summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
authorbeck <>2000-03-19 11:13:58 +0000
committerbeck <>2000-03-19 11:13:58 +0000
commit796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libcrypto/x509
parent5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
downloadopenbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Diffstat (limited to 'src/lib/libcrypto/x509')
-rw-r--r--src/lib/libcrypto/x509/Makefile.ssl123
-rw-r--r--src/lib/libcrypto/x509/by_dir.c19
-rw-r--r--src/lib/libcrypto/x509/by_file.c63
-rw-r--r--src/lib/libcrypto/x509/x509.h239
-rw-r--r--src/lib/libcrypto/x509/x509_att.c326
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c23
-rw-r--r--src/lib/libcrypto/x509/x509_d2.c8
-rw-r--r--src/lib/libcrypto/x509/x509_def.c2
-rw-r--r--src/lib/libcrypto/x509/x509_err.c17
-rw-r--r--src/lib/libcrypto/x509/x509_ext.c17
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c26
-rw-r--r--src/lib/libcrypto/x509/x509_r2x.c2
-rw-r--r--src/lib/libcrypto/x509/x509_req.c165
-rw-r--r--src/lib/libcrypto/x509/x509_set.c14
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c263
-rw-r--r--src/lib/libcrypto/x509/x509_txt.c11
-rw-r--r--src/lib/libcrypto/x509/x509_v3.c3
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c206
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h20
-rw-r--r--src/lib/libcrypto/x509/x509name.c66
-rw-r--r--src/lib/libcrypto/x509/x509spki.c121
-rw-r--r--src/lib/libcrypto/x509/x_all.c100
22 files changed, 1713 insertions, 121 deletions
diff --git a/src/lib/libcrypto/x509/Makefile.ssl b/src/lib/libcrypto/x509/Makefile.ssl
index c7ac35f6cc..48937b43af 100644
--- a/src/lib/libcrypto/x509/Makefile.ssl
+++ b/src/lib/libcrypto/x509/Makefile.ssl
@@ -23,17 +23,17 @@ APPS=
23 23
24LIB=$(TOP)/libcrypto.a 24LIB=$(TOP)/libcrypto.a
25LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \ 25LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
26 x509_obj.c x509_req.c x509_vfy.c \ 26 x509_obj.c x509_req.c x509spki.c x509_vfy.c \
27 x509_set.c x509rset.c x509_err.c \ 27 x509_set.c x509rset.c x509_err.c \
28 x509name.c x509_v3.c x509_ext.c \ 28 x509name.c x509_v3.c x509_ext.c x509_att.c \
29 x509type.c x509_lu.c x_all.c x509_txt.c \ 29 x509type.c x509_lu.c x_all.c x509_txt.c \
30 by_file.c by_dir.c 30 x509_trs.c by_file.c by_dir.c
31LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \ 31LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
32 x509_obj.o x509_req.o x509_vfy.o \ 32 x509_obj.o x509_req.o x509spki.o x509_vfy.o \
33 x509_set.o x509rset.o x509_err.o \ 33 x509_set.o x509rset.o x509_err.o \
34 x509name.o x509_v3.o x509_ext.o \ 34 x509name.o x509_v3.o x509_ext.o x509_att.o \
35 x509type.o x509_lu.o x_all.o x509_txt.o \ 35 x509type.o x509_lu.o x_all.o x509_txt.o \
36 by_file.o by_dir.o 36 x509_trs.o by_file.o by_dir.o
37 37
38SRC= $(LIBSRC) 38SRC= $(LIBSRC)
39 39
@@ -123,14 +123,33 @@ by_file.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
123by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h 123by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
124by_file.o: ../../include/openssl/stack.h ../../include/openssl/x509.h 124by_file.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
125by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h 125by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
126x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
127x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
128x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
129x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
130x509_att.o: ../../include/openssl/des.h ../../include/openssl/dh.h
131x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
132x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
133x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
134x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
135x509_att.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
136x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
137x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
138x509_att.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
139x509_att.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
140x509_att.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
141x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
142x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
143x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h
126x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 144x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
127x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 145x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
128x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 146x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
129x509_cmp.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 147x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
130x509_cmp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 148x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
131x509_cmp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 149x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
132x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h 150x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
133x509_cmp.o: ../../include/openssl/idea.h ../../include/openssl/md2.h 151x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
152x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
134x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h 153x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
135x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 154x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
136x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h 155x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
@@ -139,7 +158,7 @@ x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
139x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 158x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
140x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 159x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
141x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 160x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
142x509_cmp.o: ../cryptlib.h 161x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h
143x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 162x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
144x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 163x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
145x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 164x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -192,11 +211,12 @@ x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
192x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 211x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
193x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 212x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
194x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 213x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
195x509_ext.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 214x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
196x509_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 215x509_ext.o: ../../include/openssl/des.h ../../include/openssl/dh.h
197x509_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 216x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
198x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h 217x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
199x509_ext.o: ../../include/openssl/idea.h ../../include/openssl/md2.h 218x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
219x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
200x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h 220x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
201x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 221x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
202x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h 222x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
@@ -205,7 +225,7 @@ x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
205x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 225x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
206x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 226x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
207x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 227x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
208x509_ext.o: ../cryptlib.h 228x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h
209x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 229x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
210x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 230x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
211x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 231x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -293,6 +313,24 @@ x509_set.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
293x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 313x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
294x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 314x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
295x509_set.o: ../cryptlib.h 315x509_set.o: ../cryptlib.h
316x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
317x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
318x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
319x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
320x509_trs.o: ../../include/openssl/des.h ../../include/openssl/dh.h
321x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
322x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
323x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
324x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
325x509_trs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
326x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
327x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
328x509_trs.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
329x509_trs.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
330x509_trs.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
331x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
332x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
333x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h
296x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 334x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
297x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 335x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
298x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 336x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -314,11 +352,12 @@ x509_txt.o: ../cryptlib.h
314x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 352x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
315x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 353x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
316x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 354x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
317x509_v3.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 355x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
318x509_v3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 356x509_v3.o: ../../include/openssl/des.h ../../include/openssl/dh.h
319x509_v3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 357x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
320x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h 358x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
321x509_v3.o: ../../include/openssl/idea.h ../../include/openssl/md2.h 359x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
360x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
322x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h 361x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
323x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 362x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
324x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h 363x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
@@ -327,25 +366,25 @@ x509_v3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
327x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 366x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
328x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 367x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
329x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 368x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
330x509_v3.o: ../cryptlib.h 369x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h
331x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 370x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
332x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 371x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
333x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 372x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
334x509_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 373x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
335x509_vfy.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 374x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/dh.h
336x509_vfy.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 375x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
337x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h 376x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
338x509_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h 377x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
339x509_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md5.h 378x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
340x509_vfy.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h 379x509_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
341x509_vfy.o: ../../include/openssl/opensslconf.h 380x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
342x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h 381x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
343x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h 382x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
344x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h 383x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
345x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 384x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
346x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 385x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
347x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 386x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
348x509_vfy.o: ../cryptlib.h 387x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h
349x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 388x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
350x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 389x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
351x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 390x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -380,6 +419,24 @@ x509rset.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
380x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 419x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
381x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 420x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
382x509rset.o: ../cryptlib.h 421x509rset.o: ../cryptlib.h
422x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
423x509spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
424x509spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
425x509spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
426x509spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
427x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
428x509spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
429x509spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
430x509spki.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
431x509spki.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
432x509spki.o: ../../include/openssl/opensslconf.h
433x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
434x509spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
435x509spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
436x509spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
437x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
438x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
439x509spki.o: ../cryptlib.h
383x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 440x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
384x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 441x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
385x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 442x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 734e39ac77..14d12c56bd 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -59,10 +59,18 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include <errno.h> 61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64 62
65#include "cryptlib.h" 63#include "cryptlib.h"
64
65#ifndef NO_SYS_TYPES_H
66# include <sys/types.h>
67#endif
68#ifdef MAC_OS_pre_X
69# include <stat.h>
70#else
71# include <sys/stat.h>
72#endif
73
66#include <openssl/lhash.h> 74#include <openssl/lhash.h>
67#include <openssl/x509.h> 75#include <openssl/x509.h>
68 76
@@ -210,9 +218,9 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
210 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)* 218 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
211 sizeof(int)); 219 sizeof(int));
212 if (ctx->dirs != NULL) 220 if (ctx->dirs != NULL)
213 Free((char *)ctx->dirs); 221 Free(ctx->dirs);
214 if (ctx->dirs_type != NULL) 222 if (ctx->dirs_type != NULL)
215 Free((char *)ctx->dirs_type); 223 Free(ctx->dirs_type);
216 ctx->dirs=pp; 224 ctx->dirs=pp;
217 ctx->dirs_type=ip; 225 ctx->dirs_type=ip;
218 } 226 }
@@ -318,8 +326,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
318 /* we have added it to the cache so now pull 326 /* we have added it to the cache so now pull
319 * it out again */ 327 * it out again */
320 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); 328 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
321 tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs, 329 tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,&stmp);
322 (char *)&stmp);
323 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); 330 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
324 331
325 if (tmp != NULL) 332 if (tmp != NULL)
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
index 00ee5e8bbc..78e9240a8d 100644
--- a/src/lib/libcrypto/x509/by_file.c
+++ b/src/lib/libcrypto/x509/by_file.c
@@ -59,8 +59,6 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include <errno.h> 61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64 62
65#include "cryptlib.h" 63#include "cryptlib.h"
66#include <openssl/lhash.h> 64#include <openssl/lhash.h>
@@ -94,7 +92,7 @@ X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
94static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, 92static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
95 char **ret) 93 char **ret)
96 { 94 {
97 int ok=0,ok2=0; 95 int ok=0;
98 char *file; 96 char *file;
99 97
100 switch (cmd) 98 switch (cmd)
@@ -102,31 +100,30 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
102 case X509_L_FILE_LOAD: 100 case X509_L_FILE_LOAD:
103 if (argl == X509_FILETYPE_DEFAULT) 101 if (argl == X509_FILETYPE_DEFAULT)
104 { 102 {
105 ok=X509_load_cert_file(ctx,X509_get_default_cert_file(), 103 ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
106 X509_FILETYPE_PEM); 104 X509_FILETYPE_PEM) != 0);
107 ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(), 105 if (!ok)
108 X509_FILETYPE_PEM);
109 if (!ok || !ok2)
110 { 106 {
111 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); 107 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
112 } 108 }
113 else 109 else
114 { 110 {
115 file=(char *)Getenv(X509_get_default_cert_file_env()); 111 file=(char *)Getenv(X509_get_default_cert_file_env());
116 ok=X509_load_cert_file(ctx,file, 112 ok = (X509_load_cert_crl_file(ctx,file,
117 X509_FILETYPE_PEM); 113 X509_FILETYPE_PEM) != 0);
118 ok2=X509_load_crl_file(ctx,file,
119 X509_FILETYPE_PEM);
120 } 114 }
121 } 115 }
122 else 116 else
123 { 117 {
124 ok=X509_load_cert_file(ctx,argp,(int)argl); 118 if(argl == X509_FILETYPE_PEM)
125 ok2=X509_load_crl_file(ctx,argp,(int)argl); 119 ok = (X509_load_cert_crl_file(ctx,argp,
120 X509_FILETYPE_PEM) != 0);
121 else
122 ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
126 } 123 }
127 break; 124 break;
128 } 125 }
129 return((ok && ok2)?ok:0); 126 return(ok);
130 } 127 }
131 128
132int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) 129int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
@@ -149,7 +146,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
149 { 146 {
150 for (;;) 147 for (;;)
151 { 148 {
152 x=PEM_read_bio_X509(in,NULL,NULL,NULL); 149 x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
153 if (x == NULL) 150 if (x == NULL)
154 { 151 {
155 if ((ERR_GET_REASON(ERR_peek_error()) == 152 if ((ERR_GET_REASON(ERR_peek_error()) ==
@@ -263,5 +260,39 @@ err:
263 return(ret); 260 return(ret);
264 } 261 }
265 262
263int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
264{
265 STACK_OF(X509_INFO) *inf;
266 X509_INFO *itmp;
267 BIO *in;
268 int i, count = 0;
269 if(type != X509_FILETYPE_PEM)
270 return X509_load_cert_file(ctx, file, type);
271 in = BIO_new_file(file, "r");
272 if(!in) {
273 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
274 return 0;
275 }
276 inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
277 BIO_free(in);
278 if(!inf) {
279 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
280 return 0;
281 }
282 for(i = 0; i < sk_X509_INFO_num(inf); i++) {
283 itmp = sk_X509_INFO_value(inf, i);
284 if(itmp->x509) {
285 X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
286 count++;
287 } else if(itmp->crl) {
288 X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
289 count++;
290 }
291 }
292 sk_X509_INFO_pop_free(inf, X509_INFO_free);
293 return count;
294}
295
296
266#endif /* NO_STDIO */ 297#endif /* NO_STDIO */
267 298
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 35f9484f8b..d3336d9ceb 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -176,9 +176,8 @@ typedef struct X509_extension_st
176 short critical; 176 short critical;
177 short netscape_hack; 177 short netscape_hack;
178 ASN1_OCTET_STRING *value; 178 ASN1_OCTET_STRING *value;
179 long argl; /* used when decoding */ 179 struct v3_ext_method *method; /* V3 method to use */
180 char *argp; /* used when decoding */ 180 void *ext_val; /* extension value */
181 void (*ex_free)(); /* clear argp stuff */
182 } X509_EXTENSION; 181 } X509_EXTENSION;
183 182
184DECLARE_STACK_OF(X509_EXTENSION) 183DECLARE_STACK_OF(X509_EXTENSION)
@@ -231,6 +230,21 @@ typedef struct x509_cinf_st
231 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ 230 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
232 } X509_CINF; 231 } X509_CINF;
233 232
233/* This stuff is certificate "auxiliary info"
234 * it contains details which are useful in certificate
235 * stores and databases. When used this is tagged onto
236 * the end of the certificate itself
237 */
238
239typedef struct x509_cert_aux_st
240 {
241 STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
242 STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
243 ASN1_UTF8STRING *alias; /* "friendly name" */
244 ASN1_OCTET_STRING *keyid; /* key id of private key */
245 STACK_OF(X509_ALGOR) *other; /* other unspecified info */
246 } X509_CERT_AUX;
247
234typedef struct x509_st 248typedef struct x509_st
235 { 249 {
236 X509_CINF *cert_info; 250 X509_CINF *cert_info;
@@ -239,11 +253,58 @@ typedef struct x509_st
239 int valid; 253 int valid;
240 int references; 254 int references;
241 char *name; 255 char *name;
256 CRYPTO_EX_DATA ex_data;
257 /* These contain copies of various extension values */
258 long ex_pathlen;
259 unsigned long ex_flags;
260 unsigned long ex_kusage;
261 unsigned long ex_xkusage;
262 unsigned long ex_nscert;
263#ifndef NO_SHA
264 unsigned char sha1_hash[SHA_DIGEST_LENGTH];
265#endif
266 X509_CERT_AUX *aux;
242 } X509; 267 } X509;
243 268
244DECLARE_STACK_OF(X509) 269DECLARE_STACK_OF(X509)
245DECLARE_ASN1_SET_OF(X509) 270DECLARE_ASN1_SET_OF(X509)
246 271
272/* This is used for a table of trust checking functions */
273
274typedef struct x509_trust_st {
275 int trust;
276 int flags;
277 int (*check_trust)(struct x509_trust_st *, X509 *, int);
278 char *name;
279 int arg1;
280 void *arg2;
281} X509_TRUST;
282
283DECLARE_STACK_OF(X509_TRUST)
284
285/* standard trust ids */
286
287#define X509_TRUST_ANY 1
288#define X509_TRUST_SSL_CLIENT 2
289#define X509_TRUST_SSL_SERVER 3
290#define X509_TRUST_EMAIL 4
291#define X509_TRUST_OBJECT_SIGN 5
292
293/* Keep these up to date! */
294#define X509_TRUST_MIN 1
295#define X509_TRUST_MAX 5
296
297
298/* trust_flags values */
299#define X509_TRUST_DYNAMIC 1
300#define X509_TRUST_DYNAMIC_NAME 2
301
302/* check_trust return codes */
303
304#define X509_TRUST_TRUSTED 1
305#define X509_TRUST_REJECTED 2
306#define X509_TRUST_UNTRUSTED 3
307
247typedef struct X509_revoked_st 308typedef struct X509_revoked_st
248 { 309 {
249 ASN1_INTEGER *serialNumber; 310 ASN1_INTEGER *serialNumber;
@@ -318,7 +379,7 @@ DECLARE_STACK_OF(X509_INFO)
318 379
319/* The next 2 structures and their 8 routines were sent to me by 380/* The next 2 structures and their 8 routines were sent to me by
320 * Pat Richard <patr@x509.com> and are used to manipulate 381 * Pat Richard <patr@x509.com> and are used to manipulate
321 * Netscapes spki strucutres - usefull if you are writing a CA web page 382 * Netscapes spki structures - useful if you are writing a CA web page
322 */ 383 */
323typedef struct Netscape_spkac_st 384typedef struct Netscape_spkac_st
324 { 385 {
@@ -372,8 +433,10 @@ X509_ALGOR *prf;
372typedef struct pkcs8_priv_key_info_st 433typedef struct pkcs8_priv_key_info_st
373 { 434 {
374 int broken; /* Flag for various broken formats */ 435 int broken; /* Flag for various broken formats */
375#define PKCS8_OK 0 436#define PKCS8_OK 0
376#define PKCS8_NO_OCTET 1 437#define PKCS8_NO_OCTET 1
438#define PKCS8_EMBEDDED_PARAM 2
439#define PKCS8_NS_DB 3
377 ASN1_INTEGER *version; 440 ASN1_INTEGER *version;
378 X509_ALGOR *pkeyalg; 441 X509_ALGOR *pkeyalg;
379 ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ 442 ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
@@ -552,13 +615,20 @@ int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
552int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); 615int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
553int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); 616int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
554 617
618NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
619char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
620EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
621int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
622
623int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
624
555int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); 625int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
556int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); 626int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
557int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); 627int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
558int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); 628int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
559 629
560int X509_digest(X509 *data,EVP_MD *type,unsigned char *md,unsigned int *len); 630int X509_digest(X509 *data,const EVP_MD *type,unsigned char *md,unsigned int *len);
561int X509_NAME_digest(X509_NAME *data,EVP_MD *type, 631int X509_NAME_digest(X509_NAME *data,const EVP_MD *type,
562 unsigned char *md,unsigned int *len); 632 unsigned char *md,unsigned int *len);
563#endif 633#endif
564 634
@@ -574,16 +644,23 @@ RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
574int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); 644int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
575RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa); 645RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
576int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); 646int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
647RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
648int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
577#endif 649#endif
578#ifndef NO_DSA 650#ifndef NO_DSA
651DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
652int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
579DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); 653DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
580int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); 654int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
655#endif
581X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); 656X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
582int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); 657int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
583PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, 658PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
584 PKCS8_PRIV_KEY_INFO **p8inf); 659 PKCS8_PRIV_KEY_INFO **p8inf);
585int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf); 660int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
586#endif 661int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
662int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
663EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
587#endif 664#endif
588 665
589#ifdef HEADER_BIO_H 666#ifdef HEADER_BIO_H
@@ -598,8 +675,12 @@ RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
598int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); 675int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
599RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa); 676RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
600int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); 677int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
678RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
679int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
601#endif 680#endif
602#ifndef NO_DSA 681#ifndef NO_DSA
682DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
683int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
603DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); 684DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
604int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); 685int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
605#endif 686#endif
@@ -608,6 +689,9 @@ int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
608PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, 689PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
609 PKCS8_PRIV_KEY_INFO **p8inf); 690 PKCS8_PRIV_KEY_INFO **p8inf);
610int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf); 691int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
692int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
693int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
694EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
611#endif 695#endif
612 696
613X509 *X509_dup(X509 *x509); 697X509 *X509_dup(X509 *x509);
@@ -635,7 +719,7 @@ const char * X509_get_default_cert_dir_env(void );
635const char * X509_get_default_cert_file_env(void ); 719const char * X509_get_default_cert_file_env(void );
636const char * X509_get_default_private_dir(void ); 720const char * X509_get_default_private_dir(void );
637 721
638X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md); 722X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
639X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); 723X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
640void ERR_load_X509_strings(void ); 724void ERR_load_X509_strings(void );
641 725
@@ -660,7 +744,19 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
660EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); 744EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
661int X509_get_pubkey_parameters(EVP_PKEY *pkey, 745int X509_get_pubkey_parameters(EVP_PKEY *pkey,
662 STACK_OF(X509) *chain); 746 STACK_OF(X509) *chain);
663 747int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
748EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
749 long length);
750#ifndef NO_RSA
751int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
752RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
753 long length);
754#endif
755#ifndef NO_DSA
756int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
757DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
758 long length);
759#endif
664 760
665X509_SIG * X509_SIG_new(void ); 761X509_SIG * X509_SIG_new(void );
666void X509_SIG_free(X509_SIG *a); 762void X509_SIG_free(X509_SIG *a);
@@ -714,6 +810,25 @@ X509 * X509_new(void);
714void X509_free(X509 *a); 810void X509_free(X509 *a);
715int i2d_X509(X509 *a,unsigned char **pp); 811int i2d_X509(X509 *a,unsigned char **pp);
716X509 * d2i_X509(X509 **a,unsigned char **pp,long length); 812X509 * d2i_X509(X509 **a,unsigned char **pp,long length);
813int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
814 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
815int X509_set_ex_data(X509 *r, int idx, void *arg);
816void *X509_get_ex_data(X509 *r, int idx);
817int i2d_X509_AUX(X509 *a,unsigned char **pp);
818X509 * d2i_X509_AUX(X509 **a,unsigned char **pp,long length);
819
820X509_CERT_AUX * X509_CERT_AUX_new(void);
821void X509_CERT_AUX_free(X509_CERT_AUX *a);
822int i2d_X509_CERT_AUX(X509_CERT_AUX *a,unsigned char **pp);
823X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp,
824 long length);
825int X509_alias_set1(X509 *x, unsigned char *name, int len);
826unsigned char * X509_alias_get0(X509 *x, int *len);
827int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
828int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
829int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
830void X509_trust_clear(X509 *x);
831void X509_reject_clear(X509 *x);
717 832
718X509_REVOKED * X509_REVOKED_new(void); 833X509_REVOKED * X509_REVOKED_new(void);
719void X509_REVOKED_free(X509_REVOKED *a); 834void X509_REVOKED_free(X509_REVOKED *a);
@@ -762,7 +877,7 @@ char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
762int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1, 877int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
763 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); 878 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
764 879
765int ASN1_digest(int (*i2d)(),EVP_MD *type,char *data, 880int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data,
766 unsigned char *md,unsigned int *len); 881 unsigned char *md,unsigned int *len);
767 882
768int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, 883int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
@@ -787,6 +902,30 @@ int X509_REQ_set_version(X509_REQ *x,long version);
787int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); 902int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
788int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); 903int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
789EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); 904EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
905int X509_REQ_extension_nid(int nid);
906int * X509_REQ_get_extension_nids(void);
907void X509_REQ_set_extension_nids(int *nids);
908STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
909int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
910 int nid);
911int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
912int X509_REQ_get_attr_count(const X509_REQ *req);
913int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
914 int lastpos);
915int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
916 int lastpos);
917X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
918X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
919int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
920int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
921 ASN1_OBJECT *obj, int type,
922 unsigned char *bytes, int len);
923int X509_REQ_add1_attr_by_NID(X509_REQ *req,
924 int nid, int type,
925 unsigned char *bytes, int len);
926int X509_REQ_add1_attr_by_txt(X509_REQ *req,
927 char *attrname, int type,
928 unsigned char *bytes, int len);
790 929
791int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); 930int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
792 931
@@ -799,6 +938,7 @@ unsigned long X509_issuer_name_hash(X509 *a);
799int X509_subject_name_cmp(X509 *a,X509 *b); 938int X509_subject_name_cmp(X509 *a,X509 *b);
800unsigned long X509_subject_name_hash(X509 *x); 939unsigned long X509_subject_name_hash(X509 *x);
801 940
941int X509_cmp (X509 *a, X509 *b);
802int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); 942int X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
803unsigned long X509_NAME_hash(X509_NAME *x); 943unsigned long X509_NAME_hash(X509_NAME *x);
804 944
@@ -812,6 +952,7 @@ int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
812#ifdef HEADER_BIO_H 952#ifdef HEADER_BIO_H
813int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); 953int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
814int X509_print(BIO *bp,X509 *x); 954int X509_print(BIO *bp,X509 *x);
955int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
815int X509_CRL_print(BIO *bp,X509_CRL *x); 956int X509_CRL_print(BIO *bp,X509_CRL *x);
816int X509_REQ_print(BIO *bp,X509_REQ *req); 957int X509_REQ_print(BIO *bp,X509_REQ *req);
817#endif 958#endif
@@ -823,7 +964,7 @@ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
823 char *buf,int len); 964 char *buf,int len);
824 965
825/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use 966/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
826 * lastpos, seach after that position on. */ 967 * lastpos, search after that position on. */
827int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); 968int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
828int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, 969int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
829 int lastpos); 970 int lastpos);
@@ -831,8 +972,16 @@ X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
831X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); 972X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
832int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, 973int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
833 int loc, int set); 974 int loc, int set);
975int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
976 unsigned char *bytes, int len, int loc, int set);
977int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
978 unsigned char *bytes, int len, int loc, int set);
979X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
980 char *field, int type, unsigned char *bytes, int len);
834X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, 981X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
835 int type,unsigned char *bytes, int len); 982 int type,unsigned char *bytes, int len);
983int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
984 unsigned char *bytes, int len, int loc, int set);
836X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, 985X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
837 ASN1_OBJECT *obj, int type,unsigned char *bytes, 986 ASN1_OBJECT *obj, int type,unsigned char *bytes,
838 int len); 987 int len);
@@ -862,6 +1011,7 @@ int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
862X509_EXTENSION *X509_get_ext(X509 *x, int loc); 1011X509_EXTENSION *X509_get_ext(X509 *x, int loc);
863X509_EXTENSION *X509_delete_ext(X509 *x, int loc); 1012X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
864int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); 1013int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
1014void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
865 1015
866int X509_CRL_get_ext_count(X509_CRL *x); 1016int X509_CRL_get_ext_count(X509_CRL *x);
867int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); 1017int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
@@ -870,6 +1020,7 @@ int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
870X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); 1020X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
871X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); 1021X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
872int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); 1022int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
1023void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
873 1024
874int X509_REVOKED_get_ext_count(X509_REVOKED *x); 1025int X509_REVOKED_get_ext_count(X509_REVOKED *x);
875int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); 1026int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
@@ -878,6 +1029,7 @@ int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
878X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); 1029X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
879X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); 1030X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
880int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); 1031int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
1032void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
881 1033
882X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, 1034X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
883 int nid, int crit, ASN1_OCTET_STRING *data); 1035 int nid, int crit, ASN1_OCTET_STRING *data);
@@ -891,6 +1043,38 @@ ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
891ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); 1043ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
892int X509_EXTENSION_get_critical(X509_EXTENSION *ex); 1044int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
893 1045
1046int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
1047int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
1048 int lastpos);
1049int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
1050 int lastpos);
1051X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
1052X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
1053STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
1054 X509_ATTRIBUTE *attr);
1055STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
1056 ASN1_OBJECT *obj, int type,
1057 unsigned char *bytes, int len);
1058STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
1059 int nid, int type,
1060 unsigned char *bytes, int len);
1061STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
1062 char *attrname, int type,
1063 unsigned char *bytes, int len);
1064X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
1065 int atrtype, void *data, int len);
1066X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
1067 ASN1_OBJECT *obj, int atrtype, void *data, int len);
1068X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
1069 char *atrname, int type, unsigned char *bytes, int len);
1070int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj);
1071int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len);
1072void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
1073 int atrtype, void *data);
1074int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
1075ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
1076ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
1077
894int X509_verify_cert(X509_STORE_CTX *ctx); 1078int X509_verify_cert(X509_STORE_CTX *ctx);
895 1079
896/* lookup a cert from a X509 STACK */ 1080/* lookup a cert from a X509 STACK */
@@ -926,8 +1110,20 @@ void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a);
926 1110
927EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); 1111EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
928PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); 1112PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
1113PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
929PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); 1114PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
930 1115
1116int X509_check_trust(X509 *x, int id, int flags);
1117int X509_TRUST_get_count(void);
1118X509_TRUST * X509_TRUST_get0(int idx);
1119int X509_TRUST_get_by_id(int id);
1120int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
1121 char *name, int arg1, void *arg2);
1122void X509_TRUST_cleanup(void);
1123int X509_TRUST_get_flags(X509_TRUST *xp);
1124char *X509_TRUST_get0_name(X509_TRUST *xp);
1125int X509_TRUST_get_trust(X509_TRUST *xp);
1126
931/* BEGIN ERROR CODES */ 1127/* BEGIN ERROR CODES */
932/* The following lines are auto generated by the script mkerr.pl. Any changes 1128/* The following lines are auto generated by the script mkerr.pl. Any changes
933 * made after this point may be overwritten when the script is next run. 1129 * made after this point may be overwritten when the script is next run.
@@ -940,15 +1136,25 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
940#define X509_F_BY_FILE_CTRL 101 1136#define X509_F_BY_FILE_CTRL 101
941#define X509_F_DIR_CTRL 102 1137#define X509_F_DIR_CTRL 102
942#define X509_F_GET_CERT_BY_SUBJECT 103 1138#define X509_F_GET_CERT_BY_SUBJECT 103
1139#define X509_F_NETSCAPE_SPKI_B64_DECODE 129
1140#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130
943#define X509_F_X509V3_ADD_EXT 104 1141#define X509_F_X509V3_ADD_EXT 104
1142#define X509_F_X509_ADD_ATTR 135
1143#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136
1144#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137
1145#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140
1146#define X509_F_X509_ATTRIBUTE_GET0_DATA 139
1147#define X509_F_X509_ATTRIBUTE_SET1_DATA 138
944#define X509_F_X509_CHECK_PRIVATE_KEY 128 1148#define X509_F_X509_CHECK_PRIVATE_KEY 128
945#define X509_F_X509_EXTENSION_CREATE_BY_NID 108 1149#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
946#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 1150#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
947#define X509_F_X509_GET_PUBKEY_PARAMETERS 110 1151#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
1152#define X509_F_X509_LOAD_CERT_CRL_FILE 132
948#define X509_F_X509_LOAD_CERT_FILE 111 1153#define X509_F_X509_LOAD_CERT_FILE 111
949#define X509_F_X509_LOAD_CRL_FILE 112 1154#define X509_F_X509_LOAD_CRL_FILE 112
950#define X509_F_X509_NAME_ADD_ENTRY 113 1155#define X509_F_X509_NAME_ADD_ENTRY 113
951#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 1156#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
1157#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131
952#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 1158#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
953#define X509_F_X509_NAME_ONELINE 116 1159#define X509_F_X509_NAME_ONELINE 116
954#define X509_F_X509_NAME_PRINT 117 1160#define X509_F_X509_NAME_PRINT 117
@@ -960,15 +1166,19 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
960#define X509_F_X509_REQ_TO_X509 123 1166#define X509_F_X509_REQ_TO_X509 123
961#define X509_F_X509_STORE_ADD_CERT 124 1167#define X509_F_X509_STORE_ADD_CERT 124
962#define X509_F_X509_STORE_ADD_CRL 125 1168#define X509_F_X509_STORE_ADD_CRL 125
1169#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
963#define X509_F_X509_TO_X509_REQ 126 1170#define X509_F_X509_TO_X509_REQ 126
1171#define X509_F_X509_TRUST_ADD 133
964#define X509_F_X509_VERIFY_CERT 127 1172#define X509_F_X509_VERIFY_CERT 127
965 1173
966/* Reason codes. */ 1174/* Reason codes. */
967#define X509_R_BAD_X509_FILETYPE 100 1175#define X509_R_BAD_X509_FILETYPE 100
1176#define X509_R_BASE64_DECODE_ERROR 118
968#define X509_R_CANT_CHECK_DH_KEY 114 1177#define X509_R_CANT_CHECK_DH_KEY 114
969#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 1178#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
970#define X509_R_ERR_ASN1_LIB 102 1179#define X509_R_ERR_ASN1_LIB 102
971#define X509_R_INVALID_DIRECTORY 113 1180#define X509_R_INVALID_DIRECTORY 113
1181#define X509_R_INVALID_FIELD_NAME 119
972#define X509_R_KEY_TYPE_MISMATCH 115 1182#define X509_R_KEY_TYPE_MISMATCH 115
973#define X509_R_KEY_VALUES_MISMATCH 116 1183#define X509_R_KEY_VALUES_MISMATCH 116
974#define X509_R_LOADING_CERT_DIR 103 1184#define X509_R_LOADING_CERT_DIR 103
@@ -979,8 +1189,11 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
979#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 1189#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
980#define X509_R_UNKNOWN_KEY_TYPE 117 1190#define X509_R_UNKNOWN_KEY_TYPE 117
981#define X509_R_UNKNOWN_NID 109 1191#define X509_R_UNKNOWN_NID 109
1192#define X509_R_UNKNOWN_PURPOSE_ID 121
1193#define X509_R_UNKNOWN_TRUST_ID 120
982#define X509_R_UNSUPPORTED_ALGORITHM 111 1194#define X509_R_UNSUPPORTED_ALGORITHM 111
983#define X509_R_WRONG_LOOKUP_TYPE 112 1195#define X509_R_WRONG_LOOKUP_TYPE 112
1196#define X509_R_WRONG_TYPE 122
984 1197
985#ifdef __cplusplus 1198#ifdef __cplusplus
986} 1199}
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
new file mode 100644
index 0000000000..caafde658f
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_att.c
@@ -0,0 +1,326 @@
1/* crypto/x509/x509_att.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
69{
70 if (!x) return 0;
71 return(sk_X509_ATTRIBUTE_num(x));
72}
73
74int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
75 int lastpos)
76{
77 ASN1_OBJECT *obj;
78
79 obj=OBJ_nid2obj(nid);
80 if (obj == NULL) return(-2);
81 return(X509at_get_attr_by_OBJ(x,obj,lastpos));
82}
83
84int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
85 int lastpos)
86{
87 int n;
88 X509_ATTRIBUTE *ex;
89
90 if (sk == NULL) return(-1);
91 lastpos++;
92 if (lastpos < 0)
93 lastpos=0;
94 n=sk_X509_ATTRIBUTE_num(sk);
95 for ( ; lastpos < n; lastpos++)
96 {
97 ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
98 if (OBJ_cmp(ex->object,obj) == 0)
99 return(lastpos);
100 }
101 return(-1);
102}
103
104X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
105{
106 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
107 return NULL;
108 else
109 return sk_X509_ATTRIBUTE_value(x,loc);
110}
111
112X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
113{
114 X509_ATTRIBUTE *ret;
115
116 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
117 return(NULL);
118 ret=sk_X509_ATTRIBUTE_delete(x,loc);
119 return(ret);
120}
121
122STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
123 X509_ATTRIBUTE *attr)
124{
125 X509_ATTRIBUTE *new_attr=NULL;
126 STACK_OF(X509_ATTRIBUTE) *sk=NULL;
127
128 if ((x != NULL) && (*x == NULL))
129 {
130 if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
131 goto err;
132 }
133 else
134 sk= *x;
135
136 if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
137 goto err2;
138 if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
139 goto err;
140 if ((x != NULL) && (*x == NULL))
141 *x=sk;
142 return(sk);
143err:
144 X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE);
145err2:
146 if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
147 if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
148 return(NULL);
149}
150
151STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
152 ASN1_OBJECT *obj, int type,
153 unsigned char *bytes, int len)
154{
155 X509_ATTRIBUTE *attr;
156 STACK_OF(X509_ATTRIBUTE) *ret;
157 attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
158 if(!attr) return 0;
159 ret = X509at_add1_attr(x, attr);
160 X509_ATTRIBUTE_free(attr);
161 return ret;
162}
163
164STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
165 int nid, int type,
166 unsigned char *bytes, int len)
167{
168 X509_ATTRIBUTE *attr;
169 STACK_OF(X509_ATTRIBUTE) *ret;
170 attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
171 if(!attr) return 0;
172 ret = X509at_add1_attr(x, attr);
173 X509_ATTRIBUTE_free(attr);
174 return ret;
175}
176
177STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
178 char *attrname, int type,
179 unsigned char *bytes, int len)
180{
181 X509_ATTRIBUTE *attr;
182 STACK_OF(X509_ATTRIBUTE) *ret;
183 attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
184 if(!attr) return 0;
185 ret = X509at_add1_attr(x, attr);
186 X509_ATTRIBUTE_free(attr);
187 return ret;
188}
189
190X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
191 int atrtype, void *data, int len)
192{
193 ASN1_OBJECT *obj;
194 X509_ATTRIBUTE *ret;
195
196 obj=OBJ_nid2obj(nid);
197 if (obj == NULL)
198 {
199 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
200 return(NULL);
201 }
202 ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
203 if (ret == NULL) ASN1_OBJECT_free(obj);
204 return(ret);
205}
206
207X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
208 ASN1_OBJECT *obj, int atrtype, void *data, int len)
209{
210 X509_ATTRIBUTE *ret;
211
212 if ((attr == NULL) || (*attr == NULL))
213 {
214 if ((ret=X509_ATTRIBUTE_new()) == NULL)
215 {
216 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
217 return(NULL);
218 }
219 }
220 else
221 ret= *attr;
222
223 if (!X509_ATTRIBUTE_set1_object(ret,obj))
224 goto err;
225 if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
226 goto err;
227
228 if ((attr != NULL) && (*attr == NULL)) *attr=ret;
229 return(ret);
230err:
231 if ((attr == NULL) || (ret != *attr))
232 X509_ATTRIBUTE_free(ret);
233 return(NULL);
234}
235
236X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
237 char *atrname, int type, unsigned char *bytes, int len)
238 {
239 ASN1_OBJECT *obj;
240 X509_ATTRIBUTE *nattr;
241
242 obj=OBJ_txt2obj(atrname, 0);
243 if (obj == NULL)
244 {
245 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
246 X509_R_INVALID_FIELD_NAME);
247 ERR_add_error_data(2, "name=", atrname);
248 return(NULL);
249 }
250 nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
251 ASN1_OBJECT_free(obj);
252 return nattr;
253 }
254
255int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj)
256{
257 if ((attr == NULL) || (obj == NULL))
258 return(0);
259 ASN1_OBJECT_free(attr->object);
260 attr->object=OBJ_dup(obj);
261 return(1);
262}
263
264int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len)
265{
266 ASN1_TYPE *ttmp;
267 ASN1_STRING *stmp;
268 int atype;
269 if (!attr) return 0;
270 if(attrtype & MBSTRING_FLAG) {
271 stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
272 OBJ_obj2nid(attr->object));
273 if(!stmp) {
274 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
275 return 0;
276 }
277 atype = stmp->type;
278 } else {
279 if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
280 if(!ASN1_STRING_set(stmp, data, len)) goto err;
281 atype = attrtype;
282 }
283 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
284 if(!(ttmp = ASN1_TYPE_new())) goto err;
285 if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
286 attr->set = 1;
287 ASN1_TYPE_set(ttmp, atype, stmp);
288 return 1;
289 err:
290 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
291 return 0;
292}
293
294int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
295{
296 if(attr->set) return sk_ASN1_TYPE_num(attr->value.set);
297 if(attr->value.single) return 1;
298 return 0;
299}
300
301ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
302{
303 if (attr == NULL) return(NULL);
304 return(attr->object);
305}
306
307void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
308 int atrtype, void *data)
309{
310 ASN1_TYPE *ttmp;
311 ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
312 if(!ttmp) return NULL;
313 if(atrtype != ASN1_TYPE_get(ttmp)){
314 X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
315 return NULL;
316 }
317 return ttmp->value.ptr;
318}
319
320ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
321{
322 if (attr == NULL) return(NULL);
323 if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
324 if(attr->set) return sk_ASN1_TYPE_value(attr->value.set, idx);
325 else return attr->value.single;
326}
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 9a93bae3ff..a8a5ca8b03 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -57,12 +57,11 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
63#include <openssl/asn1.h> 61#include <openssl/asn1.h>
64#include <openssl/objects.h> 62#include <openssl/objects.h>
65#include <openssl/x509.h> 63#include <openssl/x509.h>
64#include <openssl/x509v3.h>
66 65
67int X509_issuer_and_serial_cmp(X509 *a, X509 *b) 66int X509_issuer_and_serial_cmp(X509 *a, X509 *b)
68 { 67 {
@@ -71,7 +70,7 @@ int X509_issuer_and_serial_cmp(X509 *a, X509 *b)
71 70
72 ai=a->cert_info; 71 ai=a->cert_info;
73 bi=b->cert_info; 72 bi=b->cert_info;
74 i=ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber); 73 i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
75 if (i) return(i); 74 if (i) return(i);
76 return(X509_NAME_cmp(ai->issuer,bi->issuer)); 75 return(X509_NAME_cmp(ai->issuer,bi->issuer));
77 } 76 }
@@ -138,6 +137,20 @@ unsigned long X509_subject_name_hash(X509 *x)
138 return(X509_NAME_hash(x->cert_info->subject)); 137 return(X509_NAME_hash(x->cert_info->subject));
139 } 138 }
140 139
140#ifndef NO_SHA
141/* Compare two certificates: they must be identical for
142 * this to work.
143 */
144int X509_cmp(X509 *a, X509 *b)
145{
146 /* ensure hash is valid */
147 X509_check_purpose(a, -1, 0);
148 X509_check_purpose(b, -1, 0);
149
150 return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
151}
152#endif
153
141int X509_NAME_cmp(X509_NAME *a, X509_NAME *b) 154int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
142 { 155 {
143 int i,j; 156 int i,j;
@@ -175,7 +188,7 @@ int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
175 188
176#ifndef NO_MD5 189#ifndef NO_MD5
177/* I now DER encode the name and hash it. Since I cache the DER encoding, 190/* I now DER encode the name and hash it. Since I cache the DER encoding,
178 * this is reasonably effiecent. */ 191 * this is reasonably efficient. */
179unsigned long X509_NAME_hash(X509_NAME *x) 192unsigned long X509_NAME_hash(X509_NAME *x)
180 { 193 {
181 unsigned long ret=0; 194 unsigned long ret=0;
@@ -209,6 +222,8 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
209 X509_CINF cinf; 222 X509_CINF cinf;
210 X509 x,*x509=NULL; 223 X509 x,*x509=NULL;
211 224
225 if(!sk) return NULL;
226
212 x.cert_info= &cinf; 227 x.cert_info= &cinf;
213 cinf.serialNumber=serial; 228 cinf.serialNumber=serial;
214 cinf.issuer=name; 229 cinf.issuer=name;
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
index 3e7ec5b432..753d53eb43 100644
--- a/src/lib/libcrypto/x509/x509_d2.c
+++ b/src/lib/libcrypto/x509/x509_d2.c
@@ -57,8 +57,6 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
63#include <openssl/crypto.h> 61#include <openssl/crypto.h>
64#include <openssl/x509.h> 62#include <openssl/x509.h>
@@ -91,13 +89,15 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
91 { 89 {
92 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); 90 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
93 if (lookup == NULL) return(0); 91 if (lookup == NULL) return(0);
94 X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM); 92 if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
93 return(0);
95 } 94 }
96 if (path != NULL) 95 if (path != NULL)
97 { 96 {
98 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); 97 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
99 if (lookup == NULL) return(0); 98 if (lookup == NULL) return(0);
100 X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM); 99 if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
100 return(0);
101 } 101 }
102 if ((path == NULL) && (file == NULL)) 102 if ((path == NULL) && (file == NULL))
103 return(0); 103 return(0);
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
index c4bee71569..e0ac151a76 100644
--- a/src/lib/libcrypto/x509/x509_def.c
+++ b/src/lib/libcrypto/x509/x509_def.c
@@ -57,8 +57,6 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
63#include <openssl/crypto.h> 61#include <openssl/crypto.h>
64#include <openssl/x509.h> 62#include <openssl/x509.h>
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
index 9afd4ccde5..fdedbdac34 100644
--- a/src/lib/libcrypto/x509/x509_err.c
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -69,15 +69,25 @@ static ERR_STRING_DATA X509_str_functs[]=
69{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"}, 69{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"},
70{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"}, 70{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"},
71{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"}, 71{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"},
72{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"},
73{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"},
72{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"}, 74{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"},
75{ERR_PACK(0,X509_F_X509_ADD_ATTR,0), "X509_ADD_ATTR"},
76{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"},
77{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"},
78{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0), "X509_ATTRIBUTE_create_by_txt"},
79{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"},
80{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"},
73{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"}, 81{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"},
74{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"}, 82{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
75{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"}, 83{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
76{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"}, 84{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
85{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"},
77{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"}, 86{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"},
78{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"}, 87{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"},
79{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"}, 88{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"},
80{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"}, 89{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"},
90{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0), "X509_NAME_ENTRY_create_by_txt"},
81{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"}, 91{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"},
82{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"}, 92{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"},
83{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"}, 93{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"},
@@ -89,7 +99,9 @@ static ERR_STRING_DATA X509_str_functs[]=
89{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, 99{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
90{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"}, 100{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"},
91{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"}, 101{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"},
102{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"},
92{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"}, 103{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
104{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"},
93{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"}, 105{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
94{0,NULL} 106{0,NULL}
95 }; 107 };
@@ -97,10 +109,12 @@ static ERR_STRING_DATA X509_str_functs[]=
97static ERR_STRING_DATA X509_str_reasons[]= 109static ERR_STRING_DATA X509_str_reasons[]=
98 { 110 {
99{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"}, 111{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
112{X509_R_BASE64_DECODE_ERROR ,"base64 decode error"},
100{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"}, 113{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"},
101{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"}, 114{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
102{X509_R_ERR_ASN1_LIB ,"err asn1 lib"}, 115{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
103{X509_R_INVALID_DIRECTORY ,"invalid directory"}, 116{X509_R_INVALID_DIRECTORY ,"invalid directory"},
117{X509_R_INVALID_FIELD_NAME ,"invalid field name"},
104{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"}, 118{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"},
105{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"}, 119{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"},
106{X509_R_LOADING_CERT_DIR ,"loading cert dir"}, 120{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
@@ -111,8 +125,11 @@ static ERR_STRING_DATA X509_str_reasons[]=
111{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"}, 125{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
112{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"}, 126{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"},
113{X509_R_UNKNOWN_NID ,"unknown nid"}, 127{X509_R_UNKNOWN_NID ,"unknown nid"},
128{X509_R_UNKNOWN_PURPOSE_ID ,"unknown purpose id"},
129{X509_R_UNKNOWN_TRUST_ID ,"unknown trust id"},
114{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"}, 130{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},
115{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"}, 131{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"},
132{X509_R_WRONG_TYPE ,"wrong type"},
116{0,NULL} 133{0,NULL}
117 }; 134 };
118 135
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
index f8565a60b2..2955989807 100644
--- a/src/lib/libcrypto/x509/x509_ext.c
+++ b/src/lib/libcrypto/x509/x509_ext.c
@@ -63,6 +63,8 @@
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include <openssl/evp.h> 64#include <openssl/evp.h>
65#include <openssl/x509.h> 65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
66 68
67int X509_CRL_get_ext_count(X509_CRL *x) 69int X509_CRL_get_ext_count(X509_CRL *x)
68 { 70 {
@@ -94,6 +96,11 @@ X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
94 return(X509v3_delete_ext(x->crl->extensions,loc)); 96 return(X509v3_delete_ext(x->crl->extensions,loc));
95 } 97 }
96 98
99void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
100{
101 return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
102}
103
97int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) 104int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
98 { 105 {
99 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); 106 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
@@ -134,6 +141,11 @@ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
134 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); 141 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
135 } 142 }
136 143
144void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
145{
146 return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
147}
148
137int X509_REVOKED_get_ext_count(X509_REVOKED *x) 149int X509_REVOKED_get_ext_count(X509_REVOKED *x)
138 { 150 {
139 return(X509v3_get_ext_count(x->extensions)); 151 return(X509v3_get_ext_count(x->extensions));
@@ -170,5 +182,10 @@ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
170 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); 182 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
171 } 183 }
172 184
185void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
186{
187 return X509V3_get_d2i(x->extensions, nid, crit, idx);
188}
189
173IMPLEMENT_STACK_OF(X509_EXTENSION) 190IMPLEMENT_STACK_OF(X509_EXTENSION)
174IMPLEMENT_ASN1_SET_OF(X509_EXTENSION) 191IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index 18bfecb11e..a20006d67e 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -61,8 +61,8 @@
61#include <openssl/lhash.h> 61#include <openssl/lhash.h>
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63 63
64static STACK *x509_store_meth=NULL; 64static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL;
65static STACK *x509_store_ctx_meth=NULL; 65static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_meth=NULL;
66 66
67X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) 67X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
68 { 68 {
@@ -244,7 +244,7 @@ void X509_STORE_free(X509_STORE *vfy)
244 } 244 }
245 sk_X509_LOOKUP_free(sk); 245 sk_X509_LOOKUP_free(sk);
246 246
247 CRYPTO_free_ex_data(x509_store_meth,(char *)vfy,&vfy->ex_data); 247 CRYPTO_free_ex_data(x509_store_meth,vfy,&vfy->ex_data);
248 lh_doall(vfy->certs,cleanup); 248 lh_doall(vfy->certs,cleanup);
249 lh_free(vfy->certs); 249 lh_free(vfy->certs);
250 Free(vfy); 250 Free(vfy);
@@ -377,10 +377,24 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h, int type,
377 abort(); 377 abort();
378 } 378 }
379 379
380 tmp=(X509_OBJECT *)lh_retrieve(h,(char *)&stmp); 380 tmp=(X509_OBJECT *)lh_retrieve(h,&stmp);
381 return(tmp); 381 return(tmp);
382 } 382 }
383 383
384X509_STORE_CTX *X509_STORE_CTX_new(void)
385{
386 X509_STORE_CTX *ctx;
387 ctx = (X509_STORE_CTX *)Malloc(sizeof(X509_STORE_CTX));
388 if(ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
389 return ctx;
390}
391
392void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
393{
394 X509_STORE_CTX_cleanup(ctx);
395 Free(ctx);
396}
397
384void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, 398void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
385 STACK_OF(X509) *chain) 399 STACK_OF(X509) *chain)
386 { 400 {
@@ -389,6 +403,8 @@ void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
389 ctx->cert=x509; 403 ctx->cert=x509;
390 ctx->untrusted=chain; 404 ctx->untrusted=chain;
391 ctx->last_untrusted=0; 405 ctx->last_untrusted=0;
406 ctx->purpose=0;
407 ctx->trust=0;
392 ctx->valid=0; 408 ctx->valid=0;
393 ctx->chain=NULL; 409 ctx->chain=NULL;
394 ctx->depth=9; 410 ctx->depth=9;
@@ -404,7 +420,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
404 sk_X509_pop_free(ctx->chain,X509_free); 420 sk_X509_pop_free(ctx->chain,X509_free);
405 ctx->chain=NULL; 421 ctx->chain=NULL;
406 } 422 }
407 CRYPTO_free_ex_data(x509_store_ctx_meth,(char *)ctx,&(ctx->ex_data)); 423 CRYPTO_free_ex_data(x509_store_ctx_meth,ctx,&(ctx->ex_data));
408 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); 424 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
409 } 425 }
410 426
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
index bb4697ae60..db051033d9 100644
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ b/src/lib/libcrypto/x509/x509_r2x.c
@@ -82,7 +82,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
82 82
83 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) 83 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
84 { 84 {
85 if ((xi->version=ASN1_INTEGER_new()) == NULL) goto err; 85 if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
86 if (!ASN1_INTEGER_set(xi->version,2)) goto err; 86 if (!ASN1_INTEGER_set(xi->version,2)) goto err;
87/* xi->extensions=ri->attributes; <- bad, should not ever be done 87/* xi->extensions=ri->attributes; <- bad, should not ever be done
88 ri->attributes=NULL; */ 88 ri->attributes=NULL; */
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 2ef94decd1..baef8790eb 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -66,7 +66,7 @@
66#include <openssl/buffer.h> 66#include <openssl/buffer.h>
67#include <openssl/pem.h> 67#include <openssl/pem.h>
68 68
69X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md) 69X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
70 { 70 {
71 X509_REQ *ret; 71 X509_REQ *ret;
72 X509_REQ_INFO *ri; 72 X509_REQ_INFO *ri;
@@ -113,3 +113,166 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
113 return(X509_PUBKEY_get(req->req_info->pubkey)); 113 return(X509_PUBKEY_get(req->req_info->pubkey));
114 } 114 }
115 115
116/* It seems several organisations had the same idea of including a list of
117 * extensions in a certificate request. There are at least two OIDs that are
118 * used and there may be more: so the list is configurable.
119 */
120
121static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};
122
123static int *ext_nids = ext_nid_list;
124
125int X509_REQ_extension_nid(int req_nid)
126{
127 int i, nid;
128 for(i = 0; ; i++) {
129 nid = ext_nids[i];
130 if(nid == NID_undef) return 0;
131 else if (req_nid == nid) return 1;
132 }
133}
134
135int *X509_REQ_get_extension_nids(void)
136{
137 return ext_nids;
138}
139
140void X509_REQ_set_extension_nids(int *nids)
141{
142 ext_nids = nids;
143}
144
145STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
146{
147 X509_ATTRIBUTE *attr;
148 STACK_OF(X509_ATTRIBUTE) *sk;
149 ASN1_TYPE *ext = NULL;
150 int i;
151 unsigned char *p;
152 if ((req == NULL) || (req->req_info == NULL))
153 return(NULL);
154 sk=req->req_info->attributes;
155 if (!sk) return NULL;
156 for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
157 attr = sk_X509_ATTRIBUTE_value(sk, i);
158 if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {
159 if(attr->set && sk_ASN1_TYPE_num(attr->value.set))
160 ext = sk_ASN1_TYPE_value(attr->value.set, 0);
161 else ext = attr->value.single;
162 break;
163 }
164 }
165 if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL;
166 p = ext->value.sequence->data;
167 return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
168 ext->value.sequence->length,
169 d2i_X509_EXTENSION, X509_EXTENSION_free,
170 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
171}
172
173/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
174 * in case we want to create a non standard one.
175 */
176
177int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
178 int nid)
179{
180 unsigned char *p = NULL, *q;
181 long len;
182 ASN1_TYPE *at = NULL;
183 X509_ATTRIBUTE *attr = NULL;
184 if(!(at = ASN1_TYPE_new()) ||
185 !(at->value.sequence = ASN1_STRING_new())) goto err;
186
187 at->type = V_ASN1_SEQUENCE;
188 /* Generate encoding of extensions */
189 len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
190 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
191 if(!(p = Malloc(len))) goto err;
192 q = p;
193 i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
194 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
195 at->value.sequence->data = p;
196 p = NULL;
197 at->value.sequence->length = len;
198 if(!(attr = X509_ATTRIBUTE_new())) goto err;
199 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
200 if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
201 at = NULL;
202 attr->set = 1;
203 attr->object = OBJ_nid2obj(nid);
204 if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
205 return 1;
206 err:
207 if(p) Free(p);
208 X509_ATTRIBUTE_free(attr);
209 ASN1_TYPE_free(at);
210 return 0;
211}
212/* This is the normal usage: use the "official" OID */
213int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
214{
215 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
216}
217
218/* Request attribute functions */
219
220int X509_REQ_get_attr_count(const X509_REQ *req)
221{
222 return X509at_get_attr_count(req->req_info->attributes);
223}
224
225int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
226 int lastpos)
227{
228 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
229}
230
231int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
232 int lastpos)
233{
234 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
235}
236
237X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
238{
239 return X509at_get_attr(req->req_info->attributes, loc);
240}
241
242X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
243{
244 return X509at_delete_attr(req->req_info->attributes, loc);
245}
246
247int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
248{
249 if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
250 return 0;
251}
252
253int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
254 ASN1_OBJECT *obj, int type,
255 unsigned char *bytes, int len)
256{
257 if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
258 type, bytes, len)) return 1;
259 return 0;
260}
261
262int X509_REQ_add1_attr_by_NID(X509_REQ *req,
263 int nid, int type,
264 unsigned char *bytes, int len)
265{
266 if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
267 type, bytes, len)) return 1;
268 return 0;
269}
270
271int X509_REQ_add1_attr_by_txt(X509_REQ *req,
272 char *attrname, int type,
273 unsigned char *bytes, int len)
274{
275 if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
276 type, bytes, len)) return 1;
277 return 0;
278}
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
index 5a6f7b414f..add842d17a 100644
--- a/src/lib/libcrypto/x509/x509_set.c
+++ b/src/lib/libcrypto/x509/x509_set.c
@@ -68,7 +68,7 @@ int X509_set_version(X509 *x, long version)
68 if (x == NULL) return(0); 68 if (x == NULL) return(0);
69 if (x->cert_info->version == NULL) 69 if (x->cert_info->version == NULL)
70 { 70 {
71 if ((x->cert_info->version=ASN1_INTEGER_new()) == NULL) 71 if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
72 return(0); 72 return(0);
73 } 73 }
74 return(ASN1_INTEGER_set(x->cert_info->version,version)); 74 return(ASN1_INTEGER_set(x->cert_info->version,version));
@@ -82,10 +82,10 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
82 in=x->cert_info->serialNumber; 82 in=x->cert_info->serialNumber;
83 if (in != serial) 83 if (in != serial)
84 { 84 {
85 in=ASN1_INTEGER_dup(serial); 85 in=M_ASN1_INTEGER_dup(serial);
86 if (in != NULL) 86 if (in != NULL)
87 { 87 {
88 ASN1_INTEGER_free(x->cert_info->serialNumber); 88 M_ASN1_INTEGER_free(x->cert_info->serialNumber);
89 x->cert_info->serialNumber=in; 89 x->cert_info->serialNumber=in;
90 } 90 }
91 } 91 }
@@ -112,10 +112,10 @@ int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm)
112 in=x->cert_info->validity->notBefore; 112 in=x->cert_info->validity->notBefore;
113 if (in != tm) 113 if (in != tm)
114 { 114 {
115 in=ASN1_UTCTIME_dup(tm); 115 in=M_ASN1_UTCTIME_dup(tm);
116 if (in != NULL) 116 if (in != NULL)
117 { 117 {
118 ASN1_UTCTIME_free(x->cert_info->validity->notBefore); 118 M_ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
119 x->cert_info->validity->notBefore=in; 119 x->cert_info->validity->notBefore=in;
120 } 120 }
121 } 121 }
@@ -130,10 +130,10 @@ int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm)
130 in=x->cert_info->validity->notAfter; 130 in=x->cert_info->validity->notAfter;
131 if (in != tm) 131 if (in != tm)
132 { 132 {
133 in=ASN1_UTCTIME_dup(tm); 133 in=M_ASN1_UTCTIME_dup(tm);
134 if (in != NULL) 134 if (in != NULL)
135 { 135 {
136 ASN1_UTCTIME_free(x->cert_info->validity->notAfter); 136 M_ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
137 x->cert_info->validity->notAfter=in; 137 x->cert_info->validity->notAfter=in;
138 } 138 }
139 } 139 }
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
new file mode 100644
index 0000000000..9f7d67952d
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -0,0 +1,263 @@
1/* x509_trs.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63
64static int tr_cmp(X509_TRUST **a, X509_TRUST **b);
65static void trtable_free(X509_TRUST *p);
66
67static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
68static int trust_any(X509_TRUST *trust, X509 *x, int flags);
69
70static int obj_trust(int id, X509 *x, int flags);
71static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
72
73/* WARNING: the following table should be kept in order of trust
74 * and without any gaps so we can just subtract the minimum trust
75 * value to get an index into the table
76 */
77
78static X509_TRUST trstandard[] = {
79{X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL},
80{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
81{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL},
82{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
83};
84
85#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
86
87IMPLEMENT_STACK_OF(X509_TRUST)
88
89static STACK_OF(X509_TRUST) *trtable = NULL;
90
91static int tr_cmp(X509_TRUST **a, X509_TRUST **b)
92{
93 return (*a)->trust - (*b)->trust;
94}
95
96int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
97{
98int (*oldtrust)(int , X509 *, int);
99oldtrust = default_trust;
100default_trust = trust;
101return oldtrust;
102}
103
104
105int X509_check_trust(X509 *x, int id, int flags)
106{
107 X509_TRUST *pt;
108 int idx;
109 if(id == -1) return 1;
110 if(!(idx = X509_TRUST_get_by_id(id)))
111 return default_trust(id, x, flags);
112 pt = X509_TRUST_get0(idx);
113 return pt->check_trust(pt, x, flags);
114}
115
116int X509_TRUST_get_count(void)
117{
118 if(!trtable) return X509_TRUST_COUNT;
119 return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
120}
121
122X509_TRUST * X509_TRUST_get0(int idx)
123{
124 if(idx < 0) return NULL;
125 if(idx < X509_TRUST_COUNT) return trstandard + idx;
126 return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
127}
128
129int X509_TRUST_get_by_id(int id)
130{
131 X509_TRUST tmp;
132 int idx;
133 if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
134 return id - X509_TRUST_MIN;
135 tmp.trust = id;
136 if(!trtable) return -1;
137 idx = sk_X509_TRUST_find(trtable, &tmp);
138 if(idx == -1) return -1;
139 return idx + X509_TRUST_COUNT;
140}
141
142int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
143 char *name, int arg1, void *arg2)
144{
145 int idx;
146 X509_TRUST *trtmp;
147 /* This is set according to what we change: application can't set it */
148 flags &= ~X509_TRUST_DYNAMIC;
149 /* This will always be set for application modified trust entries */
150 flags |= X509_TRUST_DYNAMIC_NAME;
151 /* Get existing entry if any */
152 idx = X509_TRUST_get_by_id(id);
153 /* Need a new entry */
154 if(idx == -1) {
155 if(!(trtmp = Malloc(sizeof(X509_TRUST)))) {
156 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
157 return 0;
158 }
159 trtmp->flags = X509_TRUST_DYNAMIC;
160 } else trtmp = X509_TRUST_get0(idx);
161
162 /* Free existing name if dynamic */
163 if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name);
164 /* dup supplied name */
165 if(!(trtmp->name = BUF_strdup(name))) {
166 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
167 return 0;
168 }
169 /* Keep the dynamic flag of existing entry */
170 trtmp->flags &= X509_TRUST_DYNAMIC;
171 /* Set all other flags */
172 trtmp->flags |= flags;
173
174 trtmp->trust = id;
175 trtmp->check_trust = ck;
176 trtmp->arg1 = arg1;
177 trtmp->arg2 = arg2;
178
179 /* If its a new entry manage the dynamic table */
180 if(idx == -1) {
181 if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
182 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
183 return 0;
184 }
185 if (!sk_X509_TRUST_push(trtable, trtmp)) {
186 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
187 return 0;
188 }
189 }
190 return 1;
191}
192
193static void trtable_free(X509_TRUST *p)
194 {
195 if(!p) return;
196 if (p->flags & X509_TRUST_DYNAMIC)
197 {
198 if (p->flags & X509_TRUST_DYNAMIC_NAME)
199 Free(p->name);
200 Free(p);
201 }
202 }
203
204void X509_TRUST_cleanup(void)
205{
206 int i;
207 for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
208 sk_X509_TRUST_pop_free(trtable, trtable_free);
209 trtable = NULL;
210}
211
212int X509_TRUST_get_flags(X509_TRUST *xp)
213{
214 return xp->flags;
215}
216
217char *X509_TRUST_get0_name(X509_TRUST *xp)
218{
219 return xp->name;
220}
221
222int X509_TRUST_get_trust(X509_TRUST *xp)
223{
224 return xp->trust;
225}
226
227static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
228{
229 if(x->aux) return obj_trust(trust->arg1, x, flags);
230 /* we don't have any trust settings: for compatibility
231 * we return trusted if it is self signed
232 */
233 X509_check_purpose(x, -1, 0);
234 if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
235 else return X509_TRUST_UNTRUSTED;
236}
237
238static int obj_trust(int id, X509 *x, int flags)
239{
240 ASN1_OBJECT *obj;
241 int i;
242 X509_CERT_AUX *ax;
243 ax = x->aux;
244 if(!ax) return X509_TRUST_UNTRUSTED;
245 if(ax->reject) {
246 for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
247 obj = sk_ASN1_OBJECT_value(ax->reject, i);
248 if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
249 }
250 }
251 if(ax->trust) {
252 for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
253 obj = sk_ASN1_OBJECT_value(ax->trust, i);
254 if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
255 }
256 }
257 return X509_TRUST_UNTRUSTED;
258}
259
260static int trust_any(X509_TRUST *trust, X509 *x, int flags)
261{
262 return X509_TRUST_TRUSTED;
263}
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
index 11a3d2012f..209cf53191 100644
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ b/src/lib/libcrypto/x509/x509_txt.c
@@ -59,7 +59,6 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include <errno.h> 61#include <errno.h>
62#include <sys/types.h>
63 62
64#include "cryptlib.h" 63#include "cryptlib.h"
65#include <openssl/lhash.h> 64#include <openssl/lhash.h>
@@ -121,6 +120,16 @@ const char *X509_verify_cert_error_string(long n)
121 return("certificate chain too long"); 120 return("certificate chain too long");
122 case X509_V_ERR_CERT_REVOKED: 121 case X509_V_ERR_CERT_REVOKED:
123 return("certificate revoked"); 122 return("certificate revoked");
123 case X509_V_ERR_INVALID_CA:
124 return ("invalid CA certificate");
125 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
126 return ("path length constraint exceeded");
127 case X509_V_ERR_INVALID_PURPOSE:
128 return ("unsupported certificate purpose");
129 case X509_V_ERR_CERT_UNTRUSTED:
130 return ("certificate not trusted");
131 case X509_V_ERR_CERT_REJECTED:
132 return ("certificate rejected");
124 case X509_V_ERR_APPLICATION_VERIFICATION: 133 case X509_V_ERR_APPLICATION_VERIFICATION:
125 return("application verification failure"); 134 return("application verification failure");
126 default: 135 default:
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
index dd2f9f1b17..52887986fe 100644
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -63,6 +63,7 @@
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include <openssl/evp.h> 64#include <openssl/evp.h>
65#include <openssl/x509.h> 65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
66 67
67int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) 68int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
68 { 69 {
@@ -242,7 +243,7 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
242 int i; 243 int i;
243 244
244 if (ex == NULL) return(0); 245 if (ex == NULL) return(0);
245 i=ASN1_OCTET_STRING_set(ex->value,data->data,data->length); 246 i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
246 if (!i) return(0); 247 if (!i) return(0);
247 return(1); 248 return(1);
248 } 249 }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index c72ee4a385..4fdff54124 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -59,23 +59,24 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include <errno.h> 61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64 62
65#include <openssl/crypto.h>
66#include "cryptlib.h" 63#include "cryptlib.h"
64#include <openssl/crypto.h>
67#include <openssl/lhash.h> 65#include <openssl/lhash.h>
68#include <openssl/buffer.h> 66#include <openssl/buffer.h>
69#include <openssl/evp.h> 67#include <openssl/evp.h>
70#include <openssl/asn1.h> 68#include <openssl/asn1.h>
71#include <openssl/x509.h> 69#include <openssl/x509.h>
70#include <openssl/x509v3.h>
72#include <openssl/objects.h> 71#include <openssl/objects.h>
73 72
74static int null_callback(int ok,X509_STORE_CTX *e); 73static int null_callback(int ok,X509_STORE_CTX *e);
74static int check_chain_purpose(X509_STORE_CTX *ctx);
75static int check_trust(X509_STORE_CTX *ctx);
75static int internal_verify(X509_STORE_CTX *ctx); 76static int internal_verify(X509_STORE_CTX *ctx);
76const char *X509_version="X.509" OPENSSL_VERSION_PTEXT; 77const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
77 78
78static STACK *x509_store_ctx_method=NULL; 79static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
79static int x509_store_ctx_num=0; 80static int x509_store_ctx_num=0;
80#if 0 81#if 0
81static int x509_store_num=1; 82static int x509_store_num=1;
@@ -127,7 +128,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
127 ctx->last_untrusted=1; 128 ctx->last_untrusted=1;
128 } 129 }
129 130
130 /* We use a temporary so we can chop and hack at it */ 131 /* We use a temporary STACK so we can chop and hack at it */
131 if (ctx->untrusted != NULL 132 if (ctx->untrusted != NULL
132 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL) 133 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
133 { 134 {
@@ -184,17 +185,37 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
184 185
185 i=sk_X509_num(ctx->chain); 186 i=sk_X509_num(ctx->chain);
186 x=sk_X509_value(ctx->chain,i-1); 187 x=sk_X509_value(ctx->chain,i-1);
187 if (X509_NAME_cmp(X509_get_subject_name(x),X509_get_issuer_name(x)) 188 xn = X509_get_subject_name(x);
189 if (X509_NAME_cmp(xn,X509_get_issuer_name(x))
188 == 0) 190 == 0)
189 { 191 {
190 /* we have a self signed certificate */ 192 /* we have a self signed certificate */
191 if (sk_X509_num(ctx->chain) == 1) 193 if (sk_X509_num(ctx->chain) == 1)
192 { 194 {
193 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; 195 /* We have a single self signed certificate: see if
194 ctx->current_cert=x; 196 * we can find it in the store. We must have an exact
195 ctx->error_depth=i-1; 197 * match to avoid possible impersonation.
196 ok=cb(0,ctx); 198 */
197 if (!ok) goto end; 199 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
200 if ((ok != X509_LU_X509) || X509_cmp(x, obj.data.x509))
201 {
202 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
203 ctx->current_cert=x;
204 ctx->error_depth=i-1;
205 if(ok == X509_LU_X509) X509_OBJECT_free_contents(&obj);
206 ok=cb(0,ctx);
207 if (!ok) goto end;
208 }
209 else
210 {
211 /* We have a match: replace certificate with store version
212 * so we get any trust settings.
213 */
214 X509_free(x);
215 x = obj.data.x509;
216 sk_X509_set(ctx->chain, i - 1, x);
217 ctx->last_untrusted=0;
218 }
198 } 219 }
199 else 220 else
200 { 221 {
@@ -272,6 +293,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
272 if (!ok) goto end; 293 if (!ok) goto end;
273 } 294 }
274 295
296 /* We have the chain complete: now we need to check its purpose */
297 if(ctx->purpose > 0) ok = check_chain_purpose(ctx);
298
299 if(!ok) goto end;
300
301 /* The chain extensions are OK: check trust */
302
303 if(ctx->trust > 0) ok = check_trust(ctx);
304
305 if(!ok) goto end;
306
275 /* We may as well copy down any DSA parameters that are required */ 307 /* We may as well copy down any DSA parameters that are required */
276 X509_get_pubkey_parameters(NULL,ctx->chain); 308 X509_get_pubkey_parameters(NULL,ctx->chain);
277 309
@@ -290,6 +322,71 @@ end:
290 return(ok); 322 return(ok);
291 } 323 }
292 324
325/* Check a certificate chains extensions for consistency
326 * with the supplied purpose
327 */
328
329static int check_chain_purpose(X509_STORE_CTX *ctx)
330{
331#ifdef NO_CHAIN_VERIFY
332 return 1;
333#else
334 int i, ok=0;
335 X509 *x;
336 int (*cb)();
337 cb=ctx->ctx->verify_cb;
338 if (cb == NULL) cb=null_callback;
339 /* Check all untrusted certificates */
340 for(i = 0; i < ctx->last_untrusted; i++) {
341 x = sk_X509_value(ctx->chain, i);
342 if(!X509_check_purpose(x, ctx->purpose, i)) {
343 if(i) ctx->error = X509_V_ERR_INVALID_CA;
344 else ctx->error = X509_V_ERR_INVALID_PURPOSE;
345 ctx->error_depth = i;
346 ctx->current_cert = x;
347 ok=cb(0,ctx);
348 if(!ok) goto end;
349 }
350 /* Check pathlen */
351 if((i > 1) && (x->ex_pathlen != -1)
352 && (i > (x->ex_pathlen + 1))) {
353 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
354 ctx->error_depth = i;
355 ctx->current_cert = x;
356 ok=cb(0,ctx);
357 if(!ok) goto end;
358 }
359 }
360 ok = 1;
361 end:
362 return(ok);
363#endif
364}
365
366static int check_trust(X509_STORE_CTX *ctx)
367{
368#ifdef NO_CHAIN_VERIFY
369 return 1;
370#else
371 int i, ok;
372 X509 *x;
373 int (*cb)();
374 cb=ctx->ctx->verify_cb;
375 if (cb == NULL) cb=null_callback;
376/* For now just check the last certificate in the chain */
377 i = sk_X509_num(ctx->chain) - 1;
378 x = sk_X509_value(ctx->chain, i);
379 ok = X509_check_trust(x, ctx->trust, 0);
380 if(ok == X509_TRUST_TRUSTED) return 1;
381 ctx->error_depth = sk_X509_num(ctx->chain) - 1;
382 ctx->current_cert = x;
383 if(ok == X509_TRUST_REJECTED) ctx->error = X509_V_ERR_CERT_REJECTED;
384 else ctx->error = X509_V_ERR_CERT_UNTRUSTED;
385 ok = cb(0, ctx);
386 return(ok);
387#endif
388}
389
293static int internal_verify(X509_STORE_CTX *ctx) 390static int internal_verify(X509_STORE_CTX *ctx)
294 { 391 {
295 int i,ok=0,n; 392 int i,ok=0,n;
@@ -439,7 +536,7 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
439 atm.length=sizeof(buff2); 536 atm.length=sizeof(buff2);
440 atm.data=(unsigned char *)buff2; 537 atm.data=(unsigned char *)buff2;
441 538
442 X509_gmtime_adj(&atm,-offset); 539 X509_gmtime_adj(&atm,-offset*60);
443 540
444 i=(buff1[0]-'0')*10+(buff1[1]-'0'); 541 i=(buff1[0]-'0')*10+(buff1[1]-'0');
445 if (i < 50) i+=100; /* cf. RFC 2459 */ 542 if (i < 50) i+=100; /* cf. RFC 2459 */
@@ -525,13 +622,13 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
525 622
526 X509_OBJECT_up_ref_count(obj); 623 X509_OBJECT_up_ref_count(obj);
527 624
528 r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj); 625 r=(X509_OBJECT *)lh_insert(ctx->certs,obj);
529 if (r != NULL) 626 if (r != NULL)
530 { /* oops, put it back */ 627 { /* oops, put it back */
531 lh_delete(ctx->certs,(char *)obj); 628 lh_delete(ctx->certs,obj);
532 X509_OBJECT_free_contents(obj); 629 X509_OBJECT_free_contents(obj);
533 Free(obj); 630 Free(obj);
534 lh_insert(ctx->certs,(char *)r); 631 lh_insert(ctx->certs,r);
535 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); 632 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
536 ret=0; 633 ret=0;
537 } 634 }
@@ -560,13 +657,13 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
560 657
561 X509_OBJECT_up_ref_count(obj); 658 X509_OBJECT_up_ref_count(obj);
562 659
563 r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj); 660 r=(X509_OBJECT *)lh_insert(ctx->certs,obj);
564 if (r != NULL) 661 if (r != NULL)
565 { /* oops, put it back */ 662 { /* oops, put it back */
566 lh_delete(ctx->certs,(char *)obj); 663 lh_delete(ctx->certs,obj);
567 X509_OBJECT_free_contents(obj); 664 X509_OBJECT_free_contents(obj);
568 Free(obj); 665 Free(obj);
569 lh_insert(ctx->certs,(char *)r); 666 lh_insert(ctx->certs,r);
570 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); 667 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
571 ret=0; 668 ret=0;
572 } 669 }
@@ -576,8 +673,8 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
576 return(ret); 673 return(ret);
577 } 674 }
578 675
579int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), 676int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
580 int (*dup_func)(), void (*free_func)()) 677 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
581 { 678 {
582 x509_store_ctx_num++; 679 x509_store_ctx_num++;
583 return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1, 680 return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
@@ -620,6 +717,19 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
620 return(ctx->chain); 717 return(ctx->chain);
621 } 718 }
622 719
720STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
721 {
722 int i;
723 X509 *x;
724 STACK_OF(X509) *chain;
725 if(!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
726 for(i = 0; i < sk_X509_num(chain); i++) {
727 x = sk_X509_value(chain, i);
728 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
729 }
730 return(chain);
731 }
732
623void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) 733void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
624 { 734 {
625 ctx->cert=x; 735 ctx->cert=x;
@@ -630,6 +740,62 @@ void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
630 ctx->untrusted=sk; 740 ctx->untrusted=sk;
631 } 741 }
632 742
743int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
744 {
745 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
746 }
747
748int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
749 {
750 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
751 }
752
753/* This function is used to set the X509_STORE_CTX purpose and trust
754 * values. This is intended to be used when another structure has its
755 * own trust and purpose values which (if set) will be inherited by
756 * the ctx. If they aren't set then we will usually have a default
757 * purpose in mind which should then be used to set the trust value.
758 * An example of this is SSL use: an SSL structure will have its own
759 * purpose and trust settings which the application can set: if they
760 * aren't set then we use the default of SSL client/server.
761 */
762
763int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
764 int purpose, int trust)
765{
766 int idx;
767 /* If purpose not set use default */
768 if(!purpose) purpose = def_purpose;
769 /* If we have a purpose then check it is valid */
770 if(purpose) {
771 idx = X509_PURPOSE_get_by_id(purpose);
772 if(idx == -1) {
773 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
774 X509_R_UNKNOWN_PURPOSE_ID);
775 return 0;
776 }
777 /* If trust not set then get from purpose default */
778 if(!trust) {
779 X509_PURPOSE *ptmp;
780 ptmp = X509_PURPOSE_get0(idx);
781 trust = ptmp->trust;
782 }
783 }
784 if(trust) {
785 idx = X509_TRUST_get_by_id(trust);
786 if(idx == -1) {
787 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
788 X509_R_UNKNOWN_TRUST_ID);
789 return 0;
790 }
791 }
792
793 if(purpose) ctx->purpose = purpose;
794 if(trust) ctx->trust = trust;
795 return 1;
796}
797
798
633IMPLEMENT_STACK_OF(X509) 799IMPLEMENT_STACK_OF(X509)
634IMPLEMENT_ASN1_SET_OF(X509) 800IMPLEMENT_ASN1_SET_OF(X509)
635 801
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index ecfd4cf9ed..4637aecedf 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -202,6 +202,8 @@ struct x509_store_state_st /* X509_STORE_CTX */
202 /* The following are set by the caller */ 202 /* The following are set by the caller */
203 X509 *cert; /* The cert to check */ 203 X509 *cert; /* The cert to check */
204 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ 204 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
205 int purpose; /* purpose to check untrusted certificates */
206 int trust; /* trust setting to check */
205 207
206 /* The following is built up */ 208 /* The following is built up */
207 int depth; /* how far to go looking up certs */ 209 int depth; /* how far to go looking up certs */
@@ -234,6 +236,7 @@ struct x509_store_state_st /* X509_STORE_CTX */
234 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) 236 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
235 237
236#define X509_V_OK 0 238#define X509_V_OK 0
239/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
237 240
238#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 241#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
239#define X509_V_ERR_UNABLE_TO_GET_CRL 3 242#define X509_V_ERR_UNABLE_TO_GET_CRL 3
@@ -257,6 +260,11 @@ struct x509_store_state_st /* X509_STORE_CTX */
257#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 260#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
258#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 261#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
259#define X509_V_ERR_CERT_REVOKED 23 262#define X509_V_ERR_CERT_REVOKED 23
263#define X509_V_ERR_INVALID_CA 24
264#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
265#define X509_V_ERR_INVALID_PURPOSE 26
266#define X509_V_ERR_CERT_UNTRUSTED 27
267#define X509_V_ERR_CERT_REJECTED 28
260 268
261/* The application is not happy */ 269/* The application is not happy */
262#define X509_V_ERR_APPLICATION_VERIFICATION 50 270#define X509_V_ERR_APPLICATION_VERIFICATION 50
@@ -284,6 +292,8 @@ void X509_OBJECT_free_contents(X509_OBJECT *a);
284X509_STORE *X509_STORE_new(void ); 292X509_STORE *X509_STORE_new(void );
285void X509_STORE_free(X509_STORE *v); 293void X509_STORE_free(X509_STORE *v);
286 294
295X509_STORE_CTX *X509_STORE_CTX_new(void);
296void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
287void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, 297void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
288 X509 *x509, STACK_OF(X509) *chain); 298 X509 *x509, STACK_OF(X509) *chain);
289void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); 299void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
@@ -305,6 +315,7 @@ int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
305#ifndef NO_STDIO 315#ifndef NO_STDIO
306int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); 316int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
307int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); 317int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
318int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
308#endif 319#endif
309 320
310 321
@@ -327,8 +338,8 @@ int X509_STORE_load_locations (X509_STORE *ctx,
327int X509_STORE_set_default_paths(X509_STORE *ctx); 338int X509_STORE_set_default_paths(X509_STORE *ctx);
328#endif 339#endif
329 340
330int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), 341int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
331 int (*dup_func)(), void (*free_func)()); 342 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
332int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data); 343int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
333void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); 344void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
334int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); 345int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
@@ -336,8 +347,13 @@ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
336int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); 347int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
337X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); 348X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
338STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); 349STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
350STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
339void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); 351void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
340void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); 352void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
353int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
354int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
355int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
356 int purpose, int trust);
341 357
342#ifdef __cplusplus 358#ifdef __cplusplus
343} 359}
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
index 2a422be350..cf2382d42c 100644
--- a/src/lib/libcrypto/x509/x509name.c
+++ b/src/lib/libcrypto/x509/x509name.c
@@ -171,6 +171,42 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
171 return(ret); 171 return(ret);
172 } 172 }
173 173
174int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
175 unsigned char *bytes, int len, int loc, int set)
176{
177 X509_NAME_ENTRY *ne;
178 int ret;
179 ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
180 if(!ne) return 0;
181 ret = X509_NAME_add_entry(name, ne, loc, set);
182 X509_NAME_ENTRY_free(ne);
183 return ret;
184}
185
186int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
187 unsigned char *bytes, int len, int loc, int set)
188{
189 X509_NAME_ENTRY *ne;
190 int ret;
191 ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
192 if(!ne) return 0;
193 ret = X509_NAME_add_entry(name, ne, loc, set);
194 X509_NAME_ENTRY_free(ne);
195 return ret;
196}
197
198int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
199 unsigned char *bytes, int len, int loc, int set)
200{
201 X509_NAME_ENTRY *ne;
202 int ret;
203 ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
204 if(!ne) return 0;
205 ret = X509_NAME_add_entry(name, ne, loc, set);
206 X509_NAME_ENTRY_free(ne);
207 return ret;
208}
209
174/* if set is -1, append to previous set, 0 'a new one', and 1, 210/* if set is -1, append to previous set, 0 'a new one', and 1,
175 * prepend to the guy we are about to stomp on. */ 211 * prepend to the guy we are about to stomp on. */
176int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, 212int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
@@ -236,10 +272,30 @@ err:
236 return(0); 272 return(0);
237 } 273 }
238 274
275X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
276 char *field, int type, unsigned char *bytes, int len)
277 {
278 ASN1_OBJECT *obj;
279 X509_NAME_ENTRY *nentry;
280
281 obj=OBJ_txt2obj(field, 0);
282 if (obj == NULL)
283 {
284 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
285 X509_R_INVALID_FIELD_NAME);
286 ERR_add_error_data(2, "name=", field);
287 return(NULL);
288 }
289 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
290 ASN1_OBJECT_free(obj);
291 return nentry;
292 }
293
239X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, 294X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
240 int type, unsigned char *bytes, int len) 295 int type, unsigned char *bytes, int len)
241 { 296 {
242 ASN1_OBJECT *obj; 297 ASN1_OBJECT *obj;
298 X509_NAME_ENTRY *nentry;
243 299
244 obj=OBJ_nid2obj(nid); 300 obj=OBJ_nid2obj(nid);
245 if (obj == NULL) 301 if (obj == NULL)
@@ -247,7 +303,9 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
247 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID); 303 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
248 return(NULL); 304 return(NULL);
249 } 305 }
250 return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len)); 306 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
307 ASN1_OBJECT_free(obj);
308 return nentry;
251 } 309 }
252 310
253X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, 311X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
@@ -267,7 +325,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
267 goto err; 325 goto err;
268 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len)) 326 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
269 goto err; 327 goto err;
270 328
271 if ((ne != NULL) && (*ne == NULL)) *ne=ret; 329 if ((ne != NULL) && (*ne == NULL)) *ne=ret;
272 return(ret); 330 return(ret);
273err: 331err:
@@ -294,6 +352,10 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
294 int i; 352 int i;
295 353
296 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0); 354 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
355 if(type & MBSTRING_FLAG)
356 return ASN1_STRING_set_by_NID(&ne->value, bytes,
357 len, type,
358 OBJ_obj2nid(ne->object)) ? 1 : 0;
297 if (len < 0) len=strlen((char *)bytes); 359 if (len < 0) len=strlen((char *)bytes);
298 i=ASN1_STRING_set(ne->value,bytes,len); 360 i=ASN1_STRING_set(ne->value,bytes,len);
299 if (!i) return(0); 361 if (!i) return(0);
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
new file mode 100644
index 0000000000..b35c3f92e7
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509spki.c
@@ -0,0 +1,121 @@
1/* x509spki.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509.h>
62#include <openssl/asn1_mac.h>
63
64int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
65{
66 if ((x == NULL) || (x->spkac == NULL)) return(0);
67 return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
68}
69
70EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
71{
72 if ((x == NULL) || (x->spkac == NULL))
73 return(NULL);
74 return(X509_PUBKEY_get(x->spkac->pubkey));
75}
76
77/* Load a Netscape SPKI from a base64 encoded string */
78
79NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
80{
81 unsigned char *spki_der, *p;
82 int spki_len;
83 NETSCAPE_SPKI *spki;
84 if(len <= 0) len = strlen(str);
85 if (!(spki_der = Malloc(len + 1))) {
86 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89 spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
90 if(spki_len < 0) {
91 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
92 X509_R_BASE64_DECODE_ERROR);
93 Free(spki_der);
94 return NULL;
95 }
96 p = spki_der;
97 spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
98 Free(spki_der);
99 return spki;
100}
101
102/* Generate a base64 encoded string from an SPKI */
103
104char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
105{
106 unsigned char *der_spki, *p;
107 char *b64_str;
108 int der_len;
109 der_len = i2d_NETSCAPE_SPKI(spki, NULL);
110 der_spki = Malloc(der_len);
111 b64_str = Malloc(der_len * 2);
112 if(!der_spki || !b64_str) {
113 X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
114 return NULL;
115 }
116 p = der_spki;
117 i2d_NETSCAPE_SPKI(spki, &p);
118 EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
119 Free(der_spki);
120 return b64_str;
121}
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
index f2af895df0..d2bf3c8e1c 100644
--- a/src/lib/libcrypto/x509/x_all.c
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -285,10 +285,22 @@ RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
285 (unsigned char **)(rsa))); 285 (unsigned char **)(rsa)));
286 } 286 }
287 287
288RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
289 {
290 return((RSA *)ASN1_d2i_fp((char *(*)())
291 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp),
292 (unsigned char **)(rsa)));
293 }
294
288int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) 295int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
289 { 296 {
290 return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa)); 297 return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
291 } 298 }
299
300int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
301 {
302 return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa));
303 }
292#endif 304#endif
293 305
294RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) 306RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
@@ -310,10 +322,22 @@ RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
310 (unsigned char **)(rsa))); 322 (unsigned char **)(rsa)));
311 } 323 }
312 324
325RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
326 {
327 return((RSA *)ASN1_d2i_bio((char *(*)())
328 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp),
329 (unsigned char **)(rsa)));
330 }
331
313int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) 332int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
314 { 333 {
315 return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa)); 334 return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
316 } 335 }
336
337int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
338 {
339 return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa));
340 }
317#endif 341#endif
318 342
319#ifndef NO_DSA 343#ifndef NO_DSA
@@ -329,6 +353,18 @@ int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
329 { 353 {
330 return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa)); 354 return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
331 } 355 }
356
357DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
358 {
359 return((DSA *)ASN1_d2i_fp((char *(*)())
360 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp),
361 (unsigned char **)(dsa)));
362 }
363
364int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
365 {
366 return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa));
367 }
332#endif 368#endif
333 369
334DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) 370DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
@@ -342,6 +378,19 @@ int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
342 { 378 {
343 return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa)); 379 return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
344 } 380 }
381
382DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
383 {
384 return((DSA *)ASN1_d2i_bio((char *(*)())
385 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp),
386 (unsigned char **)(dsa)));
387 }
388
389int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
390 {
391 return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa));
392 }
393
345#endif 394#endif
346 395
347X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn) 396X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn)
@@ -362,19 +411,19 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
362 (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne)); 411 (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
363 } 412 }
364 413
365int X509_digest(X509 *data, EVP_MD *type, unsigned char *md, 414int X509_digest(X509 *data, const EVP_MD *type, unsigned char *md,
366 unsigned int *len) 415 unsigned int *len)
367 { 416 {
368 return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)); 417 return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
369 } 418 }
370 419
371int X509_NAME_digest(X509_NAME *data, EVP_MD *type, unsigned char *md, 420int X509_NAME_digest(X509_NAME *data, const EVP_MD *type, unsigned char *md,
372 unsigned int *len) 421 unsigned int *len)
373 { 422 {
374 return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)); 423 return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
375 } 424 }
376 425
377int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, EVP_MD *type, 426int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
378 unsigned char *md, unsigned int *len) 427 unsigned char *md, unsigned int *len)
379 { 428 {
380 return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type, 429 return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
@@ -420,6 +469,29 @@ int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
420 { 469 {
421 return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf)); 470 return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
422 } 471 }
472
473int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
474 {
475 PKCS8_PRIV_KEY_INFO *p8inf;
476 int ret;
477 p8inf = EVP_PKEY2PKCS8(key);
478 if(!p8inf) return 0;
479 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
480 PKCS8_PRIV_KEY_INFO_free(p8inf);
481 return ret;
482 }
483
484int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
485 {
486 return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey));
487 }
488
489EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
490{
491 return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
492 (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
493}
494
423#endif 495#endif
424 496
425PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, 497PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
@@ -435,3 +507,25 @@ int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
435 { 507 {
436 return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf)); 508 return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
437 } 509 }
510
511int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
512 {
513 PKCS8_PRIV_KEY_INFO *p8inf;
514 int ret;
515 p8inf = EVP_PKEY2PKCS8(key);
516 if(!p8inf) return 0;
517 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
518 PKCS8_PRIV_KEY_INFO_free(p8inf);
519 return ret;
520 }
521
522int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
523 {
524 return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey));
525 }
526
527EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
528 {
529 return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
530 (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
531 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-11 01:47:35 +0000