summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/x509/x509_err.c162
-rw-r--r--src/lib/libcrypto/x509/x509_ext.c144
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c355
-rw-r--r--src/lib/libcrypto/x509/x509_obj.c140
-rw-r--r--src/lib/libcrypto/x509/x509_r2x.c51
-rw-r--r--src/lib/libcrypto/x509/x509_req.c210
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_err.c162
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_ext.c144
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_lu.c355
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_obj.c140
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_r2x.c51
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_req.c210
12 files changed, 1184 insertions, 940 deletions
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
index ab5e8aaea2..4a890a180d 100644
--- a/src/lib/libcrypto/x509/x509_err.c
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -68,96 +68,94 @@
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0) 68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) 69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
70 70
71static ERR_STRING_DATA X509_str_functs[]= 71static ERR_STRING_DATA X509_str_functs[] = {
72{ 72 {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
73{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, 73 {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
74{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, 74 {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
75{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, 75 {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
76{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, 76 {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
77{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, 77 {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
78{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, 78 {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
79{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, 79 {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
80{ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, 80 {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
81{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, 81 {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
82{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"}, 82 {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
83{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"}, 83 {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
84{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"}, 84 {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
85{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, 85 {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
86{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, 86 {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
87{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, 87 {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
88{ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, 88 {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
89{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, 89 {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
90{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, 90 {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"},
91{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"}, 91 {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
92{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, 92 {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
93{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, 93 {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
94{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, 94 {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
95{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, 95 {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"},
96{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"}, 96 {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"},
97{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"}, 97 {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"},
98{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"}, 98 {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
99{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, 99 {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
100{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, 100 {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
101{ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, 101 {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
102{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, 102 {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
103{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, 103 {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"},
104{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"}, 104 {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
105{ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, 105 {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
106{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, 106 {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
107{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, 107 {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
108{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, 108 {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
109{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, 109 {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"},
110{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"}, 110 {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
111{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, 111 {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
112{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, 112 {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"},
113{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"}, 113 {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
114{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"}, 114 {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
115{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"}, 115 {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
116{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"}, 116 {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
117{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"}, 117 {0, NULL}
118{0,NULL}
119}; 118};
120 119
121static ERR_STRING_DATA X509_str_reasons[]= 120static ERR_STRING_DATA X509_str_reasons[] = {
122{ 121 {ERR_REASON(X509_R_BAD_X509_FILETYPE) , "bad x509 filetype"},
123{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"}, 122 {ERR_REASON(X509_R_BASE64_DECODE_ERROR) , "base64 decode error"},
124{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"}, 123 {ERR_REASON(X509_R_CANT_CHECK_DH_KEY) , "cant check dh key"},
125{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"}, 124 {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE), "cert already in hash table"},
126{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"}, 125 {ERR_REASON(X509_R_ERR_ASN1_LIB) , "err asn1 lib"},
127{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"}, 126 {ERR_REASON(X509_R_INVALID_DIRECTORY) , "invalid directory"},
128{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"}, 127 {ERR_REASON(X509_R_INVALID_FIELD_NAME) , "invalid field name"},
129{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"}, 128 {ERR_REASON(X509_R_INVALID_TRUST) , "invalid trust"},
130{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"}, 129 {ERR_REASON(X509_R_KEY_TYPE_MISMATCH) , "key type mismatch"},
131{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"}, 130 {ERR_REASON(X509_R_KEY_VALUES_MISMATCH) , "key values mismatch"},
132{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"}, 131 {ERR_REASON(X509_R_LOADING_CERT_DIR) , "loading cert dir"},
133{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"}, 132 {ERR_REASON(X509_R_LOADING_DEFAULTS) , "loading defaults"},
134{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"}, 133 {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) , "method not supported"},
135{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) ,"method not supported"}, 134 {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), "no cert set for us to verify"},
136{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"}, 135 {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"},
137{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR),"public key decode error"}, 136 {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"},
138{ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR),"public key encode error"}, 137 {ERR_REASON(X509_R_SHOULD_RETRY) , "should retry"},
139{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"}, 138 {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), "unable to find parameters in chain"},
140{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"}, 139 {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), "unable to get certs public key"},
141{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"}, 140 {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) , "unknown key type"},
142{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"}, 141 {ERR_REASON(X509_R_UNKNOWN_NID) , "unknown nid"},
143{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"}, 142 {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) , "unknown purpose id"},
144{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"}, 143 {ERR_REASON(X509_R_UNKNOWN_TRUST_ID) , "unknown trust id"},
145{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"}, 144 {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
146{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"}, 145 {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) , "wrong lookup type"},
147{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"}, 146 {ERR_REASON(X509_R_WRONG_TYPE) , "wrong type"},
148{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"}, 147 {0, NULL}
149{0,NULL}
150}; 148};
151 149
152#endif 150#endif
153 151
154void ERR_load_X509_strings(void) 152void
153ERR_load_X509_strings(void)
155{ 154{
156#ifndef OPENSSL_NO_ERR 155#ifndef OPENSSL_NO_ERR
157
158 if (ERR_func_error_string(X509_str_functs[0].error) == NULL) { 156 if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
159 ERR_load_strings(0,X509_str_functs); 157 ERR_load_strings(0, X509_str_functs);
160 ERR_load_strings(0,X509_str_reasons); 158 ERR_load_strings(0, X509_str_reasons);
161 } 159 }
162#endif 160#endif
163} 161}
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
index bdc489f367..a2441c2c2c 100644
--- a/src/lib/libcrypto/x509/x509_ext.c
+++ b/src/lib/libcrypto/x509/x509_ext.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -66,142 +66,168 @@
66#include <openssl/x509v3.h> 66#include <openssl/x509v3.h>
67 67
68 68
69int X509_CRL_get_ext_count(X509_CRL *x) 69int
70X509_CRL_get_ext_count(X509_CRL *x)
70{ 71{
71 return(X509v3_get_ext_count(x->crl->extensions)); 72 return (X509v3_get_ext_count(x->crl->extensions));
72} 73}
73 74
74int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) 75int
76X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
75{ 77{
76 return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos)); 78 return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos));
77} 79}
78 80
79int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) 81int
82X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
80{ 83{
81 return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos)); 84 return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos));
82} 85}
83 86
84int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) 87int
88X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
85{ 89{
86 return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos)); 90 return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos));
87} 91}
88 92
89X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) 93X509_EXTENSION *
94X509_CRL_get_ext(X509_CRL *x, int loc)
90{ 95{
91 return(X509v3_get_ext(x->crl->extensions,loc)); 96 return (X509v3_get_ext(x->crl->extensions, loc));
92} 97}
93 98
94X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) 99X509_EXTENSION *
100X509_CRL_delete_ext(X509_CRL *x, int loc)
95{ 101{
96 return(X509v3_delete_ext(x->crl->extensions,loc)); 102 return (X509v3_delete_ext(x->crl->extensions, loc));
97} 103}
98 104
99void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) 105void *
106X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
100{ 107{
101 return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); 108 return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
102} 109}
103 110
104int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, 111int
105 unsigned long flags) 112X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
113 unsigned long flags)
106{ 114{
107 return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); 115 return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
108} 116}
109 117
110int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) 118int
119X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
111{ 120{
112 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); 121 return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL);
113} 122}
114 123
115int X509_get_ext_count(X509 *x) 124int
125X509_get_ext_count(X509 *x)
116{ 126{
117 return(X509v3_get_ext_count(x->cert_info->extensions)); 127 return (X509v3_get_ext_count(x->cert_info->extensions));
118} 128}
119 129
120int X509_get_ext_by_NID(X509 *x, int nid, int lastpos) 130int
131X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
121{ 132{
122 return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos)); 133 return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos));
123} 134}
124 135
125int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) 136int
137X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
126{ 138{
127 return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos)); 139 return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos));
128} 140}
129 141
130int X509_get_ext_by_critical(X509 *x, int crit, int lastpos) 142int
143X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
131{ 144{
132 return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos)); 145 return (X509v3_get_ext_by_critical(x->cert_info->extensions, crit,
146 lastpos));
133} 147}
134 148
135X509_EXTENSION *X509_get_ext(X509 *x, int loc) 149X509_EXTENSION *
150X509_get_ext(X509 *x, int loc)
136{ 151{
137 return(X509v3_get_ext(x->cert_info->extensions,loc)); 152 return (X509v3_get_ext(x->cert_info->extensions, loc));
138} 153}
139 154
140X509_EXTENSION *X509_delete_ext(X509 *x, int loc) 155X509_EXTENSION *
156X509_delete_ext(X509 *x, int loc)
141{ 157{
142 return(X509v3_delete_ext(x->cert_info->extensions,loc)); 158 return (X509v3_delete_ext(x->cert_info->extensions, loc));
143} 159}
144 160
145int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) 161int
162X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
146{ 163{
147 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); 164 return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL);
148} 165}
149 166
150void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) 167void *
168X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
151{ 169{
152 return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); 170 return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
153} 171}
154 172
155int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, 173int
156 unsigned long flags) 174X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags)
157{ 175{
158 return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit, 176 return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
159 flags); 177 flags);
160} 178}
161 179
162int X509_REVOKED_get_ext_count(X509_REVOKED *x) 180int
181X509_REVOKED_get_ext_count(X509_REVOKED *x)
163{ 182{
164 return(X509v3_get_ext_count(x->extensions)); 183 return (X509v3_get_ext_count(x->extensions));
165} 184}
166 185
167int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) 186int
187X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
168{ 188{
169 return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos)); 189 return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos));
170} 190}
171 191
172int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, 192int
173 int lastpos) 193X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, int lastpos)
174{ 194{
175 return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos)); 195 return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos));
176} 196}
177 197
178int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) 198int
199X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
179{ 200{
180 return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos)); 201 return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos));
181} 202}
182 203
183X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc) 204X509_EXTENSION *
205X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
184{ 206{
185 return(X509v3_get_ext(x->extensions,loc)); 207 return (X509v3_get_ext(x->extensions, loc));
186} 208}
187 209
188X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) 210X509_EXTENSION *
211X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
189{ 212{
190 return(X509v3_delete_ext(x->extensions,loc)); 213 return (X509v3_delete_ext(x->extensions, loc));
191} 214}
192 215
193int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) 216int
217X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
194{ 218{
195 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); 219 return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
196} 220}
197 221
198void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) 222void *
223X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
199{ 224{
200 return X509V3_get_d2i(x->extensions, nid, crit, idx); 225 return X509V3_get_d2i(x->extensions, nid, crit, idx);
201} 226}
202 227
203int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, 228int
204 unsigned long flags) 229X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
230 unsigned long flags)
205{ 231{
206 return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); 232 return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
207} 233}
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index a89cd70313..aec1121ffb 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -62,18 +62,20 @@
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include <openssl/x509v3.h> 63#include <openssl/x509v3.h>
64 64
65X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) 65X509_LOOKUP *
66X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
66{ 67{
67 X509_LOOKUP *ret; 68 X509_LOOKUP *ret;
68 69
69 ret=(X509_LOOKUP *)malloc(sizeof(X509_LOOKUP)); 70 ret = (X509_LOOKUP *)malloc(sizeof(X509_LOOKUP));
70 if (ret == NULL) return NULL; 71 if (ret == NULL)
72 return NULL;
71 73
72 ret->init=0; 74 ret->init = 0;
73 ret->skip=0; 75 ret->skip = 0;
74 ret->method=method; 76 ret->method = method;
75 ret->method_data=NULL; 77 ret->method_data = NULL;
76 ret->store_ctx=NULL; 78 ret->store_ctx = NULL;
77 if ((method->new_item != NULL) && !method->new_item(ret)) { 79 if ((method->new_item != NULL) && !method->new_item(ret)) {
78 free(ret); 80 free(ret);
79 return NULL; 81 return NULL;
@@ -81,91 +83,104 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
81 return ret; 83 return ret;
82} 84}
83 85
84void X509_LOOKUP_free(X509_LOOKUP *ctx) 86void
87X509_LOOKUP_free(X509_LOOKUP *ctx)
85{ 88{
86 if (ctx == NULL) return; 89 if (ctx == NULL)
87 if ( (ctx->method != NULL) && 90 return;
88 (ctx->method->free != NULL)) 91 if ((ctx->method != NULL) && (ctx->method->free != NULL))
89 (*ctx->method->free)(ctx); 92 (*ctx->method->free)(ctx);
90 free(ctx); 93 free(ctx);
91} 94}
92 95
93int X509_LOOKUP_init(X509_LOOKUP *ctx) 96int
97X509_LOOKUP_init(X509_LOOKUP *ctx)
94{ 98{
95 if (ctx->method == NULL) return 0; 99 if (ctx->method == NULL)
100 return 0;
96 if (ctx->method->init != NULL) 101 if (ctx->method->init != NULL)
97 return ctx->method->init(ctx); 102 return ctx->method->init(ctx);
98 else 103 else
99 return 1; 104 return 1;
100} 105}
101 106
102int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) 107int
108X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
103{ 109{
104 if (ctx->method == NULL) return 0; 110 if (ctx->method == NULL)
111 return 0;
105 if (ctx->method->shutdown != NULL) 112 if (ctx->method->shutdown != NULL)
106 return ctx->method->shutdown(ctx); 113 return ctx->method->shutdown(ctx);
107 else 114 else
108 return 1; 115 return 1;
109} 116}
110 117
111int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, 118int
112 char **ret) 119X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
120 char **ret)
113{ 121{
114 if (ctx->method == NULL) return -1; 122 if (ctx->method == NULL)
123 return -1;
115 if (ctx->method->ctrl != NULL) 124 if (ctx->method->ctrl != NULL)
116 return ctx->method->ctrl(ctx,cmd,argc,argl,ret); 125 return ctx->method->ctrl(ctx, cmd, argc, argl, ret);
117 else 126 else
118 return 1; 127 return 1;
119} 128}
120 129
121int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, 130int
122 X509_OBJECT *ret) 131X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
123 { 132 X509_OBJECT *ret)
133{
124 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) 134 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
125 return X509_LU_FAIL; 135 return X509_LU_FAIL;
126 if (ctx->skip) return 0; 136 if (ctx->skip)
127 return ctx->method->get_by_subject(ctx,type,name,ret); 137 return 0;
138 return ctx->method->get_by_subject(ctx, type, name, ret);
128} 139}
129 140
130int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, 141int
131 ASN1_INTEGER *serial, X509_OBJECT *ret) 142X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
143 ASN1_INTEGER *serial, X509_OBJECT *ret)
132{ 144{
133 if ((ctx->method == NULL) || 145 if ((ctx->method == NULL) ||
134 (ctx->method->get_by_issuer_serial == NULL)) 146 (ctx->method->get_by_issuer_serial == NULL))
135 return X509_LU_FAIL; 147 return X509_LU_FAIL;
136 return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret); 148 return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
137} 149}
138 150
139int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, 151int
140 unsigned char *bytes, int len, X509_OBJECT *ret) 152X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, unsigned char *bytes,
153 int len, X509_OBJECT *ret)
141{ 154{
142 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) 155 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
143 return X509_LU_FAIL; 156 return X509_LU_FAIL;
144 return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret); 157 return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
145} 158}
146 159
147int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, 160int
148 X509_OBJECT *ret) 161X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
162 X509_OBJECT *ret)
149{ 163{
150 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) 164 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
151 return X509_LU_FAIL; 165 return X509_LU_FAIL;
152 return ctx->method->get_by_alias(ctx,type,str,len,ret); 166 return ctx->method->get_by_alias(ctx, type, str, len, ret);
153} 167}
154 168
155 169static int
156static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) 170x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
157 { 171{
158 int ret; 172 int ret;
159 173
160 ret=((*a)->type - (*b)->type); 174 ret = ((*a)->type - (*b)->type);
161 if (ret) return ret; 175 if (ret)
162 switch ((*a)->type) { 176 return ret;
163 case X509_LU_X509: 177 switch ((*a)->type) {
164 ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); 178 case X509_LU_X509:
165 break; 179 ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);
166 case X509_LU_CRL: 180 break;
167 ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl); 181 case X509_LU_CRL:
168 break; 182 ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
183 break;
169 default: 184 default:
170 /* abort(); */ 185 /* abort(); */
171 return 0; 186 return 0;
@@ -173,23 +188,24 @@ static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * con
173 return ret; 188 return ret;
174} 189}
175 190
176X509_STORE *X509_STORE_new(void) 191X509_STORE *
192X509_STORE_new(void)
177{ 193{
178 X509_STORE *ret; 194 X509_STORE *ret;
179 195
180 if ((ret=(X509_STORE *)malloc(sizeof(X509_STORE))) == NULL) 196 if ((ret = (X509_STORE *)malloc(sizeof(X509_STORE))) == NULL)
181 return NULL; 197 return NULL;
182 ret->objs = sk_X509_OBJECT_new(x509_object_cmp); 198 ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
183 ret->cache=1; 199 ret->cache = 1;
184 ret->get_cert_methods=sk_X509_LOOKUP_new_null(); 200 ret->get_cert_methods = sk_X509_LOOKUP_new_null();
185 ret->verify=0; 201 ret->verify = 0;
186 ret->verify_cb=0; 202 ret->verify_cb = 0;
187 203
188 if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) { 204 if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) {
189 sk_X509_OBJECT_free(ret->objs); 205 sk_X509_OBJECT_free(ret->objs);
190 free(ret); 206 free(ret);
191 return NULL; 207 return NULL;
192} 208 }
193 209
194 ret->get_issuer = 0; 210 ret->get_issuer = 0;
195 ret->check_issued = 0; 211 ret->check_issued = 0;
@@ -201,17 +217,19 @@ X509_STORE *X509_STORE_new(void)
201 ret->lookup_crls = 0; 217 ret->lookup_crls = 0;
202 ret->cleanup = 0; 218 ret->cleanup = 0;
203 219
204 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { 220 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE,
221 ret, &ret->ex_data)) {
205 sk_X509_OBJECT_free(ret->objs); 222 sk_X509_OBJECT_free(ret->objs);
206 free(ret); 223 free(ret);
207 return NULL; 224 return NULL;
208 } 225 }
209 226
210 ret->references=1; 227 ret->references = 1;
211 return ret; 228 return ret;
212} 229}
213 230
214static void cleanup(X509_OBJECT *a) 231static void
232cleanup(X509_OBJECT *a)
215{ 233{
216 if (a->type == X509_LU_X509) { 234 if (a->type == X509_LU_X509) {
217 X509_free(a->data.x509); 235 X509_free(a->data.x509);
@@ -224,18 +242,19 @@ static void cleanup(X509_OBJECT *a)
224 free(a); 242 free(a);
225} 243}
226 244
227void X509_STORE_free(X509_STORE *vfy) 245void
246X509_STORE_free(X509_STORE *vfy)
228{ 247{
229 int i; 248 int i;
230 STACK_OF(X509_LOOKUP) *sk; 249 STACK_OF(X509_LOOKUP) *sk;
231 X509_LOOKUP *lu; 250 X509_LOOKUP *lu;
232 251
233 if (vfy == NULL) 252 if (vfy == NULL)
234 return; 253 return;
235 254
236 sk=vfy->get_cert_methods; 255 sk = vfy->get_cert_methods;
237 for (i=0; i<sk_X509_LOOKUP_num(sk); i++) { 256 for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
238 lu=sk_X509_LOOKUP_value(sk,i); 257 lu = sk_X509_LOOKUP_value(sk, i);
239 X509_LOOKUP_shutdown(lu); 258 X509_LOOKUP_shutdown(lu);
240 X509_LOOKUP_free(lu); 259 X509_LOOKUP_free(lu);
241 } 260 }
@@ -248,26 +267,27 @@ void X509_STORE_free(X509_STORE *vfy)
248 free(vfy); 267 free(vfy);
249} 268}
250 269
251X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) 270X509_LOOKUP *
271X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
252{ 272{
253 int i; 273 int i;
254 STACK_OF(X509_LOOKUP) *sk; 274 STACK_OF(X509_LOOKUP) *sk;
255 X509_LOOKUP *lu; 275 X509_LOOKUP *lu;
256 276
257 sk=v->get_cert_methods; 277 sk = v->get_cert_methods;
258 for (i=0; i<sk_X509_LOOKUP_num(sk); i++) { 278 for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
259 lu=sk_X509_LOOKUP_value(sk,i); 279 lu = sk_X509_LOOKUP_value(sk, i);
260 if (m == lu->method) { 280 if (m == lu->method) {
261 return lu; 281 return lu;
262 } 282 }
263 } 283 }
264 /* a new one */ 284 /* a new one */
265 lu=X509_LOOKUP_new(m); 285 lu = X509_LOOKUP_new(m);
266 if (lu == NULL) 286 if (lu == NULL)
267 return NULL; 287 return NULL;
268 else { 288 else {
269 lu->store_ctx=v; 289 lu->store_ctx = v;
270 if (sk_X509_LOOKUP_push(v->get_cert_methods,lu)) 290 if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
271 return lu; 291 return lu;
272 else { 292 else {
273 X509_LOOKUP_free(lu); 293 X509_LOOKUP_free(lu);
@@ -276,31 +296,33 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
276 } 296 }
277} 297}
278 298
279int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, 299int
280 X509_OBJECT *ret) 300X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
301 X509_OBJECT *ret)
281{ 302{
282 X509_STORE *ctx=vs->ctx; 303 X509_STORE *ctx = vs->ctx;
283 X509_LOOKUP *lu; 304 X509_LOOKUP *lu;
284 X509_OBJECT stmp,*tmp; 305 X509_OBJECT stmp, *tmp;
285 int i,j; 306 int i, j;
286 307
287 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 308 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
288 tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); 309 tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
289 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 310 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
290 311
291 if (tmp == NULL || type == X509_LU_CRL) { 312 if (tmp == NULL || type == X509_LU_CRL) {
292 for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { 313 for (i = vs->current_method;
293 lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i); 314 i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
294 j=X509_LOOKUP_by_subject(lu,type,name,&stmp); 315 lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
316 j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
295 if (j < 0) { 317 if (j < 0) {
296 vs->current_method=j; 318 vs->current_method = j;
297 return j; 319 return j;
298 } else if (j) { 320 } else if (j) {
299 tmp= &stmp; 321 tmp = &stmp;
300 break; 322 break;
301 } 323 }
302 } 324 }
303 vs->current_method=0; 325 vs->current_method = 0;
304 if (tmp == NULL) 326 if (tmp == NULL)
305 return 0; 327 return 0;
306 } 328 }
@@ -308,27 +330,29 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
308/* if (ret->data.ptr != NULL) 330/* if (ret->data.ptr != NULL)
309 X509_OBJECT_free_contents(ret); */ 331 X509_OBJECT_free_contents(ret); */
310 332
311 ret->type=tmp->type; 333 ret->type = tmp->type;
312 ret->data.ptr=tmp->data.ptr; 334 ret->data.ptr = tmp->data.ptr;
313 335
314 X509_OBJECT_up_ref_count(ret); 336 X509_OBJECT_up_ref_count(ret);
315 337
316 return 1; 338 return 1;
317} 339}
318 340
319int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) 341int
342X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
320{ 343{
321 X509_OBJECT *obj; 344 X509_OBJECT *obj;
322 int ret=1; 345 int ret = 1;
323 346
324 if (x == NULL) return 0; 347 if (x == NULL)
325 obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT)); 348 return 0;
349 obj = (X509_OBJECT *)malloc(sizeof(X509_OBJECT));
326 if (obj == NULL) { 350 if (obj == NULL) {
327 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); 351 X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
328 return 0; 352 return 0;
329 } 353 }
330 obj->type=X509_LU_X509; 354 obj->type = X509_LU_X509;
331 obj->data.x509=x; 355 obj->data.x509 = x;
332 356
333 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 357 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
334 358
@@ -337,29 +361,32 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
337 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { 361 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
338 X509_OBJECT_free_contents(obj); 362 X509_OBJECT_free_contents(obj);
339 free(obj); 363 free(obj);
340 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); 364 X509err(X509_F_X509_STORE_ADD_CERT,
341 ret=0; 365 X509_R_CERT_ALREADY_IN_HASH_TABLE);
342 } 366 ret = 0;
343 else sk_X509_OBJECT_push(ctx->objs, obj); 367 } else
368 sk_X509_OBJECT_push(ctx->objs, obj);
344 369
345 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 370 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
346 371
347 return ret; 372 return ret;
348} 373}
349 374
350int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) 375int
376X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
351{ 377{
352 X509_OBJECT *obj; 378 X509_OBJECT *obj;
353 int ret=1; 379 int ret = 1;
354 380
355 if (x == NULL) return 0; 381 if (x == NULL)
356 obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT)); 382 return 0;
383 obj = (X509_OBJECT *)malloc(sizeof(X509_OBJECT));
357 if (obj == NULL) { 384 if (obj == NULL) {
358 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); 385 X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
359 return 0; 386 return 0;
360 } 387 }
361 obj->type=X509_LU_CRL; 388 obj->type = X509_LU_CRL;
362 obj->data.crl=x; 389 obj->data.crl = x;
363 390
364 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 391 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
365 392
@@ -368,8 +395,9 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
368 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { 395 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
369 X509_OBJECT_free_contents(obj); 396 X509_OBJECT_free_contents(obj);
370 free(obj); 397 free(obj);
371 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); 398 X509err(X509_F_X509_STORE_ADD_CRL,
372 ret=0; 399 X509_R_CERT_ALREADY_IN_HASH_TABLE);
400 ret = 0;
373 } else 401 } else
374 sk_X509_OBJECT_push(ctx->objs, obj); 402 sk_X509_OBJECT_push(ctx->objs, obj);
375 403
@@ -378,19 +406,21 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
378 return ret; 406 return ret;
379} 407}
380 408
381void X509_OBJECT_up_ref_count(X509_OBJECT *a) 409void
410X509_OBJECT_up_ref_count(X509_OBJECT *a)
382{ 411{
383 switch (a->type) { 412 switch (a->type) {
384 case X509_LU_X509: 413 case X509_LU_X509:
385 CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509); 414 CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509);
386 break; 415 break;
387 case X509_LU_CRL: 416 case X509_LU_CRL:
388 CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL); 417 CRYPTO_add(&a->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
389 break; 418 break;
390 } 419 }
391} 420}
392 421
393void X509_OBJECT_free_contents(X509_OBJECT *a) 422void
423X509_OBJECT_free_contents(X509_OBJECT *a)
394{ 424{
395 switch (a->type) { 425 switch (a->type) {
396 case X509_LU_X509: 426 case X509_LU_X509:
@@ -402,8 +432,9 @@ void X509_OBJECT_free_contents(X509_OBJECT *a)
402 } 432 }
403} 433}
404 434
405static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, 435static int
406 X509_NAME *name, int *pnmatch) 436x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name,
437 int *pnmatch)
407{ 438{
408 X509_OBJECT stmp; 439 X509_OBJECT stmp;
409 X509 x509_s; 440 X509 x509_s;
@@ -412,24 +443,24 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
412 X509_CRL_INFO crl_info_s; 443 X509_CRL_INFO crl_info_s;
413 int idx; 444 int idx;
414 445
415 stmp.type=type; 446 stmp.type = type;
416 switch (type) { 447 switch (type) {
417 case X509_LU_X509: 448 case X509_LU_X509:
418 stmp.data.x509= &x509_s; 449 stmp.data.x509 = &x509_s;
419 x509_s.cert_info= &cinf_s; 450 x509_s.cert_info = &cinf_s;
420 cinf_s.subject=name; 451 cinf_s.subject = name;
421 break; 452 break;
422 case X509_LU_CRL: 453 case X509_LU_CRL:
423 stmp.data.crl= &crl_s; 454 stmp.data.crl = &crl_s;
424 crl_s.crl= &crl_info_s; 455 crl_s.crl = &crl_info_s;
425 crl_info_s.issuer=name; 456 crl_info_s.issuer = name;
426 break; 457 break;
427 default: 458 default:
428 /* abort(); */ 459 /* abort(); */
429 return -1; 460 return -1;
430 } 461 }
431 462
432 idx = sk_X509_OBJECT_find(h,&stmp); 463 idx = sk_X509_OBJECT_find(h, &stmp);
433 if (idx >= 0 && pnmatch) { 464 if (idx >= 0 && pnmatch) {
434 int tidx; 465 int tidx;
435 const X509_OBJECT *tobj, *pstmp; 466 const X509_OBJECT *tobj, *pstmp;
@@ -445,28 +476,32 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
445 return idx; 476 return idx;
446} 477}
447 478
448 479int
449int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, 480X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name)
450 X509_NAME *name)
451{ 481{
452 return x509_object_idx_cnt(h, type, name, NULL); 482 return x509_object_idx_cnt(h, type, name, NULL);
453} 483}
454 484
455X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, 485X509_OBJECT *
456 X509_NAME *name) 486X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
487 X509_NAME *name)
457{ 488{
458 int idx; 489 int idx;
490
459 idx = X509_OBJECT_idx_by_subject(h, type, name); 491 idx = X509_OBJECT_idx_by_subject(h, type, name);
460 if (idx==-1) return NULL; 492 if (idx == -1)
493 return NULL;
461 return sk_X509_OBJECT_value(h, idx); 494 return sk_X509_OBJECT_value(h, idx);
462} 495}
463 496
464STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) 497STACK_OF(X509) *
498X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
465{ 499{
466 int i, idx, cnt; 500 int i, idx, cnt;
467 STACK_OF(X509) *sk; 501 STACK_OF(X509) *sk;
468 X509 *x; 502 X509 *x;
469 X509_OBJECT *obj; 503 X509_OBJECT *obj;
504
470 sk = sk_X509_new_null(); 505 sk = sk_X509_new_null();
471 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 506 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
472 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); 507 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
@@ -482,7 +517,8 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
482 } 517 }
483 X509_OBJECT_free_contents(&xobj); 518 X509_OBJECT_free_contents(&xobj);
484 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 519 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
485 idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt); 520 idx = x509_object_idx_cnt(ctx->ctx->objs,
521 X509_LU_X509, nm, &cnt);
486 if (idx < 0) { 522 if (idx < 0) {
487 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 523 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
488 sk_X509_free(sk); 524 sk_X509_free(sk);
@@ -505,12 +541,14 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
505 541
506} 542}
507 543
508STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) 544STACK_OF(X509_CRL) *
545X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
509{ 546{
510 int i, idx, cnt; 547 int i, idx, cnt;
511 STACK_OF(X509_CRL) *sk; 548 STACK_OF(X509_CRL) *sk;
512 X509_CRL *x; 549 X509_CRL *x;
513 X509_OBJECT *obj, xobj; 550 X509_OBJECT *obj, xobj;
551
514 sk = sk_X509_CRL_new_null(); 552 sk = sk_X509_CRL_new_null();
515 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 553 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
516 /* Check cache first */ 554 /* Check cache first */
@@ -525,7 +563,7 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
525 } 563 }
526 X509_OBJECT_free_contents(&xobj); 564 X509_OBJECT_free_contents(&xobj);
527 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 565 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
528 idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt); 566 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
529 if (idx < 0) { 567 if (idx < 0) {
530 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 568 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
531 sk_X509_CRL_free(sk); 569 sk_X509_CRL_free(sk);
@@ -547,17 +585,21 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
547 return sk; 585 return sk;
548} 586}
549 587
550X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) 588X509_OBJECT *
589X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
551{ 590{
552 int idx, i; 591 int idx, i;
553 X509_OBJECT *obj; 592 X509_OBJECT *obj;
593
554 idx = sk_X509_OBJECT_find(h, x); 594 idx = sk_X509_OBJECT_find(h, x);
555 if (idx == -1) return NULL; 595 if (idx == -1)
596 return NULL;
556 if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) 597 if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
557 return sk_X509_OBJECT_value(h, idx); 598 return sk_X509_OBJECT_value(h, idx);
558 for (i = idx; i < sk_X509_OBJECT_num(h); i++) { 599 for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
559 obj = sk_X509_OBJECT_value(h, i); 600 obj = sk_X509_OBJECT_value(h, i);
560 if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) 601 if (x509_object_cmp((const X509_OBJECT **)&obj,
602 (const X509_OBJECT **)&x))
561 return NULL; 603 return NULL;
562 if (x->type == X509_LU_X509) { 604 if (x->type == X509_LU_X509) {
563 if (!X509_cmp(obj->data.x509, x->data.x509)) 605 if (!X509_cmp(obj->data.x509, x->data.x509))
@@ -583,17 +625,19 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x
583 * 0 certificate not found. 625 * 0 certificate not found.
584 * -1 some other error. 626 * -1 some other error.
585 */ 627 */
586int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 628int
629X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
587{ 630{
588 X509_NAME *xn; 631 X509_NAME *xn;
589 X509_OBJECT obj, *pobj; 632 X509_OBJECT obj, *pobj;
590 int i, ok, idx, ret; 633 int i, ok, idx, ret;
591 xn=X509_get_issuer_name(x); 634 xn = X509_get_issuer_name(x);
592 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); 635 ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);
593 if (ok != X509_LU_X509) { 636 if (ok != X509_LU_X509) {
594 if (ok == X509_LU_RETRY) { 637 if (ok == X509_LU_RETRY) {
595 X509_OBJECT_free_contents(&obj); 638 X509_OBJECT_free_contents(&obj);
596 X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY); 639 X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,
640 X509_R_SHOULD_RETRY);
597 return -1; 641 return -1;
598 } else if (ok != X509_LU_FAIL) { 642 } else if (ok != X509_LU_FAIL) {
599 X509_OBJECT_free_contents(&obj); 643 X509_OBJECT_free_contents(&obj);
@@ -620,7 +664,8 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
620 /* See if we've run past the matches */ 664 /* See if we've run past the matches */
621 if (pobj->type != X509_LU_X509) 665 if (pobj->type != X509_LU_X509)
622 break; 666 break;
623 if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) 667 if (X509_NAME_cmp(xn,
668 X509_get_subject_name(pobj->data.x509)))
624 break; 669 break;
625 if (ctx->check_issued(ctx, x, pobj->data.x509)) { 670 if (ctx->check_issued(ctx, x, pobj->data.x509)) {
626 *issuer = pobj->data.x509; 671 *issuer = pobj->data.x509;
@@ -634,34 +679,40 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
634 return ret; 679 return ret;
635} 680}
636 681
637int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) 682int
683X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
638{ 684{
639 return X509_VERIFY_PARAM_set_flags(ctx->param, flags); 685 return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
640} 686}
641 687
642int X509_STORE_set_depth(X509_STORE *ctx, int depth) 688int
689X509_STORE_set_depth(X509_STORE *ctx, int depth)
643{ 690{
644 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 691 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
645 return 1; 692 return 1;
646} 693}
647 694
648int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) 695int
696X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
649{ 697{
650 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); 698 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
651} 699}
652 700
653int X509_STORE_set_trust(X509_STORE *ctx, int trust) 701int
702X509_STORE_set_trust(X509_STORE *ctx, int trust)
654{ 703{
655 return X509_VERIFY_PARAM_set_trust(ctx->param, trust); 704 return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
656} 705}
657 706
658int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) 707int
708X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
659{ 709{
660 return X509_VERIFY_PARAM_set1(ctx->param, param); 710 return X509_VERIFY_PARAM_set1(ctx->param, param);
661} 711}
662 712
663void X509_STORE_set_verify_cb(X509_STORE *ctx, 713void
664 int (*verify_cb)(int, X509_STORE_CTX *)) 714X509_STORE_set_verify_cb(X509_STORE *ctx,
715 int (*verify_cb)(int, X509_STORE_CTX *))
665{ 716{
666 ctx->verify_cb = verify_cb; 717 ctx->verify_cb = verify_cb;
667} 718}
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
index d0c02f833e..a50b05bb7a 100644
--- a/src/lib/libcrypto/x509/x509_obj.c
+++ b/src/lib/libcrypto/x509/x509_obj.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,105 +63,115 @@
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64#include <openssl/buffer.h> 64#include <openssl/buffer.h>
65 65
66char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) 66char *
67X509_NAME_oneline(X509_NAME *a, char *buf, int len)
67{ 68{
68 X509_NAME_ENTRY *ne; 69 X509_NAME_ENTRY *ne;
69int i; 70 int i;
70 int n,lold,l,l1,l2,num,j,type; 71 int n, lold, l,l1, l2, num, j, type;
71 const char *s; 72 const char *s;
72 char *p; 73 char *p;
73 unsigned char *q; 74 unsigned char *q;
74 BUF_MEM *b=NULL; 75 BUF_MEM *b = NULL;
75 static const char hex[17]="0123456789ABCDEF"; 76 static const char hex[17] = "0123456789ABCDEF";
76 int gs_doit[4]; 77 int gs_doit[4];
77 char tmp_buf[80]; 78 char tmp_buf[80];
78 79
79 if (buf == NULL) { 80 if (buf == NULL) {
80 if ((b=BUF_MEM_new()) == NULL) goto err; 81 if ((b = BUF_MEM_new()) == NULL)
81 if (!BUF_MEM_grow(b,200)) goto err; 82 goto err;
82 b->data[0]='\0'; 83 if (!BUF_MEM_grow(b, 200))
83 len=200; 84 goto err;
85 b->data[0] = '\0';
86 len = 200;
84 } 87 }
85 if (a == NULL) { 88 if (a == NULL) {
86 if(b) { 89 if (b) {
87 buf=b->data; 90 buf = b->data;
88 free(b); 91 free(b);
89 } 92 }
90 strlcpy(buf,"NO X509_NAME",len); 93 strlcpy(buf, "NO X509_NAME", len);
91 return buf; 94 return buf;
92 } 95 }
93 96
94 len--; /* space for '\0' */ 97 len--; /* space for '\0' */
95 l=0; 98 l = 0;
96 for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++) { 99 for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
97 ne=sk_X509_NAME_ENTRY_value(a->entries,i); 100 ne = sk_X509_NAME_ENTRY_value(a->entries, i);
98 n=OBJ_obj2nid(ne->object); 101 n = OBJ_obj2nid(ne->object);
99 if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) { 102 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
100 i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object); 103 i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
101 s=tmp_buf; 104 s = tmp_buf;
102 } 105 }
103 l1=strlen(s); 106 l1 = strlen(s);
104 107
105 type=ne->value->type; 108 type = ne->value->type;
106 num=ne->value->length; 109 num = ne->value->length;
107 q=ne->value->data; 110 q = ne->value->data;
108 if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0)) { 111 if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
109 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0; 112 gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
110 for (j=0; j<num; j++) 113 for (j = 0; j < num; j++)
111 if (q[j] != 0) gs_doit[j&3]=1; 114 if (q[j] != 0)
115 gs_doit[j & 3] = 1;
112 116
113 if (gs_doit[0]|gs_doit[1]|gs_doit[2]) 117 if (gs_doit[0]|gs_doit[1]|gs_doit[2])
114 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1; 118 gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
115 else { 119 else {
116 gs_doit[0]=gs_doit[1]=gs_doit[2]=0; 120 gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
117 gs_doit[3]=1; 121 gs_doit[3] = 1;
118 } 122 }
119 } else 123 } else
120 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1; 124 gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
121 125
122 for (l2=j=0; j<num; j++) { 126 for (l2 = j=0; j < num; j++) {
123 if (!gs_doit[j&3]) continue; 127 if (!gs_doit[j&3])
128 continue;
124 l2++; 129 l2++;
125 if ((q[j] < ' ') || (q[j] > '~')) l2+=3; 130 if ((q[j] < ' ') || (q[j] > '~'))
131 l2 += 3;
126 } 132 }
127 133
128 lold=l; 134 lold = l;
129 l+=1+l1+1+l2; 135 l += 1 + l1 + 1 + l2;
130 if (b != NULL) { 136 if (b != NULL) {
131 if (!BUF_MEM_grow(b,l+1)) goto err; 137 if (!BUF_MEM_grow(b, l + 1))
132 p= &(b->data[lold]); 138 goto err;
139 p = &(b->data[lold]);
133 } else if (l > len) { 140 } else if (l > len) {
134 break; 141 break;
135 } else 142 } else
136 p= &(buf[lold]); 143 p = &(buf[lold]);
137 *(p++)='/'; 144 *(p++) = '/';
138 memcpy(p,s,(unsigned int)l1); p+=l1; 145 memcpy(p, s, (unsigned int)l1);
139 *(p++)='='; 146 p += l1;
140 q=ne->value->data; 147 *(p++) = '=';
141 for (j=0; j<num; j++) { 148 q = ne->value->data;
142 if (!gs_doit[j&3]) continue; 149 for (j = 0; j < num; j++) {
143 n=q[j]; 150 if (!gs_doit[j & 3])
151 continue;
152 n = q[j];
144 if ((n < ' ') || (n > '~')) { 153 if ((n < ' ') || (n > '~')) {
145 *(p++)='\\'; 154 *(p++) = '\\';
146 *(p++)='x'; 155 *(p++) = 'x';
147 *(p++)=hex[(n>>4)&0x0f]; 156 *(p++) = hex[(n >> 4) & 0x0f];
148 *(p++)=hex[n&0x0f]; 157 *(p++) = hex[n & 0x0f];
149 } else 158 } else
150 *(p++)=n; 159 *(p++) = n;
151 } 160 }
152 *p='\0'; 161 *p = '\0';
153 } 162 }
154 if (b != NULL) { 163 if (b != NULL) {
155 p=b->data; 164 p = b->data;
156 free(b); 165 free(b);
157 } else 166 } else
158 p=buf; 167 p = buf;
159 if (i == 0) 168 if (i == 0)
160 *p = '\0'; 169 *p = '\0';
161 return(p); 170 return (p);
171
162err: 172err:
163 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); 173 X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
164 if (b != NULL) BUF_MEM_free(b); 174 if (b != NULL)
165 return(NULL); 175 BUF_MEM_free(b);
176 return (NULL);
166} 177}
167
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
index f084447334..530a214c1d 100644
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ b/src/lib/libcrypto/x509/x509_r2x.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -65,47 +65,50 @@
65#include <openssl/objects.h> 65#include <openssl/objects.h>
66#include <openssl/buffer.h> 66#include <openssl/buffer.h>
67 67
68X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) 68X509 *
69X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
69{ 70{
70 X509 *ret=NULL; 71 X509 *ret = NULL;
71 X509_CINF *xi=NULL; 72 X509_CINF *xi = NULL;
72 X509_NAME *xn; 73 X509_NAME *xn;
73 74
74 if ((ret=X509_new()) == NULL) { 75 if ((ret = X509_new()) == NULL) {
75 X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE); 76 X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
76 goto err; 77 goto err;
77 } 78 }
78 79
79 /* duplicate the request */ 80 /* duplicate the request */
80 xi=ret->cert_info; 81 xi = ret->cert_info;
81 82
82 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) { 83 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {
83 if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err; 84 if ((xi->version = M_ASN1_INTEGER_new()) == NULL)
84 if (!ASN1_INTEGER_set(xi->version,2)) goto err; 85 goto err;
86 if (!ASN1_INTEGER_set(xi->version, 2))
87 goto err;
85/* xi->extensions=ri->attributes; <- bad, should not ever be done 88/* xi->extensions=ri->attributes; <- bad, should not ever be done
86 ri->attributes=NULL; */ 89 ri->attributes=NULL; */
87 } 90 }
88 91
89 xn=X509_REQ_get_subject_name(r); 92 xn = X509_REQ_get_subject_name(r);
90 if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0) 93 if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0)
91 goto err; 94 goto err;
92 if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0) 95 if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0)
93 goto err; 96 goto err;
94 97
95 if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL) 98 if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
96 goto err; 99 goto err;
97 if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL) 100 if (X509_gmtime_adj(xi->validity->notAfter,
101 (long)60 * 60 * 24 * days) == NULL)
98 goto err; 102 goto err;
99 103
100 X509_set_pubkey(ret,X509_REQ_get_pubkey(r)); 104 X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
101 105
102 if (!X509_sign(ret,pkey,EVP_md5())) 106 if (!X509_sign(ret, pkey, EVP_md5()))
103 goto err; 107 goto err;
104 if (0) { 108 if (0) {
105err: 109err:
106 X509_free(ret); 110 X509_free(ret);
107 ret=NULL; 111 ret = NULL;
108 } 112 }
109 return(ret); 113 return (ret);
110} 114}
111
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 12725ed7e9..ae6fbd7d14 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -67,86 +67,97 @@
67#include <openssl/buffer.h> 67#include <openssl/buffer.h>
68#include <openssl/pem.h> 68#include <openssl/pem.h>
69 69
70X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) 70X509_REQ *
71X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
71{ 72{
72 X509_REQ *ret; 73 X509_REQ *ret;
73 X509_REQ_INFO *ri; 74 X509_REQ_INFO *ri;
74 int i; 75 int i;
75 EVP_PKEY *pktmp; 76 EVP_PKEY *pktmp;
76 77
77 ret=X509_REQ_new(); 78 ret = X509_REQ_new();
78 if (ret == NULL) { 79 if (ret == NULL) {
79 X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE); 80 X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE);
80 goto err; 81 goto err;
81 } 82 }
82 83
83 ri=ret->req_info; 84 ri = ret->req_info;
84 85
85 ri->version->length=1; 86 ri->version->length = 1;
86 ri->version->data=(unsigned char *)malloc(1); 87 ri->version->data = (unsigned char *)malloc(1);
87 if (ri->version->data == NULL) goto err; 88 if (ri->version->data == NULL)
88 ri->version->data[0]=0; /* version == 0 */ 89 goto err;
90 ri->version->data[0] = 0; /* version == 0 */
89 91
90 if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x))) 92 if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
91 goto err; 93 goto err;
92 94
93 pktmp = X509_get_pubkey(x); 95 pktmp = X509_get_pubkey(x);
94 i=X509_REQ_set_pubkey(ret,pktmp); 96 i = X509_REQ_set_pubkey(ret, pktmp);
95 EVP_PKEY_free(pktmp); 97 EVP_PKEY_free(pktmp);
96 if (!i) goto err; 98 if (!i)
99 goto err;
97 100
98 if (pkey != NULL) { 101 if (pkey != NULL) {
99 if (!X509_REQ_sign(ret,pkey,md)) 102 if (!X509_REQ_sign(ret, pkey, md))
100 goto err; 103 goto err;
101 } 104 }
102 return(ret); 105 return (ret);
106
103err: 107err:
104 X509_REQ_free(ret); 108 X509_REQ_free(ret);
105 return(NULL); 109 return (NULL);
106} 110}
107 111
108EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) 112EVP_PKEY *
113X509_REQ_get_pubkey(X509_REQ *req)
109{ 114{
110 if ((req == NULL) || (req->req_info == NULL)) 115 if ((req == NULL) || (req->req_info == NULL))
111 return(NULL); 116 return (NULL);
112 return(X509_PUBKEY_get(req->req_info->pubkey)); 117 return (X509_PUBKEY_get(req->req_info->pubkey));
113} 118}
114 119
115int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) 120int
121X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
116{ 122{
117 EVP_PKEY *xk=NULL; 123 EVP_PKEY *xk = NULL;
118 int ok=0; 124 int ok = 0;
119 125
120 xk=X509_REQ_get_pubkey(x); 126 xk = X509_REQ_get_pubkey(x);
121 switch (EVP_PKEY_cmp(xk, k)) { 127 switch (EVP_PKEY_cmp(xk, k)) {
122 case 1: 128 case 1:
123 ok=1; 129 ok = 1;
124 break; 130 break;
125 case 0: 131 case 0:
126 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); 132 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
133 X509_R_KEY_VALUES_MISMATCH);
127 break; 134 break;
128 case -1: 135 case -1:
129 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); 136 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
137 X509_R_KEY_TYPE_MISMATCH);
130 break; 138 break;
131 case -2: 139 case -2:
132#ifndef OPENSSL_NO_EC 140#ifndef OPENSSL_NO_EC
133 if (k->type == EVP_PKEY_EC) { 141 if (k->type == EVP_PKEY_EC) {
134 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); 142 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
143 ERR_R_EC_LIB);
135 break; 144 break;
136 } 145 }
137#endif 146#endif
138#ifndef OPENSSL_NO_DH 147#ifndef OPENSSL_NO_DH
139 if (k->type == EVP_PKEY_DH) { 148 if (k->type == EVP_PKEY_DH) {
140 /* No idea */ 149 /* No idea */
141 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); 150 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
151 X509_R_CANT_CHECK_DH_KEY);
142 break; 152 break;
143 } 153 }
144#endif 154#endif
145 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); 155 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
156 X509_R_UNKNOWN_KEY_TYPE);
146 } 157 }
147 158
148 EVP_PKEY_free(xk); 159 EVP_PKEY_free(xk);
149 return(ok); 160 return (ok);
150} 161}
151 162
152/* It seems several organisations had the same idea of including a list of 163/* It seems several organisations had the same idea of including a list of
@@ -154,31 +165,38 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
154 * used and there may be more: so the list is configurable. 165 * used and there may be more: so the list is configurable.
155 */ 166 */
156 167
157static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef}; 168static int ext_nid_list[] = {NID_ext_req, NID_ms_ext_req, NID_undef};
158 169
159static int *ext_nids = ext_nid_list; 170static int *ext_nids = ext_nid_list;
160 171
161int X509_REQ_extension_nid(int req_nid) 172int
173X509_REQ_extension_nid(int req_nid)
162{ 174{
163 int i, nid; 175 int i, nid;
164 for(i = 0; ; i++) { 176
177 for (i = 0; ; i++) {
165 nid = ext_nids[i]; 178 nid = ext_nids[i];
166 if(nid == NID_undef) return 0; 179 if (nid == NID_undef)
167 else if (req_nid == nid) return 1; 180 return 0;
181 else if (req_nid == nid)
182 return 1;
168 } 183 }
169} 184}
170 185
171int *X509_REQ_get_extension_nids(void) 186int *
187X509_REQ_get_extension_nids(void)
172{ 188{
173 return ext_nids; 189 return ext_nids;
174} 190}
175 191
176void X509_REQ_set_extension_nids(int *nids) 192void
193X509_REQ_set_extension_nids(int *nids)
177{ 194{
178 ext_nids = nids; 195 ext_nids = nids;
179} 196}
180 197
181STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) 198STACK_OF(X509_EXTENSION) *
199X509_REQ_get_extensions(X509_REQ *req)
182{ 200{
183 X509_ATTRIBUTE *attr; 201 X509_ATTRIBUTE *attr;
184 ASN1_TYPE *ext = NULL; 202 ASN1_TYPE *ext = NULL;
@@ -186,46 +204,50 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
186 const unsigned char *p; 204 const unsigned char *p;
187 205
188 if ((req == NULL) || (req->req_info == NULL) || !ext_nids) 206 if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
189 return(NULL); 207 return (NULL);
190 for (pnid = ext_nids; *pnid != NID_undef; pnid++) { 208 for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
191 idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); 209 idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
192 if (idx == -1) 210 if (idx == -1)
193 continue; 211 continue;
194 attr = X509_REQ_get_attr(req, idx); 212 attr = X509_REQ_get_attr(req, idx);
195 if(attr->single) ext = attr->value.single; 213 if (attr->single)
196 else if(sk_ASN1_TYPE_num(attr->value.set)) 214 ext = attr->value.single;
215 else if (sk_ASN1_TYPE_num(attr->value.set))
197 ext = sk_ASN1_TYPE_value(attr->value.set, 0); 216 ext = sk_ASN1_TYPE_value(attr->value.set, 0);
198 break; 217 break;
199 } 218 }
200 if(!ext || (ext->type != V_ASN1_SEQUENCE)) 219 if (!ext || (ext->type != V_ASN1_SEQUENCE))
201 return NULL; 220 return NULL;
202 p = ext->value.sequence->data; 221 p = ext->value.sequence->data;
203 return (STACK_OF(X509_EXTENSION) *) 222 return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p,
204 ASN1_item_d2i(NULL, &p, ext->value.sequence->length, 223 ext->value.sequence->length, ASN1_ITEM_rptr(X509_EXTENSIONS));
205 ASN1_ITEM_rptr(X509_EXTENSIONS));
206} 224}
207 225
208/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs 226/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
209 * in case we want to create a non standard one. 227 * in case we want to create a non standard one.
210 */ 228 */
211 229
212int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, 230int
213 int nid) 231X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
232 int nid)
214{ 233{
215 ASN1_TYPE *at = NULL; 234 ASN1_TYPE *at = NULL;
216 X509_ATTRIBUTE *attr = NULL; 235 X509_ATTRIBUTE *attr = NULL;
217 if(!(at = ASN1_TYPE_new()) || 236
218 !(at->value.sequence = ASN1_STRING_new())) goto err; 237 if (!(at = ASN1_TYPE_new()) ||
238 !(at->value.sequence = ASN1_STRING_new()))
239 goto err;
219 240
220 at->type = V_ASN1_SEQUENCE; 241 at->type = V_ASN1_SEQUENCE;
221 /* Generate encoding of extensions */ 242 /* Generate encoding of extensions */
222 at->value.sequence->length = 243 at->value.sequence->length = ASN1_item_i2d((ASN1_VALUE *)exts,
223 ASN1_item_i2d((ASN1_VALUE *)exts, 244 &at->value.sequence->data, ASN1_ITEM_rptr(X509_EXTENSIONS));
224 &at->value.sequence->data, 245 if (!(attr = X509_ATTRIBUTE_new()))
225 ASN1_ITEM_rptr(X509_EXTENSIONS)); 246 goto err;
226 if(!(attr = X509_ATTRIBUTE_new())) goto err; 247 if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
227 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; 248 goto err;
228 if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; 249 if (!sk_ASN1_TYPE_push(attr->value.set, at))
250 goto err;
229 at = NULL; 251 at = NULL;
230 attr->single = 0; 252 attr->single = 0;
231 attr->object = OBJ_nid2obj(nid); 253 attr->object = OBJ_nid2obj(nid);
@@ -233,77 +255,89 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
233 if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) 255 if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
234 goto err; 256 goto err;
235 } 257 }
236 if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; 258 if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr))
259 goto err;
237 return 1; 260 return 1;
238 err: 261
262err:
239 X509_ATTRIBUTE_free(attr); 263 X509_ATTRIBUTE_free(attr);
240 ASN1_TYPE_free(at); 264 ASN1_TYPE_free(at);
241 return 0; 265 return 0;
242} 266}
267
243/* This is the normal usage: use the "official" OID */ 268/* This is the normal usage: use the "official" OID */
244int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) 269int
270X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
245{ 271{
246 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); 272 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
247} 273}
248 274
249/* Request attribute functions */ 275/* Request attribute functions */
250 276
251int X509_REQ_get_attr_count(const X509_REQ *req) 277int
278X509_REQ_get_attr_count(const X509_REQ *req)
252{ 279{
253 return X509at_get_attr_count(req->req_info->attributes); 280 return X509at_get_attr_count(req->req_info->attributes);
254} 281}
255 282
256int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, 283int
257 int lastpos) 284X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos)
258{ 285{
259 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); 286 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
260} 287}
261 288
262int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, 289int
263 int lastpos) 290X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, int lastpos)
264{ 291{
265 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); 292 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
266} 293}
267 294
268X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) 295X509_ATTRIBUTE *
296X509_REQ_get_attr(const X509_REQ *req, int loc)
269{ 297{
270 return X509at_get_attr(req->req_info->attributes, loc); 298 return X509at_get_attr(req->req_info->attributes, loc);
271} 299}
272 300
273X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) 301X509_ATTRIBUTE *
302X509_REQ_delete_attr(X509_REQ *req, int loc)
274{ 303{
275 return X509at_delete_attr(req->req_info->attributes, loc); 304 return X509at_delete_attr(req->req_info->attributes, loc);
276} 305}
277 306
278int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) 307int
308X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
279{ 309{
280 if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1; 310 if (X509at_add1_attr(&req->req_info->attributes, attr))
311 return 1;
281 return 0; 312 return 0;
282} 313}
283 314
284int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, 315int
285 const ASN1_OBJECT *obj, int type, 316X509_REQ_add1_attr_by_OBJ(X509_REQ *req, const ASN1_OBJECT *obj, int type,
286 const unsigned char *bytes, int len) 317 const unsigned char *bytes, int len)
287{ 318{
288 if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, 319 if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
289 type, bytes, len)) return 1; 320 type, bytes, len))
321 return 1;
290 return 0; 322 return 0;
291} 323}
292 324
293int X509_REQ_add1_attr_by_NID(X509_REQ *req, 325int
294 int nid, int type, 326X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int type,
295 const unsigned char *bytes, int len) 327 const unsigned char *bytes, int len)
296{ 328{
297 if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid, 329 if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
298 type, bytes, len)) return 1; 330 type, bytes, len))
331 return 1;
299 return 0; 332 return 0;
300} 333}
301 334
302int X509_REQ_add1_attr_by_txt(X509_REQ *req, 335int
303 const char *attrname, int type, 336X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int type,
304 const unsigned char *bytes, int len) 337 const unsigned char *bytes, int len)
305{ 338{
306 if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, 339 if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
307 type, bytes, len)) return 1; 340 type, bytes, len))
341 return 1;
308 return 0; 342 return 0;
309} 343}
diff --git a/src/lib/libssl/src/crypto/x509/x509_err.c b/src/lib/libssl/src/crypto/x509/x509_err.c
index ab5e8aaea2..4a890a180d 100644
--- a/src/lib/libssl/src/crypto/x509/x509_err.c
+++ b/src/lib/libssl/src/crypto/x509/x509_err.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -68,96 +68,94 @@
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0) 68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) 69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
70 70
71static ERR_STRING_DATA X509_str_functs[]= 71static ERR_STRING_DATA X509_str_functs[] = {
72{ 72 {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
73{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, 73 {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
74{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, 74 {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
75{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, 75 {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
76{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, 76 {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
77{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, 77 {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
78{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, 78 {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
79{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, 79 {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
80{ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, 80 {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
81{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, 81 {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
82{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"}, 82 {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
83{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"}, 83 {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
84{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"}, 84 {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
85{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, 85 {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
86{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, 86 {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
87{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, 87 {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
88{ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, 88 {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
89{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, 89 {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
90{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, 90 {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"},
91{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"}, 91 {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
92{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, 92 {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
93{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, 93 {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
94{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, 94 {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
95{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, 95 {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"},
96{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"}, 96 {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"},
97{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"}, 97 {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"},
98{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"}, 98 {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
99{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, 99 {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
100{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, 100 {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
101{ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, 101 {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
102{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, 102 {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
103{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, 103 {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"},
104{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"}, 104 {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
105{ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, 105 {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
106{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, 106 {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
107{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, 107 {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
108{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, 108 {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
109{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, 109 {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"},
110{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"}, 110 {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
111{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, 111 {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
112{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, 112 {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"},
113{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"}, 113 {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
114{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"}, 114 {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
115{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"}, 115 {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
116{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"}, 116 {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
117{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"}, 117 {0, NULL}
118{0,NULL}
119}; 118};
120 119
121static ERR_STRING_DATA X509_str_reasons[]= 120static ERR_STRING_DATA X509_str_reasons[] = {
122{ 121 {ERR_REASON(X509_R_BAD_X509_FILETYPE) , "bad x509 filetype"},
123{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"}, 122 {ERR_REASON(X509_R_BASE64_DECODE_ERROR) , "base64 decode error"},
124{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"}, 123 {ERR_REASON(X509_R_CANT_CHECK_DH_KEY) , "cant check dh key"},
125{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"}, 124 {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE), "cert already in hash table"},
126{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"}, 125 {ERR_REASON(X509_R_ERR_ASN1_LIB) , "err asn1 lib"},
127{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"}, 126 {ERR_REASON(X509_R_INVALID_DIRECTORY) , "invalid directory"},
128{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"}, 127 {ERR_REASON(X509_R_INVALID_FIELD_NAME) , "invalid field name"},
129{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"}, 128 {ERR_REASON(X509_R_INVALID_TRUST) , "invalid trust"},
130{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"}, 129 {ERR_REASON(X509_R_KEY_TYPE_MISMATCH) , "key type mismatch"},
131{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"}, 130 {ERR_REASON(X509_R_KEY_VALUES_MISMATCH) , "key values mismatch"},
132{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"}, 131 {ERR_REASON(X509_R_LOADING_CERT_DIR) , "loading cert dir"},
133{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"}, 132 {ERR_REASON(X509_R_LOADING_DEFAULTS) , "loading defaults"},
134{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"}, 133 {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) , "method not supported"},
135{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) ,"method not supported"}, 134 {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), "no cert set for us to verify"},
136{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"}, 135 {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"},
137{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR),"public key decode error"}, 136 {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"},
138{ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR),"public key encode error"}, 137 {ERR_REASON(X509_R_SHOULD_RETRY) , "should retry"},
139{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"}, 138 {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), "unable to find parameters in chain"},
140{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"}, 139 {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), "unable to get certs public key"},
141{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"}, 140 {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) , "unknown key type"},
142{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"}, 141 {ERR_REASON(X509_R_UNKNOWN_NID) , "unknown nid"},
143{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"}, 142 {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) , "unknown purpose id"},
144{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"}, 143 {ERR_REASON(X509_R_UNKNOWN_TRUST_ID) , "unknown trust id"},
145{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"}, 144 {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
146{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"}, 145 {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) , "wrong lookup type"},
147{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"}, 146 {ERR_REASON(X509_R_WRONG_TYPE) , "wrong type"},
148{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"}, 147 {0, NULL}
149{0,NULL}
150}; 148};
151 149
152#endif 150#endif
153 151
154void ERR_load_X509_strings(void) 152void
153ERR_load_X509_strings(void)
155{ 154{
156#ifndef OPENSSL_NO_ERR 155#ifndef OPENSSL_NO_ERR
157
158 if (ERR_func_error_string(X509_str_functs[0].error) == NULL) { 156 if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
159 ERR_load_strings(0,X509_str_functs); 157 ERR_load_strings(0, X509_str_functs);
160 ERR_load_strings(0,X509_str_reasons); 158 ERR_load_strings(0, X509_str_reasons);
161 } 159 }
162#endif 160#endif
163} 161}
diff --git a/src/lib/libssl/src/crypto/x509/x509_ext.c b/src/lib/libssl/src/crypto/x509/x509_ext.c
index bdc489f367..a2441c2c2c 100644
--- a/src/lib/libssl/src/crypto/x509/x509_ext.c
+++ b/src/lib/libssl/src/crypto/x509/x509_ext.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -66,142 +66,168 @@
66#include <openssl/x509v3.h> 66#include <openssl/x509v3.h>
67 67
68 68
69int X509_CRL_get_ext_count(X509_CRL *x) 69int
70X509_CRL_get_ext_count(X509_CRL *x)
70{ 71{
71 return(X509v3_get_ext_count(x->crl->extensions)); 72 return (X509v3_get_ext_count(x->crl->extensions));
72} 73}
73 74
74int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) 75int
76X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
75{ 77{
76 return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos)); 78 return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos));
77} 79}
78 80
79int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) 81int
82X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
80{ 83{
81 return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos)); 84 return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos));
82} 85}
83 86
84int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) 87int
88X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
85{ 89{
86 return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos)); 90 return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos));
87} 91}
88 92
89X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) 93X509_EXTENSION *
94X509_CRL_get_ext(X509_CRL *x, int loc)
90{ 95{
91 return(X509v3_get_ext(x->crl->extensions,loc)); 96 return (X509v3_get_ext(x->crl->extensions, loc));
92} 97}
93 98
94X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) 99X509_EXTENSION *
100X509_CRL_delete_ext(X509_CRL *x, int loc)
95{ 101{
96 return(X509v3_delete_ext(x->crl->extensions,loc)); 102 return (X509v3_delete_ext(x->crl->extensions, loc));
97} 103}
98 104
99void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) 105void *
106X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
100{ 107{
101 return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); 108 return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
102} 109}
103 110
104int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, 111int
105 unsigned long flags) 112X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
113 unsigned long flags)
106{ 114{
107 return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); 115 return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
108} 116}
109 117
110int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) 118int
119X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
111{ 120{
112 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); 121 return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL);
113} 122}
114 123
115int X509_get_ext_count(X509 *x) 124int
125X509_get_ext_count(X509 *x)
116{ 126{
117 return(X509v3_get_ext_count(x->cert_info->extensions)); 127 return (X509v3_get_ext_count(x->cert_info->extensions));
118} 128}
119 129
120int X509_get_ext_by_NID(X509 *x, int nid, int lastpos) 130int
131X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
121{ 132{
122 return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos)); 133 return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos));
123} 134}
124 135
125int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) 136int
137X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
126{ 138{
127 return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos)); 139 return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos));
128} 140}
129 141
130int X509_get_ext_by_critical(X509 *x, int crit, int lastpos) 142int
143X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
131{ 144{
132 return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos)); 145 return (X509v3_get_ext_by_critical(x->cert_info->extensions, crit,
146 lastpos));
133} 147}
134 148
135X509_EXTENSION *X509_get_ext(X509 *x, int loc) 149X509_EXTENSION *
150X509_get_ext(X509 *x, int loc)
136{ 151{
137 return(X509v3_get_ext(x->cert_info->extensions,loc)); 152 return (X509v3_get_ext(x->cert_info->extensions, loc));
138} 153}
139 154
140X509_EXTENSION *X509_delete_ext(X509 *x, int loc) 155X509_EXTENSION *
156X509_delete_ext(X509 *x, int loc)
141{ 157{
142 return(X509v3_delete_ext(x->cert_info->extensions,loc)); 158 return (X509v3_delete_ext(x->cert_info->extensions, loc));
143} 159}
144 160
145int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) 161int
162X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
146{ 163{
147 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); 164 return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL);
148} 165}
149 166
150void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) 167void *
168X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
151{ 169{
152 return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); 170 return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
153} 171}
154 172
155int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, 173int
156 unsigned long flags) 174X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags)
157{ 175{
158 return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit, 176 return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
159 flags); 177 flags);
160} 178}
161 179
162int X509_REVOKED_get_ext_count(X509_REVOKED *x) 180int
181X509_REVOKED_get_ext_count(X509_REVOKED *x)
163{ 182{
164 return(X509v3_get_ext_count(x->extensions)); 183 return (X509v3_get_ext_count(x->extensions));
165} 184}
166 185
167int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) 186int
187X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
168{ 188{
169 return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos)); 189 return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos));
170} 190}
171 191
172int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, 192int
173 int lastpos) 193X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, int lastpos)
174{ 194{
175 return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos)); 195 return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos));
176} 196}
177 197
178int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) 198int
199X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
179{ 200{
180 return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos)); 201 return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos));
181} 202}
182 203
183X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc) 204X509_EXTENSION *
205X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
184{ 206{
185 return(X509v3_get_ext(x->extensions,loc)); 207 return (X509v3_get_ext(x->extensions, loc));
186} 208}
187 209
188X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) 210X509_EXTENSION *
211X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
189{ 212{
190 return(X509v3_delete_ext(x->extensions,loc)); 213 return (X509v3_delete_ext(x->extensions, loc));
191} 214}
192 215
193int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) 216int
217X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
194{ 218{
195 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); 219 return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
196} 220}
197 221
198void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) 222void *
223X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
199{ 224{
200 return X509V3_get_d2i(x->extensions, nid, crit, idx); 225 return X509V3_get_d2i(x->extensions, nid, crit, idx);
201} 226}
202 227
203int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, 228int
204 unsigned long flags) 229X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
230 unsigned long flags)
205{ 231{
206 return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); 232 return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
207} 233}
diff --git a/src/lib/libssl/src/crypto/x509/x509_lu.c b/src/lib/libssl/src/crypto/x509/x509_lu.c
index a89cd70313..aec1121ffb 100644
--- a/src/lib/libssl/src/crypto/x509/x509_lu.c
+++ b/src/lib/libssl/src/crypto/x509/x509_lu.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -62,18 +62,20 @@
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include <openssl/x509v3.h> 63#include <openssl/x509v3.h>
64 64
65X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) 65X509_LOOKUP *
66X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
66{ 67{
67 X509_LOOKUP *ret; 68 X509_LOOKUP *ret;
68 69
69 ret=(X509_LOOKUP *)malloc(sizeof(X509_LOOKUP)); 70 ret = (X509_LOOKUP *)malloc(sizeof(X509_LOOKUP));
70 if (ret == NULL) return NULL; 71 if (ret == NULL)
72 return NULL;
71 73
72 ret->init=0; 74 ret->init = 0;
73 ret->skip=0; 75 ret->skip = 0;
74 ret->method=method; 76 ret->method = method;
75 ret->method_data=NULL; 77 ret->method_data = NULL;
76 ret->store_ctx=NULL; 78 ret->store_ctx = NULL;
77 if ((method->new_item != NULL) && !method->new_item(ret)) { 79 if ((method->new_item != NULL) && !method->new_item(ret)) {
78 free(ret); 80 free(ret);
79 return NULL; 81 return NULL;
@@ -81,91 +83,104 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
81 return ret; 83 return ret;
82} 84}
83 85
84void X509_LOOKUP_free(X509_LOOKUP *ctx) 86void
87X509_LOOKUP_free(X509_LOOKUP *ctx)
85{ 88{
86 if (ctx == NULL) return; 89 if (ctx == NULL)
87 if ( (ctx->method != NULL) && 90 return;
88 (ctx->method->free != NULL)) 91 if ((ctx->method != NULL) && (ctx->method->free != NULL))
89 (*ctx->method->free)(ctx); 92 (*ctx->method->free)(ctx);
90 free(ctx); 93 free(ctx);
91} 94}
92 95
93int X509_LOOKUP_init(X509_LOOKUP *ctx) 96int
97X509_LOOKUP_init(X509_LOOKUP *ctx)
94{ 98{
95 if (ctx->method == NULL) return 0; 99 if (ctx->method == NULL)
100 return 0;
96 if (ctx->method->init != NULL) 101 if (ctx->method->init != NULL)
97 return ctx->method->init(ctx); 102 return ctx->method->init(ctx);
98 else 103 else
99 return 1; 104 return 1;
100} 105}
101 106
102int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) 107int
108X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
103{ 109{
104 if (ctx->method == NULL) return 0; 110 if (ctx->method == NULL)
111 return 0;
105 if (ctx->method->shutdown != NULL) 112 if (ctx->method->shutdown != NULL)
106 return ctx->method->shutdown(ctx); 113 return ctx->method->shutdown(ctx);
107 else 114 else
108 return 1; 115 return 1;
109} 116}
110 117
111int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, 118int
112 char **ret) 119X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
120 char **ret)
113{ 121{
114 if (ctx->method == NULL) return -1; 122 if (ctx->method == NULL)
123 return -1;
115 if (ctx->method->ctrl != NULL) 124 if (ctx->method->ctrl != NULL)
116 return ctx->method->ctrl(ctx,cmd,argc,argl,ret); 125 return ctx->method->ctrl(ctx, cmd, argc, argl, ret);
117 else 126 else
118 return 1; 127 return 1;
119} 128}
120 129
121int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, 130int
122 X509_OBJECT *ret) 131X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
123 { 132 X509_OBJECT *ret)
133{
124 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) 134 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
125 return X509_LU_FAIL; 135 return X509_LU_FAIL;
126 if (ctx->skip) return 0; 136 if (ctx->skip)
127 return ctx->method->get_by_subject(ctx,type,name,ret); 137 return 0;
138 return ctx->method->get_by_subject(ctx, type, name, ret);
128} 139}
129 140
130int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, 141int
131 ASN1_INTEGER *serial, X509_OBJECT *ret) 142X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
143 ASN1_INTEGER *serial, X509_OBJECT *ret)
132{ 144{
133 if ((ctx->method == NULL) || 145 if ((ctx->method == NULL) ||
134 (ctx->method->get_by_issuer_serial == NULL)) 146 (ctx->method->get_by_issuer_serial == NULL))
135 return X509_LU_FAIL; 147 return X509_LU_FAIL;
136 return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret); 148 return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
137} 149}
138 150
139int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, 151int
140 unsigned char *bytes, int len, X509_OBJECT *ret) 152X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, unsigned char *bytes,
153 int len, X509_OBJECT *ret)
141{ 154{
142 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) 155 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
143 return X509_LU_FAIL; 156 return X509_LU_FAIL;
144 return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret); 157 return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
145} 158}
146 159
147int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, 160int
148 X509_OBJECT *ret) 161X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
162 X509_OBJECT *ret)
149{ 163{
150 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) 164 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
151 return X509_LU_FAIL; 165 return X509_LU_FAIL;
152 return ctx->method->get_by_alias(ctx,type,str,len,ret); 166 return ctx->method->get_by_alias(ctx, type, str, len, ret);
153} 167}
154 168
155 169static int
156static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) 170x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
157 { 171{
158 int ret; 172 int ret;
159 173
160 ret=((*a)->type - (*b)->type); 174 ret = ((*a)->type - (*b)->type);
161 if (ret) return ret; 175 if (ret)
162 switch ((*a)->type) { 176 return ret;
163 case X509_LU_X509: 177 switch ((*a)->type) {
164 ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); 178 case X509_LU_X509:
165 break; 179 ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);
166 case X509_LU_CRL: 180 break;
167 ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl); 181 case X509_LU_CRL:
168 break; 182 ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
183 break;
169 default: 184 default:
170 /* abort(); */ 185 /* abort(); */
171 return 0; 186 return 0;
@@ -173,23 +188,24 @@ static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * con
173 return ret; 188 return ret;
174} 189}
175 190
176X509_STORE *X509_STORE_new(void) 191X509_STORE *
192X509_STORE_new(void)
177{ 193{
178 X509_STORE *ret; 194 X509_STORE *ret;
179 195
180 if ((ret=(X509_STORE *)malloc(sizeof(X509_STORE))) == NULL) 196 if ((ret = (X509_STORE *)malloc(sizeof(X509_STORE))) == NULL)
181 return NULL; 197 return NULL;
182 ret->objs = sk_X509_OBJECT_new(x509_object_cmp); 198 ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
183 ret->cache=1; 199 ret->cache = 1;
184 ret->get_cert_methods=sk_X509_LOOKUP_new_null(); 200 ret->get_cert_methods = sk_X509_LOOKUP_new_null();
185 ret->verify=0; 201 ret->verify = 0;
186 ret->verify_cb=0; 202 ret->verify_cb = 0;
187 203
188 if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) { 204 if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) {
189 sk_X509_OBJECT_free(ret->objs); 205 sk_X509_OBJECT_free(ret->objs);
190 free(ret); 206 free(ret);
191 return NULL; 207 return NULL;
192} 208 }
193 209
194 ret->get_issuer = 0; 210 ret->get_issuer = 0;
195 ret->check_issued = 0; 211 ret->check_issued = 0;
@@ -201,17 +217,19 @@ X509_STORE *X509_STORE_new(void)
201 ret->lookup_crls = 0; 217 ret->lookup_crls = 0;
202 ret->cleanup = 0; 218 ret->cleanup = 0;
203 219
204 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { 220 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE,
221 ret, &ret->ex_data)) {
205 sk_X509_OBJECT_free(ret->objs); 222 sk_X509_OBJECT_free(ret->objs);
206 free(ret); 223 free(ret);
207 return NULL; 224 return NULL;
208 } 225 }
209 226
210 ret->references=1; 227 ret->references = 1;
211 return ret; 228 return ret;
212} 229}
213 230
214static void cleanup(X509_OBJECT *a) 231static void
232cleanup(X509_OBJECT *a)
215{ 233{
216 if (a->type == X509_LU_X509) { 234 if (a->type == X509_LU_X509) {
217 X509_free(a->data.x509); 235 X509_free(a->data.x509);
@@ -224,18 +242,19 @@ static void cleanup(X509_OBJECT *a)
224 free(a); 242 free(a);
225} 243}
226 244
227void X509_STORE_free(X509_STORE *vfy) 245void
246X509_STORE_free(X509_STORE *vfy)
228{ 247{
229 int i; 248 int i;
230 STACK_OF(X509_LOOKUP) *sk; 249 STACK_OF(X509_LOOKUP) *sk;
231 X509_LOOKUP *lu; 250 X509_LOOKUP *lu;
232 251
233 if (vfy == NULL) 252 if (vfy == NULL)
234 return; 253 return;
235 254
236 sk=vfy->get_cert_methods; 255 sk = vfy->get_cert_methods;
237 for (i=0; i<sk_X509_LOOKUP_num(sk); i++) { 256 for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
238 lu=sk_X509_LOOKUP_value(sk,i); 257 lu = sk_X509_LOOKUP_value(sk, i);
239 X509_LOOKUP_shutdown(lu); 258 X509_LOOKUP_shutdown(lu);
240 X509_LOOKUP_free(lu); 259 X509_LOOKUP_free(lu);
241 } 260 }
@@ -248,26 +267,27 @@ void X509_STORE_free(X509_STORE *vfy)
248 free(vfy); 267 free(vfy);
249} 268}
250 269
251X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) 270X509_LOOKUP *
271X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
252{ 272{
253 int i; 273 int i;
254 STACK_OF(X509_LOOKUP) *sk; 274 STACK_OF(X509_LOOKUP) *sk;
255 X509_LOOKUP *lu; 275 X509_LOOKUP *lu;
256 276
257 sk=v->get_cert_methods; 277 sk = v->get_cert_methods;
258 for (i=0; i<sk_X509_LOOKUP_num(sk); i++) { 278 for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
259 lu=sk_X509_LOOKUP_value(sk,i); 279 lu = sk_X509_LOOKUP_value(sk, i);
260 if (m == lu->method) { 280 if (m == lu->method) {
261 return lu; 281 return lu;
262 } 282 }
263 } 283 }
264 /* a new one */ 284 /* a new one */
265 lu=X509_LOOKUP_new(m); 285 lu = X509_LOOKUP_new(m);
266 if (lu == NULL) 286 if (lu == NULL)
267 return NULL; 287 return NULL;
268 else { 288 else {
269 lu->store_ctx=v; 289 lu->store_ctx = v;
270 if (sk_X509_LOOKUP_push(v->get_cert_methods,lu)) 290 if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
271 return lu; 291 return lu;
272 else { 292 else {
273 X509_LOOKUP_free(lu); 293 X509_LOOKUP_free(lu);
@@ -276,31 +296,33 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
276 } 296 }
277} 297}
278 298
279int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, 299int
280 X509_OBJECT *ret) 300X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
301 X509_OBJECT *ret)
281{ 302{
282 X509_STORE *ctx=vs->ctx; 303 X509_STORE *ctx = vs->ctx;
283 X509_LOOKUP *lu; 304 X509_LOOKUP *lu;
284 X509_OBJECT stmp,*tmp; 305 X509_OBJECT stmp, *tmp;
285 int i,j; 306 int i, j;
286 307
287 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 308 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
288 tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); 309 tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
289 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 310 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
290 311
291 if (tmp == NULL || type == X509_LU_CRL) { 312 if (tmp == NULL || type == X509_LU_CRL) {
292 for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { 313 for (i = vs->current_method;
293 lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i); 314 i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
294 j=X509_LOOKUP_by_subject(lu,type,name,&stmp); 315 lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
316 j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
295 if (j < 0) { 317 if (j < 0) {
296 vs->current_method=j; 318 vs->current_method = j;
297 return j; 319 return j;
298 } else if (j) { 320 } else if (j) {
299 tmp= &stmp; 321 tmp = &stmp;
300 break; 322 break;
301 } 323 }
302 } 324 }
303 vs->current_method=0; 325 vs->current_method = 0;
304 if (tmp == NULL) 326 if (tmp == NULL)
305 return 0; 327 return 0;
306 } 328 }
@@ -308,27 +330,29 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
308/* if (ret->data.ptr != NULL) 330/* if (ret->data.ptr != NULL)
309 X509_OBJECT_free_contents(ret); */ 331 X509_OBJECT_free_contents(ret); */
310 332
311 ret->type=tmp->type; 333 ret->type = tmp->type;
312 ret->data.ptr=tmp->data.ptr; 334 ret->data.ptr = tmp->data.ptr;
313 335
314 X509_OBJECT_up_ref_count(ret); 336 X509_OBJECT_up_ref_count(ret);
315 337
316 return 1; 338 return 1;
317} 339}
318 340
319int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) 341int
342X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
320{ 343{
321 X509_OBJECT *obj; 344 X509_OBJECT *obj;
322 int ret=1; 345 int ret = 1;
323 346
324 if (x == NULL) return 0; 347 if (x == NULL)
325 obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT)); 348 return 0;
349 obj = (X509_OBJECT *)malloc(sizeof(X509_OBJECT));
326 if (obj == NULL) { 350 if (obj == NULL) {
327 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); 351 X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
328 return 0; 352 return 0;
329 } 353 }
330 obj->type=X509_LU_X509; 354 obj->type = X509_LU_X509;
331 obj->data.x509=x; 355 obj->data.x509 = x;
332 356
333 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 357 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
334 358
@@ -337,29 +361,32 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
337 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { 361 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
338 X509_OBJECT_free_contents(obj); 362 X509_OBJECT_free_contents(obj);
339 free(obj); 363 free(obj);
340 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); 364 X509err(X509_F_X509_STORE_ADD_CERT,
341 ret=0; 365 X509_R_CERT_ALREADY_IN_HASH_TABLE);
342 } 366 ret = 0;
343 else sk_X509_OBJECT_push(ctx->objs, obj); 367 } else
368 sk_X509_OBJECT_push(ctx->objs, obj);
344 369
345 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 370 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
346 371
347 return ret; 372 return ret;
348} 373}
349 374
350int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) 375int
376X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
351{ 377{
352 X509_OBJECT *obj; 378 X509_OBJECT *obj;
353 int ret=1; 379 int ret = 1;
354 380
355 if (x == NULL) return 0; 381 if (x == NULL)
356 obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT)); 382 return 0;
383 obj = (X509_OBJECT *)malloc(sizeof(X509_OBJECT));
357 if (obj == NULL) { 384 if (obj == NULL) {
358 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); 385 X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
359 return 0; 386 return 0;
360 } 387 }
361 obj->type=X509_LU_CRL; 388 obj->type = X509_LU_CRL;
362 obj->data.crl=x; 389 obj->data.crl = x;
363 390
364 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 391 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
365 392
@@ -368,8 +395,9 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
368 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { 395 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
369 X509_OBJECT_free_contents(obj); 396 X509_OBJECT_free_contents(obj);
370 free(obj); 397 free(obj);
371 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); 398 X509err(X509_F_X509_STORE_ADD_CRL,
372 ret=0; 399 X509_R_CERT_ALREADY_IN_HASH_TABLE);
400 ret = 0;
373 } else 401 } else
374 sk_X509_OBJECT_push(ctx->objs, obj); 402 sk_X509_OBJECT_push(ctx->objs, obj);
375 403
@@ -378,19 +406,21 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
378 return ret; 406 return ret;
379} 407}
380 408
381void X509_OBJECT_up_ref_count(X509_OBJECT *a) 409void
410X509_OBJECT_up_ref_count(X509_OBJECT *a)
382{ 411{
383 switch (a->type) { 412 switch (a->type) {
384 case X509_LU_X509: 413 case X509_LU_X509:
385 CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509); 414 CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509);
386 break; 415 break;
387 case X509_LU_CRL: 416 case X509_LU_CRL:
388 CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL); 417 CRYPTO_add(&a->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
389 break; 418 break;
390 } 419 }
391} 420}
392 421
393void X509_OBJECT_free_contents(X509_OBJECT *a) 422void
423X509_OBJECT_free_contents(X509_OBJECT *a)
394{ 424{
395 switch (a->type) { 425 switch (a->type) {
396 case X509_LU_X509: 426 case X509_LU_X509:
@@ -402,8 +432,9 @@ void X509_OBJECT_free_contents(X509_OBJECT *a)
402 } 432 }
403} 433}
404 434
405static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, 435static int
406 X509_NAME *name, int *pnmatch) 436x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name,
437 int *pnmatch)
407{ 438{
408 X509_OBJECT stmp; 439 X509_OBJECT stmp;
409 X509 x509_s; 440 X509 x509_s;
@@ -412,24 +443,24 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
412 X509_CRL_INFO crl_info_s; 443 X509_CRL_INFO crl_info_s;
413 int idx; 444 int idx;
414 445
415 stmp.type=type; 446 stmp.type = type;
416 switch (type) { 447 switch (type) {
417 case X509_LU_X509: 448 case X509_LU_X509:
418 stmp.data.x509= &x509_s; 449 stmp.data.x509 = &x509_s;
419 x509_s.cert_info= &cinf_s; 450 x509_s.cert_info = &cinf_s;
420 cinf_s.subject=name; 451 cinf_s.subject = name;
421 break; 452 break;
422 case X509_LU_CRL: 453 case X509_LU_CRL:
423 stmp.data.crl= &crl_s; 454 stmp.data.crl = &crl_s;
424 crl_s.crl= &crl_info_s; 455 crl_s.crl = &crl_info_s;
425 crl_info_s.issuer=name; 456 crl_info_s.issuer = name;
426 break; 457 break;
427 default: 458 default:
428 /* abort(); */ 459 /* abort(); */
429 return -1; 460 return -1;
430 } 461 }
431 462
432 idx = sk_X509_OBJECT_find(h,&stmp); 463 idx = sk_X509_OBJECT_find(h, &stmp);
433 if (idx >= 0 && pnmatch) { 464 if (idx >= 0 && pnmatch) {
434 int tidx; 465 int tidx;
435 const X509_OBJECT *tobj, *pstmp; 466 const X509_OBJECT *tobj, *pstmp;
@@ -445,28 +476,32 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
445 return idx; 476 return idx;
446} 477}
447 478
448 479int
449int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, 480X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name)
450 X509_NAME *name)
451{ 481{
452 return x509_object_idx_cnt(h, type, name, NULL); 482 return x509_object_idx_cnt(h, type, name, NULL);
453} 483}
454 484
455X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, 485X509_OBJECT *
456 X509_NAME *name) 486X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
487 X509_NAME *name)
457{ 488{
458 int idx; 489 int idx;
490
459 idx = X509_OBJECT_idx_by_subject(h, type, name); 491 idx = X509_OBJECT_idx_by_subject(h, type, name);
460 if (idx==-1) return NULL; 492 if (idx == -1)
493 return NULL;
461 return sk_X509_OBJECT_value(h, idx); 494 return sk_X509_OBJECT_value(h, idx);
462} 495}
463 496
464STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) 497STACK_OF(X509) *
498X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
465{ 499{
466 int i, idx, cnt; 500 int i, idx, cnt;
467 STACK_OF(X509) *sk; 501 STACK_OF(X509) *sk;
468 X509 *x; 502 X509 *x;
469 X509_OBJECT *obj; 503 X509_OBJECT *obj;
504
470 sk = sk_X509_new_null(); 505 sk = sk_X509_new_null();
471 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 506 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
472 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); 507 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
@@ -482,7 +517,8 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
482 } 517 }
483 X509_OBJECT_free_contents(&xobj); 518 X509_OBJECT_free_contents(&xobj);
484 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 519 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
485 idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt); 520 idx = x509_object_idx_cnt(ctx->ctx->objs,
521 X509_LU_X509, nm, &cnt);
486 if (idx < 0) { 522 if (idx < 0) {
487 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 523 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
488 sk_X509_free(sk); 524 sk_X509_free(sk);
@@ -505,12 +541,14 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
505 541
506} 542}
507 543
508STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) 544STACK_OF(X509_CRL) *
545X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
509{ 546{
510 int i, idx, cnt; 547 int i, idx, cnt;
511 STACK_OF(X509_CRL) *sk; 548 STACK_OF(X509_CRL) *sk;
512 X509_CRL *x; 549 X509_CRL *x;
513 X509_OBJECT *obj, xobj; 550 X509_OBJECT *obj, xobj;
551
514 sk = sk_X509_CRL_new_null(); 552 sk = sk_X509_CRL_new_null();
515 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 553 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
516 /* Check cache first */ 554 /* Check cache first */
@@ -525,7 +563,7 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
525 } 563 }
526 X509_OBJECT_free_contents(&xobj); 564 X509_OBJECT_free_contents(&xobj);
527 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 565 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
528 idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt); 566 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
529 if (idx < 0) { 567 if (idx < 0) {
530 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 568 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
531 sk_X509_CRL_free(sk); 569 sk_X509_CRL_free(sk);
@@ -547,17 +585,21 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
547 return sk; 585 return sk;
548} 586}
549 587
550X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) 588X509_OBJECT *
589X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
551{ 590{
552 int idx, i; 591 int idx, i;
553 X509_OBJECT *obj; 592 X509_OBJECT *obj;
593
554 idx = sk_X509_OBJECT_find(h, x); 594 idx = sk_X509_OBJECT_find(h, x);
555 if (idx == -1) return NULL; 595 if (idx == -1)
596 return NULL;
556 if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) 597 if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
557 return sk_X509_OBJECT_value(h, idx); 598 return sk_X509_OBJECT_value(h, idx);
558 for (i = idx; i < sk_X509_OBJECT_num(h); i++) { 599 for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
559 obj = sk_X509_OBJECT_value(h, i); 600 obj = sk_X509_OBJECT_value(h, i);
560 if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) 601 if (x509_object_cmp((const X509_OBJECT **)&obj,
602 (const X509_OBJECT **)&x))
561 return NULL; 603 return NULL;
562 if (x->type == X509_LU_X509) { 604 if (x->type == X509_LU_X509) {
563 if (!X509_cmp(obj->data.x509, x->data.x509)) 605 if (!X509_cmp(obj->data.x509, x->data.x509))
@@ -583,17 +625,19 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x
583 * 0 certificate not found. 625 * 0 certificate not found.
584 * -1 some other error. 626 * -1 some other error.
585 */ 627 */
586int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 628int
629X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
587{ 630{
588 X509_NAME *xn; 631 X509_NAME *xn;
589 X509_OBJECT obj, *pobj; 632 X509_OBJECT obj, *pobj;
590 int i, ok, idx, ret; 633 int i, ok, idx, ret;
591 xn=X509_get_issuer_name(x); 634 xn = X509_get_issuer_name(x);
592 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); 635 ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);
593 if (ok != X509_LU_X509) { 636 if (ok != X509_LU_X509) {
594 if (ok == X509_LU_RETRY) { 637 if (ok == X509_LU_RETRY) {
595 X509_OBJECT_free_contents(&obj); 638 X509_OBJECT_free_contents(&obj);
596 X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY); 639 X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,
640 X509_R_SHOULD_RETRY);
597 return -1; 641 return -1;
598 } else if (ok != X509_LU_FAIL) { 642 } else if (ok != X509_LU_FAIL) {
599 X509_OBJECT_free_contents(&obj); 643 X509_OBJECT_free_contents(&obj);
@@ -620,7 +664,8 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
620 /* See if we've run past the matches */ 664 /* See if we've run past the matches */
621 if (pobj->type != X509_LU_X509) 665 if (pobj->type != X509_LU_X509)
622 break; 666 break;
623 if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) 667 if (X509_NAME_cmp(xn,
668 X509_get_subject_name(pobj->data.x509)))
624 break; 669 break;
625 if (ctx->check_issued(ctx, x, pobj->data.x509)) { 670 if (ctx->check_issued(ctx, x, pobj->data.x509)) {
626 *issuer = pobj->data.x509; 671 *issuer = pobj->data.x509;
@@ -634,34 +679,40 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
634 return ret; 679 return ret;
635} 680}
636 681
637int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) 682int
683X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
638{ 684{
639 return X509_VERIFY_PARAM_set_flags(ctx->param, flags); 685 return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
640} 686}
641 687
642int X509_STORE_set_depth(X509_STORE *ctx, int depth) 688int
689X509_STORE_set_depth(X509_STORE *ctx, int depth)
643{ 690{
644 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 691 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
645 return 1; 692 return 1;
646} 693}
647 694
648int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) 695int
696X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
649{ 697{
650 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); 698 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
651} 699}
652 700
653int X509_STORE_set_trust(X509_STORE *ctx, int trust) 701int
702X509_STORE_set_trust(X509_STORE *ctx, int trust)
654{ 703{
655 return X509_VERIFY_PARAM_set_trust(ctx->param, trust); 704 return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
656} 705}
657 706
658int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) 707int
708X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
659{ 709{
660 return X509_VERIFY_PARAM_set1(ctx->param, param); 710 return X509_VERIFY_PARAM_set1(ctx->param, param);
661} 711}
662 712
663void X509_STORE_set_verify_cb(X509_STORE *ctx, 713void
664 int (*verify_cb)(int, X509_STORE_CTX *)) 714X509_STORE_set_verify_cb(X509_STORE *ctx,
715 int (*verify_cb)(int, X509_STORE_CTX *))
665{ 716{
666 ctx->verify_cb = verify_cb; 717 ctx->verify_cb = verify_cb;
667} 718}
diff --git a/src/lib/libssl/src/crypto/x509/x509_obj.c b/src/lib/libssl/src/crypto/x509/x509_obj.c
index d0c02f833e..a50b05bb7a 100644
--- a/src/lib/libssl/src/crypto/x509/x509_obj.c
+++ b/src/lib/libssl/src/crypto/x509/x509_obj.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,105 +63,115 @@
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64#include <openssl/buffer.h> 64#include <openssl/buffer.h>
65 65
66char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) 66char *
67X509_NAME_oneline(X509_NAME *a, char *buf, int len)
67{ 68{
68 X509_NAME_ENTRY *ne; 69 X509_NAME_ENTRY *ne;
69int i; 70 int i;
70 int n,lold,l,l1,l2,num,j,type; 71 int n, lold, l,l1, l2, num, j, type;
71 const char *s; 72 const char *s;
72 char *p; 73 char *p;
73 unsigned char *q; 74 unsigned char *q;
74 BUF_MEM *b=NULL; 75 BUF_MEM *b = NULL;
75 static const char hex[17]="0123456789ABCDEF"; 76 static const char hex[17] = "0123456789ABCDEF";
76 int gs_doit[4]; 77 int gs_doit[4];
77 char tmp_buf[80]; 78 char tmp_buf[80];
78 79
79 if (buf == NULL) { 80 if (buf == NULL) {
80 if ((b=BUF_MEM_new()) == NULL) goto err; 81 if ((b = BUF_MEM_new()) == NULL)
81 if (!BUF_MEM_grow(b,200)) goto err; 82 goto err;
82 b->data[0]='\0'; 83 if (!BUF_MEM_grow(b, 200))
83 len=200; 84 goto err;
85 b->data[0] = '\0';
86 len = 200;
84 } 87 }
85 if (a == NULL) { 88 if (a == NULL) {
86 if(b) { 89 if (b) {
87 buf=b->data; 90 buf = b->data;
88 free(b); 91 free(b);
89 } 92 }
90 strlcpy(buf,"NO X509_NAME",len); 93 strlcpy(buf, "NO X509_NAME", len);
91 return buf; 94 return buf;
92 } 95 }
93 96
94 len--; /* space for '\0' */ 97 len--; /* space for '\0' */
95 l=0; 98 l = 0;
96 for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++) { 99 for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
97 ne=sk_X509_NAME_ENTRY_value(a->entries,i); 100 ne = sk_X509_NAME_ENTRY_value(a->entries, i);
98 n=OBJ_obj2nid(ne->object); 101 n = OBJ_obj2nid(ne->object);
99 if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) { 102 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
100 i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object); 103 i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
101 s=tmp_buf; 104 s = tmp_buf;
102 } 105 }
103 l1=strlen(s); 106 l1 = strlen(s);
104 107
105 type=ne->value->type; 108 type = ne->value->type;
106 num=ne->value->length; 109 num = ne->value->length;
107 q=ne->value->data; 110 q = ne->value->data;
108 if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0)) { 111 if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
109 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0; 112 gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
110 for (j=0; j<num; j++) 113 for (j = 0; j < num; j++)
111 if (q[j] != 0) gs_doit[j&3]=1; 114 if (q[j] != 0)
115 gs_doit[j & 3] = 1;
112 116
113 if (gs_doit[0]|gs_doit[1]|gs_doit[2]) 117 if (gs_doit[0]|gs_doit[1]|gs_doit[2])
114 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1; 118 gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
115 else { 119 else {
116 gs_doit[0]=gs_doit[1]=gs_doit[2]=0; 120 gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
117 gs_doit[3]=1; 121 gs_doit[3] = 1;
118 } 122 }
119 } else 123 } else
120 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1; 124 gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
121 125
122 for (l2=j=0; j<num; j++) { 126 for (l2 = j=0; j < num; j++) {
123 if (!gs_doit[j&3]) continue; 127 if (!gs_doit[j&3])
128 continue;
124 l2++; 129 l2++;
125 if ((q[j] < ' ') || (q[j] > '~')) l2+=3; 130 if ((q[j] < ' ') || (q[j] > '~'))
131 l2 += 3;
126 } 132 }
127 133
128 lold=l; 134 lold = l;
129 l+=1+l1+1+l2; 135 l += 1 + l1 + 1 + l2;
130 if (b != NULL) { 136 if (b != NULL) {
131 if (!BUF_MEM_grow(b,l+1)) goto err; 137 if (!BUF_MEM_grow(b, l + 1))
132 p= &(b->data[lold]); 138 goto err;
139 p = &(b->data[lold]);
133 } else if (l > len) { 140 } else if (l > len) {
134 break; 141 break;
135 } else 142 } else
136 p= &(buf[lold]); 143 p = &(buf[lold]);
137 *(p++)='/'; 144 *(p++) = '/';
138 memcpy(p,s,(unsigned int)l1); p+=l1; 145 memcpy(p, s, (unsigned int)l1);
139 *(p++)='='; 146 p += l1;
140 q=ne->value->data; 147 *(p++) = '=';
141 for (j=0; j<num; j++) { 148 q = ne->value->data;
142 if (!gs_doit[j&3]) continue; 149 for (j = 0; j < num; j++) {
143 n=q[j]; 150 if (!gs_doit[j & 3])
151 continue;
152 n = q[j];
144 if ((n < ' ') || (n > '~')) { 153 if ((n < ' ') || (n > '~')) {
145 *(p++)='\\'; 154 *(p++) = '\\';
146 *(p++)='x'; 155 *(p++) = 'x';
147 *(p++)=hex[(n>>4)&0x0f]; 156 *(p++) = hex[(n >> 4) & 0x0f];
148 *(p++)=hex[n&0x0f]; 157 *(p++) = hex[n & 0x0f];
149 } else 158 } else
150 *(p++)=n; 159 *(p++) = n;
151 } 160 }
152 *p='\0'; 161 *p = '\0';
153 } 162 }
154 if (b != NULL) { 163 if (b != NULL) {
155 p=b->data; 164 p = b->data;
156 free(b); 165 free(b);
157 } else 166 } else
158 p=buf; 167 p = buf;
159 if (i == 0) 168 if (i == 0)
160 *p = '\0'; 169 *p = '\0';
161 return(p); 170 return (p);
171
162err: 172err:
163 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); 173 X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
164 if (b != NULL) BUF_MEM_free(b); 174 if (b != NULL)
165 return(NULL); 175 BUF_MEM_free(b);
176 return (NULL);
166} 177}
167
diff --git a/src/lib/libssl/src/crypto/x509/x509_r2x.c b/src/lib/libssl/src/crypto/x509/x509_r2x.c
index f084447334..530a214c1d 100644
--- a/src/lib/libssl/src/crypto/x509/x509_r2x.c
+++ b/src/lib/libssl/src/crypto/x509/x509_r2x.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -65,47 +65,50 @@
65#include <openssl/objects.h> 65#include <openssl/objects.h>
66#include <openssl/buffer.h> 66#include <openssl/buffer.h>
67 67
68X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) 68X509 *
69X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
69{ 70{
70 X509 *ret=NULL; 71 X509 *ret = NULL;
71 X509_CINF *xi=NULL; 72 X509_CINF *xi = NULL;
72 X509_NAME *xn; 73 X509_NAME *xn;
73 74
74 if ((ret=X509_new()) == NULL) { 75 if ((ret = X509_new()) == NULL) {
75 X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE); 76 X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
76 goto err; 77 goto err;
77 } 78 }
78 79
79 /* duplicate the request */ 80 /* duplicate the request */
80 xi=ret->cert_info; 81 xi = ret->cert_info;
81 82
82 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) { 83 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {
83 if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err; 84 if ((xi->version = M_ASN1_INTEGER_new()) == NULL)
84 if (!ASN1_INTEGER_set(xi->version,2)) goto err; 85 goto err;
86 if (!ASN1_INTEGER_set(xi->version, 2))
87 goto err;
85/* xi->extensions=ri->attributes; <- bad, should not ever be done 88/* xi->extensions=ri->attributes; <- bad, should not ever be done
86 ri->attributes=NULL; */ 89 ri->attributes=NULL; */
87 } 90 }
88 91
89 xn=X509_REQ_get_subject_name(r); 92 xn = X509_REQ_get_subject_name(r);
90 if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0) 93 if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0)
91 goto err; 94 goto err;
92 if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0) 95 if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0)
93 goto err; 96 goto err;
94 97
95 if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL) 98 if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
96 goto err; 99 goto err;
97 if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL) 100 if (X509_gmtime_adj(xi->validity->notAfter,
101 (long)60 * 60 * 24 * days) == NULL)
98 goto err; 102 goto err;
99 103
100 X509_set_pubkey(ret,X509_REQ_get_pubkey(r)); 104 X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
101 105
102 if (!X509_sign(ret,pkey,EVP_md5())) 106 if (!X509_sign(ret, pkey, EVP_md5()))
103 goto err; 107 goto err;
104 if (0) { 108 if (0) {
105err: 109err:
106 X509_free(ret); 110 X509_free(ret);
107 ret=NULL; 111 ret = NULL;
108 } 112 }
109 return(ret); 113 return (ret);
110} 114}
111
diff --git a/src/lib/libssl/src/crypto/x509/x509_req.c b/src/lib/libssl/src/crypto/x509/x509_req.c
index 12725ed7e9..ae6fbd7d14 100644
--- a/src/lib/libssl/src/crypto/x509/x509_req.c
+++ b/src/lib/libssl/src/crypto/x509/x509_req.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -67,86 +67,97 @@
67#include <openssl/buffer.h> 67#include <openssl/buffer.h>
68#include <openssl/pem.h> 68#include <openssl/pem.h>
69 69
70X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) 70X509_REQ *
71X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
71{ 72{
72 X509_REQ *ret; 73 X509_REQ *ret;
73 X509_REQ_INFO *ri; 74 X509_REQ_INFO *ri;
74 int i; 75 int i;
75 EVP_PKEY *pktmp; 76 EVP_PKEY *pktmp;
76 77
77 ret=X509_REQ_new(); 78 ret = X509_REQ_new();
78 if (ret == NULL) { 79 if (ret == NULL) {
79 X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE); 80 X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE);
80 goto err; 81 goto err;
81 } 82 }
82 83
83 ri=ret->req_info; 84 ri = ret->req_info;
84 85
85 ri->version->length=1; 86 ri->version->length = 1;
86 ri->version->data=(unsigned char *)malloc(1); 87 ri->version->data = (unsigned char *)malloc(1);
87 if (ri->version->data == NULL) goto err; 88 if (ri->version->data == NULL)
88 ri->version->data[0]=0; /* version == 0 */ 89 goto err;
90 ri->version->data[0] = 0; /* version == 0 */
89 91
90 if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x))) 92 if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
91 goto err; 93 goto err;
92 94
93 pktmp = X509_get_pubkey(x); 95 pktmp = X509_get_pubkey(x);
94 i=X509_REQ_set_pubkey(ret,pktmp); 96 i = X509_REQ_set_pubkey(ret, pktmp);
95 EVP_PKEY_free(pktmp); 97 EVP_PKEY_free(pktmp);
96 if (!i) goto err; 98 if (!i)
99 goto err;
97 100
98 if (pkey != NULL) { 101 if (pkey != NULL) {
99 if (!X509_REQ_sign(ret,pkey,md)) 102 if (!X509_REQ_sign(ret, pkey, md))
100 goto err; 103 goto err;
101 } 104 }
102 return(ret); 105 return (ret);
106
103err: 107err:
104 X509_REQ_free(ret); 108 X509_REQ_free(ret);
105 return(NULL); 109 return (NULL);
106} 110}
107 111
108EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) 112EVP_PKEY *
113X509_REQ_get_pubkey(X509_REQ *req)
109{ 114{
110 if ((req == NULL) || (req->req_info == NULL)) 115 if ((req == NULL) || (req->req_info == NULL))
111 return(NULL); 116 return (NULL);
112 return(X509_PUBKEY_get(req->req_info->pubkey)); 117 return (X509_PUBKEY_get(req->req_info->pubkey));
113} 118}
114 119
115int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) 120int
121X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
116{ 122{
117 EVP_PKEY *xk=NULL; 123 EVP_PKEY *xk = NULL;
118 int ok=0; 124 int ok = 0;
119 125
120 xk=X509_REQ_get_pubkey(x); 126 xk = X509_REQ_get_pubkey(x);
121 switch (EVP_PKEY_cmp(xk, k)) { 127 switch (EVP_PKEY_cmp(xk, k)) {
122 case 1: 128 case 1:
123 ok=1; 129 ok = 1;
124 break; 130 break;
125 case 0: 131 case 0:
126 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); 132 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
133 X509_R_KEY_VALUES_MISMATCH);
127 break; 134 break;
128 case -1: 135 case -1:
129 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); 136 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
137 X509_R_KEY_TYPE_MISMATCH);
130 break; 138 break;
131 case -2: 139 case -2:
132#ifndef OPENSSL_NO_EC 140#ifndef OPENSSL_NO_EC
133 if (k->type == EVP_PKEY_EC) { 141 if (k->type == EVP_PKEY_EC) {
134 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); 142 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
143 ERR_R_EC_LIB);
135 break; 144 break;
136 } 145 }
137#endif 146#endif
138#ifndef OPENSSL_NO_DH 147#ifndef OPENSSL_NO_DH
139 if (k->type == EVP_PKEY_DH) { 148 if (k->type == EVP_PKEY_DH) {
140 /* No idea */ 149 /* No idea */
141 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); 150 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
151 X509_R_CANT_CHECK_DH_KEY);
142 break; 152 break;
143 } 153 }
144#endif 154#endif
145 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); 155 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
156 X509_R_UNKNOWN_KEY_TYPE);
146 } 157 }
147 158
148 EVP_PKEY_free(xk); 159 EVP_PKEY_free(xk);
149 return(ok); 160 return (ok);
150} 161}
151 162
152/* It seems several organisations had the same idea of including a list of 163/* It seems several organisations had the same idea of including a list of
@@ -154,31 +165,38 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
154 * used and there may be more: so the list is configurable. 165 * used and there may be more: so the list is configurable.
155 */ 166 */
156 167
157static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef}; 168static int ext_nid_list[] = {NID_ext_req, NID_ms_ext_req, NID_undef};
158 169
159static int *ext_nids = ext_nid_list; 170static int *ext_nids = ext_nid_list;
160 171
161int X509_REQ_extension_nid(int req_nid) 172int
173X509_REQ_extension_nid(int req_nid)
162{ 174{
163 int i, nid; 175 int i, nid;
164 for(i = 0; ; i++) { 176
177 for (i = 0; ; i++) {
165 nid = ext_nids[i]; 178 nid = ext_nids[i];
166 if(nid == NID_undef) return 0; 179 if (nid == NID_undef)
167 else if (req_nid == nid) return 1; 180 return 0;
181 else if (req_nid == nid)
182 return 1;
168 } 183 }
169} 184}
170 185
171int *X509_REQ_get_extension_nids(void) 186int *
187X509_REQ_get_extension_nids(void)
172{ 188{
173 return ext_nids; 189 return ext_nids;
174} 190}
175 191
176void X509_REQ_set_extension_nids(int *nids) 192void
193X509_REQ_set_extension_nids(int *nids)
177{ 194{
178 ext_nids = nids; 195 ext_nids = nids;
179} 196}
180 197
181STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) 198STACK_OF(X509_EXTENSION) *
199X509_REQ_get_extensions(X509_REQ *req)
182{ 200{
183 X509_ATTRIBUTE *attr; 201 X509_ATTRIBUTE *attr;
184 ASN1_TYPE *ext = NULL; 202 ASN1_TYPE *ext = NULL;
@@ -186,46 +204,50 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
186 const unsigned char *p; 204 const unsigned char *p;
187 205
188 if ((req == NULL) || (req->req_info == NULL) || !ext_nids) 206 if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
189 return(NULL); 207 return (NULL);
190 for (pnid = ext_nids; *pnid != NID_undef; pnid++) { 208 for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
191 idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); 209 idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
192 if (idx == -1) 210 if (idx == -1)
193 continue; 211 continue;
194 attr = X509_REQ_get_attr(req, idx); 212 attr = X509_REQ_get_attr(req, idx);
195 if(attr->single) ext = attr->value.single; 213 if (attr->single)
196 else if(sk_ASN1_TYPE_num(attr->value.set)) 214 ext = attr->value.single;
215 else if (sk_ASN1_TYPE_num(attr->value.set))
197 ext = sk_ASN1_TYPE_value(attr->value.set, 0); 216 ext = sk_ASN1_TYPE_value(attr->value.set, 0);
198 break; 217 break;
199 } 218 }
200 if(!ext || (ext->type != V_ASN1_SEQUENCE)) 219 if (!ext || (ext->type != V_ASN1_SEQUENCE))
201 return NULL; 220 return NULL;
202 p = ext->value.sequence->data; 221 p = ext->value.sequence->data;
203 return (STACK_OF(X509_EXTENSION) *) 222 return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p,
204 ASN1_item_d2i(NULL, &p, ext->value.sequence->length, 223 ext->value.sequence->length, ASN1_ITEM_rptr(X509_EXTENSIONS));
205 ASN1_ITEM_rptr(X509_EXTENSIONS));
206} 224}
207 225
208/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs 226/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
209 * in case we want to create a non standard one. 227 * in case we want to create a non standard one.
210 */ 228 */
211 229
212int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, 230int
213 int nid) 231X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
232 int nid)
214{ 233{
215 ASN1_TYPE *at = NULL; 234 ASN1_TYPE *at = NULL;
216 X509_ATTRIBUTE *attr = NULL; 235 X509_ATTRIBUTE *attr = NULL;
217 if(!(at = ASN1_TYPE_new()) || 236
218 !(at->value.sequence = ASN1_STRING_new())) goto err; 237 if (!(at = ASN1_TYPE_new()) ||
238 !(at->value.sequence = ASN1_STRING_new()))
239 goto err;
219 240
220 at->type = V_ASN1_SEQUENCE; 241 at->type = V_ASN1_SEQUENCE;
221 /* Generate encoding of extensions */ 242 /* Generate encoding of extensions */
222 at->value.sequence->length = 243 at->value.sequence->length = ASN1_item_i2d((ASN1_VALUE *)exts,
223 ASN1_item_i2d((ASN1_VALUE *)exts, 244 &at->value.sequence->data, ASN1_ITEM_rptr(X509_EXTENSIONS));
224 &at->value.sequence->data, 245 if (!(attr = X509_ATTRIBUTE_new()))
225 ASN1_ITEM_rptr(X509_EXTENSIONS)); 246 goto err;
226 if(!(attr = X509_ATTRIBUTE_new())) goto err; 247 if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
227 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; 248 goto err;
228 if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; 249 if (!sk_ASN1_TYPE_push(attr->value.set, at))
250 goto err;
229 at = NULL; 251 at = NULL;
230 attr->single = 0; 252 attr->single = 0;
231 attr->object = OBJ_nid2obj(nid); 253 attr->object = OBJ_nid2obj(nid);
@@ -233,77 +255,89 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
233 if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) 255 if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
234 goto err; 256 goto err;
235 } 257 }
236 if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; 258 if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr))
259 goto err;
237 return 1; 260 return 1;
238 err: 261
262err:
239 X509_ATTRIBUTE_free(attr); 263 X509_ATTRIBUTE_free(attr);
240 ASN1_TYPE_free(at); 264 ASN1_TYPE_free(at);
241 return 0; 265 return 0;
242} 266}
267
243/* This is the normal usage: use the "official" OID */ 268/* This is the normal usage: use the "official" OID */
244int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) 269int
270X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
245{ 271{
246 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); 272 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
247} 273}
248 274
249/* Request attribute functions */ 275/* Request attribute functions */
250 276
251int X509_REQ_get_attr_count(const X509_REQ *req) 277int
278X509_REQ_get_attr_count(const X509_REQ *req)
252{ 279{
253 return X509at_get_attr_count(req->req_info->attributes); 280 return X509at_get_attr_count(req->req_info->attributes);
254} 281}
255 282
256int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, 283int
257 int lastpos) 284X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos)
258{ 285{
259 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); 286 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
260} 287}
261 288
262int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, 289int
263 int lastpos) 290X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, int lastpos)
264{ 291{
265 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); 292 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
266} 293}
267 294
268X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) 295X509_ATTRIBUTE *
296X509_REQ_get_attr(const X509_REQ *req, int loc)
269{ 297{
270 return X509at_get_attr(req->req_info->attributes, loc); 298 return X509at_get_attr(req->req_info->attributes, loc);
271} 299}
272 300
273X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) 301X509_ATTRIBUTE *
302X509_REQ_delete_attr(X509_REQ *req, int loc)
274{ 303{
275 return X509at_delete_attr(req->req_info->attributes, loc); 304 return X509at_delete_attr(req->req_info->attributes, loc);
276} 305}
277 306
278int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) 307int
308X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
279{ 309{
280 if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1; 310 if (X509at_add1_attr(&req->req_info->attributes, attr))
311 return 1;
281 return 0; 312 return 0;
282} 313}
283 314
284int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, 315int
285 const ASN1_OBJECT *obj, int type, 316X509_REQ_add1_attr_by_OBJ(X509_REQ *req, const ASN1_OBJECT *obj, int type,
286 const unsigned char *bytes, int len) 317 const unsigned char *bytes, int len)
287{ 318{
288 if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, 319 if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
289 type, bytes, len)) return 1; 320 type, bytes, len))
321 return 1;
290 return 0; 322 return 0;
291} 323}
292 324
293int X509_REQ_add1_attr_by_NID(X509_REQ *req, 325int
294 int nid, int type, 326X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int type,
295 const unsigned char *bytes, int len) 327 const unsigned char *bytes, int len)
296{ 328{
297 if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid, 329 if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
298 type, bytes, len)) return 1; 330 type, bytes, len))
331 return 1;
299 return 0; 332 return 0;
300} 333}
301 334
302int X509_REQ_add1_attr_by_txt(X509_REQ *req, 335int
303 const char *attrname, int type, 336X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int type,
304 const unsigned char *bytes, int len) 337 const unsigned char *bytes, int len)
305{ 338{
306 if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, 339 if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
307 type, bytes, len)) return 1; 340 type, bytes, len))
341 return 1;
308 return 0; 342 return 0;
309} 343}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:38:46 +0000