diff options
Diffstat (limited to 'src/lib/libcrypto/x509/x509_cmp.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_cmp.c | 109 |
1 files changed, 52 insertions, 57 deletions
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index 2f1b8953e5..87c4596414 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c | |||
| @@ -65,7 +65,7 @@ | |||
| 65 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
| 66 | 66 | ||
| 67 | int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) | 67 | int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) |
| 68 | { | 68 | { |
| 69 | int i; | 69 | int i; |
| 70 | X509_CINF *ai,*bi; | 70 | X509_CINF *ai,*bi; |
| 71 | 71 | ||
| @@ -74,11 +74,11 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) | |||
| 74 | i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber); | 74 | i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber); |
| 75 | if (i) return(i); | 75 | if (i) return(i); |
| 76 | return(X509_NAME_cmp(ai->issuer,bi->issuer)); | 76 | return(X509_NAME_cmp(ai->issuer,bi->issuer)); |
| 77 | } | 77 | } |
| 78 | 78 | ||
| 79 | #ifndef OPENSSL_NO_MD5 | 79 | #ifndef OPENSSL_NO_MD5 |
| 80 | unsigned long X509_issuer_and_serial_hash(X509 *a) | 80 | unsigned long X509_issuer_and_serial_hash(X509 *a) |
| 81 | { | 81 | { |
| 82 | unsigned long ret=0; | 82 | unsigned long ret=0; |
| 83 | EVP_MD_CTX ctx; | 83 | EVP_MD_CTX ctx; |
| 84 | unsigned char md[16]; | 84 | unsigned char md[16]; |
| @@ -102,68 +102,68 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) | |||
| 102 | err: | 102 | err: |
| 103 | EVP_MD_CTX_cleanup(&ctx); | 103 | EVP_MD_CTX_cleanup(&ctx); |
| 104 | return(ret); | 104 | return(ret); |
| 105 | } | 105 | } |
| 106 | #endif | 106 | #endif |
| 107 | 107 | ||
| 108 | int X509_issuer_name_cmp(const X509 *a, const X509 *b) | 108 | int X509_issuer_name_cmp(const X509 *a, const X509 *b) |
| 109 | { | 109 | { |
| 110 | return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); | 110 | return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); |
| 111 | } | 111 | } |
| 112 | 112 | ||
| 113 | int X509_subject_name_cmp(const X509 *a, const X509 *b) | 113 | int X509_subject_name_cmp(const X509 *a, const X509 *b) |
| 114 | { | 114 | { |
| 115 | return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); | 115 | return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); |
| 116 | } | 116 | } |
| 117 | 117 | ||
| 118 | int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) | 118 | int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) |
| 119 | { | 119 | { |
| 120 | return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); | 120 | return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); |
| 121 | } | 121 | } |
| 122 | 122 | ||
| 123 | #ifndef OPENSSL_NO_SHA | 123 | #ifndef OPENSSL_NO_SHA |
| 124 | int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) | 124 | int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) |
| 125 | { | 125 | { |
| 126 | return memcmp(a->sha1_hash, b->sha1_hash, 20); | 126 | return memcmp(a->sha1_hash, b->sha1_hash, 20); |
| 127 | } | 127 | } |
| 128 | #endif | 128 | #endif |
| 129 | 129 | ||
| 130 | X509_NAME *X509_get_issuer_name(X509 *a) | 130 | X509_NAME *X509_get_issuer_name(X509 *a) |
| 131 | { | 131 | { |
| 132 | return(a->cert_info->issuer); | 132 | return(a->cert_info->issuer); |
| 133 | } | 133 | } |
| 134 | 134 | ||
| 135 | unsigned long X509_issuer_name_hash(X509 *x) | 135 | unsigned long X509_issuer_name_hash(X509 *x) |
| 136 | { | 136 | { |
| 137 | return(X509_NAME_hash(x->cert_info->issuer)); | 137 | return(X509_NAME_hash(x->cert_info->issuer)); |
| 138 | } | 138 | } |
| 139 | 139 | ||
| 140 | #ifndef OPENSSL_NO_MD5 | 140 | #ifndef OPENSSL_NO_MD5 |
| 141 | unsigned long X509_issuer_name_hash_old(X509 *x) | 141 | unsigned long X509_issuer_name_hash_old(X509 *x) |
| 142 | { | 142 | { |
| 143 | return(X509_NAME_hash_old(x->cert_info->issuer)); | 143 | return(X509_NAME_hash_old(x->cert_info->issuer)); |
| 144 | } | 144 | } |
| 145 | #endif | 145 | #endif |
| 146 | 146 | ||
| 147 | X509_NAME *X509_get_subject_name(X509 *a) | 147 | X509_NAME *X509_get_subject_name(X509 *a) |
| 148 | { | 148 | { |
| 149 | return(a->cert_info->subject); | 149 | return(a->cert_info->subject); |
| 150 | } | 150 | } |
| 151 | 151 | ||
| 152 | ASN1_INTEGER *X509_get_serialNumber(X509 *a) | 152 | ASN1_INTEGER *X509_get_serialNumber(X509 *a) |
| 153 | { | 153 | { |
| 154 | return(a->cert_info->serialNumber); | 154 | return(a->cert_info->serialNumber); |
| 155 | } | 155 | } |
| 156 | 156 | ||
| 157 | unsigned long X509_subject_name_hash(X509 *x) | 157 | unsigned long X509_subject_name_hash(X509 *x) |
| 158 | { | 158 | { |
| 159 | return(X509_NAME_hash(x->cert_info->subject)); | 159 | return(X509_NAME_hash(x->cert_info->subject)); |
| 160 | } | 160 | } |
| 161 | 161 | ||
| 162 | #ifndef OPENSSL_NO_MD5 | 162 | #ifndef OPENSSL_NO_MD5 |
| 163 | unsigned long X509_subject_name_hash_old(X509 *x) | 163 | unsigned long X509_subject_name_hash_old(X509 *x) |
| 164 | { | 164 | { |
| 165 | return(X509_NAME_hash_old(x->cert_info->subject)); | 165 | return(X509_NAME_hash_old(x->cert_info->subject)); |
| 166 | } | 166 | } |
| 167 | #endif | 167 | #endif |
| 168 | 168 | ||
| 169 | #ifndef OPENSSL_NO_SHA | 169 | #ifndef OPENSSL_NO_SHA |
| @@ -188,24 +188,22 @@ int X509_cmp(const X509 *a, const X509 *b) | |||
| 188 | 188 | ||
| 189 | 189 | ||
| 190 | int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) | 190 | int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) |
| 191 | { | 191 | { |
| 192 | int ret; | 192 | int ret; |
| 193 | 193 | ||
| 194 | /* Ensure canonical encoding is present and up to date */ | 194 | /* Ensure canonical encoding is present and up to date */ |
| 195 | 195 | ||
| 196 | if (!a->canon_enc || a->modified) | 196 | if (!a->canon_enc || a->modified) { |
| 197 | { | ||
| 198 | ret = i2d_X509_NAME((X509_NAME *)a, NULL); | 197 | ret = i2d_X509_NAME((X509_NAME *)a, NULL); |
| 199 | if (ret < 0) | 198 | if (ret < 0) |
| 200 | return -2; | 199 | return -2; |
| 201 | } | 200 | } |
| 202 | 201 | ||
| 203 | if (!b->canon_enc || b->modified) | 202 | if (!b->canon_enc || b->modified) { |
| 204 | { | ||
| 205 | ret = i2d_X509_NAME((X509_NAME *)b, NULL); | 203 | ret = i2d_X509_NAME((X509_NAME *)b, NULL); |
| 206 | if (ret < 0) | 204 | if (ret < 0) |
| 207 | return -2; | 205 | return -2; |
| 208 | } | 206 | } |
| 209 | 207 | ||
| 210 | ret = a->canon_enclen - b->canon_enclen; | 208 | ret = a->canon_enclen - b->canon_enclen; |
| 211 | 209 | ||
| @@ -214,10 +212,10 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) | |||
| 214 | 212 | ||
| 215 | return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); | 213 | return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); |
| 216 | 214 | ||
| 217 | } | 215 | } |
| 218 | 216 | ||
| 219 | unsigned long X509_NAME_hash(X509_NAME *x) | 217 | unsigned long X509_NAME_hash(X509_NAME *x) |
| 220 | { | 218 | { |
| 221 | unsigned long ret=0; | 219 | unsigned long ret=0; |
| 222 | unsigned char md[SHA_DIGEST_LENGTH]; | 220 | unsigned char md[SHA_DIGEST_LENGTH]; |
| 223 | 221 | ||
| @@ -231,7 +229,7 @@ unsigned long X509_NAME_hash(X509_NAME *x) | |||
| 231 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) | 229 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) |
| 232 | )&0xffffffffL; | 230 | )&0xffffffffL; |
| 233 | return(ret); | 231 | return(ret); |
| 234 | } | 232 | } |
| 235 | 233 | ||
| 236 | 234 | ||
| 237 | #ifndef OPENSSL_NO_MD5 | 235 | #ifndef OPENSSL_NO_MD5 |
| @@ -239,7 +237,7 @@ unsigned long X509_NAME_hash(X509_NAME *x) | |||
| 239 | * this is reasonably efficient. */ | 237 | * this is reasonably efficient. */ |
| 240 | 238 | ||
| 241 | unsigned long X509_NAME_hash_old(X509_NAME *x) | 239 | unsigned long X509_NAME_hash_old(X509_NAME *x) |
| 242 | { | 240 | { |
| 243 | EVP_MD_CTX md_ctx; | 241 | EVP_MD_CTX md_ctx; |
| 244 | unsigned long ret=0; | 242 | unsigned long ret=0; |
| 245 | unsigned char md[16]; | 243 | unsigned char md[16]; |
| @@ -257,13 +255,13 @@ unsigned long X509_NAME_hash_old(X509_NAME *x) | |||
| 257 | EVP_MD_CTX_cleanup(&md_ctx); | 255 | EVP_MD_CTX_cleanup(&md_ctx); |
| 258 | 256 | ||
| 259 | return(ret); | 257 | return(ret); |
| 260 | } | 258 | } |
| 261 | #endif | 259 | #endif |
| 262 | 260 | ||
| 263 | /* Search a stack of X509 for a match */ | 261 | /* Search a stack of X509 for a match */ |
| 264 | X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, | 262 | X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, |
| 265 | ASN1_INTEGER *serial) | 263 | ASN1_INTEGER *serial) |
| 266 | { | 264 | { |
| 267 | int i; | 265 | int i; |
| 268 | X509_CINF cinf; | 266 | X509_CINF cinf; |
| 269 | X509 x,*x509=NULL; | 267 | X509 x,*x509=NULL; |
| @@ -274,44 +272,42 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, | |||
| 274 | cinf.serialNumber=serial; | 272 | cinf.serialNumber=serial; |
| 275 | cinf.issuer=name; | 273 | cinf.issuer=name; |
| 276 | 274 | ||
| 277 | for (i=0; i<sk_X509_num(sk); i++) | 275 | for (i=0; i<sk_X509_num(sk); i++) { |
| 278 | { | ||
| 279 | x509=sk_X509_value(sk,i); | 276 | x509=sk_X509_value(sk,i); |
| 280 | if (X509_issuer_and_serial_cmp(x509,&x) == 0) | 277 | if (X509_issuer_and_serial_cmp(x509,&x) == 0) |
| 281 | return(x509); | 278 | return(x509); |
| 282 | } | ||
| 283 | return(NULL); | ||
| 284 | } | 279 | } |
| 280 | return(NULL); | ||
| 281 | } | ||
| 285 | 282 | ||
| 286 | X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) | 283 | X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) |
| 287 | { | 284 | { |
| 288 | X509 *x509; | 285 | X509 *x509; |
| 289 | int i; | 286 | int i; |
| 290 | 287 | ||
| 291 | for (i=0; i<sk_X509_num(sk); i++) | 288 | for (i=0; i<sk_X509_num(sk); i++) { |
| 292 | { | ||
| 293 | x509=sk_X509_value(sk,i); | 289 | x509=sk_X509_value(sk,i); |
| 294 | if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0) | 290 | if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0) |
| 295 | return(x509); | 291 | return(x509); |
| 296 | } | ||
| 297 | return(NULL); | ||
| 298 | } | 292 | } |
| 293 | return(NULL); | ||
| 294 | } | ||
| 299 | 295 | ||
| 300 | EVP_PKEY *X509_get_pubkey(X509 *x) | 296 | EVP_PKEY *X509_get_pubkey(X509 *x) |
| 301 | { | 297 | { |
| 302 | if ((x == NULL) || (x->cert_info == NULL)) | 298 | if ((x == NULL) || (x->cert_info == NULL)) |
| 303 | return(NULL); | 299 | return(NULL); |
| 304 | return(X509_PUBKEY_get(x->cert_info->key)); | 300 | return(X509_PUBKEY_get(x->cert_info->key)); |
| 305 | } | 301 | } |
| 306 | 302 | ||
| 307 | ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) | 303 | ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) |
| 308 | { | 304 | { |
| 309 | if(!x) return NULL; | 305 | if(!x) return NULL; |
| 310 | return x->cert_info->key->public_key; | 306 | return x->cert_info->key->public_key; |
| 311 | } | 307 | } |
| 312 | 308 | ||
| 313 | int X509_check_private_key(X509 *x, EVP_PKEY *k) | 309 | int X509_check_private_key(X509 *x, EVP_PKEY *k) |
| 314 | { | 310 | { |
| 315 | EVP_PKEY *xk; | 311 | EVP_PKEY *xk; |
| 316 | int ret; | 312 | int ret; |
| 317 | 313 | ||
| @@ -322,8 +318,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) | |||
| 322 | else | 318 | else |
| 323 | ret = -2; | 319 | ret = -2; |
| 324 | 320 | ||
| 325 | switch (ret) | 321 | switch (ret) { |
| 326 | { | ||
| 327 | case 1: | 322 | case 1: |
| 328 | break; | 323 | break; |
| 329 | case 0: | 324 | case 0: |
| @@ -334,10 +329,10 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) | |||
| 334 | break; | 329 | break; |
| 335 | case -2: | 330 | case -2: |
| 336 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); | 331 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); |
| 337 | } | 332 | } |
| 338 | if (xk) | 333 | if (xk) |
| 339 | EVP_PKEY_free(xk); | 334 | EVP_PKEY_free(xk); |
| 340 | if (ret > 0) | 335 | if (ret > 0) |
| 341 | return 1; | 336 | return 1; |
| 342 | return 0; | 337 | return 0; |
| 343 | } | 338 | } |