1 files changed, 0 insertions, 440 deletions
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
deleted file mode 100644
index 030d0966fc..0000000000
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ /dev/null
@@ -1,440 +0,0 @@
-/* crypto/x509/x509_cmp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
-        {
-        int i;
-        X509_CINF *ai,*bi;
-        ai=a->cert_info;
-        bi=b->cert_info;
-        i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
-        if (i) return(i);
-        return(X509_NAME_cmp(ai->issuer,bi->issuer));
-        }
-#ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_and_serial_hash(X509 *a)
-        {
-        unsigned long ret=0;
-        EVP_MD_CTX ctx;
-        unsigned char md[16];
-        char *f;
-        EVP_MD_CTX_init(&ctx);
-        f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
-        ret=strlen(f);
-        EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
-        EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
-        OPENSSL_free(f);
-        EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
-                (unsigned long)a->cert_info->serialNumber->length);
-        EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
-        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-                )&0xffffffffL;
-        EVP_MD_CTX_cleanup(&ctx);
-        return(ret);
-        }
-#endif
-        
-int X509_issuer_name_cmp(const X509 *a, const X509 *b)
-        {
-        return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
-        }
-int X509_subject_name_cmp(const X509 *a, const X509 *b)
-        {
-        return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
-        }
-int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
-        {
-        return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
-        }
-X509_NAME *X509_get_issuer_name(X509 *a)
-        {
-        return(a->cert_info->issuer);
-        }
-unsigned long X509_issuer_name_hash(X509 *x)
-        {
-        return(X509_NAME_hash(x->cert_info->issuer));
-        }
-X509_NAME *X509_get_subject_name(X509 *a)
-        {
-        return(a->cert_info->subject);
-        }
-ASN1_INTEGER *X509_get_serialNumber(X509 *a)
-        {
-        return(a->cert_info->serialNumber);
-        }
-unsigned long X509_subject_name_hash(X509 *x)
-        {
-        return(X509_NAME_hash(x->cert_info->subject));
-        }
-#ifndef OPENSSL_NO_SHA
-/* Compare two certificates: they must be identical for
- * this to work. NB: Although "cmp" operations are generally
- * prototyped to take "const" arguments (eg. for use in
- * STACKs), the way X509 handling is - these operations may
- * involve ensuring the hashes are up-to-date and ensuring
- * certain cert information is cached. So this is the point
- * where the "depth-first" constification tree has to halt
- * with an evil cast.
- */
-int X509_cmp(const X509 *a, const X509 *b)
-{
-        /* ensure hash is valid */
-        X509_check_purpose((X509 *)a, -1, 0);
-        X509_check_purpose((X509 *)b, -1, 0);
-        return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
-}
-#endif
-/* Case insensitive string comparision */
-static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
-{
-        int i;
-        if (a->length != b->length)
-                return (a->length - b->length);
-        for (i=0; i<a->length; i++)
-        {
-                int ca, cb;
-                ca = tolower(a->data[i]);
-                cb = tolower(b->data[i]);
-                if (ca != cb)
-                        return(ca-cb);
-        }
-        return 0;
-}
-/* Case insensitive string comparision with space normalization 
- * Space normalization - ignore leading, trailing spaces, 
- *       multiple spaces between characters are replaced by single space  
- */
-static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
-{
-        unsigned char *pa = NULL, *pb = NULL;
-        int la, lb;
-        
-        la = a->length;
-        lb = b->length;
-        pa = a->data;
-        pb = b->data;
-        /* skip leading spaces */
-        while (la > 0 && isspace(*pa))
-        {
-                la--;
-                pa++;
-        }
-        while (lb > 0 && isspace(*pb))
-        {
-                lb--;
-                pb++;
-        }
-        /* skip trailing spaces */
-        while (la > 0 && isspace(pa[la-1]))
-                la--;
-        while (lb > 0 && isspace(pb[lb-1]))
-                lb--;
-        /* compare strings with space normalization */
-        while (la > 0 && lb > 0)
-        {
-                int ca, cb;
-                /* compare character */
-                ca = tolower(*pa);
-                cb = tolower(*pb);
-                if (ca != cb)
-                        return (ca - cb);
-                pa++; pb++;
-                la--; lb--;
-                if (la <= 0 || lb <= 0)
-                        break;
-                /* is white space next character ? */
-                if (isspace(*pa) && isspace(*pb))
-                {
-                        /* skip remaining white spaces */
-                        while (la > 0 && isspace(*pa))
-                        {
-                                la--;
-                                pa++;
-                        }
-                        while (lb > 0 && isspace(*pb))
-                        {
-                                lb--;
-                                pb++;
-                        }
-                }
-        }
-        if (la > 0 || lb > 0)
-                return la - lb;
-        return 0;
-}
-static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b)
-        {
-        int j;
-        j = a->length - b->length;
-        if (j)
-                return j;
-        return memcmp(a->data, b->data, a->length);
-        }
-#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING)
-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
-        {
-        int i,j;
-        X509_NAME_ENTRY *na,*nb;
-        unsigned long nabit, nbbit;
-        j = sk_X509_NAME_ENTRY_num(a->entries)
-                  - sk_X509_NAME_ENTRY_num(b->entries);
-        if (j)
-                return j;
-        for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
-                {
-                na=sk_X509_NAME_ENTRY_value(a->entries,i);
-                nb=sk_X509_NAME_ENTRY_value(b->entries,i);
-                j=na->value->type-nb->value->type;
-                if (j)
-                        {
-                        nabit = ASN1_tag2bit(na->value->type);
-                        nbbit = ASN1_tag2bit(nb->value->type);
-                        if (!(nabit & STR_TYPE_CMP) ||
-                                !(nbbit & STR_TYPE_CMP))
-                                return j;
-                        j = asn1_string_memcmp(na->value, nb->value);
-                        }
-                else if (na->value->type == V_ASN1_PRINTABLESTRING)
-                        j=nocase_spacenorm_cmp(na->value, nb->value);
-                else if (na->value->type == V_ASN1_IA5STRING
-                        && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
-                        j=nocase_cmp(na->value, nb->value);
-                else
-                        j = asn1_string_memcmp(na->value, nb->value);
-                if (j) return(j);
-                j=na->set-nb->set;
-                if (j) return(j);
-                }
-        /* We will check the object types after checking the values
-         * since the values will more often be different than the object
-         * types. */
-        for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
-                {
-                na=sk_X509_NAME_ENTRY_value(a->entries,i);
-                nb=sk_X509_NAME_ENTRY_value(b->entries,i);
-                j=OBJ_cmp(na->object,nb->object);
-                if (j) return(j);
-                }
-        return(0);
-        }
-#ifndef OPENSSL_NO_MD5
-/* I now DER encode the name and hash it.  Since I cache the DER encoding,
- * this is reasonably efficient. */
-unsigned long X509_NAME_hash(X509_NAME *x)
-        {
-        unsigned long ret=0;
-        unsigned char md[16];
-        EVP_MD_CTX md_ctx;
-        /* Make sure X509_NAME structure contains valid cached encoding */
-        i2d_X509_NAME(x,NULL);
-        EVP_MD_CTX_init(&md_ctx);
-        EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
-        EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
-        EVP_DigestFinal_ex(&md_ctx,md,NULL);
-        EVP_MD_CTX_cleanup(&md_ctx);
-        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-                )&0xffffffffL;
-        return(ret);
-        }
-#endif
-/* Search a stack of X509 for a match */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
-                ASN1_INTEGER *serial)
-        {
-        int i;
-        X509_CINF cinf;
-        X509 x,*x509=NULL;
-        if(!sk) return NULL;
-        x.cert_info= &cinf;
-        cinf.serialNumber=serial;
-        cinf.issuer=name;
-        for (i=0; i<sk_X509_num(sk); i++)
-                {
-                x509=sk_X509_value(sk,i);
-                if (X509_issuer_and_serial_cmp(x509,&x) == 0)
-                        return(x509);
-                }
-        return(NULL);
-        }
-X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
-        {
-        X509 *x509;
-        int i;
-        for (i=0; i<sk_X509_num(sk); i++)
-                {
-                x509=sk_X509_value(sk,i);
-                if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
-                        return(x509);
-                }
-        return(NULL);
-        }
-EVP_PKEY *X509_get_pubkey(X509 *x)
-        {
-        if ((x == NULL) || (x->cert_info == NULL))
-                return(NULL);
-        return(X509_PUBKEY_get(x->cert_info->key));
-        }
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
-        {
-        if(!x) return NULL;
-        return x->cert_info->key->public_key;
-        }
-int X509_check_private_key(X509 *x, EVP_PKEY *k)
-        {
-        EVP_PKEY *xk=NULL;
-        int ok=0;
-        xk=X509_get_pubkey(x);
-        if (xk->type != k->type)
-            {
-            X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
-            goto err;
-            }
-        switch (k->type)
-                {
-#ifndef OPENSSL_NO_RSA
-        case EVP_PKEY_RSA:
-                if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
-                    || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
-                    {
-                    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
-                    goto err;
-                    }
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-        case EVP_PKEY_DSA:
-                if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
-                    {
-                    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
-                    goto err;
-                    }
-                break;
-#endif
-#ifndef OPENSSL_NO_DH
-        case EVP_PKEY_DH:
-                /* No idea */
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
-                goto err;
-#endif
-        default:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
-                goto err;
-                }
-        ok=1;
-err:
-        EVP_PKEY_free(xk);
-        return(ok);
-        }

diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c deleted file mode 100644 index 030d0966fc..0000000000 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ /dev/null
@@ -1,440 +0,0 @@
1	/* crypto/x509/x509_cmp.c */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60	#include <ctype.h>
61	#include "cryptlib.h"
62	#include <openssl/asn1.h>
63	#include <openssl/objects.h>
64	#include <openssl/x509.h>
65	#include <openssl/x509v3.h>
66
67	int X509_issuer_and_serial_cmp(const X509 a, const X509 b)
68	{
69	int i;
70	X509_CINF ai,bi;
71
72	ai=a->cert_info;
73	bi=b->cert_info;
74	i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
75	if (i) return(i);
76	return(X509_NAME_cmp(ai->issuer,bi->issuer));
77	}
78
79	#ifndef OPENSSL_NO_MD5
80	unsigned long X509_issuer_and_serial_hash(X509 *a)
81	{
82	unsigned long ret=0;
83	EVP_MD_CTX ctx;
84	unsigned char md[16];
85	char *f;
86
87	EVP_MD_CTX_init(&ctx);
88	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
89	ret=strlen(f);
90	EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
91	EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
92	OPENSSL_free(f);
93	EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
94	(unsigned long)a->cert_info->serialNumber->length);
95	EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
96	ret=( ((unsigned long)md[0] )\|((unsigned long)md[1]<<8L)\|
97	((unsigned long)md[2]<<16L)\|((unsigned long)md[3]<<24L)
98	)&0xffffffffL;
99	EVP_MD_CTX_cleanup(&ctx);
100	return(ret);
101	}
102	#endif
103
104	int X509_issuer_name_cmp(const X509 a, const X509 b)
105	{
106	return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
107	}
108
109	int X509_subject_name_cmp(const X509 a, const X509 b)
110	{
111	return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
112	}
113
114	int X509_CRL_cmp(const X509_CRL a, const X509_CRL b)
115	{
116	return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
117	}
118
119	X509_NAME X509_get_issuer_name(X509 a)
120	{
121	return(a->cert_info->issuer);
122	}
123
124	unsigned long X509_issuer_name_hash(X509 *x)
125	{
126	return(X509_NAME_hash(x->cert_info->issuer));
127	}
128
129	X509_NAME X509_get_subject_name(X509 a)
130	{
131	return(a->cert_info->subject);
132	}
133
134	ASN1_INTEGER X509_get_serialNumber(X509 a)
135	{
136	return(a->cert_info->serialNumber);
137	}
138
139	unsigned long X509_subject_name_hash(X509 *x)
140	{
141	return(X509_NAME_hash(x->cert_info->subject));
142	}
143
144	#ifndef OPENSSL_NO_SHA
145	/* Compare two certificates: they must be identical for
146	* this to work. NB: Although "cmp" operations are generally
147	* prototyped to take "const" arguments (eg. for use in
148	* STACKs), the way X509 handling is - these operations may
149	* involve ensuring the hashes are up-to-date and ensuring
150	* certain cert information is cached. So this is the point
151	* where the "depth-first" constification tree has to halt
152	* with an evil cast.
153	*/
154	int X509_cmp(const X509 a, const X509 b)
155	{
156	/* ensure hash is valid */
157	X509_check_purpose((X509 *)a, -1, 0);
158	X509_check_purpose((X509 *)b, -1, 0);
159
160	return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
161	}
162	#endif
163
164
165	/* Case insensitive string comparision */
166	static int nocase_cmp(const ASN1_STRING a, const ASN1_STRING b)
167	{
168	int i;
169
170	if (a->length != b->length)
171	return (a->length - b->length);
172
173	for (i=0; i<a->length; i++)
174	{
175	int ca, cb;
176
177	ca = tolower(a->data[i]);
178	cb = tolower(b->data[i]);
179
180	if (ca != cb)
181	return(ca-cb);
182	}
183	return 0;
184	}
185
186	/* Case insensitive string comparision with space normalization
187	* Space normalization - ignore leading, trailing spaces,
188	* multiple spaces between characters are replaced by single space
189	*/
190	static int nocase_spacenorm_cmp(const ASN1_STRING a, const ASN1_STRING b)
191	{
192	unsigned char pa = NULL, pb = NULL;
193	int la, lb;
194
195	la = a->length;
196	lb = b->length;
197	pa = a->data;
198	pb = b->data;
199
200	/* skip leading spaces */
201	while (la > 0 && isspace(*pa))
202	{
203	la--;
204	pa++;
205	}
206	while (lb > 0 && isspace(*pb))
207	{
208	lb--;
209	pb++;
210	}
211
212	/* skip trailing spaces */
213	while (la > 0 && isspace(pa[la-1]))
214	la--;
215	while (lb > 0 && isspace(pb[lb-1]))
216	lb--;
217
218	/* compare strings with space normalization */
219	while (la > 0 && lb > 0)
220	{
221	int ca, cb;
222
223	/* compare character */
224	ca = tolower(*pa);
225	cb = tolower(*pb);
226	if (ca != cb)
227	return (ca - cb);
228
229	pa++; pb++;
230	la--; lb--;
231
232	if (la <= 0 \|\| lb <= 0)
233	break;
234
235	/* is white space next character ? */
236	if (isspace(pa) && isspace(pb))
237	{
238	/* skip remaining white spaces */
239	while (la > 0 && isspace(*pa))
240	{
241	la--;
242	pa++;
243	}
244	while (lb > 0 && isspace(*pb))
245	{
246	lb--;
247	pb++;
248	}
249	}
250	}
251	if (la > 0 \|\| lb > 0)
252	return la - lb;
253
254	return 0;
255	}
256
257	static int asn1_string_memcmp(ASN1_STRING a, ASN1_STRING b)
258	{
259	int j;
260	j = a->length - b->length;
261	if (j)
262	return j;
263	return memcmp(a->data, b->data, a->length);
264	}
265
266	#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING\|B_ASN1_T61STRING\|B_ASN1_UTF8STRING)
267
268	int X509_NAME_cmp(const X509_NAME a, const X509_NAME b)
269	{
270	int i,j;
271	X509_NAME_ENTRY na,nb;
272
273	unsigned long nabit, nbbit;
274
275	j = sk_X509_NAME_ENTRY_num(a->entries)
276	- sk_X509_NAME_ENTRY_num(b->entries);
277	if (j)
278	return j;
279	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
280	{
281	na=sk_X509_NAME_ENTRY_value(a->entries,i);
282	nb=sk_X509_NAME_ENTRY_value(b->entries,i);
283	j=na->value->type-nb->value->type;
284	if (j)
285	{
286	nabit = ASN1_tag2bit(na->value->type);
287	nbbit = ASN1_tag2bit(nb->value->type);
288	if (!(nabit & STR_TYPE_CMP) \|\|
289	!(nbbit & STR_TYPE_CMP))
290	return j;
291	j = asn1_string_memcmp(na->value, nb->value);
292	}
293	else if (na->value->type == V_ASN1_PRINTABLESTRING)
294	j=nocase_spacenorm_cmp(na->value, nb->value);
295	else if (na->value->type == V_ASN1_IA5STRING
296	&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
297	j=nocase_cmp(na->value, nb->value);
298	else
299	j = asn1_string_memcmp(na->value, nb->value);
300	if (j) return(j);
301	j=na->set-nb->set;
302	if (j) return(j);
303	}
304
305	/* We will check the object types after checking the values
306	* since the values will more often be different than the object
307	* types. */
308	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
309	{
310	na=sk_X509_NAME_ENTRY_value(a->entries,i);
311	nb=sk_X509_NAME_ENTRY_value(b->entries,i);
312	j=OBJ_cmp(na->object,nb->object);
313	if (j) return(j);
314	}
315	return(0);
316	}
317
318	#ifndef OPENSSL_NO_MD5
319	/* I now DER encode the name and hash it. Since I cache the DER encoding,
320	* this is reasonably efficient. */
321	unsigned long X509_NAME_hash(X509_NAME *x)
322	{
323	unsigned long ret=0;
324	unsigned char md[16];
325	EVP_MD_CTX md_ctx;
326
327	/* Make sure X509_NAME structure contains valid cached encoding */
328	i2d_X509_NAME(x,NULL);
329	EVP_MD_CTX_init(&md_ctx);
330	EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
331	EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
332	EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
333	EVP_DigestFinal_ex(&md_ctx,md,NULL);
334	EVP_MD_CTX_cleanup(&md_ctx);
335
336	ret=( ((unsigned long)md[0] )\|((unsigned long)md[1]<<8L)\|
337	((unsigned long)md[2]<<16L)\|((unsigned long)md[3]<<24L)
338	)&0xffffffffL;
339	return(ret);
340	}
341	#endif
342
343	/* Search a stack of X509 for a match */
344	X509 X509_find_by_issuer_and_serial(STACK_OF(X509) sk, X509_NAME *name,
345	ASN1_INTEGER *serial)
346	{
347	int i;
348	X509_CINF cinf;
349	X509 x,*x509=NULL;
350
351	if(!sk) return NULL;
352
353	x.cert_info= &cinf;
354	cinf.serialNumber=serial;
355	cinf.issuer=name;
356
357	for (i=0; i<sk_X509_num(sk); i++)
358	{
359	x509=sk_X509_value(sk,i);
360	if (X509_issuer_and_serial_cmp(x509,&x) == 0)
361	return(x509);
362	}
363	return(NULL);
364	}
365
366	X509 X509_find_by_subject(STACK_OF(X509) sk, X509_NAME *name)
367	{
368	X509 *x509;
369	int i;
370
371	for (i=0; i<sk_X509_num(sk); i++)
372	{
373	x509=sk_X509_value(sk,i);
374	if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
375	return(x509);
376	}
377	return(NULL);
378	}
379
380	EVP_PKEY X509_get_pubkey(X509 x)
381	{
382	if ((x == NULL) \|\| (x->cert_info == NULL))
383	return(NULL);
384	return(X509_PUBKEY_get(x->cert_info->key));
385	}
386
387	ASN1_BIT_STRING X509_get0_pubkey_bitstr(const X509 x)
388	{
389	if(!x) return NULL;
390	return x->cert_info->key->public_key;
391	}
392
393	int X509_check_private_key(X509 x, EVP_PKEY k)
394	{
395	EVP_PKEY *xk=NULL;
396	int ok=0;
397
398	xk=X509_get_pubkey(x);
399	if (xk->type != k->type)
400	{
401	X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
402	goto err;
403	}
404	switch (k->type)
405	{
406	#ifndef OPENSSL_NO_RSA
407	case EVP_PKEY_RSA:
408	if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
409	\|\| BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
410	{
411	X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
412	goto err;
413	}
414	break;
415	#endif
416	#ifndef OPENSSL_NO_DSA
417	case EVP_PKEY_DSA:
418	if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
419	{
420	X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
421	goto err;
422	}
423	break;
424	#endif
425	#ifndef OPENSSL_NO_DH
426	case EVP_PKEY_DH:
427	/* No idea */
428	X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
429	goto err;
430	#endif
431	default:
432	X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
433	goto err;
434	}
435
436	ok=1;
437	err:
438	EVP_PKEY_free(xk);
439	return(ok);
440	}