summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509')
-rw-r--r--src/lib/libcrypto/x509/by_dir.c349
-rw-r--r--src/lib/libcrypto/x509/by_file.c298
-rw-r--r--src/lib/libcrypto/x509/x509.h1204
-rw-r--r--src/lib/libcrypto/x509/x509_att.c326
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c308
-rw-r--r--src/lib/libcrypto/x509/x509_d2.c107
-rw-r--r--src/lib/libcrypto/x509/x509_def.c81
-rw-r--r--src/lib/libcrypto/x509/x509_err.c152
-rw-r--r--src/lib/libcrypto/x509/x509_ext.c191
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c427
-rw-r--r--src/lib/libcrypto/x509/x509_obj.c223
-rw-r--r--src/lib/libcrypto/x509/x509_r2x.c110
-rw-r--r--src/lib/libcrypto/x509/x509_req.c278
-rw-r--r--src/lib/libcrypto/x509/x509_set.c150
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c264
-rw-r--r--src/lib/libcrypto/x509/x509_txt.c141
-rw-r--r--src/lib/libcrypto/x509/x509_v3.c267
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c815
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h362
-rw-r--r--src/lib/libcrypto/x509/x509name.c383
-rw-r--r--src/lib/libcrypto/x509/x509rset.c83
-rw-r--r--src/lib/libcrypto/x509/x509spki.c121
-rw-r--r--src/lib/libcrypto/x509/x509type.c114
-rw-r--r--src/lib/libcrypto/x509/x_all.c531
24 files changed, 0 insertions, 7285 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
deleted file mode 100644
index 14d12c56bd..0000000000
--- a/src/lib/libcrypto/x509/by_dir.c
+++ /dev/null
@@ -1,349 +0,0 @@
1/* crypto/x509/by_dir.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64
65#ifndef NO_SYS_TYPES_H
66# include <sys/types.h>
67#endif
68#ifdef MAC_OS_pre_X
69# include <stat.h>
70#else
71# include <sys/stat.h>
72#endif
73
74#include <openssl/lhash.h>
75#include <openssl/x509.h>
76
77typedef struct lookup_dir_st
78 {
79 BUF_MEM *buffer;
80 int num_dirs;
81 char **dirs;
82 int *dirs_type;
83 int num_dirs_alloced;
84 } BY_DIR;
85
86static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
87 char **ret);
88static int new_dir(X509_LOOKUP *lu);
89static void free_dir(X509_LOOKUP *lu);
90static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
91static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
92 X509_OBJECT *ret);
93X509_LOOKUP_METHOD x509_dir_lookup=
94 {
95 "Load certs from files in a directory",
96 new_dir, /* new */
97 free_dir, /* free */
98 NULL, /* init */
99 NULL, /* shutdown */
100 dir_ctrl, /* ctrl */
101 get_cert_by_subject, /* get_by_subject */
102 NULL, /* get_by_issuer_serial */
103 NULL, /* get_by_fingerprint */
104 NULL, /* get_by_alias */
105 };
106
107X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
108 {
109 return(&x509_dir_lookup);
110 }
111
112static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
113 char **retp)
114 {
115 int ret=0;
116 BY_DIR *ld;
117 char *dir;
118
119 ld=(BY_DIR *)ctx->method_data;
120
121 switch (cmd)
122 {
123 case X509_L_ADD_DIR:
124 if (argl == X509_FILETYPE_DEFAULT)
125 {
126 ret=add_cert_dir(ld,X509_get_default_cert_dir(),
127 X509_FILETYPE_PEM);
128 if (!ret)
129 {
130 X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
131 }
132 else
133 {
134 dir=(char *)Getenv(X509_get_default_cert_dir_env());
135 ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
136 }
137 }
138 else
139 ret=add_cert_dir(ld,argp,(int)argl);
140 break;
141 }
142 return(ret);
143 }
144
145static int new_dir(X509_LOOKUP *lu)
146 {
147 BY_DIR *a;
148
149 if ((a=(BY_DIR *)Malloc(sizeof(BY_DIR))) == NULL)
150 return(0);
151 if ((a->buffer=BUF_MEM_new()) == NULL)
152 {
153 Free(a);
154 return(0);
155 }
156 a->num_dirs=0;
157 a->dirs=NULL;
158 a->dirs_type=NULL;
159 a->num_dirs_alloced=0;
160 lu->method_data=(char *)a;
161 return(1);
162 }
163
164static void free_dir(X509_LOOKUP *lu)
165 {
166 BY_DIR *a;
167 int i;
168
169 a=(BY_DIR *)lu->method_data;
170 for (i=0; i<a->num_dirs; i++)
171 if (a->dirs[i] != NULL) Free(a->dirs[i]);
172 if (a->dirs != NULL) Free(a->dirs);
173 if (a->dirs_type != NULL) Free(a->dirs_type);
174 if (a->buffer != NULL) BUF_MEM_free(a->buffer);
175 Free(a);
176 }
177
178static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
179 {
180 int j,len;
181 int *ip;
182 const char *s,*ss,*p;
183 char **pp;
184
185 if (dir == NULL || !*dir)
186 {
187 X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
188 return 0;
189 }
190
191 s=dir;
192 p=s;
193 for (;;)
194 {
195 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
196 {
197 ss=s;
198 s=p+1;
199 len=(int)(p-ss);
200 if (len == 0) continue;
201 for (j=0; j<ctx->num_dirs; j++)
202 if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
203 continue;
204 if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
205 {
206 ctx->num_dirs_alloced+=10;
207 pp=(char **)Malloc(ctx->num_dirs_alloced*
208 sizeof(char *));
209 ip=(int *)Malloc(ctx->num_dirs_alloced*
210 sizeof(int));
211 if ((pp == NULL) || (ip == NULL))
212 {
213 X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
214 return(0);
215 }
216 memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
217 sizeof(char *));
218 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
219 sizeof(int));
220 if (ctx->dirs != NULL)
221 Free(ctx->dirs);
222 if (ctx->dirs_type != NULL)
223 Free(ctx->dirs_type);
224 ctx->dirs=pp;
225 ctx->dirs_type=ip;
226 }
227 ctx->dirs_type[ctx->num_dirs]=type;
228 ctx->dirs[ctx->num_dirs]=(char *)Malloc((unsigned int)len+1);
229 if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
230 strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
231 ctx->dirs[ctx->num_dirs][len]='\0';
232 ctx->num_dirs++;
233 }
234 if (*p == '\0') break;
235 p++;
236 }
237 return(1);
238 }
239
240static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
241 X509_OBJECT *ret)
242 {
243 BY_DIR *ctx;
244 union {
245 struct {
246 X509 st_x509;
247 X509_CINF st_x509_cinf;
248 } x509;
249 struct {
250 X509_CRL st_crl;
251 X509_CRL_INFO st_crl_info;
252 } crl;
253 } data;
254 int ok=0;
255 int i,j,k;
256 unsigned long h;
257 BUF_MEM *b=NULL;
258 struct stat st;
259 X509_OBJECT stmp,*tmp;
260 const char *postfix="";
261
262 if (name == NULL) return(0);
263
264 stmp.type=type;
265 if (type == X509_LU_X509)
266 {
267 data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
268 data.x509.st_x509_cinf.subject=name;
269 stmp.data.x509= &data.x509.st_x509;
270 postfix="";
271 }
272 else if (type == X509_LU_CRL)
273 {
274 data.crl.st_crl.crl= &data.crl.st_crl_info;
275 data.crl.st_crl_info.issuer=name;
276 stmp.data.crl= &data.crl.st_crl;
277 postfix="r";
278 }
279 else
280 {
281 X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
282 goto finish;
283 }
284
285 if ((b=BUF_MEM_new()) == NULL)
286 {
287 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
288 goto finish;
289 }
290
291 ctx=(BY_DIR *)xl->method_data;
292
293 h=X509_NAME_hash(name);
294 for (i=0; i<ctx->num_dirs; i++)
295 {
296 j=strlen(ctx->dirs[i])+1+8+6+1+1;
297 if (!BUF_MEM_grow(b,j))
298 {
299 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
300 goto finish;
301 }
302 k=0;
303 for (;;)
304 {
305 sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h,
306 postfix,k);
307 k++;
308 if (stat(b->data,&st) < 0)
309 break;
310 /* found one. */
311 if (type == X509_LU_X509)
312 {
313 if ((X509_load_cert_file(xl,b->data,
314 ctx->dirs_type[i])) == 0)
315 break;
316 }
317 else if (type == X509_LU_CRL)
318 {
319 if ((X509_load_crl_file(xl,b->data,
320 ctx->dirs_type[i])) == 0)
321 break;
322 }
323 /* else case will caught higher up */
324 }
325
326 /* we have added it to the cache so now pull
327 * it out again */
328 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
329 tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,&stmp);
330 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
331
332 if (tmp != NULL)
333 {
334 ok=1;
335 ret->type=tmp->type;
336 memcpy(&ret->data,&tmp->data,sizeof(ret->data));
337 /* If we were going to up the reference count,
338 * we would need to do it on a perl 'type'
339 * basis */
340 /* CRYPTO_add(&tmp->data.x509->references,1,
341 CRYPTO_LOCK_X509);*/
342 goto finish;
343 }
344 }
345finish:
346 if (b != NULL) BUF_MEM_free(b);
347 return(ok);
348 }
349
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
deleted file mode 100644
index 78e9240a8d..0000000000
--- a/src/lib/libcrypto/x509/by_file.c
+++ /dev/null
@@ -1,298 +0,0 @@
1/* crypto/x509/by_file.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/lhash.h>
65#include <openssl/buffer.h>
66#include <openssl/x509.h>
67#include <openssl/pem.h>
68
69#ifndef NO_STDIO
70
71static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
72 long argl, char **ret);
73X509_LOOKUP_METHOD x509_file_lookup=
74 {
75 "Load file into cache",
76 NULL, /* new */
77 NULL, /* free */
78 NULL, /* init */
79 NULL, /* shutdown */
80 by_file_ctrl, /* ctrl */
81 NULL, /* get_by_subject */
82 NULL, /* get_by_issuer_serial */
83 NULL, /* get_by_fingerprint */
84 NULL, /* get_by_alias */
85 };
86
87X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
88 {
89 return(&x509_file_lookup);
90 }
91
92static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
93 char **ret)
94 {
95 int ok=0;
96 char *file;
97
98 switch (cmd)
99 {
100 case X509_L_FILE_LOAD:
101 if (argl == X509_FILETYPE_DEFAULT)
102 {
103 ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
104 X509_FILETYPE_PEM) != 0);
105 if (!ok)
106 {
107 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
108 }
109 else
110 {
111 file=(char *)Getenv(X509_get_default_cert_file_env());
112 ok = (X509_load_cert_crl_file(ctx,file,
113 X509_FILETYPE_PEM) != 0);
114 }
115 }
116 else
117 {
118 if(argl == X509_FILETYPE_PEM)
119 ok = (X509_load_cert_crl_file(ctx,argp,
120 X509_FILETYPE_PEM) != 0);
121 else
122 ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
123 }
124 break;
125 }
126 return(ok);
127 }
128
129int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
130 {
131 int ret=0;
132 BIO *in=NULL;
133 int i,count=0;
134 X509 *x=NULL;
135
136 if (file == NULL) return(1);
137 in=BIO_new(BIO_s_file_internal());
138
139 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
140 {
141 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
142 goto err;
143 }
144
145 if (type == X509_FILETYPE_PEM)
146 {
147 for (;;)
148 {
149 x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
150 if (x == NULL)
151 {
152 if ((ERR_GET_REASON(ERR_peek_error()) ==
153 PEM_R_NO_START_LINE) && (count > 0))
154 {
155 ERR_clear_error();
156 break;
157 }
158 else
159 {
160 X509err(X509_F_X509_LOAD_CERT_FILE,
161 ERR_R_PEM_LIB);
162 goto err;
163 }
164 }
165 i=X509_STORE_add_cert(ctx->store_ctx,x);
166 if (!i) goto err;
167 count++;
168 X509_free(x);
169 x=NULL;
170 }
171 ret=count;
172 }
173 else if (type == X509_FILETYPE_ASN1)
174 {
175 x=d2i_X509_bio(in,NULL);
176 if (x == NULL)
177 {
178 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
179 goto err;
180 }
181 i=X509_STORE_add_cert(ctx->store_ctx,x);
182 if (!i) goto err;
183 ret=i;
184 }
185 else
186 {
187 X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
188 goto err;
189 }
190err:
191 if (x != NULL) X509_free(x);
192 if (in != NULL) BIO_free(in);
193 return(ret);
194 }
195
196int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
197 {
198 int ret=0;
199 BIO *in=NULL;
200 int i,count=0;
201 X509_CRL *x=NULL;
202
203 if (file == NULL) return(1);
204 in=BIO_new(BIO_s_file_internal());
205
206 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
207 {
208 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
209 goto err;
210 }
211
212 if (type == X509_FILETYPE_PEM)
213 {
214 for (;;)
215 {
216 x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
217 if (x == NULL)
218 {
219 if ((ERR_GET_REASON(ERR_peek_error()) ==
220 PEM_R_NO_START_LINE) && (count > 0))
221 {
222 ERR_clear_error();
223 break;
224 }
225 else
226 {
227 X509err(X509_F_X509_LOAD_CRL_FILE,
228 ERR_R_PEM_LIB);
229 goto err;
230 }
231 }
232 i=X509_STORE_add_crl(ctx->store_ctx,x);
233 if (!i) goto err;
234 count++;
235 X509_CRL_free(x);
236 x=NULL;
237 }
238 ret=count;
239 }
240 else if (type == X509_FILETYPE_ASN1)
241 {
242 x=d2i_X509_CRL_bio(in,NULL);
243 if (x == NULL)
244 {
245 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
246 goto err;
247 }
248 i=X509_STORE_add_crl(ctx->store_ctx,x);
249 if (!i) goto err;
250 ret=i;
251 }
252 else
253 {
254 X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
255 goto err;
256 }
257err:
258 if (x != NULL) X509_CRL_free(x);
259 if (in != NULL) BIO_free(in);
260 return(ret);
261 }
262
263int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
264{
265 STACK_OF(X509_INFO) *inf;
266 X509_INFO *itmp;
267 BIO *in;
268 int i, count = 0;
269 if(type != X509_FILETYPE_PEM)
270 return X509_load_cert_file(ctx, file, type);
271 in = BIO_new_file(file, "r");
272 if(!in) {
273 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
274 return 0;
275 }
276 inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
277 BIO_free(in);
278 if(!inf) {
279 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
280 return 0;
281 }
282 for(i = 0; i < sk_X509_INFO_num(inf); i++) {
283 itmp = sk_X509_INFO_value(inf, i);
284 if(itmp->x509) {
285 X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
286 count++;
287 } else if(itmp->crl) {
288 X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
289 count++;
290 }
291 }
292 sk_X509_INFO_pop_free(inf, X509_INFO_free);
293 return count;
294}
295
296
297#endif /* NO_STDIO */
298
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
deleted file mode 100644
index 0192272e7c..0000000000
--- a/src/lib/libcrypto/x509/x509.h
+++ /dev/null
@@ -1,1204 +0,0 @@
1/* crypto/x509/x509.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_H
60#define HEADER_X509_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66#ifdef VMS
67#undef X509_REVOKED_get_ext_by_critical
68#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic
69#endif
70
71#include <openssl/stack.h>
72#include <openssl/asn1.h>
73#include <openssl/safestack.h>
74
75#ifndef NO_RSA
76#include <openssl/rsa.h>
77#endif
78
79#ifndef NO_DSA
80#include <openssl/dsa.h>
81#endif
82
83#ifndef NO_DH
84#include <openssl/dh.h>
85#endif
86
87#include <openssl/evp.h>
88
89
90#ifdef WIN32
91/* Under Win32 this is defined in wincrypt.h */
92#undef X509_NAME
93#endif
94
95#define X509_FILETYPE_PEM 1
96#define X509_FILETYPE_ASN1 2
97#define X509_FILETYPE_DEFAULT 3
98
99#define X509v3_KU_DIGITAL_SIGNATURE 0x0080
100#define X509v3_KU_NON_REPUDIATION 0x0040
101#define X509v3_KU_KEY_ENCIPHERMENT 0x0020
102#define X509v3_KU_DATA_ENCIPHERMENT 0x0010
103#define X509v3_KU_KEY_AGREEMENT 0x0008
104#define X509v3_KU_KEY_CERT_SIGN 0x0004
105#define X509v3_KU_CRL_SIGN 0x0002
106#define X509v3_KU_ENCIPHER_ONLY 0x0001
107#define X509v3_KU_DECIPHER_ONLY 0x8000
108#define X509v3_KU_UNDEF 0xffff
109
110typedef struct X509_objects_st
111 {
112 int nid;
113 int (*a2i)();
114 int (*i2a)();
115 } X509_OBJECTS;
116
117typedef struct X509_algor_st
118 {
119 ASN1_OBJECT *algorithm;
120 ASN1_TYPE *parameter;
121 } X509_ALGOR;
122
123DECLARE_STACK_OF(X509_ALGOR)
124DECLARE_ASN1_SET_OF(X509_ALGOR)
125
126typedef struct X509_val_st
127 {
128 ASN1_UTCTIME *notBefore;
129 ASN1_UTCTIME *notAfter;
130 } X509_VAL;
131
132typedef struct X509_pubkey_st
133 {
134 X509_ALGOR *algor;
135 ASN1_BIT_STRING *public_key;
136 EVP_PKEY *pkey;
137 } X509_PUBKEY;
138
139typedef struct X509_sig_st
140 {
141 X509_ALGOR *algor;
142 ASN1_OCTET_STRING *digest;
143 } X509_SIG;
144
145typedef struct X509_name_entry_st
146 {
147 ASN1_OBJECT *object;
148 ASN1_STRING *value;
149 int set;
150 int size; /* temp variable */
151 } X509_NAME_ENTRY;
152
153DECLARE_STACK_OF(X509_NAME_ENTRY)
154DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
155
156/* we always keep X509_NAMEs in 2 forms. */
157typedef struct X509_name_st
158 {
159 STACK_OF(X509_NAME_ENTRY) *entries;
160 int modified; /* true if 'bytes' needs to be built */
161#ifdef HEADER_BUFFER_H
162 BUF_MEM *bytes;
163#else
164 char *bytes;
165#endif
166 unsigned long hash; /* Keep the hash around for lookups */
167 } X509_NAME;
168
169DECLARE_STACK_OF(X509_NAME)
170
171#define X509_EX_V_NETSCAPE_HACK 0x8000
172#define X509_EX_V_INIT 0x0001
173typedef struct X509_extension_st
174 {
175 ASN1_OBJECT *object;
176 short critical;
177 short netscape_hack;
178 ASN1_OCTET_STRING *value;
179 struct v3_ext_method *method; /* V3 method to use */
180 void *ext_val; /* extension value */
181 } X509_EXTENSION;
182
183DECLARE_STACK_OF(X509_EXTENSION)
184DECLARE_ASN1_SET_OF(X509_EXTENSION)
185
186/* a sequence of these are used */
187typedef struct x509_attributes_st
188 {
189 ASN1_OBJECT *object;
190 int set; /* 1 for a set, 0 for a single item (which is wrong) */
191 union {
192 char *ptr;
193/* 1 */ STACK_OF(ASN1_TYPE) *set;
194/* 0 */ ASN1_TYPE *single;
195 } value;
196 } X509_ATTRIBUTE;
197
198DECLARE_STACK_OF(X509_ATTRIBUTE)
199DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
200
201typedef struct X509_req_info_st
202 {
203 ASN1_INTEGER *version;
204 X509_NAME *subject;
205 X509_PUBKEY *pubkey;
206 /* d=2 hl=2 l= 0 cons: cont: 00 */
207 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
208 int req_kludge;
209 } X509_REQ_INFO;
210
211typedef struct X509_req_st
212 {
213 X509_REQ_INFO *req_info;
214 X509_ALGOR *sig_alg;
215 ASN1_BIT_STRING *signature;
216 int references;
217 } X509_REQ;
218
219typedef struct x509_cinf_st
220 {
221 ASN1_INTEGER *version; /* [ 0 ] default of v1 */
222 ASN1_INTEGER *serialNumber;
223 X509_ALGOR *signature;
224 X509_NAME *issuer;
225 X509_VAL *validity;
226 X509_NAME *subject;
227 X509_PUBKEY *key;
228 ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
229 ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
230 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
231 } X509_CINF;
232
233/* This stuff is certificate "auxiliary info"
234 * it contains details which are useful in certificate
235 * stores and databases. When used this is tagged onto
236 * the end of the certificate itself
237 */
238
239typedef struct x509_cert_aux_st
240 {
241 STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
242 STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
243 ASN1_UTF8STRING *alias; /* "friendly name" */
244 ASN1_OCTET_STRING *keyid; /* key id of private key */
245 STACK_OF(X509_ALGOR) *other; /* other unspecified info */
246 } X509_CERT_AUX;
247
248typedef struct x509_st
249 {
250 X509_CINF *cert_info;
251 X509_ALGOR *sig_alg;
252 ASN1_BIT_STRING *signature;
253 int valid;
254 int references;
255 char *name;
256 CRYPTO_EX_DATA ex_data;
257 /* These contain copies of various extension values */
258 long ex_pathlen;
259 unsigned long ex_flags;
260 unsigned long ex_kusage;
261 unsigned long ex_xkusage;
262 unsigned long ex_nscert;
263#ifndef NO_SHA
264 unsigned char sha1_hash[SHA_DIGEST_LENGTH];
265#endif
266 X509_CERT_AUX *aux;
267 } X509;
268
269DECLARE_STACK_OF(X509)
270DECLARE_ASN1_SET_OF(X509)
271
272/* This is used for a table of trust checking functions */
273
274typedef struct x509_trust_st {
275 int trust;
276 int flags;
277 int (*check_trust)(struct x509_trust_st *, X509 *, int);
278 char *name;
279 int arg1;
280 void *arg2;
281} X509_TRUST;
282
283DECLARE_STACK_OF(X509_TRUST)
284
285/* standard trust ids */
286
287#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */
288
289#define X509_TRUST_COMPAT 1
290#define X509_TRUST_SSL_CLIENT 2
291#define X509_TRUST_SSL_SERVER 3
292#define X509_TRUST_EMAIL 4
293#define X509_TRUST_OBJECT_SIGN 5
294
295/* Keep these up to date! */
296#define X509_TRUST_MIN 1
297#define X509_TRUST_MAX 5
298
299
300/* trust_flags values */
301#define X509_TRUST_DYNAMIC 1
302#define X509_TRUST_DYNAMIC_NAME 2
303
304/* check_trust return codes */
305
306#define X509_TRUST_TRUSTED 1
307#define X509_TRUST_REJECTED 2
308#define X509_TRUST_UNTRUSTED 3
309
310typedef struct X509_revoked_st
311 {
312 ASN1_INTEGER *serialNumber;
313 ASN1_UTCTIME *revocationDate;
314 STACK_OF(X509_EXTENSION) /* optional */ *extensions;
315 int sequence; /* load sequence */
316 } X509_REVOKED;
317
318DECLARE_STACK_OF(X509_REVOKED)
319DECLARE_ASN1_SET_OF(X509_REVOKED)
320
321typedef struct X509_crl_info_st
322 {
323 ASN1_INTEGER *version;
324 X509_ALGOR *sig_alg;
325 X509_NAME *issuer;
326 ASN1_UTCTIME *lastUpdate;
327 ASN1_UTCTIME *nextUpdate;
328 STACK_OF(X509_REVOKED) *revoked;
329 STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
330 } X509_CRL_INFO;
331
332typedef struct X509_crl_st
333 {
334 /* actual signature */
335 X509_CRL_INFO *crl;
336 X509_ALGOR *sig_alg;
337 ASN1_BIT_STRING *signature;
338 int references;
339 } X509_CRL;
340
341DECLARE_STACK_OF(X509_CRL)
342DECLARE_ASN1_SET_OF(X509_CRL)
343
344typedef struct private_key_st
345 {
346 int version;
347 /* The PKCS#8 data types */
348 X509_ALGOR *enc_algor;
349 ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
350
351 /* When decrypted, the following will not be NULL */
352 EVP_PKEY *dec_pkey;
353
354 /* used to encrypt and decrypt */
355 int key_length;
356 char *key_data;
357 int key_free; /* true if we should auto free key_data */
358
359 /* expanded version of 'enc_algor' */
360 EVP_CIPHER_INFO cipher;
361
362 int references;
363 } X509_PKEY;
364
365#ifdef HEADER_ENVELOPE_H
366typedef struct X509_info_st
367 {
368 X509 *x509;
369 X509_CRL *crl;
370 X509_PKEY *x_pkey;
371
372 EVP_CIPHER_INFO enc_cipher;
373 int enc_len;
374 char *enc_data;
375
376 int references;
377 } X509_INFO;
378
379DECLARE_STACK_OF(X509_INFO)
380#endif
381
382/* The next 2 structures and their 8 routines were sent to me by
383 * Pat Richard <patr@x509.com> and are used to manipulate
384 * Netscapes spki structures - useful if you are writing a CA web page
385 */
386typedef struct Netscape_spkac_st
387 {
388 X509_PUBKEY *pubkey;
389 ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
390 } NETSCAPE_SPKAC;
391
392typedef struct Netscape_spki_st
393 {
394 NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
395 X509_ALGOR *sig_algor;
396 ASN1_BIT_STRING *signature;
397 } NETSCAPE_SPKI;
398
399/* Netscape certificate sequence structure */
400typedef struct Netscape_certificate_sequence
401 {
402 ASN1_OBJECT *type;
403 STACK_OF(X509) *certs;
404 } NETSCAPE_CERT_SEQUENCE;
405
406typedef struct CBCParameter_st
407 {
408 unsigned char iv[8];
409 } CBC_PARAM;
410
411/* Password based encryption structure */
412
413typedef struct PBEPARAM_st {
414ASN1_OCTET_STRING *salt;
415ASN1_INTEGER *iter;
416} PBEPARAM;
417
418/* Password based encryption V2 structures */
419
420typedef struct PBE2PARAM_st {
421X509_ALGOR *keyfunc;
422X509_ALGOR *encryption;
423} PBE2PARAM;
424
425typedef struct PBKDF2PARAM_st {
426ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */
427ASN1_INTEGER *iter;
428ASN1_INTEGER *keylength;
429X509_ALGOR *prf;
430} PBKDF2PARAM;
431
432
433/* PKCS#8 private key info structure */
434
435typedef struct pkcs8_priv_key_info_st
436 {
437 int broken; /* Flag for various broken formats */
438#define PKCS8_OK 0
439#define PKCS8_NO_OCTET 1
440#define PKCS8_EMBEDDED_PARAM 2
441#define PKCS8_NS_DB 3
442 ASN1_INTEGER *version;
443 X509_ALGOR *pkeyalg;
444 ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
445 STACK_OF(X509_ATTRIBUTE) *attributes;
446 } PKCS8_PRIV_KEY_INFO;
447
448#include <openssl/x509_vfy.h>
449#include <openssl/pkcs7.h>
450
451#ifdef SSLEAY_MACROS
452#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
453 a->signature,(char *)a->cert_info,r)
454#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
455 a->sig_alg,a->signature,(char *)a->req_info,r)
456#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
457 a->sig_alg, a->signature,(char *)a->crl,r)
458
459#define X509_sign(x,pkey,md) \
460 ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
461 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
462#define X509_REQ_sign(x,pkey,md) \
463 ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
464 x->signature, (char *)x->req_info,pkey,md)
465#define X509_CRL_sign(x,pkey,md) \
466 ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
467 x->signature, (char *)x->crl,pkey,md)
468#define NETSCAPE_SPKI_sign(x,pkey,md) \
469 ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
470 x->signature, (char *)x->spkac,pkey,md)
471
472#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
473 (char *(*)())d2i_X509,(char *)x509)
474#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
475 (int (*)())i2d_X509_ATTRIBUTE, \
476 (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
477#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
478 (int (*)())i2d_X509_EXTENSION, \
479 (char *(*)())d2i_X509_EXTENSION,(char *)ex)
480#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
481 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
482#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
483#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
484 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
485#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
486
487#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
488 (char *(*)())d2i_X509_CRL,(char *)crl)
489#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
490 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
491 (unsigned char **)(crl))
492#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
493 (unsigned char *)crl)
494#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
495 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
496 (unsigned char **)(crl))
497#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
498 (unsigned char *)crl)
499
500#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
501 (char *(*)())d2i_PKCS7,(char *)p7)
502#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
503 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
504 (unsigned char **)(p7))
505#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
506 (unsigned char *)p7)
507#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
508 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
509 (unsigned char **)(p7))
510#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
511 (unsigned char *)p7)
512
513#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
514 (char *(*)())d2i_X509_REQ,(char *)req)
515#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
516 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
517 (unsigned char **)(req))
518#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
519 (unsigned char *)req)
520#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
521 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
522 (unsigned char **)(req))
523#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
524 (unsigned char *)req)
525
526#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
527 (char *(*)())d2i_RSAPublicKey,(char *)rsa)
528#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
529 (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
530
531#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
532 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
533 (unsigned char **)(rsa))
534#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
535 (unsigned char *)rsa)
536#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
537 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
538 (unsigned char **)(rsa))
539#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
540 (unsigned char *)rsa)
541
542#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
543 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
544 (unsigned char **)(rsa))
545#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
546 (unsigned char *)rsa)
547#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
548 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
549 (unsigned char **)(rsa))
550#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
551 (unsigned char *)rsa)
552
553#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
554 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
555 (unsigned char **)(dsa))
556#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
557 (unsigned char *)dsa)
558#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
559 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
560 (unsigned char **)(dsa))
561#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
562 (unsigned char *)dsa)
563
564#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
565 (char *(*)())d2i_X509_ALGOR,(char *)xn)
566
567#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
568 (char *(*)())d2i_X509_NAME,(char *)xn)
569#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
570 (int (*)())i2d_X509_NAME_ENTRY, \
571 (char *(*)())d2i_X509_NAME_ENTRY,\
572 (char *)ne)
573
574#define X509_digest(data,type,md,len) \
575 ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
576#define X509_NAME_digest(data,type,md,len) \
577 ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
578#ifndef PKCS7_ISSUER_AND_SERIAL_digest
579#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
580 ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
581 (char *)data,md,len)
582#endif
583#endif
584
585#define X509_EXT_PACK_UNKNOWN 1
586#define X509_EXT_PACK_STRING 2
587
588#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
589/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
590#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
591#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
592#define X509_extract_key(x) X509_get_pubkey(x) /*****/
593#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
594#define X509_REQ_get_subject_name(x) ((x)->req_info->subject)
595#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
596#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
597#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
598
599#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
600#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
601#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
602#define X509_CRL_get_issuer(x) ((x)->crl->issuer)
603#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
604
605/* This one is only used so that a binary form can output, as in
606 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
607#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
608
609
610const char *X509_verify_cert_error_string(long n);
611
612#ifndef SSLEAY_MACROS
613#ifdef HEADER_ENVELOPE_H
614int X509_verify(X509 *a, EVP_PKEY *r);
615
616int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
617int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
618int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
619
620NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
621char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
622EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
623int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
624
625int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
626
627int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
628int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
629int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
630int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
631
632int X509_digest(X509 *data,const EVP_MD *type,unsigned char *md,unsigned int *len);
633int X509_NAME_digest(X509_NAME *data,const EVP_MD *type,
634 unsigned char *md,unsigned int *len);
635#endif
636
637#ifndef NO_FP_API
638X509 *d2i_X509_fp(FILE *fp, X509 **x509);
639int i2d_X509_fp(FILE *fp,X509 *x509);
640X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
641int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
642X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
643int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
644#ifndef NO_RSA
645RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
646int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
647RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
648int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
649RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
650int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
651#endif
652#ifndef NO_DSA
653DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
654int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
655DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
656int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
657#endif
658X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
659int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
660PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
661 PKCS8_PRIV_KEY_INFO **p8inf);
662int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
663int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
664int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
665EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
666#endif
667
668#ifdef HEADER_BIO_H
669X509 *d2i_X509_bio(BIO *bp,X509 **x509);
670int i2d_X509_bio(BIO *bp,X509 *x509);
671X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
672int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
673X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
674int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
675#ifndef NO_RSA
676RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
677int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
678RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
679int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
680RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
681int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
682#endif
683#ifndef NO_DSA
684DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
685int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
686DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
687int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
688#endif
689X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
690int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
691PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
692 PKCS8_PRIV_KEY_INFO **p8inf);
693int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
694int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
695int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
696EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
697#endif
698
699X509 *X509_dup(X509 *x509);
700X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
701X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
702X509_CRL *X509_CRL_dup(X509_CRL *crl);
703X509_REQ *X509_REQ_dup(X509_REQ *req);
704X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
705X509_NAME *X509_NAME_dup(X509_NAME *xn);
706X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
707#ifndef NO_RSA
708RSA *RSAPublicKey_dup(RSA *rsa);
709RSA *RSAPrivateKey_dup(RSA *rsa);
710#endif
711
712#endif /* !SSLEAY_MACROS */
713
714int X509_cmp_current_time(ASN1_UTCTIME *s);
715ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
716
717const char * X509_get_default_cert_area(void );
718const char * X509_get_default_cert_dir(void );
719const char * X509_get_default_cert_file(void );
720const char * X509_get_default_cert_dir_env(void );
721const char * X509_get_default_cert_file_env(void );
722const char * X509_get_default_private_dir(void );
723
724X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
725X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
726void ERR_load_X509_strings(void );
727
728X509_ALGOR * X509_ALGOR_new(void );
729void X509_ALGOR_free(X509_ALGOR *a);
730int i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp);
731X509_ALGOR * d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp,
732 long length);
733
734X509_VAL * X509_VAL_new(void );
735void X509_VAL_free(X509_VAL *a);
736int i2d_X509_VAL(X509_VAL *a,unsigned char **pp);
737X509_VAL * d2i_X509_VAL(X509_VAL **a,unsigned char **pp,
738 long length);
739
740X509_PUBKEY * X509_PUBKEY_new(void );
741void X509_PUBKEY_free(X509_PUBKEY *a);
742int i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp);
743X509_PUBKEY * d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp,
744 long length);
745int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
746EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
747int X509_get_pubkey_parameters(EVP_PKEY *pkey,
748 STACK_OF(X509) *chain);
749int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
750EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
751 long length);
752#ifndef NO_RSA
753int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
754RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
755 long length);
756#endif
757#ifndef NO_DSA
758int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
759DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
760 long length);
761#endif
762
763X509_SIG * X509_SIG_new(void );
764void X509_SIG_free(X509_SIG *a);
765int i2d_X509_SIG(X509_SIG *a,unsigned char **pp);
766X509_SIG * d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length);
767
768X509_REQ_INFO *X509_REQ_INFO_new(void);
769void X509_REQ_INFO_free(X509_REQ_INFO *a);
770int i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp);
771X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp,
772 long length);
773
774X509_REQ * X509_REQ_new(void);
775void X509_REQ_free(X509_REQ *a);
776int i2d_X509_REQ(X509_REQ *a,unsigned char **pp);
777X509_REQ * d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length);
778
779X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
780void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
781int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
782X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
783 long length);
784X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
785
786
787X509_EXTENSION *X509_EXTENSION_new(void );
788void X509_EXTENSION_free(X509_EXTENSION *a);
789int i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp);
790X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp,
791 long length);
792
793X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
794void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a);
795int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp);
796X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp,
797 long length);
798
799X509_NAME * X509_NAME_new(void);
800void X509_NAME_free(X509_NAME *a);
801int i2d_X509_NAME(X509_NAME *a,unsigned char **pp);
802X509_NAME * d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length);
803int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
804
805
806X509_CINF * X509_CINF_new(void);
807void X509_CINF_free(X509_CINF *a);
808int i2d_X509_CINF(X509_CINF *a,unsigned char **pp);
809X509_CINF * d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length);
810
811X509 * X509_new(void);
812void X509_free(X509 *a);
813int i2d_X509(X509 *a,unsigned char **pp);
814X509 * d2i_X509(X509 **a,unsigned char **pp,long length);
815int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
816 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
817int X509_set_ex_data(X509 *r, int idx, void *arg);
818void *X509_get_ex_data(X509 *r, int idx);
819int i2d_X509_AUX(X509 *a,unsigned char **pp);
820X509 * d2i_X509_AUX(X509 **a,unsigned char **pp,long length);
821
822X509_CERT_AUX * X509_CERT_AUX_new(void);
823void X509_CERT_AUX_free(X509_CERT_AUX *a);
824int i2d_X509_CERT_AUX(X509_CERT_AUX *a,unsigned char **pp);
825X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp,
826 long length);
827int X509_alias_set1(X509 *x, unsigned char *name, int len);
828unsigned char * X509_alias_get0(X509 *x, int *len);
829int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
830int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
831int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
832void X509_trust_clear(X509 *x);
833void X509_reject_clear(X509 *x);
834
835X509_REVOKED * X509_REVOKED_new(void);
836void X509_REVOKED_free(X509_REVOKED *a);
837int i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp);
838X509_REVOKED * d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length);
839
840X509_CRL_INFO *X509_CRL_INFO_new(void);
841void X509_CRL_INFO_free(X509_CRL_INFO *a);
842int i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp);
843X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp,
844 long length);
845
846X509_CRL * X509_CRL_new(void);
847void X509_CRL_free(X509_CRL *a);
848int i2d_X509_CRL(X509_CRL *a,unsigned char **pp);
849X509_CRL * d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length);
850
851X509_PKEY * X509_PKEY_new(void );
852void X509_PKEY_free(X509_PKEY *a);
853int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
854X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
855
856NETSCAPE_SPKI * NETSCAPE_SPKI_new(void );
857void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a);
858int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp);
859NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp,
860 long length);
861
862NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void );
863void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a);
864int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp);
865NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp,
866 long length);
867
868
869int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp);
870NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void);
871NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, unsigned char **pp, long length);
872void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a);
873
874#ifdef HEADER_ENVELOPE_H
875X509_INFO * X509_INFO_new(void);
876void X509_INFO_free(X509_INFO *a);
877char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
878
879int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
880 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
881
882int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data,
883 unsigned char *md,unsigned int *len);
884
885int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
886 ASN1_BIT_STRING *signature,
887 char *data,EVP_PKEY *pkey, const EVP_MD *type);
888#endif
889
890int X509_set_version(X509 *x,long version);
891int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
892ASN1_INTEGER * X509_get_serialNumber(X509 *x);
893int X509_set_issuer_name(X509 *x, X509_NAME *name);
894X509_NAME * X509_get_issuer_name(X509 *a);
895int X509_set_subject_name(X509 *x, X509_NAME *name);
896X509_NAME * X509_get_subject_name(X509 *a);
897int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
898int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
899int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
900EVP_PKEY * X509_get_pubkey(X509 *x);
901int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
902
903int X509_REQ_set_version(X509_REQ *x,long version);
904int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
905int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
906EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
907int X509_REQ_extension_nid(int nid);
908int * X509_REQ_get_extension_nids(void);
909void X509_REQ_set_extension_nids(int *nids);
910STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
911int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
912 int nid);
913int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
914int X509_REQ_get_attr_count(const X509_REQ *req);
915int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
916 int lastpos);
917int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
918 int lastpos);
919X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
920X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
921int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
922int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
923 ASN1_OBJECT *obj, int type,
924 unsigned char *bytes, int len);
925int X509_REQ_add1_attr_by_NID(X509_REQ *req,
926 int nid, int type,
927 unsigned char *bytes, int len);
928int X509_REQ_add1_attr_by_txt(X509_REQ *req,
929 char *attrname, int type,
930 unsigned char *bytes, int len);
931
932int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
933
934int X509_issuer_and_serial_cmp(X509 *a, X509 *b);
935unsigned long X509_issuer_and_serial_hash(X509 *a);
936
937int X509_issuer_name_cmp(X509 *a, X509 *b);
938unsigned long X509_issuer_name_hash(X509 *a);
939
940int X509_subject_name_cmp(X509 *a,X509 *b);
941unsigned long X509_subject_name_hash(X509 *x);
942
943int X509_cmp (X509 *a, X509 *b);
944int X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
945unsigned long X509_NAME_hash(X509_NAME *x);
946
947int X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
948#ifndef NO_FP_API
949int X509_print_fp(FILE *bp,X509 *x);
950int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
951int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
952#endif
953
954#ifdef HEADER_BIO_H
955int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
956int X509_print(BIO *bp,X509 *x);
957int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
958int X509_CRL_print(BIO *bp,X509_CRL *x);
959int X509_REQ_print(BIO *bp,X509_REQ *req);
960#endif
961
962int X509_NAME_entry_count(X509_NAME *name);
963int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
964 char *buf,int len);
965int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
966 char *buf,int len);
967
968/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
969 * lastpos, search after that position on. */
970int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
971int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
972 int lastpos);
973X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
974X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
975int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
976 int loc, int set);
977int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
978 unsigned char *bytes, int len, int loc, int set);
979int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
980 unsigned char *bytes, int len, int loc, int set);
981X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
982 char *field, int type, unsigned char *bytes, int len);
983X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
984 int type,unsigned char *bytes, int len);
985int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
986 unsigned char *bytes, int len, int loc, int set);
987X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
988 ASN1_OBJECT *obj, int type,unsigned char *bytes,
989 int len);
990int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
991 ASN1_OBJECT *obj);
992int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
993 unsigned char *bytes, int len);
994ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
995ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
996
997int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
998int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
999 int nid, int lastpos);
1000int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
1001 ASN1_OBJECT *obj,int lastpos);
1002int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
1003 int crit, int lastpos);
1004X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
1005X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
1006STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
1007 X509_EXTENSION *ex, int loc);
1008
1009int X509_get_ext_count(X509 *x);
1010int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
1011int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
1012int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
1013X509_EXTENSION *X509_get_ext(X509 *x, int loc);
1014X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
1015int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
1016void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
1017
1018int X509_CRL_get_ext_count(X509_CRL *x);
1019int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
1020int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
1021int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
1022X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
1023X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
1024int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
1025void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
1026
1027int X509_REVOKED_get_ext_count(X509_REVOKED *x);
1028int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
1029int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
1030int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
1031X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
1032X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
1033int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
1034void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
1035
1036X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
1037 int nid, int crit, ASN1_OCTET_STRING *data);
1038X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
1039 ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
1040int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
1041int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
1042int X509_EXTENSION_set_data(X509_EXTENSION *ex,
1043 ASN1_OCTET_STRING *data);
1044ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
1045ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
1046int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
1047
1048int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
1049int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
1050 int lastpos);
1051int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
1052 int lastpos);
1053X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
1054X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
1055STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
1056 X509_ATTRIBUTE *attr);
1057STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
1058 ASN1_OBJECT *obj, int type,
1059 unsigned char *bytes, int len);
1060STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
1061 int nid, int type,
1062 unsigned char *bytes, int len);
1063STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
1064 char *attrname, int type,
1065 unsigned char *bytes, int len);
1066X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
1067 int atrtype, void *data, int len);
1068X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
1069 ASN1_OBJECT *obj, int atrtype, void *data, int len);
1070X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
1071 char *atrname, int type, unsigned char *bytes, int len);
1072int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj);
1073int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len);
1074void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
1075 int atrtype, void *data);
1076int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
1077ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
1078ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
1079
1080int X509_verify_cert(X509_STORE_CTX *ctx);
1081
1082/* lookup a cert from a X509 STACK */
1083X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
1084 ASN1_INTEGER *serial);
1085X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
1086
1087int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp);
1088PBEPARAM *PBEPARAM_new(void);
1089PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length);
1090void PBEPARAM_free(PBEPARAM *a);
1091X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
1092X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
1093 unsigned char *salt, int saltlen);
1094
1095int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp);
1096PBKDF2PARAM *PBKDF2PARAM_new(void);
1097PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp, long length);
1098void PBKDF2PARAM_free(PBKDF2PARAM *a);
1099
1100int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp);
1101PBE2PARAM *PBE2PARAM_new(void);
1102PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length);
1103void PBE2PARAM_free(PBE2PARAM *a);
1104
1105/* PKCS#8 utilities */
1106
1107int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp);
1108PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
1109PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
1110 unsigned char **pp, long length);
1111void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a);
1112
1113EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
1114PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
1115PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
1116PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
1117
1118int X509_check_trust(X509 *x, int id, int flags);
1119int X509_TRUST_get_count(void);
1120X509_TRUST * X509_TRUST_get0(int idx);
1121int X509_TRUST_get_by_id(int id);
1122int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
1123 char *name, int arg1, void *arg2);
1124void X509_TRUST_cleanup(void);
1125int X509_TRUST_get_flags(X509_TRUST *xp);
1126char *X509_TRUST_get0_name(X509_TRUST *xp);
1127int X509_TRUST_get_trust(X509_TRUST *xp);
1128
1129/* BEGIN ERROR CODES */
1130/* The following lines are auto generated by the script mkerr.pl. Any changes
1131 * made after this point may be overwritten when the script is next run.
1132 */
1133
1134/* Error codes for the X509 functions. */
1135
1136/* Function codes. */
1137#define X509_F_ADD_CERT_DIR 100
1138#define X509_F_BY_FILE_CTRL 101
1139#define X509_F_DIR_CTRL 102
1140#define X509_F_GET_CERT_BY_SUBJECT 103
1141#define X509_F_NETSCAPE_SPKI_B64_DECODE 129
1142#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130
1143#define X509_F_X509V3_ADD_EXT 104
1144#define X509_F_X509_ADD_ATTR 135
1145#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136
1146#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137
1147#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140
1148#define X509_F_X509_ATTRIBUTE_GET0_DATA 139
1149#define X509_F_X509_ATTRIBUTE_SET1_DATA 138
1150#define X509_F_X509_CHECK_PRIVATE_KEY 128
1151#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
1152#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
1153#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
1154#define X509_F_X509_LOAD_CERT_CRL_FILE 132
1155#define X509_F_X509_LOAD_CERT_FILE 111
1156#define X509_F_X509_LOAD_CRL_FILE 112
1157#define X509_F_X509_NAME_ADD_ENTRY 113
1158#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
1159#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131
1160#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
1161#define X509_F_X509_NAME_ONELINE 116
1162#define X509_F_X509_NAME_PRINT 117
1163#define X509_F_X509_PRINT_FP 118
1164#define X509_F_X509_PUBKEY_GET 119
1165#define X509_F_X509_PUBKEY_SET 120
1166#define X509_F_X509_REQ_PRINT 121
1167#define X509_F_X509_REQ_PRINT_FP 122
1168#define X509_F_X509_REQ_TO_X509 123
1169#define X509_F_X509_STORE_ADD_CERT 124
1170#define X509_F_X509_STORE_ADD_CRL 125
1171#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
1172#define X509_F_X509_TO_X509_REQ 126
1173#define X509_F_X509_TRUST_ADD 133
1174#define X509_F_X509_VERIFY_CERT 127
1175
1176/* Reason codes. */
1177#define X509_R_BAD_X509_FILETYPE 100
1178#define X509_R_BASE64_DECODE_ERROR 118
1179#define X509_R_CANT_CHECK_DH_KEY 114
1180#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
1181#define X509_R_ERR_ASN1_LIB 102
1182#define X509_R_INVALID_DIRECTORY 113
1183#define X509_R_INVALID_FIELD_NAME 119
1184#define X509_R_KEY_TYPE_MISMATCH 115
1185#define X509_R_KEY_VALUES_MISMATCH 116
1186#define X509_R_LOADING_CERT_DIR 103
1187#define X509_R_LOADING_DEFAULTS 104
1188#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
1189#define X509_R_SHOULD_RETRY 106
1190#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
1191#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
1192#define X509_R_UNKNOWN_KEY_TYPE 117
1193#define X509_R_UNKNOWN_NID 109
1194#define X509_R_UNKNOWN_PURPOSE_ID 121
1195#define X509_R_UNKNOWN_TRUST_ID 120
1196#define X509_R_UNSUPPORTED_ALGORITHM 111
1197#define X509_R_WRONG_LOOKUP_TYPE 112
1198#define X509_R_WRONG_TYPE 122
1199
1200#ifdef __cplusplus
1201}
1202#endif
1203#endif
1204
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
deleted file mode 100644
index caafde658f..0000000000
--- a/src/lib/libcrypto/x509/x509_att.c
+++ /dev/null
@@ -1,326 +0,0 @@
1/* crypto/x509/x509_att.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
69{
70 if (!x) return 0;
71 return(sk_X509_ATTRIBUTE_num(x));
72}
73
74int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
75 int lastpos)
76{
77 ASN1_OBJECT *obj;
78
79 obj=OBJ_nid2obj(nid);
80 if (obj == NULL) return(-2);
81 return(X509at_get_attr_by_OBJ(x,obj,lastpos));
82}
83
84int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
85 int lastpos)
86{
87 int n;
88 X509_ATTRIBUTE *ex;
89
90 if (sk == NULL) return(-1);
91 lastpos++;
92 if (lastpos < 0)
93 lastpos=0;
94 n=sk_X509_ATTRIBUTE_num(sk);
95 for ( ; lastpos < n; lastpos++)
96 {
97 ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
98 if (OBJ_cmp(ex->object,obj) == 0)
99 return(lastpos);
100 }
101 return(-1);
102}
103
104X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
105{
106 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
107 return NULL;
108 else
109 return sk_X509_ATTRIBUTE_value(x,loc);
110}
111
112X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
113{
114 X509_ATTRIBUTE *ret;
115
116 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
117 return(NULL);
118 ret=sk_X509_ATTRIBUTE_delete(x,loc);
119 return(ret);
120}
121
122STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
123 X509_ATTRIBUTE *attr)
124{
125 X509_ATTRIBUTE *new_attr=NULL;
126 STACK_OF(X509_ATTRIBUTE) *sk=NULL;
127
128 if ((x != NULL) && (*x == NULL))
129 {
130 if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
131 goto err;
132 }
133 else
134 sk= *x;
135
136 if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
137 goto err2;
138 if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
139 goto err;
140 if ((x != NULL) && (*x == NULL))
141 *x=sk;
142 return(sk);
143err:
144 X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE);
145err2:
146 if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
147 if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
148 return(NULL);
149}
150
151STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
152 ASN1_OBJECT *obj, int type,
153 unsigned char *bytes, int len)
154{
155 X509_ATTRIBUTE *attr;
156 STACK_OF(X509_ATTRIBUTE) *ret;
157 attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
158 if(!attr) return 0;
159 ret = X509at_add1_attr(x, attr);
160 X509_ATTRIBUTE_free(attr);
161 return ret;
162}
163
164STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
165 int nid, int type,
166 unsigned char *bytes, int len)
167{
168 X509_ATTRIBUTE *attr;
169 STACK_OF(X509_ATTRIBUTE) *ret;
170 attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
171 if(!attr) return 0;
172 ret = X509at_add1_attr(x, attr);
173 X509_ATTRIBUTE_free(attr);
174 return ret;
175}
176
177STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
178 char *attrname, int type,
179 unsigned char *bytes, int len)
180{
181 X509_ATTRIBUTE *attr;
182 STACK_OF(X509_ATTRIBUTE) *ret;
183 attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
184 if(!attr) return 0;
185 ret = X509at_add1_attr(x, attr);
186 X509_ATTRIBUTE_free(attr);
187 return ret;
188}
189
190X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
191 int atrtype, void *data, int len)
192{
193 ASN1_OBJECT *obj;
194 X509_ATTRIBUTE *ret;
195
196 obj=OBJ_nid2obj(nid);
197 if (obj == NULL)
198 {
199 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
200 return(NULL);
201 }
202 ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
203 if (ret == NULL) ASN1_OBJECT_free(obj);
204 return(ret);
205}
206
207X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
208 ASN1_OBJECT *obj, int atrtype, void *data, int len)
209{
210 X509_ATTRIBUTE *ret;
211
212 if ((attr == NULL) || (*attr == NULL))
213 {
214 if ((ret=X509_ATTRIBUTE_new()) == NULL)
215 {
216 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
217 return(NULL);
218 }
219 }
220 else
221 ret= *attr;
222
223 if (!X509_ATTRIBUTE_set1_object(ret,obj))
224 goto err;
225 if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
226 goto err;
227
228 if ((attr != NULL) && (*attr == NULL)) *attr=ret;
229 return(ret);
230err:
231 if ((attr == NULL) || (ret != *attr))
232 X509_ATTRIBUTE_free(ret);
233 return(NULL);
234}
235
236X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
237 char *atrname, int type, unsigned char *bytes, int len)
238 {
239 ASN1_OBJECT *obj;
240 X509_ATTRIBUTE *nattr;
241
242 obj=OBJ_txt2obj(atrname, 0);
243 if (obj == NULL)
244 {
245 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
246 X509_R_INVALID_FIELD_NAME);
247 ERR_add_error_data(2, "name=", atrname);
248 return(NULL);
249 }
250 nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
251 ASN1_OBJECT_free(obj);
252 return nattr;
253 }
254
255int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj)
256{
257 if ((attr == NULL) || (obj == NULL))
258 return(0);
259 ASN1_OBJECT_free(attr->object);
260 attr->object=OBJ_dup(obj);
261 return(1);
262}
263
264int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len)
265{
266 ASN1_TYPE *ttmp;
267 ASN1_STRING *stmp;
268 int atype;
269 if (!attr) return 0;
270 if(attrtype & MBSTRING_FLAG) {
271 stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
272 OBJ_obj2nid(attr->object));
273 if(!stmp) {
274 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
275 return 0;
276 }
277 atype = stmp->type;
278 } else {
279 if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
280 if(!ASN1_STRING_set(stmp, data, len)) goto err;
281 atype = attrtype;
282 }
283 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
284 if(!(ttmp = ASN1_TYPE_new())) goto err;
285 if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
286 attr->set = 1;
287 ASN1_TYPE_set(ttmp, atype, stmp);
288 return 1;
289 err:
290 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
291 return 0;
292}
293
294int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
295{
296 if(attr->set) return sk_ASN1_TYPE_num(attr->value.set);
297 if(attr->value.single) return 1;
298 return 0;
299}
300
301ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
302{
303 if (attr == NULL) return(NULL);
304 return(attr->object);
305}
306
307void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
308 int atrtype, void *data)
309{
310 ASN1_TYPE *ttmp;
311 ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
312 if(!ttmp) return NULL;
313 if(atrtype != ASN1_TYPE_get(ttmp)){
314 X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
315 return NULL;
316 }
317 return ttmp->value.ptr;
318}
319
320ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
321{
322 if (attr == NULL) return(NULL);
323 if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
324 if(attr->set) return sk_ASN1_TYPE_value(attr->value.set, idx);
325 else return attr->value.single;
326}
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
deleted file mode 100644
index a8a5ca8b03..0000000000
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ /dev/null
@@ -1,308 +0,0 @@
1/* crypto/x509/x509_cmp.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64#include <openssl/x509v3.h>
65
66int X509_issuer_and_serial_cmp(X509 *a, X509 *b)
67 {
68 int i;
69 X509_CINF *ai,*bi;
70
71 ai=a->cert_info;
72 bi=b->cert_info;
73 i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
74 if (i) return(i);
75 return(X509_NAME_cmp(ai->issuer,bi->issuer));
76 }
77
78#ifndef NO_MD5
79unsigned long X509_issuer_and_serial_hash(X509 *a)
80 {
81 unsigned long ret=0;
82 MD5_CTX ctx;
83 unsigned char md[16];
84 char str[256];
85
86 X509_NAME_oneline(a->cert_info->issuer,str,256);
87 ret=strlen(str);
88 MD5_Init(&ctx);
89 MD5_Update(&ctx,(unsigned char *)str,ret);
90 MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
91 (unsigned long)a->cert_info->serialNumber->length);
92 MD5_Final(&(md[0]),&ctx);
93 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
94 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
95 )&0xffffffffL;
96 return(ret);
97 }
98#endif
99
100int X509_issuer_name_cmp(X509 *a, X509 *b)
101 {
102 return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
103 }
104
105int X509_subject_name_cmp(X509 *a, X509 *b)
106 {
107 return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
108 }
109
110int X509_CRL_cmp(X509_CRL *a, X509_CRL *b)
111 {
112 return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
113 }
114
115X509_NAME *X509_get_issuer_name(X509 *a)
116 {
117 return(a->cert_info->issuer);
118 }
119
120unsigned long X509_issuer_name_hash(X509 *x)
121 {
122 return(X509_NAME_hash(x->cert_info->issuer));
123 }
124
125X509_NAME *X509_get_subject_name(X509 *a)
126 {
127 return(a->cert_info->subject);
128 }
129
130ASN1_INTEGER *X509_get_serialNumber(X509 *a)
131 {
132 return(a->cert_info->serialNumber);
133 }
134
135unsigned long X509_subject_name_hash(X509 *x)
136 {
137 return(X509_NAME_hash(x->cert_info->subject));
138 }
139
140#ifndef NO_SHA
141/* Compare two certificates: they must be identical for
142 * this to work.
143 */
144int X509_cmp(X509 *a, X509 *b)
145{
146 /* ensure hash is valid */
147 X509_check_purpose(a, -1, 0);
148 X509_check_purpose(b, -1, 0);
149
150 return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
151}
152#endif
153
154int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
155 {
156 int i,j;
157 X509_NAME_ENTRY *na,*nb;
158
159 if (sk_X509_NAME_ENTRY_num(a->entries)
160 != sk_X509_NAME_ENTRY_num(b->entries))
161 return sk_X509_NAME_ENTRY_num(a->entries)
162 -sk_X509_NAME_ENTRY_num(b->entries);
163 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
164 {
165 na=sk_X509_NAME_ENTRY_value(a->entries,i);
166 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
167 j=na->value->length-nb->value->length;
168 if (j) return(j);
169 j=memcmp(na->value->data,nb->value->data,
170 na->value->length);
171 if (j) return(j);
172 j=na->set-nb->set;
173 if (j) return(j);
174 }
175
176 /* We will check the object types after checking the values
177 * since the values will more often be different than the object
178 * types. */
179 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
180 {
181 na=sk_X509_NAME_ENTRY_value(a->entries,i);
182 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
183 j=OBJ_cmp(na->object,nb->object);
184 if (j) return(j);
185 }
186 return(0);
187 }
188
189#ifndef NO_MD5
190/* I now DER encode the name and hash it. Since I cache the DER encoding,
191 * this is reasonably efficient. */
192unsigned long X509_NAME_hash(X509_NAME *x)
193 {
194 unsigned long ret=0;
195 unsigned char md[16];
196 unsigned char str[256],*p,*pp;
197 int i;
198
199 i=i2d_X509_NAME(x,NULL);
200 if (i > sizeof(str))
201 p=Malloc(i);
202 else
203 p=str;
204
205 pp=p;
206 i2d_X509_NAME(x,&pp);
207 MD5((unsigned char *)p,i,&(md[0]));
208 if (p != str) Free(p);
209
210 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
211 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
212 )&0xffffffffL;
213 return(ret);
214 }
215#endif
216
217/* Search a stack of X509 for a match */
218X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
219 ASN1_INTEGER *serial)
220 {
221 int i;
222 X509_CINF cinf;
223 X509 x,*x509=NULL;
224
225 if(!sk) return NULL;
226
227 x.cert_info= &cinf;
228 cinf.serialNumber=serial;
229 cinf.issuer=name;
230
231 for (i=0; i<sk_X509_num(sk); i++)
232 {
233 x509=sk_X509_value(sk,i);
234 if (X509_issuer_and_serial_cmp(x509,&x) == 0)
235 return(x509);
236 }
237 return(NULL);
238 }
239
240X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
241 {
242 X509 *x509;
243 int i;
244
245 for (i=0; i<sk_X509_num(sk); i++)
246 {
247 x509=sk_X509_value(sk,i);
248 if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
249 return(x509);
250 }
251 return(NULL);
252 }
253
254EVP_PKEY *X509_get_pubkey(X509 *x)
255 {
256 if ((x == NULL) || (x->cert_info == NULL))
257 return(NULL);
258 return(X509_PUBKEY_get(x->cert_info->key));
259 }
260
261int X509_check_private_key(X509 *x, EVP_PKEY *k)
262 {
263 EVP_PKEY *xk=NULL;
264 int ok=0;
265
266 xk=X509_get_pubkey(x);
267 if (xk->type != k->type)
268 {
269 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
270 goto err;
271 }
272 switch (k->type)
273 {
274#ifndef NO_RSA
275 case EVP_PKEY_RSA:
276 if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
277 || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
278 {
279 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
280 goto err;
281 }
282 break;
283#endif
284#ifndef NO_DSA
285 case EVP_PKEY_DSA:
286 if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
287 {
288 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
289 goto err;
290 }
291 break;
292#endif
293#ifndef NO_DH
294 case EVP_PKEY_DH:
295 /* No idea */
296 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
297 goto err;
298#endif
299 default:
300 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
301 goto err;
302 }
303
304 ok=1;
305err:
306 EVP_PKEY_free(xk);
307 return(ok);
308 }
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
deleted file mode 100644
index 753d53eb43..0000000000
--- a/src/lib/libcrypto/x509/x509_d2.c
+++ /dev/null
@@ -1,107 +0,0 @@
1/* crypto/x509/x509_d2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/crypto.h>
62#include <openssl/x509.h>
63
64#ifndef NO_STDIO
65int X509_STORE_set_default_paths(X509_STORE *ctx)
66 {
67 X509_LOOKUP *lookup;
68
69 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
70 if (lookup == NULL) return(0);
71 X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
72
73 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
74 if (lookup == NULL) return(0);
75 X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
76
77 /* clear any errors */
78 ERR_clear_error();
79
80 return(1);
81 }
82
83int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
84 const char *path)
85 {
86 X509_LOOKUP *lookup;
87
88 if (file != NULL)
89 {
90 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
91 if (lookup == NULL) return(0);
92 if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
93 return(0);
94 }
95 if (path != NULL)
96 {
97 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
98 if (lookup == NULL) return(0);
99 if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
100 return(0);
101 }
102 if ((path == NULL) && (file == NULL))
103 return(0);
104 return(1);
105 }
106
107#endif
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
deleted file mode 100644
index e0ac151a76..0000000000
--- a/src/lib/libcrypto/x509/x509_def.c
+++ /dev/null
@@ -1,81 +0,0 @@
1/* crypto/x509/x509_def.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/crypto.h>
62#include <openssl/x509.h>
63
64const char *X509_get_default_private_dir(void)
65 { return(X509_PRIVATE_DIR); }
66
67const char *X509_get_default_cert_area(void)
68 { return(X509_CERT_AREA); }
69
70const char *X509_get_default_cert_dir(void)
71 { return(X509_CERT_DIR); }
72
73const char *X509_get_default_cert_file(void)
74 { return(X509_CERT_FILE); }
75
76const char *X509_get_default_cert_dir_env(void)
77 { return(X509_CERT_DIR_EVP); }
78
79const char *X509_get_default_cert_file_env(void)
80 { return(X509_CERT_FILE_EVP); }
81
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
deleted file mode 100644
index 848add56e9..0000000000
--- a/src/lib/libcrypto/x509/x509_err.c
+++ /dev/null
@@ -1,152 +0,0 @@
1/* crypto/x509/x509_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/x509.h>
64
65/* BEGIN ERROR CODES */
66#ifndef NO_ERR
67static ERR_STRING_DATA X509_str_functs[]=
68 {
69{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"},
70{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"},
71{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"},
72{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"},
73{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"},
74{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"},
75{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"},
76{ERR_PACK(0,X509_F_X509_ADD_ATTR,0), "X509_ADD_ATTR"},
77{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"},
78{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"},
79{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0), "X509_ATTRIBUTE_create_by_txt"},
80{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"},
81{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"},
82{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"},
83{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
84{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
85{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
86{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"},
87{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"},
88{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"},
89{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"},
90{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"},
91{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0), "X509_NAME_ENTRY_create_by_txt"},
92{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"},
93{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"},
94{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"},
95{ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"},
96{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"},
97{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"},
98{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"},
99{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"},
100{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
101{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"},
102{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"},
103{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"},
104{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
105{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"},
106{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
107{0,NULL}
108 };
109
110static ERR_STRING_DATA X509_str_reasons[]=
111 {
112{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
113{X509_R_BASE64_DECODE_ERROR ,"base64 decode error"},
114{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"},
115{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
116{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
117{X509_R_INVALID_DIRECTORY ,"invalid directory"},
118{X509_R_INVALID_FIELD_NAME ,"invalid field name"},
119{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"},
120{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"},
121{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
122{X509_R_LOADING_DEFAULTS ,"loading defaults"},
123{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"},
124{X509_R_SHOULD_RETRY ,"should retry"},
125{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
126{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
127{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"},
128{X509_R_UNKNOWN_NID ,"unknown nid"},
129{X509_R_UNKNOWN_PURPOSE_ID ,"unknown purpose id"},
130{X509_R_UNKNOWN_TRUST_ID ,"unknown trust id"},
131{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},
132{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"},
133{X509_R_WRONG_TYPE ,"wrong type"},
134{0,NULL}
135 };
136
137#endif
138
139void ERR_load_X509_strings(void)
140 {
141 static int init=1;
142
143 if (init)
144 {
145 init=0;
146#ifndef NO_ERR
147 ERR_load_strings(ERR_LIB_X509,X509_str_functs);
148 ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
149#endif
150
151 }
152 }
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
deleted file mode 100644
index 2955989807..0000000000
--- a/src/lib/libcrypto/x509/x509_ext.c
+++ /dev/null
@@ -1,191 +0,0 @@
1/* crypto/x509/x509_ext.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68
69int X509_CRL_get_ext_count(X509_CRL *x)
70 {
71 return(X509v3_get_ext_count(x->crl->extensions));
72 }
73
74int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
75 {
76 return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
77 }
78
79int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
80 {
81 return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
82 }
83
84int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
85 {
86 return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
87 }
88
89X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
90 {
91 return(X509v3_get_ext(x->crl->extensions,loc));
92 }
93
94X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
95 {
96 return(X509v3_delete_ext(x->crl->extensions,loc));
97 }
98
99void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
100{
101 return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
102}
103
104int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
105 {
106 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
107 }
108
109int X509_get_ext_count(X509 *x)
110 {
111 return(X509v3_get_ext_count(x->cert_info->extensions));
112 }
113
114int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
115 {
116 return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
117 }
118
119int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
120 {
121 return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
122 }
123
124int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
125 {
126 return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
127 }
128
129X509_EXTENSION *X509_get_ext(X509 *x, int loc)
130 {
131 return(X509v3_get_ext(x->cert_info->extensions,loc));
132 }
133
134X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
135 {
136 return(X509v3_delete_ext(x->cert_info->extensions,loc));
137 }
138
139int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
140 {
141 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
142 }
143
144void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
145{
146 return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
147}
148
149int X509_REVOKED_get_ext_count(X509_REVOKED *x)
150 {
151 return(X509v3_get_ext_count(x->extensions));
152 }
153
154int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
155 {
156 return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
157 }
158
159int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
160 int lastpos)
161 {
162 return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
163 }
164
165int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
166 {
167 return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
168 }
169
170X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
171 {
172 return(X509v3_get_ext(x->extensions,loc));
173 }
174
175X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
176 {
177 return(X509v3_delete_ext(x->extensions,loc));
178 }
179
180int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
181 {
182 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
183 }
184
185void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
186{
187 return X509V3_get_d2i(x->extensions, nid, crit, idx);
188}
189
190IMPLEMENT_STACK_OF(X509_EXTENSION)
191IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
deleted file mode 100644
index a20006d67e..0000000000
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ /dev/null
@@ -1,427 +0,0 @@
1/* crypto/x509/x509_lu.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/lhash.h>
62#include <openssl/x509.h>
63
64static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL;
65static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_meth=NULL;
66
67X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
68 {
69 X509_LOOKUP *ret;
70
71 ret=(X509_LOOKUP *)Malloc(sizeof(X509_LOOKUP));
72 if (ret == NULL) return(NULL);
73
74 ret->init=0;
75 ret->skip=0;
76 ret->method=method;
77 ret->method_data=NULL;
78 ret->store_ctx=NULL;
79 if ((method->new_item != NULL) && !method->new_item(ret))
80 {
81 Free(ret);
82 return(NULL);
83 }
84 return(ret);
85 }
86
87void X509_LOOKUP_free(X509_LOOKUP *ctx)
88 {
89 if (ctx == NULL) return;
90 if ( (ctx->method != NULL) &&
91 (ctx->method->free != NULL))
92 ctx->method->free(ctx);
93 Free(ctx);
94 }
95
96int X509_LOOKUP_init(X509_LOOKUP *ctx)
97 {
98 if (ctx->method == NULL) return(0);
99 if (ctx->method->init != NULL)
100 return(ctx->method->init(ctx));
101 else
102 return(1);
103 }
104
105int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
106 {
107 if (ctx->method == NULL) return(0);
108 if (ctx->method->shutdown != NULL)
109 return(ctx->method->shutdown(ctx));
110 else
111 return(1);
112 }
113
114int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
115 char **ret)
116 {
117 if (ctx->method == NULL) return(-1);
118 if (ctx->method->ctrl != NULL)
119 return(ctx->method->ctrl(ctx,cmd,argc,argl,ret));
120 else
121 return(1);
122 }
123
124int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
125 X509_OBJECT *ret)
126 {
127 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
128 return(X509_LU_FAIL);
129 if (ctx->skip) return(0);
130 return(ctx->method->get_by_subject(ctx,type,name,ret));
131 }
132
133int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
134 ASN1_INTEGER *serial, X509_OBJECT *ret)
135 {
136 if ((ctx->method == NULL) ||
137 (ctx->method->get_by_issuer_serial == NULL))
138 return(X509_LU_FAIL);
139 return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret));
140 }
141
142int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
143 unsigned char *bytes, int len, X509_OBJECT *ret)
144 {
145 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
146 return(X509_LU_FAIL);
147 return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret));
148 }
149
150int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
151 X509_OBJECT *ret)
152 {
153 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
154 return(X509_LU_FAIL);
155 return(ctx->method->get_by_alias(ctx,type,str,len,ret));
156 }
157
158static unsigned long x509_object_hash(X509_OBJECT *a)
159 {
160 unsigned long h;
161
162 switch (a->type)
163 {
164 case X509_LU_X509:
165 h=X509_NAME_hash(a->data.x509->cert_info->subject);
166 break;
167 case X509_LU_CRL:
168 h=X509_NAME_hash(a->data.crl->crl->issuer);
169 break;
170 default:
171 abort();
172 }
173 return(h);
174 }
175
176static int x509_object_cmp(X509_OBJECT *a, X509_OBJECT *b)
177 {
178 int ret;
179
180 ret=(a->type - b->type);
181 if (ret) return(ret);
182 switch (a->type)
183 {
184 case X509_LU_X509:
185 ret=X509_subject_name_cmp(a->data.x509,b->data.x509);
186 break;
187 case X509_LU_CRL:
188 ret=X509_CRL_cmp(a->data.crl,b->data.crl);
189 break;
190 default:
191 abort();
192 }
193 return(ret);
194 }
195
196X509_STORE *X509_STORE_new(void)
197 {
198 X509_STORE *ret;
199
200 if ((ret=(X509_STORE *)Malloc(sizeof(X509_STORE))) == NULL)
201 return(NULL);
202 ret->certs=lh_new(x509_object_hash,x509_object_cmp);
203 ret->cache=1;
204 ret->get_cert_methods=sk_X509_LOOKUP_new_null();
205 ret->verify=NULL;
206 ret->verify_cb=NULL;
207 memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
208 ret->references=1;
209 ret->depth=0;
210 return(ret);
211 }
212
213static void cleanup(X509_OBJECT *a)
214 {
215 if (a->type == X509_LU_X509)
216 {
217 X509_free(a->data.x509);
218 }
219 else if (a->type == X509_LU_CRL)
220 {
221 X509_CRL_free(a->data.crl);
222 }
223 else
224 abort();
225
226 Free(a);
227 }
228
229void X509_STORE_free(X509_STORE *vfy)
230 {
231 int i;
232 STACK_OF(X509_LOOKUP) *sk;
233 X509_LOOKUP *lu;
234
235 if(vfy == NULL)
236 return;
237
238 sk=vfy->get_cert_methods;
239 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
240 {
241 lu=sk_X509_LOOKUP_value(sk,i);
242 X509_LOOKUP_shutdown(lu);
243 X509_LOOKUP_free(lu);
244 }
245 sk_X509_LOOKUP_free(sk);
246
247 CRYPTO_free_ex_data(x509_store_meth,vfy,&vfy->ex_data);
248 lh_doall(vfy->certs,cleanup);
249 lh_free(vfy->certs);
250 Free(vfy);
251 }
252
253X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
254 {
255 int i;
256 STACK_OF(X509_LOOKUP) *sk;
257 X509_LOOKUP *lu;
258
259 sk=v->get_cert_methods;
260 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
261 {
262 lu=sk_X509_LOOKUP_value(sk,i);
263 if (m == lu->method)
264 {
265 return(lu);
266 }
267 }
268 /* a new one */
269 lu=X509_LOOKUP_new(m);
270 if (lu == NULL)
271 return(NULL);
272 else
273 {
274 lu->store_ctx=v;
275 if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
276 return(lu);
277 else
278 {
279 X509_LOOKUP_free(lu);
280 return(NULL);
281 }
282 }
283 }
284
285int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
286 X509_OBJECT *ret)
287 {
288 X509_STORE *ctx=vs->ctx;
289 X509_LOOKUP *lu;
290 X509_OBJECT stmp,*tmp;
291 int i,j;
292
293 tmp=X509_OBJECT_retrieve_by_subject(ctx->certs,type,name);
294
295 if (tmp == NULL)
296 {
297 for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
298 {
299 lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
300 j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
301 if (j < 0)
302 {
303 vs->current_method=j;
304 return(j);
305 }
306 else if (j)
307 {
308 tmp= &stmp;
309 break;
310 }
311 }
312 vs->current_method=0;
313 if (tmp == NULL)
314 return(0);
315 }
316
317/* if (ret->data.ptr != NULL)
318 X509_OBJECT_free_contents(ret); */
319
320 ret->type=tmp->type;
321 ret->data.ptr=tmp->data.ptr;
322
323 X509_OBJECT_up_ref_count(ret);
324
325 return(1);
326 }
327
328void X509_OBJECT_up_ref_count(X509_OBJECT *a)
329 {
330 switch (a->type)
331 {
332 case X509_LU_X509:
333 CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
334 break;
335 case X509_LU_CRL:
336 CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
337 break;
338 }
339 }
340
341void X509_OBJECT_free_contents(X509_OBJECT *a)
342 {
343 switch (a->type)
344 {
345 case X509_LU_X509:
346 X509_free(a->data.x509);
347 break;
348 case X509_LU_CRL:
349 X509_CRL_free(a->data.crl);
350 break;
351 }
352 }
353
354X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h, int type,
355 X509_NAME *name)
356 {
357 X509_OBJECT stmp,*tmp;
358 X509 x509_s;
359 X509_CINF cinf_s;
360 X509_CRL crl_s;
361 X509_CRL_INFO crl_info_s;
362
363 stmp.type=type;
364 switch (type)
365 {
366 case X509_LU_X509:
367 stmp.data.x509= &x509_s;
368 x509_s.cert_info= &cinf_s;
369 cinf_s.subject=name;
370 break;
371 case X509_LU_CRL:
372 stmp.data.crl= &crl_s;
373 crl_s.crl= &crl_info_s;
374 crl_info_s.issuer=name;
375 break;
376 default:
377 abort();
378 }
379
380 tmp=(X509_OBJECT *)lh_retrieve(h,&stmp);
381 return(tmp);
382 }
383
384X509_STORE_CTX *X509_STORE_CTX_new(void)
385{
386 X509_STORE_CTX *ctx;
387 ctx = (X509_STORE_CTX *)Malloc(sizeof(X509_STORE_CTX));
388 if(ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
389 return ctx;
390}
391
392void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
393{
394 X509_STORE_CTX_cleanup(ctx);
395 Free(ctx);
396}
397
398void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
399 STACK_OF(X509) *chain)
400 {
401 ctx->ctx=store;
402 ctx->current_method=0;
403 ctx->cert=x509;
404 ctx->untrusted=chain;
405 ctx->last_untrusted=0;
406 ctx->purpose=0;
407 ctx->trust=0;
408 ctx->valid=0;
409 ctx->chain=NULL;
410 ctx->depth=9;
411 ctx->error=0;
412 ctx->current_cert=NULL;
413 memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
414 }
415
416void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
417 {
418 if (ctx->chain != NULL)
419 {
420 sk_X509_pop_free(ctx->chain,X509_free);
421 ctx->chain=NULL;
422 }
423 CRYPTO_free_ex_data(x509_store_ctx_meth,ctx,&(ctx->ex_data));
424 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
425 }
426
427IMPLEMENT_STACK_OF(X509_LOOKUP)
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
deleted file mode 100644
index 691b71f031..0000000000
--- a/src/lib/libcrypto/x509/x509_obj.c
+++ /dev/null
@@ -1,223 +0,0 @@
1/* crypto/x509/x509_obj.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/lhash.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64#include <openssl/buffer.h>
65
66char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
67 {
68 X509_NAME_ENTRY *ne;
69int i;
70 int n,lold,l,l1,l2,num,j,type;
71 const char *s;
72 char *p;
73 unsigned char *q;
74 BUF_MEM *b=NULL;
75 static char hex[17]="0123456789ABCDEF";
76 int gs_doit[4];
77 char tmp_buf[80];
78#ifdef CHARSET_EBCDIC
79 char ebcdic_buf[1024];
80#endif
81
82 if (buf == NULL)
83 {
84 if ((b=BUF_MEM_new()) == NULL) goto err;
85 if (!BUF_MEM_grow(b,200)) goto err;
86 b->data[0]='\0';
87 len=200;
88 }
89 if (a == NULL)
90 {
91 if(b)
92 {
93 buf=b->data;
94 Free(b);
95 }
96 strncpy(buf,"NO X509_NAME",len);
97 return buf;
98 }
99
100 len--; /* space for '\0' */
101 l=0;
102 for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
103 {
104 ne=sk_X509_NAME_ENTRY_value(a->entries,i);
105 n=OBJ_obj2nid(ne->object);
106 if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
107 {
108 i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
109 s=tmp_buf;
110 }
111 l1=strlen(s);
112
113 type=ne->value->type;
114 num=ne->value->length;
115 q=ne->value->data;
116#ifdef CHARSET_EBCDIC
117 if (type == V_ASN1_GENERALSTRING ||
118 type == V_ASN1_VISIBLESTRING ||
119 type == V_ASN1_PRINTABLESTRING ||
120 type == V_ASN1_TELETEXSTRING ||
121 type == V_ASN1_VISIBLESTRING ||
122 type == V_ASN1_IA5STRING) {
123 ascii2ebcdic(ebcdic_buf, q,
124 (num > sizeof ebcdic_buf)
125 ? sizeof ebcdic_buf : num);
126 q=ebcdic_buf;
127 }
128#endif
129
130 if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
131 {
132 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
133 for (j=0; j<num; j++)
134 if (q[j] != 0) gs_doit[j&3]=1;
135
136 if (gs_doit[0]|gs_doit[1]|gs_doit[2])
137 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
138 else
139 {
140 gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
141 gs_doit[3]=1;
142 }
143 }
144 else
145 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
146
147 for (l2=j=0; j<num; j++)
148 {
149 if (!gs_doit[j&3]) continue;
150 l2++;
151#ifndef CHARSET_EBCDIC
152 if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
153#else
154 if ((os_toascii[q[j]] < os_toascii[' ']) ||
155 (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
156#endif
157 }
158
159 lold=l;
160 l+=1+l1+1+l2;
161 if (b != NULL)
162 {
163 if (!BUF_MEM_grow(b,l+1)) goto err;
164 p= &(b->data[lold]);
165 }
166 else if (l > len)
167 {
168 break;
169 }
170 else
171 p= &(buf[lold]);
172 *(p++)='/';
173 memcpy(p,s,(unsigned int)l1); p+=l1;
174 *(p++)='=';
175
176#ifndef CHARSET_EBCDIC /* q was assigned above already. */
177 q=ne->value->data;
178#endif
179
180 for (j=0; j<num; j++)
181 {
182 if (!gs_doit[j&3]) continue;
183#ifndef CHARSET_EBCDIC
184 n=q[j];
185 if ((n < ' ') || (n > '~'))
186 {
187 *(p++)='\\';
188 *(p++)='x';
189 *(p++)=hex[(n>>4)&0x0f];
190 *(p++)=hex[n&0x0f];
191 }
192 else
193 *(p++)=n;
194#else
195 n=os_toascii[q[j]];
196 if ((n < os_toascii[' ']) ||
197 (n > os_toascii['~']))
198 {
199 *(p++)='\\';
200 *(p++)='x';
201 *(p++)=hex[(n>>4)&0x0f];
202 *(p++)=hex[n&0x0f];
203 }
204 else
205 *(p++)=q[j];
206#endif
207 }
208 *p='\0';
209 }
210 if (b != NULL)
211 {
212 p=b->data;
213 Free(b);
214 }
215 else
216 p=buf;
217 return(p);
218err:
219 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
220 if (b != NULL) BUF_MEM_free(b);
221 return(NULL);
222 }
223
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
deleted file mode 100644
index db051033d9..0000000000
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ /dev/null
@@ -1,110 +0,0 @@
1/* crypto/x509/x509_r2x.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/evp.h>
63#include <openssl/asn1.h>
64#include <openssl/x509.h>
65#include <openssl/objects.h>
66#include <openssl/buffer.h>
67
68X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
69 {
70 X509 *ret=NULL;
71 X509_CINF *xi=NULL;
72 X509_NAME *xn;
73
74 if ((ret=X509_new()) == NULL)
75 {
76 X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
77 goto err;
78 }
79
80 /* duplicate the request */
81 xi=ret->cert_info;
82
83 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
84 {
85 if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
86 if (!ASN1_INTEGER_set(xi->version,2)) goto err;
87/* xi->extensions=ri->attributes; <- bad, should not ever be done
88 ri->attributes=NULL; */
89 }
90
91 xn=X509_REQ_get_subject_name(r);
92 X509_set_subject_name(ret,X509_NAME_dup(xn));
93 X509_set_issuer_name(ret,X509_NAME_dup(xn));
94
95 X509_gmtime_adj(xi->validity->notBefore,0);
96 X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days);
97
98 X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
99
100 if (!X509_sign(ret,pkey,EVP_md5()))
101 goto err;
102 if (0)
103 {
104err:
105 X509_free(ret);
106 ret=NULL;
107 }
108 return(ret);
109 }
110
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
deleted file mode 100644
index baef8790eb..0000000000
--- a/src/lib/libcrypto/x509/x509_req.c
+++ /dev/null
@@ -1,278 +0,0 @@
1/* crypto/x509/x509_req.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/evp.h>
63#include <openssl/asn1.h>
64#include <openssl/x509.h>
65#include <openssl/objects.h>
66#include <openssl/buffer.h>
67#include <openssl/pem.h>
68
69X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
70 {
71 X509_REQ *ret;
72 X509_REQ_INFO *ri;
73 int i;
74 EVP_PKEY *pktmp;
75
76 ret=X509_REQ_new();
77 if (ret == NULL)
78 {
79 X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
80 goto err;
81 }
82
83 ri=ret->req_info;
84
85 ri->version->length=1;
86 ri->version->data=(unsigned char *)Malloc(1);
87 if (ri->version->data == NULL) goto err;
88 ri->version->data[0]=0; /* version == 0 */
89
90 if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
91 goto err;
92
93 pktmp = X509_get_pubkey(x);
94 i=X509_REQ_set_pubkey(ret,pktmp);
95 EVP_PKEY_free(pktmp);
96 if (!i) goto err;
97
98 if (pkey != NULL)
99 {
100 if (!X509_REQ_sign(ret,pkey,md))
101 goto err;
102 }
103 return(ret);
104err:
105 X509_REQ_free(ret);
106 return(NULL);
107 }
108
109EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
110 {
111 if ((req == NULL) || (req->req_info == NULL))
112 return(NULL);
113 return(X509_PUBKEY_get(req->req_info->pubkey));
114 }
115
116/* It seems several organisations had the same idea of including a list of
117 * extensions in a certificate request. There are at least two OIDs that are
118 * used and there may be more: so the list is configurable.
119 */
120
121static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};
122
123static int *ext_nids = ext_nid_list;
124
125int X509_REQ_extension_nid(int req_nid)
126{
127 int i, nid;
128 for(i = 0; ; i++) {
129 nid = ext_nids[i];
130 if(nid == NID_undef) return 0;
131 else if (req_nid == nid) return 1;
132 }
133}
134
135int *X509_REQ_get_extension_nids(void)
136{
137 return ext_nids;
138}
139
140void X509_REQ_set_extension_nids(int *nids)
141{
142 ext_nids = nids;
143}
144
145STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
146{
147 X509_ATTRIBUTE *attr;
148 STACK_OF(X509_ATTRIBUTE) *sk;
149 ASN1_TYPE *ext = NULL;
150 int i;
151 unsigned char *p;
152 if ((req == NULL) || (req->req_info == NULL))
153 return(NULL);
154 sk=req->req_info->attributes;
155 if (!sk) return NULL;
156 for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
157 attr = sk_X509_ATTRIBUTE_value(sk, i);
158 if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {
159 if(attr->set && sk_ASN1_TYPE_num(attr->value.set))
160 ext = sk_ASN1_TYPE_value(attr->value.set, 0);
161 else ext = attr->value.single;
162 break;
163 }
164 }
165 if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL;
166 p = ext->value.sequence->data;
167 return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
168 ext->value.sequence->length,
169 d2i_X509_EXTENSION, X509_EXTENSION_free,
170 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
171}
172
173/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
174 * in case we want to create a non standard one.
175 */
176
177int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
178 int nid)
179{
180 unsigned char *p = NULL, *q;
181 long len;
182 ASN1_TYPE *at = NULL;
183 X509_ATTRIBUTE *attr = NULL;
184 if(!(at = ASN1_TYPE_new()) ||
185 !(at->value.sequence = ASN1_STRING_new())) goto err;
186
187 at->type = V_ASN1_SEQUENCE;
188 /* Generate encoding of extensions */
189 len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
190 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
191 if(!(p = Malloc(len))) goto err;
192 q = p;
193 i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
194 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
195 at->value.sequence->data = p;
196 p = NULL;
197 at->value.sequence->length = len;
198 if(!(attr = X509_ATTRIBUTE_new())) goto err;
199 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
200 if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
201 at = NULL;
202 attr->set = 1;
203 attr->object = OBJ_nid2obj(nid);
204 if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
205 return 1;
206 err:
207 if(p) Free(p);
208 X509_ATTRIBUTE_free(attr);
209 ASN1_TYPE_free(at);
210 return 0;
211}
212/* This is the normal usage: use the "official" OID */
213int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
214{
215 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
216}
217
218/* Request attribute functions */
219
220int X509_REQ_get_attr_count(const X509_REQ *req)
221{
222 return X509at_get_attr_count(req->req_info->attributes);
223}
224
225int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
226 int lastpos)
227{
228 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
229}
230
231int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
232 int lastpos)
233{
234 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
235}
236
237X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
238{
239 return X509at_get_attr(req->req_info->attributes, loc);
240}
241
242X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
243{
244 return X509at_delete_attr(req->req_info->attributes, loc);
245}
246
247int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
248{
249 if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
250 return 0;
251}
252
253int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
254 ASN1_OBJECT *obj, int type,
255 unsigned char *bytes, int len)
256{
257 if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
258 type, bytes, len)) return 1;
259 return 0;
260}
261
262int X509_REQ_add1_attr_by_NID(X509_REQ *req,
263 int nid, int type,
264 unsigned char *bytes, int len)
265{
266 if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
267 type, bytes, len)) return 1;
268 return 0;
269}
270
271int X509_REQ_add1_attr_by_txt(X509_REQ *req,
272 char *attrname, int type,
273 unsigned char *bytes, int len)
274{
275 if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
276 type, bytes, len)) return 1;
277 return 0;
278}
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
deleted file mode 100644
index add842d17a..0000000000
--- a/src/lib/libcrypto/x509/x509_set.c
+++ /dev/null
@@ -1,150 +0,0 @@
1/* crypto/x509/x509_set.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_set_version(X509 *x, long version)
67 {
68 if (x == NULL) return(0);
69 if (x->cert_info->version == NULL)
70 {
71 if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
72 return(0);
73 }
74 return(ASN1_INTEGER_set(x->cert_info->version,version));
75 }
76
77int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
78 {
79 ASN1_INTEGER *in;
80
81 if (x == NULL) return(0);
82 in=x->cert_info->serialNumber;
83 if (in != serial)
84 {
85 in=M_ASN1_INTEGER_dup(serial);
86 if (in != NULL)
87 {
88 M_ASN1_INTEGER_free(x->cert_info->serialNumber);
89 x->cert_info->serialNumber=in;
90 }
91 }
92 return(in != NULL);
93 }
94
95int X509_set_issuer_name(X509 *x, X509_NAME *name)
96 {
97 if ((x == NULL) || (x->cert_info == NULL)) return(0);
98 return(X509_NAME_set(&x->cert_info->issuer,name));
99 }
100
101int X509_set_subject_name(X509 *x, X509_NAME *name)
102 {
103 if ((x == NULL) || (x->cert_info == NULL)) return(0);
104 return(X509_NAME_set(&x->cert_info->subject,name));
105 }
106
107int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm)
108 {
109 ASN1_UTCTIME *in;
110
111 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
112 in=x->cert_info->validity->notBefore;
113 if (in != tm)
114 {
115 in=M_ASN1_UTCTIME_dup(tm);
116 if (in != NULL)
117 {
118 M_ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
119 x->cert_info->validity->notBefore=in;
120 }
121 }
122 return(in != NULL);
123 }
124
125int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm)
126 {
127 ASN1_UTCTIME *in;
128
129 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
130 in=x->cert_info->validity->notAfter;
131 if (in != tm)
132 {
133 in=M_ASN1_UTCTIME_dup(tm);
134 if (in != NULL)
135 {
136 M_ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
137 x->cert_info->validity->notAfter=in;
138 }
139 }
140 return(in != NULL);
141 }
142
143int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
144 {
145 if ((x == NULL) || (x->cert_info == NULL)) return(0);
146 return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
147 }
148
149
150
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
deleted file mode 100644
index c779aaf94d..0000000000
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ /dev/null
@@ -1,264 +0,0 @@
1/* x509_trs.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63
64static int tr_cmp(X509_TRUST **a, X509_TRUST **b);
65static void trtable_free(X509_TRUST *p);
66
67static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
68static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
69
70static int obj_trust(int id, X509 *x, int flags);
71static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
72
73/* WARNING: the following table should be kept in order of trust
74 * and without any gaps so we can just subtract the minimum trust
75 * value to get an index into the table
76 */
77
78static X509_TRUST trstandard[] = {
79{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
80{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
81{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL},
82{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
83};
84
85#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
86
87IMPLEMENT_STACK_OF(X509_TRUST)
88
89static STACK_OF(X509_TRUST) *trtable = NULL;
90
91static int tr_cmp(X509_TRUST **a, X509_TRUST **b)
92{
93 return (*a)->trust - (*b)->trust;
94}
95
96int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
97{
98int (*oldtrust)(int , X509 *, int);
99oldtrust = default_trust;
100default_trust = trust;
101return oldtrust;
102}
103
104
105int X509_check_trust(X509 *x, int id, int flags)
106{
107 X509_TRUST *pt;
108 int idx;
109 if(id == -1) return 1;
110 idx = X509_TRUST_get_by_id(id);
111 if(idx == -1) return default_trust(id, x, flags);
112 pt = X509_TRUST_get0(idx);
113 return pt->check_trust(pt, x, flags);
114}
115
116int X509_TRUST_get_count(void)
117{
118 if(!trtable) return X509_TRUST_COUNT;
119 return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
120}
121
122X509_TRUST * X509_TRUST_get0(int idx)
123{
124 if(idx < 0) return NULL;
125 if(idx < X509_TRUST_COUNT) return trstandard + idx;
126 return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
127}
128
129int X509_TRUST_get_by_id(int id)
130{
131 X509_TRUST tmp;
132 int idx;
133 if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
134 return id - X509_TRUST_MIN;
135 tmp.trust = id;
136 if(!trtable) return -1;
137 idx = sk_X509_TRUST_find(trtable, &tmp);
138 if(idx == -1) return -1;
139 return idx + X509_TRUST_COUNT;
140}
141
142int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
143 char *name, int arg1, void *arg2)
144{
145 int idx;
146 X509_TRUST *trtmp;
147 /* This is set according to what we change: application can't set it */
148 flags &= ~X509_TRUST_DYNAMIC;
149 /* This will always be set for application modified trust entries */
150 flags |= X509_TRUST_DYNAMIC_NAME;
151 /* Get existing entry if any */
152 idx = X509_TRUST_get_by_id(id);
153 /* Need a new entry */
154 if(idx == -1) {
155 if(!(trtmp = Malloc(sizeof(X509_TRUST)))) {
156 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
157 return 0;
158 }
159 trtmp->flags = X509_TRUST_DYNAMIC;
160 } else trtmp = X509_TRUST_get0(idx);
161
162 /* Free existing name if dynamic */
163 if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name);
164 /* dup supplied name */
165 if(!(trtmp->name = BUF_strdup(name))) {
166 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
167 return 0;
168 }
169 /* Keep the dynamic flag of existing entry */
170 trtmp->flags &= X509_TRUST_DYNAMIC;
171 /* Set all other flags */
172 trtmp->flags |= flags;
173
174 trtmp->trust = id;
175 trtmp->check_trust = ck;
176 trtmp->arg1 = arg1;
177 trtmp->arg2 = arg2;
178
179 /* If its a new entry manage the dynamic table */
180 if(idx == -1) {
181 if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
182 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
183 return 0;
184 }
185 if (!sk_X509_TRUST_push(trtable, trtmp)) {
186 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
187 return 0;
188 }
189 }
190 return 1;
191}
192
193static void trtable_free(X509_TRUST *p)
194 {
195 if(!p) return;
196 if (p->flags & X509_TRUST_DYNAMIC)
197 {
198 if (p->flags & X509_TRUST_DYNAMIC_NAME)
199 Free(p->name);
200 Free(p);
201 }
202 }
203
204void X509_TRUST_cleanup(void)
205{
206 int i;
207 for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
208 sk_X509_TRUST_pop_free(trtable, trtable_free);
209 trtable = NULL;
210}
211
212int X509_TRUST_get_flags(X509_TRUST *xp)
213{
214 return xp->flags;
215}
216
217char *X509_TRUST_get0_name(X509_TRUST *xp)
218{
219 return xp->name;
220}
221
222int X509_TRUST_get_trust(X509_TRUST *xp)
223{
224 return xp->trust;
225}
226
227static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
228{
229 if(x->aux) return obj_trust(trust->arg1, x, flags);
230 /* we don't have any trust settings: for compatibility
231 * we return trusted if it is self signed
232 */
233 return trust_compat(trust, x, flags);
234}
235
236static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
237{
238 X509_check_purpose(x, -1, 0);
239 if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
240 else return X509_TRUST_UNTRUSTED;
241}
242
243static int obj_trust(int id, X509 *x, int flags)
244{
245 ASN1_OBJECT *obj;
246 int i;
247 X509_CERT_AUX *ax;
248 ax = x->aux;
249 if(!ax) return X509_TRUST_UNTRUSTED;
250 if(ax->reject) {
251 for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
252 obj = sk_ASN1_OBJECT_value(ax->reject, i);
253 if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
254 }
255 }
256 if(ax->trust) {
257 for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
258 obj = sk_ASN1_OBJECT_value(ax->trust, i);
259 if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
260 }
261 }
262 return X509_TRUST_UNTRUSTED;
263}
264
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
deleted file mode 100644
index 209cf53191..0000000000
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ /dev/null
@@ -1,141 +0,0 @@
1/* crypto/x509/x509_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/lhash.h>
65#include <openssl/buffer.h>
66#include <openssl/evp.h>
67#include <openssl/asn1.h>
68#include <openssl/x509.h>
69#include <openssl/objects.h>
70
71const char *X509_verify_cert_error_string(long n)
72 {
73 static char buf[100];
74
75 switch ((int)n)
76 {
77 case X509_V_OK:
78 return("ok");
79 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
80 return("unable to get issuer certificate");
81 case X509_V_ERR_UNABLE_TO_GET_CRL:
82 return("unable to get certificate CRL");
83 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
84 return("unable to decrypt certificate's signature");
85 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
86 return("unable to decrypt CRL's's signature");
87 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
88 return("unable to decode issuer public key");
89 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
90 return("certificate signature failure");
91 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
92 return("CRL signature failure");
93 case X509_V_ERR_CERT_NOT_YET_VALID:
94 return("certificate is not yet valid");
95 case X509_V_ERR_CRL_NOT_YET_VALID:
96 return("CRL is not yet valid");
97 case X509_V_ERR_CERT_HAS_EXPIRED:
98 return("Certificate has expired");
99 case X509_V_ERR_CRL_HAS_EXPIRED:
100 return("CRL has expired");
101 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
102 return("format error in certificate's notBefore field");
103 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
104 return("format error in certificate's notAfter field");
105 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
106 return("format error in CRL's lastUpdate field");
107 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
108 return("format error in CRL's nextUpdate field");
109 case X509_V_ERR_OUT_OF_MEM:
110 return("out of memory");
111 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
112 return("self signed certificate");
113 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
114 return("self signed certificate in certificate chain");
115 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
116 return("unable to get local issuer certificate");
117 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
118 return("unable to verify the first certificate");
119 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
120 return("certificate chain too long");
121 case X509_V_ERR_CERT_REVOKED:
122 return("certificate revoked");
123 case X509_V_ERR_INVALID_CA:
124 return ("invalid CA certificate");
125 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
126 return ("path length constraint exceeded");
127 case X509_V_ERR_INVALID_PURPOSE:
128 return ("unsupported certificate purpose");
129 case X509_V_ERR_CERT_UNTRUSTED:
130 return ("certificate not trusted");
131 case X509_V_ERR_CERT_REJECTED:
132 return ("certificate rejected");
133 case X509_V_ERR_APPLICATION_VERIFICATION:
134 return("application verification failure");
135 default:
136 sprintf(buf,"error number %ld",n);
137 return(buf);
138 }
139 }
140
141
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
deleted file mode 100644
index 52887986fe..0000000000
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ /dev/null
@@ -1,267 +0,0 @@
1/* crypto/x509/x509_v3.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
69 {
70 if (x == NULL) return(0);
71 return(sk_X509_EXTENSION_num(x));
72 }
73
74int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
75 int lastpos)
76 {
77 ASN1_OBJECT *obj;
78
79 obj=OBJ_nid2obj(nid);
80 if (obj == NULL) return(-2);
81 return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
82 }
83
84int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
85 int lastpos)
86 {
87 int n;
88 X509_EXTENSION *ex;
89
90 if (sk == NULL) return(-1);
91 lastpos++;
92 if (lastpos < 0)
93 lastpos=0;
94 n=sk_X509_EXTENSION_num(sk);
95 for ( ; lastpos < n; lastpos++)
96 {
97 ex=sk_X509_EXTENSION_value(sk,lastpos);
98 if (OBJ_cmp(ex->object,obj) == 0)
99 return(lastpos);
100 }
101 return(-1);
102 }
103
104int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
105 int lastpos)
106 {
107 int n;
108 X509_EXTENSION *ex;
109
110 if (sk == NULL) return(-1);
111 lastpos++;
112 if (lastpos < 0)
113 lastpos=0;
114 n=sk_X509_EXTENSION_num(sk);
115 for ( ; lastpos < n; lastpos++)
116 {
117 ex=sk_X509_EXTENSION_value(sk,lastpos);
118 if ( (ex->critical && crit) ||
119 (!ex->critical && !crit))
120 return(lastpos);
121 }
122 return(-1);
123 }
124
125X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
126 {
127 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
128 return NULL;
129 else
130 return sk_X509_EXTENSION_value(x,loc);
131 }
132
133X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
134 {
135 X509_EXTENSION *ret;
136
137 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
138 return(NULL);
139 ret=sk_X509_EXTENSION_delete(x,loc);
140 return(ret);
141 }
142
143STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
144 X509_EXTENSION *ex, int loc)
145 {
146 X509_EXTENSION *new_ex=NULL;
147 int n;
148 STACK_OF(X509_EXTENSION) *sk=NULL;
149
150 if ((x != NULL) && (*x == NULL))
151 {
152 if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
153 goto err;
154 }
155 else
156 sk= *x;
157
158 n=sk_X509_EXTENSION_num(sk);
159 if (loc > n) loc=n;
160 else if (loc < 0) loc=n;
161
162 if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
163 goto err2;
164 if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
165 goto err;
166 if ((x != NULL) && (*x == NULL))
167 *x=sk;
168 return(sk);
169err:
170 X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
171err2:
172 if (new_ex != NULL) X509_EXTENSION_free(new_ex);
173 if (sk != NULL) sk_X509_EXTENSION_free(sk);
174 return(NULL);
175 }
176
177X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
178 int crit, ASN1_OCTET_STRING *data)
179 {
180 ASN1_OBJECT *obj;
181 X509_EXTENSION *ret;
182
183 obj=OBJ_nid2obj(nid);
184 if (obj == NULL)
185 {
186 X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
187 return(NULL);
188 }
189 ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
190 if (ret == NULL) ASN1_OBJECT_free(obj);
191 return(ret);
192 }
193
194X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
195 ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
196 {
197 X509_EXTENSION *ret;
198
199 if ((ex == NULL) || (*ex == NULL))
200 {
201 if ((ret=X509_EXTENSION_new()) == NULL)
202 {
203 X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
204 return(NULL);
205 }
206 }
207 else
208 ret= *ex;
209
210 if (!X509_EXTENSION_set_object(ret,obj))
211 goto err;
212 if (!X509_EXTENSION_set_critical(ret,crit))
213 goto err;
214 if (!X509_EXTENSION_set_data(ret,data))
215 goto err;
216
217 if ((ex != NULL) && (*ex == NULL)) *ex=ret;
218 return(ret);
219err:
220 if ((ex == NULL) || (ret != *ex))
221 X509_EXTENSION_free(ret);
222 return(NULL);
223 }
224
225int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
226 {
227 if ((ex == NULL) || (obj == NULL))
228 return(0);
229 ASN1_OBJECT_free(ex->object);
230 ex->object=OBJ_dup(obj);
231 return(1);
232 }
233
234int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
235 {
236 if (ex == NULL) return(0);
237 ex->critical=(crit)?0xFF:0;
238 return(1);
239 }
240
241int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
242 {
243 int i;
244
245 if (ex == NULL) return(0);
246 i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
247 if (!i) return(0);
248 return(1);
249 }
250
251ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
252 {
253 if (ex == NULL) return(NULL);
254 return(ex->object);
255 }
256
257ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
258 {
259 if (ex == NULL) return(NULL);
260 return(ex->value);
261 }
262
263int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
264 {
265 if (ex == NULL) return(0);
266 return(ex->critical);
267 }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
deleted file mode 100644
index 3ddb2303d3..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ /dev/null
@@ -1,815 +0,0 @@
1/* crypto/x509/x509_vfy.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/crypto.h>
65#include <openssl/lhash.h>
66#include <openssl/buffer.h>
67#include <openssl/evp.h>
68#include <openssl/asn1.h>
69#include <openssl/x509.h>
70#include <openssl/x509v3.h>
71#include <openssl/objects.h>
72
73static int null_callback(int ok,X509_STORE_CTX *e);
74static int check_chain_purpose(X509_STORE_CTX *ctx);
75static int check_trust(X509_STORE_CTX *ctx);
76static int internal_verify(X509_STORE_CTX *ctx);
77const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
78
79static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
80static int x509_store_ctx_num=0;
81#if 0
82static int x509_store_num=1;
83static STACK *x509_store_method=NULL;
84#endif
85
86static int null_callback(int ok, X509_STORE_CTX *e)
87 {
88 return(ok);
89 }
90
91#if 0
92static int x509_subject_cmp(X509 **a, X509 **b)
93 {
94 return(X509_subject_name_cmp(*a,*b));
95 }
96#endif
97
98int X509_verify_cert(X509_STORE_CTX *ctx)
99 {
100 X509 *x,*xtmp,*chain_ss=NULL;
101 X509_NAME *xn;
102 X509_OBJECT obj;
103 int depth,i,ok=0;
104 int num;
105 int (*cb)();
106 STACK_OF(X509) *sktmp=NULL;
107
108 if (ctx->cert == NULL)
109 {
110 X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
111 return(-1);
112 }
113
114 cb=ctx->ctx->verify_cb;
115 if (cb == NULL) cb=null_callback;
116
117 /* first we make sure the chain we are going to build is
118 * present and that the first entry is in place */
119 if (ctx->chain == NULL)
120 {
121 if ( ((ctx->chain=sk_X509_new_null()) == NULL) ||
122 (!sk_X509_push(ctx->chain,ctx->cert)))
123 {
124 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
125 goto end;
126 }
127 CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
128 ctx->last_untrusted=1;
129 }
130
131 /* We use a temporary STACK so we can chop and hack at it */
132 if (ctx->untrusted != NULL
133 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
134 {
135 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
136 goto end;
137 }
138
139 num=sk_X509_num(ctx->chain);
140 x=sk_X509_value(ctx->chain,num-1);
141 depth=ctx->depth;
142
143
144 for (;;)
145 {
146 /* If we have enough, we break */
147 if (depth < num) break; /* FIXME: If this happens, we should take
148 * note of it and, if appropriate, use the
149 * X509_V_ERR_CERT_CHAIN_TOO_LONG error
150 * code later.
151 */
152
153 /* If we are self signed, we break */
154 xn=X509_get_issuer_name(x);
155 if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
156 break;
157
158 /* If we were passed a cert chain, use it first */
159 if (ctx->untrusted != NULL)
160 {
161 xtmp=X509_find_by_subject(sktmp,xn);
162 if (xtmp != NULL)
163 {
164 if (!sk_X509_push(ctx->chain,xtmp))
165 {
166 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
167 goto end;
168 }
169 CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
170 sk_X509_delete_ptr(sktmp,xtmp);
171 ctx->last_untrusted++;
172 x=xtmp;
173 num++;
174 /* reparse the full chain for
175 * the next one */
176 continue;
177 }
178 }
179 break;
180 }
181
182 /* at this point, chain should contain a list of untrusted
183 * certificates. We now need to add at least one trusted one,
184 * if possible, otherwise we complain. */
185
186 i=sk_X509_num(ctx->chain);
187 x=sk_X509_value(ctx->chain,i-1);
188 xn = X509_get_subject_name(x);
189 if (X509_NAME_cmp(xn,X509_get_issuer_name(x))
190 == 0)
191 {
192 /* we have a self signed certificate */
193 if (sk_X509_num(ctx->chain) == 1)
194 {
195 /* We have a single self signed certificate: see if
196 * we can find it in the store. We must have an exact
197 * match to avoid possible impersonation.
198 */
199 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
200 if ((ok != X509_LU_X509) || X509_cmp(x, obj.data.x509))
201 {
202 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
203 ctx->current_cert=x;
204 ctx->error_depth=i-1;
205 if(ok == X509_LU_X509) X509_OBJECT_free_contents(&obj);
206 ok=cb(0,ctx);
207 if (!ok) goto end;
208 }
209 else
210 {
211 /* We have a match: replace certificate with store version
212 * so we get any trust settings.
213 */
214 X509_free(x);
215 x = obj.data.x509;
216 sk_X509_set(ctx->chain, i - 1, x);
217 ctx->last_untrusted=0;
218 }
219 }
220 else
221 {
222 /* worry more about this one elsewhere */
223 chain_ss=sk_X509_pop(ctx->chain);
224 ctx->last_untrusted--;
225 num--;
226 x=sk_X509_value(ctx->chain,num-1);
227 }
228 }
229
230 /* We now lookup certs from the certificate store */
231 for (;;)
232 {
233 /* If we have enough, we break */
234 if (depth < num) break;
235
236 /* If we are self signed, we break */
237 xn=X509_get_issuer_name(x);
238 if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
239 break;
240
241 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
242 if (ok != X509_LU_X509)
243 {
244 if (ok == X509_LU_RETRY)
245 {
246 X509_OBJECT_free_contents(&obj);
247 X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
248 return(ok);
249 }
250 else if (ok != X509_LU_FAIL)
251 {
252 X509_OBJECT_free_contents(&obj);
253 /* not good :-(, break anyway */
254 return(ok);
255 }
256 break;
257 }
258 x=obj.data.x509;
259 if (!sk_X509_push(ctx->chain,obj.data.x509))
260 {
261 X509_OBJECT_free_contents(&obj);
262 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
263 return(0);
264 }
265 num++;
266 }
267
268 /* we now have our chain, lets check it... */
269 xn=X509_get_issuer_name(x);
270 if (X509_NAME_cmp(X509_get_subject_name(x),xn) != 0)
271 {
272 if ((chain_ss == NULL) || (X509_NAME_cmp(X509_get_subject_name(chain_ss),xn) != 0))
273 {
274 if (ctx->last_untrusted >= num)
275 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
276 else
277 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
278 ctx->current_cert=x;
279 }
280 else
281 {
282
283 sk_X509_push(ctx->chain,chain_ss);
284 num++;
285 ctx->last_untrusted=num;
286 ctx->current_cert=chain_ss;
287 ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
288 chain_ss=NULL;
289 }
290
291 ctx->error_depth=num-1;
292 ok=cb(0,ctx);
293 if (!ok) goto end;
294 }
295
296 /* We have the chain complete: now we need to check its purpose */
297 if(ctx->purpose > 0) ok = check_chain_purpose(ctx);
298
299 if(!ok) goto end;
300
301 /* The chain extensions are OK: check trust */
302
303 if(ctx->trust > 0) ok = check_trust(ctx);
304
305 if(!ok) goto end;
306
307 /* We may as well copy down any DSA parameters that are required */
308 X509_get_pubkey_parameters(NULL,ctx->chain);
309
310 /* At this point, we have a chain and just need to verify it */
311 if (ctx->ctx->verify != NULL)
312 ok=ctx->ctx->verify(ctx);
313 else
314 ok=internal_verify(ctx);
315 if (0)
316 {
317end:
318 X509_get_pubkey_parameters(NULL,ctx->chain);
319 }
320 if (sktmp != NULL) sk_X509_free(sktmp);
321 if (chain_ss != NULL) X509_free(chain_ss);
322 return(ok);
323 }
324
325/* Check a certificate chains extensions for consistency
326 * with the supplied purpose
327 */
328
329static int check_chain_purpose(X509_STORE_CTX *ctx)
330{
331#ifdef NO_CHAIN_VERIFY
332 return 1;
333#else
334 int i, ok=0;
335 X509 *x;
336 int (*cb)();
337 cb=ctx->ctx->verify_cb;
338 if (cb == NULL) cb=null_callback;
339 /* Check all untrusted certificates */
340 for(i = 0; i < ctx->last_untrusted; i++) {
341 x = sk_X509_value(ctx->chain, i);
342 if(!X509_check_purpose(x, ctx->purpose, i)) {
343 if(i) ctx->error = X509_V_ERR_INVALID_CA;
344 else ctx->error = X509_V_ERR_INVALID_PURPOSE;
345 ctx->error_depth = i;
346 ctx->current_cert = x;
347 ok=cb(0,ctx);
348 if(!ok) goto end;
349 }
350 /* Check pathlen */
351 if((i > 1) && (x->ex_pathlen != -1)
352 && (i > (x->ex_pathlen + 1))) {
353 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
354 ctx->error_depth = i;
355 ctx->current_cert = x;
356 ok=cb(0,ctx);
357 if(!ok) goto end;
358 }
359 }
360 ok = 1;
361 end:
362 return(ok);
363#endif
364}
365
366static int check_trust(X509_STORE_CTX *ctx)
367{
368#ifdef NO_CHAIN_VERIFY
369 return 1;
370#else
371 int i, ok;
372 X509 *x;
373 int (*cb)();
374 cb=ctx->ctx->verify_cb;
375 if (cb == NULL) cb=null_callback;
376/* For now just check the last certificate in the chain */
377 i = sk_X509_num(ctx->chain) - 1;
378 x = sk_X509_value(ctx->chain, i);
379 ok = X509_check_trust(x, ctx->trust, 0);
380 if(ok == X509_TRUST_TRUSTED) return 1;
381 ctx->error_depth = sk_X509_num(ctx->chain) - 1;
382 ctx->current_cert = x;
383 if(ok == X509_TRUST_REJECTED) ctx->error = X509_V_ERR_CERT_REJECTED;
384 else ctx->error = X509_V_ERR_CERT_UNTRUSTED;
385 ok = cb(0, ctx);
386 return(ok);
387#endif
388}
389
390static int internal_verify(X509_STORE_CTX *ctx)
391 {
392 int i,ok=0,n;
393 X509 *xs,*xi;
394 EVP_PKEY *pkey=NULL;
395 int (*cb)();
396
397 cb=ctx->ctx->verify_cb;
398 if (cb == NULL) cb=null_callback;
399
400 n=sk_X509_num(ctx->chain);
401 ctx->error_depth=n-1;
402 n--;
403 xi=sk_X509_value(ctx->chain,n);
404 if (X509_NAME_cmp(X509_get_subject_name(xi),
405 X509_get_issuer_name(xi)) == 0)
406 xs=xi;
407 else
408 {
409 if (n <= 0)
410 {
411 ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
412 ctx->current_cert=xi;
413 ok=cb(0,ctx);
414 goto end;
415 }
416 else
417 {
418 n--;
419 ctx->error_depth=n;
420 xs=sk_X509_value(ctx->chain,n);
421 }
422 }
423
424/* ctx->error=0; not needed */
425 while (n >= 0)
426 {
427 ctx->error_depth=n;
428 if (!xs->valid)
429 {
430 if ((pkey=X509_get_pubkey(xi)) == NULL)
431 {
432 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
433 ctx->current_cert=xi;
434 ok=(*cb)(0,ctx);
435 if (!ok) goto end;
436 }
437 if (X509_verify(xs,pkey) <= 0)
438 {
439 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
440 ctx->current_cert=xs;
441 ok=(*cb)(0,ctx);
442 if (!ok)
443 {
444 EVP_PKEY_free(pkey);
445 goto end;
446 }
447 }
448 EVP_PKEY_free(pkey);
449 pkey=NULL;
450
451 i=X509_cmp_current_time(X509_get_notBefore(xs));
452 if (i == 0)
453 {
454 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
455 ctx->current_cert=xs;
456 ok=(*cb)(0,ctx);
457 if (!ok) goto end;
458 }
459 if (i > 0)
460 {
461 ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
462 ctx->current_cert=xs;
463 ok=(*cb)(0,ctx);
464 if (!ok) goto end;
465 }
466 xs->valid=1;
467 }
468
469 i=X509_cmp_current_time(X509_get_notAfter(xs));
470 if (i == 0)
471 {
472 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
473 ctx->current_cert=xs;
474 ok=(*cb)(0,ctx);
475 if (!ok) goto end;
476 }
477
478 if (i < 0)
479 {
480 ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
481 ctx->current_cert=xs;
482 ok=(*cb)(0,ctx);
483 if (!ok) goto end;
484 }
485
486 /* CRL CHECK */
487
488 /* The last error (if any) is still in the error value */
489 ctx->current_cert=xs;
490 ok=(*cb)(1,ctx);
491 if (!ok) goto end;
492
493 n--;
494 if (n >= 0)
495 {
496 xi=xs;
497 xs=sk_X509_value(ctx->chain,n);
498 }
499 }
500 ok=1;
501end:
502 return(ok);
503 }
504
505int X509_cmp_current_time(ASN1_UTCTIME *ctm)
506 {
507 char *str;
508 ASN1_UTCTIME atm;
509 time_t offset;
510 char buff1[24],buff2[24],*p;
511 int i,j;
512
513 p=buff1;
514 i=ctm->length;
515 str=(char *)ctm->data;
516 if ((i < 11) || (i > 17)) return(0);
517 memcpy(p,str,10);
518 p+=10;
519 str+=10;
520
521 if ((*str == 'Z') || (*str == '-') || (*str == '+'))
522 { *(p++)='0'; *(p++)='0'; }
523 else { *(p++)= *(str++); *(p++)= *(str++); }
524 *(p++)='Z';
525 *(p++)='\0';
526
527 if (*str == 'Z')
528 offset=0;
529 else
530 {
531 if ((*str != '+') && (str[5] != '-'))
532 return(0);
533 offset=((str[1]-'0')*10+(str[2]-'0'))*60;
534 offset+=(str[3]-'0')*10+(str[4]-'0');
535 if (*str == '-')
536 offset= -offset;
537 }
538 atm.type=V_ASN1_UTCTIME;
539 atm.length=sizeof(buff2);
540 atm.data=(unsigned char *)buff2;
541
542 X509_gmtime_adj(&atm,-offset*60);
543
544 i=(buff1[0]-'0')*10+(buff1[1]-'0');
545 if (i < 50) i+=100; /* cf. RFC 2459 */
546 j=(buff2[0]-'0')*10+(buff2[1]-'0');
547 if (j < 50) j+=100;
548
549 if (i < j) return (-1);
550 if (i > j) return (1);
551 i=strcmp(buff1,buff2);
552 if (i == 0) /* wait a second then return younger :-) */
553 return(-1);
554 else
555 return(i);
556 }
557
558ASN1_UTCTIME *X509_gmtime_adj(ASN1_UTCTIME *s, long adj)
559 {
560 time_t t;
561
562 time(&t);
563 t+=adj;
564 return(ASN1_UTCTIME_set(s,t));
565 }
566
567int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
568 {
569 EVP_PKEY *ktmp=NULL,*ktmp2;
570 int i,j;
571
572 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1);
573
574 for (i=0; i<sk_X509_num(chain); i++)
575 {
576 ktmp=X509_get_pubkey(sk_X509_value(chain,i));
577 if (ktmp == NULL)
578 {
579 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
580 return(0);
581 }
582 if (!EVP_PKEY_missing_parameters(ktmp))
583 break;
584 else
585 {
586 EVP_PKEY_free(ktmp);
587 ktmp=NULL;
588 }
589 }
590 if (ktmp == NULL)
591 {
592 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
593 return(0);
594 }
595
596 /* first, populate the other certs */
597 for (j=i-1; j >= 0; j--)
598 {
599 ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
600 EVP_PKEY_copy_parameters(ktmp2,ktmp);
601 EVP_PKEY_free(ktmp2);
602 }
603
604 if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
605 EVP_PKEY_free(ktmp);
606 return(1);
607 }
608
609int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
610 {
611 X509_OBJECT *obj,*r;
612 int ret=1;
613
614 if (x == NULL) return(0);
615 obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
616 if (obj == NULL)
617 {
618 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
619 return(0);
620 }
621 obj->type=X509_LU_X509;
622 obj->data.x509=x;
623
624 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
625
626 X509_OBJECT_up_ref_count(obj);
627
628 r=(X509_OBJECT *)lh_insert(ctx->certs,obj);
629 if (r != NULL)
630 { /* oops, put it back */
631 lh_delete(ctx->certs,obj);
632 X509_OBJECT_free_contents(obj);
633 Free(obj);
634 lh_insert(ctx->certs,r);
635 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
636 ret=0;
637 }
638
639 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
640
641 return(ret);
642 }
643
644int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
645 {
646 X509_OBJECT *obj,*r;
647 int ret=1;
648
649 if (x == NULL) return(0);
650 obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
651 if (obj == NULL)
652 {
653 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
654 return(0);
655 }
656 obj->type=X509_LU_CRL;
657 obj->data.crl=x;
658
659 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
660
661 X509_OBJECT_up_ref_count(obj);
662
663 r=(X509_OBJECT *)lh_insert(ctx->certs,obj);
664 if (r != NULL)
665 { /* oops, put it back */
666 lh_delete(ctx->certs,obj);
667 X509_OBJECT_free_contents(obj);
668 Free(obj);
669 lh_insert(ctx->certs,r);
670 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
671 ret=0;
672 }
673
674 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
675
676 return(ret);
677 }
678
679int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
680 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
681 {
682 x509_store_ctx_num++;
683 return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
684 &x509_store_ctx_method,
685 argl,argp,new_func,dup_func,free_func));
686 }
687
688int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
689 {
690 return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
691 }
692
693void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
694 {
695 return(CRYPTO_get_ex_data(&ctx->ex_data,idx));
696 }
697
698int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
699 {
700 return(ctx->error);
701 }
702
703void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
704 {
705 ctx->error=err;
706 }
707
708int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
709 {
710 return(ctx->error_depth);
711 }
712
713X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
714 {
715 return(ctx->current_cert);
716 }
717
718STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
719 {
720 return(ctx->chain);
721 }
722
723STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
724 {
725 int i;
726 X509 *x;
727 STACK_OF(X509) *chain;
728 if(!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
729 for(i = 0; i < sk_X509_num(chain); i++) {
730 x = sk_X509_value(chain, i);
731 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
732 }
733 return(chain);
734 }
735
736void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
737 {
738 ctx->cert=x;
739 }
740
741void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
742 {
743 ctx->untrusted=sk;
744 }
745
746int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
747 {
748 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
749 }
750
751int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
752 {
753 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
754 }
755
756/* This function is used to set the X509_STORE_CTX purpose and trust
757 * values. This is intended to be used when another structure has its
758 * own trust and purpose values which (if set) will be inherited by
759 * the ctx. If they aren't set then we will usually have a default
760 * purpose in mind which should then be used to set the trust value.
761 * An example of this is SSL use: an SSL structure will have its own
762 * purpose and trust settings which the application can set: if they
763 * aren't set then we use the default of SSL client/server.
764 */
765
766int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
767 int purpose, int trust)
768{
769 int idx;
770 /* If purpose not set use default */
771 if(!purpose) purpose = def_purpose;
772 /* If we have a purpose then check it is valid */
773 if(purpose) {
774 X509_PURPOSE *ptmp;
775 idx = X509_PURPOSE_get_by_id(purpose);
776 if(idx == -1) {
777 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
778 X509_R_UNKNOWN_PURPOSE_ID);
779 return 0;
780 }
781 ptmp = X509_PURPOSE_get0(idx);
782 if(ptmp->trust == X509_TRUST_DEFAULT) {
783 idx = X509_PURPOSE_get_by_id(def_purpose);
784 if(idx == -1) {
785 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
786 X509_R_UNKNOWN_PURPOSE_ID);
787 return 0;
788 }
789 ptmp = X509_PURPOSE_get0(idx);
790 }
791 /* If trust not set then get from purpose default */
792 if(!trust) trust = ptmp->trust;
793 }
794 if(trust) {
795 idx = X509_TRUST_get_by_id(trust);
796 if(idx == -1) {
797 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
798 X509_R_UNKNOWN_TRUST_ID);
799 return 0;
800 }
801 }
802
803 if(purpose) ctx->purpose = purpose;
804 if(trust) ctx->trust = trust;
805 return 1;
806}
807
808
809IMPLEMENT_STACK_OF(X509)
810IMPLEMENT_ASN1_SET_OF(X509)
811
812IMPLEMENT_STACK_OF(X509_NAME)
813
814IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
815IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
deleted file mode 100644
index 4637aecedf..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ /dev/null
@@ -1,362 +0,0 @@
1/* crypto/x509/x509_vfy.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_H
60#include <openssl/x509.h>
61/* openssl/x509.h ends up #include-ing this file at about the only
62 * appropriate moment. */
63#endif
64
65#ifndef HEADER_X509_VFY_H
66#define HEADER_X509_VFY_H
67
68#ifdef __cplusplus
69extern "C" {
70#endif
71
72#include <openssl/bio.h>
73#include <openssl/crypto.h>
74
75/* Outer object */
76typedef struct x509_hash_dir_st
77 {
78 int num_dirs;
79 char **dirs;
80 int *dirs_type;
81 int num_dirs_alloced;
82 } X509_HASH_DIR_CTX;
83
84typedef struct x509_file_st
85 {
86 int num_paths; /* number of paths to files or directories */
87 int num_alloced;
88 char **paths; /* the list of paths or directories */
89 int *path_type;
90 } X509_CERT_FILE_CTX;
91
92/*******************************/
93/*
94SSL_CTX -> X509_STORE
95 -> X509_LOOKUP
96 ->X509_LOOKUP_METHOD
97 -> X509_LOOKUP
98 ->X509_LOOKUP_METHOD
99
100SSL -> X509_STORE_CTX
101 ->X509_STORE
102
103The X509_STORE holds the tables etc for verification stuff.
104A X509_STORE_CTX is used while validating a single certificate.
105The X509_STORE has X509_LOOKUPs for looking up certs.
106The X509_STORE then calls a function to actually verify the
107certificate chain.
108*/
109
110#define X509_LU_RETRY -1
111#define X509_LU_FAIL 0
112#define X509_LU_X509 1
113#define X509_LU_CRL 2
114#define X509_LU_PKEY 3
115
116typedef struct x509_object_st
117 {
118 /* one of the above types */
119 int type;
120 union {
121 char *ptr;
122 X509 *x509;
123 X509_CRL *crl;
124 EVP_PKEY *pkey;
125 } data;
126 } X509_OBJECT;
127
128typedef struct x509_lookup_st X509_LOOKUP;
129
130DECLARE_STACK_OF(X509_LOOKUP)
131
132/* This is a static that defines the function interface */
133typedef struct x509_lookup_method_st
134 {
135 const char *name;
136 int (*new_item)(X509_LOOKUP *ctx);
137 void (*free)(X509_LOOKUP *ctx);
138 int (*init)(X509_LOOKUP *ctx);
139 int (*shutdown)(X509_LOOKUP *ctx);
140 int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
141 char **ret);
142 int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
143 X509_OBJECT *ret);
144 int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
145 ASN1_INTEGER *serial,X509_OBJECT *ret);
146 int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
147 unsigned char *bytes,int len,
148 X509_OBJECT *ret);
149 int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
150 X509_OBJECT *ret);
151 } X509_LOOKUP_METHOD;
152
153typedef struct x509_store_state_st X509_STORE_CTX;
154
155/* This is used to hold everything. It is used for all certificate
156 * validation. Once we have a certificate chain, the 'verify'
157 * function is then called to actually check the cert chain. */
158typedef struct x509_store_st
159 {
160 /* The following is a cache of trusted certs */
161 int cache; /* if true, stash any hits */
162#ifdef HEADER_LHASH_H
163 LHASH *certs; /* cached certs; */
164#else
165 char *certs;
166#endif
167
168 /* These are external lookup methods */
169 STACK_OF(X509_LOOKUP) *get_cert_methods;
170 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
171 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
172
173 CRYPTO_EX_DATA ex_data;
174 int references;
175 int depth; /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
176 } X509_STORE;
177
178#define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d))
179
180#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
181#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
182
183/* This is the functions plus an instance of the local variables. */
184struct x509_lookup_st
185 {
186 int init; /* have we been started */
187 int skip; /* don't use us. */
188 X509_LOOKUP_METHOD *method; /* the functions */
189 char *method_data; /* method data */
190
191 X509_STORE *store_ctx; /* who owns us */
192 };
193
194/* This is a temporary used when processing cert chains. Since the
195 * gathering of the cert chain can take some time (and have to be
196 * 'retried', this needs to be kept and passed around. */
197struct x509_store_state_st /* X509_STORE_CTX */
198 {
199 X509_STORE *ctx;
200 int current_method; /* used when looking up certs */
201
202 /* The following are set by the caller */
203 X509 *cert; /* The cert to check */
204 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
205 int purpose; /* purpose to check untrusted certificates */
206 int trust; /* trust setting to check */
207
208 /* The following is built up */
209 int depth; /* how far to go looking up certs */
210 int valid; /* if 0, rebuild chain */
211 int last_untrusted; /* index of last untrusted cert */
212 STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
213
214 /* When something goes wrong, this is why */
215 int error_depth;
216 int error;
217 X509 *current_cert;
218
219 CRYPTO_EX_DATA ex_data;
220 };
221
222#define X509_STORE_CTX_set_depth(ctx,d) ((ctx)->depth=(d))
223
224#define X509_STORE_CTX_set_app_data(ctx,data) \
225 X509_STORE_CTX_set_ex_data(ctx,0,data)
226#define X509_STORE_CTX_get_app_data(ctx) \
227 X509_STORE_CTX_get_ex_data(ctx,0)
228
229#define X509_L_FILE_LOAD 1
230#define X509_L_ADD_DIR 2
231
232#define X509_LOOKUP_load_file(x,name,type) \
233 X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
234
235#define X509_LOOKUP_add_dir(x,name,type) \
236 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
237
238#define X509_V_OK 0
239/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
240
241#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
242#define X509_V_ERR_UNABLE_TO_GET_CRL 3
243#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
244#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
245#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
246#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
247#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
248#define X509_V_ERR_CERT_NOT_YET_VALID 9
249#define X509_V_ERR_CERT_HAS_EXPIRED 10
250#define X509_V_ERR_CRL_NOT_YET_VALID 11
251#define X509_V_ERR_CRL_HAS_EXPIRED 12
252#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
253#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
254#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
255#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
256#define X509_V_ERR_OUT_OF_MEM 17
257#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
258#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
259#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
260#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
261#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
262#define X509_V_ERR_CERT_REVOKED 23
263#define X509_V_ERR_INVALID_CA 24
264#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
265#define X509_V_ERR_INVALID_PURPOSE 26
266#define X509_V_ERR_CERT_UNTRUSTED 27
267#define X509_V_ERR_CERT_REJECTED 28
268
269/* The application is not happy */
270#define X509_V_ERR_APPLICATION_VERIFICATION 50
271
272 /* These functions are being redefined in another directory,
273 and clash when the linker is case-insensitive, so let's
274 hide them a little, by giving them an extra 'o' at the
275 beginning of the name... */
276#ifdef VMS
277#undef X509v3_cleanup_extensions
278#define X509v3_cleanup_extensions oX509v3_cleanup_extensions
279#undef X509v3_add_extension
280#define X509v3_add_extension oX509v3_add_extension
281#undef X509v3_add_netscape_extensions
282#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions
283#undef X509v3_add_standard_extensions
284#define X509v3_add_standard_extensions oX509v3_add_standard_extensions
285#endif
286
287#ifdef HEADER_LHASH_H
288X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h,int type,X509_NAME *name);
289#endif
290void X509_OBJECT_up_ref_count(X509_OBJECT *a);
291void X509_OBJECT_free_contents(X509_OBJECT *a);
292X509_STORE *X509_STORE_new(void );
293void X509_STORE_free(X509_STORE *v);
294
295X509_STORE_CTX *X509_STORE_CTX_new(void);
296void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
297void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
298 X509 *x509, STACK_OF(X509) *chain);
299void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
300
301X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
302
303X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
304X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
305
306int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
307int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
308
309int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
310 X509_OBJECT *ret);
311
312int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
313 long argl, char **ret);
314
315#ifndef NO_STDIO
316int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
317int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
318int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
319#endif
320
321
322X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
323void X509_LOOKUP_free(X509_LOOKUP *ctx);
324int X509_LOOKUP_init(X509_LOOKUP *ctx);
325int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
326 X509_OBJECT *ret);
327int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
328 ASN1_INTEGER *serial, X509_OBJECT *ret);
329int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
330 unsigned char *bytes, int len, X509_OBJECT *ret);
331int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
332 int len, X509_OBJECT *ret);
333int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
334
335#ifndef NO_STDIO
336int X509_STORE_load_locations (X509_STORE *ctx,
337 const char *file, const char *dir);
338int X509_STORE_set_default_paths(X509_STORE *ctx);
339#endif
340
341int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
342 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
343int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
344void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
345int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
346void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
347int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
348X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
349STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
350STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
351void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
352void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
353int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
354int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
355int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
356 int purpose, int trust);
357
358#ifdef __cplusplus
359}
360#endif
361#endif
362
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
deleted file mode 100644
index 4c20e03ece..0000000000
--- a/src/lib/libcrypto/x509/x509name.c
+++ /dev/null
@@ -1,383 +0,0 @@
1/* crypto/x509/x509name.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
68 {
69 ASN1_OBJECT *obj;
70
71 obj=OBJ_nid2obj(nid);
72 if (obj == NULL) return(-1);
73 return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
74 }
75
76int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
77 int len)
78 {
79 int i;
80 ASN1_STRING *data;
81
82 i=X509_NAME_get_index_by_OBJ(name,obj,-1);
83 if (i < 0) return(-1);
84 data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
85 i=(data->length > (len-1))?(len-1):data->length;
86 if (buf == NULL) return(data->length);
87 memcpy(buf,data->data,i);
88 buf[i]='\0';
89 return(i);
90 }
91
92int X509_NAME_entry_count(X509_NAME *name)
93 {
94 if (name == NULL) return(0);
95 return(sk_X509_NAME_ENTRY_num(name->entries));
96 }
97
98int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
99 {
100 ASN1_OBJECT *obj;
101
102 obj=OBJ_nid2obj(nid);
103 if (obj == NULL) return(-2);
104 return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
105 }
106
107/* NOTE: you should be passsing -1, not 0 as lastpos */
108int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
109 int lastpos)
110 {
111 int n;
112 X509_NAME_ENTRY *ne;
113 STACK_OF(X509_NAME_ENTRY) *sk;
114
115 if (name == NULL) return(-1);
116 if (lastpos < 0)
117 lastpos= -1;
118 sk=name->entries;
119 n=sk_X509_NAME_ENTRY_num(sk);
120 for (lastpos++; lastpos < n; lastpos++)
121 {
122 ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
123 if (OBJ_cmp(ne->object,obj) == 0)
124 return(lastpos);
125 }
126 return(-1);
127 }
128
129X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
130 {
131 if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
132 || loc < 0)
133 return(NULL);
134 else
135 return(sk_X509_NAME_ENTRY_value(name->entries,loc));
136 }
137
138X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
139 {
140 X509_NAME_ENTRY *ret;
141 int i,n,set_prev,set_next;
142 STACK_OF(X509_NAME_ENTRY) *sk;
143
144 if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
145 || loc < 0)
146 return(NULL);
147 sk=name->entries;
148 ret=sk_X509_NAME_ENTRY_delete(sk,loc);
149 n=sk_X509_NAME_ENTRY_num(sk);
150 name->modified=1;
151 if (loc == n) return(ret);
152
153 /* else we need to fixup the set field */
154 if (loc != 0)
155 set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
156 else
157 set_prev=ret->set-1;
158 set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
159
160 /* set_prev is the previous set
161 * set is the current set
162 * set_next is the following
163 * prev 1 1 1 1 1 1 1 1
164 * set 1 1 2 2
165 * next 1 1 2 2 2 2 3 2
166 * so basically only if prev and next differ by 2, then
167 * re-number down by 1 */
168 if (set_prev+1 < set_next)
169 for (i=loc; i<n; i++)
170 sk_X509_NAME_ENTRY_value(sk,i)->set--;
171 return(ret);
172 }
173
174int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
175 unsigned char *bytes, int len, int loc, int set)
176{
177 X509_NAME_ENTRY *ne;
178 int ret;
179 ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
180 if(!ne) return 0;
181 ret = X509_NAME_add_entry(name, ne, loc, set);
182 X509_NAME_ENTRY_free(ne);
183 return ret;
184}
185
186int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
187 unsigned char *bytes, int len, int loc, int set)
188{
189 X509_NAME_ENTRY *ne;
190 int ret;
191 ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
192 if(!ne) return 0;
193 ret = X509_NAME_add_entry(name, ne, loc, set);
194 X509_NAME_ENTRY_free(ne);
195 return ret;
196}
197
198int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
199 unsigned char *bytes, int len, int loc, int set)
200{
201 X509_NAME_ENTRY *ne;
202 int ret;
203 ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
204 if(!ne) return 0;
205 ret = X509_NAME_add_entry(name, ne, loc, set);
206 X509_NAME_ENTRY_free(ne);
207 return ret;
208}
209
210/* if set is -1, append to previous set, 0 'a new one', and 1,
211 * prepend to the guy we are about to stomp on. */
212int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
213 int set)
214 {
215 X509_NAME_ENTRY *new_name=NULL;
216 int n,i,inc;
217 STACK_OF(X509_NAME_ENTRY) *sk;
218
219 if (name == NULL) return(0);
220 sk=name->entries;
221 n=sk_X509_NAME_ENTRY_num(sk);
222 if (loc > n) loc=n;
223 else if (loc < 0) loc=n;
224
225 name->modified=1;
226
227 if (set == -1)
228 {
229 if (loc == 0)
230 {
231 set=0;
232 inc=1;
233 }
234 else
235 {
236 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
237 inc=0;
238 }
239 }
240 else /* if (set >= 0) */
241 {
242 if (loc >= n)
243 {
244 if (loc != 0)
245 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
246 else
247 set=0;
248 }
249 else
250 set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
251 inc=(set == 0)?1:0;
252 }
253
254 if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
255 goto err;
256 new_name->set=set;
257 if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
258 {
259 X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
260 goto err;
261 }
262 if (inc)
263 {
264 n=sk_X509_NAME_ENTRY_num(sk);
265 for (i=loc+1; i<n; i++)
266 sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
267 }
268 return(1);
269err:
270 if (new_name != NULL)
271 X509_NAME_ENTRY_free(new_name);
272 return(0);
273 }
274
275X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
276 char *field, int type, unsigned char *bytes, int len)
277 {
278 ASN1_OBJECT *obj;
279 X509_NAME_ENTRY *nentry;
280
281 obj=OBJ_txt2obj(field, 0);
282 if (obj == NULL)
283 {
284 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
285 X509_R_INVALID_FIELD_NAME);
286 ERR_add_error_data(2, "name=", field);
287 return(NULL);
288 }
289 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
290 ASN1_OBJECT_free(obj);
291 return nentry;
292 }
293
294X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
295 int type, unsigned char *bytes, int len)
296 {
297 ASN1_OBJECT *obj;
298 X509_NAME_ENTRY *nentry;
299
300 obj=OBJ_nid2obj(nid);
301 if (obj == NULL)
302 {
303 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
304 return(NULL);
305 }
306 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
307 ASN1_OBJECT_free(obj);
308 return nentry;
309 }
310
311X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
312 ASN1_OBJECT *obj, int type, unsigned char *bytes, int len)
313 {
314 X509_NAME_ENTRY *ret;
315
316 if ((ne == NULL) || (*ne == NULL))
317 {
318 if ((ret=X509_NAME_ENTRY_new()) == NULL)
319 return(NULL);
320 }
321 else
322 ret= *ne;
323
324 if (!X509_NAME_ENTRY_set_object(ret,obj))
325 goto err;
326 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
327 goto err;
328
329 if ((ne != NULL) && (*ne == NULL)) *ne=ret;
330 return(ret);
331err:
332 if ((ne == NULL) || (ret != *ne))
333 X509_NAME_ENTRY_free(ret);
334 return(NULL);
335 }
336
337int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
338 {
339 if ((ne == NULL) || (obj == NULL))
340 {
341 X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
342 return(0);
343 }
344 ASN1_OBJECT_free(ne->object);
345 ne->object=OBJ_dup(obj);
346 return((ne->object == NULL)?0:1);
347 }
348
349int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
350 unsigned char *bytes, int len)
351 {
352 int i;
353
354 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
355 if((type > 0) && (type & MBSTRING_FLAG))
356 return ASN1_STRING_set_by_NID(&ne->value, bytes,
357 len, type,
358 OBJ_obj2nid(ne->object)) ? 1 : 0;
359 if (len < 0) len=strlen((char *)bytes);
360 i=ASN1_STRING_set(ne->value,bytes,len);
361 if (!i) return(0);
362 if (type != V_ASN1_UNDEF)
363 {
364 if (type == V_ASN1_APP_CHOOSE)
365 ne->value->type=ASN1_PRINTABLE_type(bytes,len);
366 else
367 ne->value->type=type;
368 }
369 return(1);
370 }
371
372ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
373 {
374 if (ne == NULL) return(NULL);
375 return(ne->object);
376 }
377
378ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
379 {
380 if (ne == NULL) return(NULL);
381 return(ne->value);
382 }
383
diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c
deleted file mode 100644
index d9f6b57372..0000000000
--- a/src/lib/libcrypto/x509/x509rset.c
+++ /dev/null
@@ -1,83 +0,0 @@
1/* crypto/x509/x509rset.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_REQ_set_version(X509_REQ *x, long version)
67 {
68 if (x == NULL) return(0);
69 return(ASN1_INTEGER_set(x->req_info->version,version));
70 }
71
72int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
73 {
74 if ((x == NULL) || (x->req_info == NULL)) return(0);
75 return(X509_NAME_set(&x->req_info->subject,name));
76 }
77
78int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
79 {
80 if ((x == NULL) || (x->req_info == NULL)) return(0);
81 return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
82 }
83
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
deleted file mode 100644
index b35c3f92e7..0000000000
--- a/src/lib/libcrypto/x509/x509spki.c
+++ /dev/null
@@ -1,121 +0,0 @@
1/* x509spki.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509.h>
62#include <openssl/asn1_mac.h>
63
64int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
65{
66 if ((x == NULL) || (x->spkac == NULL)) return(0);
67 return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
68}
69
70EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
71{
72 if ((x == NULL) || (x->spkac == NULL))
73 return(NULL);
74 return(X509_PUBKEY_get(x->spkac->pubkey));
75}
76
77/* Load a Netscape SPKI from a base64 encoded string */
78
79NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
80{
81 unsigned char *spki_der, *p;
82 int spki_len;
83 NETSCAPE_SPKI *spki;
84 if(len <= 0) len = strlen(str);
85 if (!(spki_der = Malloc(len + 1))) {
86 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89 spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
90 if(spki_len < 0) {
91 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
92 X509_R_BASE64_DECODE_ERROR);
93 Free(spki_der);
94 return NULL;
95 }
96 p = spki_der;
97 spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
98 Free(spki_der);
99 return spki;
100}
101
102/* Generate a base64 encoded string from an SPKI */
103
104char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
105{
106 unsigned char *der_spki, *p;
107 char *b64_str;
108 int der_len;
109 der_len = i2d_NETSCAPE_SPKI(spki, NULL);
110 der_spki = Malloc(der_len);
111 b64_str = Malloc(der_len * 2);
112 if(!der_spki || !b64_str) {
113 X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
114 return NULL;
115 }
116 p = der_spki;
117 i2d_NETSCAPE_SPKI(spki, &p);
118 EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
119 Free(der_spki);
120 return b64_str;
121}
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
deleted file mode 100644
index 8e78b34458..0000000000
--- a/src/lib/libcrypto/x509/x509type.c
+++ /dev/null
@@ -1,114 +0,0 @@
1/* crypto/x509/x509type.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/evp.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64
65int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
66 {
67 EVP_PKEY *pk;
68 int ret=0,i;
69
70 if (x == NULL) return(0);
71
72 if (pkey == NULL)
73 pk=X509_get_pubkey(x);
74 else
75 pk=pkey;
76
77 if (pk == NULL) return(0);
78
79 switch (pk->type)
80 {
81 case EVP_PKEY_RSA:
82 ret=EVP_PK_RSA|EVP_PKT_SIGN;
83/* if (!sign only extension) */
84 ret|=EVP_PKT_ENC;
85 break;
86 case EVP_PKEY_DSA:
87 ret=EVP_PK_DSA|EVP_PKT_SIGN;
88 break;
89 case EVP_PKEY_DH:
90 ret=EVP_PK_DH|EVP_PKT_EXCH;
91 break;
92 default:
93 break;
94 }
95
96 i=X509_get_signature_type(x);
97 switch (i)
98 {
99 case EVP_PKEY_RSA:
100 ret|=EVP_PKS_RSA;
101 break;
102 case EVP_PKS_DSA:
103 ret|=EVP_PKS_DSA;
104 break;
105 default:
106 break;
107 }
108
109 if (EVP_PKEY_size(pk) <= 512)
110 ret|=EVP_PKT_EXP;
111 if(pkey==NULL) EVP_PKEY_free(pk);
112 return(ret);
113 }
114
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
deleted file mode 100644
index d2bf3c8e1c..0000000000
--- a/src/lib/libcrypto/x509/x_all.c
+++ /dev/null
@@ -1,531 +0,0 @@
1/* crypto/x509/x_all.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#undef SSLEAY_MACROS
61#include <openssl/stack.h>
62#include "cryptlib.h"
63#include <openssl/buffer.h>
64#include <openssl/asn1.h>
65#include <openssl/evp.h>
66#include <openssl/x509.h>
67
68int X509_verify(X509 *a, EVP_PKEY *r)
69 {
70 return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,
71 a->signature,(char *)a->cert_info,r));
72 }
73
74int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
75 {
76 return( ASN1_verify((int (*)())i2d_X509_REQ_INFO,
77 a->sig_alg,a->signature,(char *)a->req_info,r));
78 }
79
80int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
81 {
82 return(ASN1_verify((int (*)())i2d_X509_CRL_INFO,
83 a->sig_alg, a->signature,(char *)a->crl,r));
84 }
85
86int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
87 {
88 return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC,
89 a->sig_algor,a->signature, (char *)a->spkac,r));
90 }
91
92int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
93 {
94 return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature,
95 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md));
96 }
97
98int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
99 {
100 return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL,
101 x->signature, (char *)x->req_info,pkey,md));
102 }
103
104int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
105 {
106 return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,
107 x->sig_alg, x->signature, (char *)x->crl,pkey,md));
108 }
109
110int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
111 {
112 return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL,
113 x->signature, (char *)x->spkac,pkey,md));
114 }
115
116X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa)
117 {
118 return((X509_ATTRIBUTE *)ASN1_dup((int (*)())i2d_X509_ATTRIBUTE,
119 (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa));
120 }
121
122X509 *X509_dup(X509 *x509)
123 {
124 return((X509 *)ASN1_dup((int (*)())i2d_X509,
125 (char *(*)())d2i_X509,(char *)x509));
126 }
127
128X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex)
129 {
130 return((X509_EXTENSION *)ASN1_dup(
131 (int (*)())i2d_X509_EXTENSION,
132 (char *(*)())d2i_X509_EXTENSION,(char *)ex));
133 }
134
135#ifndef NO_FP_API
136X509 *d2i_X509_fp(FILE *fp, X509 **x509)
137 {
138 return((X509 *)ASN1_d2i_fp((char *(*)())X509_new,
139 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)));
140 }
141
142int i2d_X509_fp(FILE *fp, X509 *x509)
143 {
144 return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509));
145 }
146#endif
147
148X509 *d2i_X509_bio(BIO *bp, X509 **x509)
149 {
150 return((X509 *)ASN1_d2i_bio((char *(*)())X509_new,
151 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)));
152 }
153
154int i2d_X509_bio(BIO *bp, X509 *x509)
155 {
156 return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509));
157 }
158
159X509_CRL *X509_CRL_dup(X509_CRL *crl)
160 {
161 return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL,
162 (char *(*)())d2i_X509_CRL,(char *)crl));
163 }
164
165#ifndef NO_FP_API
166X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
167 {
168 return((X509_CRL *)ASN1_d2i_fp((char *(*)())
169 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),
170 (unsigned char **)(crl)));
171 }
172
173int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
174 {
175 return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl));
176 }
177#endif
178
179X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
180 {
181 return((X509_CRL *)ASN1_d2i_bio((char *(*)())
182 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),
183 (unsigned char **)(crl)));
184 }
185
186int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
187 {
188 return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl));
189 }
190
191PKCS7 *PKCS7_dup(PKCS7 *p7)
192 {
193 return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7,
194 (char *(*)())d2i_PKCS7,(char *)p7));
195 }
196
197#ifndef NO_FP_API
198PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
199 {
200 return((PKCS7 *)ASN1_d2i_fp((char *(*)())
201 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),
202 (unsigned char **)(p7)));
203 }
204
205int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
206 {
207 return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7));
208 }
209#endif
210
211PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
212 {
213 return((PKCS7 *)ASN1_d2i_bio((char *(*)())
214 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),
215 (unsigned char **)(p7)));
216 }
217
218int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
219 {
220 return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7));
221 }
222
223X509_REQ *X509_REQ_dup(X509_REQ *req)
224 {
225 return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ,
226 (char *(*)())d2i_X509_REQ,(char *)req));
227 }
228
229#ifndef NO_FP_API
230X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
231 {
232 return((X509_REQ *)ASN1_d2i_fp((char *(*)())
233 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),
234 (unsigned char **)(req)));
235 }
236
237int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
238 {
239 return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req));
240 }
241#endif
242
243X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
244 {
245 return((X509_REQ *)ASN1_d2i_bio((char *(*)())
246 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),
247 (unsigned char **)(req)));
248 }
249
250int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
251 {
252 return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req));
253 }
254
255#ifndef NO_RSA
256RSA *RSAPublicKey_dup(RSA *rsa)
257 {
258 return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey,
259 (char *(*)())d2i_RSAPublicKey,(char *)rsa));
260 }
261
262RSA *RSAPrivateKey_dup(RSA *rsa)
263 {
264 return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey,
265 (char *(*)())d2i_RSAPrivateKey,(char *)rsa));
266 }
267
268#ifndef NO_FP_API
269RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
270 {
271 return((RSA *)ASN1_d2i_fp((char *(*)())
272 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp),
273 (unsigned char **)(rsa)));
274 }
275
276int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
277 {
278 return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa));
279 }
280
281RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
282 {
283 return((RSA *)ASN1_d2i_fp((char *(*)())
284 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp),
285 (unsigned char **)(rsa)));
286 }
287
288RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
289 {
290 return((RSA *)ASN1_d2i_fp((char *(*)())
291 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp),
292 (unsigned char **)(rsa)));
293 }
294
295int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
296 {
297 return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
298 }
299
300int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
301 {
302 return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa));
303 }
304#endif
305
306RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
307 {
308 return((RSA *)ASN1_d2i_bio((char *(*)())
309 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp),
310 (unsigned char **)(rsa)));
311 }
312
313int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
314 {
315 return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa));
316 }
317
318RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
319 {
320 return((RSA *)ASN1_d2i_bio((char *(*)())
321 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp),
322 (unsigned char **)(rsa)));
323 }
324
325RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
326 {
327 return((RSA *)ASN1_d2i_bio((char *(*)())
328 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp),
329 (unsigned char **)(rsa)));
330 }
331
332int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
333 {
334 return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
335 }
336
337int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
338 {
339 return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa));
340 }
341#endif
342
343#ifndef NO_DSA
344#ifndef NO_FP_API
345DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
346 {
347 return((DSA *)ASN1_d2i_fp((char *(*)())
348 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
349 (unsigned char **)(dsa)));
350 }
351
352int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
353 {
354 return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
355 }
356
357DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
358 {
359 return((DSA *)ASN1_d2i_fp((char *(*)())
360 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp),
361 (unsigned char **)(dsa)));
362 }
363
364int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
365 {
366 return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa));
367 }
368#endif
369
370DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
371 {
372 return((DSA *)ASN1_d2i_bio((char *(*)())
373 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
374 (unsigned char **)(dsa)));
375 }
376
377int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
378 {
379 return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
380 }
381
382DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
383 {
384 return((DSA *)ASN1_d2i_bio((char *(*)())
385 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp),
386 (unsigned char **)(dsa)));
387 }
388
389int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
390 {
391 return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa));
392 }
393
394#endif
395
396X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn)
397 {
398 return((X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,
399 (char *(*)())d2i_X509_ALGOR,(char *)xn));
400 }
401
402X509_NAME *X509_NAME_dup(X509_NAME *xn)
403 {
404 return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME,
405 (char *(*)())d2i_X509_NAME,(char *)xn));
406 }
407
408X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
409 {
410 return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY,
411 (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
412 }
413
414int X509_digest(X509 *data, const EVP_MD *type, unsigned char *md,
415 unsigned int *len)
416 {
417 return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
418 }
419
420int X509_NAME_digest(X509_NAME *data, const EVP_MD *type, unsigned char *md,
421 unsigned int *len)
422 {
423 return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
424 }
425
426int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
427 unsigned char *md, unsigned int *len)
428 {
429 return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
430 (char *)data,md,len));
431 }
432
433
434#ifndef NO_FP_API
435X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
436 {
437 return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
438 (char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8)));
439 }
440
441int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
442 {
443 return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8));
444 }
445#endif
446
447X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
448 {
449 return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new,
450 (char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8)));
451 }
452
453int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
454 {
455 return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
456 }
457
458#ifndef NO_FP_API
459PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
460 PKCS8_PRIV_KEY_INFO **p8inf)
461 {
462 return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp(
463 (char *(*)())PKCS8_PRIV_KEY_INFO_new,
464 (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp),
465 (unsigned char **)(p8inf)));
466 }
467
468int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
469 {
470 return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
471 }
472
473int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
474 {
475 PKCS8_PRIV_KEY_INFO *p8inf;
476 int ret;
477 p8inf = EVP_PKEY2PKCS8(key);
478 if(!p8inf) return 0;
479 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
480 PKCS8_PRIV_KEY_INFO_free(p8inf);
481 return ret;
482 }
483
484int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
485 {
486 return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey));
487 }
488
489EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
490{
491 return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
492 (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
493}
494
495#endif
496
497PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
498 PKCS8_PRIV_KEY_INFO **p8inf)
499 {
500 return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio(
501 (char *(*)())PKCS8_PRIV_KEY_INFO_new,
502 (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp),
503 (unsigned char **)(p8inf)));
504 }
505
506int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
507 {
508 return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
509 }
510
511int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
512 {
513 PKCS8_PRIV_KEY_INFO *p8inf;
514 int ret;
515 p8inf = EVP_PKEY2PKCS8(key);
516 if(!p8inf) return 0;
517 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
518 PKCS8_PRIV_KEY_INFO_free(p8inf);
519 return ret;
520 }
521
522int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
523 {
524 return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey));
525 }
526
527EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
528 {
529 return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
530 (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
531 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-24 22:17:42 +0000