summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509')
-rw-r--r--src/lib/libcrypto/x509/by_dir.c342
-rw-r--r--src/lib/libcrypto/x509/by_file.c267
-rw-r--r--src/lib/libcrypto/x509/x509.h989
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c293
-rw-r--r--src/lib/libcrypto/x509/x509_d2.c107
-rw-r--r--src/lib/libcrypto/x509/x509_def.c83
-rw-r--r--src/lib/libcrypto/x509/x509_err.c134
-rw-r--r--src/lib/libcrypto/x509/x509_ext.c174
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c411
-rw-r--r--src/lib/libcrypto/x509/x509_obj.c223
-rw-r--r--src/lib/libcrypto/x509/x509_r2x.c110
-rw-r--r--src/lib/libcrypto/x509/x509_req.c115
-rw-r--r--src/lib/libcrypto/x509/x509_set.c150
-rw-r--r--src/lib/libcrypto/x509/x509_txt.c132
-rw-r--r--src/lib/libcrypto/x509/x509_v3.c266
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c639
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h346
-rw-r--r--src/lib/libcrypto/x509/x509name.c321
-rw-r--r--src/lib/libcrypto/x509/x509rset.c83
-rw-r--r--src/lib/libcrypto/x509/x509type.c114
-rw-r--r--src/lib/libcrypto/x509/x_all.c437
21 files changed, 0 insertions, 5736 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
deleted file mode 100644
index 734e39ac77..0000000000
--- a/src/lib/libcrypto/x509/by_dir.c
+++ /dev/null
@@ -1,342 +0,0 @@
1/* crypto/x509/by_dir.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64
65#include "cryptlib.h"
66#include <openssl/lhash.h>
67#include <openssl/x509.h>
68
69typedef struct lookup_dir_st
70 {
71 BUF_MEM *buffer;
72 int num_dirs;
73 char **dirs;
74 int *dirs_type;
75 int num_dirs_alloced;
76 } BY_DIR;
77
78static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
79 char **ret);
80static int new_dir(X509_LOOKUP *lu);
81static void free_dir(X509_LOOKUP *lu);
82static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
83static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
84 X509_OBJECT *ret);
85X509_LOOKUP_METHOD x509_dir_lookup=
86 {
87 "Load certs from files in a directory",
88 new_dir, /* new */
89 free_dir, /* free */
90 NULL, /* init */
91 NULL, /* shutdown */
92 dir_ctrl, /* ctrl */
93 get_cert_by_subject, /* get_by_subject */
94 NULL, /* get_by_issuer_serial */
95 NULL, /* get_by_fingerprint */
96 NULL, /* get_by_alias */
97 };
98
99X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
100 {
101 return(&x509_dir_lookup);
102 }
103
104static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
105 char **retp)
106 {
107 int ret=0;
108 BY_DIR *ld;
109 char *dir;
110
111 ld=(BY_DIR *)ctx->method_data;
112
113 switch (cmd)
114 {
115 case X509_L_ADD_DIR:
116 if (argl == X509_FILETYPE_DEFAULT)
117 {
118 ret=add_cert_dir(ld,X509_get_default_cert_dir(),
119 X509_FILETYPE_PEM);
120 if (!ret)
121 {
122 X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
123 }
124 else
125 {
126 dir=(char *)Getenv(X509_get_default_cert_dir_env());
127 ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
128 }
129 }
130 else
131 ret=add_cert_dir(ld,argp,(int)argl);
132 break;
133 }
134 return(ret);
135 }
136
137static int new_dir(X509_LOOKUP *lu)
138 {
139 BY_DIR *a;
140
141 if ((a=(BY_DIR *)Malloc(sizeof(BY_DIR))) == NULL)
142 return(0);
143 if ((a->buffer=BUF_MEM_new()) == NULL)
144 {
145 Free(a);
146 return(0);
147 }
148 a->num_dirs=0;
149 a->dirs=NULL;
150 a->dirs_type=NULL;
151 a->num_dirs_alloced=0;
152 lu->method_data=(char *)a;
153 return(1);
154 }
155
156static void free_dir(X509_LOOKUP *lu)
157 {
158 BY_DIR *a;
159 int i;
160
161 a=(BY_DIR *)lu->method_data;
162 for (i=0; i<a->num_dirs; i++)
163 if (a->dirs[i] != NULL) Free(a->dirs[i]);
164 if (a->dirs != NULL) Free(a->dirs);
165 if (a->dirs_type != NULL) Free(a->dirs_type);
166 if (a->buffer != NULL) BUF_MEM_free(a->buffer);
167 Free(a);
168 }
169
170static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
171 {
172 int j,len;
173 int *ip;
174 const char *s,*ss,*p;
175 char **pp;
176
177 if (dir == NULL || !*dir)
178 {
179 X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
180 return 0;
181 }
182
183 s=dir;
184 p=s;
185 for (;;)
186 {
187 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
188 {
189 ss=s;
190 s=p+1;
191 len=(int)(p-ss);
192 if (len == 0) continue;
193 for (j=0; j<ctx->num_dirs; j++)
194 if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
195 continue;
196 if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
197 {
198 ctx->num_dirs_alloced+=10;
199 pp=(char **)Malloc(ctx->num_dirs_alloced*
200 sizeof(char *));
201 ip=(int *)Malloc(ctx->num_dirs_alloced*
202 sizeof(int));
203 if ((pp == NULL) || (ip == NULL))
204 {
205 X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
206 return(0);
207 }
208 memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
209 sizeof(char *));
210 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
211 sizeof(int));
212 if (ctx->dirs != NULL)
213 Free((char *)ctx->dirs);
214 if (ctx->dirs_type != NULL)
215 Free((char *)ctx->dirs_type);
216 ctx->dirs=pp;
217 ctx->dirs_type=ip;
218 }
219 ctx->dirs_type[ctx->num_dirs]=type;
220 ctx->dirs[ctx->num_dirs]=(char *)Malloc((unsigned int)len+1);
221 if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
222 strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
223 ctx->dirs[ctx->num_dirs][len]='\0';
224 ctx->num_dirs++;
225 }
226 if (*p == '\0') break;
227 p++;
228 }
229 return(1);
230 }
231
232static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
233 X509_OBJECT *ret)
234 {
235 BY_DIR *ctx;
236 union {
237 struct {
238 X509 st_x509;
239 X509_CINF st_x509_cinf;
240 } x509;
241 struct {
242 X509_CRL st_crl;
243 X509_CRL_INFO st_crl_info;
244 } crl;
245 } data;
246 int ok=0;
247 int i,j,k;
248 unsigned long h;
249 BUF_MEM *b=NULL;
250 struct stat st;
251 X509_OBJECT stmp,*tmp;
252 const char *postfix="";
253
254 if (name == NULL) return(0);
255
256 stmp.type=type;
257 if (type == X509_LU_X509)
258 {
259 data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
260 data.x509.st_x509_cinf.subject=name;
261 stmp.data.x509= &data.x509.st_x509;
262 postfix="";
263 }
264 else if (type == X509_LU_CRL)
265 {
266 data.crl.st_crl.crl= &data.crl.st_crl_info;
267 data.crl.st_crl_info.issuer=name;
268 stmp.data.crl= &data.crl.st_crl;
269 postfix="r";
270 }
271 else
272 {
273 X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
274 goto finish;
275 }
276
277 if ((b=BUF_MEM_new()) == NULL)
278 {
279 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
280 goto finish;
281 }
282
283 ctx=(BY_DIR *)xl->method_data;
284
285 h=X509_NAME_hash(name);
286 for (i=0; i<ctx->num_dirs; i++)
287 {
288 j=strlen(ctx->dirs[i])+1+8+6+1+1;
289 if (!BUF_MEM_grow(b,j))
290 {
291 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
292 goto finish;
293 }
294 k=0;
295 for (;;)
296 {
297 sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h,
298 postfix,k);
299 k++;
300 if (stat(b->data,&st) < 0)
301 break;
302 /* found one. */
303 if (type == X509_LU_X509)
304 {
305 if ((X509_load_cert_file(xl,b->data,
306 ctx->dirs_type[i])) == 0)
307 break;
308 }
309 else if (type == X509_LU_CRL)
310 {
311 if ((X509_load_crl_file(xl,b->data,
312 ctx->dirs_type[i])) == 0)
313 break;
314 }
315 /* else case will caught higher up */
316 }
317
318 /* we have added it to the cache so now pull
319 * it out again */
320 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
321 tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,
322 (char *)&stmp);
323 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
324
325 if (tmp != NULL)
326 {
327 ok=1;
328 ret->type=tmp->type;
329 memcpy(&ret->data,&tmp->data,sizeof(ret->data));
330 /* If we were going to up the reference count,
331 * we would need to do it on a perl 'type'
332 * basis */
333 /* CRYPTO_add(&tmp->data.x509->references,1,
334 CRYPTO_LOCK_X509);*/
335 goto finish;
336 }
337 }
338finish:
339 if (b != NULL) BUF_MEM_free(b);
340 return(ok);
341 }
342
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
deleted file mode 100644
index 00ee5e8bbc..0000000000
--- a/src/lib/libcrypto/x509/by_file.c
+++ /dev/null
@@ -1,267 +0,0 @@
1/* crypto/x509/by_file.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64
65#include "cryptlib.h"
66#include <openssl/lhash.h>
67#include <openssl/buffer.h>
68#include <openssl/x509.h>
69#include <openssl/pem.h>
70
71#ifndef NO_STDIO
72
73static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
74 long argl, char **ret);
75X509_LOOKUP_METHOD x509_file_lookup=
76 {
77 "Load file into cache",
78 NULL, /* new */
79 NULL, /* free */
80 NULL, /* init */
81 NULL, /* shutdown */
82 by_file_ctrl, /* ctrl */
83 NULL, /* get_by_subject */
84 NULL, /* get_by_issuer_serial */
85 NULL, /* get_by_fingerprint */
86 NULL, /* get_by_alias */
87 };
88
89X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
90 {
91 return(&x509_file_lookup);
92 }
93
94static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
95 char **ret)
96 {
97 int ok=0,ok2=0;
98 char *file;
99
100 switch (cmd)
101 {
102 case X509_L_FILE_LOAD:
103 if (argl == X509_FILETYPE_DEFAULT)
104 {
105 ok=X509_load_cert_file(ctx,X509_get_default_cert_file(),
106 X509_FILETYPE_PEM);
107 ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(),
108 X509_FILETYPE_PEM);
109 if (!ok || !ok2)
110 {
111 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
112 }
113 else
114 {
115 file=(char *)Getenv(X509_get_default_cert_file_env());
116 ok=X509_load_cert_file(ctx,file,
117 X509_FILETYPE_PEM);
118 ok2=X509_load_crl_file(ctx,file,
119 X509_FILETYPE_PEM);
120 }
121 }
122 else
123 {
124 ok=X509_load_cert_file(ctx,argp,(int)argl);
125 ok2=X509_load_crl_file(ctx,argp,(int)argl);
126 }
127 break;
128 }
129 return((ok && ok2)?ok:0);
130 }
131
132int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
133 {
134 int ret=0;
135 BIO *in=NULL;
136 int i,count=0;
137 X509 *x=NULL;
138
139 if (file == NULL) return(1);
140 in=BIO_new(BIO_s_file_internal());
141
142 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
143 {
144 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
145 goto err;
146 }
147
148 if (type == X509_FILETYPE_PEM)
149 {
150 for (;;)
151 {
152 x=PEM_read_bio_X509(in,NULL,NULL,NULL);
153 if (x == NULL)
154 {
155 if ((ERR_GET_REASON(ERR_peek_error()) ==
156 PEM_R_NO_START_LINE) && (count > 0))
157 {
158 ERR_clear_error();
159 break;
160 }
161 else
162 {
163 X509err(X509_F_X509_LOAD_CERT_FILE,
164 ERR_R_PEM_LIB);
165 goto err;
166 }
167 }
168 i=X509_STORE_add_cert(ctx->store_ctx,x);
169 if (!i) goto err;
170 count++;
171 X509_free(x);
172 x=NULL;
173 }
174 ret=count;
175 }
176 else if (type == X509_FILETYPE_ASN1)
177 {
178 x=d2i_X509_bio(in,NULL);
179 if (x == NULL)
180 {
181 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
182 goto err;
183 }
184 i=X509_STORE_add_cert(ctx->store_ctx,x);
185 if (!i) goto err;
186 ret=i;
187 }
188 else
189 {
190 X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
191 goto err;
192 }
193err:
194 if (x != NULL) X509_free(x);
195 if (in != NULL) BIO_free(in);
196 return(ret);
197 }
198
199int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
200 {
201 int ret=0;
202 BIO *in=NULL;
203 int i,count=0;
204 X509_CRL *x=NULL;
205
206 if (file == NULL) return(1);
207 in=BIO_new(BIO_s_file_internal());
208
209 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
210 {
211 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
212 goto err;
213 }
214
215 if (type == X509_FILETYPE_PEM)
216 {
217 for (;;)
218 {
219 x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
220 if (x == NULL)
221 {
222 if ((ERR_GET_REASON(ERR_peek_error()) ==
223 PEM_R_NO_START_LINE) && (count > 0))
224 {
225 ERR_clear_error();
226 break;
227 }
228 else
229 {
230 X509err(X509_F_X509_LOAD_CRL_FILE,
231 ERR_R_PEM_LIB);
232 goto err;
233 }
234 }
235 i=X509_STORE_add_crl(ctx->store_ctx,x);
236 if (!i) goto err;
237 count++;
238 X509_CRL_free(x);
239 x=NULL;
240 }
241 ret=count;
242 }
243 else if (type == X509_FILETYPE_ASN1)
244 {
245 x=d2i_X509_CRL_bio(in,NULL);
246 if (x == NULL)
247 {
248 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
249 goto err;
250 }
251 i=X509_STORE_add_crl(ctx->store_ctx,x);
252 if (!i) goto err;
253 ret=i;
254 }
255 else
256 {
257 X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
258 goto err;
259 }
260err:
261 if (x != NULL) X509_CRL_free(x);
262 if (in != NULL) BIO_free(in);
263 return(ret);
264 }
265
266#endif /* NO_STDIO */
267
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
deleted file mode 100644
index 35f9484f8b..0000000000
--- a/src/lib/libcrypto/x509/x509.h
+++ /dev/null
@@ -1,989 +0,0 @@
1/* crypto/x509/x509.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_H
60#define HEADER_X509_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66#ifdef VMS
67#undef X509_REVOKED_get_ext_by_critical
68#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic
69#endif
70
71#include <openssl/stack.h>
72#include <openssl/asn1.h>
73#include <openssl/safestack.h>
74
75#ifndef NO_RSA
76#include <openssl/rsa.h>
77#endif
78
79#ifndef NO_DSA
80#include <openssl/dsa.h>
81#endif
82
83#ifndef NO_DH
84#include <openssl/dh.h>
85#endif
86
87#include <openssl/evp.h>
88
89
90#ifdef WIN32
91/* Under Win32 this is defined in wincrypt.h */
92#undef X509_NAME
93#endif
94
95#define X509_FILETYPE_PEM 1
96#define X509_FILETYPE_ASN1 2
97#define X509_FILETYPE_DEFAULT 3
98
99#define X509v3_KU_DIGITAL_SIGNATURE 0x0080
100#define X509v3_KU_NON_REPUDIATION 0x0040
101#define X509v3_KU_KEY_ENCIPHERMENT 0x0020
102#define X509v3_KU_DATA_ENCIPHERMENT 0x0010
103#define X509v3_KU_KEY_AGREEMENT 0x0008
104#define X509v3_KU_KEY_CERT_SIGN 0x0004
105#define X509v3_KU_CRL_SIGN 0x0002
106#define X509v3_KU_ENCIPHER_ONLY 0x0001
107#define X509v3_KU_DECIPHER_ONLY 0x8000
108#define X509v3_KU_UNDEF 0xffff
109
110typedef struct X509_objects_st
111 {
112 int nid;
113 int (*a2i)();
114 int (*i2a)();
115 } X509_OBJECTS;
116
117typedef struct X509_algor_st
118 {
119 ASN1_OBJECT *algorithm;
120 ASN1_TYPE *parameter;
121 } X509_ALGOR;
122
123DECLARE_STACK_OF(X509_ALGOR)
124DECLARE_ASN1_SET_OF(X509_ALGOR)
125
126typedef struct X509_val_st
127 {
128 ASN1_UTCTIME *notBefore;
129 ASN1_UTCTIME *notAfter;
130 } X509_VAL;
131
132typedef struct X509_pubkey_st
133 {
134 X509_ALGOR *algor;
135 ASN1_BIT_STRING *public_key;
136 EVP_PKEY *pkey;
137 } X509_PUBKEY;
138
139typedef struct X509_sig_st
140 {
141 X509_ALGOR *algor;
142 ASN1_OCTET_STRING *digest;
143 } X509_SIG;
144
145typedef struct X509_name_entry_st
146 {
147 ASN1_OBJECT *object;
148 ASN1_STRING *value;
149 int set;
150 int size; /* temp variable */
151 } X509_NAME_ENTRY;
152
153DECLARE_STACK_OF(X509_NAME_ENTRY)
154DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
155
156/* we always keep X509_NAMEs in 2 forms. */
157typedef struct X509_name_st
158 {
159 STACK_OF(X509_NAME_ENTRY) *entries;
160 int modified; /* true if 'bytes' needs to be built */
161#ifdef HEADER_BUFFER_H
162 BUF_MEM *bytes;
163#else
164 char *bytes;
165#endif
166 unsigned long hash; /* Keep the hash around for lookups */
167 } X509_NAME;
168
169DECLARE_STACK_OF(X509_NAME)
170
171#define X509_EX_V_NETSCAPE_HACK 0x8000
172#define X509_EX_V_INIT 0x0001
173typedef struct X509_extension_st
174 {
175 ASN1_OBJECT *object;
176 short critical;
177 short netscape_hack;
178 ASN1_OCTET_STRING *value;
179 long argl; /* used when decoding */
180 char *argp; /* used when decoding */
181 void (*ex_free)(); /* clear argp stuff */
182 } X509_EXTENSION;
183
184DECLARE_STACK_OF(X509_EXTENSION)
185DECLARE_ASN1_SET_OF(X509_EXTENSION)
186
187/* a sequence of these are used */
188typedef struct x509_attributes_st
189 {
190 ASN1_OBJECT *object;
191 int set; /* 1 for a set, 0 for a single item (which is wrong) */
192 union {
193 char *ptr;
194/* 1 */ STACK_OF(ASN1_TYPE) *set;
195/* 0 */ ASN1_TYPE *single;
196 } value;
197 } X509_ATTRIBUTE;
198
199DECLARE_STACK_OF(X509_ATTRIBUTE)
200DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
201
202typedef struct X509_req_info_st
203 {
204 ASN1_INTEGER *version;
205 X509_NAME *subject;
206 X509_PUBKEY *pubkey;
207 /* d=2 hl=2 l= 0 cons: cont: 00 */
208 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
209 int req_kludge;
210 } X509_REQ_INFO;
211
212typedef struct X509_req_st
213 {
214 X509_REQ_INFO *req_info;
215 X509_ALGOR *sig_alg;
216 ASN1_BIT_STRING *signature;
217 int references;
218 } X509_REQ;
219
220typedef struct x509_cinf_st
221 {
222 ASN1_INTEGER *version; /* [ 0 ] default of v1 */
223 ASN1_INTEGER *serialNumber;
224 X509_ALGOR *signature;
225 X509_NAME *issuer;
226 X509_VAL *validity;
227 X509_NAME *subject;
228 X509_PUBKEY *key;
229 ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
230 ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
231 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
232 } X509_CINF;
233
234typedef struct x509_st
235 {
236 X509_CINF *cert_info;
237 X509_ALGOR *sig_alg;
238 ASN1_BIT_STRING *signature;
239 int valid;
240 int references;
241 char *name;
242 } X509;
243
244DECLARE_STACK_OF(X509)
245DECLARE_ASN1_SET_OF(X509)
246
247typedef struct X509_revoked_st
248 {
249 ASN1_INTEGER *serialNumber;
250 ASN1_UTCTIME *revocationDate;
251 STACK_OF(X509_EXTENSION) /* optional */ *extensions;
252 int sequence; /* load sequence */
253 } X509_REVOKED;
254
255DECLARE_STACK_OF(X509_REVOKED)
256DECLARE_ASN1_SET_OF(X509_REVOKED)
257
258typedef struct X509_crl_info_st
259 {
260 ASN1_INTEGER *version;
261 X509_ALGOR *sig_alg;
262 X509_NAME *issuer;
263 ASN1_UTCTIME *lastUpdate;
264 ASN1_UTCTIME *nextUpdate;
265 STACK_OF(X509_REVOKED) *revoked;
266 STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
267 } X509_CRL_INFO;
268
269typedef struct X509_crl_st
270 {
271 /* actual signature */
272 X509_CRL_INFO *crl;
273 X509_ALGOR *sig_alg;
274 ASN1_BIT_STRING *signature;
275 int references;
276 } X509_CRL;
277
278DECLARE_STACK_OF(X509_CRL)
279DECLARE_ASN1_SET_OF(X509_CRL)
280
281typedef struct private_key_st
282 {
283 int version;
284 /* The PKCS#8 data types */
285 X509_ALGOR *enc_algor;
286 ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
287
288 /* When decrypted, the following will not be NULL */
289 EVP_PKEY *dec_pkey;
290
291 /* used to encrypt and decrypt */
292 int key_length;
293 char *key_data;
294 int key_free; /* true if we should auto free key_data */
295
296 /* expanded version of 'enc_algor' */
297 EVP_CIPHER_INFO cipher;
298
299 int references;
300 } X509_PKEY;
301
302#ifdef HEADER_ENVELOPE_H
303typedef struct X509_info_st
304 {
305 X509 *x509;
306 X509_CRL *crl;
307 X509_PKEY *x_pkey;
308
309 EVP_CIPHER_INFO enc_cipher;
310 int enc_len;
311 char *enc_data;
312
313 int references;
314 } X509_INFO;
315
316DECLARE_STACK_OF(X509_INFO)
317#endif
318
319/* The next 2 structures and their 8 routines were sent to me by
320 * Pat Richard <patr@x509.com> and are used to manipulate
321 * Netscapes spki strucutres - usefull if you are writing a CA web page
322 */
323typedef struct Netscape_spkac_st
324 {
325 X509_PUBKEY *pubkey;
326 ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
327 } NETSCAPE_SPKAC;
328
329typedef struct Netscape_spki_st
330 {
331 NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
332 X509_ALGOR *sig_algor;
333 ASN1_BIT_STRING *signature;
334 } NETSCAPE_SPKI;
335
336/* Netscape certificate sequence structure */
337typedef struct Netscape_certificate_sequence
338 {
339 ASN1_OBJECT *type;
340 STACK_OF(X509) *certs;
341 } NETSCAPE_CERT_SEQUENCE;
342
343typedef struct CBCParameter_st
344 {
345 unsigned char iv[8];
346 } CBC_PARAM;
347
348/* Password based encryption structure */
349
350typedef struct PBEPARAM_st {
351ASN1_OCTET_STRING *salt;
352ASN1_INTEGER *iter;
353} PBEPARAM;
354
355/* Password based encryption V2 structures */
356
357typedef struct PBE2PARAM_st {
358X509_ALGOR *keyfunc;
359X509_ALGOR *encryption;
360} PBE2PARAM;
361
362typedef struct PBKDF2PARAM_st {
363ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */
364ASN1_INTEGER *iter;
365ASN1_INTEGER *keylength;
366X509_ALGOR *prf;
367} PBKDF2PARAM;
368
369
370/* PKCS#8 private key info structure */
371
372typedef struct pkcs8_priv_key_info_st
373 {
374 int broken; /* Flag for various broken formats */
375#define PKCS8_OK 0
376#define PKCS8_NO_OCTET 1
377 ASN1_INTEGER *version;
378 X509_ALGOR *pkeyalg;
379 ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
380 STACK_OF(X509_ATTRIBUTE) *attributes;
381 } PKCS8_PRIV_KEY_INFO;
382
383#include <openssl/x509_vfy.h>
384#include <openssl/pkcs7.h>
385
386#ifdef SSLEAY_MACROS
387#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
388 a->signature,(char *)a->cert_info,r)
389#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
390 a->sig_alg,a->signature,(char *)a->req_info,r)
391#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
392 a->sig_alg, a->signature,(char *)a->crl,r)
393
394#define X509_sign(x,pkey,md) \
395 ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
396 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
397#define X509_REQ_sign(x,pkey,md) \
398 ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
399 x->signature, (char *)x->req_info,pkey,md)
400#define X509_CRL_sign(x,pkey,md) \
401 ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
402 x->signature, (char *)x->crl,pkey,md)
403#define NETSCAPE_SPKI_sign(x,pkey,md) \
404 ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
405 x->signature, (char *)x->spkac,pkey,md)
406
407#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
408 (char *(*)())d2i_X509,(char *)x509)
409#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
410 (int (*)())i2d_X509_ATTRIBUTE, \
411 (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
412#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
413 (int (*)())i2d_X509_EXTENSION, \
414 (char *(*)())d2i_X509_EXTENSION,(char *)ex)
415#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
416 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
417#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
418#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
419 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
420#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
421
422#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
423 (char *(*)())d2i_X509_CRL,(char *)crl)
424#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
425 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
426 (unsigned char **)(crl))
427#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
428 (unsigned char *)crl)
429#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
430 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
431 (unsigned char **)(crl))
432#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
433 (unsigned char *)crl)
434
435#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
436 (char *(*)())d2i_PKCS7,(char *)p7)
437#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
438 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
439 (unsigned char **)(p7))
440#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
441 (unsigned char *)p7)
442#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
443 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
444 (unsigned char **)(p7))
445#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
446 (unsigned char *)p7)
447
448#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
449 (char *(*)())d2i_X509_REQ,(char *)req)
450#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
451 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
452 (unsigned char **)(req))
453#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
454 (unsigned char *)req)
455#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
456 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
457 (unsigned char **)(req))
458#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
459 (unsigned char *)req)
460
461#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
462 (char *(*)())d2i_RSAPublicKey,(char *)rsa)
463#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
464 (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
465
466#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
467 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
468 (unsigned char **)(rsa))
469#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
470 (unsigned char *)rsa)
471#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
472 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
473 (unsigned char **)(rsa))
474#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
475 (unsigned char *)rsa)
476
477#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
478 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
479 (unsigned char **)(rsa))
480#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
481 (unsigned char *)rsa)
482#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
483 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
484 (unsigned char **)(rsa))
485#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
486 (unsigned char *)rsa)
487
488#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
489 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
490 (unsigned char **)(dsa))
491#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
492 (unsigned char *)dsa)
493#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
494 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
495 (unsigned char **)(dsa))
496#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
497 (unsigned char *)dsa)
498
499#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
500 (char *(*)())d2i_X509_ALGOR,(char *)xn)
501
502#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
503 (char *(*)())d2i_X509_NAME,(char *)xn)
504#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
505 (int (*)())i2d_X509_NAME_ENTRY, \
506 (char *(*)())d2i_X509_NAME_ENTRY,\
507 (char *)ne)
508
509#define X509_digest(data,type,md,len) \
510 ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
511#define X509_NAME_digest(data,type,md,len) \
512 ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
513#ifndef PKCS7_ISSUER_AND_SERIAL_digest
514#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
515 ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
516 (char *)data,md,len)
517#endif
518#endif
519
520#define X509_EXT_PACK_UNKNOWN 1
521#define X509_EXT_PACK_STRING 2
522
523#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
524/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
525#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
526#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
527#define X509_extract_key(x) X509_get_pubkey(x) /*****/
528#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
529#define X509_REQ_get_subject_name(x) ((x)->req_info->subject)
530#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
531#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
532#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
533
534#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
535#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
536#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
537#define X509_CRL_get_issuer(x) ((x)->crl->issuer)
538#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
539
540/* This one is only used so that a binary form can output, as in
541 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
542#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
543
544
545const char *X509_verify_cert_error_string(long n);
546
547#ifndef SSLEAY_MACROS
548#ifdef HEADER_ENVELOPE_H
549int X509_verify(X509 *a, EVP_PKEY *r);
550
551int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
552int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
553int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
554
555int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
556int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
557int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
558int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
559
560int X509_digest(X509 *data,EVP_MD *type,unsigned char *md,unsigned int *len);
561int X509_NAME_digest(X509_NAME *data,EVP_MD *type,
562 unsigned char *md,unsigned int *len);
563#endif
564
565#ifndef NO_FP_API
566X509 *d2i_X509_fp(FILE *fp, X509 **x509);
567int i2d_X509_fp(FILE *fp,X509 *x509);
568X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
569int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
570X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
571int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
572#ifndef NO_RSA
573RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
574int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
575RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
576int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
577#endif
578#ifndef NO_DSA
579DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
580int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
581X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
582int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
583PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
584 PKCS8_PRIV_KEY_INFO **p8inf);
585int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
586#endif
587#endif
588
589#ifdef HEADER_BIO_H
590X509 *d2i_X509_bio(BIO *bp,X509 **x509);
591int i2d_X509_bio(BIO *bp,X509 *x509);
592X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
593int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
594X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
595int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
596#ifndef NO_RSA
597RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
598int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
599RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
600int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
601#endif
602#ifndef NO_DSA
603DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
604int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
605#endif
606X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
607int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
608PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
609 PKCS8_PRIV_KEY_INFO **p8inf);
610int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
611#endif
612
613X509 *X509_dup(X509 *x509);
614X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
615X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
616X509_CRL *X509_CRL_dup(X509_CRL *crl);
617X509_REQ *X509_REQ_dup(X509_REQ *req);
618X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
619X509_NAME *X509_NAME_dup(X509_NAME *xn);
620X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
621#ifndef NO_RSA
622RSA *RSAPublicKey_dup(RSA *rsa);
623RSA *RSAPrivateKey_dup(RSA *rsa);
624#endif
625
626#endif /* !SSLEAY_MACROS */
627
628int X509_cmp_current_time(ASN1_UTCTIME *s);
629ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
630
631const char * X509_get_default_cert_area(void );
632const char * X509_get_default_cert_dir(void );
633const char * X509_get_default_cert_file(void );
634const char * X509_get_default_cert_dir_env(void );
635const char * X509_get_default_cert_file_env(void );
636const char * X509_get_default_private_dir(void );
637
638X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md);
639X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
640void ERR_load_X509_strings(void );
641
642X509_ALGOR * X509_ALGOR_new(void );
643void X509_ALGOR_free(X509_ALGOR *a);
644int i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp);
645X509_ALGOR * d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp,
646 long length);
647
648X509_VAL * X509_VAL_new(void );
649void X509_VAL_free(X509_VAL *a);
650int i2d_X509_VAL(X509_VAL *a,unsigned char **pp);
651X509_VAL * d2i_X509_VAL(X509_VAL **a,unsigned char **pp,
652 long length);
653
654X509_PUBKEY * X509_PUBKEY_new(void );
655void X509_PUBKEY_free(X509_PUBKEY *a);
656int i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp);
657X509_PUBKEY * d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp,
658 long length);
659int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
660EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
661int X509_get_pubkey_parameters(EVP_PKEY *pkey,
662 STACK_OF(X509) *chain);
663
664
665X509_SIG * X509_SIG_new(void );
666void X509_SIG_free(X509_SIG *a);
667int i2d_X509_SIG(X509_SIG *a,unsigned char **pp);
668X509_SIG * d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length);
669
670X509_REQ_INFO *X509_REQ_INFO_new(void);
671void X509_REQ_INFO_free(X509_REQ_INFO *a);
672int i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp);
673X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp,
674 long length);
675
676X509_REQ * X509_REQ_new(void);
677void X509_REQ_free(X509_REQ *a);
678int i2d_X509_REQ(X509_REQ *a,unsigned char **pp);
679X509_REQ * d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length);
680
681X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
682void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
683int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
684X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
685 long length);
686X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
687
688
689X509_EXTENSION *X509_EXTENSION_new(void );
690void X509_EXTENSION_free(X509_EXTENSION *a);
691int i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp);
692X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp,
693 long length);
694
695X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
696void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a);
697int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp);
698X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp,
699 long length);
700
701X509_NAME * X509_NAME_new(void);
702void X509_NAME_free(X509_NAME *a);
703int i2d_X509_NAME(X509_NAME *a,unsigned char **pp);
704X509_NAME * d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length);
705int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
706
707
708X509_CINF * X509_CINF_new(void);
709void X509_CINF_free(X509_CINF *a);
710int i2d_X509_CINF(X509_CINF *a,unsigned char **pp);
711X509_CINF * d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length);
712
713X509 * X509_new(void);
714void X509_free(X509 *a);
715int i2d_X509(X509 *a,unsigned char **pp);
716X509 * d2i_X509(X509 **a,unsigned char **pp,long length);
717
718X509_REVOKED * X509_REVOKED_new(void);
719void X509_REVOKED_free(X509_REVOKED *a);
720int i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp);
721X509_REVOKED * d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length);
722
723X509_CRL_INFO *X509_CRL_INFO_new(void);
724void X509_CRL_INFO_free(X509_CRL_INFO *a);
725int i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp);
726X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp,
727 long length);
728
729X509_CRL * X509_CRL_new(void);
730void X509_CRL_free(X509_CRL *a);
731int i2d_X509_CRL(X509_CRL *a,unsigned char **pp);
732X509_CRL * d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length);
733
734X509_PKEY * X509_PKEY_new(void );
735void X509_PKEY_free(X509_PKEY *a);
736int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
737X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
738
739NETSCAPE_SPKI * NETSCAPE_SPKI_new(void );
740void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a);
741int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp);
742NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp,
743 long length);
744
745NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void );
746void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a);
747int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp);
748NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp,
749 long length);
750
751
752int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp);
753NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void);
754NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, unsigned char **pp, long length);
755void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a);
756
757#ifdef HEADER_ENVELOPE_H
758X509_INFO * X509_INFO_new(void);
759void X509_INFO_free(X509_INFO *a);
760char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
761
762int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
763 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
764
765int ASN1_digest(int (*i2d)(),EVP_MD *type,char *data,
766 unsigned char *md,unsigned int *len);
767
768int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
769 ASN1_BIT_STRING *signature,
770 char *data,EVP_PKEY *pkey, const EVP_MD *type);
771#endif
772
773int X509_set_version(X509 *x,long version);
774int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
775ASN1_INTEGER * X509_get_serialNumber(X509 *x);
776int X509_set_issuer_name(X509 *x, X509_NAME *name);
777X509_NAME * X509_get_issuer_name(X509 *a);
778int X509_set_subject_name(X509 *x, X509_NAME *name);
779X509_NAME * X509_get_subject_name(X509 *a);
780int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
781int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
782int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
783EVP_PKEY * X509_get_pubkey(X509 *x);
784int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
785
786int X509_REQ_set_version(X509_REQ *x,long version);
787int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
788int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
789EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
790
791int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
792
793int X509_issuer_and_serial_cmp(X509 *a, X509 *b);
794unsigned long X509_issuer_and_serial_hash(X509 *a);
795
796int X509_issuer_name_cmp(X509 *a, X509 *b);
797unsigned long X509_issuer_name_hash(X509 *a);
798
799int X509_subject_name_cmp(X509 *a,X509 *b);
800unsigned long X509_subject_name_hash(X509 *x);
801
802int X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
803unsigned long X509_NAME_hash(X509_NAME *x);
804
805int X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
806#ifndef NO_FP_API
807int X509_print_fp(FILE *bp,X509 *x);
808int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
809int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
810#endif
811
812#ifdef HEADER_BIO_H
813int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
814int X509_print(BIO *bp,X509 *x);
815int X509_CRL_print(BIO *bp,X509_CRL *x);
816int X509_REQ_print(BIO *bp,X509_REQ *req);
817#endif
818
819int X509_NAME_entry_count(X509_NAME *name);
820int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
821 char *buf,int len);
822int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
823 char *buf,int len);
824
825/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
826 * lastpos, seach after that position on. */
827int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
828int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
829 int lastpos);
830X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
831X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
832int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
833 int loc, int set);
834X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
835 int type,unsigned char *bytes, int len);
836X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
837 ASN1_OBJECT *obj, int type,unsigned char *bytes,
838 int len);
839int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
840 ASN1_OBJECT *obj);
841int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
842 unsigned char *bytes, int len);
843ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
844ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
845
846int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
847int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
848 int nid, int lastpos);
849int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
850 ASN1_OBJECT *obj,int lastpos);
851int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
852 int crit, int lastpos);
853X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
854X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
855STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
856 X509_EXTENSION *ex, int loc);
857
858int X509_get_ext_count(X509 *x);
859int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
860int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
861int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
862X509_EXTENSION *X509_get_ext(X509 *x, int loc);
863X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
864int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
865
866int X509_CRL_get_ext_count(X509_CRL *x);
867int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
868int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
869int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
870X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
871X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
872int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
873
874int X509_REVOKED_get_ext_count(X509_REVOKED *x);
875int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
876int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
877int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
878X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
879X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
880int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
881
882X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
883 int nid, int crit, ASN1_OCTET_STRING *data);
884X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
885 ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
886int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
887int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
888int X509_EXTENSION_set_data(X509_EXTENSION *ex,
889 ASN1_OCTET_STRING *data);
890ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
891ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
892int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
893
894int X509_verify_cert(X509_STORE_CTX *ctx);
895
896/* lookup a cert from a X509 STACK */
897X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
898 ASN1_INTEGER *serial);
899X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
900
901int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp);
902PBEPARAM *PBEPARAM_new(void);
903PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length);
904void PBEPARAM_free(PBEPARAM *a);
905X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
906X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
907 unsigned char *salt, int saltlen);
908
909int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp);
910PBKDF2PARAM *PBKDF2PARAM_new(void);
911PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp, long length);
912void PBKDF2PARAM_free(PBKDF2PARAM *a);
913
914int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp);
915PBE2PARAM *PBE2PARAM_new(void);
916PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length);
917void PBE2PARAM_free(PBE2PARAM *a);
918
919/* PKCS#8 utilities */
920
921int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp);
922PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
923PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
924 unsigned char **pp, long length);
925void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a);
926
927EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
928PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
929PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
930
931/* BEGIN ERROR CODES */
932/* The following lines are auto generated by the script mkerr.pl. Any changes
933 * made after this point may be overwritten when the script is next run.
934 */
935
936/* Error codes for the X509 functions. */
937
938/* Function codes. */
939#define X509_F_ADD_CERT_DIR 100
940#define X509_F_BY_FILE_CTRL 101
941#define X509_F_DIR_CTRL 102
942#define X509_F_GET_CERT_BY_SUBJECT 103
943#define X509_F_X509V3_ADD_EXT 104
944#define X509_F_X509_CHECK_PRIVATE_KEY 128
945#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
946#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
947#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
948#define X509_F_X509_LOAD_CERT_FILE 111
949#define X509_F_X509_LOAD_CRL_FILE 112
950#define X509_F_X509_NAME_ADD_ENTRY 113
951#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
952#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
953#define X509_F_X509_NAME_ONELINE 116
954#define X509_F_X509_NAME_PRINT 117
955#define X509_F_X509_PRINT_FP 118
956#define X509_F_X509_PUBKEY_GET 119
957#define X509_F_X509_PUBKEY_SET 120
958#define X509_F_X509_REQ_PRINT 121
959#define X509_F_X509_REQ_PRINT_FP 122
960#define X509_F_X509_REQ_TO_X509 123
961#define X509_F_X509_STORE_ADD_CERT 124
962#define X509_F_X509_STORE_ADD_CRL 125
963#define X509_F_X509_TO_X509_REQ 126
964#define X509_F_X509_VERIFY_CERT 127
965
966/* Reason codes. */
967#define X509_R_BAD_X509_FILETYPE 100
968#define X509_R_CANT_CHECK_DH_KEY 114
969#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
970#define X509_R_ERR_ASN1_LIB 102
971#define X509_R_INVALID_DIRECTORY 113
972#define X509_R_KEY_TYPE_MISMATCH 115
973#define X509_R_KEY_VALUES_MISMATCH 116
974#define X509_R_LOADING_CERT_DIR 103
975#define X509_R_LOADING_DEFAULTS 104
976#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
977#define X509_R_SHOULD_RETRY 106
978#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
979#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
980#define X509_R_UNKNOWN_KEY_TYPE 117
981#define X509_R_UNKNOWN_NID 109
982#define X509_R_UNSUPPORTED_ALGORITHM 111
983#define X509_R_WRONG_LOOKUP_TYPE 112
984
985#ifdef __cplusplus
986}
987#endif
988#endif
989
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
deleted file mode 100644
index 9a93bae3ff..0000000000
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ /dev/null
@@ -1,293 +0,0 @@
1/* crypto/x509/x509_cmp.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h"
63#include <openssl/asn1.h>
64#include <openssl/objects.h>
65#include <openssl/x509.h>
66
67int X509_issuer_and_serial_cmp(X509 *a, X509 *b)
68 {
69 int i;
70 X509_CINF *ai,*bi;
71
72 ai=a->cert_info;
73 bi=b->cert_info;
74 i=ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
75 if (i) return(i);
76 return(X509_NAME_cmp(ai->issuer,bi->issuer));
77 }
78
79#ifndef NO_MD5
80unsigned long X509_issuer_and_serial_hash(X509 *a)
81 {
82 unsigned long ret=0;
83 MD5_CTX ctx;
84 unsigned char md[16];
85 char str[256];
86
87 X509_NAME_oneline(a->cert_info->issuer,str,256);
88 ret=strlen(str);
89 MD5_Init(&ctx);
90 MD5_Update(&ctx,(unsigned char *)str,ret);
91 MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
92 (unsigned long)a->cert_info->serialNumber->length);
93 MD5_Final(&(md[0]),&ctx);
94 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
95 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
96 )&0xffffffffL;
97 return(ret);
98 }
99#endif
100
101int X509_issuer_name_cmp(X509 *a, X509 *b)
102 {
103 return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
104 }
105
106int X509_subject_name_cmp(X509 *a, X509 *b)
107 {
108 return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
109 }
110
111int X509_CRL_cmp(X509_CRL *a, X509_CRL *b)
112 {
113 return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
114 }
115
116X509_NAME *X509_get_issuer_name(X509 *a)
117 {
118 return(a->cert_info->issuer);
119 }
120
121unsigned long X509_issuer_name_hash(X509 *x)
122 {
123 return(X509_NAME_hash(x->cert_info->issuer));
124 }
125
126X509_NAME *X509_get_subject_name(X509 *a)
127 {
128 return(a->cert_info->subject);
129 }
130
131ASN1_INTEGER *X509_get_serialNumber(X509 *a)
132 {
133 return(a->cert_info->serialNumber);
134 }
135
136unsigned long X509_subject_name_hash(X509 *x)
137 {
138 return(X509_NAME_hash(x->cert_info->subject));
139 }
140
141int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
142 {
143 int i,j;
144 X509_NAME_ENTRY *na,*nb;
145
146 if (sk_X509_NAME_ENTRY_num(a->entries)
147 != sk_X509_NAME_ENTRY_num(b->entries))
148 return sk_X509_NAME_ENTRY_num(a->entries)
149 -sk_X509_NAME_ENTRY_num(b->entries);
150 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
151 {
152 na=sk_X509_NAME_ENTRY_value(a->entries,i);
153 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
154 j=na->value->length-nb->value->length;
155 if (j) return(j);
156 j=memcmp(na->value->data,nb->value->data,
157 na->value->length);
158 if (j) return(j);
159 j=na->set-nb->set;
160 if (j) return(j);
161 }
162
163 /* We will check the object types after checking the values
164 * since the values will more often be different than the object
165 * types. */
166 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
167 {
168 na=sk_X509_NAME_ENTRY_value(a->entries,i);
169 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
170 j=OBJ_cmp(na->object,nb->object);
171 if (j) return(j);
172 }
173 return(0);
174 }
175
176#ifndef NO_MD5
177/* I now DER encode the name and hash it. Since I cache the DER encoding,
178 * this is reasonably effiecent. */
179unsigned long X509_NAME_hash(X509_NAME *x)
180 {
181 unsigned long ret=0;
182 unsigned char md[16];
183 unsigned char str[256],*p,*pp;
184 int i;
185
186 i=i2d_X509_NAME(x,NULL);
187 if (i > sizeof(str))
188 p=Malloc(i);
189 else
190 p=str;
191
192 pp=p;
193 i2d_X509_NAME(x,&pp);
194 MD5((unsigned char *)p,i,&(md[0]));
195 if (p != str) Free(p);
196
197 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
198 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
199 )&0xffffffffL;
200 return(ret);
201 }
202#endif
203
204/* Search a stack of X509 for a match */
205X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
206 ASN1_INTEGER *serial)
207 {
208 int i;
209 X509_CINF cinf;
210 X509 x,*x509=NULL;
211
212 x.cert_info= &cinf;
213 cinf.serialNumber=serial;
214 cinf.issuer=name;
215
216 for (i=0; i<sk_X509_num(sk); i++)
217 {
218 x509=sk_X509_value(sk,i);
219 if (X509_issuer_and_serial_cmp(x509,&x) == 0)
220 return(x509);
221 }
222 return(NULL);
223 }
224
225X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
226 {
227 X509 *x509;
228 int i;
229
230 for (i=0; i<sk_X509_num(sk); i++)
231 {
232 x509=sk_X509_value(sk,i);
233 if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
234 return(x509);
235 }
236 return(NULL);
237 }
238
239EVP_PKEY *X509_get_pubkey(X509 *x)
240 {
241 if ((x == NULL) || (x->cert_info == NULL))
242 return(NULL);
243 return(X509_PUBKEY_get(x->cert_info->key));
244 }
245
246int X509_check_private_key(X509 *x, EVP_PKEY *k)
247 {
248 EVP_PKEY *xk=NULL;
249 int ok=0;
250
251 xk=X509_get_pubkey(x);
252 if (xk->type != k->type)
253 {
254 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
255 goto err;
256 }
257 switch (k->type)
258 {
259#ifndef NO_RSA
260 case EVP_PKEY_RSA:
261 if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
262 || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
263 {
264 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
265 goto err;
266 }
267 break;
268#endif
269#ifndef NO_DSA
270 case EVP_PKEY_DSA:
271 if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
272 {
273 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
274 goto err;
275 }
276 break;
277#endif
278#ifndef NO_DH
279 case EVP_PKEY_DH:
280 /* No idea */
281 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
282 goto err;
283#endif
284 default:
285 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
286 goto err;
287 }
288
289 ok=1;
290err:
291 EVP_PKEY_free(xk);
292 return(ok);
293 }
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
deleted file mode 100644
index 3e7ec5b432..0000000000
--- a/src/lib/libcrypto/x509/x509_d2.c
+++ /dev/null
@@ -1,107 +0,0 @@
1/* crypto/x509/x509_d2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h"
63#include <openssl/crypto.h>
64#include <openssl/x509.h>
65
66#ifndef NO_STDIO
67int X509_STORE_set_default_paths(X509_STORE *ctx)
68 {
69 X509_LOOKUP *lookup;
70
71 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
72 if (lookup == NULL) return(0);
73 X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
74
75 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
76 if (lookup == NULL) return(0);
77 X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
78
79 /* clear any errors */
80 ERR_clear_error();
81
82 return(1);
83 }
84
85int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
86 const char *path)
87 {
88 X509_LOOKUP *lookup;
89
90 if (file != NULL)
91 {
92 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
93 if (lookup == NULL) return(0);
94 X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM);
95 }
96 if (path != NULL)
97 {
98 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
99 if (lookup == NULL) return(0);
100 X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM);
101 }
102 if ((path == NULL) && (file == NULL))
103 return(0);
104 return(1);
105 }
106
107#endif
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
deleted file mode 100644
index c4bee71569..0000000000
--- a/src/lib/libcrypto/x509/x509_def.c
+++ /dev/null
@@ -1,83 +0,0 @@
1/* crypto/x509/x509_def.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h"
63#include <openssl/crypto.h>
64#include <openssl/x509.h>
65
66const char *X509_get_default_private_dir(void)
67 { return(X509_PRIVATE_DIR); }
68
69const char *X509_get_default_cert_area(void)
70 { return(X509_CERT_AREA); }
71
72const char *X509_get_default_cert_dir(void)
73 { return(X509_CERT_DIR); }
74
75const char *X509_get_default_cert_file(void)
76 { return(X509_CERT_FILE); }
77
78const char *X509_get_default_cert_dir_env(void)
79 { return(X509_CERT_DIR_EVP); }
80
81const char *X509_get_default_cert_file_env(void)
82 { return(X509_CERT_FILE_EVP); }
83
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
deleted file mode 100644
index 9afd4ccde5..0000000000
--- a/src/lib/libcrypto/x509/x509_err.c
+++ /dev/null
@@ -1,134 +0,0 @@
1/* crypto/x509/x509_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file.
58 */
59
60#include <stdio.h>
61#include <openssl/err.h>
62#include <openssl/x509.h>
63
64/* BEGIN ERROR CODES */
65#ifndef NO_ERR
66static ERR_STRING_DATA X509_str_functs[]=
67 {
68{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"},
69{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"},
70{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"},
71{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"},
72{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"},
73{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"},
74{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
75{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
76{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
77{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"},
78{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"},
79{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"},
80{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"},
81{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"},
82{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"},
83{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"},
84{ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"},
85{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"},
86{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"},
87{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"},
88{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"},
89{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
90{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"},
91{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"},
92{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
93{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
94{0,NULL}
95 };
96
97static ERR_STRING_DATA X509_str_reasons[]=
98 {
99{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
100{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"},
101{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
102{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
103{X509_R_INVALID_DIRECTORY ,"invalid directory"},
104{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"},
105{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"},
106{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
107{X509_R_LOADING_DEFAULTS ,"loading defaults"},
108{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"},
109{X509_R_SHOULD_RETRY ,"should retry"},
110{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
111{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
112{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"},
113{X509_R_UNKNOWN_NID ,"unknown nid"},
114{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},
115{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"},
116{0,NULL}
117 };
118
119#endif
120
121void ERR_load_X509_strings(void)
122 {
123 static int init=1;
124
125 if (init)
126 {
127 init=0;
128#ifndef NO_ERR
129 ERR_load_strings(ERR_LIB_X509,X509_str_functs);
130 ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
131#endif
132
133 }
134 }
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
deleted file mode 100644
index f8565a60b2..0000000000
--- a/src/lib/libcrypto/x509/x509_ext.c
+++ /dev/null
@@ -1,174 +0,0 @@
1/* crypto/x509/x509_ext.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67int X509_CRL_get_ext_count(X509_CRL *x)
68 {
69 return(X509v3_get_ext_count(x->crl->extensions));
70 }
71
72int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
73 {
74 return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
75 }
76
77int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
78 {
79 return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
80 }
81
82int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
83 {
84 return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
85 }
86
87X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
88 {
89 return(X509v3_get_ext(x->crl->extensions,loc));
90 }
91
92X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
93 {
94 return(X509v3_delete_ext(x->crl->extensions,loc));
95 }
96
97int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
98 {
99 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
100 }
101
102int X509_get_ext_count(X509 *x)
103 {
104 return(X509v3_get_ext_count(x->cert_info->extensions));
105 }
106
107int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
108 {
109 return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
110 }
111
112int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
113 {
114 return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
115 }
116
117int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
118 {
119 return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
120 }
121
122X509_EXTENSION *X509_get_ext(X509 *x, int loc)
123 {
124 return(X509v3_get_ext(x->cert_info->extensions,loc));
125 }
126
127X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
128 {
129 return(X509v3_delete_ext(x->cert_info->extensions,loc));
130 }
131
132int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
133 {
134 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
135 }
136
137int X509_REVOKED_get_ext_count(X509_REVOKED *x)
138 {
139 return(X509v3_get_ext_count(x->extensions));
140 }
141
142int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
143 {
144 return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
145 }
146
147int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
148 int lastpos)
149 {
150 return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
151 }
152
153int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
154 {
155 return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
156 }
157
158X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
159 {
160 return(X509v3_get_ext(x->extensions,loc));
161 }
162
163X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
164 {
165 return(X509v3_delete_ext(x->extensions,loc));
166 }
167
168int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
169 {
170 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
171 }
172
173IMPLEMENT_STACK_OF(X509_EXTENSION)
174IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
deleted file mode 100644
index 18bfecb11e..0000000000
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ /dev/null
@@ -1,411 +0,0 @@
1/* crypto/x509/x509_lu.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/lhash.h>
62#include <openssl/x509.h>
63
64static STACK *x509_store_meth=NULL;
65static STACK *x509_store_ctx_meth=NULL;
66
67X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
68 {
69 X509_LOOKUP *ret;
70
71 ret=(X509_LOOKUP *)Malloc(sizeof(X509_LOOKUP));
72 if (ret == NULL) return(NULL);
73
74 ret->init=0;
75 ret->skip=0;
76 ret->method=method;
77 ret->method_data=NULL;
78 ret->store_ctx=NULL;
79 if ((method->new_item != NULL) && !method->new_item(ret))
80 {
81 Free(ret);
82 return(NULL);
83 }
84 return(ret);
85 }
86
87void X509_LOOKUP_free(X509_LOOKUP *ctx)
88 {
89 if (ctx == NULL) return;
90 if ( (ctx->method != NULL) &&
91 (ctx->method->free != NULL))
92 ctx->method->free(ctx);
93 Free(ctx);
94 }
95
96int X509_LOOKUP_init(X509_LOOKUP *ctx)
97 {
98 if (ctx->method == NULL) return(0);
99 if (ctx->method->init != NULL)
100 return(ctx->method->init(ctx));
101 else
102 return(1);
103 }
104
105int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
106 {
107 if (ctx->method == NULL) return(0);
108 if (ctx->method->shutdown != NULL)
109 return(ctx->method->shutdown(ctx));
110 else
111 return(1);
112 }
113
114int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
115 char **ret)
116 {
117 if (ctx->method == NULL) return(-1);
118 if (ctx->method->ctrl != NULL)
119 return(ctx->method->ctrl(ctx,cmd,argc,argl,ret));
120 else
121 return(1);
122 }
123
124int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
125 X509_OBJECT *ret)
126 {
127 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
128 return(X509_LU_FAIL);
129 if (ctx->skip) return(0);
130 return(ctx->method->get_by_subject(ctx,type,name,ret));
131 }
132
133int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
134 ASN1_INTEGER *serial, X509_OBJECT *ret)
135 {
136 if ((ctx->method == NULL) ||
137 (ctx->method->get_by_issuer_serial == NULL))
138 return(X509_LU_FAIL);
139 return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret));
140 }
141
142int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
143 unsigned char *bytes, int len, X509_OBJECT *ret)
144 {
145 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
146 return(X509_LU_FAIL);
147 return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret));
148 }
149
150int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
151 X509_OBJECT *ret)
152 {
153 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
154 return(X509_LU_FAIL);
155 return(ctx->method->get_by_alias(ctx,type,str,len,ret));
156 }
157
158static unsigned long x509_object_hash(X509_OBJECT *a)
159 {
160 unsigned long h;
161
162 switch (a->type)
163 {
164 case X509_LU_X509:
165 h=X509_NAME_hash(a->data.x509->cert_info->subject);
166 break;
167 case X509_LU_CRL:
168 h=X509_NAME_hash(a->data.crl->crl->issuer);
169 break;
170 default:
171 abort();
172 }
173 return(h);
174 }
175
176static int x509_object_cmp(X509_OBJECT *a, X509_OBJECT *b)
177 {
178 int ret;
179
180 ret=(a->type - b->type);
181 if (ret) return(ret);
182 switch (a->type)
183 {
184 case X509_LU_X509:
185 ret=X509_subject_name_cmp(a->data.x509,b->data.x509);
186 break;
187 case X509_LU_CRL:
188 ret=X509_CRL_cmp(a->data.crl,b->data.crl);
189 break;
190 default:
191 abort();
192 }
193 return(ret);
194 }
195
196X509_STORE *X509_STORE_new(void)
197 {
198 X509_STORE *ret;
199
200 if ((ret=(X509_STORE *)Malloc(sizeof(X509_STORE))) == NULL)
201 return(NULL);
202 ret->certs=lh_new(x509_object_hash,x509_object_cmp);
203 ret->cache=1;
204 ret->get_cert_methods=sk_X509_LOOKUP_new_null();
205 ret->verify=NULL;
206 ret->verify_cb=NULL;
207 memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
208 ret->references=1;
209 ret->depth=0;
210 return(ret);
211 }
212
213static void cleanup(X509_OBJECT *a)
214 {
215 if (a->type == X509_LU_X509)
216 {
217 X509_free(a->data.x509);
218 }
219 else if (a->type == X509_LU_CRL)
220 {
221 X509_CRL_free(a->data.crl);
222 }
223 else
224 abort();
225
226 Free(a);
227 }
228
229void X509_STORE_free(X509_STORE *vfy)
230 {
231 int i;
232 STACK_OF(X509_LOOKUP) *sk;
233 X509_LOOKUP *lu;
234
235 if(vfy == NULL)
236 return;
237
238 sk=vfy->get_cert_methods;
239 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
240 {
241 lu=sk_X509_LOOKUP_value(sk,i);
242 X509_LOOKUP_shutdown(lu);
243 X509_LOOKUP_free(lu);
244 }
245 sk_X509_LOOKUP_free(sk);
246
247 CRYPTO_free_ex_data(x509_store_meth,(char *)vfy,&vfy->ex_data);
248 lh_doall(vfy->certs,cleanup);
249 lh_free(vfy->certs);
250 Free(vfy);
251 }
252
253X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
254 {
255 int i;
256 STACK_OF(X509_LOOKUP) *sk;
257 X509_LOOKUP *lu;
258
259 sk=v->get_cert_methods;
260 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
261 {
262 lu=sk_X509_LOOKUP_value(sk,i);
263 if (m == lu->method)
264 {
265 return(lu);
266 }
267 }
268 /* a new one */
269 lu=X509_LOOKUP_new(m);
270 if (lu == NULL)
271 return(NULL);
272 else
273 {
274 lu->store_ctx=v;
275 if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
276 return(lu);
277 else
278 {
279 X509_LOOKUP_free(lu);
280 return(NULL);
281 }
282 }
283 }
284
285int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
286 X509_OBJECT *ret)
287 {
288 X509_STORE *ctx=vs->ctx;
289 X509_LOOKUP *lu;
290 X509_OBJECT stmp,*tmp;
291 int i,j;
292
293 tmp=X509_OBJECT_retrieve_by_subject(ctx->certs,type,name);
294
295 if (tmp == NULL)
296 {
297 for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
298 {
299 lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
300 j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
301 if (j < 0)
302 {
303 vs->current_method=j;
304 return(j);
305 }
306 else if (j)
307 {
308 tmp= &stmp;
309 break;
310 }
311 }
312 vs->current_method=0;
313 if (tmp == NULL)
314 return(0);
315 }
316
317/* if (ret->data.ptr != NULL)
318 X509_OBJECT_free_contents(ret); */
319
320 ret->type=tmp->type;
321 ret->data.ptr=tmp->data.ptr;
322
323 X509_OBJECT_up_ref_count(ret);
324
325 return(1);
326 }
327
328void X509_OBJECT_up_ref_count(X509_OBJECT *a)
329 {
330 switch (a->type)
331 {
332 case X509_LU_X509:
333 CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
334 break;
335 case X509_LU_CRL:
336 CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
337 break;
338 }
339 }
340
341void X509_OBJECT_free_contents(X509_OBJECT *a)
342 {
343 switch (a->type)
344 {
345 case X509_LU_X509:
346 X509_free(a->data.x509);
347 break;
348 case X509_LU_CRL:
349 X509_CRL_free(a->data.crl);
350 break;
351 }
352 }
353
354X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h, int type,
355 X509_NAME *name)
356 {
357 X509_OBJECT stmp,*tmp;
358 X509 x509_s;
359 X509_CINF cinf_s;
360 X509_CRL crl_s;
361 X509_CRL_INFO crl_info_s;
362
363 stmp.type=type;
364 switch (type)
365 {
366 case X509_LU_X509:
367 stmp.data.x509= &x509_s;
368 x509_s.cert_info= &cinf_s;
369 cinf_s.subject=name;
370 break;
371 case X509_LU_CRL:
372 stmp.data.crl= &crl_s;
373 crl_s.crl= &crl_info_s;
374 crl_info_s.issuer=name;
375 break;
376 default:
377 abort();
378 }
379
380 tmp=(X509_OBJECT *)lh_retrieve(h,(char *)&stmp);
381 return(tmp);
382 }
383
384void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
385 STACK_OF(X509) *chain)
386 {
387 ctx->ctx=store;
388 ctx->current_method=0;
389 ctx->cert=x509;
390 ctx->untrusted=chain;
391 ctx->last_untrusted=0;
392 ctx->valid=0;
393 ctx->chain=NULL;
394 ctx->depth=9;
395 ctx->error=0;
396 ctx->current_cert=NULL;
397 memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
398 }
399
400void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
401 {
402 if (ctx->chain != NULL)
403 {
404 sk_X509_pop_free(ctx->chain,X509_free);
405 ctx->chain=NULL;
406 }
407 CRYPTO_free_ex_data(x509_store_ctx_meth,(char *)ctx,&(ctx->ex_data));
408 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
409 }
410
411IMPLEMENT_STACK_OF(X509_LOOKUP)
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
deleted file mode 100644
index 691b71f031..0000000000
--- a/src/lib/libcrypto/x509/x509_obj.c
+++ /dev/null
@@ -1,223 +0,0 @@
1/* crypto/x509/x509_obj.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/lhash.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64#include <openssl/buffer.h>
65
66char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
67 {
68 X509_NAME_ENTRY *ne;
69int i;
70 int n,lold,l,l1,l2,num,j,type;
71 const char *s;
72 char *p;
73 unsigned char *q;
74 BUF_MEM *b=NULL;
75 static char hex[17]="0123456789ABCDEF";
76 int gs_doit[4];
77 char tmp_buf[80];
78#ifdef CHARSET_EBCDIC
79 char ebcdic_buf[1024];
80#endif
81
82 if (buf == NULL)
83 {
84 if ((b=BUF_MEM_new()) == NULL) goto err;
85 if (!BUF_MEM_grow(b,200)) goto err;
86 b->data[0]='\0';
87 len=200;
88 }
89 if (a == NULL)
90 {
91 if(b)
92 {
93 buf=b->data;
94 Free(b);
95 }
96 strncpy(buf,"NO X509_NAME",len);
97 return buf;
98 }
99
100 len--; /* space for '\0' */
101 l=0;
102 for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
103 {
104 ne=sk_X509_NAME_ENTRY_value(a->entries,i);
105 n=OBJ_obj2nid(ne->object);
106 if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
107 {
108 i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
109 s=tmp_buf;
110 }
111 l1=strlen(s);
112
113 type=ne->value->type;
114 num=ne->value->length;
115 q=ne->value->data;
116#ifdef CHARSET_EBCDIC
117 if (type == V_ASN1_GENERALSTRING ||
118 type == V_ASN1_VISIBLESTRING ||
119 type == V_ASN1_PRINTABLESTRING ||
120 type == V_ASN1_TELETEXSTRING ||
121 type == V_ASN1_VISIBLESTRING ||
122 type == V_ASN1_IA5STRING) {
123 ascii2ebcdic(ebcdic_buf, q,
124 (num > sizeof ebcdic_buf)
125 ? sizeof ebcdic_buf : num);
126 q=ebcdic_buf;
127 }
128#endif
129
130 if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
131 {
132 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
133 for (j=0; j<num; j++)
134 if (q[j] != 0) gs_doit[j&3]=1;
135
136 if (gs_doit[0]|gs_doit[1]|gs_doit[2])
137 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
138 else
139 {
140 gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
141 gs_doit[3]=1;
142 }
143 }
144 else
145 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
146
147 for (l2=j=0; j<num; j++)
148 {
149 if (!gs_doit[j&3]) continue;
150 l2++;
151#ifndef CHARSET_EBCDIC
152 if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
153#else
154 if ((os_toascii[q[j]] < os_toascii[' ']) ||
155 (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
156#endif
157 }
158
159 lold=l;
160 l+=1+l1+1+l2;
161 if (b != NULL)
162 {
163 if (!BUF_MEM_grow(b,l+1)) goto err;
164 p= &(b->data[lold]);
165 }
166 else if (l > len)
167 {
168 break;
169 }
170 else
171 p= &(buf[lold]);
172 *(p++)='/';
173 memcpy(p,s,(unsigned int)l1); p+=l1;
174 *(p++)='=';
175
176#ifndef CHARSET_EBCDIC /* q was assigned above already. */
177 q=ne->value->data;
178#endif
179
180 for (j=0; j<num; j++)
181 {
182 if (!gs_doit[j&3]) continue;
183#ifndef CHARSET_EBCDIC
184 n=q[j];
185 if ((n < ' ') || (n > '~'))
186 {
187 *(p++)='\\';
188 *(p++)='x';
189 *(p++)=hex[(n>>4)&0x0f];
190 *(p++)=hex[n&0x0f];
191 }
192 else
193 *(p++)=n;
194#else
195 n=os_toascii[q[j]];
196 if ((n < os_toascii[' ']) ||
197 (n > os_toascii['~']))
198 {
199 *(p++)='\\';
200 *(p++)='x';
201 *(p++)=hex[(n>>4)&0x0f];
202 *(p++)=hex[n&0x0f];
203 }
204 else
205 *(p++)=q[j];
206#endif
207 }
208 *p='\0';
209 }
210 if (b != NULL)
211 {
212 p=b->data;
213 Free(b);
214 }
215 else
216 p=buf;
217 return(p);
218err:
219 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
220 if (b != NULL) BUF_MEM_free(b);
221 return(NULL);
222 }
223
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
deleted file mode 100644
index bb4697ae60..0000000000
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ /dev/null
@@ -1,110 +0,0 @@
1/* crypto/x509/x509_r2x.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/evp.h>
63#include <openssl/asn1.h>
64#include <openssl/x509.h>
65#include <openssl/objects.h>
66#include <openssl/buffer.h>
67
68X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
69 {
70 X509 *ret=NULL;
71 X509_CINF *xi=NULL;
72 X509_NAME *xn;
73
74 if ((ret=X509_new()) == NULL)
75 {
76 X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
77 goto err;
78 }
79
80 /* duplicate the request */
81 xi=ret->cert_info;
82
83 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
84 {
85 if ((xi->version=ASN1_INTEGER_new()) == NULL) goto err;
86 if (!ASN1_INTEGER_set(xi->version,2)) goto err;
87/* xi->extensions=ri->attributes; <- bad, should not ever be done
88 ri->attributes=NULL; */
89 }
90
91 xn=X509_REQ_get_subject_name(r);
92 X509_set_subject_name(ret,X509_NAME_dup(xn));
93 X509_set_issuer_name(ret,X509_NAME_dup(xn));
94
95 X509_gmtime_adj(xi->validity->notBefore,0);
96 X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days);
97
98 X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
99
100 if (!X509_sign(ret,pkey,EVP_md5()))
101 goto err;
102 if (0)
103 {
104err:
105 X509_free(ret);
106 ret=NULL;
107 }
108 return(ret);
109 }
110
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
deleted file mode 100644
index 2ef94decd1..0000000000
--- a/src/lib/libcrypto/x509/x509_req.c
+++ /dev/null
@@ -1,115 +0,0 @@
1/* crypto/x509/x509_req.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/evp.h>
63#include <openssl/asn1.h>
64#include <openssl/x509.h>
65#include <openssl/objects.h>
66#include <openssl/buffer.h>
67#include <openssl/pem.h>
68
69X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md)
70 {
71 X509_REQ *ret;
72 X509_REQ_INFO *ri;
73 int i;
74 EVP_PKEY *pktmp;
75
76 ret=X509_REQ_new();
77 if (ret == NULL)
78 {
79 X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
80 goto err;
81 }
82
83 ri=ret->req_info;
84
85 ri->version->length=1;
86 ri->version->data=(unsigned char *)Malloc(1);
87 if (ri->version->data == NULL) goto err;
88 ri->version->data[0]=0; /* version == 0 */
89
90 if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
91 goto err;
92
93 pktmp = X509_get_pubkey(x);
94 i=X509_REQ_set_pubkey(ret,pktmp);
95 EVP_PKEY_free(pktmp);
96 if (!i) goto err;
97
98 if (pkey != NULL)
99 {
100 if (!X509_REQ_sign(ret,pkey,md))
101 goto err;
102 }
103 return(ret);
104err:
105 X509_REQ_free(ret);
106 return(NULL);
107 }
108
109EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
110 {
111 if ((req == NULL) || (req->req_info == NULL))
112 return(NULL);
113 return(X509_PUBKEY_get(req->req_info->pubkey));
114 }
115
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
deleted file mode 100644
index 5a6f7b414f..0000000000
--- a/src/lib/libcrypto/x509/x509_set.c
+++ /dev/null
@@ -1,150 +0,0 @@
1/* crypto/x509/x509_set.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_set_version(X509 *x, long version)
67 {
68 if (x == NULL) return(0);
69 if (x->cert_info->version == NULL)
70 {
71 if ((x->cert_info->version=ASN1_INTEGER_new()) == NULL)
72 return(0);
73 }
74 return(ASN1_INTEGER_set(x->cert_info->version,version));
75 }
76
77int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
78 {
79 ASN1_INTEGER *in;
80
81 if (x == NULL) return(0);
82 in=x->cert_info->serialNumber;
83 if (in != serial)
84 {
85 in=ASN1_INTEGER_dup(serial);
86 if (in != NULL)
87 {
88 ASN1_INTEGER_free(x->cert_info->serialNumber);
89 x->cert_info->serialNumber=in;
90 }
91 }
92 return(in != NULL);
93 }
94
95int X509_set_issuer_name(X509 *x, X509_NAME *name)
96 {
97 if ((x == NULL) || (x->cert_info == NULL)) return(0);
98 return(X509_NAME_set(&x->cert_info->issuer,name));
99 }
100
101int X509_set_subject_name(X509 *x, X509_NAME *name)
102 {
103 if ((x == NULL) || (x->cert_info == NULL)) return(0);
104 return(X509_NAME_set(&x->cert_info->subject,name));
105 }
106
107int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm)
108 {
109 ASN1_UTCTIME *in;
110
111 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
112 in=x->cert_info->validity->notBefore;
113 if (in != tm)
114 {
115 in=ASN1_UTCTIME_dup(tm);
116 if (in != NULL)
117 {
118 ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
119 x->cert_info->validity->notBefore=in;
120 }
121 }
122 return(in != NULL);
123 }
124
125int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm)
126 {
127 ASN1_UTCTIME *in;
128
129 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
130 in=x->cert_info->validity->notAfter;
131 if (in != tm)
132 {
133 in=ASN1_UTCTIME_dup(tm);
134 if (in != NULL)
135 {
136 ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
137 x->cert_info->validity->notAfter=in;
138 }
139 }
140 return(in != NULL);
141 }
142
143int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
144 {
145 if ((x == NULL) || (x->cert_info == NULL)) return(0);
146 return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
147 }
148
149
150
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
deleted file mode 100644
index 11a3d2012f..0000000000
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ /dev/null
@@ -1,132 +0,0 @@
1/* crypto/x509/x509_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62#include <sys/types.h>
63
64#include "cryptlib.h"
65#include <openssl/lhash.h>
66#include <openssl/buffer.h>
67#include <openssl/evp.h>
68#include <openssl/asn1.h>
69#include <openssl/x509.h>
70#include <openssl/objects.h>
71
72const char *X509_verify_cert_error_string(long n)
73 {
74 static char buf[100];
75
76 switch ((int)n)
77 {
78 case X509_V_OK:
79 return("ok");
80 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
81 return("unable to get issuer certificate");
82 case X509_V_ERR_UNABLE_TO_GET_CRL:
83 return("unable to get certificate CRL");
84 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
85 return("unable to decrypt certificate's signature");
86 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
87 return("unable to decrypt CRL's's signature");
88 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
89 return("unable to decode issuer public key");
90 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
91 return("certificate signature failure");
92 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
93 return("CRL signature failure");
94 case X509_V_ERR_CERT_NOT_YET_VALID:
95 return("certificate is not yet valid");
96 case X509_V_ERR_CRL_NOT_YET_VALID:
97 return("CRL is not yet valid");
98 case X509_V_ERR_CERT_HAS_EXPIRED:
99 return("Certificate has expired");
100 case X509_V_ERR_CRL_HAS_EXPIRED:
101 return("CRL has expired");
102 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
103 return("format error in certificate's notBefore field");
104 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
105 return("format error in certificate's notAfter field");
106 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
107 return("format error in CRL's lastUpdate field");
108 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
109 return("format error in CRL's nextUpdate field");
110 case X509_V_ERR_OUT_OF_MEM:
111 return("out of memory");
112 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
113 return("self signed certificate");
114 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
115 return("self signed certificate in certificate chain");
116 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
117 return("unable to get local issuer certificate");
118 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
119 return("unable to verify the first certificate");
120 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
121 return("certificate chain too long");
122 case X509_V_ERR_CERT_REVOKED:
123 return("certificate revoked");
124 case X509_V_ERR_APPLICATION_VERIFICATION:
125 return("application verification failure");
126 default:
127 sprintf(buf,"error number %ld",n);
128 return(buf);
129 }
130 }
131
132
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
deleted file mode 100644
index dd2f9f1b17..0000000000
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ /dev/null
@@ -1,266 +0,0 @@
1/* crypto/x509/x509_v3.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
68 {
69 if (x == NULL) return(0);
70 return(sk_X509_EXTENSION_num(x));
71 }
72
73int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
74 int lastpos)
75 {
76 ASN1_OBJECT *obj;
77
78 obj=OBJ_nid2obj(nid);
79 if (obj == NULL) return(-2);
80 return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
81 }
82
83int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
84 int lastpos)
85 {
86 int n;
87 X509_EXTENSION *ex;
88
89 if (sk == NULL) return(-1);
90 lastpos++;
91 if (lastpos < 0)
92 lastpos=0;
93 n=sk_X509_EXTENSION_num(sk);
94 for ( ; lastpos < n; lastpos++)
95 {
96 ex=sk_X509_EXTENSION_value(sk,lastpos);
97 if (OBJ_cmp(ex->object,obj) == 0)
98 return(lastpos);
99 }
100 return(-1);
101 }
102
103int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
104 int lastpos)
105 {
106 int n;
107 X509_EXTENSION *ex;
108
109 if (sk == NULL) return(-1);
110 lastpos++;
111 if (lastpos < 0)
112 lastpos=0;
113 n=sk_X509_EXTENSION_num(sk);
114 for ( ; lastpos < n; lastpos++)
115 {
116 ex=sk_X509_EXTENSION_value(sk,lastpos);
117 if ( (ex->critical && crit) ||
118 (!ex->critical && !crit))
119 return(lastpos);
120 }
121 return(-1);
122 }
123
124X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
125 {
126 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
127 return NULL;
128 else
129 return sk_X509_EXTENSION_value(x,loc);
130 }
131
132X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
133 {
134 X509_EXTENSION *ret;
135
136 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
137 return(NULL);
138 ret=sk_X509_EXTENSION_delete(x,loc);
139 return(ret);
140 }
141
142STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
143 X509_EXTENSION *ex, int loc)
144 {
145 X509_EXTENSION *new_ex=NULL;
146 int n;
147 STACK_OF(X509_EXTENSION) *sk=NULL;
148
149 if ((x != NULL) && (*x == NULL))
150 {
151 if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
152 goto err;
153 }
154 else
155 sk= *x;
156
157 n=sk_X509_EXTENSION_num(sk);
158 if (loc > n) loc=n;
159 else if (loc < 0) loc=n;
160
161 if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
162 goto err2;
163 if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
164 goto err;
165 if ((x != NULL) && (*x == NULL))
166 *x=sk;
167 return(sk);
168err:
169 X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
170err2:
171 if (new_ex != NULL) X509_EXTENSION_free(new_ex);
172 if (sk != NULL) sk_X509_EXTENSION_free(sk);
173 return(NULL);
174 }
175
176X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
177 int crit, ASN1_OCTET_STRING *data)
178 {
179 ASN1_OBJECT *obj;
180 X509_EXTENSION *ret;
181
182 obj=OBJ_nid2obj(nid);
183 if (obj == NULL)
184 {
185 X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
186 return(NULL);
187 }
188 ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
189 if (ret == NULL) ASN1_OBJECT_free(obj);
190 return(ret);
191 }
192
193X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
194 ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
195 {
196 X509_EXTENSION *ret;
197
198 if ((ex == NULL) || (*ex == NULL))
199 {
200 if ((ret=X509_EXTENSION_new()) == NULL)
201 {
202 X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
203 return(NULL);
204 }
205 }
206 else
207 ret= *ex;
208
209 if (!X509_EXTENSION_set_object(ret,obj))
210 goto err;
211 if (!X509_EXTENSION_set_critical(ret,crit))
212 goto err;
213 if (!X509_EXTENSION_set_data(ret,data))
214 goto err;
215
216 if ((ex != NULL) && (*ex == NULL)) *ex=ret;
217 return(ret);
218err:
219 if ((ex == NULL) || (ret != *ex))
220 X509_EXTENSION_free(ret);
221 return(NULL);
222 }
223
224int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
225 {
226 if ((ex == NULL) || (obj == NULL))
227 return(0);
228 ASN1_OBJECT_free(ex->object);
229 ex->object=OBJ_dup(obj);
230 return(1);
231 }
232
233int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
234 {
235 if (ex == NULL) return(0);
236 ex->critical=(crit)?0xFF:0;
237 return(1);
238 }
239
240int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
241 {
242 int i;
243
244 if (ex == NULL) return(0);
245 i=ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
246 if (!i) return(0);
247 return(1);
248 }
249
250ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
251 {
252 if (ex == NULL) return(NULL);
253 return(ex->object);
254 }
255
256ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
257 {
258 if (ex == NULL) return(NULL);
259 return(ex->value);
260 }
261
262int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
263 {
264 if (ex == NULL) return(0);
265 return(ex->critical);
266 }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
deleted file mode 100644
index c72ee4a385..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ /dev/null
@@ -1,639 +0,0 @@
1/* crypto/x509/x509_vfy.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64
65#include <openssl/crypto.h>
66#include "cryptlib.h"
67#include <openssl/lhash.h>
68#include <openssl/buffer.h>
69#include <openssl/evp.h>
70#include <openssl/asn1.h>
71#include <openssl/x509.h>
72#include <openssl/objects.h>
73
74static int null_callback(int ok,X509_STORE_CTX *e);
75static int internal_verify(X509_STORE_CTX *ctx);
76const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
77
78static STACK *x509_store_ctx_method=NULL;
79static int x509_store_ctx_num=0;
80#if 0
81static int x509_store_num=1;
82static STACK *x509_store_method=NULL;
83#endif
84
85static int null_callback(int ok, X509_STORE_CTX *e)
86 {
87 return(ok);
88 }
89
90#if 0
91static int x509_subject_cmp(X509 **a, X509 **b)
92 {
93 return(X509_subject_name_cmp(*a,*b));
94 }
95#endif
96
97int X509_verify_cert(X509_STORE_CTX *ctx)
98 {
99 X509 *x,*xtmp,*chain_ss=NULL;
100 X509_NAME *xn;
101 X509_OBJECT obj;
102 int depth,i,ok=0;
103 int num;
104 int (*cb)();
105 STACK_OF(X509) *sktmp=NULL;
106
107 if (ctx->cert == NULL)
108 {
109 X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
110 return(-1);
111 }
112
113 cb=ctx->ctx->verify_cb;
114 if (cb == NULL) cb=null_callback;
115
116 /* first we make sure the chain we are going to build is
117 * present and that the first entry is in place */
118 if (ctx->chain == NULL)
119 {
120 if ( ((ctx->chain=sk_X509_new_null()) == NULL) ||
121 (!sk_X509_push(ctx->chain,ctx->cert)))
122 {
123 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
124 goto end;
125 }
126 CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
127 ctx->last_untrusted=1;
128 }
129
130 /* We use a temporary so we can chop and hack at it */
131 if (ctx->untrusted != NULL
132 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
133 {
134 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
135 goto end;
136 }
137
138 num=sk_X509_num(ctx->chain);
139 x=sk_X509_value(ctx->chain,num-1);
140 depth=ctx->depth;
141
142
143 for (;;)
144 {
145 /* If we have enough, we break */
146 if (depth < num) break; /* FIXME: If this happens, we should take
147 * note of it and, if appropriate, use the
148 * X509_V_ERR_CERT_CHAIN_TOO_LONG error
149 * code later.
150 */
151
152 /* If we are self signed, we break */
153 xn=X509_get_issuer_name(x);
154 if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
155 break;
156
157 /* If we were passed a cert chain, use it first */
158 if (ctx->untrusted != NULL)
159 {
160 xtmp=X509_find_by_subject(sktmp,xn);
161 if (xtmp != NULL)
162 {
163 if (!sk_X509_push(ctx->chain,xtmp))
164 {
165 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
166 goto end;
167 }
168 CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
169 sk_X509_delete_ptr(sktmp,xtmp);
170 ctx->last_untrusted++;
171 x=xtmp;
172 num++;
173 /* reparse the full chain for
174 * the next one */
175 continue;
176 }
177 }
178 break;
179 }
180
181 /* at this point, chain should contain a list of untrusted
182 * certificates. We now need to add at least one trusted one,
183 * if possible, otherwise we complain. */
184
185 i=sk_X509_num(ctx->chain);
186 x=sk_X509_value(ctx->chain,i-1);
187 if (X509_NAME_cmp(X509_get_subject_name(x),X509_get_issuer_name(x))
188 == 0)
189 {
190 /* we have a self signed certificate */
191 if (sk_X509_num(ctx->chain) == 1)
192 {
193 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
194 ctx->current_cert=x;
195 ctx->error_depth=i-1;
196 ok=cb(0,ctx);
197 if (!ok) goto end;
198 }
199 else
200 {
201 /* worry more about this one elsewhere */
202 chain_ss=sk_X509_pop(ctx->chain);
203 ctx->last_untrusted--;
204 num--;
205 x=sk_X509_value(ctx->chain,num-1);
206 }
207 }
208
209 /* We now lookup certs from the certificate store */
210 for (;;)
211 {
212 /* If we have enough, we break */
213 if (depth < num) break;
214
215 /* If we are self signed, we break */
216 xn=X509_get_issuer_name(x);
217 if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
218 break;
219
220 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
221 if (ok != X509_LU_X509)
222 {
223 if (ok == X509_LU_RETRY)
224 {
225 X509_OBJECT_free_contents(&obj);
226 X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
227 return(ok);
228 }
229 else if (ok != X509_LU_FAIL)
230 {
231 X509_OBJECT_free_contents(&obj);
232 /* not good :-(, break anyway */
233 return(ok);
234 }
235 break;
236 }
237 x=obj.data.x509;
238 if (!sk_X509_push(ctx->chain,obj.data.x509))
239 {
240 X509_OBJECT_free_contents(&obj);
241 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
242 return(0);
243 }
244 num++;
245 }
246
247 /* we now have our chain, lets check it... */
248 xn=X509_get_issuer_name(x);
249 if (X509_NAME_cmp(X509_get_subject_name(x),xn) != 0)
250 {
251 if ((chain_ss == NULL) || (X509_NAME_cmp(X509_get_subject_name(chain_ss),xn) != 0))
252 {
253 if (ctx->last_untrusted >= num)
254 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
255 else
256 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
257 ctx->current_cert=x;
258 }
259 else
260 {
261
262 sk_X509_push(ctx->chain,chain_ss);
263 num++;
264 ctx->last_untrusted=num;
265 ctx->current_cert=chain_ss;
266 ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
267 chain_ss=NULL;
268 }
269
270 ctx->error_depth=num-1;
271 ok=cb(0,ctx);
272 if (!ok) goto end;
273 }
274
275 /* We may as well copy down any DSA parameters that are required */
276 X509_get_pubkey_parameters(NULL,ctx->chain);
277
278 /* At this point, we have a chain and just need to verify it */
279 if (ctx->ctx->verify != NULL)
280 ok=ctx->ctx->verify(ctx);
281 else
282 ok=internal_verify(ctx);
283 if (0)
284 {
285end:
286 X509_get_pubkey_parameters(NULL,ctx->chain);
287 }
288 if (sktmp != NULL) sk_X509_free(sktmp);
289 if (chain_ss != NULL) X509_free(chain_ss);
290 return(ok);
291 }
292
293static int internal_verify(X509_STORE_CTX *ctx)
294 {
295 int i,ok=0,n;
296 X509 *xs,*xi;
297 EVP_PKEY *pkey=NULL;
298 int (*cb)();
299
300 cb=ctx->ctx->verify_cb;
301 if (cb == NULL) cb=null_callback;
302
303 n=sk_X509_num(ctx->chain);
304 ctx->error_depth=n-1;
305 n--;
306 xi=sk_X509_value(ctx->chain,n);
307 if (X509_NAME_cmp(X509_get_subject_name(xi),
308 X509_get_issuer_name(xi)) == 0)
309 xs=xi;
310 else
311 {
312 if (n <= 0)
313 {
314 ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
315 ctx->current_cert=xi;
316 ok=cb(0,ctx);
317 goto end;
318 }
319 else
320 {
321 n--;
322 ctx->error_depth=n;
323 xs=sk_X509_value(ctx->chain,n);
324 }
325 }
326
327/* ctx->error=0; not needed */
328 while (n >= 0)
329 {
330 ctx->error_depth=n;
331 if (!xs->valid)
332 {
333 if ((pkey=X509_get_pubkey(xi)) == NULL)
334 {
335 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
336 ctx->current_cert=xi;
337 ok=(*cb)(0,ctx);
338 if (!ok) goto end;
339 }
340 if (X509_verify(xs,pkey) <= 0)
341 {
342 EVP_PKEY_free(pkey);
343 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
344 ctx->current_cert=xs;
345 ok=(*cb)(0,ctx);
346 if (!ok) goto end;
347 }
348 EVP_PKEY_free(pkey);
349 pkey=NULL;
350
351 i=X509_cmp_current_time(X509_get_notBefore(xs));
352 if (i == 0)
353 {
354 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
355 ctx->current_cert=xs;
356 ok=(*cb)(0,ctx);
357 if (!ok) goto end;
358 }
359 if (i > 0)
360 {
361 ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
362 ctx->current_cert=xs;
363 ok=(*cb)(0,ctx);
364 if (!ok) goto end;
365 }
366 xs->valid=1;
367 }
368
369 i=X509_cmp_current_time(X509_get_notAfter(xs));
370 if (i == 0)
371 {
372 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
373 ctx->current_cert=xs;
374 ok=(*cb)(0,ctx);
375 if (!ok) goto end;
376 }
377
378 if (i < 0)
379 {
380 ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
381 ctx->current_cert=xs;
382 ok=(*cb)(0,ctx);
383 if (!ok) goto end;
384 }
385
386 /* CRL CHECK */
387
388 /* The last error (if any) is still in the error value */
389 ctx->current_cert=xs;
390 ok=(*cb)(1,ctx);
391 if (!ok) goto end;
392
393 n--;
394 if (n >= 0)
395 {
396 xi=xs;
397 xs=sk_X509_value(ctx->chain,n);
398 }
399 }
400 ok=1;
401end:
402 return(ok);
403 }
404
405int X509_cmp_current_time(ASN1_UTCTIME *ctm)
406 {
407 char *str;
408 ASN1_UTCTIME atm;
409 time_t offset;
410 char buff1[24],buff2[24],*p;
411 int i,j;
412
413 p=buff1;
414 i=ctm->length;
415 str=(char *)ctm->data;
416 if ((i < 11) || (i > 17)) return(0);
417 memcpy(p,str,10);
418 p+=10;
419 str+=10;
420
421 if ((*str == 'Z') || (*str == '-') || (*str == '+'))
422 { *(p++)='0'; *(p++)='0'; }
423 else { *(p++)= *(str++); *(p++)= *(str++); }
424 *(p++)='Z';
425 *(p++)='\0';
426
427 if (*str == 'Z')
428 offset=0;
429 else
430 {
431 if ((*str != '+') && (str[5] != '-'))
432 return(0);
433 offset=((str[1]-'0')*10+(str[2]-'0'))*60;
434 offset+=(str[3]-'0')*10+(str[4]-'0');
435 if (*str == '-')
436 offset= -offset;
437 }
438 atm.type=V_ASN1_UTCTIME;
439 atm.length=sizeof(buff2);
440 atm.data=(unsigned char *)buff2;
441
442 X509_gmtime_adj(&atm,-offset);
443
444 i=(buff1[0]-'0')*10+(buff1[1]-'0');
445 if (i < 50) i+=100; /* cf. RFC 2459 */
446 j=(buff2[0]-'0')*10+(buff2[1]-'0');
447 if (j < 50) j+=100;
448
449 if (i < j) return (-1);
450 if (i > j) return (1);
451 i=strcmp(buff1,buff2);
452 if (i == 0) /* wait a second then return younger :-) */
453 return(-1);
454 else
455 return(i);
456 }
457
458ASN1_UTCTIME *X509_gmtime_adj(ASN1_UTCTIME *s, long adj)
459 {
460 time_t t;
461
462 time(&t);
463 t+=adj;
464 return(ASN1_UTCTIME_set(s,t));
465 }
466
467int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
468 {
469 EVP_PKEY *ktmp=NULL,*ktmp2;
470 int i,j;
471
472 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1);
473
474 for (i=0; i<sk_X509_num(chain); i++)
475 {
476 ktmp=X509_get_pubkey(sk_X509_value(chain,i));
477 if (ktmp == NULL)
478 {
479 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
480 return(0);
481 }
482 if (!EVP_PKEY_missing_parameters(ktmp))
483 break;
484 else
485 {
486 EVP_PKEY_free(ktmp);
487 ktmp=NULL;
488 }
489 }
490 if (ktmp == NULL)
491 {
492 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
493 return(0);
494 }
495
496 /* first, populate the other certs */
497 for (j=i-1; j >= 0; j--)
498 {
499 ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
500 EVP_PKEY_copy_parameters(ktmp2,ktmp);
501 EVP_PKEY_free(ktmp2);
502 }
503
504 if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
505 EVP_PKEY_free(ktmp);
506 return(1);
507 }
508
509int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
510 {
511 X509_OBJECT *obj,*r;
512 int ret=1;
513
514 if (x == NULL) return(0);
515 obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
516 if (obj == NULL)
517 {
518 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
519 return(0);
520 }
521 obj->type=X509_LU_X509;
522 obj->data.x509=x;
523
524 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
525
526 X509_OBJECT_up_ref_count(obj);
527
528 r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
529 if (r != NULL)
530 { /* oops, put it back */
531 lh_delete(ctx->certs,(char *)obj);
532 X509_OBJECT_free_contents(obj);
533 Free(obj);
534 lh_insert(ctx->certs,(char *)r);
535 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
536 ret=0;
537 }
538
539 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
540
541 return(ret);
542 }
543
544int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
545 {
546 X509_OBJECT *obj,*r;
547 int ret=1;
548
549 if (x == NULL) return(0);
550 obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
551 if (obj == NULL)
552 {
553 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
554 return(0);
555 }
556 obj->type=X509_LU_CRL;
557 obj->data.crl=x;
558
559 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
560
561 X509_OBJECT_up_ref_count(obj);
562
563 r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
564 if (r != NULL)
565 { /* oops, put it back */
566 lh_delete(ctx->certs,(char *)obj);
567 X509_OBJECT_free_contents(obj);
568 Free(obj);
569 lh_insert(ctx->certs,(char *)r);
570 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
571 ret=0;
572 }
573
574 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
575
576 return(ret);
577 }
578
579int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
580 int (*dup_func)(), void (*free_func)())
581 {
582 x509_store_ctx_num++;
583 return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
584 &x509_store_ctx_method,
585 argl,argp,new_func,dup_func,free_func));
586 }
587
588int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
589 {
590 return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
591 }
592
593void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
594 {
595 return(CRYPTO_get_ex_data(&ctx->ex_data,idx));
596 }
597
598int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
599 {
600 return(ctx->error);
601 }
602
603void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
604 {
605 ctx->error=err;
606 }
607
608int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
609 {
610 return(ctx->error_depth);
611 }
612
613X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
614 {
615 return(ctx->current_cert);
616 }
617
618STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
619 {
620 return(ctx->chain);
621 }
622
623void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
624 {
625 ctx->cert=x;
626 }
627
628void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
629 {
630 ctx->untrusted=sk;
631 }
632
633IMPLEMENT_STACK_OF(X509)
634IMPLEMENT_ASN1_SET_OF(X509)
635
636IMPLEMENT_STACK_OF(X509_NAME)
637
638IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
639IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
deleted file mode 100644
index ecfd4cf9ed..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ /dev/null
@@ -1,346 +0,0 @@
1/* crypto/x509/x509_vfy.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_H
60#include <openssl/x509.h>
61/* openssl/x509.h ends up #include-ing this file at about the only
62 * appropriate moment. */
63#endif
64
65#ifndef HEADER_X509_VFY_H
66#define HEADER_X509_VFY_H
67
68#ifdef __cplusplus
69extern "C" {
70#endif
71
72#include <openssl/bio.h>
73#include <openssl/crypto.h>
74
75/* Outer object */
76typedef struct x509_hash_dir_st
77 {
78 int num_dirs;
79 char **dirs;
80 int *dirs_type;
81 int num_dirs_alloced;
82 } X509_HASH_DIR_CTX;
83
84typedef struct x509_file_st
85 {
86 int num_paths; /* number of paths to files or directories */
87 int num_alloced;
88 char **paths; /* the list of paths or directories */
89 int *path_type;
90 } X509_CERT_FILE_CTX;
91
92/*******************************/
93/*
94SSL_CTX -> X509_STORE
95 -> X509_LOOKUP
96 ->X509_LOOKUP_METHOD
97 -> X509_LOOKUP
98 ->X509_LOOKUP_METHOD
99
100SSL -> X509_STORE_CTX
101 ->X509_STORE
102
103The X509_STORE holds the tables etc for verification stuff.
104A X509_STORE_CTX is used while validating a single certificate.
105The X509_STORE has X509_LOOKUPs for looking up certs.
106The X509_STORE then calls a function to actually verify the
107certificate chain.
108*/
109
110#define X509_LU_RETRY -1
111#define X509_LU_FAIL 0
112#define X509_LU_X509 1
113#define X509_LU_CRL 2
114#define X509_LU_PKEY 3
115
116typedef struct x509_object_st
117 {
118 /* one of the above types */
119 int type;
120 union {
121 char *ptr;
122 X509 *x509;
123 X509_CRL *crl;
124 EVP_PKEY *pkey;
125 } data;
126 } X509_OBJECT;
127
128typedef struct x509_lookup_st X509_LOOKUP;
129
130DECLARE_STACK_OF(X509_LOOKUP)
131
132/* This is a static that defines the function interface */
133typedef struct x509_lookup_method_st
134 {
135 const char *name;
136 int (*new_item)(X509_LOOKUP *ctx);
137 void (*free)(X509_LOOKUP *ctx);
138 int (*init)(X509_LOOKUP *ctx);
139 int (*shutdown)(X509_LOOKUP *ctx);
140 int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
141 char **ret);
142 int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
143 X509_OBJECT *ret);
144 int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
145 ASN1_INTEGER *serial,X509_OBJECT *ret);
146 int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
147 unsigned char *bytes,int len,
148 X509_OBJECT *ret);
149 int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
150 X509_OBJECT *ret);
151 } X509_LOOKUP_METHOD;
152
153typedef struct x509_store_state_st X509_STORE_CTX;
154
155/* This is used to hold everything. It is used for all certificate
156 * validation. Once we have a certificate chain, the 'verify'
157 * function is then called to actually check the cert chain. */
158typedef struct x509_store_st
159 {
160 /* The following is a cache of trusted certs */
161 int cache; /* if true, stash any hits */
162#ifdef HEADER_LHASH_H
163 LHASH *certs; /* cached certs; */
164#else
165 char *certs;
166#endif
167
168 /* These are external lookup methods */
169 STACK_OF(X509_LOOKUP) *get_cert_methods;
170 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
171 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
172
173 CRYPTO_EX_DATA ex_data;
174 int references;
175 int depth; /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
176 } X509_STORE;
177
178#define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d))
179
180#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
181#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
182
183/* This is the functions plus an instance of the local variables. */
184struct x509_lookup_st
185 {
186 int init; /* have we been started */
187 int skip; /* don't use us. */
188 X509_LOOKUP_METHOD *method; /* the functions */
189 char *method_data; /* method data */
190
191 X509_STORE *store_ctx; /* who owns us */
192 };
193
194/* This is a temporary used when processing cert chains. Since the
195 * gathering of the cert chain can take some time (and have to be
196 * 'retried', this needs to be kept and passed around. */
197struct x509_store_state_st /* X509_STORE_CTX */
198 {
199 X509_STORE *ctx;
200 int current_method; /* used when looking up certs */
201
202 /* The following are set by the caller */
203 X509 *cert; /* The cert to check */
204 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
205
206 /* The following is built up */
207 int depth; /* how far to go looking up certs */
208 int valid; /* if 0, rebuild chain */
209 int last_untrusted; /* index of last untrusted cert */
210 STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
211
212 /* When something goes wrong, this is why */
213 int error_depth;
214 int error;
215 X509 *current_cert;
216
217 CRYPTO_EX_DATA ex_data;
218 };
219
220#define X509_STORE_CTX_set_depth(ctx,d) ((ctx)->depth=(d))
221
222#define X509_STORE_CTX_set_app_data(ctx,data) \
223 X509_STORE_CTX_set_ex_data(ctx,0,data)
224#define X509_STORE_CTX_get_app_data(ctx) \
225 X509_STORE_CTX_get_ex_data(ctx,0)
226
227#define X509_L_FILE_LOAD 1
228#define X509_L_ADD_DIR 2
229
230#define X509_LOOKUP_load_file(x,name,type) \
231 X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
232
233#define X509_LOOKUP_add_dir(x,name,type) \
234 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
235
236#define X509_V_OK 0
237
238#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
239#define X509_V_ERR_UNABLE_TO_GET_CRL 3
240#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
241#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
242#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
243#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
244#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
245#define X509_V_ERR_CERT_NOT_YET_VALID 9
246#define X509_V_ERR_CERT_HAS_EXPIRED 10
247#define X509_V_ERR_CRL_NOT_YET_VALID 11
248#define X509_V_ERR_CRL_HAS_EXPIRED 12
249#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
250#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
251#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
252#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
253#define X509_V_ERR_OUT_OF_MEM 17
254#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
255#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
256#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
257#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
258#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
259#define X509_V_ERR_CERT_REVOKED 23
260
261/* The application is not happy */
262#define X509_V_ERR_APPLICATION_VERIFICATION 50
263
264 /* These functions are being redefined in another directory,
265 and clash when the linker is case-insensitive, so let's
266 hide them a little, by giving them an extra 'o' at the
267 beginning of the name... */
268#ifdef VMS
269#undef X509v3_cleanup_extensions
270#define X509v3_cleanup_extensions oX509v3_cleanup_extensions
271#undef X509v3_add_extension
272#define X509v3_add_extension oX509v3_add_extension
273#undef X509v3_add_netscape_extensions
274#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions
275#undef X509v3_add_standard_extensions
276#define X509v3_add_standard_extensions oX509v3_add_standard_extensions
277#endif
278
279#ifdef HEADER_LHASH_H
280X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h,int type,X509_NAME *name);
281#endif
282void X509_OBJECT_up_ref_count(X509_OBJECT *a);
283void X509_OBJECT_free_contents(X509_OBJECT *a);
284X509_STORE *X509_STORE_new(void );
285void X509_STORE_free(X509_STORE *v);
286
287void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
288 X509 *x509, STACK_OF(X509) *chain);
289void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
290
291X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
292
293X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
294X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
295
296int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
297int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
298
299int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
300 X509_OBJECT *ret);
301
302int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
303 long argl, char **ret);
304
305#ifndef NO_STDIO
306int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
307int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
308#endif
309
310
311X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
312void X509_LOOKUP_free(X509_LOOKUP *ctx);
313int X509_LOOKUP_init(X509_LOOKUP *ctx);
314int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
315 X509_OBJECT *ret);
316int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
317 ASN1_INTEGER *serial, X509_OBJECT *ret);
318int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
319 unsigned char *bytes, int len, X509_OBJECT *ret);
320int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
321 int len, X509_OBJECT *ret);
322int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
323
324#ifndef NO_STDIO
325int X509_STORE_load_locations (X509_STORE *ctx,
326 const char *file, const char *dir);
327int X509_STORE_set_default_paths(X509_STORE *ctx);
328#endif
329
330int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
331 int (*dup_func)(), void (*free_func)());
332int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
333void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
334int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
335void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
336int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
337X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
338STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
339void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
340void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
341
342#ifdef __cplusplus
343}
344#endif
345#endif
346
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
deleted file mode 100644
index 2a422be350..0000000000
--- a/src/lib/libcrypto/x509/x509name.c
+++ /dev/null
@@ -1,321 +0,0 @@
1/* crypto/x509/x509name.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
68 {
69 ASN1_OBJECT *obj;
70
71 obj=OBJ_nid2obj(nid);
72 if (obj == NULL) return(-1);
73 return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
74 }
75
76int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
77 int len)
78 {
79 int i;
80 ASN1_STRING *data;
81
82 i=X509_NAME_get_index_by_OBJ(name,obj,-1);
83 if (i < 0) return(-1);
84 data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
85 i=(data->length > (len-1))?(len-1):data->length;
86 if (buf == NULL) return(data->length);
87 memcpy(buf,data->data,i);
88 buf[i]='\0';
89 return(i);
90 }
91
92int X509_NAME_entry_count(X509_NAME *name)
93 {
94 if (name == NULL) return(0);
95 return(sk_X509_NAME_ENTRY_num(name->entries));
96 }
97
98int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
99 {
100 ASN1_OBJECT *obj;
101
102 obj=OBJ_nid2obj(nid);
103 if (obj == NULL) return(-2);
104 return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
105 }
106
107/* NOTE: you should be passsing -1, not 0 as lastpos */
108int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
109 int lastpos)
110 {
111 int n;
112 X509_NAME_ENTRY *ne;
113 STACK_OF(X509_NAME_ENTRY) *sk;
114
115 if (name == NULL) return(-1);
116 if (lastpos < 0)
117 lastpos= -1;
118 sk=name->entries;
119 n=sk_X509_NAME_ENTRY_num(sk);
120 for (lastpos++; lastpos < n; lastpos++)
121 {
122 ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
123 if (OBJ_cmp(ne->object,obj) == 0)
124 return(lastpos);
125 }
126 return(-1);
127 }
128
129X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
130 {
131 if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
132 || loc < 0)
133 return(NULL);
134 else
135 return(sk_X509_NAME_ENTRY_value(name->entries,loc));
136 }
137
138X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
139 {
140 X509_NAME_ENTRY *ret;
141 int i,n,set_prev,set_next;
142 STACK_OF(X509_NAME_ENTRY) *sk;
143
144 if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
145 || loc < 0)
146 return(NULL);
147 sk=name->entries;
148 ret=sk_X509_NAME_ENTRY_delete(sk,loc);
149 n=sk_X509_NAME_ENTRY_num(sk);
150 name->modified=1;
151 if (loc == n) return(ret);
152
153 /* else we need to fixup the set field */
154 if (loc != 0)
155 set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
156 else
157 set_prev=ret->set-1;
158 set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
159
160 /* set_prev is the previous set
161 * set is the current set
162 * set_next is the following
163 * prev 1 1 1 1 1 1 1 1
164 * set 1 1 2 2
165 * next 1 1 2 2 2 2 3 2
166 * so basically only if prev and next differ by 2, then
167 * re-number down by 1 */
168 if (set_prev+1 < set_next)
169 for (i=loc; i<n; i++)
170 sk_X509_NAME_ENTRY_value(sk,i)->set--;
171 return(ret);
172 }
173
174/* if set is -1, append to previous set, 0 'a new one', and 1,
175 * prepend to the guy we are about to stomp on. */
176int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
177 int set)
178 {
179 X509_NAME_ENTRY *new_name=NULL;
180 int n,i,inc;
181 STACK_OF(X509_NAME_ENTRY) *sk;
182
183 if (name == NULL) return(0);
184 sk=name->entries;
185 n=sk_X509_NAME_ENTRY_num(sk);
186 if (loc > n) loc=n;
187 else if (loc < 0) loc=n;
188
189 name->modified=1;
190
191 if (set == -1)
192 {
193 if (loc == 0)
194 {
195 set=0;
196 inc=1;
197 }
198 else
199 {
200 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
201 inc=0;
202 }
203 }
204 else /* if (set >= 0) */
205 {
206 if (loc >= n)
207 {
208 if (loc != 0)
209 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
210 else
211 set=0;
212 }
213 else
214 set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
215 inc=(set == 0)?1:0;
216 }
217
218 if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
219 goto err;
220 new_name->set=set;
221 if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
222 {
223 X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
224 goto err;
225 }
226 if (inc)
227 {
228 n=sk_X509_NAME_ENTRY_num(sk);
229 for (i=loc+1; i<n; i++)
230 sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
231 }
232 return(1);
233err:
234 if (new_name != NULL)
235 X509_NAME_ENTRY_free(new_name);
236 return(0);
237 }
238
239X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
240 int type, unsigned char *bytes, int len)
241 {
242 ASN1_OBJECT *obj;
243
244 obj=OBJ_nid2obj(nid);
245 if (obj == NULL)
246 {
247 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
248 return(NULL);
249 }
250 return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len));
251 }
252
253X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
254 ASN1_OBJECT *obj, int type, unsigned char *bytes, int len)
255 {
256 X509_NAME_ENTRY *ret;
257
258 if ((ne == NULL) || (*ne == NULL))
259 {
260 if ((ret=X509_NAME_ENTRY_new()) == NULL)
261 return(NULL);
262 }
263 else
264 ret= *ne;
265
266 if (!X509_NAME_ENTRY_set_object(ret,obj))
267 goto err;
268 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
269 goto err;
270
271 if ((ne != NULL) && (*ne == NULL)) *ne=ret;
272 return(ret);
273err:
274 if ((ne == NULL) || (ret != *ne))
275 X509_NAME_ENTRY_free(ret);
276 return(NULL);
277 }
278
279int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
280 {
281 if ((ne == NULL) || (obj == NULL))
282 {
283 X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
284 return(0);
285 }
286 ASN1_OBJECT_free(ne->object);
287 ne->object=OBJ_dup(obj);
288 return((ne->object == NULL)?0:1);
289 }
290
291int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
292 unsigned char *bytes, int len)
293 {
294 int i;
295
296 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
297 if (len < 0) len=strlen((char *)bytes);
298 i=ASN1_STRING_set(ne->value,bytes,len);
299 if (!i) return(0);
300 if (type != V_ASN1_UNDEF)
301 {
302 if (type == V_ASN1_APP_CHOOSE)
303 ne->value->type=ASN1_PRINTABLE_type(bytes,len);
304 else
305 ne->value->type=type;
306 }
307 return(1);
308 }
309
310ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
311 {
312 if (ne == NULL) return(NULL);
313 return(ne->object);
314 }
315
316ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
317 {
318 if (ne == NULL) return(NULL);
319 return(ne->value);
320 }
321
diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c
deleted file mode 100644
index d9f6b57372..0000000000
--- a/src/lib/libcrypto/x509/x509rset.c
+++ /dev/null
@@ -1,83 +0,0 @@
1/* crypto/x509/x509rset.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_REQ_set_version(X509_REQ *x, long version)
67 {
68 if (x == NULL) return(0);
69 return(ASN1_INTEGER_set(x->req_info->version,version));
70 }
71
72int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
73 {
74 if ((x == NULL) || (x->req_info == NULL)) return(0);
75 return(X509_NAME_set(&x->req_info->subject,name));
76 }
77
78int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
79 {
80 if ((x == NULL) || (x->req_info == NULL)) return(0);
81 return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
82 }
83
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
deleted file mode 100644
index 8e78b34458..0000000000
--- a/src/lib/libcrypto/x509/x509type.c
+++ /dev/null
@@ -1,114 +0,0 @@
1/* crypto/x509/x509type.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/evp.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64
65int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
66 {
67 EVP_PKEY *pk;
68 int ret=0,i;
69
70 if (x == NULL) return(0);
71
72 if (pkey == NULL)
73 pk=X509_get_pubkey(x);
74 else
75 pk=pkey;
76
77 if (pk == NULL) return(0);
78
79 switch (pk->type)
80 {
81 case EVP_PKEY_RSA:
82 ret=EVP_PK_RSA|EVP_PKT_SIGN;
83/* if (!sign only extension) */
84 ret|=EVP_PKT_ENC;
85 break;
86 case EVP_PKEY_DSA:
87 ret=EVP_PK_DSA|EVP_PKT_SIGN;
88 break;
89 case EVP_PKEY_DH:
90 ret=EVP_PK_DH|EVP_PKT_EXCH;
91 break;
92 default:
93 break;
94 }
95
96 i=X509_get_signature_type(x);
97 switch (i)
98 {
99 case EVP_PKEY_RSA:
100 ret|=EVP_PKS_RSA;
101 break;
102 case EVP_PKS_DSA:
103 ret|=EVP_PKS_DSA;
104 break;
105 default:
106 break;
107 }
108
109 if (EVP_PKEY_size(pk) <= 512)
110 ret|=EVP_PKT_EXP;
111 if(pkey==NULL) EVP_PKEY_free(pk);
112 return(ret);
113 }
114
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
deleted file mode 100644
index f2af895df0..0000000000
--- a/src/lib/libcrypto/x509/x_all.c
+++ /dev/null
@@ -1,437 +0,0 @@
1/* crypto/x509/x_all.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#undef SSLEAY_MACROS
61#include <openssl/stack.h>
62#include "cryptlib.h"
63#include <openssl/buffer.h>
64#include <openssl/asn1.h>
65#include <openssl/evp.h>
66#include <openssl/x509.h>
67
68int X509_verify(X509 *a, EVP_PKEY *r)
69 {
70 return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,
71 a->signature,(char *)a->cert_info,r));
72 }
73
74int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
75 {
76 return( ASN1_verify((int (*)())i2d_X509_REQ_INFO,
77 a->sig_alg,a->signature,(char *)a->req_info,r));
78 }
79
80int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
81 {
82 return(ASN1_verify((int (*)())i2d_X509_CRL_INFO,
83 a->sig_alg, a->signature,(char *)a->crl,r));
84 }
85
86int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
87 {
88 return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC,
89 a->sig_algor,a->signature, (char *)a->spkac,r));
90 }
91
92int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
93 {
94 return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature,
95 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md));
96 }
97
98int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
99 {
100 return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL,
101 x->signature, (char *)x->req_info,pkey,md));
102 }
103
104int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
105 {
106 return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,
107 x->sig_alg, x->signature, (char *)x->crl,pkey,md));
108 }
109
110int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
111 {
112 return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL,
113 x->signature, (char *)x->spkac,pkey,md));
114 }
115
116X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa)
117 {
118 return((X509_ATTRIBUTE *)ASN1_dup((int (*)())i2d_X509_ATTRIBUTE,
119 (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa));
120 }
121
122X509 *X509_dup(X509 *x509)
123 {
124 return((X509 *)ASN1_dup((int (*)())i2d_X509,
125 (char *(*)())d2i_X509,(char *)x509));
126 }
127
128X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex)
129 {
130 return((X509_EXTENSION *)ASN1_dup(
131 (int (*)())i2d_X509_EXTENSION,
132 (char *(*)())d2i_X509_EXTENSION,(char *)ex));
133 }
134
135#ifndef NO_FP_API
136X509 *d2i_X509_fp(FILE *fp, X509 **x509)
137 {
138 return((X509 *)ASN1_d2i_fp((char *(*)())X509_new,
139 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)));
140 }
141
142int i2d_X509_fp(FILE *fp, X509 *x509)
143 {
144 return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509));
145 }
146#endif
147
148X509 *d2i_X509_bio(BIO *bp, X509 **x509)
149 {
150 return((X509 *)ASN1_d2i_bio((char *(*)())X509_new,
151 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)));
152 }
153
154int i2d_X509_bio(BIO *bp, X509 *x509)
155 {
156 return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509));
157 }
158
159X509_CRL *X509_CRL_dup(X509_CRL *crl)
160 {
161 return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL,
162 (char *(*)())d2i_X509_CRL,(char *)crl));
163 }
164
165#ifndef NO_FP_API
166X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
167 {
168 return((X509_CRL *)ASN1_d2i_fp((char *(*)())
169 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),
170 (unsigned char **)(crl)));
171 }
172
173int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
174 {
175 return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl));
176 }
177#endif
178
179X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
180 {
181 return((X509_CRL *)ASN1_d2i_bio((char *(*)())
182 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),
183 (unsigned char **)(crl)));
184 }
185
186int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
187 {
188 return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl));
189 }
190
191PKCS7 *PKCS7_dup(PKCS7 *p7)
192 {
193 return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7,
194 (char *(*)())d2i_PKCS7,(char *)p7));
195 }
196
197#ifndef NO_FP_API
198PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
199 {
200 return((PKCS7 *)ASN1_d2i_fp((char *(*)())
201 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),
202 (unsigned char **)(p7)));
203 }
204
205int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
206 {
207 return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7));
208 }
209#endif
210
211PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
212 {
213 return((PKCS7 *)ASN1_d2i_bio((char *(*)())
214 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),
215 (unsigned char **)(p7)));
216 }
217
218int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
219 {
220 return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7));
221 }
222
223X509_REQ *X509_REQ_dup(X509_REQ *req)
224 {
225 return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ,
226 (char *(*)())d2i_X509_REQ,(char *)req));
227 }
228
229#ifndef NO_FP_API
230X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
231 {
232 return((X509_REQ *)ASN1_d2i_fp((char *(*)())
233 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),
234 (unsigned char **)(req)));
235 }
236
237int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
238 {
239 return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req));
240 }
241#endif
242
243X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
244 {
245 return((X509_REQ *)ASN1_d2i_bio((char *(*)())
246 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),
247 (unsigned char **)(req)));
248 }
249
250int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
251 {
252 return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req));
253 }
254
255#ifndef NO_RSA
256RSA *RSAPublicKey_dup(RSA *rsa)
257 {
258 return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey,
259 (char *(*)())d2i_RSAPublicKey,(char *)rsa));
260 }
261
262RSA *RSAPrivateKey_dup(RSA *rsa)
263 {
264 return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey,
265 (char *(*)())d2i_RSAPrivateKey,(char *)rsa));
266 }
267
268#ifndef NO_FP_API
269RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
270 {
271 return((RSA *)ASN1_d2i_fp((char *(*)())
272 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp),
273 (unsigned char **)(rsa)));
274 }
275
276int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
277 {
278 return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa));
279 }
280
281RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
282 {
283 return((RSA *)ASN1_d2i_fp((char *(*)())
284 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp),
285 (unsigned char **)(rsa)));
286 }
287
288int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
289 {
290 return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
291 }
292#endif
293
294RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
295 {
296 return((RSA *)ASN1_d2i_bio((char *(*)())
297 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp),
298 (unsigned char **)(rsa)));
299 }
300
301int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
302 {
303 return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa));
304 }
305
306RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
307 {
308 return((RSA *)ASN1_d2i_bio((char *(*)())
309 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp),
310 (unsigned char **)(rsa)));
311 }
312
313int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
314 {
315 return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
316 }
317#endif
318
319#ifndef NO_DSA
320#ifndef NO_FP_API
321DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
322 {
323 return((DSA *)ASN1_d2i_fp((char *(*)())
324 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
325 (unsigned char **)(dsa)));
326 }
327
328int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
329 {
330 return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
331 }
332#endif
333
334DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
335 {
336 return((DSA *)ASN1_d2i_bio((char *(*)())
337 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
338 (unsigned char **)(dsa)));
339 }
340
341int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
342 {
343 return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
344 }
345#endif
346
347X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn)
348 {
349 return((X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,
350 (char *(*)())d2i_X509_ALGOR,(char *)xn));
351 }
352
353X509_NAME *X509_NAME_dup(X509_NAME *xn)
354 {
355 return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME,
356 (char *(*)())d2i_X509_NAME,(char *)xn));
357 }
358
359X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
360 {
361 return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY,
362 (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
363 }
364
365int X509_digest(X509 *data, EVP_MD *type, unsigned char *md,
366 unsigned int *len)
367 {
368 return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
369 }
370
371int X509_NAME_digest(X509_NAME *data, EVP_MD *type, unsigned char *md,
372 unsigned int *len)
373 {
374 return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
375 }
376
377int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, EVP_MD *type,
378 unsigned char *md, unsigned int *len)
379 {
380 return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
381 (char *)data,md,len));
382 }
383
384
385#ifndef NO_FP_API
386X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
387 {
388 return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
389 (char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8)));
390 }
391
392int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
393 {
394 return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8));
395 }
396#endif
397
398X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
399 {
400 return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new,
401 (char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8)));
402 }
403
404int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
405 {
406 return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
407 }
408
409#ifndef NO_FP_API
410PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
411 PKCS8_PRIV_KEY_INFO **p8inf)
412 {
413 return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp(
414 (char *(*)())PKCS8_PRIV_KEY_INFO_new,
415 (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp),
416 (unsigned char **)(p8inf)));
417 }
418
419int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
420 {
421 return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
422 }
423#endif
424
425PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
426 PKCS8_PRIV_KEY_INFO **p8inf)
427 {
428 return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio(
429 (char *(*)())PKCS8_PRIV_KEY_INFO_new,
430 (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp),
431 (unsigned char **)(p8inf)));
432 }
433
434int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
435 {
436 return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
437 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 03:56:22 +0000