631 /* If found assume revoked: want something cleverer than
632 * this to handle entry extensions in V2 CRLs.
633 */
634 if(idx >= 0)
635 {
636 ctx->error = X509_V_ERR_CERT_REVOKED;
637 ok = ctx->verify_cb(0, ctx);
638 if (!ok) return 0;
639 }
640
641 if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
642 return 1;
643
644 /* See if we have any critical CRL extensions: since we
645 * currently don't handle any CRL extensions the CRL must be
646 * rejected.
647 * This code accesses the X509_CRL structure directly: applications
648 * shouldn't do this.
649 */
650
651 exts = crl->crl->extensions;
652
653 for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
654 {
655 ext = sk_X509_EXTENSION_value(exts, idx);
656 if (ext->critical > 0)
657 {
658 ctx->error =
659 X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
660 ok = ctx->verify_cb(0, ctx);
661 if(!ok) return 0;
662 break;
663 }
664 }
665 return 1;
666 }
667
668static int internal_verify(X509_STORE_CTX *ctx)
669 {
670 int i,ok=0,n;
671 X509 *xs,*xi;
672 EVP_PKEY *pkey=NULL;
673 time_t *ptime;
674 int (*cb)();
675
676 cb=ctx->verify_cb;
677
678 n=sk_X509_num(ctx->chain);
679 ctx->error_depth=n-1;
680 n--;
681 xi=sk_X509_value(ctx->chain,n);
682 if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
683 ptime = &ctx->check_time;
684 else
685 ptime = NULL;
686 if (ctx->check_issued(ctx, xi, xi))
687 xs=xi;
688 else
689 {
690 if (n <= 0)
691 {
692 ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
693 ctx->current_cert=xi;
694 ok=cb(0,ctx);
695 goto end;
696 }
697 else
698 {
699 n--;
700 ctx->error_depth=n;
701 xs=sk_X509_value(ctx->chain,n);
702 }
703 }
704
705/* ctx->error=0; not needed */
706 while (n >= 0)
707 {
708 ctx->error_depth=n;
709 if (!xs->valid)
710 {
711 if ((pkey=X509_get_pubkey(xi)) == NULL)
712 {
713 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
714 ctx->current_cert=xi;
715 ok=(*cb)(0,ctx);
716 if (!ok) goto end;
717 }
718 else if (X509_verify(xs,pkey) <= 0)
719 /* XXX For the final trusted self-signed cert,
720 * this is a waste of time. That check should
721 * optional so that e.g. 'openssl x509' can be
722 * used to detect invalid self-signatures, but
723 * we don't verify again and again in SSL
724 * handshakes and the like once the cert has
725 * been declared trusted. */
726 {
727 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
728 ctx->current_cert=xs;
729 ok=(*cb)(0,ctx);
730 if (!ok)
731 {
732 EVP_PKEY_free(pkey);
733 goto end;
734 }
735 }
736 EVP_PKEY_free(pkey);
737 pkey=NULL;
738
739 i=X509_cmp_time(X509_get_notBefore(xs), ptime);
740 if (i == 0)
741 {
742 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
743 ctx->current_cert=xs;
744 ok=(*cb)(0,ctx);
745 if (!ok) goto end;
746 }
747 if (i > 0)
748 {
749 ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
750 ctx->current_cert=xs;
751 ok=(*cb)(0,ctx);
752 if (!ok) goto end;
753 }
754 xs->valid=1;
755 }
756
757 i=X509_cmp_time(X509_get_notAfter(xs), ptime);
758 if (i == 0)
759 {
760 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
761 ctx->current_cert=xs;
762 ok=(*cb)(0,ctx);
763 if (!ok) goto end;
764 }
765
766 if (i < 0)
767 {
768 ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
769 ctx->current_cert=xs;
770 ok=(*cb)(0,ctx);
771 if (!ok) goto end;
772 }
773
774 /* The last error (if any) is still in the error value */
775 ctx->current_cert=xs;
776 ok=(*cb)(1,ctx);
777 if (!ok) goto end;
778
779 n--;
780 if (n >= 0)
781 {
782 xi=xs;
783 xs=sk_X509_value(ctx->chain,n);
784 }
785 }
786 ok=1;
787end:
788 return ok;
789 }
790
791int X509_cmp_current_time(ASN1_TIME *ctm)
792{
793 return X509_cmp_time(ctm, NULL);
794}
795
796int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
797 {
798 char *str;
799 ASN1_TIME atm;
800 long offset;
801 char buff1[24],buff2[24],*p;
802 int i,j;
803
804 p=buff1;
805 i=ctm->length;
806 str=(char *)ctm->data;
807 if (ctm->type == V_ASN1_UTCTIME)
808 {
809 if ((i < 11) || (i > 17)) return 0;
810 memcpy(p,str,10);
811 p+=10;
812 str+=10;
813 }
814 else
815 {
816 if (i < 13) return 0;
817 memcpy(p,str,12);
818 p+=12;
819 str+=12;
820 }
821
822 if ((*str == 'Z') || (*str == '-') || (*str == '+'))
823 { *(p++)='0'; *(p++)='0'; }
824 else
825 {
826 *(p++)= *(str++);
827 *(p++)= *(str++);
828 /* Skip any fractional seconds... */
829 if (*str == '.')
830 {
831 str++;
832 while ((*str >= '0') && (*str <= '9')) str++;
833 }
834
835 }
836 *(p++)='Z';
837 *(p++)='\0';
838
839 if (*str == 'Z')
840 offset=0;
841 else
842 {
843 if ((*str != '+') && (str[5] != '-'))
844 return 0;
845 offset=((str[1]-'0')*10+(str[2]-'0'))*60;
846 offset+=(str[3]-'0')*10+(str[4]-'0');
847 if (*str == '-')
848 offset= -offset;
849 }
850 atm.type=ctm->type;
851 atm.length=sizeof(buff2);
852 atm.data=(unsigned char *)buff2;
853
854 X509_time_adj(&atm,-offset*60, cmp_time);
855
856 if (ctm->type == V_ASN1_UTCTIME)
857 {
858 i=(buff1[0]-'0')*10+(buff1[1]-'0');
859 if (i < 50) i+=100; /* cf. RFC 2459 */
860 j=(buff2[0]-'0')*10+(buff2[1]-'0');
861 if (j < 50) j+=100;
862
863 if (i < j) return -1;
864 if (i > j) return 1;
865 }
866 i=strcmp(buff1,buff2);
867 if (i == 0) /* wait a second then return younger :-) */
868 return -1;
869 else
870 return i;
871 }
872
873ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
874{
875 return X509_time_adj(s, adj, NULL);
876}
877
878ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
879 {
880 time_t t;
881 int type = -1;
882
883 if (in_tm) t = *in_tm;
884 else time(&t);
885
886 t+=adj;
887 if (s) type = s->type;
888 if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
889 if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
890 return ASN1_TIME_set(s, t);
891 }
892
893int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
894 {
895 EVP_PKEY *ktmp=NULL,*ktmp2;
896 int i,j;
897
898 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
899
900 for (i=0; i<sk_X509_num(chain); i++)
901 {
902 ktmp=X509_get_pubkey(sk_X509_value(chain,i));
903 if (ktmp == NULL)
904 {
905 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
906 return 0;
907 }
908 if (!EVP_PKEY_missing_parameters(ktmp))
909 break;
910 else
911 {
912 EVP_PKEY_free(ktmp);
913 ktmp=NULL;
914 }
915 }
916 if (ktmp == NULL)
917 {
918 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
919 return 0;
920 }
921
922 /* first, populate the other certs */
923 for (j=i-1; j >= 0; j--)
924 {
925 ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
926 EVP_PKEY_copy_parameters(ktmp2,ktmp);
927 EVP_PKEY_free(ktmp2);
928 }
929
930 if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
931 EVP_PKEY_free(ktmp);
932 return 1;
933 }
934
935int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
936 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
937 {
938 /* This function is (usually) called only once, by
939 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
940 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
941 new_func, dup_func, free_func);
942 }
943
944int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
945 {
946 return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
947 }
948
949void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
950 {
951 return CRYPTO_get_ex_data(&ctx->ex_data,idx);
952 }
953
954int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
955 {
956 return ctx->error;
957 }
958
959void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
960 {
961 ctx->error=err;
962 }
963
964int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
965 {
966 return ctx->error_depth;
967 }
968
969X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
970 {
971 return ctx->current_cert;
972 }
973
974STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
975 {
976 return ctx->chain;
977 }
978
979STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
980 {
981 int i;
982 X509 *x;
983 STACK_OF(X509) *chain;
984 if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
985 for (i = 0; i < sk_X509_num(chain); i++)
986 {
987 x = sk_X509_value(chain, i);
988 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
989 }
990 return chain;
991 }
992
993void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
994 {
995 ctx->cert=x;
996 }
997
998void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
999 {
1000 ctx->untrusted=sk;
1001 }
1002
1003int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
1004 {
1005 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
1006 }
1007
1008int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
1009 {
1010 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
1011 }
1012
1013/* This function is used to set the X509_STORE_CTX purpose and trust
1014 * values. This is intended to be used when another structure has its
1015 * own trust and purpose values which (if set) will be inherited by
1016 * the ctx. If they aren't set then we will usually have a default
1017 * purpose in mind which should then be used to set the trust value.
1018 * An example of this is SSL use: an SSL structure will have its own
1019 * purpose and trust settings which the application can set: if they
1020 * aren't set then we use the default of SSL client/server.
1021 */
1022
1023int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
1024 int purpose, int trust)
1025{
1026 int idx;
1027 /* If purpose not set use default */
1028 if (!purpose) purpose = def_purpose;
1029 /* If we have a purpose then check it is valid */
1030 if (purpose)
1031 {
1032 X509_PURPOSE *ptmp;
1033 idx = X509_PURPOSE_get_by_id(purpose);
1034 if (idx == -1)
1035 {
1036 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
1037 X509_R_UNKNOWN_PURPOSE_ID);
1038 return 0;
1039 }
1040 ptmp = X509_PURPOSE_get0(idx);
1041 if (ptmp->trust == X509_TRUST_DEFAULT)
1042 {
1043 idx = X509_PURPOSE_get_by_id(def_purpose);
1044 if (idx == -1)
1045 {
1046 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
1047 X509_R_UNKNOWN_PURPOSE_ID);
1048 return 0;
1049 }
1050 ptmp = X509_PURPOSE_get0(idx);
1051 }
1052 /* If trust not set then get from purpose default */
1053 if (!trust) trust = ptmp->trust;
1054 }
1055 if (trust)
1056 {
1057 idx = X509_TRUST_get_by_id(trust);
1058 if (idx == -1)
1059 {
1060 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
1061 X509_R_UNKNOWN_TRUST_ID);
1062 return 0;
1063 }
1064 }
1065
1066 if (purpose && !ctx->purpose) ctx->purpose = purpose;
1067 if (trust && !ctx->trust) ctx->trust = trust;
1068 return 1;
1069}
1070
1071X509_STORE_CTX *X509_STORE_CTX_new(void)
1072{
1073 X509_STORE_CTX *ctx;
1074 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
1075 if (!ctx)
1076 {
1077 X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
1078 return NULL;
1079 }
1080 memset(ctx, 0, sizeof(X509_STORE_CTX));
1081 return ctx;
1082}
1083
1084void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
1085{
1086 X509_STORE_CTX_cleanup(ctx);
1087 OPENSSL_free(ctx);
1088}
1089
1090int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
1091 STACK_OF(X509) *chain)
1092 {
1093 ctx->ctx=store;
1094 ctx->current_method=0;
1095 ctx->cert=x509;
1096 ctx->untrusted=chain;
1097 ctx->last_untrusted=0;
1098 ctx->check_time=0;
1099 ctx->other_ctx=NULL;
1100 ctx->valid=0;
1101 ctx->chain=NULL;
1102 ctx->depth=9;
1103 ctx->error=0;
1104 ctx->error_depth=0;
1105 ctx->current_cert=NULL;
1106 ctx->current_issuer=NULL;
1107
1108 /* Inherit callbacks and flags from X509_STORE if not set
1109 * use defaults.
1110 */
1111
1112
1113 if (store)
1114 {
1115 ctx->purpose=store->purpose;
1116 ctx->trust=store->trust;
1117 ctx->flags = store->flags;
1118 ctx->cleanup = store->cleanup;
1119 }
1120 else
1121 {
1122 ctx->purpose = 0;
1123 ctx->trust = 0;
1124 ctx->flags = 0;
1125 ctx->cleanup = 0;
1126 }
1127
1128 if (store && store->check_issued)
1129 ctx->check_issued = store->check_issued;
1130 else
1131 ctx->check_issued = check_issued;
1132
1133 if (store && store->get_issuer)
1134 ctx->get_issuer = store->get_issuer;
1135 else
1136 ctx->get_issuer = X509_STORE_CTX_get1_issuer;
1137
1138 if (store && store->verify_cb)
1139 ctx->verify_cb = store->verify_cb;
1140 else
1141 ctx->verify_cb = null_callback;
1142
1143 if (store && store->verify)
1144 ctx->verify = store->verify;
1145 else
1146 ctx->verify = internal_verify;
1147
1148 if (store && store->check_revocation)
1149 ctx->check_revocation = store->check_revocation;
1150 else
1151 ctx->check_revocation = check_revocation;
1152
1153 if (store && store->get_crl)
1154 ctx->get_crl = store->get_crl;
1155 else
1156 ctx->get_crl = get_crl;
1157
1158 if (store && store->check_crl)
1159 ctx->check_crl = store->check_crl;
1160 else
1161 ctx->check_crl = check_crl;
1162
1163 if (store && store->cert_crl)
1164 ctx->cert_crl = store->cert_crl;
1165 else
1166 ctx->cert_crl = cert_crl;
1167
1168
1169 /* This memset() can't make any sense anyway, so it's removed. As
1170 * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
1171 * corresponding "new" here and remove this bogus initialisation. */
1172 /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
1173 if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
1174 &(ctx->ex_data)))
1175 {
1176 OPENSSL_free(ctx);
1177 X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
1178 return 0;
1179 }
1180 return 1;
1181 }
1182
1183/* Set alternative lookup method: just a STACK of trusted certificates.
1184 * This avoids X509_STORE nastiness where it isn't needed.
1185 */
1186
1187void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
1188{
1189 ctx->other_ctx = sk;
1190 ctx->get_issuer = get_issuer_sk;
1191}
1192
1193void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
1194 {
1195 if (ctx->cleanup) ctx->cleanup(ctx);
1196 if (ctx->chain != NULL)
1197 {
1198 sk_X509_pop_free(ctx->chain,X509_free);
1199 ctx->chain=NULL;
1200 }
1201 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
1202 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
1203 }
1204
1205void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
1206 {
1207 ctx->flags |= flags;
1208 }
1209
1210void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
1211 {
1212 ctx->check_time = t;
1213 ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
1214 }
1215
1216void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
1217 int (*verify_cb)(int, X509_STORE_CTX *))
1218 {
1219 ctx->verify_cb=verify_cb;
1220 }
1221
1222IMPLEMENT_STACK_OF(X509)
1223IMPLEMENT_ASN1_SET_OF(X509)
1224
1225IMPLEMENT_STACK_OF(X509_NAME)
1226
1227IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
1228IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
deleted file mode 100644
index 198495884c..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ /dev/null
@@ -1,416 +0,0 @@
1/* crypto/x509/x509_vfy.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_H
60#include <openssl/x509.h>
61/* openssl/x509.h ends up #include-ing this file at about the only
62 * appropriate moment. */
63#endif
64
65#ifndef HEADER_X509_VFY_H
66#define HEADER_X509_VFY_H
67
68#ifndef OPENSSL_NO_LHASH
69#include <openssl/lhash.h>
70#endif
71#include <openssl/bio.h>
72#include <openssl/crypto.h>
73#include <openssl/symhacks.h>
74
75#ifdef __cplusplus
76extern "C" {
77#endif
78
79/* Outer object */
80typedef struct x509_hash_dir_st
81 {
82 int num_dirs;
83 char **dirs;
84 int *dirs_type;
85 int num_dirs_alloced;
86 } X509_HASH_DIR_CTX;
87
88typedef struct x509_file_st
89 {
90 int num_paths; /* number of paths to files or directories */
91 int num_alloced;
92 char **paths; /* the list of paths or directories */
93 int *path_type;
94 } X509_CERT_FILE_CTX;
95
96/*******************************/
97/*
98SSL_CTX -> X509_STORE
99 -> X509_LOOKUP
100 ->X509_LOOKUP_METHOD
101 -> X509_LOOKUP
102 ->X509_LOOKUP_METHOD
103
104SSL -> X509_STORE_CTX
105 ->X509_STORE
106
107The X509_STORE holds the tables etc for verification stuff.
108A X509_STORE_CTX is used while validating a single certificate.
109The X509_STORE has X509_LOOKUPs for looking up certs.
110The X509_STORE then calls a function to actually verify the
111certificate chain.
112*/
113
114#define X509_LU_RETRY -1
115#define X509_LU_FAIL 0
116#define X509_LU_X509 1
117#define X509_LU_CRL 2
118#define X509_LU_PKEY 3
119
120typedef struct x509_object_st
121 {
122 /* one of the above types */
123 int type;
124 union {
125 char *ptr;
126 X509 *x509;
127 X509_CRL *crl;
128 EVP_PKEY *pkey;
129 } data;
130 } X509_OBJECT;
131
132typedef struct x509_lookup_st X509_LOOKUP;
133
134DECLARE_STACK_OF(X509_LOOKUP)
135DECLARE_STACK_OF(X509_OBJECT)
136
137/* This is a static that defines the function interface */
138typedef struct x509_lookup_method_st
139 {
140 const char *name;
141 int (*new_item)(X509_LOOKUP *ctx);
142 void (*free)(X509_LOOKUP *ctx);
143 int (*init)(X509_LOOKUP *ctx);
144 int (*shutdown)(X509_LOOKUP *ctx);
145 int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
146 char **ret);
147 int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
148 X509_OBJECT *ret);
149 int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
150 ASN1_INTEGER *serial,X509_OBJECT *ret);
151 int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
152 unsigned char *bytes,int len,
153 X509_OBJECT *ret);
154 int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
155 X509_OBJECT *ret);
156 } X509_LOOKUP_METHOD;
157
158/* This is used to hold everything. It is used for all certificate
159 * validation. Once we have a certificate chain, the 'verify'
160 * function is then called to actually check the cert chain. */
161struct x509_store_st
162 {
163 /* The following is a cache of trusted certs */
164 int cache; /* if true, stash any hits */
165 STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
166
167 /* These are external lookup methods */
168 STACK_OF(X509_LOOKUP) *get_cert_methods;
169
170 /* The following fields are not used by X509_STORE but are
171 * inherited by X509_STORE_CTX when it is initialised.
172 */
173
174 unsigned long flags; /* Various verify flags */
175 int purpose;
176 int trust;
177 /* Callbacks for various operations */
178 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
179 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
180 int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
181 int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
182 int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
183 int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
184 int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
185 int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
186 int (*cleanup)(X509_STORE_CTX *ctx);
187
188 CRYPTO_EX_DATA ex_data;
189 int references;
190 int depth; /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
191 } /* X509_STORE */;
192
193#define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d))
194
195#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
196#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
197
198/* This is the functions plus an instance of the local variables. */
199struct x509_lookup_st
200 {
201 int init; /* have we been started */
202 int skip; /* don't use us. */
203 X509_LOOKUP_METHOD *method; /* the functions */
204 char *method_data; /* method data */
205
206 X509_STORE *store_ctx; /* who owns us */
207 } /* X509_LOOKUP */;
208
209/* This is a used when verifying cert chains. Since the
210 * gathering of the cert chain can take some time (and have to be
211 * 'retried', this needs to be kept and passed around. */
212struct x509_store_ctx_st /* X509_STORE_CTX */
213 {
214 X509_STORE *ctx;
215 int current_method; /* used when looking up certs */
216
217 /* The following are set by the caller */
218 X509 *cert; /* The cert to check */
219 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
220 int purpose; /* purpose to check untrusted certificates */
221 int trust; /* trust setting to check */
222 time_t check_time; /* time to make verify at */
223 unsigned long flags; /* Various verify flags */
224 void *other_ctx; /* Other info for use with get_issuer() */
225
226 /* Callbacks for various operations */
227 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
228 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
229 int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
230 int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
231 int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
232 int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
233 int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
234 int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
235 int (*cleanup)(X509_STORE_CTX *ctx);
236
237 /* The following is built up */
238 int depth; /* how far to go looking up certs */
239 int valid; /* if 0, rebuild chain */
240 int last_untrusted; /* index of last untrusted cert */
241 STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
242
243 /* When something goes wrong, this is why */
244 int error_depth;
245 int error;
246 X509 *current_cert;
247 X509 *current_issuer; /* cert currently being tested as valid issuer */
248 X509_CRL *current_crl; /* current CRL */
249
250 CRYPTO_EX_DATA ex_data;
251 } /* X509_STORE_CTX */;
252
253#define X509_STORE_CTX_set_depth(ctx,d) ((ctx)->depth=(d))
254
255#define X509_STORE_CTX_set_app_data(ctx,data) \
256 X509_STORE_CTX_set_ex_data(ctx,0,data)
257#define X509_STORE_CTX_get_app_data(ctx) \
258 X509_STORE_CTX_get_ex_data(ctx,0)
259
260#define X509_L_FILE_LOAD 1
261#define X509_L_ADD_DIR 2
262
263#define X509_LOOKUP_load_file(x,name,type) \
264 X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
265
266#define X509_LOOKUP_add_dir(x,name,type) \
267 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
268
269#define X509_V_OK 0
270/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
271
272#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
273#define X509_V_ERR_UNABLE_TO_GET_CRL 3
274#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
275#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
276#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
277#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
278#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
279#define X509_V_ERR_CERT_NOT_YET_VALID 9
280#define X509_V_ERR_CERT_HAS_EXPIRED 10
281#define X509_V_ERR_CRL_NOT_YET_VALID 11
282#define X509_V_ERR_CRL_HAS_EXPIRED 12
283#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
284#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
285#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
286#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
287#define X509_V_ERR_OUT_OF_MEM 17
288#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
289#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
290#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
291#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
292#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
293#define X509_V_ERR_CERT_REVOKED 23
294#define X509_V_ERR_INVALID_CA 24
295#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
296#define X509_V_ERR_INVALID_PURPOSE 26
297#define X509_V_ERR_CERT_UNTRUSTED 27
298#define X509_V_ERR_CERT_REJECTED 28
299/* These are 'informational' when looking for issuer cert */
300#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
301#define X509_V_ERR_AKID_SKID_MISMATCH 30
302#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
303#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
304
305#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
306#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
307#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
308#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
309
310/* The application is not happy */
311#define X509_V_ERR_APPLICATION_VERIFICATION 50
312
313/* Certificate verify flags */
314
315/* Send issuer+subject checks to verify_cb */
316#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
317/* Use check time instead of current time */
318#define X509_V_FLAG_USE_CHECK_TIME 0x2
319/* Lookup CRLs */
320#define X509_V_FLAG_CRL_CHECK 0x4
321/* Lookup CRLs for whole chain */
322#define X509_V_FLAG_CRL_CHECK_ALL 0x8
323/* Ignore unhandled critical extensions */
324#define X509_V_FLAG_IGNORE_CRITICAL 0x10
325/* Disable workarounds for broken certificates */
326#define X509_V_FLAG_X509_STRICT 0x20
327
328int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
329 X509_NAME *name);
330X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
331X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
332void X509_OBJECT_up_ref_count(X509_OBJECT *a);
333void X509_OBJECT_free_contents(X509_OBJECT *a);
334X509_STORE *X509_STORE_new(void );
335void X509_STORE_free(X509_STORE *v);
336
337void X509_STORE_set_flags(X509_STORE *ctx, long flags);
338int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
339int X509_STORE_set_trust(X509_STORE *ctx, int trust);
340
341X509_STORE_CTX *X509_STORE_CTX_new(void);
342
343int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
344
345void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
346int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
347 X509 *x509, STACK_OF(X509) *chain);
348void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
349void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
350
351X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
352
353X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
354X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
355
356int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
357int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
358
359int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
360 X509_OBJECT *ret);
361
362int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
363 long argl, char **ret);
364
365#ifndef OPENSSL_NO_STDIO
366int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
367int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
368int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
369#endif
370
371
372X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
373void X509_LOOKUP_free(X509_LOOKUP *ctx);
374int X509_LOOKUP_init(X509_LOOKUP *ctx);
375int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
376 X509_OBJECT *ret);
377int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
378 ASN1_INTEGER *serial, X509_OBJECT *ret);
379int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
380 unsigned char *bytes, int len, X509_OBJECT *ret);
381int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
382 int len, X509_OBJECT *ret);
383int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
384
385#ifndef OPENSSL_NO_STDIO
386int X509_STORE_load_locations (X509_STORE *ctx,
387 const char *file, const char *dir);
388int X509_STORE_set_default_paths(X509_STORE *ctx);
389#endif
390
391int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
392 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
393int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
394void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
395int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
396void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
397int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
398X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
399STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
400STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
401void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
402void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
403int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
404int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
405int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
406 int purpose, int trust);
407void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
408void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
409void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
410 int (*verify_cb)(int, X509_STORE_CTX *));
411
412#ifdef __cplusplus
413}
414#endif
415#endif
416
diff --git a/src/lib/libcrypto/x509/x509cset.c b/src/lib/libcrypto/x509/x509cset.c
deleted file mode 100644
index 6cac440ea9..0000000000
--- a/src/lib/libcrypto/x509/x509cset.c
+++ /dev/null
@@ -1,169 +0,0 @@
1/* crypto/x509/x509cset.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_CRL_set_version(X509_CRL *x, long version)
67 {
68 if (x == NULL) return(0);
69 if (x->crl->version == NULL)
70 {
71 if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
72 return(0);
73 }
74 return(ASN1_INTEGER_set(x->crl->version,version));
75 }
76
77int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
78 {
79 if ((x == NULL) || (x->crl == NULL)) return(0);
80 return(X509_NAME_set(&x->crl->issuer,name));
81 }
82
83
84int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
85 {
86 ASN1_TIME *in;
87
88 if (x == NULL) return(0);
89 in=x->crl->lastUpdate;
90 if (in != tm)
91 {
92 in=M_ASN1_TIME_dup(tm);
93 if (in != NULL)
94 {
95 M_ASN1_TIME_free(x->crl->lastUpdate);
96 x->crl->lastUpdate=in;
97 }
98 }
99 return(in != NULL);
100 }
101
102int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
103 {
104 ASN1_TIME *in;
105
106 if (x == NULL) return(0);
107 in=x->crl->nextUpdate;
108 if (in != tm)
109 {
110 in=M_ASN1_TIME_dup(tm);
111 if (in != NULL)
112 {
113 M_ASN1_TIME_free(x->crl->nextUpdate);
114 x->crl->nextUpdate=in;
115 }
116 }
117 return(in != NULL);
118 }
119
120int X509_CRL_sort(X509_CRL *c)
121 {
122 int i;
123 X509_REVOKED *r;
124 /* sort the data so it will be written in serial
125 * number order */
126 sk_X509_REVOKED_sort(c->crl->revoked);
127 for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
128 {
129 r=sk_X509_REVOKED_value(c->crl->revoked,i);
130 r->sequence=i;
131 }
132 return 1;
133 }
134
135int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
136 {
137 ASN1_TIME *in;
138
139 if (x == NULL) return(0);
140 in=x->revocationDate;
141 if (in != tm)
142 {
143 in=M_ASN1_TIME_dup(tm);
144 if (in != NULL)
145 {
146 M_ASN1_TIME_free(x->revocationDate);
147 x->revocationDate=in;
148 }
149 }
150 return(in != NULL);
151 }
152
153int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
154 {
155 ASN1_INTEGER *in;
156
157 if (x == NULL) return(0);
158 in=x->serialNumber;
159 if (in != serial)
160 {
161 in=M_ASN1_INTEGER_dup(serial);
162 if (in != NULL)
163 {
164 M_ASN1_INTEGER_free(x->serialNumber);
165 x->serialNumber=in;
166 }
167 }
168 return(in != NULL);
169 }
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
deleted file mode 100644
index 4c20e03ece..0000000000
--- a/src/lib/libcrypto/x509/x509name.c
+++ /dev/null
@@ -1,383 +0,0 @@
1/* crypto/x509/x509name.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
68 {
69 ASN1_OBJECT *obj;
70
71 obj=OBJ_nid2obj(nid);
72 if (obj == NULL) return(-1);
73 return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
74 }
75
76int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
77 int len)
78 {
79 int i;
80 ASN1_STRING *data;
81
82 i=X509_NAME_get_index_by_OBJ(name,obj,-1);
83 if (i < 0) return(-1);
84 data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
85 i=(data->length > (len-1))?(len-1):data->length;
86 if (buf == NULL) return(data->length);
87 memcpy(buf,data->data,i);
88 buf[i]='\0';
89 return(i);
90 }
91
92int X509_NAME_entry_count(X509_NAME *name)
93 {
94 if (name == NULL) return(0);
95 return(sk_X509_NAME_ENTRY_num(name->entries));
96 }
97
98int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
99 {
100 ASN1_OBJECT *obj;
101
102 obj=OBJ_nid2obj(nid);
103 if (obj == NULL) return(-2);
104 return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
105 }
106
107/* NOTE: you should be passsing -1, not 0 as lastpos */
108int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
109 int lastpos)
110 {
111 int n;
112 X509_NAME_ENTRY *ne;
113 STACK_OF(X509_NAME_ENTRY) *sk;
114
115 if (name == NULL) return(-1);
116 if (lastpos < 0)
117 lastpos= -1;
118 sk=name->entries;
119 n=sk_X509_NAME_ENTRY_num(sk);
120 for (lastpos++; lastpos < n; lastpos++)
121 {
122 ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
123 if (OBJ_cmp(ne->object,obj) == 0)
124 return(lastpos);
125 }
126 return(-1);
127 }
128
129X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
130 {
131 if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
132 || loc < 0)
133 return(NULL);
134 else
135 return(sk_X509_NAME_ENTRY_value(name->entries,loc));
136 }
137
138X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
139 {
140 X509_NAME_ENTRY *ret;
141 int i,n,set_prev,set_next;
142 STACK_OF(X509_NAME_ENTRY) *sk;
143
144 if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
145 || loc < 0)
146 return(NULL);
147 sk=name->entries;
148 ret=sk_X509_NAME_ENTRY_delete(sk,loc);
149 n=sk_X509_NAME_ENTRY_num(sk);
150 name->modified=1;
151 if (loc == n) return(ret);
152
153 /* else we need to fixup the set field */
154 if (loc != 0)
155 set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
156 else
157 set_prev=ret->set-1;
158 set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
159
160 /* set_prev is the previous set
161 * set is the current set
162 * set_next is the following
163 * prev 1 1 1 1 1 1 1 1
164 * set 1 1 2 2
165 * next 1 1 2 2 2 2 3 2
166 * so basically only if prev and next differ by 2, then
167 * re-number down by 1 */
168 if (set_prev+1 < set_next)
169 for (i=loc; i<n; i++)
170 sk_X509_NAME_ENTRY_value(sk,i)->set--;
171 return(ret);
172 }
173
174int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
175 unsigned char *bytes, int len, int loc, int set)
176{
177 X509_NAME_ENTRY *ne;
178 int ret;
179 ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
180 if(!ne) return 0;
181 ret = X509_NAME_add_entry(name, ne, loc, set);
182 X509_NAME_ENTRY_free(ne);
183 return ret;
184}
185
186int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
187 unsigned char *bytes, int len, int loc, int set)
188{
189 X509_NAME_ENTRY *ne;
190 int ret;
191 ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
192 if(!ne) return 0;
193 ret = X509_NAME_add_entry(name, ne, loc, set);
194 X509_NAME_ENTRY_free(ne);
195 return ret;
196}
197
198int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
199 unsigned char *bytes, int len, int loc, int set)
200{
201 X509_NAME_ENTRY *ne;
202 int ret;
203 ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
204 if(!ne) return 0;
205 ret = X509_NAME_add_entry(name, ne, loc, set);
206 X509_NAME_ENTRY_free(ne);
207 return ret;
208}
209
210/* if set is -1, append to previous set, 0 'a new one', and 1,
211 * prepend to the guy we are about to stomp on. */
212int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
213 int set)
214 {
215 X509_NAME_ENTRY *new_name=NULL;
216 int n,i,inc;
217 STACK_OF(X509_NAME_ENTRY) *sk;
218
219 if (name == NULL) return(0);
220 sk=name->entries;
221 n=sk_X509_NAME_ENTRY_num(sk);
222 if (loc > n) loc=n;
223 else if (loc < 0) loc=n;
224
225 name->modified=1;
226
227 if (set == -1)
228 {
229 if (loc == 0)
230 {
231 set=0;
232 inc=1;
233 }
234 else
235 {
236 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
237 inc=0;
238 }
239 }
240 else /* if (set >= 0) */
241 {
242 if (loc >= n)
243 {
244 if (loc != 0)
245 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
246 else
247 set=0;
248 }
249 else
250 set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
251 inc=(set == 0)?1:0;
252 }
253
254 if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
255 goto err;
256 new_name->set=set;
257 if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
258 {
259 X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
260 goto err;
261 }
262 if (inc)
263 {
264 n=sk_X509_NAME_ENTRY_num(sk);
265 for (i=loc+1; i<n; i++)
266 sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
267 }
268 return(1);
269err:
270 if (new_name != NULL)
271 X509_NAME_ENTRY_free(new_name);
272 return(0);
273 }
274
275X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
276 char *field, int type, unsigned char *bytes, int len)
277 {
278 ASN1_OBJECT *obj;
279 X509_NAME_ENTRY *nentry;
280
281 obj=OBJ_txt2obj(field, 0);
282 if (obj == NULL)
283 {
284 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
285 X509_R_INVALID_FIELD_NAME);
286 ERR_add_error_data(2, "name=", field);
287 return(NULL);
288 }
289 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
290 ASN1_OBJECT_free(obj);
291 return nentry;
292 }
293
294X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
295 int type, unsigned char *bytes, int len)
296 {
297 ASN1_OBJECT *obj;
298 X509_NAME_ENTRY *nentry;
299
300 obj=OBJ_nid2obj(nid);
301 if (obj == NULL)
302 {
303 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
304 return(NULL);
305 }
306 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
307 ASN1_OBJECT_free(obj);
308 return nentry;
309 }
310
311X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
312 ASN1_OBJECT *obj, int type, unsigned char *bytes, int len)
313 {
314 X509_NAME_ENTRY *ret;
315
316 if ((ne == NULL) || (*ne == NULL))
317 {
318 if ((ret=X509_NAME_ENTRY_new()) == NULL)
319 return(NULL);
320 }
321 else
322 ret= *ne;
323
324 if (!X509_NAME_ENTRY_set_object(ret,obj))
325 goto err;
326 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
327 goto err;
328
329 if ((ne != NULL) && (*ne == NULL)) *ne=ret;
330 return(ret);
331err:
332 if ((ne == NULL) || (ret != *ne))
333 X509_NAME_ENTRY_free(ret);
334 return(NULL);
335 }
336
337int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
338 {
339 if ((ne == NULL) || (obj == NULL))
340 {
341 X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
342 return(0);
343 }
344 ASN1_OBJECT_free(ne->object);
345 ne->object=OBJ_dup(obj);
346 return((ne->object == NULL)?0:1);
347 }
348
349int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
350 unsigned char *bytes, int len)
351 {
352 int i;
353
354 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
355 if((type > 0) && (type & MBSTRING_FLAG))
356 return ASN1_STRING_set_by_NID(&ne->value, bytes,
357 len, type,
358 OBJ_obj2nid(ne->object)) ? 1 : 0;
359 if (len < 0) len=strlen((char *)bytes);
360 i=ASN1_STRING_set(ne->value,bytes,len);
361 if (!i) return(0);
362 if (type != V_ASN1_UNDEF)
363 {
364 if (type == V_ASN1_APP_CHOOSE)
365 ne->value->type=ASN1_PRINTABLE_type(bytes,len);
366 else
367 ne->value->type=type;
368 }
369 return(1);
370 }
371
372ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
373 {
374 if (ne == NULL) return(NULL);
375 return(ne->object);
376 }
377
378ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
379 {
380 if (ne == NULL) return(NULL);
381 return(ne->value);
382 }
383
diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c
deleted file mode 100644
index d9f6b57372..0000000000
--- a/src/lib/libcrypto/x509/x509rset.c
+++ /dev/null
@@ -1,83 +0,0 @@
1/* crypto/x509/x509rset.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_REQ_set_version(X509_REQ *x, long version)
67 {
68 if (x == NULL) return(0);
69 return(ASN1_INTEGER_set(x->req_info->version,version));
70 }
71
72int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
73 {
74 if ((x == NULL) || (x->req_info == NULL)) return(0);
75 return(X509_NAME_set(&x->req_info->subject,name));
76 }
77
78int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
79 {
80 if ((x == NULL) || (x->req_info == NULL)) return(0);
81 return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
82 }
83
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
deleted file mode 100644
index 4c3af946ec..0000000000
--- a/src/lib/libcrypto/x509/x509spki.c
+++ /dev/null
@@ -1,120 +0,0 @@
1/* x509spki.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509.h>
62
63int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
64{
65 if ((x == NULL) || (x->spkac == NULL)) return(0);
66 return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
67}
68
69EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
70{
71 if ((x == NULL) || (x->spkac == NULL))
72 return(NULL);
73 return(X509_PUBKEY_get(x->spkac->pubkey));
74}
75
76/* Load a Netscape SPKI from a base64 encoded string */
77
78NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
79{
80 unsigned char *spki_der, *p;
81 int spki_len;
82 NETSCAPE_SPKI *spki;
83 if(len <= 0) len = strlen(str);
84 if (!(spki_der = OPENSSL_malloc(len + 1))) {
85 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
86 return NULL;
87 }
88 spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
89 if(spki_len < 0) {
90 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
91 X509_R_BASE64_DECODE_ERROR);
92 OPENSSL_free(spki_der);
93 return NULL;
94 }
95 p = spki_der;
96 spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
97 OPENSSL_free(spki_der);
98 return spki;
99}
100
101/* Generate a base64 encoded string from an SPKI */
102
103char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
104{
105 unsigned char *der_spki, *p;
106 char *b64_str;
107 int der_len;
108 der_len = i2d_NETSCAPE_SPKI(spki, NULL);
109 der_spki = OPENSSL_malloc(der_len);
110 b64_str = OPENSSL_malloc(der_len * 2);
111 if(!der_spki || !b64_str) {
112 X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
113 return NULL;
114 }
115 p = der_spki;
116 i2d_NETSCAPE_SPKI(spki, &p);
117 EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
118 OPENSSL_free(der_spki);
119 return b64_str;
120}
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
deleted file mode 100644
index c25959a742..0000000000
--- a/src/lib/libcrypto/x509/x509type.c
+++ /dev/null
@@ -1,115 +0,0 @@
1/* crypto/x509/x509type.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/evp.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64
65int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
66 {
67 EVP_PKEY *pk;
68 int ret=0,i;
69
70 if (x == NULL) return(0);
71
72 if (pkey == NULL)
73 pk=X509_get_pubkey(x);
74 else
75 pk=pkey;
76
77 if (pk == NULL) return(0);
78
79 switch (pk->type)
80 {
81 case EVP_PKEY_RSA:
82 ret=EVP_PK_RSA|EVP_PKT_SIGN;
83/* if (!sign only extension) */
84 ret|=EVP_PKT_ENC;
85 break;
86 case EVP_PKEY_DSA:
87 ret=EVP_PK_DSA|EVP_PKT_SIGN;
88 break;
89 case EVP_PKEY_DH:
90 ret=EVP_PK_DH|EVP_PKT_EXCH;
91 break;
92 default:
93 break;
94 }
95
96 i=X509_get_signature_type(x);
97 switch (i)
98 {
99 case EVP_PKEY_RSA:
100 ret|=EVP_PKS_RSA;
101 break;
102 case EVP_PKEY_DSA:
103 ret|=EVP_PKS_DSA;
104 break;
105 default:
106 break;
107 }
108
109 if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
110 for, not bytes */
111 ret|=EVP_PKT_EXP;
112 if(pkey==NULL) EVP_PKEY_free(pk);
113 return(ret);
114 }
115
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
deleted file mode 100644
index fb5015cd4d..0000000000
--- a/src/lib/libcrypto/x509/x_all.c
+++ /dev/null
@@ -1,488 +0,0 @@
1/* crypto/x509/x_all.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#undef SSLEAY_MACROS
61#include <openssl/stack.h>
62#include "cryptlib.h"
63#include <openssl/buffer.h>
64#include <openssl/asn1.h>
65#include <openssl/evp.h>
66#include <openssl/x509.h>
67
68int X509_verify(X509 *a, EVP_PKEY *r)
69 {
70 return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
71 a->signature,a->cert_info,r));
72 }
73
74int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
75 {
76 return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
77 a->sig_alg,a->signature,a->req_info,r));
78 }
79
80int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
81 {
82 return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
83 a->sig_alg, a->signature,a->crl,r));
84 }
85
86int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
87 {
88 return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
89 a->sig_algor,a->signature,a->spkac,r));
90 }
91
92int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
93 {
94 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
95 x->sig_alg, x->signature, x->cert_info,pkey,md));
96 }
97
98int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
99 {
100 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
101 x->signature, x->req_info,pkey,md));
102 }
103
104int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
105 {
106 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
107 x->sig_alg, x->signature, x->crl,pkey,md));
108 }
109
110int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
111 {
112 return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
113 x->signature, x->spkac,pkey,md));
114 }
115
116#ifndef OPENSSL_NO_FP_API
117X509 *d2i_X509_fp(FILE *fp, X509 **x509)
118 {
119 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
120 }
121
122int i2d_X509_fp(FILE *fp, X509 *x509)
123 {
124 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
125 }
126#endif
127
128X509 *d2i_X509_bio(BIO *bp, X509 **x509)
129 {
130 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
131 }
132
133int i2d_X509_bio(BIO *bp, X509 *x509)
134 {
135 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
136 }
137
138#ifndef OPENSSL_NO_FP_API
139X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
140 {
141 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
142 }
143
144int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
145 {
146 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
147 }
148#endif
149
150X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
151 {
152 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
153 }
154
155int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
156 {
157 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
158 }
159
160#ifndef OPENSSL_NO_FP_API
161PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
162 {
163 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
164 }
165
166int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
167 {
168 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
169 }
170#endif
171
172PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
173 {
174 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
175 }
176
177int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
178 {
179 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
180 }
181
182#ifndef OPENSSL_NO_FP_API
183X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
184 {
185 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
186 }
187
188int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
189 {
190 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
191 }
192#endif
193
194X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
195 {
196 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
197 }
198
199int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
200 {
201 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
202 }
203
204#ifndef OPENSSL_NO_RSA
205
206#ifndef OPENSSL_NO_FP_API
207RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
208 {
209 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
210 }
211
212int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
213 {
214 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
215 }
216
217RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
218 {
219 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
220 }
221
222
223RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
224 {
225 return((RSA *)ASN1_d2i_fp((char *(*)())
226 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp),
227 (unsigned char **)(rsa)));
228 }
229
230int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
231 {
232 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
233 }
234
235int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
236 {
237 return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa));
238 }
239#endif
240
241RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
242 {
243 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
244 }
245
246int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
247 {
248 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
249 }
250
251RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
252 {
253 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
254 }
255
256
257RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
258 {
259 return((RSA *)ASN1_d2i_bio((char *(*)())
260 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp),
261 (unsigned char **)(rsa)));
262 }
263
264int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
265 {
266 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
267 }
268
269int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
270 {
271 return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa));
272 }
273#endif
274
275#ifndef OPENSSL_NO_DSA
276#ifndef OPENSSL_NO_FP_API
277DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
278 {
279 return((DSA *)ASN1_d2i_fp((char *(*)())
280 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
281 (unsigned char **)(dsa)));
282 }
283
284int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
285 {
286 return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
287 }
288
289DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
290 {
291 return((DSA *)ASN1_d2i_fp((char *(*)())
292 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp),
293 (unsigned char **)(dsa)));
294 }
295
296int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
297 {
298 return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa));
299 }
300#endif
301
302DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
303 {
304 return((DSA *)ASN1_d2i_bio((char *(*)())
305 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
306 (unsigned char **)(dsa)));
307 }
308
309int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
310 {
311 return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
312 }
313
314DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
315 {
316 return((DSA *)ASN1_d2i_bio((char *(*)())
317 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp),
318 (unsigned char **)(dsa)));
319 }
320
321int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
322 {
323 return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa));
324 }
325
326#endif
327
328int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
329 unsigned int *len)
330 {
331 ASN1_BIT_STRING *key;
332 key = X509_get0_pubkey_bitstr(data);
333 if(!key) return 0;
334 return EVP_Digest(key->data, key->length, md, len, type, NULL);
335 }
336
337int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
338 unsigned int *len)
339 {
340 return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
341 }
342
343int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
344 unsigned int *len)
345 {
346 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
347 }
348
349int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
350 unsigned int *len)
351 {
352 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
353 }
354
355int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
356 unsigned int *len)
357 {
358 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
359 }
360
361int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
362 unsigned char *md, unsigned int *len)
363 {
364 return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
365 (char *)data,md,len));
366 }
367
368
369#ifndef OPENSSL_NO_FP_API
370X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
371 {
372 return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
373 (char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8)));
374 }
375
376int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
377 {
378 return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8));
379 }
380#endif
381
382X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
383 {
384 return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new,
385 (char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8)));
386 }
387
388int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
389 {
390 return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
391 }
392
393#ifndef OPENSSL_NO_FP_API
394PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
395 PKCS8_PRIV_KEY_INFO **p8inf)
396 {
397 return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp(
398 (char *(*)())PKCS8_PRIV_KEY_INFO_new,
399 (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp),
400 (unsigned char **)(p8inf)));
401 }
402
403int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
404 {
405 return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
406 }
407
408int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
409 {
410 PKCS8_PRIV_KEY_INFO *p8inf;
411 int ret;
412 p8inf = EVP_PKEY2PKCS8(key);
413 if(!p8inf) return 0;
414 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
415 PKCS8_PRIV_KEY_INFO_free(p8inf);
416 return ret;
417 }
418
419int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
420 {
421 return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey));
422 }
423
424EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
425{
426 return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
427 (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
428}
429
430int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
431 {
432 return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey));
433 }
434
435EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
436{
437 return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
438 (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a)));
439}
440
441#endif
442
443PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
444 PKCS8_PRIV_KEY_INFO **p8inf)
445 {
446 return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio(
447 (char *(*)())PKCS8_PRIV_KEY_INFO_new,
448 (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp),
449 (unsigned char **)(p8inf)));
450 }
451
452int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
453 {
454 return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
455 }
456
457int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
458 {
459 PKCS8_PRIV_KEY_INFO *p8inf;
460 int ret;
461 p8inf = EVP_PKEY2PKCS8(key);
462 if(!p8inf) return 0;
463 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
464 PKCS8_PRIV_KEY_INFO_free(p8inf);
465 return ret;
466 }
467
468int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
469 {
470 return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey));
471 }
472
473EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
474 {
475 return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
476 (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
477 }
478
479int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
480 {
481 return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey));
482 }
483
484EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
485 {
486 return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
487 (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a)));
488 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 19:07:33 +0000