summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
authorryker <>1998-10-05 20:13:14 +0000
committerryker <>1998-10-05 20:13:14 +0000
commitaeeae06a79815dc190061534d47236cec09f9e32 (patch)
tree851692b9c2f9c04f077666855641900f19fdb217 /src/lib/libcrypto/x509
parenta4f79641824cbf9f60ca9d1168d1fcc46717a82a (diff)
downloadopenbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.gz
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.bz2
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.zip
Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
Diffstat (limited to 'src/lib/libcrypto/x509')
-rw-r--r--src/lib/libcrypto/x509/by_dir.c359
-rw-r--r--src/lib/libcrypto/x509/by_file.c282
-rw-r--r--src/lib/libcrypto/x509/x509.h1152
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c257
-rw-r--r--src/lib/libcrypto/x509/x509_d2.c110
-rw-r--r--src/lib/libcrypto/x509/x509_def.c83
-rw-r--r--src/lib/libcrypto/x509/x509_err.c130
-rw-r--r--src/lib/libcrypto/x509/x509_ext.c222
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c446
-rw-r--r--src/lib/libcrypto/x509/x509_obj.c179
-rw-r--r--src/lib/libcrypto/x509/x509_r2x.c122
-rw-r--r--src/lib/libcrypto/x509/x509_req.c116
-rw-r--r--src/lib/libcrypto/x509/x509_set.c164
-rw-r--r--src/lib/libcrypto/x509/x509_txt.c132
-rw-r--r--src/lib/libcrypto/x509/x509_v3.c409
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c704
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h378
-rw-r--r--src/lib/libcrypto/x509/x509name.c358
-rw-r--r--src/lib/libcrypto/x509/x509rset.c89
-rw-r--r--src/lib/libcrypto/x509/x509type.c115
-rw-r--r--src/lib/libcrypto/x509/x_all.c465
21 files changed, 6272 insertions, 0 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
new file mode 100644
index 0000000000..11725ec94c
--- /dev/null
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -0,0 +1,359 @@
1/* crypto/x509/by_dir.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64
65#include "cryptlib.h"
66#include "lhash.h"
67#include "x509.h"
68#include "pem.h"
69
70typedef struct lookup_dir_st
71 {
72 BUF_MEM *buffer;
73 int num_dirs;
74 char **dirs;
75 int *dirs_type;
76 int num_dirs_alloced;
77 } BY_DIR;
78
79#ifndef NOPROTO
80static int dir_ctrl(X509_LOOKUP *ctx,int cmd,char *argp,long argl,char **ret);
81static int new_dir(X509_LOOKUP *lu);
82static void free_dir(X509_LOOKUP *lu);
83static int add_cert_dir(BY_DIR *ctx,char *dir,int type);
84static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
85 X509_OBJECT *ret);
86#else
87static int dir_ctrl();
88static int new_dir();
89static void free_dir();
90static int add_cert_dir();
91static int get_cert_by_subject();
92#endif
93
94X509_LOOKUP_METHOD x509_dir_lookup=
95 {
96 "Load certs from files in a directory",
97 new_dir, /* new */
98 free_dir, /* free */
99 NULL, /* init */
100 NULL, /* shutdown */
101 dir_ctrl, /* ctrl */
102 get_cert_by_subject, /* get_by_subject */
103 NULL, /* get_by_issuer_serial */
104 NULL, /* get_by_fingerprint */
105 NULL, /* get_by_alias */
106 };
107
108X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir()
109 {
110 return(&x509_dir_lookup);
111 }
112
113static int dir_ctrl(ctx,cmd,argp,argl,retp)
114X509_LOOKUP *ctx;
115int cmd;
116long argl;
117char *argp;
118char **retp;
119 {
120 int ret=0;
121 BY_DIR *ld;
122 char *dir;
123
124 ld=(BY_DIR *)ctx->method_data;
125
126 switch (cmd)
127 {
128 case X509_L_ADD_DIR:
129 if (argl == X509_FILETYPE_DEFAULT)
130 {
131 ret=add_cert_dir(ld,X509_get_default_cert_dir(),
132 X509_FILETYPE_PEM);
133 if (!ret)
134 {
135 X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
136 }
137 else
138 {
139 dir=(char *)Getenv(X509_get_default_cert_dir_env());
140 ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
141 }
142 }
143 else
144 ret=add_cert_dir(ld,argp,(int)argl);
145 break;
146 }
147 return(ret);
148 }
149
150static int new_dir(lu)
151X509_LOOKUP *lu;
152 {
153 BY_DIR *a;
154
155 if ((a=(BY_DIR *)Malloc(sizeof(BY_DIR))) == NULL)
156 return(0);
157 if ((a->buffer=BUF_MEM_new()) == NULL)
158 {
159 Free(a);
160 return(0);
161 }
162 a->num_dirs=0;
163 a->dirs=NULL;
164 a->dirs_type=NULL;
165 a->num_dirs_alloced=0;
166 lu->method_data=(char *)a;
167 return(1);
168 }
169
170static void free_dir(lu)
171X509_LOOKUP *lu;
172 {
173 BY_DIR *a;
174 int i;
175
176 a=(BY_DIR *)lu->method_data;
177 for (i=0; i<a->num_dirs; i++)
178 if (a->dirs[i] != NULL) Free(a->dirs[i]);
179 if (a->dirs != NULL) Free(a->dirs);
180 if (a->dirs_type != NULL) Free(a->dirs_type);
181 if (a->buffer != NULL) BUF_MEM_free(a->buffer);
182 Free(a);
183 }
184
185static int add_cert_dir(ctx,dir, type)
186BY_DIR *ctx;
187char *dir;
188int type;
189 {
190 int j,len;
191 int *ip;
192 char *s,*ss,*p;
193 char **pp;
194
195 if (dir == NULL) return(0);
196
197 s=dir;
198 p=s;
199 for (;;)
200 {
201 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
202 {
203 ss=s;
204 s=p+1;
205 len=(int)(p-ss);
206 if (len == 0) continue;
207 for (j=0; j<ctx->num_dirs; j++)
208 if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
209 continue;
210 if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
211 {
212 ctx->num_dirs_alloced+=10;
213 pp=(char **)Malloc(ctx->num_dirs_alloced*
214 sizeof(char *));
215 ip=(int *)Malloc(ctx->num_dirs_alloced*
216 sizeof(int));
217 if ((pp == NULL) || (ip == NULL))
218 {
219 X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
220 return(0);
221 }
222 memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
223 sizeof(char *));
224 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
225 sizeof(int));
226 if (ctx->dirs != NULL)
227 Free((char *)ctx->dirs);
228 if (ctx->dirs_type != NULL)
229 Free((char *)ctx->dirs_type);
230 ctx->dirs=pp;
231 ctx->dirs_type=ip;
232 }
233 ctx->dirs_type[ctx->num_dirs]=type;
234 ctx->dirs[ctx->num_dirs]=(char *)Malloc((unsigned int)len+1);
235 if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
236 strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
237 ctx->dirs[ctx->num_dirs][len]='\0';
238 ctx->num_dirs++;
239 }
240 if (*p == '\0') break;
241 p++;
242 }
243 return(1);
244 }
245
246static int get_cert_by_subject(xl,type,name,ret)
247X509_LOOKUP *xl;
248int type;
249X509_NAME *name;
250X509_OBJECT *ret;
251 {
252 BY_DIR *ctx;
253 union {
254 struct {
255 X509 st_x509;
256 X509_CINF st_x509_cinf;
257 } x509;
258 struct {
259 X509_CRL st_crl;
260 X509_CRL_INFO st_crl_info;
261 } crl;
262 } data;
263 int ok=0;
264 int i,j,k;
265 unsigned long h;
266 BUF_MEM *b=NULL;
267 struct stat st;
268 X509_OBJECT stmp,*tmp;
269 char *postfix="";
270
271 if (name == NULL) return(0);
272
273 stmp.type=type;
274 if (type == X509_LU_X509)
275 {
276 data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
277 data.x509.st_x509_cinf.subject=name;
278 stmp.data.x509= &data.x509.st_x509;
279 postfix="";
280 }
281 else if (type == X509_LU_CRL)
282 {
283 data.crl.st_crl.crl= &data.crl.st_crl_info;
284 data.crl.st_crl_info.issuer=name;
285 stmp.data.crl= &data.crl.st_crl;
286 postfix="r";
287 }
288 else
289 {
290 X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
291 goto finish;
292 }
293
294 if ((b=BUF_MEM_new()) == NULL)
295 {
296 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
297 goto finish;
298 }
299
300 ctx=(BY_DIR *)xl->method_data;
301
302 h=X509_NAME_hash(name);
303 for (i=0; i<ctx->num_dirs; i++)
304 {
305 j=strlen(ctx->dirs[i])+1+8+6+1+1;
306 if (!BUF_MEM_grow(b,j))
307 {
308 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
309 goto finish;
310 }
311 k=0;
312 for (;;)
313 {
314 sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h,
315 postfix,k);
316 k++;
317 if (stat(b->data,&st) < 0)
318 break;
319 /* found one. */
320 if (type == X509_LU_X509)
321 {
322 if ((X509_load_cert_file(xl,b->data,
323 ctx->dirs_type[i])) == 0)
324 break;
325 }
326 else if (type == X509_LU_CRL)
327 {
328 if ((X509_load_crl_file(xl,b->data,
329 ctx->dirs_type[i])) == 0)
330 break;
331 }
332 /* else case will caught higher up */
333 }
334
335 /* we have added it to the cache so now pull
336 * it out again */
337 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
338 tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,
339 (char *)&stmp);
340 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
341
342 if (tmp != NULL)
343 {
344 ok=1;
345 ret->type=tmp->type;
346 memcpy(&ret->data,&tmp->data,sizeof(ret->data));
347 /* If we were going to up the reference count,
348 * we would need to do it on a perl 'type'
349 * basis */
350 /* CRYPTO_add(&tmp->data.x509->references,1,
351 CRYPTO_LOCK_X509);*/
352 goto finish;
353 }
354 }
355finish:
356 if (b != NULL) BUF_MEM_free(b);
357 return(ok);
358 }
359
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
new file mode 100644
index 0000000000..09ebb9bf08
--- /dev/null
+++ b/src/lib/libcrypto/x509/by_file.c
@@ -0,0 +1,282 @@
1/* crypto/x509/by_file.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64
65#include "cryptlib.h"
66#include "lhash.h"
67#include "buffer.h"
68#include "x509.h"
69#include "pem.h"
70
71#ifndef NO_STDIO
72
73#ifndef NOPROTO
74static int by_file_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,
75 long argl,char **ret);
76#else
77static int by_file_ctrl();
78#endif
79
80X509_LOOKUP_METHOD x509_file_lookup=
81 {
82 "Load file into cache",
83 NULL, /* new */
84 NULL, /* free */
85 NULL, /* init */
86 NULL, /* shutdown */
87 by_file_ctrl, /* ctrl */
88 NULL, /* get_by_subject */
89 NULL, /* get_by_issuer_serial */
90 NULL, /* get_by_fingerprint */
91 NULL, /* get_by_alias */
92 };
93
94X509_LOOKUP_METHOD *X509_LOOKUP_file()
95 {
96 return(&x509_file_lookup);
97 }
98
99static int by_file_ctrl(ctx,cmd,argp,argl,ret)
100X509_LOOKUP *ctx;
101int cmd;
102char *argp;
103long argl;
104char **ret;
105 {
106 int ok=0,ok2=0;
107 char *file;
108
109 switch (cmd)
110 {
111 case X509_L_FILE_LOAD:
112 if (argl == X509_FILETYPE_DEFAULT)
113 {
114 ok=X509_load_cert_file(ctx,X509_get_default_cert_file(),
115 X509_FILETYPE_PEM);
116 ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(),
117 X509_FILETYPE_PEM);
118 if (!ok || !ok2)
119 {
120 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
121 }
122 else
123 {
124 file=(char *)Getenv(X509_get_default_cert_file_env());
125 ok=X509_load_cert_file(ctx,file,
126 X509_FILETYPE_PEM);
127 ok2=X509_load_crl_file(ctx,file,
128 X509_FILETYPE_PEM);
129 }
130 }
131 else
132 {
133 ok=X509_load_cert_file(ctx,argp,(int)argl);
134 ok2=X509_load_crl_file(ctx,argp,(int)argl);
135 }
136 break;
137 }
138 return((ok && ok2)?ok:0);
139 }
140
141int X509_load_cert_file(ctx,file,type)
142X509_LOOKUP *ctx;
143char *file;
144int type;
145 {
146 int ret=0;
147 BIO *in=NULL;
148 int i,count=0;
149 X509 *x=NULL;
150
151 if (file == NULL) return(1);
152 in=BIO_new(BIO_s_file_internal());
153
154 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
155 {
156 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
157 goto err;
158 }
159
160 if (type == X509_FILETYPE_PEM)
161 {
162 for (;;)
163 {
164 x=PEM_read_bio_X509(in,NULL,NULL);
165 if (x == NULL)
166 {
167 if ((ERR_GET_REASON(ERR_peek_error()) ==
168 PEM_R_NO_START_LINE) && (count > 0))
169 {
170 ERR_clear_error();
171 break;
172 }
173 else
174 {
175 X509err(X509_F_X509_LOAD_CERT_FILE,
176 ERR_R_PEM_LIB);
177 goto err;
178 }
179 }
180 i=X509_STORE_add_cert(ctx->store_ctx,x);
181 if (!i) goto err;
182 count++;
183 X509_free(x);
184 x=NULL;
185 }
186 ret=count;
187 }
188 else if (type == X509_FILETYPE_ASN1)
189 {
190 x=d2i_X509_bio(in,NULL);
191 if (x == NULL)
192 {
193 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
194 goto err;
195 }
196 i=X509_STORE_add_cert(ctx->store_ctx,x);
197 if (!i) goto err;
198 ret=i;
199 }
200 else
201 {
202 X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
203 goto err;
204 }
205err:
206 if (x != NULL) X509_free(x);
207 if (in != NULL) BIO_free(in);
208 return(ret);
209 }
210
211int X509_load_crl_file(ctx,file,type)
212X509_LOOKUP *ctx;
213char *file;
214int type;
215 {
216 int ret=0;
217 BIO *in=NULL;
218 int i,count=0;
219 X509_CRL *x=NULL;
220
221 if (file == NULL) return(1);
222 in=BIO_new(BIO_s_file_internal());
223
224 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
225 {
226 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
227 goto err;
228 }
229
230 if (type == X509_FILETYPE_PEM)
231 {
232 for (;;)
233 {
234 x=PEM_read_bio_X509_CRL(in,NULL,NULL);
235 if (x == NULL)
236 {
237 if ((ERR_GET_REASON(ERR_peek_error()) ==
238 PEM_R_NO_START_LINE) && (count > 0))
239 {
240 ERR_clear_error();
241 break;
242 }
243 else
244 {
245 X509err(X509_F_X509_LOAD_CRL_FILE,
246 ERR_R_PEM_LIB);
247 goto err;
248 }
249 }
250 i=X509_STORE_add_crl(ctx->store_ctx,x);
251 if (!i) goto err;
252 count++;
253 X509_CRL_free(x);
254 x=NULL;
255 }
256 ret=count;
257 }
258 else if (type == X509_FILETYPE_ASN1)
259 {
260 x=d2i_X509_CRL_bio(in,NULL);
261 if (x == NULL)
262 {
263 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
264 goto err;
265 }
266 i=X509_STORE_add_crl(ctx->store_ctx,x);
267 if (!i) goto err;
268 ret=i;
269 }
270 else
271 {
272 X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
273 goto err;
274 }
275err:
276 if (x != NULL) X509_CRL_free(x);
277 if (in != NULL) BIO_free(in);
278 return(ret);
279 }
280
281#endif /* NO_STDIO */
282
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
new file mode 100644
index 0000000000..95114f7c43
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509.h
@@ -0,0 +1,1152 @@
1/* crypto/x509/x509.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_H
60#define HEADER_X509_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66#include "stack.h"
67#include "asn1.h"
68
69#ifndef NO_RSA
70#include "rsa.h"
71#else
72#define RSA long
73#endif
74
75#ifndef NO_DSA
76#include "dsa.h"
77#else
78#define DSA long
79#endif
80
81#ifndef NO_DH
82#include "dh.h"
83#else
84#define DH long
85#endif
86
87#include "evp.h"
88
89#define X509_FILETYPE_PEM 1
90#define X509_FILETYPE_ASN1 2
91#define X509_FILETYPE_DEFAULT 3
92
93#define X509v3_KU_DIGITAL_SIGNATURE 0x0080
94#define X509v3_KU_NON_REPUDIATION 0x0040
95#define X509v3_KU_KEY_ENCIPHERMENT 0x0020
96#define X509v3_KU_DATA_ENCIPHERMENT 0x0010
97#define X509v3_KU_KEY_AGREEMENT 0x0008
98#define X509v3_KU_KEY_CERT_SIGN 0x0004
99#define X509v3_KU_CRL_SIGN 0x0002
100#define X509v3_KU_ENCIPHER_ONLY 0x0001
101#define X509v3_KU_DECIPHER_ONLY 0x8000
102#define X509v3_KU_UNDEF 0xffff
103
104typedef struct X509_objects_st
105 {
106 int nid;
107 int (*a2i)();
108 int (*i2a)();
109 } X509_OBJECTS;
110
111typedef struct X509_algor_st
112 {
113 ASN1_OBJECT *algorithm;
114 ASN1_TYPE *parameter;
115 } X509_ALGOR;
116
117typedef struct X509_val_st
118 {
119 ASN1_UTCTIME *notBefore;
120 ASN1_UTCTIME *notAfter;
121 } X509_VAL;
122
123typedef struct X509_pubkey_st
124 {
125 X509_ALGOR *algor;
126 ASN1_BIT_STRING *public_key;
127 struct evp_pkey_st /* EVP_PKEY*/ *pkey;
128 } X509_PUBKEY;
129
130typedef struct X509_sig_st
131 {
132 X509_ALGOR *algor;
133 ASN1_OCTET_STRING *digest;
134 } X509_SIG;
135
136typedef struct X509_name_entry_st
137 {
138 ASN1_OBJECT *object;
139 ASN1_STRING *value;
140 int set;
141 int size; /* temp variable */
142 } X509_NAME_ENTRY;
143
144/* we always keep X509_NAMEs in 2 forms. */
145typedef struct X509_name_st
146 {
147 STACK *entries; /* of X509_NAME_ENTRY */
148 int modified; /* true if 'bytes' needs to be built */
149#ifdef HEADER_BUFFER_H
150 BUF_MEM *bytes;
151#else
152 char *bytes;
153#endif
154 unsigned long hash; /* Keep the hash around for lookups */
155 } X509_NAME;
156
157#define X509_EX_V_NETSCAPE_HACK 0x8000
158#define X509_EX_V_INIT 0x0001
159typedef struct X509_extension_st
160 {
161 ASN1_OBJECT *object;
162 short critical;
163 short netscape_hack;
164 ASN1_OCTET_STRING *value;
165 long argl; /* used when decoding */
166 char *argp; /* used when decoding */
167 void (*ex_free)(); /* clear argp stuff */
168 } X509_EXTENSION;
169
170/* #if 1 */
171typedef struct x509_extension_method_st
172 {
173 int nid;
174 int data_type;
175 int pack_type;
176 void (*ex_clear)();
177 int (*ex_get_bool)();
178 int (*ex_set_bool)();
179 int (*ex_get_str)();
180 int (*ex_set_str)();
181 char *(*ex_get_struct)();
182 int (*ex_set_struct)();
183 int (*a2i)();
184 int (*i2a)();
185 } X509_EXTENSION_METHOD;
186/* #endif */
187
188typedef struct X509_req_info_st
189 {
190 ASN1_INTEGER *version;
191 X509_NAME *subject;
192 X509_PUBKEY *pubkey;
193 /* d=2 hl=2 l= 0 cons: cont: 00 */
194 STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */
195 int req_kludge;
196 } X509_REQ_INFO;
197
198typedef struct X509_req_st
199 {
200 X509_REQ_INFO *req_info;
201 X509_ALGOR *sig_alg;
202 ASN1_BIT_STRING *signature;
203 int references;
204 } X509_REQ;
205
206typedef struct x509_cinf_st
207 {
208 ASN1_INTEGER *version; /* [ 0 ] default of v1 */
209 ASN1_INTEGER *serialNumber;
210 X509_ALGOR *signature;
211 X509_NAME *issuer;
212 X509_VAL *validity;
213 X509_NAME *subject;
214 X509_PUBKEY *key;
215 ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
216 ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
217 STACK /* X509_EXTENSION */ *extensions; /* [ 3 ] optional in v3 */
218 } X509_CINF;
219
220typedef struct x509_st
221 {
222 X509_CINF *cert_info;
223 X509_ALGOR *sig_alg;
224 ASN1_BIT_STRING *signature;
225 int valid;
226 int references;
227 char *name;
228 } X509;
229
230typedef struct X509_revoked_st
231 {
232 ASN1_INTEGER *serialNumber;
233 ASN1_UTCTIME *revocationDate;
234 STACK /* optional X509_EXTENSION */ *extensions;
235 int sequence; /* load sequence */
236 } X509_REVOKED;
237
238typedef struct X509_crl_info_st
239 {
240 ASN1_INTEGER *version;
241 X509_ALGOR *sig_alg;
242 X509_NAME *issuer;
243 ASN1_UTCTIME *lastUpdate;
244 ASN1_UTCTIME *nextUpdate;
245 STACK /* X509_REVOKED */ *revoked;
246 STACK /* [0] X509_EXTENSION */ *extensions;
247 } X509_CRL_INFO;
248
249typedef struct X509_crl_st
250 {
251 /* actual signature */
252 X509_CRL_INFO *crl;
253 X509_ALGOR *sig_alg;
254 ASN1_BIT_STRING *signature;
255 int references;
256 } X509_CRL;
257
258/* a sequence of these are used */
259typedef struct x509_attributes_st
260 {
261 ASN1_OBJECT *object;
262 int set; /* 1 for a set, 0 for a single item (which is wrong) */
263 union {
264 char *ptr;
265/* 1 */ STACK /* ASN1_TYPE */ *set;
266/* 0 */ ASN1_TYPE *single;
267 } value;
268 } X509_ATTRIBUTE;
269
270typedef struct private_key_st
271 {
272 int version;
273 /* The PKCS#8 data types */
274 X509_ALGOR *enc_algor;
275 ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
276
277 /* When decrypted, the following will not be NULL */
278 EVP_PKEY *dec_pkey;
279
280 /* used to encrypt and decrypt */
281 int key_length;
282 char *key_data;
283 int key_free; /* true if we should auto free key_data */
284
285 /* expanded version of 'enc_algor' */
286 EVP_CIPHER_INFO cipher;
287
288 int references;
289 } X509_PKEY;
290
291#ifdef HEADER_ENVELOPE_H
292typedef struct X509_info_st
293 {
294 X509 *x509;
295 X509_CRL *crl;
296 X509_PKEY *x_pkey;
297
298 EVP_CIPHER_INFO enc_cipher;
299 int enc_len;
300 char *enc_data;
301
302 int references;
303 } X509_INFO;
304#endif
305
306/* The next 2 structures and their 8 routines were sent to me by
307 * Pat Richard <patr@x509.com> and are used to manipulate
308 * Netscapes spki strucutres - usefull if you are writing a CA web page
309 */
310typedef struct Netscape_spkac_st
311 {
312 X509_PUBKEY *pubkey;
313 ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
314 } NETSCAPE_SPKAC;
315
316typedef struct Netscape_spki_st
317 {
318 NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
319 X509_ALGOR *sig_algor;
320 ASN1_BIT_STRING *signature;
321 } NETSCAPE_SPKI;
322
323#ifndef HEADER_BN_H
324#define BIGNUM char
325#endif
326
327typedef struct CBCParameter_st
328 {
329 unsigned char iv[8];
330 } CBC_PARAM;
331
332#include "x509_vfy.h"
333#include "pkcs7.h"
334
335#ifdef SSLEAY_MACROS
336#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
337 a->signature,(char *)a->cert_info,r)
338#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
339 a->sig_alg,a->signature,(char *)a->req_info,r)
340#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
341 a->sig_alg, a->signature,(char *)a->crl,r)
342
343#define X509_sign(x,pkey,md) \
344 ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
345 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
346#define X509_REQ_sign(x,pkey,md) \
347 ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
348 x->signature, (char *)x->req_info,pkey,md)
349#define X509_CRL_sign(x,pkey,md) \
350 ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
351 x->signature, (char *)x->crl,pkey,md)
352#define NETSCAPE_SPKI_sign(x,pkey,md) \
353 ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
354 x->signature, (char *)x->spkac,pkey,md)
355
356#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
357 (char *(*)())d2i_X509,(char *)x509)
358#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
359 (int (*)())i2d_X509_EXTENSION, \
360 (char *(*)())d2i_X509_EXTENSION,(char *)ex)
361#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
362 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
363#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
364#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
365 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
366#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
367
368#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
369 (char *(*)())d2i_X509_CRL,(char *)crl)
370#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
371 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
372 (unsigned char **)(crl))
373#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
374 (unsigned char *)crl)
375#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
376 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
377 (unsigned char **)(crl))
378#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
379 (unsigned char *)crl)
380
381#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
382 (char *(*)())d2i_PKCS7,(char *)p7)
383#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
384 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
385 (unsigned char **)(p7))
386#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
387 (unsigned char *)p7)
388#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
389 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
390 (unsigned char **)(p7))
391#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
392 (unsigned char *)p7)
393
394#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
395 (char *(*)())d2i_X509_REQ,(char *)req)
396#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
397 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
398 (unsigned char **)(req))
399#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
400 (unsigned char *)req)
401#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
402 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
403 (unsigned char **)(req))
404#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
405 (unsigned char *)req)
406
407#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
408 (char *(*)())d2i_RSAPublicKey,(char *)rsa)
409#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
410 (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
411
412#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
413 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
414 (unsigned char **)(rsa))
415#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
416 (unsigned char *)rsa)
417#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
418 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
419 (unsigned char **)(rsa))
420#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
421 (unsigned char *)rsa)
422
423#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
424 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
425 (unsigned char **)(rsa))
426#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
427 (unsigned char *)rsa)
428#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
429 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
430 (unsigned char **)(rsa))
431#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
432 (unsigned char *)rsa)
433
434#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
435 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
436 (unsigned char **)(dsa))
437#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
438 (unsigned char *)dsa)
439#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
440 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
441 (unsigned char **)(dsa))
442#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
443 (unsigned char *)dsa)
444
445#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
446 (char *(*)())d2i_X509_NAME,(char *)xn)
447#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
448 (int (*)())i2d_X509_NAME_ENTRY, \
449 (char *(*)())d2i_X509_NAME_ENTRY,\
450 (char *)ne)
451
452#define X509_digest(data,type,md,len) \
453 ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
454#define X509_NAME_digest(data,type,md,len) \
455 ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
456#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
457 ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
458 (char *)data,md,len)
459#endif
460
461#define X509_EXT_PACK_UNKNOWN 1
462#define X509_EXT_PACK_STRING 2
463
464#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
465/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
466#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
467#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
468#define X509_extract_key(x) X509_get_pubkey(x) /*****/
469#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
470#define X509_REQ_get_subject_name(x) ((x)->req_info->subject)
471#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
472#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
473#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
474
475/* This one is only used so that a binary form can output, as in
476 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
477#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
478
479#ifndef NOPROTO
480
481#ifndef SSLEAY_MACROS
482#ifdef HEADER_ENVELOPE_H
483int X509_verify(X509 *a, EVP_PKEY *r);
484char *X509_verify_cert_error_string(long n);
485
486int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
487int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
488int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
489
490int X509_sign(X509 *x, EVP_PKEY *pkey, EVP_MD *md);
491int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, EVP_MD *md);
492int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, EVP_MD *md);
493int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, EVP_MD *md);
494
495int X509_digest(X509 *data,EVP_MD *type,unsigned char *md,unsigned int *len);
496int X509_NAME_digest(X509_NAME *data,EVP_MD *type,
497 unsigned char *md,unsigned int *len);
498#endif
499
500#ifndef NO_FP_API
501X509 *d2i_X509_fp(FILE *fp, X509 *x509);
502int i2d_X509_fp(FILE *fp,X509 *x509);
503X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL *crl);
504int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
505X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ *req);
506int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
507RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
508int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
509DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
510int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
511RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA *rsa);
512int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
513#endif
514
515#ifdef HEADER_BIO_H
516X509 *d2i_X509_bio(BIO *bp,X509 *x509);
517int i2d_X509_bio(BIO *bp,X509 *x509);
518X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL *crl);
519int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
520X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ *req);
521int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
522RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
523int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
524DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
525int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
526RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA *rsa);
527int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
528#endif
529
530X509 *X509_dup(X509 *x509);
531X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
532X509_CRL *X509_CRL_dup(X509_CRL *crl);
533X509_REQ *X509_REQ_dup(X509_REQ *req);
534X509_NAME *X509_NAME_dup(X509_NAME *xn);
535X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
536RSA *RSAPublicKey_dup(RSA *rsa);
537RSA *RSAPrivateKey_dup(RSA *rsa);
538
539#endif /* !SSLEAY_MACROS */
540
541int X509_cmp_current_time(ASN1_UTCTIME *s);
542ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
543
544char * X509_get_default_cert_area(void );
545char * X509_get_default_cert_dir(void );
546char * X509_get_default_cert_file(void );
547char * X509_get_default_cert_dir_env(void );
548char * X509_get_default_cert_file_env(void );
549char * X509_get_default_private_dir(void );
550
551X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md);
552X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
553void ERR_load_X509_strings(void );
554
555X509_ALGOR * X509_ALGOR_new(void );
556void X509_ALGOR_free(X509_ALGOR *a);
557int i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp);
558X509_ALGOR * d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp,
559 long length);
560
561X509_VAL * X509_VAL_new(void );
562void X509_VAL_free(X509_VAL *a);
563int i2d_X509_VAL(X509_VAL *a,unsigned char **pp);
564X509_VAL * d2i_X509_VAL(X509_VAL **a,unsigned char **pp,
565 long length);
566
567X509_PUBKEY * X509_PUBKEY_new(void );
568void X509_PUBKEY_free(X509_PUBKEY *a);
569int i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp);
570X509_PUBKEY * d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp,
571 long length);
572int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
573EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
574int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK *chain);
575
576
577X509_SIG * X509_SIG_new(void );
578void X509_SIG_free(X509_SIG *a);
579int i2d_X509_SIG(X509_SIG *a,unsigned char **pp);
580X509_SIG * d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length);
581
582X509_REQ_INFO *X509_REQ_INFO_new(void);
583void X509_REQ_INFO_free(X509_REQ_INFO *a);
584int i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp);
585X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp,
586 long length);
587
588X509_REQ * X509_REQ_new(void);
589void X509_REQ_free(X509_REQ *a);
590int i2d_X509_REQ(X509_REQ *a,unsigned char **pp);
591X509_REQ * d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length);
592
593X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
594void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
595int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
596X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
597 long length);
598
599X509_EXTENSION *X509_EXTENSION_new(void );
600void X509_EXTENSION_free(X509_EXTENSION *a);
601int i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp);
602X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp,
603 long length);
604
605X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
606void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a);
607int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp);
608X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp,
609 long length);
610
611X509_NAME * X509_NAME_new(void);
612void X509_NAME_free(X509_NAME *a);
613int i2d_X509_NAME(X509_NAME *a,unsigned char **pp);
614X509_NAME * d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length);
615int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
616
617
618X509_CINF * X509_CINF_new(void);
619void X509_CINF_free(X509_CINF *a);
620int i2d_X509_CINF(X509_CINF *a,unsigned char **pp);
621X509_CINF * d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length);
622
623X509 * X509_new(void);
624void X509_free(X509 *a);
625int i2d_X509(X509 *a,unsigned char **pp);
626X509 * d2i_X509(X509 **a,unsigned char **pp,long length);
627
628X509_REVOKED * X509_REVOKED_new(void);
629void X509_REVOKED_free(X509_REVOKED *a);
630int i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp);
631X509_REVOKED * d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length);
632
633X509_CRL_INFO *X509_CRL_INFO_new(void);
634void X509_CRL_INFO_free(X509_CRL_INFO *a);
635int i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp);
636X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp,
637 long length);
638
639X509_CRL * X509_CRL_new(void);
640void X509_CRL_free(X509_CRL *a);
641int i2d_X509_CRL(X509_CRL *a,unsigned char **pp);
642X509_CRL * d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length);
643
644X509_PKEY * X509_PKEY_new(void );
645void X509_PKEY_free(X509_PKEY *a);
646int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
647X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
648
649NETSCAPE_SPKI * NETSCAPE_SPKI_new(void );
650void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a);
651int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp);
652NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp,
653 long length);
654
655NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void );
656void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a);
657int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp);
658NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp,
659 long length);
660
661#ifdef HEADER_ENVELOPE_H
662X509_INFO * X509_INFO_new(void);
663void X509_INFO_free(X509_INFO *a);
664char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
665
666int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
667 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
668
669int ASN1_digest(int (*i2d)(),EVP_MD *type,char *data,
670 unsigned char *md,unsigned int *len);
671
672int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
673 ASN1_BIT_STRING *signature,
674 char *data,EVP_PKEY *pkey, EVP_MD *type);
675#endif
676
677int X509_set_version(X509 *x,long version);
678int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
679ASN1_INTEGER * X509_get_serialNumber(X509 *x);
680int X509_set_issuer_name(X509 *x, X509_NAME *name);
681X509_NAME * X509_get_issuer_name(X509 *a);
682int X509_set_subject_name(X509 *x, X509_NAME *name);
683X509_NAME * X509_get_subject_name(X509 *a);
684int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
685int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
686int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
687EVP_PKEY * X509_get_pubkey(X509 *x);
688int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
689
690int X509_REQ_set_version(X509_REQ *x,long version);
691int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
692int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
693EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
694
695int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
696
697int X509_issuer_and_serial_cmp(X509 *a, X509 *b);
698unsigned long X509_issuer_and_serial_hash(X509 *a);
699
700int X509_issuer_name_cmp(X509 *a, X509 *b);
701unsigned long X509_issuer_name_hash(X509 *a);
702
703int X509_subject_name_cmp(X509 *a,X509 *b);
704unsigned long X509_subject_name_hash(X509 *x);
705
706int X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
707unsigned long X509_NAME_hash(X509_NAME *x);
708
709int X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
710#ifndef NO_FP_API
711int X509_print_fp(FILE *bp,X509 *x);
712int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
713#endif
714
715#ifdef HEADER_BIO_H
716int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
717int X509_print(BIO *bp,X509 *x);
718int X509_REQ_print(BIO *bp,X509_REQ *req);
719#endif
720
721int X509_NAME_entry_count(X509_NAME *name);
722int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
723 char *buf,int len);
724int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
725 char *buf,int len);
726
727/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
728 * lastpos, seach after that position on. */
729int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
730int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
731 int lastpos);
732X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
733X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
734int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
735 int loc, int set);
736X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
737 int type,unsigned char *bytes, int len);
738X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
739 ASN1_OBJECT *obj, int type,unsigned char *bytes,
740 int len);
741int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
742 ASN1_OBJECT *obj);
743int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
744 unsigned char *bytes, int len);
745ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
746ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
747
748int X509v3_get_ext_count(STACK *x);
749int X509v3_get_ext_by_NID(STACK *x, int nid, int lastpos);
750int X509v3_get_ext_by_OBJ(STACK *x,ASN1_OBJECT *obj,int lastpos);
751int X509v3_get_ext_by_critical(STACK *x, int crit, int lastpos);
752X509_EXTENSION *X509v3_get_ext(STACK *x, int loc);
753X509_EXTENSION *X509v3_delete_ext(STACK *x, int loc);
754STACK * X509v3_add_ext(STACK **x, X509_EXTENSION *ex, int loc);
755
756int X509v3_data_type_by_OBJ(ASN1_OBJECT *obj);
757int X509v3_data_type_by_NID(int nid);
758int X509v3_pack_type_by_OBJ(ASN1_OBJECT *obj);
759int X509v3_pack_type_by_NID(int nid);
760
761int X509_get_ext_count(X509 *x);
762int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
763int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
764int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
765X509_EXTENSION *X509_get_ext(X509 *x, int loc);
766X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
767int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
768
769int X509_CRL_get_ext_count(X509_CRL *x);
770int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
771int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
772int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
773X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
774X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
775int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
776
777int X509_REVOKED_get_ext_count(X509_REVOKED *x);
778int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
779int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
780int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
781X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
782X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
783int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
784
785X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
786 int nid, int crit, ASN1_OCTET_STRING *data);
787X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
788 ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
789int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
790int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
791int X509_EXTENSION_set_data(X509_EXTENSION *ex,
792 ASN1_OCTET_STRING *data);
793ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
794ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
795int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
796ASN1_OCTET_STRING *X509v3_pack_string(ASN1_OCTET_STRING **ex,int type,
797 unsigned char *bytes, int len);
798ASN1_STRING * X509v3_unpack_string(ASN1_STRING **ex,int type,
799 ASN1_OCTET_STRING *os);
800
801int X509_verify_cert(X509_STORE_CTX *ctx);
802
803/* lookup a cert from a X509 STACK */
804X509 *X509_find_by_issuer_and_serial(STACK *sk,X509_NAME *name,
805 ASN1_INTEGER *serial);
806X509 *X509_find_by_subject(STACK *sk,X509_NAME *name);
807
808#else
809
810#ifndef SSLEAY_MACROS
811#ifdef HEADER_ENVELOPE_H
812int X509_verify();
813int X509_REQ_verify();
814int X509_CRL_verify();
815int NETSCAPE_SPKI_verify();
816
817int X509_sign();
818int X509_REQ_sign();
819int X509_CRL_sign();
820int NETSCAPE_SPKI_sign();
821
822int X509_digest();
823int X509_NAME_digest();
824#endif
825
826#ifndef NO_FP_API
827X509 *d2i_X509_fp();
828int i2d_X509_fp();
829X509_CRL *d2i_X509_CRL_fp();
830int i2d_X509_CRL_fp();
831X509_REQ *d2i_X509_REQ_fp();
832int i2d_X509_REQ_fp();
833RSA *d2i_RSAPrivateKey_fp();
834int i2d_RSAPrivateKey_fp();
835DSA *d2i_DSAPrivateKey_fp();
836int i2d_DSAPrivateKey_fp();
837RSA *d2i_RSAPublicKey_fp();
838int i2d_RSAPublicKey_fp();
839#endif
840
841X509 *d2i_X509_bio();
842int i2d_X509_bio();
843X509_CRL *d2i_X509_CRL_bio();
844int i2d_X509_CRL_bio();
845X509_REQ *d2i_X509_REQ_bio();
846int i2d_X509_REQ_bio();
847RSA *d2i_RSAPrivateKey_bio();
848int i2d_RSAPrivateKey_bio();
849DSA *d2i_DSAPrivateKey_bio();
850int i2d_DSAPrivateKey_bio();
851RSA *d2i_RSAPublicKey_bio();
852int i2d_RSAPublicKey_bio();
853
854X509 *X509_dup();
855X509_EXTENSION *X509_EXTENSION_dup();
856X509_CRL *X509_CRL_dup();
857X509_REQ *X509_REQ_dup();
858X509_NAME *X509_NAME_dup();
859X509_NAME_ENTRY *X509_NAME_ENTRY_dup();
860RSA *RSAPublicKey_dup();
861RSA *RSAPrivateKey_dup();
862
863#endif /* !SSLEAY_MACROS */
864
865int X509_cmp_current_time();
866ASN1_UTCTIME * X509_gmtime_adj();
867
868char * X509_get_default_cert_area();
869char * X509_get_default_cert_dir();
870char * X509_get_default_cert_file();
871char * X509_get_default_cert_dir_env();
872char * X509_get_default_cert_file_env();
873char * X509_get_default_private_dir();
874
875X509_REQ * X509_to_X509_REQ();
876X509 * X509_REQ_to_X509();
877void ERR_load_X509_strings();
878
879X509_ALGOR * X509_ALGOR_new();
880void X509_ALGOR_free();
881int i2d_X509_ALGOR();
882X509_ALGOR * d2i_X509_ALGOR();
883
884X509_VAL * X509_VAL_new();
885void X509_VAL_free();
886int i2d_X509_VAL();
887X509_VAL * d2i_X509_VAL();
888
889X509_PUBKEY * X509_PUBKEY_new();
890void X509_PUBKEY_free();
891int i2d_X509_PUBKEY();
892X509_PUBKEY * d2i_X509_PUBKEY();
893int X509_PUBKEY_set();
894EVP_PKEY * X509_PUBKEY_get();
895int X509_get_pubkey_parameters();
896
897X509_SIG * X509_SIG_new();
898void X509_SIG_free();
899int i2d_X509_SIG();
900X509_SIG * d2i_X509_SIG();
901
902X509_REQ_INFO *X509_REQ_INFO_new();
903void X509_REQ_INFO_free();
904int i2d_X509_REQ_INFO();
905X509_REQ_INFO *d2i_X509_REQ_INFO();
906
907X509_REQ * X509_REQ_new();
908void X509_REQ_free();
909int i2d_X509_REQ();
910X509_REQ * d2i_X509_REQ();
911
912X509_ATTRIBUTE *X509_ATTRIBUTE_new();
913void X509_ATTRIBUTE_free();
914int i2d_X509_ATTRIBUTE();
915X509_ATTRIBUTE *d2i_X509_ATTRIBUTE();
916
917X509_EXTENSION *X509_EXTENSION_new();
918void X509_EXTENSION_free();
919int i2d_X509_EXTENSION();
920X509_EXTENSION *d2i_X509_EXTENSION();
921
922X509_NAME_ENTRY *X509_NAME_ENTRY_new();
923void X509_NAME_ENTRY_free();
924int i2d_X509_NAME_ENTRY();
925X509_NAME_ENTRY *d2i_X509_NAME_ENTRY();
926
927X509_NAME * X509_NAME_new();
928void X509_NAME_free();
929int i2d_X509_NAME();
930X509_NAME * d2i_X509_NAME();
931int X509_NAME_set();
932
933
934X509_CINF * X509_CINF_new();
935void X509_CINF_free();
936int i2d_X509_CINF();
937X509_CINF * d2i_X509_CINF();
938
939X509 * X509_new();
940void X509_free();
941int i2d_X509();
942X509 * d2i_X509();
943
944X509_REVOKED * X509_REVOKED_new();
945void X509_REVOKED_free();
946int i2d_X509_REVOKED();
947X509_REVOKED * d2i_X509_REVOKED();
948
949X509_CRL_INFO *X509_CRL_INFO_new();
950void X509_CRL_INFO_free();
951int i2d_X509_CRL_INFO();
952X509_CRL_INFO *d2i_X509_CRL_INFO();
953
954X509_CRL * X509_CRL_new();
955void X509_CRL_free();
956int i2d_X509_CRL();
957X509_CRL * d2i_X509_CRL();
958
959X509_PKEY * X509_PKEY_new();
960void X509_PKEY_free();
961int i2d_X509_PKEY();
962X509_PKEY * d2i_X509_PKEY();
963
964NETSCAPE_SPKI * NETSCAPE_SPKI_new();
965void NETSCAPE_SPKI_free();
966int i2d_NETSCAPE_SPKI();
967NETSCAPE_SPKI * d2i_NETSCAPE_SPKI();
968
969NETSCAPE_SPKAC *NETSCAPE_SPKAC_new();
970void NETSCAPE_SPKAC_free();
971int i2d_NETSCAPE_SPKAC();
972NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC();
973
974#ifdef HEADER_ENVELOPE_H
975X509_INFO * X509_INFO_new();
976void X509_INFO_free();
977#endif
978
979char * X509_NAME_oneline();
980
981int ASN1_verify();
982int ASN1_digest();
983int ASN1_sign();
984
985int X509_set_version();
986int X509_set_serialNumber();
987ASN1_INTEGER * X509_get_serialNumber();
988int X509_set_issuer_name();
989X509_NAME * X509_get_issuer_name();
990int X509_set_subject_name();
991X509_NAME * X509_get_subject_name();
992int X509_set_notBefore();
993int X509_set_notAfter();
994int X509_set_pubkey();
995EVP_PKEY * X509_get_pubkey();
996int X509_certificate_type();
997
998int X509_REQ_set_version();
999int X509_REQ_set_subject_name();
1000int X509_REQ_set_pubkey();
1001EVP_PKEY * X509_REQ_get_pubkey();
1002
1003int X509_check_private_key();
1004
1005int X509_issuer_and_serial_cmp();
1006unsigned long X509_issuer_and_serial_hash();
1007
1008int X509_issuer_name_cmp();
1009unsigned long X509_issuer_name_hash();
1010
1011int X509_subject_name_cmp();
1012unsigned long X509_subject_name_hash();
1013
1014int X509_NAME_cmp ();
1015unsigned long X509_NAME_hash();
1016
1017int X509_CRL_cmp();
1018#ifndef NO_FP_API
1019int X509_print_fp();
1020int X509_REQ_print_fp();
1021#endif
1022
1023int X509_NAME_print();
1024int X509_print();
1025int X509_REQ_print();
1026
1027int X509_NAME_entry_count();
1028int X509_NAME_get_text_by_NID();
1029int X509_NAME_get_text_by_OBJ();
1030
1031int X509_NAME_get_index_by_NID();
1032int X509_NAME_get_index_by_OBJ();
1033X509_NAME_ENTRY *X509_NAME_get_entry();
1034X509_NAME_ENTRY *X509_NAME_delete_entry();
1035int X509_NAME_add_entry();
1036X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID();
1037X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ();
1038int X509_NAME_ENTRY_set_object();
1039int X509_NAME_ENTRY_set_data();
1040ASN1_OBJECT * X509_NAME_ENTRY_get_object();
1041ASN1_STRING * X509_NAME_ENTRY_get_data();
1042
1043int X509v3_get_ext_count();
1044int X509v3_get_ext_by_NID();
1045int X509v3_get_ext_by_OBJ();
1046int X509v3_get_ext_by_critical();
1047X509_EXTENSION *X509v3_get_ext();
1048X509_EXTENSION *X509v3_delete_ext();
1049STACK * X509v3_add_ext();
1050
1051int X509v3_data_type_by_OBJ();
1052int X509v3_data_type_by_NID();
1053int X509v3_pack_type_by_OBJ();
1054int X509v3_pack_type_by_NID();
1055
1056int X509_get_ext_count();
1057int X509_get_ext_by_NID();
1058int X509_get_ext_by_OBJ();
1059int X509_get_ext_by_critical();
1060X509_EXTENSION *X509_get_ext();
1061X509_EXTENSION *X509_delete_ext();
1062int X509_add_ext();
1063
1064int X509_CRL_get_ext_count();
1065int X509_CRL_get_ext_by_NID();
1066int X509_CRL_get_ext_by_OBJ();
1067int X509_CRL_get_ext_by_critical();
1068X509_EXTENSION *X509_CRL_get_ext();
1069X509_EXTENSION *X509_CRL_delete_ext();
1070int X509_CRL_add_ext();
1071
1072int X509_REVOKED_get_ext_count();
1073int X509_REVOKED_get_ext_by_NID();
1074int X509_REVOKED_get_ext_by_OBJ();
1075int X509_REVOKED_get_ext_by_critical();
1076X509_EXTENSION *X509_REVOKED_get_ext();
1077X509_EXTENSION *X509_REVOKED_delete_ext();
1078int X509_REVOKED_add_ext();
1079
1080X509_EXTENSION *X509_EXTENSION_create_by_NID();
1081X509_EXTENSION *X509_EXTENSION_create_by_OBJ();
1082int X509_EXTENSION_set_object();
1083int X509_EXTENSION_set_critical();
1084int X509_EXTENSION_set_data();
1085ASN1_OBJECT * X509_EXTENSION_get_object();
1086ASN1_OCTET_STRING *X509_EXTENSION_get_data();
1087int X509_EXTENSION_get_critical();
1088ASN1_OCTET_STRING *X509v3_pack_string();
1089ASN1_STRING * X509v3_unpack_string();
1090
1091int X509_verify_cert();
1092char * X509_verify_cert_error_string();
1093
1094/* lookup a cert from a X509 STACK */
1095X509 *X509_find_by_issuer_and_serial();
1096X509 *X509_find_by_subject();
1097
1098#endif
1099
1100/* BEGIN ERROR CODES */
1101/* Error codes for the X509 functions. */
1102
1103/* Function codes. */
1104#define X509_F_ADD_CERT_DIR 100
1105#define X509_F_BY_FILE_CTRL 101
1106#define X509_F_DIR_CTRL 102
1107#define X509_F_GET_CERT_BY_SUBJECT 103
1108#define X509_F_X509V3_ADD_EXT 104
1109#define X509_F_X509V3_ADD_EXTENSION 105
1110#define X509_F_X509V3_PACK_STRING 106
1111#define X509_F_X509V3_UNPACK_STRING 107
1112#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
1113#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
1114#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
1115#define X509_F_X509_LOAD_CERT_FILE 111
1116#define X509_F_X509_LOAD_CRL_FILE 112
1117#define X509_F_X509_NAME_ADD_ENTRY 113
1118#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
1119#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
1120#define X509_F_X509_NAME_ONELINE 116
1121#define X509_F_X509_NAME_PRINT 117
1122#define X509_F_X509_PRINT_FP 118
1123#define X509_F_X509_PUBKEY_GET 119
1124#define X509_F_X509_PUBKEY_SET 120
1125#define X509_F_X509_REQ_PRINT 121
1126#define X509_F_X509_REQ_PRINT_FP 122
1127#define X509_F_X509_REQ_TO_X509 123
1128#define X509_F_X509_STORE_ADD_CERT 124
1129#define X509_F_X509_STORE_ADD_CRL 125
1130#define X509_F_X509_TO_X509_REQ 126
1131#define X509_F_X509_VERIFY_CERT 127
1132
1133/* Reason codes. */
1134#define X509_R_BAD_X509_FILETYPE 100
1135#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
1136#define X509_R_ERR_ASN1_LIB 102
1137#define X509_R_LOADING_CERT_DIR 103
1138#define X509_R_LOADING_DEFAULTS 104
1139#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
1140#define X509_R_SHOULD_RETRY 106
1141#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
1142#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
1143#define X509_R_UNKNOWN_NID 109
1144#define X509_R_UNKNOWN_STRING_TYPE 110
1145#define X509_R_UNSUPPORTED_ALGORITHM 111
1146#define X509_R_WRONG_LOOKUP_TYPE 112
1147
1148#ifdef __cplusplus
1149}
1150#endif
1151#endif
1152
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
new file mode 100644
index 0000000000..f9d9510ac5
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -0,0 +1,257 @@
1/* crypto/x509/x509_cmp.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h"
63#include "asn1.h"
64#include "objects.h"
65#include "x509.h"
66
67int X509_issuer_and_serial_cmp(a,b)
68X509 *a;
69X509 *b;
70 {
71 int i;
72 X509_CINF *ai,*bi;
73
74 ai=a->cert_info;
75 bi=b->cert_info;
76 i=ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
77 if (i) return(i);
78 return(X509_NAME_cmp(ai->issuer,bi->issuer));
79 }
80
81#ifndef NO_MD5
82unsigned long X509_issuer_and_serial_hash(a)
83X509 *a;
84 {
85 unsigned long ret=0;
86 MD5_CTX ctx;
87 unsigned char md[16];
88 char str[256];
89
90 X509_NAME_oneline(a->cert_info->issuer,str,256);
91 ret=strlen(str);
92 MD5_Init(&ctx);
93 MD5_Update(&ctx,(unsigned char *)str,ret);
94 MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
95 (unsigned long)a->cert_info->serialNumber->length);
96 MD5_Final(&(md[0]),&ctx);
97 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
98 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
99 )&0xffffffffL;
100 return(ret);
101 }
102#endif
103
104int X509_issuer_name_cmp(a, b)
105X509 *a;
106X509 *b;
107 {
108 return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
109 }
110
111int X509_subject_name_cmp(a, b)
112X509 *a;
113X509 *b;
114 {
115 return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
116 }
117
118int X509_CRL_cmp(a, b)
119X509_CRL *a;
120X509_CRL *b;
121 {
122 return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
123 }
124
125X509_NAME *X509_get_issuer_name(a)
126X509 *a;
127 {
128 return(a->cert_info->issuer);
129 }
130
131unsigned long X509_issuer_name_hash(x)
132X509 *x;
133 {
134 return(X509_NAME_hash(x->cert_info->issuer));
135 }
136
137X509_NAME *X509_get_subject_name(a)
138X509 *a;
139 {
140 return(a->cert_info->subject);
141 }
142
143ASN1_INTEGER *X509_get_serialNumber(a)
144X509 *a;
145 {
146 return(a->cert_info->serialNumber);
147 }
148
149unsigned long X509_subject_name_hash(x)
150X509 *x;
151 {
152 return(X509_NAME_hash(x->cert_info->subject));
153 }
154
155int X509_NAME_cmp(a, b)
156X509_NAME *a;
157X509_NAME *b;
158 {
159 int i,j;
160 X509_NAME_ENTRY *na,*nb;
161
162 if (sk_num(a->entries) != sk_num(b->entries))
163 return(sk_num(a->entries)-sk_num(b->entries));
164 for (i=sk_num(a->entries)-1; i>=0; i--)
165 {
166 na=(X509_NAME_ENTRY *)sk_value(a->entries,i);
167 nb=(X509_NAME_ENTRY *)sk_value(b->entries,i);
168 j=na->value->length-nb->value->length;
169 if (j) return(j);
170 j=memcmp(na->value->data,nb->value->data,
171 na->value->length);
172 if (j) return(j);
173 j=na->set-nb->set;
174 if (j) return(j);
175 }
176
177 /* We will check the object types after checking the values
178 * since the values will more often be different than the object
179 * types. */
180 for (i=sk_num(a->entries)-1; i>=0; i--)
181 {
182 na=(X509_NAME_ENTRY *)sk_value(a->entries,i);
183 nb=(X509_NAME_ENTRY *)sk_value(b->entries,i);
184 j=OBJ_cmp(na->object,nb->object);
185 if (j) return(j);
186 }
187 return(0);
188 }
189
190#ifndef NO_MD5
191/* I now DER encode the name and hash it. Since I cache the DER encoding,
192 * this is reasonably effiecent. */
193unsigned long X509_NAME_hash(x)
194X509_NAME *x;
195 {
196 unsigned long ret=0;
197 unsigned char md[16];
198 unsigned char str[256],*p,*pp;
199 int i;
200
201 i=i2d_X509_NAME(x,NULL);
202 if (i > sizeof(str))
203 p=Malloc(i);
204 else
205 p=str;
206
207 pp=p;
208 i2d_X509_NAME(x,&pp);
209 MD5((unsigned char *)p,i,&(md[0]));
210 if (p != str) Free(p);
211
212 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
213 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
214 )&0xffffffffL;
215 return(ret);
216 }
217#endif
218
219/* Search a stack of X509 for a match */
220X509 *X509_find_by_issuer_and_serial(sk,name,serial)
221STACK *sk;
222X509_NAME *name;
223ASN1_INTEGER *serial;
224 {
225 int i;
226 X509_CINF cinf;
227 X509 x,*x509=NULL;
228
229 x.cert_info= &cinf;
230 cinf.serialNumber=serial;
231 cinf.issuer=name;
232
233 for (i=0; i<sk_num(sk); i++)
234 {
235 x509=(X509 *)sk_value(sk,i);
236 if (X509_issuer_and_serial_cmp(x509,&x) == 0)
237 return(x509);
238 }
239 return(NULL);
240 }
241
242X509 *X509_find_by_subject(sk,name)
243STACK *sk;
244X509_NAME *name;
245 {
246 X509 *x509;
247 int i;
248
249 for (i=0; i<sk_num(sk); i++)
250 {
251 x509=(X509 *)sk_value(sk,i);
252 if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
253 return(x509);
254 }
255 return(NULL);
256 }
257
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
new file mode 100644
index 0000000000..01e22f4cb4
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_d2.c
@@ -0,0 +1,110 @@
1/* crypto/x509/x509_d2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h"
63#include "crypto.h"
64#include "x509.h"
65
66#ifndef NO_STDIO
67int X509_STORE_set_default_paths(ctx)
68X509_STORE *ctx;
69 {
70 X509_LOOKUP *lookup;
71
72 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
73 if (lookup == NULL) return(0);
74 X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
75
76 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
77 if (lookup == NULL) return(0);
78 X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
79
80 /* clear any errors */
81 ERR_clear_error();
82
83 return(1);
84 }
85
86int X509_STORE_load_locations(ctx,file,path)
87X509_STORE *ctx;
88char *file;
89char *path;
90 {
91 X509_LOOKUP *lookup;
92
93 if (file != NULL)
94 {
95 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
96 if (lookup == NULL) return(0);
97 X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM);
98 }
99 if (path != NULL)
100 {
101 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
102 if (lookup == NULL) return(0);
103 X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM);
104 }
105 if ((path == NULL) && (file == NULL))
106 return(0);
107 return(1);
108 }
109
110#endif
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
new file mode 100644
index 0000000000..d9ab39b15a
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_def.c
@@ -0,0 +1,83 @@
1/* crypto/x509/x509_def.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h"
63#include "crypto.h"
64#include "x509.h"
65
66char *X509_get_default_private_dir()
67 { return(X509_PRIVATE_DIR); }
68
69char *X509_get_default_cert_area()
70 { return(X509_CERT_AREA); }
71
72char *X509_get_default_cert_dir()
73 { return(X509_CERT_DIR); }
74
75char *X509_get_default_cert_file()
76 { return(X509_CERT_FILE); }
77
78char *X509_get_default_cert_dir_env()
79 { return(X509_CERT_DIR_EVP); }
80
81char *X509_get_default_cert_file_env()
82 { return(X509_CERT_FILE_EVP); }
83
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
new file mode 100644
index 0000000000..9304721612
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -0,0 +1,130 @@
1/* lib/x509/x509_err.c */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58#include <stdio.h>
59#include "err.h"
60#include "x509.h"
61
62/* BEGIN ERROR CODES */
63#ifndef NO_ERR
64static ERR_STRING_DATA X509_str_functs[]=
65 {
66{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"},
67{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"},
68{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"},
69{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"},
70{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"},
71{ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0), "X509V3_ADD_EXTENSION"},
72{ERR_PACK(0,X509_F_X509V3_PACK_STRING,0), "X509v3_pack_string"},
73{ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0), "X509v3_unpack_string"},
74{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
75{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
76{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
77{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_LOAD_CERT_FILE"},
78{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_LOAD_CRL_FILE"},
79{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"},
80{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"},
81{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"},
82{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"},
83{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"},
84{ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"},
85{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"},
86{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"},
87{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"},
88{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"},
89{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
90{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_ADD_CERT"},
91{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_ADD_CRL"},
92{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
93{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
94{0,NULL},
95 };
96
97static ERR_STRING_DATA X509_str_reasons[]=
98 {
99{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
100{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
101{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
102{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
103{X509_R_LOADING_DEFAULTS ,"loading defaults"},
104{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"},
105{X509_R_SHOULD_RETRY ,"should retry"},
106{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
107{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
108{X509_R_UNKNOWN_NID ,"unknown nid"},
109{X509_R_UNKNOWN_STRING_TYPE ,"unknown string type"},
110{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},
111{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"},
112{0,NULL},
113 };
114
115#endif
116
117void ERR_load_X509_strings()
118 {
119 static int init=1;
120
121 if (init);
122 {;
123 init=0;
124#ifndef NO_ERR
125 ERR_load_strings(ERR_LIB_X509,X509_str_functs);
126 ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
127#endif
128
129 }
130 }
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
new file mode 100644
index 0000000000..1d76ecfcfd
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_ext.c
@@ -0,0 +1,222 @@
1/* crypto/x509/x509_ext.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "stack.h"
61#include "cryptlib.h"
62#include "asn1.h"
63#include "objects.h"
64#include "evp.h"
65#include "x509.h"
66
67int X509_CRL_get_ext_count(x)
68X509_CRL *x;
69 {
70 return(X509v3_get_ext_count(x->crl->extensions));
71 }
72
73int X509_CRL_get_ext_by_NID(x,nid,lastpos)
74X509_CRL *x;
75int nid;
76int lastpos;
77 {
78 return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
79 }
80
81int X509_CRL_get_ext_by_OBJ(x,obj,lastpos)
82X509_CRL *x;
83ASN1_OBJECT *obj;
84int lastpos;
85 {
86 return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
87 }
88
89int X509_CRL_get_ext_by_critical(x,crit,lastpos)
90X509_CRL *x;
91int crit;
92int lastpos;
93 {
94 return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
95 }
96
97X509_EXTENSION *X509_CRL_get_ext(x,loc)
98X509_CRL *x;
99int loc;
100 {
101 return(X509v3_get_ext(x->crl->extensions,loc));
102 }
103
104X509_EXTENSION *X509_CRL_delete_ext(x,loc)
105X509_CRL *x;
106int loc;
107 {
108 return(X509v3_delete_ext(x->crl->extensions,loc));
109 }
110
111int X509_CRL_add_ext(x,ex,loc)
112X509_CRL *x;
113X509_EXTENSION *ex;
114int loc;
115 {
116 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
117 }
118
119int X509_get_ext_count(x)
120X509 *x;
121 {
122 return(X509v3_get_ext_count(x->cert_info->extensions));
123 }
124
125int X509_get_ext_by_NID(x,nid,lastpos)
126X509 *x;
127int nid;
128int lastpos;
129 {
130 return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
131 }
132
133int X509_get_ext_by_OBJ(x,obj,lastpos)
134X509 *x;
135ASN1_OBJECT *obj;
136int lastpos;
137 {
138 return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
139 }
140
141int X509_get_ext_by_critical(x,crit,lastpos)
142X509 *x;
143int crit;
144int lastpos;
145 {
146 return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
147 }
148
149X509_EXTENSION *X509_get_ext(x,loc)
150X509 *x;
151int loc;
152 {
153 return(X509v3_get_ext(x->cert_info->extensions,loc));
154 }
155
156X509_EXTENSION *X509_delete_ext(x,loc)
157X509 *x;
158int loc;
159 {
160 return(X509v3_delete_ext(x->cert_info->extensions,loc));
161 }
162
163int X509_add_ext(x,ex,loc)
164X509 *x;
165X509_EXTENSION *ex;
166int loc;
167 {
168 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
169 }
170
171int X509_REVOKED_get_ext_count(x)
172X509_REVOKED *x;
173 {
174 return(X509v3_get_ext_count(x->extensions));
175 }
176
177int X509_REVOKED_get_ext_by_NID(x,nid,lastpos)
178X509_REVOKED *x;
179int nid;
180int lastpos;
181 {
182 return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
183 }
184
185int X509_REVOKED_get_ext_by_OBJ(x,obj,lastpos)
186X509_REVOKED *x;
187ASN1_OBJECT *obj;
188int lastpos;
189 {
190 return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
191 }
192
193int X509_REVOKED_get_ext_by_critical(x,crit,lastpos)
194X509_REVOKED *x;
195int crit;
196int lastpos;
197 {
198 return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
199 }
200
201X509_EXTENSION *X509_REVOKED_get_ext(x,loc)
202X509_REVOKED *x;
203int loc;
204 {
205 return(X509v3_get_ext(x->extensions,loc));
206 }
207
208X509_EXTENSION *X509_REVOKED_delete_ext(x,loc)
209X509_REVOKED *x;
210int loc;
211 {
212 return(X509v3_delete_ext(x->extensions,loc));
213 }
214
215int X509_REVOKED_add_ext(x,ex,loc)
216X509_REVOKED *x;
217X509_EXTENSION *ex;
218int loc;
219 {
220 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
221 }
222
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
new file mode 100644
index 0000000000..2c7e10a46e
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -0,0 +1,446 @@
1/* crypto/x509/x509_lu.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "lhash.h"
62#include "x509.h"
63
64static STACK *x509_store_meth=NULL;
65static STACK *x509_store_ctx_meth=NULL;
66
67X509_LOOKUP *X509_LOOKUP_new(method)
68X509_LOOKUP_METHOD *method;
69 {
70 X509_LOOKUP *ret;
71
72 ret=(X509_LOOKUP *)Malloc(sizeof(X509_LOOKUP));
73 if (ret == NULL) return(NULL);
74
75 ret->init=0;
76 ret->skip=0;
77 ret->method=method;
78 ret->method_data=NULL;
79 ret->store_ctx=NULL;
80 if ((method->new_item != NULL) && !method->new_item(ret))
81 {
82 Free(ret);
83 return(NULL);
84 }
85 return(ret);
86 }
87
88void X509_LOOKUP_free(ctx)
89X509_LOOKUP *ctx;
90 {
91 if (ctx == NULL) return;
92 if ( (ctx->method != NULL) &&
93 (ctx->method->free != NULL))
94 ctx->method->free(ctx);
95 Free(ctx);
96 }
97
98int X509_LOOKUP_init(ctx)
99X509_LOOKUP *ctx;
100 {
101 if (ctx->method == NULL) return(0);
102 if (ctx->method->init != NULL)
103 return(ctx->method->init(ctx));
104 else
105 return(1);
106 }
107
108int X509_LOOKUP_shutdown(ctx)
109X509_LOOKUP *ctx;
110 {
111 if (ctx->method == NULL) return(0);
112 if (ctx->method->init != NULL)
113 return(ctx->method->shutdown(ctx));
114 else
115 return(1);
116 }
117
118int X509_LOOKUP_ctrl(ctx,cmd,argc,argl,ret)
119X509_LOOKUP *ctx;
120int cmd;
121char *argc;
122long argl;
123char **ret;
124 {
125 if (ctx->method == NULL) return(-1);
126 if (ctx->method->ctrl != NULL)
127 return(ctx->method->ctrl(ctx,cmd,argc,argl,ret));
128 else
129 return(1);
130 }
131
132int X509_LOOKUP_by_subject(ctx,type,name,ret)
133X509_LOOKUP *ctx;
134int type;
135X509_NAME *name;
136X509_OBJECT *ret;
137 {
138 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
139 return(X509_LU_FAIL);
140 if (ctx->skip) return(0);
141 return(ctx->method->get_by_subject(ctx,type,name,ret));
142 }
143
144int X509_LOOKUP_by_issuer_serial(ctx,type,name,serial,ret)
145X509_LOOKUP *ctx;
146int type;
147X509_NAME *name;
148ASN1_INTEGER *serial;
149X509_OBJECT *ret;
150 {
151 if ((ctx->method == NULL) ||
152 (ctx->method->get_by_issuer_serial == NULL))
153 return(X509_LU_FAIL);
154 return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret));
155 }
156
157int X509_LOOKUP_by_fingerprint(ctx,type,bytes,len,ret)
158X509_LOOKUP *ctx;
159int type;
160unsigned char *bytes;
161int len;
162X509_OBJECT *ret;
163 {
164 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
165 return(X509_LU_FAIL);
166 return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret));
167 }
168
169int X509_LOOKUP_by_alias(ctx,type,str,len,ret)
170X509_LOOKUP *ctx;
171int type;
172char *str;
173int len;
174X509_OBJECT *ret;
175 {
176 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
177 return(X509_LU_FAIL);
178 return(ctx->method->get_by_alias(ctx,str,len,ret));
179 }
180
181static unsigned long x509_object_hash(a)
182X509_OBJECT *a;
183 {
184 unsigned long h;
185
186 switch (a->type)
187 {
188 case X509_LU_X509:
189 h=X509_NAME_hash(a->data.x509->cert_info->subject);
190 break;
191 case X509_LU_CRL:
192 h=X509_NAME_hash(a->data.crl->crl->issuer);
193 break;
194 default:
195 abort();
196 }
197 return(h);
198 }
199
200static int x509_object_cmp(a,b)
201X509_OBJECT *a,*b;
202 {
203 int ret;
204
205 ret=(a->type - b->type);
206 if (ret) return(ret);
207 switch (a->type)
208 {
209 case X509_LU_X509:
210 ret=X509_subject_name_cmp(a->data.x509,b->data.x509);
211 break;
212 case X509_LU_CRL:
213 ret=X509_CRL_cmp(a->data.crl,b->data.crl);
214 break;
215 default:
216 abort();
217 }
218 return(ret);
219 }
220
221X509_STORE *X509_STORE_new()
222 {
223 X509_STORE *ret;
224
225 if ((ret=(X509_STORE *)Malloc(sizeof(X509_STORE))) == NULL)
226 return(NULL);
227 ret->certs=lh_new(x509_object_hash,x509_object_cmp);
228 ret->cache=1;
229 ret->get_cert_methods=sk_new_null();
230 ret->verify=NULL;
231 ret->verify_cb=NULL;
232 memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
233 ret->references=1;
234 return(ret);
235 }
236
237static void cleanup(a)
238X509_OBJECT *a;
239 {
240 if (a->type == X509_LU_X509)
241 {
242 X509_free(a->data.x509);
243 }
244 else if (a->type == X509_LU_CRL)
245 {
246 X509_CRL_free(a->data.crl);
247 }
248 else
249 abort();
250
251 Free(a);
252 }
253
254void X509_STORE_free(vfy)
255X509_STORE *vfy;
256 {
257 int i;
258 STACK *sk;
259 X509_LOOKUP *lu;
260
261 sk=vfy->get_cert_methods;
262 for (i=0; i<sk_num(sk); i++)
263 {
264 lu=(X509_LOOKUP *)sk_value(sk,i);
265 X509_LOOKUP_shutdown(lu);
266 X509_LOOKUP_free(lu);
267 }
268 sk_free(sk);
269
270 CRYPTO_free_ex_data(x509_store_meth,(char *)vfy,&vfy->ex_data);
271 lh_doall(vfy->certs,cleanup);
272 lh_free(vfy->certs);
273 Free(vfy);
274 }
275
276X509_LOOKUP *X509_STORE_add_lookup(v,m)
277X509_STORE *v;
278X509_LOOKUP_METHOD *m;
279 {
280 int i;
281 STACK *sk;
282 X509_LOOKUP *lu;
283
284 sk=v->get_cert_methods;
285 for (i=0; i<sk_num(sk); i++)
286 {
287 lu=(X509_LOOKUP *)sk_value(sk,i);
288 if (m == lu->method)
289 {
290 return(lu);
291 }
292 }
293 /* a new one */
294 lu=X509_LOOKUP_new(m);
295 if (lu == NULL)
296 return(NULL);
297 else
298 {
299 lu->store_ctx=v;
300 if (sk_push(v->get_cert_methods,(char *)lu))
301 return(lu);
302 else
303 {
304 X509_LOOKUP_free(lu);
305 return(NULL);
306 }
307 }
308 }
309
310int X509_STORE_get_by_subject(vs,type,name,ret)
311X509_STORE_CTX *vs;
312int type;
313X509_NAME *name;
314X509_OBJECT *ret;
315 {
316 X509_STORE *ctx=vs->ctx;
317 X509_LOOKUP *lu;
318 X509_OBJECT stmp,*tmp;
319 int i,j;
320
321 tmp=X509_OBJECT_retrive_by_subject(ctx->certs,type,name);
322
323 if (tmp == NULL)
324 {
325 for (i=vs->current_method; i<sk_num(ctx->get_cert_methods); i++)
326 {
327 lu=(X509_LOOKUP *)sk_value(ctx->get_cert_methods,i);
328 j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
329 if (j < 0)
330 {
331 vs->current_method=j;
332 return(j);
333 }
334 else if (j)
335 {
336 tmp= &stmp;
337 break;
338 }
339 }
340 vs->current_method=0;
341 if (tmp == NULL)
342 return(0);
343 }
344
345/* if (ret->data.ptr != NULL)
346 X509_OBJECT_free_contents(ret); */
347
348 ret->type=tmp->type;
349 ret->data.ptr=tmp->data.ptr;
350
351 X509_OBJECT_up_ref_count(ret);
352
353 return(1);
354 }
355
356void X509_OBJECT_up_ref_count(a)
357X509_OBJECT *a;
358 {
359 switch (a->type)
360 {
361 case X509_LU_X509:
362 CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
363 break;
364 case X509_LU_CRL:
365 CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
366 break;
367 }
368 }
369
370void X509_OBJECT_free_contents(a)
371X509_OBJECT *a;
372 {
373 switch (a->type)
374 {
375 case X509_LU_X509:
376 X509_free(a->data.x509);
377 break;
378 case X509_LU_CRL:
379 X509_CRL_free(a->data.crl);
380 break;
381 }
382 }
383
384X509_OBJECT *X509_OBJECT_retrive_by_subject(h,type,name)
385LHASH *h;
386int type;
387X509_NAME *name;
388 {
389 X509_OBJECT stmp,*tmp;
390 X509 x509_s;
391 X509_CINF cinf_s;
392 X509_CRL crl_s;
393 X509_CRL_INFO crl_info_s;
394
395 stmp.type=type;
396 switch (type)
397 {
398 case X509_LU_X509:
399 stmp.data.x509= &x509_s;
400 x509_s.cert_info= &cinf_s;
401 cinf_s.subject=name;
402 break;
403 case X509_LU_CRL:
404 stmp.data.crl= &crl_s;
405 crl_s.crl= &crl_info_s;
406 crl_info_s.issuer=name;
407 break;
408 default:
409 abort();
410 }
411
412 tmp=(X509_OBJECT *)lh_retrieve(h,(char *)&stmp);
413 return(tmp);
414 }
415
416void X509_STORE_CTX_init(ctx,store,x509,chain)
417X509_STORE_CTX *ctx;
418X509_STORE *store;
419X509 *x509;
420STACK *chain;
421 {
422 ctx->ctx=store;
423 ctx->current_method=0;
424 ctx->cert=x509;
425 ctx->untrusted=chain;
426 ctx->last_untrusted=0;
427 ctx->valid=0;
428 ctx->chain=NULL;
429 ctx->depth=10;
430 ctx->error=0;
431 ctx->current_cert=NULL;
432 memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
433 }
434
435void X509_STORE_CTX_cleanup(ctx)
436X509_STORE_CTX *ctx;
437 {
438 if (ctx->chain != NULL)
439 {
440 sk_pop_free(ctx->chain,X509_free);
441 ctx->chain=NULL;
442 }
443 CRYPTO_free_ex_data(x509_store_ctx_meth,(char *)ctx,&(ctx->ex_data));
444 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
445 }
446
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
new file mode 100644
index 0000000000..c0576fd6f6
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_obj.c
@@ -0,0 +1,179 @@
1/* crypto/x509/x509_obj.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "lhash.h"
62#include "objects.h"
63#include "x509.h"
64#include "buffer.h"
65
66char *X509_NAME_oneline(a,buf,len)
67X509_NAME *a;
68char *buf;
69int len;
70 {
71 X509_NAME_ENTRY *ne;
72 unsigned int i;
73 int n,lold,l,l1,l2,num,j,type;
74 char *s,*p;
75 unsigned char *q;
76 BUF_MEM *b=NULL;
77 static char hex[17]="0123456789ABCDEF";
78 int gs_doit[4];
79 char tmp_buf[80];
80
81 if (a == NULL) return("NO X509_NAME");
82 if (buf == NULL)
83 {
84 if ((b=BUF_MEM_new()) == NULL) goto err;
85 if (!BUF_MEM_grow(b,200)) goto err;
86 b->data[0]='\0';
87 len=200;
88 }
89
90 len--; /* space for '\0' */
91 l=0;
92 for (i=0; (int)i<sk_num(a->entries); i++)
93 {
94 ne=(X509_NAME_ENTRY *)sk_value(a->entries,i);
95 n=OBJ_obj2nid(ne->object);
96 if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
97 {
98 i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
99 s=tmp_buf;
100 }
101 l1=strlen(s);
102
103 type=ne->value->type;
104 num=ne->value->length;
105 q=ne->value->data;
106
107 if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
108 {
109 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
110 for (j=0; j<num; j++)
111 if (q[j] != 0) gs_doit[j&3]=1;
112
113 if (gs_doit[0]|gs_doit[1]|gs_doit[2])
114 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
115 else
116 {
117 gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
118 gs_doit[3]=1;
119 }
120 }
121 else
122 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
123
124 for (l2=j=0; j<num; j++)
125 {
126 if (!gs_doit[j&3]) continue;
127 l2++;
128 if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
129 }
130
131 lold=l;
132 l+=1+l1+1+l2;
133 if (b != NULL)
134 {
135 if (!BUF_MEM_grow(b,l+1)) goto err;
136 p= &(b->data[lold]);
137 }
138 else if (l > len)
139 {
140 break;
141 }
142 else
143 p= &(buf[lold]);
144 *(p++)='/';
145 memcpy(p,s,(unsigned int)l1); p+=l1;
146 *(p++)='=';
147
148 q=ne->value->data;
149
150 for (j=0; j<num; j++)
151 {
152 if (!gs_doit[j&3]) continue;
153 n=q[j];
154 if ((n < ' ') || (n > '~'))
155 {
156 *(p++)='\\';
157 *(p++)='x';
158 *(p++)=hex[(n>>4)&0x0f];
159 *(p++)=hex[n&0x0f];
160 }
161 else
162 *(p++)=n;
163 }
164 *p='\0';
165 }
166 if (b != NULL)
167 {
168 p=b->data;
169 Free((char *)b);
170 }
171 else
172 p=buf;
173 return(p);
174err:
175 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
176 if (b != NULL) BUF_MEM_free(b);
177 return(NULL);
178 }
179
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
new file mode 100644
index 0000000000..6aec2427f7
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_r2x.c
@@ -0,0 +1,122 @@
1/* crypto/x509/x509_r2x.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "bn.h"
62#include "evp.h"
63#include "asn1.h"
64#include "x509.h"
65#include "objects.h"
66#include "buffer.h"
67#include "pem.h"
68
69X509 *X509_REQ_to_X509(r,days,pkey)
70X509_REQ *r;
71int days;
72EVP_PKEY *pkey;
73 {
74 X509 *ret=NULL;
75 int er=1;
76 X509_REQ_INFO *ri=NULL;
77 X509_CINF *xi=NULL;
78 X509_NAME *xn;
79
80 if ((ret=X509_new()) == NULL)
81 {
82 X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
83 goto err;
84 }
85
86 /* duplicate the request */
87 ri=(X509_REQ_INFO *)ASN1_dup(i2d_X509_REQ_INFO,
88 (char *(*)())d2i_X509_REQ_INFO,(char *)r->req_info);
89 if (ri == NULL) goto err;
90
91 xi=ret->cert_info;
92
93 if (sk_num(ri->attributes) != 0)
94 {
95 if ((xi->version=ASN1_INTEGER_new()) == NULL) goto err;
96 if (!ASN1_INTEGER_set(xi->version,2)) goto err;
97/* xi->extensions=ri->attributes; <- bad, should not ever be done
98 ri->attributes=NULL; */
99 }
100
101 xn=X509_REQ_get_subject_name(r);
102 X509_set_subject_name(ret,X509_NAME_dup(xn));
103 X509_set_issuer_name(ret,X509_NAME_dup(xn));
104
105 X509_gmtime_adj(xi->validity->notBefore,0);
106 X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days);
107
108 X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
109
110 if (!X509_sign(ret,pkey,EVP_md5()))
111 goto err;
112 er=0;
113err:
114 if (er)
115 {
116 X509_free(ret);
117 X509_REQ_INFO_free(ri);
118 return(NULL);
119 }
120 return(ret);
121 }
122
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
new file mode 100644
index 0000000000..5004365bad
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -0,0 +1,116 @@
1/* crypto/x509/x509_req.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "bn.h"
62#include "evp.h"
63#include "asn1.h"
64#include "x509.h"
65#include "objects.h"
66#include "buffer.h"
67#include "pem.h"
68
69X509_REQ *X509_to_X509_REQ(x,pkey,md)
70X509 *x;
71EVP_PKEY *pkey;
72EVP_MD *md;
73 {
74 X509_REQ *ret;
75 X509_REQ_INFO *ri;
76 int i;
77
78 ret=X509_REQ_new();
79 if (ret == NULL)
80 {
81 X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
82 goto err;
83 }
84
85 ri=ret->req_info;
86
87 ri->version->length=1;
88 ri->version->data=(unsigned char *)Malloc(1);
89 if (ri->version->data == NULL) goto err;
90 ri->version->data[0]=0; /* version == 0 */
91
92 if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
93 goto err;
94
95 i=X509_REQ_set_pubkey(ret,X509_get_pubkey(x));
96 if (!i) goto err;
97
98 if (pkey != NULL)
99 {
100 if (!X509_REQ_sign(ret,pkey,md))
101 goto err;
102 }
103 return(ret);
104err:
105 X509_REQ_free(ret);
106 return(NULL);
107 }
108
109EVP_PKEY *X509_REQ_get_pubkey(req)
110X509_REQ *req;
111 {
112 if ((req == NULL) || (req->req_info == NULL))
113 return(NULL);
114 return(X509_PUBKEY_get(req->req_info->pubkey));
115 }
116
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
new file mode 100644
index 0000000000..5d0a3a0c0e
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_set.c
@@ -0,0 +1,164 @@
1/* crypto/x509/x509_set.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "asn1.h"
62#include "objects.h"
63#include "evp.h"
64#include "x509.h"
65
66int X509_set_version(x,version)
67X509 *x;
68long version;
69 {
70 if (x == NULL) return(0);
71 if (x->cert_info->version == NULL)
72 {
73 if ((x->cert_info->version=ASN1_INTEGER_new()) == NULL)
74 return(0);
75 }
76 return(ASN1_INTEGER_set(x->cert_info->version,version));
77 }
78
79int X509_set_serialNumber(x,serial)
80X509 *x;
81ASN1_INTEGER *serial;
82 {
83 ASN1_INTEGER *in;
84
85 if (x == NULL) return(0);
86 in=x->cert_info->serialNumber;
87 if (in != serial)
88 {
89 in=ASN1_INTEGER_dup(serial);
90 if (in != NULL)
91 {
92 ASN1_INTEGER_free(x->cert_info->serialNumber);
93 x->cert_info->serialNumber=in;
94 }
95 }
96 return(in != NULL);
97 }
98
99int X509_set_issuer_name(x,name)
100X509 *x;
101X509_NAME *name;
102 {
103 if ((x == NULL) || (x->cert_info == NULL)) return(0);
104 return(X509_NAME_set(&x->cert_info->issuer,name));
105 }
106
107int X509_set_subject_name(x,name)
108X509 *x;
109X509_NAME *name;
110 {
111 if ((x == NULL) || (x->cert_info == NULL)) return(0);
112 return(X509_NAME_set(&x->cert_info->subject,name));
113 }
114
115int X509_set_notBefore(x,tm)
116X509 *x;
117ASN1_UTCTIME *tm;
118 {
119 ASN1_UTCTIME *in;
120
121 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
122 in=x->cert_info->validity->notBefore;
123 if (in != tm)
124 {
125 in=ASN1_UTCTIME_dup(tm);
126 if (in != NULL)
127 {
128 ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
129 x->cert_info->validity->notBefore=in;
130 }
131 }
132 return(in != NULL);
133 }
134
135int X509_set_notAfter(x,tm)
136X509 *x;
137ASN1_UTCTIME *tm;
138 {
139 ASN1_UTCTIME *in;
140
141 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
142 in=x->cert_info->validity->notAfter;
143 if (in != tm)
144 {
145 in=ASN1_UTCTIME_dup(tm);
146 if (in != NULL)
147 {
148 ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
149 x->cert_info->validity->notAfter=in;
150 }
151 }
152 return(in != NULL);
153 }
154
155int X509_set_pubkey(x,pkey)
156X509 *x;
157EVP_PKEY *pkey;
158 {
159 if ((x == NULL) || (x->cert_info == NULL)) return(0);
160 return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
161 }
162
163
164
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
new file mode 100644
index 0000000000..408d1c277c
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_txt.c
@@ -0,0 +1,132 @@
1/* crypto/x509/x509_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62#include <sys/types.h>
63
64#include "cryptlib.h"
65#include "lhash.h"
66#include "buffer.h"
67#include "evp.h"
68#include "asn1.h"
69#include "x509.h"
70#include "objects.h"
71#include "pem.h"
72
73char *X509_verify_cert_error_string(n)
74long n;
75 {
76 static char buf[100];
77
78 switch ((int)n)
79 {
80 case X509_V_OK:
81 return("ok");
82 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
83 return("unable to get issuer certificate");
84 case X509_V_ERR_UNABLE_TO_GET_CRL:
85 return("unable to get certificate CRL");
86 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
87 return("unable to decrypt certificate's signature");
88 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
89 return("unable to decrypt CRL's's signature");
90 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
91 return("unable to decode issuer public key");
92 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
93 return("certificate signature failure");
94 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
95 return("CRL signature failure");
96 case X509_V_ERR_CERT_NOT_YET_VALID:
97 return("certificate is not yet valid");
98 case X509_V_ERR_CRL_NOT_YET_VALID:
99 return("CRL is not yet valid");
100 case X509_V_ERR_CERT_HAS_EXPIRED:
101 return("Certificate has expired");
102 case X509_V_ERR_CRL_HAS_EXPIRED:
103 return("CRL has expired");
104 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
105 return("format error in certificate's notBefore field");
106 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
107 return("format error in certificate's notAfter field");
108 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
109 return("format error in CRL's lastUpdate field");
110 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
111 return("format error in CRL's nextUpdate field");
112 case X509_V_ERR_OUT_OF_MEM:
113 return("out of memory");
114 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
115 return("self signed certificate");
116 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
117 return("self signed certificate in certificate chain");
118 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
119 return("unable to get local issuer certificate");
120 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
121 return("unable to verify the first certificate");
122 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
123 return("certificate chain too long");
124 case X509_V_ERR_APPLICATION_VERIFICATION:
125 return("application verification failure");
126 default:
127 sprintf(buf,"error number %ld",n);
128 return(buf);
129 }
130 }
131
132
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
new file mode 100644
index 0000000000..1c03602f0b
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -0,0 +1,409 @@
1/* crypto/x509/x509_v3.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "stack.h"
61#include "cryptlib.h"
62#include "asn1.h"
63#include "objects.h"
64#include "evp.h"
65#include "x509.h"
66
67#ifndef NOPROTO
68static X509_EXTENSION_METHOD *find_by_nid(int nid);
69static int xem_cmp(X509_EXTENSION_METHOD **a, X509_EXTENSION_METHOD **b);
70#else
71static X509_EXTENSION_METHOD *find_by_nid();
72static int xem_cmp();
73#endif
74
75static STACK *extensions=NULL;
76
77int X509v3_get_ext_count(x)
78STACK *x;
79 {
80 if (x == NULL) return(0);
81 return(sk_num(x));
82 }
83
84int X509v3_get_ext_by_NID(x,nid,lastpos)
85STACK *x;
86int nid;
87int lastpos;
88 {
89 ASN1_OBJECT *obj;
90
91 obj=OBJ_nid2obj(nid);
92 if (obj == NULL) return(-2);
93 return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
94 }
95
96int X509v3_get_ext_by_OBJ(sk,obj,lastpos)
97STACK *sk;
98ASN1_OBJECT *obj;
99int lastpos;
100 {
101 int n;
102 X509_EXTENSION *ex;
103
104 if (sk == NULL) return(-1);
105 lastpos++;
106 if (lastpos < 0)
107 lastpos=0;
108 n=sk_num(sk);
109 for ( ; lastpos < n; lastpos++)
110 {
111 ex=(X509_EXTENSION *)sk_value(sk,lastpos);
112 if (OBJ_cmp(ex->object,obj) == 0)
113 return(lastpos);
114 }
115 return(-1);
116 }
117
118int X509v3_get_ext_by_critical(sk,crit,lastpos)
119STACK *sk;
120int crit;
121int lastpos;
122 {
123 int n;
124 X509_EXTENSION *ex;
125
126 if (sk == NULL) return(-1);
127 lastpos++;
128 if (lastpos < 0)
129 lastpos=0;
130 n=sk_num(sk);
131 for ( ; lastpos < n; lastpos++)
132 {
133 ex=(X509_EXTENSION *)sk_value(sk,lastpos);
134 if ( (ex->critical && crit) ||
135 (!ex->critical && !crit))
136 return(lastpos);
137 }
138 return(-1);
139 }
140
141X509_EXTENSION *X509v3_get_ext(x,loc)
142STACK *x;
143int loc;
144 {
145 if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0))
146 return(NULL);
147 else
148 return((X509_EXTENSION *)sk_value(x,loc));
149 }
150
151X509_EXTENSION *X509v3_delete_ext(x,loc)
152STACK *x;
153int loc;
154 {
155 X509_EXTENSION *ret;
156
157 if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0))
158 return(NULL);
159 ret=(X509_EXTENSION *)sk_delete(x,loc);
160 return(ret);
161 }
162
163STACK *X509v3_add_ext(x,ex,loc)
164STACK **x;
165X509_EXTENSION *ex;
166int loc;
167 {
168 X509_EXTENSION *new_ex=NULL;
169 int n;
170 STACK *sk=NULL;
171
172 if ((x != NULL) && (*x == NULL))
173 {
174 if ((sk=sk_new_null()) == NULL)
175 goto err;
176 }
177 else
178 sk= *x;
179
180 n=sk_num(sk);
181 if (loc > n) loc=n;
182 else if (loc < 0) loc=n;
183
184 if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
185 goto err2;
186 if (!sk_insert(sk,(char *)new_ex,loc))
187 goto err;
188 if ((x != NULL) && (*x == NULL))
189 *x=sk;
190 return(sk);
191err:
192 X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
193err2:
194 if (new_ex != NULL) X509_EXTENSION_free(new_ex);
195 if (sk != NULL) sk_free(sk);
196 return(NULL);
197 }
198
199X509_EXTENSION *X509_EXTENSION_create_by_NID(ex,nid,crit,data)
200X509_EXTENSION **ex;
201int nid;
202int crit;
203ASN1_OCTET_STRING *data;
204 {
205 ASN1_OBJECT *obj;
206 X509_EXTENSION *ret;
207
208 obj=OBJ_nid2obj(nid);
209 if (obj == NULL)
210 {
211 X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
212 return(NULL);
213 }
214 ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
215 if (ret == NULL) ASN1_OBJECT_free(obj);
216 return(ret);
217 }
218
219X509_EXTENSION *X509_EXTENSION_create_by_OBJ(ex,obj,crit,data)
220X509_EXTENSION **ex;
221ASN1_OBJECT *obj;
222int crit;
223ASN1_OCTET_STRING *data;
224 {
225 X509_EXTENSION *ret;
226
227 if ((ex == NULL) || (*ex == NULL))
228 {
229 if ((ret=X509_EXTENSION_new()) == NULL)
230 {
231 X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
232 return(NULL);
233 }
234 }
235 else
236 ret= *ex;
237
238 if (!X509_EXTENSION_set_object(ret,obj))
239 goto err;
240 if (!X509_EXTENSION_set_critical(ret,crit))
241 goto err;
242 if (!X509_EXTENSION_set_data(ret,data))
243 goto err;
244
245 if ((ex != NULL) && (*ex == NULL)) *ex=ret;
246 return(ret);
247err:
248 if ((ex == NULL) || (ret != *ex))
249 X509_EXTENSION_free(ret);
250 return(NULL);
251 }
252
253int X509_EXTENSION_set_object(ex,obj)
254X509_EXTENSION *ex;
255ASN1_OBJECT *obj;
256 {
257 if ((ex == NULL) || (obj == NULL))
258 return(0);
259 ASN1_OBJECT_free(ex->object);
260 ex->object=OBJ_dup(obj);
261 return(1);
262 }
263
264int X509_EXTENSION_set_critical(ex,crit)
265X509_EXTENSION *ex;
266int crit;
267 {
268 if (ex == NULL) return(0);
269 ex->critical=(crit)?0xFF:0;
270 return(1);
271 }
272
273int X509_EXTENSION_set_data(ex,data)
274X509_EXTENSION *ex;
275ASN1_OCTET_STRING *data;
276 {
277 int i;
278
279 if (ex == NULL) return(0);
280 i=ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
281 if (!i) return(0);
282 return(1);
283 }
284
285ASN1_OBJECT *X509_EXTENSION_get_object(ex)
286X509_EXTENSION *ex;
287 {
288 if (ex == NULL) return(NULL);
289 return(ex->object);
290 }
291
292ASN1_OCTET_STRING *X509_EXTENSION_get_data(ex)
293X509_EXTENSION *ex;
294 {
295 if (ex == NULL) return(NULL);
296 return(ex->value);
297 }
298
299int X509_EXTENSION_get_critical(ex)
300X509_EXTENSION *ex;
301 {
302 if (ex == NULL) return(0);
303 return(ex->critical);
304 }
305
306int X509v3_data_type_by_OBJ(obj)
307ASN1_OBJECT *obj;
308 {
309 int nid;
310
311 nid=OBJ_obj2nid(obj);
312 if (nid == V_ASN1_UNDEF) return(V_ASN1_UNDEF);
313 return(X509v3_data_type_by_NID(nid));
314 }
315
316int X509v3_data_type_by_NID(nid)
317int nid;
318 {
319 X509_EXTENSION_METHOD *x;
320
321 x=find_by_nid(nid);
322 if (x == NULL)
323 return(V_ASN1_UNDEF);
324 else
325 return(x->data_type);
326 }
327
328int X509v3_pack_type_by_OBJ(obj)
329ASN1_OBJECT *obj;
330 {
331 int nid;
332
333 nid=OBJ_obj2nid(obj);
334 if (nid == NID_undef) return(X509_EXT_PACK_UNKNOWN);
335 return(X509v3_pack_type_by_NID(nid));
336 }
337
338int X509v3_pack_type_by_NID(nid)
339int nid;
340 {
341 X509_EXTENSION_METHOD *x;
342
343 x=find_by_nid(nid);
344 if (x == NULL)
345 return(X509_EXT_PACK_UNKNOWN);
346 else
347 return(x->pack_type);
348 }
349
350static X509_EXTENSION_METHOD *find_by_nid(nid)
351int nid;
352 {
353 X509_EXTENSION_METHOD x;
354 int i;
355
356 x.nid=nid;
357 if (extensions == NULL) return(NULL);
358 i=sk_find(extensions,(char *)&x);
359 if (i < 0)
360 return(NULL);
361 else
362 return((X509_EXTENSION_METHOD *)sk_value(extensions,i));
363 }
364
365static int xem_cmp(a,b)
366X509_EXTENSION_METHOD **a,**b;
367 {
368 return((*a)->nid-(*b)->nid);
369 }
370
371void X509v3_cleanup_extensions()
372 {
373 int i;
374
375 if (extensions != NULL)
376 {
377 for (i=0; i<sk_num(extensions); i++)
378 Free(sk_value(extensions,i));
379 sk_free(extensions);
380 extensions=NULL;
381 }
382 }
383
384int X509v3_add_extension(x)
385X509_EXTENSION_METHOD *x;
386 {
387 X509_EXTENSION_METHOD *newx;
388
389 if (extensions == NULL)
390 {
391 extensions=sk_new(xem_cmp);
392 if (extensions == NULL) goto err;
393 }
394 newx=(X509_EXTENSION_METHOD *)Malloc(sizeof(X509_EXTENSION_METHOD));
395 if (newx == NULL) goto err;
396 newx->nid=x->nid;
397 newx->data_type=x->data_type;
398 newx->pack_type=x->pack_type;
399 if (!sk_push(extensions,(char *)newx))
400 {
401 Free(newx);
402 goto err;
403 }
404 return(1);
405err:
406 X509err(X509_F_X509V3_ADD_EXTENSION,ERR_R_MALLOC_FAILURE);
407 return(0);
408 }
409
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
new file mode 100644
index 0000000000..c1be91edba
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -0,0 +1,704 @@
1/* crypto/x509/x509_vfy.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64
65#include "crypto.h"
66#include "cryptlib.h"
67#include "lhash.h"
68#include "buffer.h"
69#include "evp.h"
70#include "asn1.h"
71#include "x509.h"
72#include "objects.h"
73#include "pem.h"
74
75#ifndef NOPROTO
76static int null_callback(int ok,X509_STORE_CTX *e);
77static int internal_verify(X509_STORE_CTX *ctx);
78#else
79static int null_callback();
80static int internal_verify();
81#endif
82
83char *X509_version="X509 part of SSLeay 0.9.0b 29-Jun-1998";
84static STACK *x509_store_ctx_method=NULL;
85static int x509_store_ctx_num=0;
86#if 0
87static int x509_store_num=1;
88static STACK *x509_store_method=NULL;
89#endif
90
91static int null_callback(ok,e)
92int ok;
93X509_STORE_CTX *e;
94 {
95 return(ok);
96 }
97
98#if 0
99static int x509_subject_cmp(a,b)
100X509 **a,**b;
101 {
102 return(X509_subject_name_cmp(*a,*b));
103 }
104#endif
105
106int X509_verify_cert(ctx)
107X509_STORE_CTX *ctx;
108 {
109 X509 *x,*xtmp,*chain_ss=NULL;
110 X509_NAME *xn;
111 X509_OBJECT obj;
112 int depth,i,ok=0;
113 int num;
114 int (*cb)();
115 STACK *sktmp=NULL;
116
117 if (ctx->cert == NULL)
118 {
119 X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
120 return(-1);
121 }
122
123 cb=ctx->ctx->verify_cb;
124 if (cb == NULL) cb=null_callback;
125
126 /* first we make sure the chain we are going to build is
127 * present and that the first entry is in place */
128 if (ctx->chain == NULL)
129 {
130 if ( ((ctx->chain=sk_new_null()) == NULL) ||
131 (!sk_push(ctx->chain,(char *)ctx->cert)))
132 {
133 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
134 goto end;
135 }
136 CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
137 ctx->last_untrusted=1;
138 }
139
140 /* We use a temporary so we can chop and hack at it */
141 if ((ctx->untrusted != NULL) && (sktmp=sk_dup(ctx->untrusted)) == NULL)
142 {
143 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
144 goto end;
145 }
146
147 num=sk_num(ctx->chain);
148 x=(X509 *)sk_value(ctx->chain,num-1);
149 depth=ctx->depth;
150
151
152 for (;;)
153 {
154 /* If we have enough, we break */
155 if (depth <= num) break;
156
157 /* If we are self signed, we break */
158 xn=X509_get_issuer_name(x);
159 if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
160 break;
161
162 /* If we were passed a cert chain, use it first */
163 if (ctx->untrusted != NULL)
164 {
165 xtmp=X509_find_by_subject(sktmp,xn);
166 if (xtmp != NULL)
167 {
168 if (!sk_push(ctx->chain,(char *)xtmp))
169 {
170 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
171 goto end;
172 }
173 CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
174 sk_delete_ptr(sktmp,(char *)xtmp);
175 ctx->last_untrusted++;
176 x=xtmp;
177 num++;
178 /* reparse the full chain for
179 * the next one */
180 continue;
181 }
182 }
183 break;
184 }
185
186 /* at this point, chain should contain a list of untrusted
187 * certificates. We now need to add at least one trusted one,
188 * if possible, otherwise we complain. */
189
190 i=sk_num(ctx->chain);
191 x=(X509 *)sk_value(ctx->chain,i-1);
192 if (X509_NAME_cmp(X509_get_subject_name(x),X509_get_issuer_name(x))
193 == 0)
194 {
195 /* we have a self signed certificate */
196 if (sk_num(ctx->chain) == 1)
197 {
198 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
199 ctx->current_cert=x;
200 ctx->error_depth=i-1;
201 ok=cb(0,ctx);
202 if (!ok) goto end;
203 }
204 else
205 {
206 /* worry more about this one elsewhere */
207 chain_ss=(X509 *)sk_pop(ctx->chain);
208 ctx->last_untrusted--;
209 num--;
210 x=(X509 *)sk_value(ctx->chain,num-1);
211 }
212 }
213
214 /* We now lookup certs from the certificate store */
215 for (;;)
216 {
217 /* If we have enough, we break */
218 if (depth <= num) break;
219
220 /* If we are self signed, we break */
221 xn=X509_get_issuer_name(x);
222 if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
223 break;
224
225 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
226 if (ok != X509_LU_X509)
227 {
228 if (ok == X509_LU_RETRY)
229 {
230 X509_OBJECT_free_contents(&obj);
231 X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
232 return(ok);
233 }
234 else if (ok != X509_LU_FAIL)
235 {
236 X509_OBJECT_free_contents(&obj);
237 /* not good :-(, break anyway */
238 return(ok);
239 }
240 break;
241 }
242 x=obj.data.x509;
243 if (!sk_push(ctx->chain,(char *)obj.data.x509))
244 {
245 X509_OBJECT_free_contents(&obj);
246 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
247 return(0);
248 }
249 num++;
250 }
251
252 /* we now have our chain, lets check it... */
253 xn=X509_get_issuer_name(x);
254 if (X509_NAME_cmp(X509_get_subject_name(x),xn) != 0)
255 {
256 if ((chain_ss == NULL) || (X509_NAME_cmp(X509_get_subject_name(chain_ss),xn) != 0))
257 {
258 if (ctx->last_untrusted >= num)
259 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
260 else
261 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
262 ctx->current_cert=x;
263 }
264 else
265 {
266
267 sk_push(ctx->chain,(char *)chain_ss);
268 num++;
269 ctx->last_untrusted=num;
270 ctx->current_cert=chain_ss;
271 ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
272 chain_ss=NULL;
273 }
274
275 ctx->error_depth=num-1;
276 ok=cb(0,ctx);
277 if (!ok) goto end;
278 }
279
280 /* We may as well copy down any DSA parameters that are required */
281 X509_get_pubkey_parameters(NULL,ctx->chain);
282
283 /* At this point, we have a chain and just need to verify it */
284 if (ctx->ctx->verify != NULL)
285 ok=ctx->ctx->verify(ctx);
286 else
287 ok=internal_verify(ctx);
288end:
289 if (sktmp != NULL) sk_free(sktmp);
290 if (chain_ss != NULL) X509_free(chain_ss);
291 return(ok);
292 }
293
294static int internal_verify(ctx)
295X509_STORE_CTX *ctx;
296 {
297 int i,ok=0,n;
298 X509 *xs,*xi;
299 EVP_PKEY *pkey=NULL;
300 int (*cb)();
301
302 cb=ctx->ctx->verify_cb;
303 if (cb == NULL) cb=null_callback;
304
305 n=sk_num(ctx->chain);
306 ctx->error_depth=n-1;
307 n--;
308 xi=(X509 *)sk_value(ctx->chain,n);
309 if (X509_NAME_cmp(X509_get_subject_name(xi),
310 X509_get_issuer_name(xi)) == 0)
311 xs=xi;
312 else
313 {
314 if (n <= 0)
315 {
316 ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
317 ctx->current_cert=xi;
318 ok=cb(0,ctx);
319 goto end;
320 }
321 else
322 {
323 n--;
324 ctx->error_depth=n;
325 xs=(X509 *)sk_value(ctx->chain,n);
326 }
327 }
328
329/* ctx->error=0; not needed */
330 while (n >= 0)
331 {
332 ctx->error_depth=n;
333 if (!xs->valid)
334 {
335 if ((pkey=X509_get_pubkey(xi)) == NULL)
336 {
337 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
338 ctx->current_cert=xi;
339 ok=(*cb)(0,ctx);
340 if (!ok) goto end;
341 }
342 if (X509_verify(xs,pkey) <= 0)
343 {
344 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
345 ctx->current_cert=xs;
346 ok=(*cb)(0,ctx);
347 if (!ok) goto end;
348 }
349 pkey=NULL;
350
351 i=X509_cmp_current_time(X509_get_notBefore(xs));
352 if (i == 0)
353 {
354 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
355 ctx->current_cert=xs;
356 ok=(*cb)(0,ctx);
357 if (!ok) goto end;
358 }
359 if (i > 0)
360 {
361 ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
362 ctx->current_cert=xs;
363 ok=(*cb)(0,ctx);
364 if (!ok) goto end;
365 }
366 xs->valid=1;
367 }
368
369 i=X509_cmp_current_time(X509_get_notAfter(xs));
370 if (i == 0)
371 {
372 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
373 ctx->current_cert=xs;
374 ok=(*cb)(0,ctx);
375 if (!ok) goto end;
376 }
377
378 if (i < 0)
379 {
380 ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
381 ctx->current_cert=xs;
382 ok=(*cb)(0,ctx);
383 if (!ok) goto end;
384 }
385
386 /* CRL CHECK */
387
388 /* The last error (if any) is still in the error value */
389 ctx->current_cert=xs;
390 ok=(*cb)(1,ctx);
391 if (!ok) goto end;
392
393 n--;
394 if (n >= 0)
395 {
396 xi=xs;
397 xs=(X509 *)sk_value(ctx->chain,n);
398 }
399 }
400 ok=1;
401end:
402 return(ok);
403 }
404
405int X509_cmp_current_time(ctm)
406ASN1_UTCTIME *ctm;
407 {
408 char *str;
409 ASN1_UTCTIME atm;
410 time_t offset;
411 char buff1[24],buff2[24],*p;
412 int i,j;
413
414 p=buff1;
415 i=ctm->length;
416 str=(char *)ctm->data;
417 if ((i < 11) || (i > 17)) return(0);
418 memcpy(p,str,10);
419 p+=10;
420 str+=10;
421
422 if ((*str == 'Z') || (*str == '-') || (*str == '+'))
423 { *(p++)='0'; *(p++)='0'; }
424 else { *(p++)= *(str++); *(p++)= *(str++); }
425 *(p++)='Z';
426 *(p++)='\0';
427
428 if (*str == 'Z')
429 offset=0;
430 else
431 {
432 if ((*str != '+') && (str[5] != '-'))
433 return(0);
434 offset=((str[1]-'0')*10+(str[2]-'0'))*60;
435 offset+=(str[3]-'0')*10+(str[4]-'0');
436 if (*str == '-')
437 offset=-offset;
438 }
439 atm.type=V_ASN1_UTCTIME;
440 atm.length=sizeof(buff2);
441 atm.data=(unsigned char *)buff2;
442
443 X509_gmtime_adj(&atm,-offset);
444
445 i=(buff1[0]-'0')*10+(buff1[1]-'0');
446 if (i < 70) i+=100;
447 j=(buff2[0]-'0')*10+(buff2[1]-'0');
448 if (j < 70) j+=100;
449
450 if (i < j) return (-1);
451 if (i > j) return (1);
452 i=strcmp(buff1,buff2);
453 if (i == 0) /* wait a second then return younger :-) */
454 return(-1);
455 else
456 return(i);
457 }
458
459ASN1_UTCTIME *X509_gmtime_adj(s, adj)
460ASN1_UTCTIME *s;
461long adj;
462 {
463 time_t t;
464
465 time(&t);
466 t+=adj;
467 return(ASN1_UTCTIME_set(s,t));
468 }
469
470int X509_get_pubkey_parameters(pkey,chain)
471EVP_PKEY *pkey;
472STACK *chain;
473 {
474 EVP_PKEY *ktmp=NULL,*ktmp2;
475 int i,j;
476
477 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1);
478
479 for (i=0; i<sk_num(chain); i++)
480 {
481 ktmp=X509_get_pubkey((X509 *)sk_value(chain,i));
482 if (ktmp == NULL)
483 {
484 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
485 return(0);
486 }
487 if (!EVP_PKEY_missing_parameters(ktmp))
488 break;
489 else
490 {
491 ktmp=NULL;
492 }
493 }
494 if (ktmp == NULL)
495 {
496 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
497 return(0);
498 }
499
500 /* first, populate the other certs */
501 for (j=i-1; j >= 0; j--)
502 {
503 ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j));
504 EVP_PKEY_copy_parameters(ktmp2,ktmp);
505 }
506
507 if (pkey != NULL)
508 EVP_PKEY_copy_parameters(pkey,ktmp);
509 return(1);
510 }
511
512EVP_PKEY *X509_get_pubkey(x)
513X509 *x;
514 {
515 if ((x == NULL) || (x->cert_info == NULL))
516 return(NULL);
517 return(X509_PUBKEY_get(x->cert_info->key));
518 }
519
520int X509_check_private_key(x,k)
521X509 *x;
522EVP_PKEY *k;
523 {
524 EVP_PKEY *xk=NULL;
525 int ok=0;
526
527 xk=X509_get_pubkey(x);
528 if (xk->type != k->type) goto err;
529 switch (k->type)
530 {
531#ifndef NO_RSA
532 case EVP_PKEY_RSA:
533 if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err;
534 if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err;
535 break;
536#endif
537#ifndef NO_DSA
538 case EVP_PKEY_DSA:
539 if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
540 goto err;
541 break;
542#endif
543#ifndef NO_DH
544 case EVP_PKEY_DH:
545 /* No idea */
546 goto err;
547#endif
548 default:
549 goto err;
550 }
551
552 ok=1;
553err:
554 return(ok);
555 }
556
557int X509_STORE_add_cert(ctx,x)
558X509_STORE *ctx;
559X509 *x;
560 {
561 X509_OBJECT *obj,*r;
562 int ret=1;
563
564 if (x == NULL) return(0);
565 obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
566 if (obj == NULL)
567 {
568 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
569 return(0);
570 }
571 obj->type=X509_LU_X509;
572 obj->data.x509=x;
573
574 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
575
576 X509_OBJECT_up_ref_count(obj);
577
578 r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
579 if (r != NULL)
580 { /* oops, put it back */
581 lh_delete(ctx->certs,(char *)obj);
582 X509_OBJECT_free_contents(obj);
583 Free(obj);
584 lh_insert(ctx->certs,(char *)r);
585 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
586 ret=0;
587 }
588
589 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
590
591 return(ret);
592 }
593
594int X509_STORE_add_crl(ctx,x)
595X509_STORE *ctx;
596X509_CRL *x;
597 {
598 X509_OBJECT *obj,*r;
599 int ret=1;
600
601 if (x == NULL) return(0);
602 obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
603 if (obj == NULL)
604 {
605 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
606 return(0);
607 }
608 obj->type=X509_LU_CRL;
609 obj->data.crl=x;
610
611 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
612
613 X509_OBJECT_up_ref_count(obj);
614
615 r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
616 if (r != NULL)
617 { /* oops, put it back */
618 lh_delete(ctx->certs,(char *)obj);
619 X509_OBJECT_free_contents(obj);
620 Free(obj);
621 lh_insert(ctx->certs,(char *)r);
622 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
623 ret=0;
624 }
625
626 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
627
628 return(ret);
629 }
630
631int X509_STORE_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
632long argl;
633char *argp;
634int (*new_func)();
635int (*dup_func)();
636void (*free_func)();
637 {
638 x509_store_ctx_num++;
639 return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
640 &x509_store_ctx_method,
641 argl,argp,new_func,dup_func,free_func));
642 }
643
644int X509_STORE_CTX_set_ex_data(ctx,idx,data)
645X509_STORE_CTX *ctx;
646int idx;
647char *data;
648 {
649 return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
650 }
651
652char *X509_STORE_CTX_get_ex_data(ctx,idx)
653X509_STORE_CTX *ctx;
654int idx;
655 {
656 return(CRYPTO_get_ex_data(&ctx->ex_data,idx));
657 }
658
659int X509_STORE_CTX_get_error(ctx)
660X509_STORE_CTX *ctx;
661 {
662 return(ctx->error);
663 }
664
665void X509_STORE_CTX_set_error(ctx,err)
666X509_STORE_CTX *ctx;
667int err;
668 {
669 ctx->error=err;
670 }
671
672int X509_STORE_CTX_get_error_depth(ctx)
673X509_STORE_CTX *ctx;
674 {
675 return(ctx->error_depth);
676 }
677
678X509 *X509_STORE_CTX_get_current_cert(ctx)
679X509_STORE_CTX *ctx;
680 {
681 return(ctx->current_cert);
682 }
683
684STACK *X509_STORE_CTX_get_chain(ctx)
685X509_STORE_CTX *ctx;
686 {
687 return(ctx->chain);
688 }
689
690void X509_STORE_CTX_set_cert(ctx,x)
691X509_STORE_CTX *ctx;
692X509 *x;
693 {
694 ctx->cert=x;
695 }
696
697void X509_STORE_CTX_set_chain(ctx,sk)
698X509_STORE_CTX *ctx;
699STACK *sk;
700 {
701 ctx->untrusted=sk;
702 }
703
704
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
new file mode 100644
index 0000000000..dfc060f899
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -0,0 +1,378 @@
1/* crypto/x509/x509_vfy.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_VFY_H
60#define HEADER_X509_VFY_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66#include "bio.h"
67#include "crypto.h"
68
69/* Outer object */
70typedef struct x509_hash_dir_st
71 {
72 int num_dirs;
73 char **dirs;
74 int *dirs_type;
75 int num_dirs_alloced;
76 } X509_HASH_DIR_CTX;
77
78typedef struct x509_file_st
79 {
80 int num_paths; /* number of paths to files or directories */
81 int num_alloced;
82 char **paths; /* the list of paths or directories */
83 int *path_type;
84 } X509_CERT_FILE_CTX;
85
86/*******************************/
87/*
88SSL_CTX -> X509_STORE
89 -> X509_LOOKUP
90 ->X509_LOOKUP_METHOD
91 -> X509_LOOKUP
92 ->X509_LOOKUP_METHOD
93
94SSL -> X509_STORE_CTX
95 ->X509_STORE
96
97The X509_STORE holds the tables etc for verification stuff.
98A X509_STORE_CTX is used while validating a single certificate.
99The X509_STORE has X509_LOOKUPs for looking up certs.
100The X509_STORE then calls a function to actually verify the
101certificate chain.
102*/
103
104#define X509_LU_RETRY -1
105#define X509_LU_FAIL 0
106#define X509_LU_X509 1
107#define X509_LU_CRL 2
108#define X509_LU_PKEY 3
109
110typedef struct x509_object_st
111 {
112 /* one of the above types */
113 int type;
114 union {
115 char *ptr;
116 X509 *x509;
117 X509_CRL *crl;
118 EVP_PKEY *pkey;
119 } data;
120 } X509_OBJECT;
121
122/* This is a static that defines the function interface */
123typedef struct x509_lookup_method_st
124 {
125 char *name;
126 int (*new_item)();
127 void (*free)();
128 int (*init)(/* meth, char ** */);
129 int (*shutdown)( /* meth, char ** */);
130 int (*ctrl)( /* meth, char **, int cmd, char *argp, int argi */);
131 int (*get_by_subject)(/* meth, char **, XNAME *, X509 **ret */);
132 int (*get_by_issuer_serial)();
133 int (*get_by_fingerprint)();
134 int (*get_by_alias)();
135 } X509_LOOKUP_METHOD;
136
137/* This is used to hold everything. It is used for all certificate
138 * validation. Once we have a certificate chain, the 'verify'
139 * function is then called to actually check the cert chain. */
140typedef struct x509_store_st
141 {
142 /* The following is a cache of trusted certs */
143 int cache; /* if true, stash any hits */
144#ifdef HEADER_LHASH_H
145 LHASH *certs; /* cached certs; */
146#else
147 char *certs;
148#endif
149
150 /* These are external lookup methods */
151 STACK *get_cert_methods;/* X509_LOOKUP */
152 int (*verify)(); /* called to verify a certificate */
153 int (*verify_cb)(); /* error callback */
154
155 CRYPTO_EX_DATA ex_data;
156 int references;
157 int depth; /* how deep to look */
158 } X509_STORE;
159
160#define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d))
161
162#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
163#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
164
165/* This is the functions plus an instance of the local variables. */
166typedef struct x509_lookup_st
167 {
168 int init; /* have we been started */
169 int skip; /* don't use us. */
170 X509_LOOKUP_METHOD *method; /* the functions */
171 char *method_data; /* method data */
172
173 X509_STORE *store_ctx; /* who owns us */
174 } X509_LOOKUP;
175
176/* This is a temporary used when processing cert chains. Since the
177 * gathering of the cert chain can take some time (and have to be
178 * 'retried', this needs to be kept and passed around. */
179typedef struct x509_store_state_st
180 {
181 X509_STORE *ctx;
182 int current_method; /* used when looking up certs */
183
184 /* The following are set by the caller */
185 X509 *cert; /* The cert to check */
186 STACK *untrusted; /* chain of X509s - untrusted - passed in */
187
188 /* The following is built up */
189 int depth; /* how far to go looking up certs */
190 int valid; /* if 0, rebuild chain */
191 int last_untrusted; /* index of last untrusted cert */
192 STACK *chain; /* chain of X509s - built up and trusted */
193
194 /* When something goes wrong, this is why */
195 int error_depth;
196 int error;
197 X509 *current_cert;
198
199 CRYPTO_EX_DATA ex_data;
200 } X509_STORE_CTX;
201
202#define X509_STORE_CTX_set_app_data(ctx,data) \
203 X509_STORE_CTX_set_ex_data(ctx,0,data)
204#define X509_STORE_CTX_get_app_data(ctx) \
205 X509_STORE_CTX_get_ex_data(ctx,0)
206
207#define X509_L_FILE_LOAD 1
208#define X509_L_ADD_DIR 2
209
210X509_LOOKUP_METHOD *X509_LOOKUP_file();
211#define X509_LOOKUP_load_file(x,name,type) \
212 X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
213
214X509_LOOKUP_METHOD *X509_LOOKUP_dir();
215#define X509_LOOKUP_add_dir(x,name,type) \
216 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
217
218#define X509_V_OK 0
219
220#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
221#define X509_V_ERR_UNABLE_TO_GET_CRL 3
222#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
223#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
224#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
225#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
226#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
227#define X509_V_ERR_CERT_NOT_YET_VALID 9
228#define X509_V_ERR_CERT_HAS_EXPIRED 10
229#define X509_V_ERR_CRL_NOT_YET_VALID 11
230#define X509_V_ERR_CRL_HAS_EXPIRED 12
231#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
232#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
233#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
234#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
235#define X509_V_ERR_OUT_OF_MEM 17
236#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
237#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
238#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
239#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
240#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
241#define X509_V_ERR_CERT_REVOKED 23
242
243/* The application is not happy */
244#define X509_V_ERR_APPLICATION_VERIFICATION 50
245
246#ifndef NOPROTO
247#ifdef HEADER_LHASH_H
248X509_OBJECT *X509_OBJECT_retrive_by_subject(LHASH *h,int type,X509_NAME *name);
249#endif
250void X509_OBJECT_up_ref_count(X509_OBJECT *a);
251void X509_OBJECT_free_contents(X509_OBJECT *a);
252X509_STORE *X509_STORE_new(void );
253void X509_STORE_free(X509_STORE *v);
254
255void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
256 X509 *x509, STACK *chain);
257void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
258
259X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
260
261X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
262X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
263
264int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
265int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
266
267int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
268 X509_OBJECT *ret);
269
270int X509_LOOKUP_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,long argl,char **ret);
271
272#ifndef NO_STDIO
273int X509_load_cert_file(X509_LOOKUP *ctx, char *file, int type);
274int X509_load_crl_file(X509_LOOKUP *ctx, char *file, int type);
275#endif
276
277void X509v3_cleanup_extensions(void );
278int X509v3_add_extension(X509_EXTENSION_METHOD *x);
279int X509v3_add_netscape_extensions(void );
280int X509v3_add_standard_extensions(void );
281
282X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
283void X509_LOOKUP_free(X509_LOOKUP *ctx);
284int X509_LOOKUP_init(X509_LOOKUP *ctx);
285int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
286 X509_OBJECT *ret);
287int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
288 ASN1_INTEGER *serial, X509_OBJECT *ret);
289int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
290 unsigned char *bytes, int len, X509_OBJECT *ret);
291int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
292 int len, X509_OBJECT *ret);
293int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
294
295#ifndef NO_STDIO
296int X509_STORE_load_locations (X509_STORE *ctx,
297 char *file, char *dir);
298int X509_STORE_set_default_paths(X509_STORE *ctx);
299#endif
300
301int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
302 int (*dup_func)(), void (*free_func)());
303int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,char *data);
304char * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
305int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
306void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
307int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
308X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
309STACK * X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
310void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
311void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK /* X509 */ *sk);
312
313#else
314
315#ifdef HEADER_LHASH_H
316X509_OBJECT *X509_OBJECT_retrive_by_subject();
317#endif
318void X509_OBJECT_up_ref_count();
319void X509_OBJECT_free_contents();
320X509_STORE *X509_STORE_new();
321void X509_STORE_free();
322
323void X509_STORE_CTX_init();
324void X509_STORE_CTX_cleanup();
325
326X509_LOOKUP *X509_STORE_add_lookup();
327
328X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir();
329X509_LOOKUP_METHOD *X509_LOOKUP_file();
330
331int X509_STORE_add_cert();
332int X509_STORE_add_crl();
333
334int X509_STORE_get_by_subject();
335
336int X509_LOOKUP_ctrl();
337
338#ifndef NO_STDIO
339int X509_load_cert_file();
340int X509_load_crl_file();
341#endif
342
343void X509v3_cleanup_extensions();
344int X509v3_add_extension();
345int X509v3_add_netscape_extensions();
346int X509v3_add_standard_extensions();
347
348X509_LOOKUP *X509_LOOKUP_new();
349void X509_LOOKUP_free();
350int X509_LOOKUP_init();
351int X509_LOOKUP_by_subject();
352int X509_LOOKUP_by_issuer_serial();
353int X509_LOOKUP_by_fingerprint();
354int X509_LOOKUP_by_alias();
355int X509_LOOKUP_shutdown();
356
357#ifndef NO_STDIO
358int X509_STORE_load_locations ();
359int X509_STORE_set_default_paths();
360#endif
361
362int X509_STORE_CTX_set_ex_data();
363char * X509_STORE_CTX_get_ex_data();
364int X509_STORE_CTX_get_error();
365void X509_STORE_CTX_set_error();
366int X509_STORE_CTX_get_error_depth();
367X509 * X509_STORE_CTX_get_current_cert();
368STACK * X509_STORE_CTX_get_chain();
369void X509_STORE_CTX_set_cert();
370void X509_STORE_CTX_set_chain();
371
372#endif
373
374#ifdef __cplusplus
375}
376#endif
377#endif
378
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
new file mode 100644
index 0000000000..650e71b1b5
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509name.c
@@ -0,0 +1,358 @@
1/* crypto/x509/x509name.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "stack.h"
61#include "cryptlib.h"
62#include "asn1.h"
63#include "objects.h"
64#include "evp.h"
65#include "x509.h"
66
67int X509_NAME_get_text_by_NID(name,nid,buf,len)
68X509_NAME *name;
69int nid;
70char *buf;
71int len;
72 {
73 ASN1_OBJECT *obj;
74
75 obj=OBJ_nid2obj(nid);
76 if (obj == NULL) return(-1);
77 return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
78 }
79
80int X509_NAME_get_text_by_OBJ(name,obj,buf,len)
81X509_NAME *name;
82ASN1_OBJECT *obj;
83char *buf;
84int len;
85 {
86 int i;
87 ASN1_STRING *data;
88
89 i=X509_NAME_get_index_by_OBJ(name,obj,-1);
90 if (i < 0) return(-1);
91 data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
92 i=(data->length > (len-1))?(len-1):data->length;
93 if (buf == NULL) return(data->length);
94 memcpy(buf,data->data,i);
95 buf[i]='\0';
96 return(i);
97 }
98
99int X509_NAME_entry_count(name)
100X509_NAME *name;
101 {
102 if (name == NULL) return(0);
103 return(sk_num(name->entries));
104 }
105
106int X509_NAME_get_index_by_NID(name,nid,lastpos)
107X509_NAME *name;
108int nid;
109int lastpos;
110 {
111 ASN1_OBJECT *obj;
112
113 obj=OBJ_nid2obj(nid);
114 if (obj == NULL) return(-2);
115 return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
116 }
117
118/* NOTE: you should be passsing -1, not 0 as lastpos */
119int X509_NAME_get_index_by_OBJ(name,obj,lastpos)
120X509_NAME *name;
121ASN1_OBJECT *obj;
122int lastpos;
123 {
124 int n;
125 X509_NAME_ENTRY *ne;
126 STACK *sk;
127
128 if (name == NULL) return(-1);
129 if (lastpos < 0)
130 lastpos= -1;
131 sk=name->entries;
132 n=sk_num(sk);
133 for (lastpos++; lastpos < n; lastpos++)
134 {
135 ne=(X509_NAME_ENTRY *)sk_value(sk,lastpos);
136 if (OBJ_cmp(ne->object,obj) == 0)
137 return(lastpos);
138 }
139 return(-1);
140 }
141
142X509_NAME_ENTRY *X509_NAME_get_entry(name,loc)
143X509_NAME *name;
144int loc;
145 {
146 if ( (name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
147 return(NULL);
148 else
149 return((X509_NAME_ENTRY *)sk_value(name->entries,loc));
150 }
151
152X509_NAME_ENTRY *X509_NAME_delete_entry(name,loc)
153X509_NAME *name;
154int loc;
155 {
156 X509_NAME_ENTRY *ret;
157 int i,j,n,set_prev,set_next;
158 STACK *sk;
159
160 if ((name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
161 return(NULL);
162 sk=name->entries;
163 ret=(X509_NAME_ENTRY *)sk_delete(sk,loc);
164 n=sk_num(sk);
165 name->modified=1;
166 if (loc == n) return(ret);
167
168 /* else we need to fixup the set field */
169 if (loc != 0)
170 set_prev=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set;
171 else
172 set_prev=ret->set-1;
173 set_next=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
174
175 /* set_prev is the previous set
176 * set is the current set
177 * set_next is the following
178 * prev 1 1 1 1 1 1 1 1
179 * set 1 1 2 2
180 * next 1 1 2 2 2 2 3 2
181 * so basically only if prev and next differ by 2, then
182 * re-number down by 1 */
183 if (set_prev+1 < set_next)
184 {
185 j=set_next-set_prev-1;
186 for (i=loc; i<n; i++)
187 ((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set-=j;
188 }
189 return(ret);
190 }
191
192/* if set is -1, append to previous set, 0 'a new one', and 1,
193 * prepend to the guy we are about to stomp on. */
194int X509_NAME_add_entry(name,ne,loc,set)
195X509_NAME *name;
196X509_NAME_ENTRY *ne;
197int loc;
198int set;
199 {
200 X509_NAME_ENTRY *new_name=NULL;
201 int n,i,inc;
202 STACK *sk;
203
204 if (name == NULL) return(0);
205 sk=name->entries;
206 n=sk_num(sk);
207 if (loc > n) loc=n;
208 else if (loc < 0) loc=n;
209
210 name->modified=1;
211
212 if (set == -1)
213 {
214 if (loc == 0)
215 {
216 set=0;
217 inc=1;
218 }
219 else
220 {
221 set=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set;
222 inc=0;
223 }
224 }
225 else /* if (set >= 0) */
226 {
227 if (loc >= n)
228 {
229 if (loc != 0)
230 set=((X509_NAME_ENTRY *)
231 sk_value(sk,loc-1))->set+1;
232 else
233 set=0;
234 }
235 else
236 set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
237 inc=(set == 0)?1:0;
238 }
239
240 if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
241 goto err;
242 new_name->set=set;
243 if (!sk_insert(sk,(char *)new_name,loc))
244 {
245 X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
246 goto err;
247 }
248 if (inc)
249 {
250 n=sk_num(sk);
251 for (i=loc+1; i<n; i++)
252 ((X509_NAME_ENTRY *)sk_value(sk,i-1))->set+=1;
253 }
254 return(1);
255err:
256 if (new_name != NULL)
257 X509_NAME_ENTRY_free(ne);
258 return(0);
259 }
260
261X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(ne,nid,type,bytes,len)
262X509_NAME_ENTRY **ne;
263int nid;
264int type;
265unsigned char *bytes;
266int len;
267 {
268 ASN1_OBJECT *obj;
269
270 obj=OBJ_nid2obj(nid);
271 if (obj == NULL)
272 {
273 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
274 return(NULL);
275 }
276 return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len));
277 }
278
279X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len)
280X509_NAME_ENTRY **ne;
281ASN1_OBJECT *obj;
282int type;
283unsigned char *bytes;
284int len;
285 {
286 X509_NAME_ENTRY *ret;
287
288 if ((ne == NULL) || (*ne == NULL))
289 {
290 if ((ret=X509_NAME_ENTRY_new()) == NULL)
291 return(NULL);
292 }
293 else
294 ret= *ne;
295
296 if (!X509_NAME_ENTRY_set_object(ret,obj))
297 goto err;
298 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
299 goto err;
300
301 if ((ne != NULL) && (*ne == NULL)) *ne=ret;
302 return(ret);
303err:
304 if ((ne == NULL) || (ret != *ne))
305 X509_NAME_ENTRY_free(ret);
306 return(NULL);
307 }
308
309int X509_NAME_ENTRY_set_object(ne,obj)
310X509_NAME_ENTRY *ne;
311ASN1_OBJECT *obj;
312 {
313 if ((ne == NULL) || (obj == NULL))
314 {
315 X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
316 return(0);
317 }
318 ASN1_OBJECT_free(ne->object);
319 ne->object=OBJ_dup(obj);
320 return((ne->object == NULL)?0:1);
321 }
322
323int X509_NAME_ENTRY_set_data(ne,type,bytes,len)
324X509_NAME_ENTRY *ne;
325int type;
326unsigned char *bytes;
327int len;
328 {
329 int i;
330
331 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
332 if (len < 0) len=strlen((char *)bytes);
333 i=ASN1_STRING_set(ne->value,bytes,len);
334 if (!i) return(0);
335 if (type != V_ASN1_UNDEF)
336 {
337 if (type == V_ASN1_APP_CHOOSE)
338 ne->value->type=ASN1_PRINTABLE_type(bytes,len);
339 else
340 ne->value->type=type;
341 }
342 return(1);
343 }
344
345ASN1_OBJECT *X509_NAME_ENTRY_get_object(ne)
346X509_NAME_ENTRY *ne;
347 {
348 if (ne == NULL) return(NULL);
349 return(ne->object);
350 }
351
352ASN1_STRING *X509_NAME_ENTRY_get_data(ne)
353X509_NAME_ENTRY *ne;
354 {
355 if (ne == NULL) return(NULL);
356 return(ne->value);
357 }
358
diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c
new file mode 100644
index 0000000000..323b25470a
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509rset.c
@@ -0,0 +1,89 @@
1/* crypto/x509/x509rset.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "asn1.h"
62#include "objects.h"
63#include "evp.h"
64#include "x509.h"
65
66int X509_REQ_set_version(x,version)
67X509_REQ *x;
68long version;
69 {
70 if (x == NULL) return(0);
71 return(ASN1_INTEGER_set(x->req_info->version,version));
72 }
73
74int X509_REQ_set_subject_name(x,name)
75X509_REQ *x;
76X509_NAME *name;
77 {
78 if ((x == NULL) || (x->req_info == NULL)) return(0);
79 return(X509_NAME_set(&x->req_info->subject,name));
80 }
81
82int X509_REQ_set_pubkey(x,pkey)
83X509_REQ *x;
84EVP_PKEY *pkey;
85 {
86 if ((x == NULL) || (x->req_info == NULL)) return(0);
87 return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
88 }
89
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
new file mode 100644
index 0000000000..42c23bcfca
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509type.c
@@ -0,0 +1,115 @@
1/* crypto/x509/x509type.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "evp.h"
62#include "objects.h"
63#include "x509.h"
64
65int X509_certificate_type(x,pkey)
66X509 *x;
67EVP_PKEY *pkey;
68 {
69 EVP_PKEY *pk;
70 int ret=0,i;
71
72 if (x == NULL) return(0);
73
74 if (pkey == NULL)
75 pk=X509_get_pubkey(x);
76 else
77 pk=pkey;
78
79 if (pk == NULL) return(0);
80
81 switch (pk->type)
82 {
83 case EVP_PKEY_RSA:
84 ret=EVP_PK_RSA|EVP_PKT_SIGN;
85/* if (!sign only extension) */
86 ret|=EVP_PKT_ENC;
87 break;
88 case EVP_PKEY_DSA:
89 ret=EVP_PK_DSA|EVP_PKT_SIGN;
90 break;
91 case EVP_PKEY_DH:
92 ret=EVP_PK_DH|EVP_PKT_EXCH;
93 break;
94 default:
95 break;
96 }
97
98 i=X509_get_signature_type(x);
99 switch (i)
100 {
101 case EVP_PKEY_RSA:
102 ret|=EVP_PKS_RSA;
103 break;
104 case EVP_PKS_DSA:
105 ret|=EVP_PKS_DSA;
106 break;
107 default:
108 break;
109 }
110
111 if (EVP_PKEY_size(pkey) <= 512)
112 ret|=EVP_PKT_EXP;
113 return(ret);
114 }
115
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
new file mode 100644
index 0000000000..b7dde23e9a
--- /dev/null
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -0,0 +1,465 @@
1/* crypto/x509/x_all.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#undef SSLEAY_MACROS
61#include "stack.h"
62#include "cryptlib.h"
63#include "buffer.h"
64#include "asn1.h"
65#include "evp.h"
66#include "x509.h"
67
68int X509_verify(a,r)
69X509 *a;
70EVP_PKEY *r;
71 {
72 return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,
73 a->signature,(char *)a->cert_info,r));
74 }
75
76int X509_REQ_verify(a,r)
77X509_REQ *a;
78EVP_PKEY *r;
79 {
80 return( ASN1_verify((int (*)())i2d_X509_REQ_INFO,
81 a->sig_alg,a->signature,(char *)a->req_info,r));
82 }
83
84int X509_CRL_verify(a,r)
85X509_CRL *a;
86EVP_PKEY *r;
87 {
88 return(ASN1_verify((int (*)())i2d_X509_CRL_INFO,
89 a->sig_alg, a->signature,(char *)a->crl,r));
90 }
91
92int NETSCAPE_SPKI_verify(a,r)
93NETSCAPE_SPKI *a;
94EVP_PKEY *r;
95 {
96 return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC,
97 a->sig_algor,a->signature, (char *)a->spkac,r));
98 }
99
100int X509_sign(x,pkey,md)
101X509 *x;
102EVP_PKEY *pkey;
103EVP_MD *md;
104 {
105 return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature,
106 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md));
107 }
108
109int X509_REQ_sign(x,pkey,md)
110X509_REQ *x;
111EVP_PKEY *pkey;
112EVP_MD *md;
113 {
114 return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL,
115 x->signature, (char *)x->req_info,pkey,md));
116 }
117
118int X509_CRL_sign(x,pkey,md)
119X509_CRL *x;
120EVP_PKEY *pkey;
121EVP_MD *md;
122 {
123 return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,
124 x->sig_alg, x->signature, (char *)x->crl,pkey,md));
125 }
126
127int NETSCAPE_SPKI_sign(x,pkey,md)
128NETSCAPE_SPKI *x;
129EVP_PKEY *pkey;
130EVP_MD *md;
131 {
132 return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL,
133 x->signature, (char *)x->spkac,pkey,md));
134 }
135
136X509 *X509_dup(x509)
137X509 *x509;
138 {
139 return((X509 *)ASN1_dup((int (*)())i2d_X509,
140 (char *(*)())d2i_X509,(char *)x509));
141 }
142
143X509_EXTENSION *X509_EXTENSION_dup(ex)
144X509_EXTENSION *ex;
145 {
146 return((X509_EXTENSION *)ASN1_dup(
147 (int (*)())i2d_X509_EXTENSION,
148 (char *(*)())d2i_X509_EXTENSION,(char *)ex));
149 }
150
151#ifndef NO_FP_API
152X509 *d2i_X509_fp(fp,x509)
153FILE *fp;
154X509 *x509;
155 {
156 return((X509 *)ASN1_d2i_fp((char *(*)())X509_new,
157 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)));
158 }
159
160int i2d_X509_fp(fp,x509)
161FILE *fp;
162X509 *x509;
163 {
164 return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509));
165 }
166#endif
167
168X509 *d2i_X509_bio(bp,x509)
169BIO *bp;
170X509 *x509;
171 {
172 return((X509 *)ASN1_d2i_bio((char *(*)())X509_new,
173 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)));
174 }
175
176int i2d_X509_bio(bp,x509)
177BIO *bp;
178X509 *x509;
179 {
180 return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509));
181 }
182
183X509_CRL *X509_CRL_dup(crl)
184X509_CRL *crl;
185 {
186 return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL,
187 (char *(*)())d2i_X509_CRL,(char *)crl));
188 }
189
190#ifndef NO_FP_API
191X509_CRL *d2i_X509_CRL_fp(fp,crl)
192FILE *fp;
193X509_CRL *crl;
194 {
195 return((X509_CRL *)ASN1_d2i_fp((char *(*)())
196 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),
197 (unsigned char **)(crl)));
198 }
199
200int i2d_X509_CRL_fp(fp,crl)
201FILE *fp;
202X509_CRL *crl;
203 {
204 return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl));
205 }
206#endif
207
208X509_CRL *d2i_X509_CRL_bio(bp,crl)
209BIO *bp;
210X509_CRL *crl;
211 {
212 return((X509_CRL *)ASN1_d2i_bio((char *(*)())
213 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),
214 (unsigned char **)(crl)));
215 }
216
217int i2d_X509_CRL_bio(bp,crl)
218BIO *bp;
219X509_CRL *crl;
220 {
221 return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl));
222 }
223
224PKCS7 *PKCS7_dup(p7)
225PKCS7 *p7;
226 {
227 return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7,
228 (char *(*)())d2i_PKCS7,(char *)p7));
229 }
230
231#ifndef NO_FP_API
232PKCS7 *d2i_PKCS7_fp(fp,p7)
233FILE *fp;
234PKCS7 *p7;
235 {
236 return((PKCS7 *)ASN1_d2i_fp((char *(*)())
237 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),
238 (unsigned char **)(p7)));
239 }
240
241int i2d_PKCS7_fp(fp,p7)
242FILE *fp;
243PKCS7 *p7;
244 {
245 return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7));
246 }
247#endif
248
249PKCS7 *d2i_PKCS7_bio(bp,p7)
250BIO *bp;
251PKCS7 *p7;
252 {
253 return((PKCS7 *)ASN1_d2i_bio((char *(*)())
254 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),
255 (unsigned char **)(p7)));
256 }
257
258int i2d_PKCS7_bio(bp,p7)
259BIO *bp;
260PKCS7 *p7;
261 {
262 return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7));
263 }
264
265X509_REQ *X509_REQ_dup(req)
266X509_REQ *req;
267 {
268 return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ,
269 (char *(*)())d2i_X509_REQ,(char *)req));
270 }
271
272#ifndef NO_FP_API
273X509_REQ *d2i_X509_REQ_fp(fp,req)
274FILE *fp;
275X509_REQ *req;
276 {
277 return((X509_REQ *)ASN1_d2i_fp((char *(*)())
278 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),
279 (unsigned char **)(req)));
280 }
281
282int i2d_X509_REQ_fp(fp,req)
283FILE *fp;
284X509_REQ *req;
285 {
286 return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req));
287 }
288#endif
289
290X509_REQ *d2i_X509_REQ_bio(bp,req)
291BIO *bp;
292X509_REQ *req;
293 {
294 return((X509_REQ *)ASN1_d2i_bio((char *(*)())
295 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),
296 (unsigned char **)(req)));
297 }
298
299int i2d_X509_REQ_bio(bp,req)
300BIO *bp;
301X509_REQ *req;
302 {
303 return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req));
304 }
305
306#ifndef NO_RSA
307RSA *RSAPublicKey_dup(rsa)
308RSA *rsa;
309 {
310 return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey,
311 (char *(*)())d2i_RSAPublicKey,(char *)rsa));
312 }
313
314RSA *RSAPrivateKey_dup(rsa)
315RSA *rsa;
316 {
317 return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey,
318 (char *(*)())d2i_RSAPrivateKey,(char *)rsa));
319 }
320
321#ifndef NO_FP_API
322RSA *d2i_RSAPrivateKey_fp(fp,rsa)
323FILE *fp;
324RSA *rsa;
325 {
326 return((RSA *)ASN1_d2i_fp((char *(*)())
327 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp),
328 (unsigned char **)(rsa)));
329 }
330
331int i2d_RSAPrivateKey_fp(fp,rsa)
332FILE *fp;
333RSA *rsa;
334 {
335 return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa));
336 }
337
338RSA *d2i_RSAPublicKey_fp(fp,rsa)
339FILE *fp;
340RSA *rsa;
341 {
342 return((RSA *)ASN1_d2i_fp((char *(*)())
343 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp),
344 (unsigned char **)(rsa)));
345 }
346
347int i2d_RSAPublicKey_fp(fp,rsa)
348FILE *fp;
349RSA *rsa;
350 {
351 return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
352 }
353#endif
354
355RSA *d2i_RSAPrivateKey_bio(bp,rsa)
356BIO *bp;
357RSA *rsa;
358 {
359 return((RSA *)ASN1_d2i_bio((char *(*)())
360 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp),
361 (unsigned char **)(rsa)));
362 }
363
364int i2d_RSAPrivateKey_bio(bp,rsa)
365BIO *bp;
366RSA *rsa;
367 {
368 return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa));
369 }
370
371RSA *d2i_RSAPublicKey_bio(bp,rsa)
372BIO *bp;
373RSA *rsa;
374 {
375 return((RSA *)ASN1_d2i_bio((char *(*)())
376 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp),
377 (unsigned char **)(rsa)));
378 }
379
380int i2d_RSAPublicKey_bio(bp,rsa)
381BIO *bp;
382RSA *rsa;
383 {
384 return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
385 }
386#endif
387
388#ifndef NO_DSA
389#ifndef NO_FP_API
390DSA *d2i_DSAPrivateKey_fp(fp,dsa)
391FILE *fp;
392DSA *dsa;
393 {
394 return((DSA *)ASN1_d2i_fp((char *(*)())
395 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
396 (unsigned char **)(dsa)));
397 }
398
399int i2d_DSAPrivateKey_fp(fp,dsa)
400FILE *fp;
401DSA *dsa;
402 {
403 return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
404 }
405#endif
406
407DSA *d2i_DSAPrivateKey_bio(bp,dsa)
408BIO *bp;
409DSA *dsa;
410 {
411 return((DSA *)ASN1_d2i_bio((char *(*)())
412 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
413 (unsigned char **)(dsa)));
414 }
415
416int i2d_DSAPrivateKey_bio(bp,dsa)
417BIO *bp;
418DSA *dsa;
419 {
420 return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
421 }
422#endif
423
424X509_NAME *X509_NAME_dup(xn)
425X509_NAME *xn;
426 {
427 return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME,
428 (char *(*)())d2i_X509_NAME,(char *)xn));
429 }
430
431X509_NAME_ENTRY *X509_NAME_ENTRY_dup(ne)
432X509_NAME_ENTRY *ne;
433 {
434 return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY,
435 (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
436 }
437
438int X509_digest(data,type,md,len)
439X509 *data;
440EVP_MD *type;
441unsigned char *md;
442unsigned int *len;
443 {
444 return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
445 }
446
447int X509_NAME_digest(data,type,md,len)
448X509_NAME *data;
449EVP_MD *type;
450unsigned char *md;
451unsigned int *len;
452 {
453 return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
454 }
455
456int PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len)
457PKCS7_ISSUER_AND_SERIAL *data;
458EVP_MD *type;
459unsigned char *md;
460unsigned int *len;
461 {
462 return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
463 (char *)data,md,len));
464 }
465
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-11 01:45:50 +0000