1 files changed, 128 insertions, 103 deletions
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 87c4596414..b6b3423e3f 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -64,105 +64,121 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
+int
+X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 {
        int i;
-        X509_CINF *ai,*bi;
+        X509_CINF *ai, *bi;
-        ai=a->cert_info;
+        ai = a->cert_info;
-        bi=b->cert_info;
+        bi = b->cert_info;
-        i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
+        i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
-        if (i) return(i);
+        if (i)
-        return(X509_NAME_cmp(ai->issuer,bi->issuer));
+                return (i);
+        return (X509_NAME_cmp(ai->issuer, bi->issuer));
 }
 #ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_and_serial_hash(X509 *a)
+unsigned long
+X509_issuer_and_serial_hash(X509 *a)
 {
-        unsigned long ret=0;
+        unsigned long ret = 0;
        EVP_MD_CTX ctx;
        unsigned char md[16];
        char *f;
        EVP_MD_CTX_init(&ctx);
-        f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
+        f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
        if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
                goto err;
-        if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))
+        if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))
                goto err;
        free(f);
-        if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
+        if (!EVP_DigestUpdate(&ctx,
-                (unsigned long)a->cert_info->serialNumber->length))
+            (unsigned char *)a->cert_info->serialNumber->data,
+            (unsigned long)a->cert_info->serialNumber->length))
                goto err;
-        if (!EVP_DigestFinal_ex(&ctx,&(md[0]),NULL))
+        if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL))
                goto err;
-        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+        ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
-                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+            ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)) &
-                )&0xffffffffL;
+            0xffffffffL;
-        err:
+err:
        EVP_MD_CTX_cleanup(&ctx);
-        return(ret);
+        return (ret);
 }
 #endif
-        
-int X509_issuer_name_cmp(const X509 *a, const X509 *b)
+int
+X509_issuer_name_cmp(const X509 *a, const X509 *b)
 {
-        return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
+        return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer));
 }
-int X509_subject_name_cmp(const X509 *a, const X509 *b)
+int
+X509_subject_name_cmp(const X509 *a, const X509 *b)
 {
-        return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
+        return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject));
 }
-int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
+int
+X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
 {
-        return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
+        return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer));
 }
 #ifndef OPENSSL_NO_SHA
-int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
+int
+X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
 {
        return memcmp(a->sha1_hash, b->sha1_hash, 20);
 }
 #endif
-X509_NAME *X509_get_issuer_name(X509 *a)
+X509_NAME *
+X509_get_issuer_name(X509 *a)
 {
-        return(a->cert_info->issuer);
+        return (a->cert_info->issuer);
 }
-unsigned long X509_issuer_name_hash(X509 *x)
+unsigned long
+X509_issuer_name_hash(X509 *x)
 {
-        return(X509_NAME_hash(x->cert_info->issuer));
+        return (X509_NAME_hash(x->cert_info->issuer));
 }
 #ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_name_hash_old(X509 *x)
+unsigned long
+X509_issuer_name_hash_old(X509 *x)
 {
-        return(X509_NAME_hash_old(x->cert_info->issuer));
+        return (X509_NAME_hash_old(x->cert_info->issuer));
 }
 #endif
-X509_NAME *X509_get_subject_name(X509 *a)
+X509_NAME *
+X509_get_subject_name(X509 *a)
 {
-        return(a->cert_info->subject);
+        return (a->cert_info->subject);
 }
-ASN1_INTEGER *X509_get_serialNumber(X509 *a)
+ASN1_INTEGER *
+X509_get_serialNumber(X509 *a)
 {
-        return(a->cert_info->serialNumber);
+        return (a->cert_info->serialNumber);
 }
-unsigned long X509_subject_name_hash(X509 *x)
+unsigned long
+X509_subject_name_hash(X509 *x)
 {
-        return(X509_NAME_hash(x->cert_info->subject));
+        return (X509_NAME_hash(x->cert_info->subject));
 }
 #ifndef OPENSSL_NO_MD5
-unsigned long X509_subject_name_hash_old(X509 *x)
+unsigned long
+X509_subject_name_hash_old(X509 *x)
 {
-        return(X509_NAME_hash_old(x->cert_info->subject));
+        return (X509_NAME_hash_old(x->cert_info->subject));
 }
 #endif
@@ -176,7 +192,8 @@ unsigned long X509_subject_name_hash_old(X509 *x)
 * where the "depth-first" constification tree has to halt
 * with an evil cast.
 */
-int X509_cmp(const X509 *a, const X509 *b)
+int
+X509_cmp(const X509 *a, const X509 *b)
 {
        /* ensure hash is valid */
        X509_check_purpose((X509 *)a, -1, 0);
@@ -186,49 +203,44 @@ int X509_cmp(const X509 *a, const X509 *b)
 }
 #endif
+int
-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 {
        int ret;
        /* Ensure canonical encoding is present and up to date */
        if (!a->canon_enc || a->modified) {
                ret = i2d_X509_NAME((X509_NAME *)a, NULL);
                if (ret < 0)
                        return -2;
        }
        if (!b->canon_enc || b->modified) {
                ret = i2d_X509_NAME((X509_NAME *)b, NULL);
                if (ret < 0)
                        return -2;
        }
        ret = a->canon_enclen - b->canon_enclen;
        if (ret)
                return ret;
        return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
 }
-unsigned long X509_NAME_hash(X509_NAME *x)
+unsigned long
+X509_NAME_hash(X509_NAME *x)
 {
-        unsigned long ret=0;
+        unsigned long ret = 0;
        unsigned char md[SHA_DIGEST_LENGTH];
        /* Make sure X509_NAME structure contains valid cached encoding */
-        i2d_X509_NAME(x,NULL);
+        i2d_X509_NAME(x, NULL);
        if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(),
-                NULL))
+            NULL))
                return 0;
-        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+        ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
-                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+            ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)) &
-                )&0xffffffffL;
+            0xffffffffL;
-        return(ret);
+        return (ret);
 }
@@ -236,82 +248,92 @@ unsigned long X509_NAME_hash(X509_NAME *x)
 /* I now DER encode the name and hash it.  Since I cache the DER encoding,
 * this is reasonably efficient. */
-unsigned long X509_NAME_hash_old(X509_NAME *x)
+unsigned long
+X509_NAME_hash_old(X509_NAME *x)
 {
        EVP_MD_CTX md_ctx;
-        unsigned long ret=0;
+        unsigned long ret = 0;
        unsigned char md[16];
        /* Make sure X509_NAME structure contains valid cached encoding */
-        i2d_X509_NAME(x,NULL);
+        i2d_X509_NAME(x, NULL);
        EVP_MD_CTX_init(&md_ctx);
        EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
+        if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) &&
-            && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
+            EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) &&
-            && EVP_DigestFinal_ex(&md_ctx,md,NULL))
+            EVP_DigestFinal_ex(&md_ctx, md, NULL))
-                ret=(((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+                ret = (((unsigned long)md[0]) |
-                     ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+                    ((unsigned long)md[1] << 8L) |
-                     )&0xffffffffL;
+                    ((unsigned long)md[2] << 16L) |
+                    ((unsigned long)md[3] << 24L)) &
+                    0xffffffffL;
        EVP_MD_CTX_cleanup(&md_ctx);
-        return(ret);
+        return (ret);
 }
 #endif
 /* Search a stack of X509 for a match */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+X509 *
-                ASN1_INTEGER *serial)
+X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+    ASN1_INTEGER *serial)
 {
        int i;
        X509_CINF cinf;
-        X509 x,*x509=NULL;
+        X509 x, *x509 = NULL;
-        if(!sk) return NULL;
+        if (!sk)
+                return NULL;
-        x.cert_info= &cinf;
+        x.cert_info = &cinf;
-        cinf.serialNumber=serial;
+        cinf.serialNumber = serial;
-        cinf.issuer=name;
+        cinf.issuer = name;
-        for (i=0; i<sk_X509_num(sk); i++) {
+        for (i = 0; i < sk_X509_num(sk); i++) {
-                x509=sk_X509_value(sk,i);
+                x509 = sk_X509_value(sk, i);
-                if (X509_issuer_and_serial_cmp(x509,&x) == 0)
+                if (X509_issuer_and_serial_cmp(x509, &x) == 0)
-                        return(x509);
+                        return (x509);
        }
-        return(NULL);
+        return (NULL);
 }
-X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
+X509 *
+X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
 {
        X509 *x509;
        int i;
-        for (i=0; i<sk_X509_num(sk); i++) {
+        for (i = 0; i < sk_X509_num(sk); i++) {
-                x509=sk_X509_value(sk,i);
+                x509 = sk_X509_value(sk, i);
-                if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
+                if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0)
-                        return(x509);
+                        return (x509);
        }
-        return(NULL);
+        return (NULL);
 }
-EVP_PKEY *X509_get_pubkey(X509 *x)
+EVP_PKEY *
+X509_get_pubkey(X509 *x)
 {
        if ((x == NULL) || (x->cert_info == NULL))
-                return(NULL);
+                return (NULL);
-        return(X509_PUBKEY_get(x->cert_info->key));
+        return (X509_PUBKEY_get(x->cert_info->key));
 }
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+ASN1_BIT_STRING *
+X509_get0_pubkey_bitstr(const X509 *x)
 {
-        if(!x) return NULL;
+        if (!x)
+                return NULL;
        return x->cert_info->key->public_key;
 }
-int X509_check_private_key(X509 *x, EVP_PKEY *k)
+int
+X509_check_private_key(X509 *x, EVP_PKEY *k)
 {
        EVP_PKEY *xk;
        int ret;
-        xk=X509_get_pubkey(x);
+        xk = X509_get_pubkey(x);
        if (xk)
                ret = EVP_PKEY_cmp(xk, k);
@@ -322,13 +344,16 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
        case 1:
                break;
        case 0:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+                X509err(X509_F_X509_CHECK_PRIVATE_KEY,
+                    X509_R_KEY_VALUES_MISMATCH);
                break;
        case -1:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+                X509err(X509_F_X509_CHECK_PRIVATE_KEY,
+                    X509_R_KEY_TYPE_MISMATCH);
                break;
        case -2:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
+                X509err(X509_F_X509_CHECK_PRIVATE_KEY,
+                    X509_R_UNKNOWN_KEY_TYPE);
        }
        if (xk)
                EVP_PKEY_free(xk);

diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index 87c4596414..b6b3423e3f 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -5,21 +5,21 @@
5	* This package is an SSL implementation written	5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).	6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.	7	* The implementation was written so as to conform with Netscapes SSL.
8	*	8	*
9	* This library is free for commercial and non-commercial use as long as	9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions	10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,	11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms	13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*	15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in	16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.	17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution	18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.	19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or	20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.	21	* in documentation (online or textual) provided with the package.
22	*	22	*
23	* Redistribution and use in source and binary forms, with or without	23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions	24	* modification, are permitted provided that the following conditions
25	* are met:	25	* are met:
@@ -34,10 +34,10 @@
34	* Eric Young (eay@cryptsoft.com)"	34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library	35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).	36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from	37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:	38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*	40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.	51	* SUCH DAMAGE.
52	*	52	*
53	* The licence and distribution terms for any publically available version or	53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
@@ -64,105 +64,121 @@
64	#include <openssl/x509.h>	64	#include <openssl/x509.h>
65	#include <openssl/x509v3.h>	65	#include <openssl/x509v3.h>
66		66
67	int X509_issuer_and_serial_cmp(const X509 a, const X509 b)	67	int
		68	X509_issuer_and_serial_cmp(const X509 a, const X509 b)
68	{	69	{
69	int i;	70	int i;
70	X509_CINF ai,bi;	71	X509_CINF ai, bi;
71		72
72	ai=a->cert_info;	73	ai = a->cert_info;
73	bi=b->cert_info;	74	bi = b->cert_info;
74	i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);	75	i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
75	if (i) return(i);	76	if (i)
76	return(X509_NAME_cmp(ai->issuer,bi->issuer));	77	return (i);
		78	return (X509_NAME_cmp(ai->issuer, bi->issuer));
77	}	79	}
78		80
79	#ifndef OPENSSL_NO_MD5	81	#ifndef OPENSSL_NO_MD5
80	unsigned long X509_issuer_and_serial_hash(X509 *a)	82	unsigned long
		83	X509_issuer_and_serial_hash(X509 *a)
81	{	84	{
82	unsigned long ret=0;	85	unsigned long ret = 0;
83	EVP_MD_CTX ctx;	86	EVP_MD_CTX ctx;
84	unsigned char md[16];	87	unsigned char md[16];
85	char *f;	88	char *f;
86		89
87	EVP_MD_CTX_init(&ctx);	90	EVP_MD_CTX_init(&ctx);
88	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);	91	f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
89	if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))	92	if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
90	goto err;	93	goto err;
91	if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))	94	if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))
92	goto err;	95	goto err;
93	free(f);	96	free(f);
94	if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,	97	if (!EVP_DigestUpdate(&ctx,
95	(unsigned long)a->cert_info->serialNumber->length))	98	(unsigned char *)a->cert_info->serialNumber->data,
		99	(unsigned long)a->cert_info->serialNumber->length))
96	goto err;	100	goto err;
97	if (!EVP_DigestFinal_ex(&ctx,&(md[0]),NULL))	101	if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL))
98	goto err;	102	goto err;
99	ret=( ((unsigned long)md[0] )\|((unsigned long)md[1]<<8L)\|	103	ret = (((unsigned long)md[0]) \| ((unsigned long)md[1] << 8L) \|
100	((unsigned long)md[2]<<16L)\|((unsigned long)md[3]<<24L)	104	((unsigned long)md[2] << 16L) \| ((unsigned long)md[3] << 24L)) &
101	)&0xffffffffL;	105	0xffffffffL;
102	err:	106
		107	err:
103	EVP_MD_CTX_cleanup(&ctx);	108	EVP_MD_CTX_cleanup(&ctx);
104	return(ret);	109	return (ret);
105	}	110	}
106	#endif	111	#endif
107		112
108	int X509_issuer_name_cmp(const X509 a, const X509 b)	113	int
		114	X509_issuer_name_cmp(const X509 a, const X509 b)
109	{	115	{
110	return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));	116	return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer));
111	}	117	}
112		118
113	int X509_subject_name_cmp(const X509 a, const X509 b)	119	int
		120	X509_subject_name_cmp(const X509 a, const X509 b)
114	{	121	{
115	return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));	122	return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject));
116	}	123	}
117		124
118	int X509_CRL_cmp(const X509_CRL a, const X509_CRL b)	125	int
		126	X509_CRL_cmp(const X509_CRL a, const X509_CRL b)
119	{	127	{
120	return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));	128	return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer));
121	}	129	}
122		130
123	#ifndef OPENSSL_NO_SHA	131	#ifndef OPENSSL_NO_SHA
124	int X509_CRL_match(const X509_CRL a, const X509_CRL b)	132	int
		133	X509_CRL_match(const X509_CRL a, const X509_CRL b)
125	{	134	{
126	return memcmp(a->sha1_hash, b->sha1_hash, 20);	135	return memcmp(a->sha1_hash, b->sha1_hash, 20);
127	}	136	}
128	#endif	137	#endif
129		138
130	X509_NAME X509_get_issuer_name(X509 a)	139	X509_NAME *
		140	X509_get_issuer_name(X509 *a)
131	{	141	{
132	return(a->cert_info->issuer);	142	return (a->cert_info->issuer);
133	}	143	}
134		144
135	unsigned long X509_issuer_name_hash(X509 *x)	145	unsigned long
		146	X509_issuer_name_hash(X509 *x)
136	{	147	{
137	return(X509_NAME_hash(x->cert_info->issuer));	148	return (X509_NAME_hash(x->cert_info->issuer));
138	}	149	}
139		150
140	#ifndef OPENSSL_NO_MD5	151	#ifndef OPENSSL_NO_MD5
141	unsigned long X509_issuer_name_hash_old(X509 *x)	152	unsigned long
		153	X509_issuer_name_hash_old(X509 *x)
142	{	154	{
143	return(X509_NAME_hash_old(x->cert_info->issuer));	155	return (X509_NAME_hash_old(x->cert_info->issuer));
144	}	156	}
145	#endif	157	#endif
146		158
147	X509_NAME X509_get_subject_name(X509 a)	159	X509_NAME *
		160	X509_get_subject_name(X509 *a)
148	{	161	{
149	return(a->cert_info->subject);	162	return (a->cert_info->subject);
150	}	163	}
151		164
152	ASN1_INTEGER X509_get_serialNumber(X509 a)	165	ASN1_INTEGER *
		166	X509_get_serialNumber(X509 *a)
153	{	167	{
154	return(a->cert_info->serialNumber);	168	return (a->cert_info->serialNumber);
155	}	169	}
156		170
157	unsigned long X509_subject_name_hash(X509 *x)	171	unsigned long
		172	X509_subject_name_hash(X509 *x)
158	{	173	{
159	return(X509_NAME_hash(x->cert_info->subject));	174	return (X509_NAME_hash(x->cert_info->subject));
160	}	175	}
161		176
162	#ifndef OPENSSL_NO_MD5	177	#ifndef OPENSSL_NO_MD5
163	unsigned long X509_subject_name_hash_old(X509 *x)	178	unsigned long
		179	X509_subject_name_hash_old(X509 *x)
164	{	180	{
165	return(X509_NAME_hash_old(x->cert_info->subject));	181	return (X509_NAME_hash_old(x->cert_info->subject));
166	}	182	}
167	#endif	183	#endif
168		184
@@ -176,7 +192,8 @@ unsigned long X509_subject_name_hash_old(X509 *x)
176	* where the "depth-first" constification tree has to halt	192	* where the "depth-first" constification tree has to halt
177	* with an evil cast.	193	* with an evil cast.
178	*/	194	*/
179	int X509_cmp(const X509 a, const X509 b)	195	int
		196	X509_cmp(const X509 a, const X509 b)
180	{	197	{
181	/* ensure hash is valid */	198	/* ensure hash is valid */
182	X509_check_purpose((X509 *)a, -1, 0);	199	X509_check_purpose((X509 *)a, -1, 0);
@@ -186,49 +203,44 @@ int X509_cmp(const X509 a, const X509 b)
186	}	203	}
187	#endif	204	#endif
188		205
189		206	int
190	int X509_NAME_cmp(const X509_NAME a, const X509_NAME b)	207	X509_NAME_cmp(const X509_NAME a, const X509_NAME b)
191	{	208	{
192	int ret;	209	int ret;
193		210
194	/* Ensure canonical encoding is present and up to date */	211	/* Ensure canonical encoding is present and up to date */
195
196	if (!a->canon_enc \|\| a->modified) {	212	if (!a->canon_enc \|\| a->modified) {
197	ret = i2d_X509_NAME((X509_NAME *)a, NULL);	213	ret = i2d_X509_NAME((X509_NAME *)a, NULL);
198	if (ret < 0)	214	if (ret < 0)
199	return -2;	215	return -2;
200	}	216	}
201
202	if (!b->canon_enc \|\| b->modified) {	217	if (!b->canon_enc \|\| b->modified) {
203	ret = i2d_X509_NAME((X509_NAME *)b, NULL);	218	ret = i2d_X509_NAME((X509_NAME *)b, NULL);
204	if (ret < 0)	219	if (ret < 0)
205	return -2;	220	return -2;
206	}	221	}
207
208	ret = a->canon_enclen - b->canon_enclen;	222	ret = a->canon_enclen - b->canon_enclen;
209
210	if (ret)	223	if (ret)
211	return ret;	224	return ret;
212
213	return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);	225	return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
214
215	}	226	}
216		227
217	unsigned long X509_NAME_hash(X509_NAME *x)	228	unsigned long
		229	X509_NAME_hash(X509_NAME *x)
218	{	230	{
219	unsigned long ret=0;	231	unsigned long ret = 0;
220	unsigned char md[SHA_DIGEST_LENGTH];	232	unsigned char md[SHA_DIGEST_LENGTH];
221		233
222	/* Make sure X509_NAME structure contains valid cached encoding */	234	/* Make sure X509_NAME structure contains valid cached encoding */
223	i2d_X509_NAME(x,NULL);	235	i2d_X509_NAME(x, NULL);
224	if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(),	236	if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(),
225	NULL))	237	NULL))
226	return 0;	238	return 0;
227		239
228	ret=( ((unsigned long)md[0] )\|((unsigned long)md[1]<<8L)\|	240	ret = (((unsigned long)md[0]) \| ((unsigned long)md[1] << 8L) \|
229	((unsigned long)md[2]<<16L)\|((unsigned long)md[3]<<24L)	241	((unsigned long)md[2] << 16L) \| ((unsigned long)md[3] << 24L)) &
230	)&0xffffffffL;	242	0xffffffffL;
231	return(ret);	243	return (ret);
232	}	244	}
233		245
234		246
@@ -236,82 +248,92 @@ unsigned long X509_NAME_hash(X509_NAME *x)
236	/* I now DER encode the name and hash it. Since I cache the DER encoding,	248	/* I now DER encode the name and hash it. Since I cache the DER encoding,
237	* this is reasonably efficient. */	249	* this is reasonably efficient. */
238		250
239	unsigned long X509_NAME_hash_old(X509_NAME *x)	251	unsigned long
		252	X509_NAME_hash_old(X509_NAME *x)
240	{	253	{
241	EVP_MD_CTX md_ctx;	254	EVP_MD_CTX md_ctx;
242	unsigned long ret=0;	255	unsigned long ret = 0;
243	unsigned char md[16];	256	unsigned char md[16];
244		257
245	/* Make sure X509_NAME structure contains valid cached encoding */	258	/* Make sure X509_NAME structure contains valid cached encoding */
246	i2d_X509_NAME(x,NULL);	259	i2d_X509_NAME(x, NULL);
247	EVP_MD_CTX_init(&md_ctx);	260	EVP_MD_CTX_init(&md_ctx);
248	EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);	261	EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
249	if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)	262	if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) &&
250	&& EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)	263	EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) &&
251	&& EVP_DigestFinal_ex(&md_ctx,md,NULL))	264	EVP_DigestFinal_ex(&md_ctx, md, NULL))
252	ret=(((unsigned long)md[0] )\|((unsigned long)md[1]<<8L)\|	265	ret = (((unsigned long)md[0]) \|
253	((unsigned long)md[2]<<16L)\|((unsigned long)md[3]<<24L)	266	((unsigned long)md[1] << 8L) \|
254	)&0xffffffffL;	267	((unsigned long)md[2] << 16L) \|
		268	((unsigned long)md[3] << 24L)) &
		269	0xffffffffL;
255	EVP_MD_CTX_cleanup(&md_ctx);	270	EVP_MD_CTX_cleanup(&md_ctx);
256		271
257	return(ret);	272	return (ret);
258	}	273	}
259	#endif	274	#endif
260		275
261	/* Search a stack of X509 for a match */	276	/* Search a stack of X509 for a match */
262	X509 X509_find_by_issuer_and_serial(STACK_OF(X509) sk, X509_NAME *name,	277	X509 *
263	ASN1_INTEGER *serial)	278	X509_find_by_issuer_and_serial(STACK_OF(X509) sk, X509_NAME name,
		279	ASN1_INTEGER *serial)
264	{	280	{
265	int i;	281	int i;
266	X509_CINF cinf;	282	X509_CINF cinf;
267	X509 x,*x509=NULL;	283	X509 x, *x509 = NULL;
268		284
269	if(!sk) return NULL;	285	if (!sk)
		286	return NULL;
270		287
271	x.cert_info= &cinf;	288	x.cert_info = &cinf;
272	cinf.serialNumber=serial;	289	cinf.serialNumber = serial;
273	cinf.issuer=name;	290	cinf.issuer = name;
274		291
275	for (i=0; i<sk_X509_num(sk); i++) {	292	for (i = 0; i < sk_X509_num(sk); i++) {
276	x509=sk_X509_value(sk,i);	293	x509 = sk_X509_value(sk, i);
277	if (X509_issuer_and_serial_cmp(x509,&x) == 0)	294	if (X509_issuer_and_serial_cmp(x509, &x) == 0)
278	return(x509);	295	return (x509);
279	}	296	}
280	return(NULL);	297	return (NULL);
281	}	298	}
282		299
283	X509 X509_find_by_subject(STACK_OF(X509) sk, X509_NAME *name)	300	X509 *
		301	X509_find_by_subject(STACK_OF(X509) sk, X509_NAME name)
284	{	302	{
285	X509 *x509;	303	X509 *x509;
286	int i;	304	int i;
287		305
288	for (i=0; i<sk_X509_num(sk); i++) {	306	for (i = 0; i < sk_X509_num(sk); i++) {
289	x509=sk_X509_value(sk,i);	307	x509 = sk_X509_value(sk, i);
290	if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)	308	if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0)
291	return(x509);	309	return (x509);
292	}	310	}
293	return(NULL);	311	return (NULL);
294	}	312	}
295		313
296	EVP_PKEY X509_get_pubkey(X509 x)	314	EVP_PKEY *
		315	X509_get_pubkey(X509 *x)
297	{	316	{
298	if ((x == NULL) \|\| (x->cert_info == NULL))	317	if ((x == NULL) \|\| (x->cert_info == NULL))
299	return(NULL);	318	return (NULL);
300	return(X509_PUBKEY_get(x->cert_info->key));	319	return (X509_PUBKEY_get(x->cert_info->key));
301	}	320	}
302		321
303	ASN1_BIT_STRING X509_get0_pubkey_bitstr(const X509 x)	322	ASN1_BIT_STRING *
		323	X509_get0_pubkey_bitstr(const X509 *x)
304	{	324	{
305	if(!x) return NULL;	325	if (!x)
		326	return NULL;
306	return x->cert_info->key->public_key;	327	return x->cert_info->key->public_key;
307	}	328	}
308		329
309	int X509_check_private_key(X509 x, EVP_PKEY k)	330	int
		331	X509_check_private_key(X509 x, EVP_PKEY k)
310	{	332	{
311	EVP_PKEY *xk;	333	EVP_PKEY *xk;
312	int ret;	334	int ret;
313		335
314	xk=X509_get_pubkey(x);	336	xk = X509_get_pubkey(x);
315		337
316	if (xk)	338	if (xk)
317	ret = EVP_PKEY_cmp(xk, k);	339	ret = EVP_PKEY_cmp(xk, k);
@@ -322,13 +344,16 @@ int X509_check_private_key(X509 x, EVP_PKEY k)
322	case 1:	344	case 1:
323	break;	345	break;
324	case 0:	346	case 0:
325	X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);	347	X509err(X509_F_X509_CHECK_PRIVATE_KEY,
		348	X509_R_KEY_VALUES_MISMATCH);
326	break;	349	break;
327	case -1:	350	case -1:
328	X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);	351	X509err(X509_F_X509_CHECK_PRIVATE_KEY,
		352	X509_R_KEY_TYPE_MISMATCH);
329	break;	353	break;
330	case -2:	354	case -2:
331	X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);	355	X509err(X509_F_X509_CHECK_PRIVATE_KEY,
		356	X509_R_UNKNOWN_KEY_TYPE);
332	}	357	}
333	if (xk)	358	if (xk)
334	EVP_PKEY_free(xk);	359	EVP_PKEY_free(xk);