summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509')
-rw-r--r--src/lib/libcrypto/x509/by_dir.c386
-rw-r--r--src/lib/libcrypto/x509/by_file.c300
-rw-r--r--src/lib/libcrypto/x509/x509.h1355
-rw-r--r--src/lib/libcrypto/x509/x509_att.c359
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c432
-rw-r--r--src/lib/libcrypto/x509/x509_d2.c107
-rw-r--r--src/lib/libcrypto/x509/x509_def.c81
-rw-r--r--src/lib/libcrypto/x509/x509_err.c161
-rw-r--r--src/lib/libcrypto/x509/x509_ext.c210
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c567
-rw-r--r--src/lib/libcrypto/x509/x509_obj.c226
-rw-r--r--src/lib/libcrypto/x509/x509_r2x.c114
-rw-r--r--src/lib/libcrypto/x509/x509_req.c324
-rw-r--r--src/lib/libcrypto/x509/x509_set.c150
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c287
-rw-r--r--src/lib/libcrypto/x509/x509_txt.c173
-rw-r--r--src/lib/libcrypto/x509/x509_v3.c274
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c1552
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h531
-rw-r--r--src/lib/libcrypto/x509/x509_vpm.c430
-rw-r--r--src/lib/libcrypto/x509/x509cset.c170
-rw-r--r--src/lib/libcrypto/x509/x509name.c383
-rw-r--r--src/lib/libcrypto/x509/x509rset.c83
-rw-r--r--src/lib/libcrypto/x509/x509spki.c121
-rw-r--r--src/lib/libcrypto/x509/x509type.c121
-rw-r--r--src/lib/libcrypto/x509/x_all.c522
26 files changed, 0 insertions, 9419 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
deleted file mode 100644
index 341e0ba6a4..0000000000
--- a/src/lib/libcrypto/x509/by_dir.c
+++ /dev/null
@@ -1,386 +0,0 @@
1/* crypto/x509/by_dir.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64
65#ifndef NO_SYS_TYPES_H
66# include <sys/types.h>
67#endif
68#ifdef MAC_OS_pre_X
69# include <stat.h>
70#else
71# include <sys/stat.h>
72#endif
73
74#include <openssl/lhash.h>
75#include <openssl/x509.h>
76
77#ifdef _WIN32
78#define stat _stat
79#endif
80
81typedef struct lookup_dir_st
82 {
83 BUF_MEM *buffer;
84 int num_dirs;
85 char **dirs;
86 int *dirs_type;
87 int num_dirs_alloced;
88 } BY_DIR;
89
90static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
91 char **ret);
92static int new_dir(X509_LOOKUP *lu);
93static void free_dir(X509_LOOKUP *lu);
94static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
95static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
96 X509_OBJECT *ret);
97X509_LOOKUP_METHOD x509_dir_lookup=
98 {
99 "Load certs from files in a directory",
100 new_dir, /* new */
101 free_dir, /* free */
102 NULL, /* init */
103 NULL, /* shutdown */
104 dir_ctrl, /* ctrl */
105 get_cert_by_subject, /* get_by_subject */
106 NULL, /* get_by_issuer_serial */
107 NULL, /* get_by_fingerprint */
108 NULL, /* get_by_alias */
109 };
110
111X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
112 {
113 return(&x509_dir_lookup);
114 }
115
116static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
117 char **retp)
118 {
119 int ret=0;
120 BY_DIR *ld;
121 char *dir = NULL;
122
123 ld=(BY_DIR *)ctx->method_data;
124
125 switch (cmd)
126 {
127 case X509_L_ADD_DIR:
128 if (argl == X509_FILETYPE_DEFAULT)
129 {
130 dir=(char *)Getenv(X509_get_default_cert_dir_env());
131 if (dir)
132 ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
133 else
134 ret=add_cert_dir(ld,X509_get_default_cert_dir(),
135 X509_FILETYPE_PEM);
136 if (!ret)
137 {
138 X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
139 }
140 }
141 else
142 ret=add_cert_dir(ld,argp,(int)argl);
143 break;
144 }
145 return(ret);
146 }
147
148static int new_dir(X509_LOOKUP *lu)
149 {
150 BY_DIR *a;
151
152 if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
153 return(0);
154 if ((a->buffer=BUF_MEM_new()) == NULL)
155 {
156 OPENSSL_free(a);
157 return(0);
158 }
159 a->num_dirs=0;
160 a->dirs=NULL;
161 a->dirs_type=NULL;
162 a->num_dirs_alloced=0;
163 lu->method_data=(char *)a;
164 return(1);
165 }
166
167static void free_dir(X509_LOOKUP *lu)
168 {
169 BY_DIR *a;
170 int i;
171
172 a=(BY_DIR *)lu->method_data;
173 for (i=0; i<a->num_dirs; i++)
174 if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
175 if (a->dirs != NULL) OPENSSL_free(a->dirs);
176 if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
177 if (a->buffer != NULL) BUF_MEM_free(a->buffer);
178 OPENSSL_free(a);
179 }
180
181static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
182 {
183 int j,len;
184 int *ip;
185 const char *s,*ss,*p;
186 char **pp;
187
188 if (dir == NULL || !*dir)
189 {
190 X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
191 return 0;
192 }
193
194 s=dir;
195 p=s;
196 for (;;p++)
197 {
198 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
199 {
200 ss=s;
201 s=p+1;
202 len=(int)(p-ss);
203 if (len == 0) continue;
204 for (j=0; j<ctx->num_dirs; j++)
205 if (strlen(ctx->dirs[j]) == (size_t)len &&
206 strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
207 break;
208 if (j<ctx->num_dirs)
209 continue;
210 if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
211 {
212 ctx->num_dirs_alloced+=10;
213 pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
214 sizeof(char *));
215 ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
216 sizeof(int));
217 if ((pp == NULL) || (ip == NULL))
218 {
219 X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
220 return(0);
221 }
222 memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
223 sizeof(char *));
224 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
225 sizeof(int));
226 if (ctx->dirs != NULL)
227 OPENSSL_free(ctx->dirs);
228 if (ctx->dirs_type != NULL)
229 OPENSSL_free(ctx->dirs_type);
230 ctx->dirs=pp;
231 ctx->dirs_type=ip;
232 }
233 ctx->dirs_type[ctx->num_dirs]=type;
234 ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
235 if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
236 strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
237 ctx->dirs[ctx->num_dirs][len]='\0';
238 ctx->num_dirs++;
239 }
240 if (*p == '\0') break;
241 }
242 return(1);
243 }
244
245static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
246 X509_OBJECT *ret)
247 {
248 BY_DIR *ctx;
249 union {
250 struct {
251 X509 st_x509;
252 X509_CINF st_x509_cinf;
253 } x509;
254 struct {
255 X509_CRL st_crl;
256 X509_CRL_INFO st_crl_info;
257 } crl;
258 } data;
259 int ok=0;
260 int i,j,k;
261 unsigned long h;
262 BUF_MEM *b=NULL;
263 struct stat st;
264 X509_OBJECT stmp,*tmp;
265 const char *postfix="";
266
267 if (name == NULL) return(0);
268
269 stmp.type=type;
270 if (type == X509_LU_X509)
271 {
272 data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
273 data.x509.st_x509_cinf.subject=name;
274 stmp.data.x509= &data.x509.st_x509;
275 postfix="";
276 }
277 else if (type == X509_LU_CRL)
278 {
279 data.crl.st_crl.crl= &data.crl.st_crl_info;
280 data.crl.st_crl_info.issuer=name;
281 stmp.data.crl= &data.crl.st_crl;
282 postfix="r";
283 }
284 else
285 {
286 X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
287 goto finish;
288 }
289
290 if ((b=BUF_MEM_new()) == NULL)
291 {
292 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
293 goto finish;
294 }
295
296 ctx=(BY_DIR *)xl->method_data;
297
298 h=X509_NAME_hash(name);
299 for (i=0; i<ctx->num_dirs; i++)
300 {
301 j=strlen(ctx->dirs[i])+1+8+6+1+1;
302 if (!BUF_MEM_grow(b,j))
303 {
304 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
305 goto finish;
306 }
307 k=0;
308 for (;;)
309 {
310 char c = '/';
311#ifdef OPENSSL_SYS_VMS
312 c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
313 if (c != ':' && c != '>' && c != ']')
314 {
315 /* If no separator is present, we assume the
316 directory specifier is a logical name, and
317 add a colon. We really should use better
318 VMS routines for merging things like this,
319 but this will do for now...
320 -- Richard Levitte */
321 c = ':';
322 }
323 else
324 {
325 c = '\0';
326 }
327#endif
328 if (c == '\0')
329 {
330 /* This is special. When c == '\0', no
331 directory separator should be added. */
332 BIO_snprintf(b->data,b->max,
333 "%s%08lx.%s%d",ctx->dirs[i],h,
334 postfix,k);
335 }
336 else
337 {
338 BIO_snprintf(b->data,b->max,
339 "%s%c%08lx.%s%d",ctx->dirs[i],c,h,
340 postfix,k);
341 }
342 k++;
343 if (stat(b->data,&st) < 0)
344 break;
345 /* found one. */
346 if (type == X509_LU_X509)
347 {
348 if ((X509_load_cert_file(xl,b->data,
349 ctx->dirs_type[i])) == 0)
350 break;
351 }
352 else if (type == X509_LU_CRL)
353 {
354 if ((X509_load_crl_file(xl,b->data,
355 ctx->dirs_type[i])) == 0)
356 break;
357 }
358 /* else case will caught higher up */
359 }
360
361 /* we have added it to the cache so now pull
362 * it out again */
363 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
364 j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
365 if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
366 else tmp = NULL;
367 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
368
369 if (tmp != NULL)
370 {
371 ok=1;
372 ret->type=tmp->type;
373 memcpy(&ret->data,&tmp->data,sizeof(ret->data));
374 /* If we were going to up the reference count,
375 * we would need to do it on a perl 'type'
376 * basis */
377 /* CRYPTO_add(&tmp->data.x509->references,1,
378 CRYPTO_LOCK_X509);*/
379 goto finish;
380 }
381 }
382finish:
383 if (b != NULL) BUF_MEM_free(b);
384 return(ok);
385 }
386
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
deleted file mode 100644
index a5e0d4aefa..0000000000
--- a/src/lib/libcrypto/x509/by_file.c
+++ /dev/null
@@ -1,300 +0,0 @@
1/* crypto/x509/by_file.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/lhash.h>
65#include <openssl/buffer.h>
66#include <openssl/x509.h>
67#include <openssl/pem.h>
68
69#ifndef OPENSSL_NO_STDIO
70
71static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
72 long argl, char **ret);
73X509_LOOKUP_METHOD x509_file_lookup=
74 {
75 "Load file into cache",
76 NULL, /* new */
77 NULL, /* free */
78 NULL, /* init */
79 NULL, /* shutdown */
80 by_file_ctrl, /* ctrl */
81 NULL, /* get_by_subject */
82 NULL, /* get_by_issuer_serial */
83 NULL, /* get_by_fingerprint */
84 NULL, /* get_by_alias */
85 };
86
87X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
88 {
89 return(&x509_file_lookup);
90 }
91
92static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
93 char **ret)
94 {
95 int ok=0;
96 char *file;
97
98 switch (cmd)
99 {
100 case X509_L_FILE_LOAD:
101 if (argl == X509_FILETYPE_DEFAULT)
102 {
103 file = (char *)Getenv(X509_get_default_cert_file_env());
104 if (file)
105 ok = (X509_load_cert_crl_file(ctx,file,
106 X509_FILETYPE_PEM) != 0);
107
108 else
109 ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
110 X509_FILETYPE_PEM) != 0);
111
112 if (!ok)
113 {
114 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
115 }
116 }
117 else
118 {
119 if(argl == X509_FILETYPE_PEM)
120 ok = (X509_load_cert_crl_file(ctx,argp,
121 X509_FILETYPE_PEM) != 0);
122 else
123 ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
124 }
125 break;
126 }
127 return(ok);
128 }
129
130int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
131 {
132 int ret=0;
133 BIO *in=NULL;
134 int i,count=0;
135 X509 *x=NULL;
136
137 if (file == NULL) return(1);
138 in=BIO_new(BIO_s_file_internal());
139
140 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
141 {
142 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
143 goto err;
144 }
145
146 if (type == X509_FILETYPE_PEM)
147 {
148 for (;;)
149 {
150 x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
151 if (x == NULL)
152 {
153 if ((ERR_GET_REASON(ERR_peek_last_error()) ==
154 PEM_R_NO_START_LINE) && (count > 0))
155 {
156 ERR_clear_error();
157 break;
158 }
159 else
160 {
161 X509err(X509_F_X509_LOAD_CERT_FILE,
162 ERR_R_PEM_LIB);
163 goto err;
164 }
165 }
166 i=X509_STORE_add_cert(ctx->store_ctx,x);
167 if (!i) goto err;
168 count++;
169 X509_free(x);
170 x=NULL;
171 }
172 ret=count;
173 }
174 else if (type == X509_FILETYPE_ASN1)
175 {
176 x=d2i_X509_bio(in,NULL);
177 if (x == NULL)
178 {
179 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
180 goto err;
181 }
182 i=X509_STORE_add_cert(ctx->store_ctx,x);
183 if (!i) goto err;
184 ret=i;
185 }
186 else
187 {
188 X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
189 goto err;
190 }
191err:
192 if (x != NULL) X509_free(x);
193 if (in != NULL) BIO_free(in);
194 return(ret);
195 }
196
197int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
198 {
199 int ret=0;
200 BIO *in=NULL;
201 int i,count=0;
202 X509_CRL *x=NULL;
203
204 if (file == NULL) return(1);
205 in=BIO_new(BIO_s_file_internal());
206
207 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
208 {
209 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
210 goto err;
211 }
212
213 if (type == X509_FILETYPE_PEM)
214 {
215 for (;;)
216 {
217 x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
218 if (x == NULL)
219 {
220 if ((ERR_GET_REASON(ERR_peek_last_error()) ==
221 PEM_R_NO_START_LINE) && (count > 0))
222 {
223 ERR_clear_error();
224 break;
225 }
226 else
227 {
228 X509err(X509_F_X509_LOAD_CRL_FILE,
229 ERR_R_PEM_LIB);
230 goto err;
231 }
232 }
233 i=X509_STORE_add_crl(ctx->store_ctx,x);
234 if (!i) goto err;
235 count++;
236 X509_CRL_free(x);
237 x=NULL;
238 }
239 ret=count;
240 }
241 else if (type == X509_FILETYPE_ASN1)
242 {
243 x=d2i_X509_CRL_bio(in,NULL);
244 if (x == NULL)
245 {
246 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
247 goto err;
248 }
249 i=X509_STORE_add_crl(ctx->store_ctx,x);
250 if (!i) goto err;
251 ret=i;
252 }
253 else
254 {
255 X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
256 goto err;
257 }
258err:
259 if (x != NULL) X509_CRL_free(x);
260 if (in != NULL) BIO_free(in);
261 return(ret);
262 }
263
264int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
265{
266 STACK_OF(X509_INFO) *inf;
267 X509_INFO *itmp;
268 BIO *in;
269 int i, count = 0;
270 if(type != X509_FILETYPE_PEM)
271 return X509_load_cert_file(ctx, file, type);
272 in = BIO_new_file(file, "r");
273 if(!in) {
274 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
275 return 0;
276 }
277 inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
278 BIO_free(in);
279 if(!inf) {
280 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
281 return 0;
282 }
283 for(i = 0; i < sk_X509_INFO_num(inf); i++) {
284 itmp = sk_X509_INFO_value(inf, i);
285 if(itmp->x509) {
286 X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
287 count++;
288 }
289 if(itmp->crl) {
290 X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
291 count++;
292 }
293 }
294 sk_X509_INFO_pop_free(inf, X509_INFO_free);
295 return count;
296}
297
298
299#endif /* OPENSSL_NO_STDIO */
300
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
deleted file mode 100644
index e71b5257e5..0000000000
--- a/src/lib/libcrypto/x509/x509.h
+++ /dev/null
@@ -1,1355 +0,0 @@
1/* crypto/x509/x509.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * ECDH support in OpenSSL originally developed by
61 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
62 */
63
64#ifndef HEADER_X509_H
65#define HEADER_X509_H
66
67#include <openssl/e_os2.h>
68#include <openssl/symhacks.h>
69#ifndef OPENSSL_NO_BUFFER
70#include <openssl/buffer.h>
71#endif
72#ifndef OPENSSL_NO_EVP
73#include <openssl/evp.h>
74#endif
75#ifndef OPENSSL_NO_BIO
76#include <openssl/bio.h>
77#endif
78#include <openssl/stack.h>
79#include <openssl/asn1.h>
80#include <openssl/safestack.h>
81
82#ifndef OPENSSL_NO_EC
83#include <openssl/ec.h>
84#endif
85
86#ifndef OPENSSL_NO_ECDSA
87#include <openssl/ecdsa.h>
88#endif
89
90#ifndef OPENSSL_NO_ECDH
91#include <openssl/ecdh.h>
92#endif
93
94#ifndef OPENSSL_NO_DEPRECATED
95#ifndef OPENSSL_NO_RSA
96#include <openssl/rsa.h>
97#endif
98#ifndef OPENSSL_NO_DSA
99#include <openssl/dsa.h>
100#endif
101#ifndef OPENSSL_NO_DH
102#include <openssl/dh.h>
103#endif
104#endif
105
106#ifndef OPENSSL_NO_SHA
107#include <openssl/sha.h>
108#endif
109#include <openssl/ossl_typ.h>
110
111#ifdef __cplusplus
112extern "C" {
113#endif
114
115#ifdef OPENSSL_SYS_WIN32
116/* Under Win32 these are defined in wincrypt.h */
117#undef X509_NAME
118#undef X509_CERT_PAIR
119#endif
120
121#define X509_FILETYPE_PEM 1
122#define X509_FILETYPE_ASN1 2
123#define X509_FILETYPE_DEFAULT 3
124
125#define X509v3_KU_DIGITAL_SIGNATURE 0x0080
126#define X509v3_KU_NON_REPUDIATION 0x0040
127#define X509v3_KU_KEY_ENCIPHERMENT 0x0020
128#define X509v3_KU_DATA_ENCIPHERMENT 0x0010
129#define X509v3_KU_KEY_AGREEMENT 0x0008
130#define X509v3_KU_KEY_CERT_SIGN 0x0004
131#define X509v3_KU_CRL_SIGN 0x0002
132#define X509v3_KU_ENCIPHER_ONLY 0x0001
133#define X509v3_KU_DECIPHER_ONLY 0x8000
134#define X509v3_KU_UNDEF 0xffff
135
136typedef struct X509_objects_st
137 {
138 int nid;
139 int (*a2i)(void);
140 int (*i2a)(void);
141 } X509_OBJECTS;
142
143struct X509_algor_st
144 {
145 ASN1_OBJECT *algorithm;
146 ASN1_TYPE *parameter;
147 } /* X509_ALGOR */;
148
149DECLARE_ASN1_SET_OF(X509_ALGOR)
150
151typedef STACK_OF(X509_ALGOR) X509_ALGORS;
152
153typedef struct X509_val_st
154 {
155 ASN1_TIME *notBefore;
156 ASN1_TIME *notAfter;
157 } X509_VAL;
158
159typedef struct X509_pubkey_st
160 {
161 X509_ALGOR *algor;
162 ASN1_BIT_STRING *public_key;
163 EVP_PKEY *pkey;
164 } X509_PUBKEY;
165
166typedef struct X509_sig_st
167 {
168 X509_ALGOR *algor;
169 ASN1_OCTET_STRING *digest;
170 } X509_SIG;
171
172typedef struct X509_name_entry_st
173 {
174 ASN1_OBJECT *object;
175 ASN1_STRING *value;
176 int set;
177 int size; /* temp variable */
178 } X509_NAME_ENTRY;
179
180DECLARE_STACK_OF(X509_NAME_ENTRY)
181DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
182
183/* we always keep X509_NAMEs in 2 forms. */
184struct X509_name_st
185 {
186 STACK_OF(X509_NAME_ENTRY) *entries;
187 int modified; /* true if 'bytes' needs to be built */
188#ifndef OPENSSL_NO_BUFFER
189 BUF_MEM *bytes;
190#else
191 char *bytes;
192#endif
193 unsigned long hash; /* Keep the hash around for lookups */
194 } /* X509_NAME */;
195
196DECLARE_STACK_OF(X509_NAME)
197
198#define X509_EX_V_NETSCAPE_HACK 0x8000
199#define X509_EX_V_INIT 0x0001
200typedef struct X509_extension_st
201 {
202 ASN1_OBJECT *object;
203 ASN1_BOOLEAN critical;
204 ASN1_OCTET_STRING *value;
205 } X509_EXTENSION;
206
207typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
208
209DECLARE_STACK_OF(X509_EXTENSION)
210DECLARE_ASN1_SET_OF(X509_EXTENSION)
211
212/* a sequence of these are used */
213typedef struct x509_attributes_st
214 {
215 ASN1_OBJECT *object;
216 int single; /* 0 for a set, 1 for a single item (which is wrong) */
217 union {
218 char *ptr;
219/* 0 */ STACK_OF(ASN1_TYPE) *set;
220/* 1 */ ASN1_TYPE *single;
221 } value;
222 } X509_ATTRIBUTE;
223
224DECLARE_STACK_OF(X509_ATTRIBUTE)
225DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
226
227
228typedef struct X509_req_info_st
229 {
230 ASN1_ENCODING enc;
231 ASN1_INTEGER *version;
232 X509_NAME *subject;
233 X509_PUBKEY *pubkey;
234 /* d=2 hl=2 l= 0 cons: cont: 00 */
235 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
236 } X509_REQ_INFO;
237
238typedef struct X509_req_st
239 {
240 X509_REQ_INFO *req_info;
241 X509_ALGOR *sig_alg;
242 ASN1_BIT_STRING *signature;
243 int references;
244 } X509_REQ;
245
246typedef struct x509_cinf_st
247 {
248 ASN1_INTEGER *version; /* [ 0 ] default of v1 */
249 ASN1_INTEGER *serialNumber;
250 X509_ALGOR *signature;
251 X509_NAME *issuer;
252 X509_VAL *validity;
253 X509_NAME *subject;
254 X509_PUBKEY *key;
255 ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
256 ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
257 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
258 } X509_CINF;
259
260/* This stuff is certificate "auxiliary info"
261 * it contains details which are useful in certificate
262 * stores and databases. When used this is tagged onto
263 * the end of the certificate itself
264 */
265
266typedef struct x509_cert_aux_st
267 {
268 STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
269 STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
270 ASN1_UTF8STRING *alias; /* "friendly name" */
271 ASN1_OCTET_STRING *keyid; /* key id of private key */
272 STACK_OF(X509_ALGOR) *other; /* other unspecified info */
273 } X509_CERT_AUX;
274
275struct x509_st
276 {
277 X509_CINF *cert_info;
278 X509_ALGOR *sig_alg;
279 ASN1_BIT_STRING *signature;
280 int valid;
281 int references;
282 char *name;
283 CRYPTO_EX_DATA ex_data;
284 /* These contain copies of various extension values */
285 long ex_pathlen;
286 long ex_pcpathlen;
287 unsigned long ex_flags;
288 unsigned long ex_kusage;
289 unsigned long ex_xkusage;
290 unsigned long ex_nscert;
291 ASN1_OCTET_STRING *skid;
292 struct AUTHORITY_KEYID_st *akid;
293 X509_POLICY_CACHE *policy_cache;
294#ifndef OPENSSL_NO_RFC3779
295 STACK_OF(IPAddressFamily) *rfc3779_addr;
296 struct ASIdentifiers_st *rfc3779_asid;
297#endif
298#ifndef OPENSSL_NO_SHA
299 unsigned char sha1_hash[SHA_DIGEST_LENGTH];
300#endif
301 X509_CERT_AUX *aux;
302 } /* X509 */;
303
304DECLARE_STACK_OF(X509)
305DECLARE_ASN1_SET_OF(X509)
306
307/* This is used for a table of trust checking functions */
308
309typedef struct x509_trust_st {
310 int trust;
311 int flags;
312 int (*check_trust)(struct x509_trust_st *, X509 *, int);
313 char *name;
314 int arg1;
315 void *arg2;
316} X509_TRUST;
317
318DECLARE_STACK_OF(X509_TRUST)
319
320typedef struct x509_cert_pair_st {
321 X509 *forward;
322 X509 *reverse;
323} X509_CERT_PAIR;
324
325/* standard trust ids */
326
327#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */
328
329#define X509_TRUST_COMPAT 1
330#define X509_TRUST_SSL_CLIENT 2
331#define X509_TRUST_SSL_SERVER 3
332#define X509_TRUST_EMAIL 4
333#define X509_TRUST_OBJECT_SIGN 5
334#define X509_TRUST_OCSP_SIGN 6
335#define X509_TRUST_OCSP_REQUEST 7
336
337/* Keep these up to date! */
338#define X509_TRUST_MIN 1
339#define X509_TRUST_MAX 7
340
341
342/* trust_flags values */
343#define X509_TRUST_DYNAMIC 1
344#define X509_TRUST_DYNAMIC_NAME 2
345
346/* check_trust return codes */
347
348#define X509_TRUST_TRUSTED 1
349#define X509_TRUST_REJECTED 2
350#define X509_TRUST_UNTRUSTED 3
351
352/* Flags for X509_print_ex() */
353
354#define X509_FLAG_COMPAT 0
355#define X509_FLAG_NO_HEADER 1L
356#define X509_FLAG_NO_VERSION (1L << 1)
357#define X509_FLAG_NO_SERIAL (1L << 2)
358#define X509_FLAG_NO_SIGNAME (1L << 3)
359#define X509_FLAG_NO_ISSUER (1L << 4)
360#define X509_FLAG_NO_VALIDITY (1L << 5)
361#define X509_FLAG_NO_SUBJECT (1L << 6)
362#define X509_FLAG_NO_PUBKEY (1L << 7)
363#define X509_FLAG_NO_EXTENSIONS (1L << 8)
364#define X509_FLAG_NO_SIGDUMP (1L << 9)
365#define X509_FLAG_NO_AUX (1L << 10)
366#define X509_FLAG_NO_ATTRIBUTES (1L << 11)
367
368/* Flags specific to X509_NAME_print_ex() */
369
370/* The field separator information */
371
372#define XN_FLAG_SEP_MASK (0xf << 16)
373
374#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */
375#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */
376#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */
377#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */
378#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */
379
380#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */
381
382/* How the field name is shown */
383
384#define XN_FLAG_FN_MASK (0x3 << 21)
385
386#define XN_FLAG_FN_SN 0 /* Object short name */
387#define XN_FLAG_FN_LN (1 << 21) /* Object long name */
388#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */
389#define XN_FLAG_FN_NONE (3 << 21) /* No field names */
390
391#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */
392
393/* This determines if we dump fields we don't recognise:
394 * RFC2253 requires this.
395 */
396
397#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
398
399#define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 characters */
400
401/* Complete set of RFC2253 flags */
402
403#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
404 XN_FLAG_SEP_COMMA_PLUS | \
405 XN_FLAG_DN_REV | \
406 XN_FLAG_FN_SN | \
407 XN_FLAG_DUMP_UNKNOWN_FIELDS)
408
409/* readable oneline form */
410
411#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
412 ASN1_STRFLGS_ESC_QUOTE | \
413 XN_FLAG_SEP_CPLUS_SPC | \
414 XN_FLAG_SPC_EQ | \
415 XN_FLAG_FN_SN)
416
417/* readable multiline form */
418
419#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
420 ASN1_STRFLGS_ESC_MSB | \
421 XN_FLAG_SEP_MULTILINE | \
422 XN_FLAG_SPC_EQ | \
423 XN_FLAG_FN_LN | \
424 XN_FLAG_FN_ALIGN)
425
426typedef struct X509_revoked_st
427 {
428 ASN1_INTEGER *serialNumber;
429 ASN1_TIME *revocationDate;
430 STACK_OF(X509_EXTENSION) /* optional */ *extensions;
431 int sequence; /* load sequence */
432 } X509_REVOKED;
433
434DECLARE_STACK_OF(X509_REVOKED)
435DECLARE_ASN1_SET_OF(X509_REVOKED)
436
437typedef struct X509_crl_info_st
438 {
439 ASN1_INTEGER *version;
440 X509_ALGOR *sig_alg;
441 X509_NAME *issuer;
442 ASN1_TIME *lastUpdate;
443 ASN1_TIME *nextUpdate;
444 STACK_OF(X509_REVOKED) *revoked;
445 STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
446 ASN1_ENCODING enc;
447 } X509_CRL_INFO;
448
449struct X509_crl_st
450 {
451 /* actual signature */
452 X509_CRL_INFO *crl;
453 X509_ALGOR *sig_alg;
454 ASN1_BIT_STRING *signature;
455 int references;
456 } /* X509_CRL */;
457
458DECLARE_STACK_OF(X509_CRL)
459DECLARE_ASN1_SET_OF(X509_CRL)
460
461typedef struct private_key_st
462 {
463 int version;
464 /* The PKCS#8 data types */
465 X509_ALGOR *enc_algor;
466 ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
467
468 /* When decrypted, the following will not be NULL */
469 EVP_PKEY *dec_pkey;
470
471 /* used to encrypt and decrypt */
472 int key_length;
473 char *key_data;
474 int key_free; /* true if we should auto free key_data */
475
476 /* expanded version of 'enc_algor' */
477 EVP_CIPHER_INFO cipher;
478
479 int references;
480 } X509_PKEY;
481
482#ifndef OPENSSL_NO_EVP
483typedef struct X509_info_st
484 {
485 X509 *x509;
486 X509_CRL *crl;
487 X509_PKEY *x_pkey;
488
489 EVP_CIPHER_INFO enc_cipher;
490 int enc_len;
491 char *enc_data;
492
493 int references;
494 } X509_INFO;
495
496DECLARE_STACK_OF(X509_INFO)
497#endif
498
499/* The next 2 structures and their 8 routines were sent to me by
500 * Pat Richard <patr@x509.com> and are used to manipulate
501 * Netscapes spki structures - useful if you are writing a CA web page
502 */
503typedef struct Netscape_spkac_st
504 {
505 X509_PUBKEY *pubkey;
506 ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
507 } NETSCAPE_SPKAC;
508
509typedef struct Netscape_spki_st
510 {
511 NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
512 X509_ALGOR *sig_algor;
513 ASN1_BIT_STRING *signature;
514 } NETSCAPE_SPKI;
515
516/* Netscape certificate sequence structure */
517typedef struct Netscape_certificate_sequence
518 {
519 ASN1_OBJECT *type;
520 STACK_OF(X509) *certs;
521 } NETSCAPE_CERT_SEQUENCE;
522
523/* Unused (and iv length is wrong)
524typedef struct CBCParameter_st
525 {
526 unsigned char iv[8];
527 } CBC_PARAM;
528*/
529
530/* Password based encryption structure */
531
532typedef struct PBEPARAM_st {
533ASN1_OCTET_STRING *salt;
534ASN1_INTEGER *iter;
535} PBEPARAM;
536
537/* Password based encryption V2 structures */
538
539typedef struct PBE2PARAM_st {
540X509_ALGOR *keyfunc;
541X509_ALGOR *encryption;
542} PBE2PARAM;
543
544typedef struct PBKDF2PARAM_st {
545ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */
546ASN1_INTEGER *iter;
547ASN1_INTEGER *keylength;
548X509_ALGOR *prf;
549} PBKDF2PARAM;
550
551
552/* PKCS#8 private key info structure */
553
554typedef struct pkcs8_priv_key_info_st
555 {
556 int broken; /* Flag for various broken formats */
557#define PKCS8_OK 0
558#define PKCS8_NO_OCTET 1
559#define PKCS8_EMBEDDED_PARAM 2
560#define PKCS8_NS_DB 3
561 ASN1_INTEGER *version;
562 X509_ALGOR *pkeyalg;
563 ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
564 STACK_OF(X509_ATTRIBUTE) *attributes;
565 } PKCS8_PRIV_KEY_INFO;
566
567#ifdef __cplusplus
568}
569#endif
570
571#include <openssl/x509_vfy.h>
572#include <openssl/pkcs7.h>
573
574#ifdef __cplusplus
575extern "C" {
576#endif
577
578#ifdef SSLEAY_MACROS
579#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
580 a->signature,(char *)a->cert_info,r)
581#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
582 a->sig_alg,a->signature,(char *)a->req_info,r)
583#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
584 a->sig_alg, a->signature,(char *)a->crl,r)
585
586#define X509_sign(x,pkey,md) \
587 ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
588 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
589#define X509_REQ_sign(x,pkey,md) \
590 ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
591 x->signature, (char *)x->req_info,pkey,md)
592#define X509_CRL_sign(x,pkey,md) \
593 ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
594 x->signature, (char *)x->crl,pkey,md)
595#define NETSCAPE_SPKI_sign(x,pkey,md) \
596 ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
597 x->signature, (char *)x->spkac,pkey,md)
598
599#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
600 (char *(*)())d2i_X509,(char *)x509)
601#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
602 (int (*)())i2d_X509_ATTRIBUTE, \
603 (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
604#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
605 (int (*)())i2d_X509_EXTENSION, \
606 (char *(*)())d2i_X509_EXTENSION,(char *)ex)
607#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
608 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
609#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
610#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
611 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
612#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
613
614#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
615 (char *(*)())d2i_X509_CRL,(char *)crl)
616#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
617 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
618 (unsigned char **)(crl))
619#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
620 (unsigned char *)crl)
621#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
622 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
623 (unsigned char **)(crl))
624#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
625 (unsigned char *)crl)
626
627#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
628 (char *(*)())d2i_PKCS7,(char *)p7)
629#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
630 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
631 (unsigned char **)(p7))
632#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
633 (unsigned char *)p7)
634#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
635 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
636 (unsigned char **)(p7))
637#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
638 (unsigned char *)p7)
639
640#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
641 (char *(*)())d2i_X509_REQ,(char *)req)
642#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
643 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
644 (unsigned char **)(req))
645#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
646 (unsigned char *)req)
647#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
648 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
649 (unsigned char **)(req))
650#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
651 (unsigned char *)req)
652
653#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
654 (char *(*)())d2i_RSAPublicKey,(char *)rsa)
655#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
656 (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
657
658#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
659 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
660 (unsigned char **)(rsa))
661#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
662 (unsigned char *)rsa)
663#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
664 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
665 (unsigned char **)(rsa))
666#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
667 (unsigned char *)rsa)
668
669#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
670 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
671 (unsigned char **)(rsa))
672#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
673 (unsigned char *)rsa)
674#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
675 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
676 (unsigned char **)(rsa))
677#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
678 (unsigned char *)rsa)
679
680#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
681 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
682 (unsigned char **)(dsa))
683#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
684 (unsigned char *)dsa)
685#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
686 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
687 (unsigned char **)(dsa))
688#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
689 (unsigned char *)dsa)
690
691#define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\
692 EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \
693 (unsigned char **)(ecdsa))
694#define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \
695 (unsigned char *)ecdsa)
696#define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\
697 EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \
698 (unsigned char **)(ecdsa))
699#define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \
700 (unsigned char *)ecdsa)
701
702#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
703 (char *(*)())d2i_X509_ALGOR,(char *)xn)
704
705#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
706 (char *(*)())d2i_X509_NAME,(char *)xn)
707#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
708 (int (*)())i2d_X509_NAME_ENTRY, \
709 (char *(*)())d2i_X509_NAME_ENTRY,\
710 (char *)ne)
711
712#define X509_digest(data,type,md,len) \
713 ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
714#define X509_NAME_digest(data,type,md,len) \
715 ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
716#ifndef PKCS7_ISSUER_AND_SERIAL_digest
717#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
718 ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
719 (char *)data,md,len)
720#endif
721#endif
722
723#define X509_EXT_PACK_UNKNOWN 1
724#define X509_EXT_PACK_STRING 2
725
726#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
727/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
728#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
729#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
730#define X509_extract_key(x) X509_get_pubkey(x) /*****/
731#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
732#define X509_REQ_get_subject_name(x) ((x)->req_info->subject)
733#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
734#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
735#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
736
737#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
738#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
739#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
740#define X509_CRL_get_issuer(x) ((x)->crl->issuer)
741#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
742
743/* This one is only used so that a binary form can output, as in
744 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
745#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
746
747
748const char *X509_verify_cert_error_string(long n);
749
750#ifndef SSLEAY_MACROS
751#ifndef OPENSSL_NO_EVP
752int X509_verify(X509 *a, EVP_PKEY *r);
753
754int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
755int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
756int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
757
758NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
759char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
760EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
761int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
762
763int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
764
765int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
766
767int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
768int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
769int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
770int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
771
772int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
773 unsigned char *md, unsigned int *len);
774int X509_digest(const X509 *data,const EVP_MD *type,
775 unsigned char *md, unsigned int *len);
776int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
777 unsigned char *md, unsigned int *len);
778int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
779 unsigned char *md, unsigned int *len);
780int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
781 unsigned char *md, unsigned int *len);
782#endif
783
784#ifndef OPENSSL_NO_FP_API
785X509 *d2i_X509_fp(FILE *fp, X509 **x509);
786int i2d_X509_fp(FILE *fp,X509 *x509);
787X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
788int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
789X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
790int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
791#ifndef OPENSSL_NO_RSA
792RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
793int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
794RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
795int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
796RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
797int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
798#endif
799#ifndef OPENSSL_NO_DSA
800DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
801int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
802DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
803int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
804#endif
805#ifndef OPENSSL_NO_EC
806EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
807int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
808EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
809int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
810#endif
811X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
812int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
813PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
814 PKCS8_PRIV_KEY_INFO **p8inf);
815int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
816int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
817int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
818EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
819int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
820EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
821#endif
822
823#ifndef OPENSSL_NO_BIO
824X509 *d2i_X509_bio(BIO *bp,X509 **x509);
825int i2d_X509_bio(BIO *bp,X509 *x509);
826X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
827int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
828X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
829int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
830#ifndef OPENSSL_NO_RSA
831RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
832int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
833RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
834int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
835RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
836int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
837#endif
838#ifndef OPENSSL_NO_DSA
839DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
840int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
841DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
842int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
843#endif
844#ifndef OPENSSL_NO_EC
845EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
846int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
847EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
848int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
849#endif
850X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
851int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
852PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
853 PKCS8_PRIV_KEY_INFO **p8inf);
854int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
855int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
856int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
857EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
858int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
859EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
860#endif
861
862X509 *X509_dup(X509 *x509);
863X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
864X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
865X509_CRL *X509_CRL_dup(X509_CRL *crl);
866X509_REQ *X509_REQ_dup(X509_REQ *req);
867X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
868int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
869void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
870 X509_ALGOR *algor);
871
872X509_NAME *X509_NAME_dup(X509_NAME *xn);
873X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
874
875#endif /* !SSLEAY_MACROS */
876
877int X509_cmp_time(ASN1_TIME *s, time_t *t);
878int X509_cmp_current_time(ASN1_TIME *s);
879ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
880ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj);
881
882const char * X509_get_default_cert_area(void );
883const char * X509_get_default_cert_dir(void );
884const char * X509_get_default_cert_file(void );
885const char * X509_get_default_cert_dir_env(void );
886const char * X509_get_default_cert_file_env(void );
887const char * X509_get_default_private_dir(void );
888
889X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
890X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
891
892DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
893DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
894DECLARE_ASN1_FUNCTIONS(X509_VAL)
895
896DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
897
898int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
899EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
900int X509_get_pubkey_parameters(EVP_PKEY *pkey,
901 STACK_OF(X509) *chain);
902int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
903EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp,
904 long length);
905#ifndef OPENSSL_NO_RSA
906int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
907RSA * d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp,
908 long length);
909#endif
910#ifndef OPENSSL_NO_DSA
911int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
912DSA * d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp,
913 long length);
914#endif
915#ifndef OPENSSL_NO_EC
916int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
917EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp,
918 long length);
919#endif
920
921DECLARE_ASN1_FUNCTIONS(X509_SIG)
922DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
923DECLARE_ASN1_FUNCTIONS(X509_REQ)
924
925DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
926X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
927
928DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
929DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
930
931DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
932
933DECLARE_ASN1_FUNCTIONS(X509_NAME)
934
935int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
936
937DECLARE_ASN1_FUNCTIONS(X509_CINF)
938
939DECLARE_ASN1_FUNCTIONS(X509)
940DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
941
942DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)
943
944int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
945 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
946int X509_set_ex_data(X509 *r, int idx, void *arg);
947void *X509_get_ex_data(X509 *r, int idx);
948int i2d_X509_AUX(X509 *a,unsigned char **pp);
949X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
950
951int X509_alias_set1(X509 *x, unsigned char *name, int len);
952int X509_keyid_set1(X509 *x, unsigned char *id, int len);
953unsigned char * X509_alias_get0(X509 *x, int *len);
954unsigned char * X509_keyid_get0(X509 *x, int *len);
955int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
956int X509_TRUST_set(int *t, int trust);
957int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
958int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
959void X509_trust_clear(X509 *x);
960void X509_reject_clear(X509 *x);
961
962DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
963DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
964DECLARE_ASN1_FUNCTIONS(X509_CRL)
965
966int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
967
968X509_PKEY * X509_PKEY_new(void );
969void X509_PKEY_free(X509_PKEY *a);
970int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
971X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length);
972
973DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
974DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
975DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
976
977#ifndef OPENSSL_NO_EVP
978X509_INFO * X509_INFO_new(void);
979void X509_INFO_free(X509_INFO *a);
980char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
981
982int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
983 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
984
985int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data,
986 unsigned char *md,unsigned int *len);
987
988int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
989 X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
990 char *data,EVP_PKEY *pkey, const EVP_MD *type);
991
992int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
993 unsigned char *md,unsigned int *len);
994
995int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
996 ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);
997
998int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
999 ASN1_BIT_STRING *signature,
1000 void *data, EVP_PKEY *pkey, const EVP_MD *type);
1001#endif
1002
1003int X509_set_version(X509 *x,long version);
1004int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
1005ASN1_INTEGER * X509_get_serialNumber(X509 *x);
1006int X509_set_issuer_name(X509 *x, X509_NAME *name);
1007X509_NAME * X509_get_issuer_name(X509 *a);
1008int X509_set_subject_name(X509 *x, X509_NAME *name);
1009X509_NAME * X509_get_subject_name(X509 *a);
1010int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
1011int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
1012int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
1013EVP_PKEY * X509_get_pubkey(X509 *x);
1014ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
1015int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
1016
1017int X509_REQ_set_version(X509_REQ *x,long version);
1018int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
1019int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
1020EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
1021int X509_REQ_extension_nid(int nid);
1022int * X509_REQ_get_extension_nids(void);
1023void X509_REQ_set_extension_nids(int *nids);
1024STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
1025int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
1026 int nid);
1027int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
1028int X509_REQ_get_attr_count(const X509_REQ *req);
1029int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
1030 int lastpos);
1031int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
1032 int lastpos);
1033X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
1034X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
1035int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
1036int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
1037 const ASN1_OBJECT *obj, int type,
1038 const unsigned char *bytes, int len);
1039int X509_REQ_add1_attr_by_NID(X509_REQ *req,
1040 int nid, int type,
1041 const unsigned char *bytes, int len);
1042int X509_REQ_add1_attr_by_txt(X509_REQ *req,
1043 const char *attrname, int type,
1044 const unsigned char *bytes, int len);
1045
1046int X509_CRL_set_version(X509_CRL *x, long version);
1047int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
1048int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
1049int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
1050int X509_CRL_sort(X509_CRL *crl);
1051
1052int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
1053int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
1054
1055int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);
1056
1057int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
1058
1059int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
1060unsigned long X509_issuer_and_serial_hash(X509 *a);
1061
1062int X509_issuer_name_cmp(const X509 *a, const X509 *b);
1063unsigned long X509_issuer_name_hash(X509 *a);
1064
1065int X509_subject_name_cmp(const X509 *a, const X509 *b);
1066unsigned long X509_subject_name_hash(X509 *x);
1067
1068int X509_cmp(const X509 *a, const X509 *b);
1069int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
1070unsigned long X509_NAME_hash(X509_NAME *x);
1071
1072int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
1073#ifndef OPENSSL_NO_FP_API
1074int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
1075int X509_print_fp(FILE *bp,X509 *x);
1076int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
1077int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
1078int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
1079#endif
1080
1081#ifndef OPENSSL_NO_BIO
1082int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
1083int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
1084int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
1085int X509_print(BIO *bp,X509 *x);
1086int X509_ocspid_print(BIO *bp,X509 *x);
1087int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
1088int X509_CRL_print(BIO *bp,X509_CRL *x);
1089int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
1090int X509_REQ_print(BIO *bp,X509_REQ *req);
1091#endif
1092
1093int X509_NAME_entry_count(X509_NAME *name);
1094int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
1095 char *buf,int len);
1096int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
1097 char *buf,int len);
1098
1099/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
1100 * lastpos, search after that position on. */
1101int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
1102int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
1103 int lastpos);
1104X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
1105X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
1106int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
1107 int loc, int set);
1108int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
1109 unsigned char *bytes, int len, int loc, int set);
1110int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
1111 unsigned char *bytes, int len, int loc, int set);
1112X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
1113 const char *field, int type, const unsigned char *bytes, int len);
1114X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
1115 int type,unsigned char *bytes, int len);
1116int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
1117 const unsigned char *bytes, int len, int loc, int set);
1118X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
1119 ASN1_OBJECT *obj, int type,const unsigned char *bytes,
1120 int len);
1121int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
1122 ASN1_OBJECT *obj);
1123int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
1124 const unsigned char *bytes, int len);
1125ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
1126ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
1127
1128int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
1129int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
1130 int nid, int lastpos);
1131int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
1132 ASN1_OBJECT *obj,int lastpos);
1133int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
1134 int crit, int lastpos);
1135X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
1136X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
1137STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
1138 X509_EXTENSION *ex, int loc);
1139
1140int X509_get_ext_count(X509 *x);
1141int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
1142int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
1143int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
1144X509_EXTENSION *X509_get_ext(X509 *x, int loc);
1145X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
1146int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
1147void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
1148int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
1149 unsigned long flags);
1150
1151int X509_CRL_get_ext_count(X509_CRL *x);
1152int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
1153int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
1154int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
1155X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
1156X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
1157int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
1158void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
1159int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
1160 unsigned long flags);
1161
1162int X509_REVOKED_get_ext_count(X509_REVOKED *x);
1163int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
1164int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
1165int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
1166X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
1167X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
1168int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
1169void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
1170int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
1171 unsigned long flags);
1172
1173X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
1174 int nid, int crit, ASN1_OCTET_STRING *data);
1175X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
1176 ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
1177int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
1178int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
1179int X509_EXTENSION_set_data(X509_EXTENSION *ex,
1180 ASN1_OCTET_STRING *data);
1181ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
1182ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
1183int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
1184
1185int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
1186int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
1187 int lastpos);
1188int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
1189 int lastpos);
1190X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
1191X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
1192STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
1193 X509_ATTRIBUTE *attr);
1194STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
1195 const ASN1_OBJECT *obj, int type,
1196 const unsigned char *bytes, int len);
1197STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
1198 int nid, int type,
1199 const unsigned char *bytes, int len);
1200STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
1201 const char *attrname, int type,
1202 const unsigned char *bytes, int len);
1203void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
1204 ASN1_OBJECT *obj, int lastpos, int type);
1205X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
1206 int atrtype, const void *data, int len);
1207X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
1208 const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
1209X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
1210 const char *atrname, int type, const unsigned char *bytes, int len);
1211int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
1212int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
1213void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
1214 int atrtype, void *data);
1215int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
1216ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
1217ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
1218
1219int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
1220int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
1221 int lastpos);
1222int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
1223 int lastpos);
1224X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
1225X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
1226int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
1227int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
1228 const ASN1_OBJECT *obj, int type,
1229 const unsigned char *bytes, int len);
1230int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
1231 int nid, int type,
1232 const unsigned char *bytes, int len);
1233int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
1234 const char *attrname, int type,
1235 const unsigned char *bytes, int len);
1236
1237int X509_verify_cert(X509_STORE_CTX *ctx);
1238
1239/* lookup a cert from a X509 STACK */
1240X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
1241 ASN1_INTEGER *serial);
1242X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
1243
1244DECLARE_ASN1_FUNCTIONS(PBEPARAM)
1245DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
1246DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
1247
1248X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
1249X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
1250 unsigned char *salt, int saltlen);
1251
1252/* PKCS#8 utilities */
1253
1254DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
1255
1256EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
1257PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
1258PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
1259PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
1260
1261int X509_check_trust(X509 *x, int id, int flags);
1262int X509_TRUST_get_count(void);
1263X509_TRUST * X509_TRUST_get0(int idx);
1264int X509_TRUST_get_by_id(int id);
1265int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
1266 char *name, int arg1, void *arg2);
1267void X509_TRUST_cleanup(void);
1268int X509_TRUST_get_flags(X509_TRUST *xp);
1269char *X509_TRUST_get0_name(X509_TRUST *xp);
1270int X509_TRUST_get_trust(X509_TRUST *xp);
1271
1272/* BEGIN ERROR CODES */
1273/* The following lines are auto generated by the script mkerr.pl. Any changes
1274 * made after this point may be overwritten when the script is next run.
1275 */
1276void ERR_load_X509_strings(void);
1277
1278/* Error codes for the X509 functions. */
1279
1280/* Function codes. */
1281#define X509_F_ADD_CERT_DIR 100
1282#define X509_F_BY_FILE_CTRL 101
1283#define X509_F_CHECK_POLICY 145
1284#define X509_F_DIR_CTRL 102
1285#define X509_F_GET_CERT_BY_SUBJECT 103
1286#define X509_F_NETSCAPE_SPKI_B64_DECODE 129
1287#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130
1288#define X509_F_X509AT_ADD1_ATTR 135
1289#define X509_F_X509V3_ADD_EXT 104
1290#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136
1291#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137
1292#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140
1293#define X509_F_X509_ATTRIBUTE_GET0_DATA 139
1294#define X509_F_X509_ATTRIBUTE_SET1_DATA 138
1295#define X509_F_X509_CHECK_PRIVATE_KEY 128
1296#define X509_F_X509_CRL_PRINT_FP 147
1297#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
1298#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
1299#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
1300#define X509_F_X509_LOAD_CERT_CRL_FILE 132
1301#define X509_F_X509_LOAD_CERT_FILE 111
1302#define X509_F_X509_LOAD_CRL_FILE 112
1303#define X509_F_X509_NAME_ADD_ENTRY 113
1304#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
1305#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131
1306#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
1307#define X509_F_X509_NAME_ONELINE 116
1308#define X509_F_X509_NAME_PRINT 117
1309#define X509_F_X509_PRINT_EX_FP 118
1310#define X509_F_X509_PUBKEY_GET 119
1311#define X509_F_X509_PUBKEY_SET 120
1312#define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144
1313#define X509_F_X509_REQ_PRINT_EX 121
1314#define X509_F_X509_REQ_PRINT_FP 122
1315#define X509_F_X509_REQ_TO_X509 123
1316#define X509_F_X509_STORE_ADD_CERT 124
1317#define X509_F_X509_STORE_ADD_CRL 125
1318#define X509_F_X509_STORE_CTX_GET1_ISSUER 146
1319#define X509_F_X509_STORE_CTX_INIT 143
1320#define X509_F_X509_STORE_CTX_NEW 142
1321#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
1322#define X509_F_X509_TO_X509_REQ 126
1323#define X509_F_X509_TRUST_ADD 133
1324#define X509_F_X509_TRUST_SET 141
1325#define X509_F_X509_VERIFY_CERT 127
1326
1327/* Reason codes. */
1328#define X509_R_BAD_X509_FILETYPE 100
1329#define X509_R_BASE64_DECODE_ERROR 118
1330#define X509_R_CANT_CHECK_DH_KEY 114
1331#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
1332#define X509_R_ERR_ASN1_LIB 102
1333#define X509_R_INVALID_DIRECTORY 113
1334#define X509_R_INVALID_FIELD_NAME 119
1335#define X509_R_INVALID_TRUST 123
1336#define X509_R_KEY_TYPE_MISMATCH 115
1337#define X509_R_KEY_VALUES_MISMATCH 116
1338#define X509_R_LOADING_CERT_DIR 103
1339#define X509_R_LOADING_DEFAULTS 104
1340#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
1341#define X509_R_SHOULD_RETRY 106
1342#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
1343#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
1344#define X509_R_UNKNOWN_KEY_TYPE 117
1345#define X509_R_UNKNOWN_NID 109
1346#define X509_R_UNKNOWN_PURPOSE_ID 121
1347#define X509_R_UNKNOWN_TRUST_ID 120
1348#define X509_R_UNSUPPORTED_ALGORITHM 111
1349#define X509_R_WRONG_LOOKUP_TYPE 112
1350#define X509_R_WRONG_TYPE 122
1351
1352#ifdef __cplusplus
1353}
1354#endif
1355#endif
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
deleted file mode 100644
index 98460e8921..0000000000
--- a/src/lib/libcrypto/x509/x509_att.c
+++ /dev/null
@@ -1,359 +0,0 @@
1/* crypto/x509/x509_att.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
69{
70 return sk_X509_ATTRIBUTE_num(x);
71}
72
73int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
74 int lastpos)
75{
76 ASN1_OBJECT *obj;
77
78 obj=OBJ_nid2obj(nid);
79 if (obj == NULL) return(-2);
80 return(X509at_get_attr_by_OBJ(x,obj,lastpos));
81}
82
83int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
84 int lastpos)
85{
86 int n;
87 X509_ATTRIBUTE *ex;
88
89 if (sk == NULL) return(-1);
90 lastpos++;
91 if (lastpos < 0)
92 lastpos=0;
93 n=sk_X509_ATTRIBUTE_num(sk);
94 for ( ; lastpos < n; lastpos++)
95 {
96 ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
97 if (OBJ_cmp(ex->object,obj) == 0)
98 return(lastpos);
99 }
100 return(-1);
101}
102
103X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
104{
105 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
106 return NULL;
107 else
108 return sk_X509_ATTRIBUTE_value(x,loc);
109}
110
111X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
112{
113 X509_ATTRIBUTE *ret;
114
115 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
116 return(NULL);
117 ret=sk_X509_ATTRIBUTE_delete(x,loc);
118 return(ret);
119}
120
121STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
122 X509_ATTRIBUTE *attr)
123{
124 X509_ATTRIBUTE *new_attr=NULL;
125 STACK_OF(X509_ATTRIBUTE) *sk=NULL;
126
127 if (x == NULL)
128 {
129 X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
130 goto err2;
131 }
132
133 if (*x == NULL)
134 {
135 if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
136 goto err;
137 }
138 else
139 sk= *x;
140
141 if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
142 goto err2;
143 if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
144 goto err;
145 if (*x == NULL)
146 *x=sk;
147 return(sk);
148err:
149 X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE);
150err2:
151 if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
152 if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
153 return(NULL);
154}
155
156STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
157 const ASN1_OBJECT *obj, int type,
158 const unsigned char *bytes, int len)
159{
160 X509_ATTRIBUTE *attr;
161 STACK_OF(X509_ATTRIBUTE) *ret;
162 attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
163 if(!attr) return 0;
164 ret = X509at_add1_attr(x, attr);
165 X509_ATTRIBUTE_free(attr);
166 return ret;
167}
168
169STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
170 int nid, int type,
171 const unsigned char *bytes, int len)
172{
173 X509_ATTRIBUTE *attr;
174 STACK_OF(X509_ATTRIBUTE) *ret;
175 attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
176 if(!attr) return 0;
177 ret = X509at_add1_attr(x, attr);
178 X509_ATTRIBUTE_free(attr);
179 return ret;
180}
181
182STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
183 const char *attrname, int type,
184 const unsigned char *bytes, int len)
185{
186 X509_ATTRIBUTE *attr;
187 STACK_OF(X509_ATTRIBUTE) *ret;
188 attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
189 if(!attr) return 0;
190 ret = X509at_add1_attr(x, attr);
191 X509_ATTRIBUTE_free(attr);
192 return ret;
193}
194
195void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
196 ASN1_OBJECT *obj, int lastpos, int type)
197{
198 int i;
199 X509_ATTRIBUTE *at;
200 i = X509at_get_attr_by_OBJ(x, obj, lastpos);
201 if (i == -1)
202 return NULL;
203 if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
204 return NULL;
205 at = X509at_get_attr(x, i);
206 if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
207 return NULL;
208 return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
209}
210
211X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
212 int atrtype, const void *data, int len)
213{
214 ASN1_OBJECT *obj;
215 X509_ATTRIBUTE *ret;
216
217 obj=OBJ_nid2obj(nid);
218 if (obj == NULL)
219 {
220 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
221 return(NULL);
222 }
223 ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
224 if (ret == NULL) ASN1_OBJECT_free(obj);
225 return(ret);
226}
227
228X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
229 const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
230{
231 X509_ATTRIBUTE *ret;
232
233 if ((attr == NULL) || (*attr == NULL))
234 {
235 if ((ret=X509_ATTRIBUTE_new()) == NULL)
236 {
237 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
238 return(NULL);
239 }
240 }
241 else
242 ret= *attr;
243
244 if (!X509_ATTRIBUTE_set1_object(ret,obj))
245 goto err;
246 if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
247 goto err;
248
249 if ((attr != NULL) && (*attr == NULL)) *attr=ret;
250 return(ret);
251err:
252 if ((attr == NULL) || (ret != *attr))
253 X509_ATTRIBUTE_free(ret);
254 return(NULL);
255}
256
257X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
258 const char *atrname, int type, const unsigned char *bytes, int len)
259 {
260 ASN1_OBJECT *obj;
261 X509_ATTRIBUTE *nattr;
262
263 obj=OBJ_txt2obj(atrname, 0);
264 if (obj == NULL)
265 {
266 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
267 X509_R_INVALID_FIELD_NAME);
268 ERR_add_error_data(2, "name=", atrname);
269 return(NULL);
270 }
271 nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
272 ASN1_OBJECT_free(obj);
273 return nattr;
274 }
275
276int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
277{
278 if ((attr == NULL) || (obj == NULL))
279 return(0);
280 ASN1_OBJECT_free(attr->object);
281 attr->object=OBJ_dup(obj);
282 return(1);
283}
284
285int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
286{
287 ASN1_TYPE *ttmp;
288 ASN1_STRING *stmp = NULL;
289 int atype = 0;
290 if (!attr) return 0;
291 if(attrtype & MBSTRING_FLAG) {
292 stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
293 OBJ_obj2nid(attr->object));
294 if(!stmp) {
295 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
296 return 0;
297 }
298 atype = stmp->type;
299 } else if (len != -1){
300 if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
301 if(!ASN1_STRING_set(stmp, data, len)) goto err;
302 atype = attrtype;
303 }
304 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
305 attr->single = 0;
306 /* This is a bit naughty because the attribute should really have
307 * at least one value but some types use and zero length SET and
308 * require this.
309 */
310 if (attrtype == 0)
311 return 1;
312 if(!(ttmp = ASN1_TYPE_new())) goto err;
313 if ((len == -1) && !(attrtype & MBSTRING_FLAG))
314 {
315 if (!ASN1_TYPE_set1(ttmp, attrtype, data))
316 goto err;
317 }
318 else
319 ASN1_TYPE_set(ttmp, atype, stmp);
320 if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
321 return 1;
322 err:
323 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
324 return 0;
325}
326
327int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
328{
329 if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
330 if(attr->value.single) return 1;
331 return 0;
332}
333
334ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
335{
336 if (attr == NULL) return(NULL);
337 return(attr->object);
338}
339
340void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
341 int atrtype, void *data)
342{
343 ASN1_TYPE *ttmp;
344 ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
345 if(!ttmp) return NULL;
346 if(atrtype != ASN1_TYPE_get(ttmp)){
347 X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
348 return NULL;
349 }
350 return ttmp->value.ptr;
351}
352
353ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
354{
355 if (attr == NULL) return(NULL);
356 if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
357 if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
358 else return attr->value.single;
359}
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
deleted file mode 100644
index 2faf92514a..0000000000
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ /dev/null
@@ -1,432 +0,0 @@
1/* crypto/x509/x509_cmp.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <ctype.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/x509.h>
65#include <openssl/x509v3.h>
66
67int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
68 {
69 int i;
70 X509_CINF *ai,*bi;
71
72 ai=a->cert_info;
73 bi=b->cert_info;
74 i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
75 if (i) return(i);
76 return(X509_NAME_cmp(ai->issuer,bi->issuer));
77 }
78
79#ifndef OPENSSL_NO_MD5
80unsigned long X509_issuer_and_serial_hash(X509 *a)
81 {
82 unsigned long ret=0;
83 EVP_MD_CTX ctx;
84 unsigned char md[16];
85 char *f;
86
87 EVP_MD_CTX_init(&ctx);
88 f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
89 ret=strlen(f);
90 EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
91 EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
92 OPENSSL_free(f);
93 EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
94 (unsigned long)a->cert_info->serialNumber->length);
95 EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
96 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
97 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
98 )&0xffffffffL;
99 EVP_MD_CTX_cleanup(&ctx);
100 return(ret);
101 }
102#endif
103
104int X509_issuer_name_cmp(const X509 *a, const X509 *b)
105 {
106 return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
107 }
108
109int X509_subject_name_cmp(const X509 *a, const X509 *b)
110 {
111 return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
112 }
113
114int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
115 {
116 return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
117 }
118
119X509_NAME *X509_get_issuer_name(X509 *a)
120 {
121 return(a->cert_info->issuer);
122 }
123
124unsigned long X509_issuer_name_hash(X509 *x)
125 {
126 return(X509_NAME_hash(x->cert_info->issuer));
127 }
128
129X509_NAME *X509_get_subject_name(X509 *a)
130 {
131 return(a->cert_info->subject);
132 }
133
134ASN1_INTEGER *X509_get_serialNumber(X509 *a)
135 {
136 return(a->cert_info->serialNumber);
137 }
138
139unsigned long X509_subject_name_hash(X509 *x)
140 {
141 return(X509_NAME_hash(x->cert_info->subject));
142 }
143
144#ifndef OPENSSL_NO_SHA
145/* Compare two certificates: they must be identical for
146 * this to work. NB: Although "cmp" operations are generally
147 * prototyped to take "const" arguments (eg. for use in
148 * STACKs), the way X509 handling is - these operations may
149 * involve ensuring the hashes are up-to-date and ensuring
150 * certain cert information is cached. So this is the point
151 * where the "depth-first" constification tree has to halt
152 * with an evil cast.
153 */
154int X509_cmp(const X509 *a, const X509 *b)
155{
156 /* ensure hash is valid */
157 X509_check_purpose((X509 *)a, -1, 0);
158 X509_check_purpose((X509 *)b, -1, 0);
159
160 return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
161}
162#endif
163
164
165/* Case insensitive string comparision */
166static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
167{
168 int i;
169
170 if (a->length != b->length)
171 return (a->length - b->length);
172
173 for (i=0; i<a->length; i++)
174 {
175 int ca, cb;
176
177 ca = tolower(a->data[i]);
178 cb = tolower(b->data[i]);
179
180 if (ca != cb)
181 return(ca-cb);
182 }
183 return 0;
184}
185
186/* Case insensitive string comparision with space normalization
187 * Space normalization - ignore leading, trailing spaces,
188 * multiple spaces between characters are replaced by single space
189 */
190static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
191{
192 unsigned char *pa = NULL, *pb = NULL;
193 int la, lb;
194
195 la = a->length;
196 lb = b->length;
197 pa = a->data;
198 pb = b->data;
199
200 /* skip leading spaces */
201 while (la > 0 && isspace(*pa))
202 {
203 la--;
204 pa++;
205 }
206 while (lb > 0 && isspace(*pb))
207 {
208 lb--;
209 pb++;
210 }
211
212 /* skip trailing spaces */
213 while (la > 0 && isspace(pa[la-1]))
214 la--;
215 while (lb > 0 && isspace(pb[lb-1]))
216 lb--;
217
218 /* compare strings with space normalization */
219 while (la > 0 && lb > 0)
220 {
221 int ca, cb;
222
223 /* compare character */
224 ca = tolower(*pa);
225 cb = tolower(*pb);
226 if (ca != cb)
227 return (ca - cb);
228
229 pa++; pb++;
230 la--; lb--;
231
232 if (la <= 0 || lb <= 0)
233 break;
234
235 /* is white space next character ? */
236 if (isspace(*pa) && isspace(*pb))
237 {
238 /* skip remaining white spaces */
239 while (la > 0 && isspace(*pa))
240 {
241 la--;
242 pa++;
243 }
244 while (lb > 0 && isspace(*pb))
245 {
246 lb--;
247 pb++;
248 }
249 }
250 }
251 if (la > 0 || lb > 0)
252 return la - lb;
253
254 return 0;
255}
256
257static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b)
258 {
259 int j;
260 j = a->length - b->length;
261 if (j)
262 return j;
263 return memcmp(a->data, b->data, a->length);
264 }
265
266#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING)
267
268int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
269 {
270 int i,j;
271 X509_NAME_ENTRY *na,*nb;
272
273 unsigned long nabit, nbbit;
274
275 j = sk_X509_NAME_ENTRY_num(a->entries)
276 - sk_X509_NAME_ENTRY_num(b->entries);
277 if (j)
278 return j;
279 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
280 {
281 na=sk_X509_NAME_ENTRY_value(a->entries,i);
282 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
283 j=na->value->type-nb->value->type;
284 if (j)
285 {
286 nabit = ASN1_tag2bit(na->value->type);
287 nbbit = ASN1_tag2bit(nb->value->type);
288 if (!(nabit & STR_TYPE_CMP) ||
289 !(nbbit & STR_TYPE_CMP))
290 return j;
291 if (!asn1_string_memcmp(na->value, nb->value))
292 j = 0;
293 }
294 else if (na->value->type == V_ASN1_PRINTABLESTRING)
295 j=nocase_spacenorm_cmp(na->value, nb->value);
296 else if (na->value->type == V_ASN1_IA5STRING
297 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
298 j=nocase_cmp(na->value, nb->value);
299 else
300 j = asn1_string_memcmp(na->value, nb->value);
301 if (j) return(j);
302 j=na->set-nb->set;
303 if (j) return(j);
304 }
305
306 /* We will check the object types after checking the values
307 * since the values will more often be different than the object
308 * types. */
309 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
310 {
311 na=sk_X509_NAME_ENTRY_value(a->entries,i);
312 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
313 j=OBJ_cmp(na->object,nb->object);
314 if (j) return(j);
315 }
316 return(0);
317 }
318
319#ifndef OPENSSL_NO_MD5
320/* I now DER encode the name and hash it. Since I cache the DER encoding,
321 * this is reasonably efficient. */
322unsigned long X509_NAME_hash(X509_NAME *x)
323 {
324 unsigned long ret=0;
325 unsigned char md[16];
326 EVP_MD_CTX md_ctx;
327
328 /* Make sure X509_NAME structure contains valid cached encoding */
329 i2d_X509_NAME(x,NULL);
330 EVP_MD_CTX_init(&md_ctx);
331 EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
332 EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
333 EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
334 EVP_DigestFinal_ex(&md_ctx,md,NULL);
335 EVP_MD_CTX_cleanup(&md_ctx);
336
337 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
338 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
339 )&0xffffffffL;
340 return(ret);
341 }
342#endif
343
344/* Search a stack of X509 for a match */
345X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
346 ASN1_INTEGER *serial)
347 {
348 int i;
349 X509_CINF cinf;
350 X509 x,*x509=NULL;
351
352 if(!sk) return NULL;
353
354 x.cert_info= &cinf;
355 cinf.serialNumber=serial;
356 cinf.issuer=name;
357
358 for (i=0; i<sk_X509_num(sk); i++)
359 {
360 x509=sk_X509_value(sk,i);
361 if (X509_issuer_and_serial_cmp(x509,&x) == 0)
362 return(x509);
363 }
364 return(NULL);
365 }
366
367X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
368 {
369 X509 *x509;
370 int i;
371
372 for (i=0; i<sk_X509_num(sk); i++)
373 {
374 x509=sk_X509_value(sk,i);
375 if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
376 return(x509);
377 }
378 return(NULL);
379 }
380
381EVP_PKEY *X509_get_pubkey(X509 *x)
382 {
383 if ((x == NULL) || (x->cert_info == NULL))
384 return(NULL);
385 return(X509_PUBKEY_get(x->cert_info->key));
386 }
387
388ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
389 {
390 if(!x) return NULL;
391 return x->cert_info->key->public_key;
392 }
393
394int X509_check_private_key(X509 *x, EVP_PKEY *k)
395 {
396 EVP_PKEY *xk=NULL;
397 int ok=0;
398
399 xk=X509_get_pubkey(x);
400 switch (EVP_PKEY_cmp(xk, k))
401 {
402 case 1:
403 ok=1;
404 break;
405 case 0:
406 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
407 break;
408 case -1:
409 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
410 break;
411 case -2:
412#ifndef OPENSSL_NO_EC
413 if (k->type == EVP_PKEY_EC)
414 {
415 X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
416 break;
417 }
418#endif
419#ifndef OPENSSL_NO_DH
420 if (k->type == EVP_PKEY_DH)
421 {
422 /* No idea */
423 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
424 break;
425 }
426#endif
427 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
428 }
429
430 EVP_PKEY_free(xk);
431 return(ok);
432 }
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
deleted file mode 100644
index 51410cfd1a..0000000000
--- a/src/lib/libcrypto/x509/x509_d2.c
+++ /dev/null
@@ -1,107 +0,0 @@
1/* crypto/x509/x509_d2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/crypto.h>
62#include <openssl/x509.h>
63
64#ifndef OPENSSL_NO_STDIO
65int X509_STORE_set_default_paths(X509_STORE *ctx)
66 {
67 X509_LOOKUP *lookup;
68
69 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
70 if (lookup == NULL) return(0);
71 X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
72
73 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
74 if (lookup == NULL) return(0);
75 X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
76
77 /* clear any errors */
78 ERR_clear_error();
79
80 return(1);
81 }
82
83int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
84 const char *path)
85 {
86 X509_LOOKUP *lookup;
87
88 if (file != NULL)
89 {
90 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
91 if (lookup == NULL) return(0);
92 if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
93 return(0);
94 }
95 if (path != NULL)
96 {
97 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
98 if (lookup == NULL) return(0);
99 if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
100 return(0);
101 }
102 if ((path == NULL) && (file == NULL))
103 return(0);
104 return(1);
105 }
106
107#endif
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
deleted file mode 100644
index e0ac151a76..0000000000
--- a/src/lib/libcrypto/x509/x509_def.c
+++ /dev/null
@@ -1,81 +0,0 @@
1/* crypto/x509/x509_def.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/crypto.h>
62#include <openssl/x509.h>
63
64const char *X509_get_default_private_dir(void)
65 { return(X509_PRIVATE_DIR); }
66
67const char *X509_get_default_cert_area(void)
68 { return(X509_CERT_AREA); }
69
70const char *X509_get_default_cert_dir(void)
71 { return(X509_CERT_DIR); }
72
73const char *X509_get_default_cert_file(void)
74 { return(X509_CERT_FILE); }
75
76const char *X509_get_default_cert_dir_env(void)
77 { return(X509_CERT_DIR_EVP); }
78
79const char *X509_get_default_cert_file_env(void)
80 { return(X509_CERT_FILE_EVP); }
81
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
deleted file mode 100644
index fb377292da..0000000000
--- a/src/lib/libcrypto/x509/x509_err.c
+++ /dev/null
@@ -1,161 +0,0 @@
1/* crypto/x509/x509_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/x509.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
70
71static ERR_STRING_DATA X509_str_functs[]=
72 {
73{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
74{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
75{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
76{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
77{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
78{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
79{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
80{ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
81{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
82{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
83{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
84{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
85{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
86{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
87{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
88{ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
89{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
90{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
91{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"},
92{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
93{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
94{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
95{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
96{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"},
97{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"},
98{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"},
99{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
100{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
101{ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
102{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
103{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
104{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"},
105{ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
106{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
107{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
108{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
109{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
110{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"},
111{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
112{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
113{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"},
114{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
115{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
116{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
117{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
118{0,NULL}
119 };
120
121static ERR_STRING_DATA X509_str_reasons[]=
122 {
123{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"},
124{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"},
125{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"},
126{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"},
127{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"},
128{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"},
129{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"},
130{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"},
131{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"},
132{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"},
133{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"},
134{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"},
135{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
136{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"},
137{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
138{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
139{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"},
140{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"},
141{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"},
142{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"},
143{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"},
144{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"},
145{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"},
146{0,NULL}
147 };
148
149#endif
150
151void ERR_load_X509_strings(void)
152 {
153#ifndef OPENSSL_NO_ERR
154
155 if (ERR_func_error_string(X509_str_functs[0].error) == NULL)
156 {
157 ERR_load_strings(0,X509_str_functs);
158 ERR_load_strings(0,X509_str_reasons);
159 }
160#endif
161 }
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
deleted file mode 100644
index e7fdacb5e4..0000000000
--- a/src/lib/libcrypto/x509/x509_ext.c
+++ /dev/null
@@ -1,210 +0,0 @@
1/* crypto/x509/x509_ext.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68
69int X509_CRL_get_ext_count(X509_CRL *x)
70 {
71 return(X509v3_get_ext_count(x->crl->extensions));
72 }
73
74int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
75 {
76 return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
77 }
78
79int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
80 {
81 return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
82 }
83
84int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
85 {
86 return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
87 }
88
89X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
90 {
91 return(X509v3_get_ext(x->crl->extensions,loc));
92 }
93
94X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
95 {
96 return(X509v3_delete_ext(x->crl->extensions,loc));
97 }
98
99void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
100{
101 return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
102}
103
104int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
105 unsigned long flags)
106{
107 return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
108}
109
110int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
111 {
112 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
113 }
114
115int X509_get_ext_count(X509 *x)
116 {
117 return(X509v3_get_ext_count(x->cert_info->extensions));
118 }
119
120int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
121 {
122 return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
123 }
124
125int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
126 {
127 return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
128 }
129
130int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
131 {
132 return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
133 }
134
135X509_EXTENSION *X509_get_ext(X509 *x, int loc)
136 {
137 return(X509v3_get_ext(x->cert_info->extensions,loc));
138 }
139
140X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
141 {
142 return(X509v3_delete_ext(x->cert_info->extensions,loc));
143 }
144
145int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
146 {
147 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
148 }
149
150void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
151{
152 return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
153}
154
155int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
156 unsigned long flags)
157{
158 return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
159 flags);
160}
161
162int X509_REVOKED_get_ext_count(X509_REVOKED *x)
163 {
164 return(X509v3_get_ext_count(x->extensions));
165 }
166
167int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
168 {
169 return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
170 }
171
172int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
173 int lastpos)
174 {
175 return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
176 }
177
178int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
179 {
180 return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
181 }
182
183X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
184 {
185 return(X509v3_get_ext(x->extensions,loc));
186 }
187
188X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
189 {
190 return(X509v3_delete_ext(x->extensions,loc));
191 }
192
193int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
194 {
195 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
196 }
197
198void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
199{
200 return X509V3_get_d2i(x->extensions, nid, crit, idx);
201}
202
203int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
204 unsigned long flags)
205{
206 return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
207}
208
209IMPLEMENT_STACK_OF(X509_EXTENSION)
210IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
deleted file mode 100644
index cd2cfb6d85..0000000000
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ /dev/null
@@ -1,567 +0,0 @@
1/* crypto/x509/x509_lu.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/lhash.h>
62#include <openssl/x509.h>
63#include <openssl/x509v3.h>
64
65X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
66 {
67 X509_LOOKUP *ret;
68
69 ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
70 if (ret == NULL) return NULL;
71
72 ret->init=0;
73 ret->skip=0;
74 ret->method=method;
75 ret->method_data=NULL;
76 ret->store_ctx=NULL;
77 if ((method->new_item != NULL) && !method->new_item(ret))
78 {
79 OPENSSL_free(ret);
80 return NULL;
81 }
82 return ret;
83 }
84
85void X509_LOOKUP_free(X509_LOOKUP *ctx)
86 {
87 if (ctx == NULL) return;
88 if ( (ctx->method != NULL) &&
89 (ctx->method->free != NULL))
90 ctx->method->free(ctx);
91 OPENSSL_free(ctx);
92 }
93
94int X509_LOOKUP_init(X509_LOOKUP *ctx)
95 {
96 if (ctx->method == NULL) return 0;
97 if (ctx->method->init != NULL)
98 return ctx->method->init(ctx);
99 else
100 return 1;
101 }
102
103int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
104 {
105 if (ctx->method == NULL) return 0;
106 if (ctx->method->shutdown != NULL)
107 return ctx->method->shutdown(ctx);
108 else
109 return 1;
110 }
111
112int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
113 char **ret)
114 {
115 if (ctx->method == NULL) return -1;
116 if (ctx->method->ctrl != NULL)
117 return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
118 else
119 return 1;
120 }
121
122int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
123 X509_OBJECT *ret)
124 {
125 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
126 return X509_LU_FAIL;
127 if (ctx->skip) return 0;
128 return ctx->method->get_by_subject(ctx,type,name,ret);
129 }
130
131int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
132 ASN1_INTEGER *serial, X509_OBJECT *ret)
133 {
134 if ((ctx->method == NULL) ||
135 (ctx->method->get_by_issuer_serial == NULL))
136 return X509_LU_FAIL;
137 return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
138 }
139
140int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
141 unsigned char *bytes, int len, X509_OBJECT *ret)
142 {
143 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
144 return X509_LU_FAIL;
145 return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
146 }
147
148int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
149 X509_OBJECT *ret)
150 {
151 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
152 return X509_LU_FAIL;
153 return ctx->method->get_by_alias(ctx,type,str,len,ret);
154 }
155
156
157static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
158 {
159 int ret;
160
161 ret=((*a)->type - (*b)->type);
162 if (ret) return ret;
163 switch ((*a)->type)
164 {
165 case X509_LU_X509:
166 ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
167 break;
168 case X509_LU_CRL:
169 ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
170 break;
171 default:
172 /* abort(); */
173 return 0;
174 }
175 return ret;
176 }
177
178X509_STORE *X509_STORE_new(void)
179 {
180 X509_STORE *ret;
181
182 if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
183 return NULL;
184 ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
185 ret->cache=1;
186 ret->get_cert_methods=sk_X509_LOOKUP_new_null();
187 ret->verify=0;
188 ret->verify_cb=0;
189
190 if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
191 return NULL;
192
193 ret->get_issuer = 0;
194 ret->check_issued = 0;
195 ret->check_revocation = 0;
196 ret->get_crl = 0;
197 ret->check_crl = 0;
198 ret->cert_crl = 0;
199 ret->cleanup = 0;
200
201 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
202 ret->references=1;
203 return ret;
204 }
205
206static void cleanup(X509_OBJECT *a)
207 {
208 if (a->type == X509_LU_X509)
209 {
210 X509_free(a->data.x509);
211 }
212 else if (a->type == X509_LU_CRL)
213 {
214 X509_CRL_free(a->data.crl);
215 }
216 else
217 {
218 /* abort(); */
219 }
220
221 OPENSSL_free(a);
222 }
223
224void X509_STORE_free(X509_STORE *vfy)
225 {
226 int i;
227 STACK_OF(X509_LOOKUP) *sk;
228 X509_LOOKUP *lu;
229
230 if (vfy == NULL)
231 return;
232
233 sk=vfy->get_cert_methods;
234 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
235 {
236 lu=sk_X509_LOOKUP_value(sk,i);
237 X509_LOOKUP_shutdown(lu);
238 X509_LOOKUP_free(lu);
239 }
240 sk_X509_LOOKUP_free(sk);
241 sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
242
243 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
244 if (vfy->param)
245 X509_VERIFY_PARAM_free(vfy->param);
246 OPENSSL_free(vfy);
247 }
248
249X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
250 {
251 int i;
252 STACK_OF(X509_LOOKUP) *sk;
253 X509_LOOKUP *lu;
254
255 sk=v->get_cert_methods;
256 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
257 {
258 lu=sk_X509_LOOKUP_value(sk,i);
259 if (m == lu->method)
260 {
261 return lu;
262 }
263 }
264 /* a new one */
265 lu=X509_LOOKUP_new(m);
266 if (lu == NULL)
267 return NULL;
268 else
269 {
270 lu->store_ctx=v;
271 if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
272 return lu;
273 else
274 {
275 X509_LOOKUP_free(lu);
276 return NULL;
277 }
278 }
279 }
280
281int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
282 X509_OBJECT *ret)
283 {
284 X509_STORE *ctx=vs->ctx;
285 X509_LOOKUP *lu;
286 X509_OBJECT stmp,*tmp;
287 int i,j;
288
289 tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
290
291 if (tmp == NULL)
292 {
293 for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
294 {
295 lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
296 j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
297 if (j < 0)
298 {
299 vs->current_method=j;
300 return j;
301 }
302 else if (j)
303 {
304 tmp= &stmp;
305 break;
306 }
307 }
308 vs->current_method=0;
309 if (tmp == NULL)
310 return 0;
311 }
312
313/* if (ret->data.ptr != NULL)
314 X509_OBJECT_free_contents(ret); */
315
316 ret->type=tmp->type;
317 ret->data.ptr=tmp->data.ptr;
318
319 X509_OBJECT_up_ref_count(ret);
320
321 return 1;
322 }
323
324int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
325 {
326 X509_OBJECT *obj;
327 int ret=1;
328
329 if (x == NULL) return 0;
330 obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
331 if (obj == NULL)
332 {
333 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
334 return 0;
335 }
336 obj->type=X509_LU_X509;
337 obj->data.x509=x;
338
339 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
340
341 X509_OBJECT_up_ref_count(obj);
342
343
344 if (X509_OBJECT_retrieve_match(ctx->objs, obj))
345 {
346 X509_OBJECT_free_contents(obj);
347 OPENSSL_free(obj);
348 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
349 ret=0;
350 }
351 else sk_X509_OBJECT_push(ctx->objs, obj);
352
353 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
354
355 return ret;
356 }
357
358int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
359 {
360 X509_OBJECT *obj;
361 int ret=1;
362
363 if (x == NULL) return 0;
364 obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
365 if (obj == NULL)
366 {
367 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
368 return 0;
369 }
370 obj->type=X509_LU_CRL;
371 obj->data.crl=x;
372
373 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
374
375 X509_OBJECT_up_ref_count(obj);
376
377 if (X509_OBJECT_retrieve_match(ctx->objs, obj))
378 {
379 X509_OBJECT_free_contents(obj);
380 OPENSSL_free(obj);
381 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
382 ret=0;
383 }
384 else sk_X509_OBJECT_push(ctx->objs, obj);
385
386 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
387
388 return ret;
389 }
390
391void X509_OBJECT_up_ref_count(X509_OBJECT *a)
392 {
393 switch (a->type)
394 {
395 case X509_LU_X509:
396 CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
397 break;
398 case X509_LU_CRL:
399 CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
400 break;
401 }
402 }
403
404void X509_OBJECT_free_contents(X509_OBJECT *a)
405 {
406 switch (a->type)
407 {
408 case X509_LU_X509:
409 X509_free(a->data.x509);
410 break;
411 case X509_LU_CRL:
412 X509_CRL_free(a->data.crl);
413 break;
414 }
415 }
416
417int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
418 X509_NAME *name)
419 {
420 X509_OBJECT stmp;
421 X509 x509_s;
422 X509_CINF cinf_s;
423 X509_CRL crl_s;
424 X509_CRL_INFO crl_info_s;
425
426 stmp.type=type;
427 switch (type)
428 {
429 case X509_LU_X509:
430 stmp.data.x509= &x509_s;
431 x509_s.cert_info= &cinf_s;
432 cinf_s.subject=name;
433 break;
434 case X509_LU_CRL:
435 stmp.data.crl= &crl_s;
436 crl_s.crl= &crl_info_s;
437 crl_info_s.issuer=name;
438 break;
439 default:
440 /* abort(); */
441 return -1;
442 }
443
444 return sk_X509_OBJECT_find(h,&stmp);
445 }
446
447X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
448 X509_NAME *name)
449{
450 int idx;
451 idx = X509_OBJECT_idx_by_subject(h, type, name);
452 if (idx==-1) return NULL;
453 return sk_X509_OBJECT_value(h, idx);
454}
455
456X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
457{
458 int idx, i;
459 X509_OBJECT *obj;
460 idx = sk_X509_OBJECT_find(h, x);
461 if (idx == -1) return NULL;
462 if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
463 for (i = idx; i < sk_X509_OBJECT_num(h); i++)
464 {
465 obj = sk_X509_OBJECT_value(h, i);
466 if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
467 return NULL;
468 if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
469 return obj;
470 }
471 return NULL;
472}
473
474
475/* Try to get issuer certificate from store. Due to limitations
476 * of the API this can only retrieve a single certificate matching
477 * a given subject name. However it will fill the cache with all
478 * matching certificates, so we can examine the cache for all
479 * matches.
480 *
481 * Return values are:
482 * 1 lookup successful.
483 * 0 certificate not found.
484 * -1 some other error.
485 */
486
487
488int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
489{
490 X509_NAME *xn;
491 X509_OBJECT obj, *pobj;
492 int i, ok, idx;
493 xn=X509_get_issuer_name(x);
494 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
495 if (ok != X509_LU_X509)
496 {
497 if (ok == X509_LU_RETRY)
498 {
499 X509_OBJECT_free_contents(&obj);
500 X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY);
501 return -1;
502 }
503 else if (ok != X509_LU_FAIL)
504 {
505 X509_OBJECT_free_contents(&obj);
506 /* not good :-(, break anyway */
507 return -1;
508 }
509 return 0;
510 }
511 /* If certificate matches all OK */
512 if (ctx->check_issued(ctx, x, obj.data.x509))
513 {
514 *issuer = obj.data.x509;
515 return 1;
516 }
517 X509_OBJECT_free_contents(&obj);
518 /* Else find index of first matching cert */
519 idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
520 /* This shouldn't normally happen since we already have one match */
521 if (idx == -1) return 0;
522
523 /* Look through all matching certificates for a suitable issuer */
524 for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
525 {
526 pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
527 /* See if we've ran out of matches */
528 if (pobj->type != X509_LU_X509) return 0;
529 if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
530 if (ctx->check_issued(ctx, x, pobj->data.x509))
531 {
532 *issuer = pobj->data.x509;
533 X509_OBJECT_up_ref_count(pobj);
534 return 1;
535 }
536 }
537 return 0;
538}
539
540int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
541 {
542 return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
543 }
544
545int X509_STORE_set_depth(X509_STORE *ctx, int depth)
546 {
547 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
548 return 1;
549 }
550
551int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
552 {
553 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
554 }
555
556int X509_STORE_set_trust(X509_STORE *ctx, int trust)
557 {
558 return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
559 }
560
561int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
562 {
563 return X509_VERIFY_PARAM_set1(ctx->param, param);
564 }
565
566IMPLEMENT_STACK_OF(X509_LOOKUP)
567IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
deleted file mode 100644
index 1e718f76eb..0000000000
--- a/src/lib/libcrypto/x509/x509_obj.c
+++ /dev/null
@@ -1,226 +0,0 @@
1/* crypto/x509/x509_obj.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/lhash.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64#include <openssl/buffer.h>
65
66char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
67 {
68 X509_NAME_ENTRY *ne;
69int i;
70 int n,lold,l,l1,l2,num,j,type;
71 const char *s;
72 char *p;
73 unsigned char *q;
74 BUF_MEM *b=NULL;
75 static char hex[17]="0123456789ABCDEF";
76 int gs_doit[4];
77 char tmp_buf[80];
78#ifdef CHARSET_EBCDIC
79 char ebcdic_buf[1024];
80#endif
81
82 if (buf == NULL)
83 {
84 if ((b=BUF_MEM_new()) == NULL) goto err;
85 if (!BUF_MEM_grow(b,200)) goto err;
86 b->data[0]='\0';
87 len=200;
88 }
89 if (a == NULL)
90 {
91 if(b)
92 {
93 buf=b->data;
94 OPENSSL_free(b);
95 }
96 strncpy(buf,"NO X509_NAME",len);
97 buf[len-1]='\0';
98 return buf;
99 }
100
101 len--; /* space for '\0' */
102 l=0;
103 for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
104 {
105 ne=sk_X509_NAME_ENTRY_value(a->entries,i);
106 n=OBJ_obj2nid(ne->object);
107 if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
108 {
109 i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
110 s=tmp_buf;
111 }
112 l1=strlen(s);
113
114 type=ne->value->type;
115 num=ne->value->length;
116 q=ne->value->data;
117#ifdef CHARSET_EBCDIC
118 if (type == V_ASN1_GENERALSTRING ||
119 type == V_ASN1_VISIBLESTRING ||
120 type == V_ASN1_PRINTABLESTRING ||
121 type == V_ASN1_TELETEXSTRING ||
122 type == V_ASN1_VISIBLESTRING ||
123 type == V_ASN1_IA5STRING) {
124 ascii2ebcdic(ebcdic_buf, q,
125 (num > sizeof ebcdic_buf)
126 ? sizeof ebcdic_buf : num);
127 q=ebcdic_buf;
128 }
129#endif
130
131 if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
132 {
133 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
134 for (j=0; j<num; j++)
135 if (q[j] != 0) gs_doit[j&3]=1;
136
137 if (gs_doit[0]|gs_doit[1]|gs_doit[2])
138 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
139 else
140 {
141 gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
142 gs_doit[3]=1;
143 }
144 }
145 else
146 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
147
148 for (l2=j=0; j<num; j++)
149 {
150 if (!gs_doit[j&3]) continue;
151 l2++;
152#ifndef CHARSET_EBCDIC
153 if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
154#else
155 if ((os_toascii[q[j]] < os_toascii[' ']) ||
156 (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
157#endif
158 }
159
160 lold=l;
161 l+=1+l1+1+l2;
162 if (b != NULL)
163 {
164 if (!BUF_MEM_grow(b,l+1)) goto err;
165 p= &(b->data[lold]);
166 }
167 else if (l > len)
168 {
169 break;
170 }
171 else
172 p= &(buf[lold]);
173 *(p++)='/';
174 memcpy(p,s,(unsigned int)l1); p+=l1;
175 *(p++)='=';
176
177#ifndef CHARSET_EBCDIC /* q was assigned above already. */
178 q=ne->value->data;
179#endif
180
181 for (j=0; j<num; j++)
182 {
183 if (!gs_doit[j&3]) continue;
184#ifndef CHARSET_EBCDIC
185 n=q[j];
186 if ((n < ' ') || (n > '~'))
187 {
188 *(p++)='\\';
189 *(p++)='x';
190 *(p++)=hex[(n>>4)&0x0f];
191 *(p++)=hex[n&0x0f];
192 }
193 else
194 *(p++)=n;
195#else
196 n=os_toascii[q[j]];
197 if ((n < os_toascii[' ']) ||
198 (n > os_toascii['~']))
199 {
200 *(p++)='\\';
201 *(p++)='x';
202 *(p++)=hex[(n>>4)&0x0f];
203 *(p++)=hex[n&0x0f];
204 }
205 else
206 *(p++)=q[j];
207#endif
208 }
209 *p='\0';
210 }
211 if (b != NULL)
212 {
213 p=b->data;
214 OPENSSL_free(b);
215 }
216 else
217 p=buf;
218 if (i == 0)
219 *p = '\0';
220 return(p);
221err:
222 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
223 if (b != NULL) BUF_MEM_free(b);
224 return(NULL);
225 }
226
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
deleted file mode 100644
index 254a14693d..0000000000
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ /dev/null
@@ -1,114 +0,0 @@
1/* crypto/x509/x509_r2x.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/evp.h>
63#include <openssl/asn1.h>
64#include <openssl/x509.h>
65#include <openssl/objects.h>
66#include <openssl/buffer.h>
67
68X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
69 {
70 X509 *ret=NULL;
71 X509_CINF *xi=NULL;
72 X509_NAME *xn;
73
74 if ((ret=X509_new()) == NULL)
75 {
76 X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
77 goto err;
78 }
79
80 /* duplicate the request */
81 xi=ret->cert_info;
82
83 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
84 {
85 if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
86 if (!ASN1_INTEGER_set(xi->version,2)) goto err;
87/* xi->extensions=ri->attributes; <- bad, should not ever be done
88 ri->attributes=NULL; */
89 }
90
91 xn=X509_REQ_get_subject_name(r);
92 if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0)
93 goto err;
94 if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0)
95 goto err;
96
97 if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
98 goto err;
99 if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL)
100 goto err;
101
102 X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
103
104 if (!X509_sign(ret,pkey,EVP_md5()))
105 goto err;
106 if (0)
107 {
108err:
109 X509_free(ret);
110 ret=NULL;
111 }
112 return(ret);
113 }
114
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
deleted file mode 100644
index 3872e1fb64..0000000000
--- a/src/lib/libcrypto/x509/x509_req.c
+++ /dev/null
@@ -1,324 +0,0 @@
1/* crypto/x509/x509_req.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/evp.h>
63#include <openssl/asn1.h>
64#include <openssl/x509.h>
65#include <openssl/objects.h>
66#include <openssl/buffer.h>
67#include <openssl/pem.h>
68
69X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
70 {
71 X509_REQ *ret;
72 X509_REQ_INFO *ri;
73 int i;
74 EVP_PKEY *pktmp;
75
76 ret=X509_REQ_new();
77 if (ret == NULL)
78 {
79 X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
80 goto err;
81 }
82
83 ri=ret->req_info;
84
85 ri->version->length=1;
86 ri->version->data=(unsigned char *)OPENSSL_malloc(1);
87 if (ri->version->data == NULL) goto err;
88 ri->version->data[0]=0; /* version == 0 */
89
90 if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
91 goto err;
92
93 pktmp = X509_get_pubkey(x);
94 i=X509_REQ_set_pubkey(ret,pktmp);
95 EVP_PKEY_free(pktmp);
96 if (!i) goto err;
97
98 if (pkey != NULL)
99 {
100 if (!X509_REQ_sign(ret,pkey,md))
101 goto err;
102 }
103 return(ret);
104err:
105 X509_REQ_free(ret);
106 return(NULL);
107 }
108
109EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
110 {
111 if ((req == NULL) || (req->req_info == NULL))
112 return(NULL);
113 return(X509_PUBKEY_get(req->req_info->pubkey));
114 }
115
116int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
117 {
118 EVP_PKEY *xk=NULL;
119 int ok=0;
120
121 xk=X509_REQ_get_pubkey(x);
122 switch (EVP_PKEY_cmp(xk, k))
123 {
124 case 1:
125 ok=1;
126 break;
127 case 0:
128 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
129 break;
130 case -1:
131 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
132 break;
133 case -2:
134#ifndef OPENSSL_NO_EC
135 if (k->type == EVP_PKEY_EC)
136 {
137 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
138 break;
139 }
140#endif
141#ifndef OPENSSL_NO_DH
142 if (k->type == EVP_PKEY_DH)
143 {
144 /* No idea */
145 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
146 break;
147 }
148#endif
149 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
150 }
151
152 EVP_PKEY_free(xk);
153 return(ok);
154 }
155
156/* It seems several organisations had the same idea of including a list of
157 * extensions in a certificate request. There are at least two OIDs that are
158 * used and there may be more: so the list is configurable.
159 */
160
161static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
162
163static int *ext_nids = ext_nid_list;
164
165int X509_REQ_extension_nid(int req_nid)
166{
167 int i, nid;
168 for(i = 0; ; i++) {
169 nid = ext_nids[i];
170 if(nid == NID_undef) return 0;
171 else if (req_nid == nid) return 1;
172 }
173}
174
175int *X509_REQ_get_extension_nids(void)
176{
177 return ext_nids;
178}
179
180void X509_REQ_set_extension_nids(int *nids)
181{
182 ext_nids = nids;
183}
184
185STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
186 {
187 X509_ATTRIBUTE *attr;
188 ASN1_TYPE *ext = NULL;
189 int idx, *pnid;
190 const unsigned char *p;
191
192 if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
193 return(NULL);
194 for (pnid = ext_nids; *pnid != NID_undef; pnid++)
195 {
196 idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
197 if (idx == -1)
198 continue;
199 attr = X509_REQ_get_attr(req, idx);
200 if(attr->single) ext = attr->value.single;
201 else if(sk_ASN1_TYPE_num(attr->value.set))
202 ext = sk_ASN1_TYPE_value(attr->value.set, 0);
203 break;
204 }
205 if(!ext || (ext->type != V_ASN1_SEQUENCE))
206 return NULL;
207 p = ext->value.sequence->data;
208 return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
209 ext->value.sequence->length,
210 d2i_X509_EXTENSION, X509_EXTENSION_free,
211 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
212}
213
214/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
215 * in case we want to create a non standard one.
216 */
217
218int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
219 int nid)
220{
221 unsigned char *p = NULL, *q;
222 long len;
223 ASN1_TYPE *at = NULL;
224 X509_ATTRIBUTE *attr = NULL;
225 if(!(at = ASN1_TYPE_new()) ||
226 !(at->value.sequence = ASN1_STRING_new())) goto err;
227
228 at->type = V_ASN1_SEQUENCE;
229 /* Generate encoding of extensions */
230 len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
231 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
232 if(!(p = OPENSSL_malloc(len))) goto err;
233 q = p;
234 i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
235 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
236 at->value.sequence->data = p;
237 p = NULL;
238 at->value.sequence->length = len;
239 if(!(attr = X509_ATTRIBUTE_new())) goto err;
240 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
241 if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
242 at = NULL;
243 attr->single = 0;
244 attr->object = OBJ_nid2obj(nid);
245 if (!req->req_info->attributes)
246 {
247 if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
248 goto err;
249 }
250 if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
251 return 1;
252 err:
253 if(p) OPENSSL_free(p);
254 X509_ATTRIBUTE_free(attr);
255 ASN1_TYPE_free(at);
256 return 0;
257}
258/* This is the normal usage: use the "official" OID */
259int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
260{
261 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
262}
263
264/* Request attribute functions */
265
266int X509_REQ_get_attr_count(const X509_REQ *req)
267{
268 return X509at_get_attr_count(req->req_info->attributes);
269}
270
271int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
272 int lastpos)
273{
274 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
275}
276
277int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
278 int lastpos)
279{
280 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
281}
282
283X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
284{
285 return X509at_get_attr(req->req_info->attributes, loc);
286}
287
288X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
289{
290 return X509at_delete_attr(req->req_info->attributes, loc);
291}
292
293int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
294{
295 if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
296 return 0;
297}
298
299int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
300 const ASN1_OBJECT *obj, int type,
301 const unsigned char *bytes, int len)
302{
303 if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
304 type, bytes, len)) return 1;
305 return 0;
306}
307
308int X509_REQ_add1_attr_by_NID(X509_REQ *req,
309 int nid, int type,
310 const unsigned char *bytes, int len)
311{
312 if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
313 type, bytes, len)) return 1;
314 return 0;
315}
316
317int X509_REQ_add1_attr_by_txt(X509_REQ *req,
318 const char *attrname, int type,
319 const unsigned char *bytes, int len)
320{
321 if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
322 type, bytes, len)) return 1;
323 return 0;
324}
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
deleted file mode 100644
index aaf61ca062..0000000000
--- a/src/lib/libcrypto/x509/x509_set.c
+++ /dev/null
@@ -1,150 +0,0 @@
1/* crypto/x509/x509_set.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_set_version(X509 *x, long version)
67 {
68 if (x == NULL) return(0);
69 if (x->cert_info->version == NULL)
70 {
71 if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
72 return(0);
73 }
74 return(ASN1_INTEGER_set(x->cert_info->version,version));
75 }
76
77int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
78 {
79 ASN1_INTEGER *in;
80
81 if (x == NULL) return(0);
82 in=x->cert_info->serialNumber;
83 if (in != serial)
84 {
85 in=M_ASN1_INTEGER_dup(serial);
86 if (in != NULL)
87 {
88 M_ASN1_INTEGER_free(x->cert_info->serialNumber);
89 x->cert_info->serialNumber=in;
90 }
91 }
92 return(in != NULL);
93 }
94
95int X509_set_issuer_name(X509 *x, X509_NAME *name)
96 {
97 if ((x == NULL) || (x->cert_info == NULL)) return(0);
98 return(X509_NAME_set(&x->cert_info->issuer,name));
99 }
100
101int X509_set_subject_name(X509 *x, X509_NAME *name)
102 {
103 if ((x == NULL) || (x->cert_info == NULL)) return(0);
104 return(X509_NAME_set(&x->cert_info->subject,name));
105 }
106
107int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
108 {
109 ASN1_TIME *in;
110
111 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
112 in=x->cert_info->validity->notBefore;
113 if (in != tm)
114 {
115 in=M_ASN1_TIME_dup(tm);
116 if (in != NULL)
117 {
118 M_ASN1_TIME_free(x->cert_info->validity->notBefore);
119 x->cert_info->validity->notBefore=in;
120 }
121 }
122 return(in != NULL);
123 }
124
125int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
126 {
127 ASN1_TIME *in;
128
129 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
130 in=x->cert_info->validity->notAfter;
131 if (in != tm)
132 {
133 in=M_ASN1_TIME_dup(tm);
134 if (in != NULL)
135 {
136 M_ASN1_TIME_free(x->cert_info->validity->notAfter);
137 x->cert_info->validity->notAfter=in;
138 }
139 }
140 return(in != NULL);
141 }
142
143int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
144 {
145 if ((x == NULL) || (x->cert_info == NULL)) return(0);
146 return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
147 }
148
149
150
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
deleted file mode 100644
index ed18700585..0000000000
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ /dev/null
@@ -1,287 +0,0 @@
1/* x509_trs.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63
64static int tr_cmp(const X509_TRUST * const *a,
65 const X509_TRUST * const *b);
66static void trtable_free(X509_TRUST *p);
67
68static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
69static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
70static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
71
72static int obj_trust(int id, X509 *x, int flags);
73static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
74
75/* WARNING: the following table should be kept in order of trust
76 * and without any gaps so we can just subtract the minimum trust
77 * value to get an index into the table
78 */
79
80static X509_TRUST trstandard[] = {
81{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
82{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
83{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
84{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
85{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
86{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
87{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
88};
89
90#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
91
92IMPLEMENT_STACK_OF(X509_TRUST)
93
94static STACK_OF(X509_TRUST) *trtable = NULL;
95
96static int tr_cmp(const X509_TRUST * const *a,
97 const X509_TRUST * const *b)
98{
99 return (*a)->trust - (*b)->trust;
100}
101
102int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
103{
104 int (*oldtrust)(int , X509 *, int);
105 oldtrust = default_trust;
106 default_trust = trust;
107 return oldtrust;
108}
109
110
111int X509_check_trust(X509 *x, int id, int flags)
112{
113 X509_TRUST *pt;
114 int idx;
115 if(id == -1) return 1;
116 idx = X509_TRUST_get_by_id(id);
117 if(idx == -1) return default_trust(id, x, flags);
118 pt = X509_TRUST_get0(idx);
119 return pt->check_trust(pt, x, flags);
120}
121
122int X509_TRUST_get_count(void)
123{
124 if(!trtable) return X509_TRUST_COUNT;
125 return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
126}
127
128X509_TRUST * X509_TRUST_get0(int idx)
129{
130 if(idx < 0) return NULL;
131 if(idx < (int)X509_TRUST_COUNT) return trstandard + idx;
132 return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
133}
134
135int X509_TRUST_get_by_id(int id)
136{
137 X509_TRUST tmp;
138 int idx;
139 if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
140 return id - X509_TRUST_MIN;
141 tmp.trust = id;
142 if(!trtable) return -1;
143 idx = sk_X509_TRUST_find(trtable, &tmp);
144 if(idx == -1) return -1;
145 return idx + X509_TRUST_COUNT;
146}
147
148int X509_TRUST_set(int *t, int trust)
149{
150 if(X509_TRUST_get_by_id(trust) == -1) {
151 X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
152 return 0;
153 }
154 *t = trust;
155 return 1;
156}
157
158int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
159 char *name, int arg1, void *arg2)
160{
161 int idx;
162 X509_TRUST *trtmp;
163 /* This is set according to what we change: application can't set it */
164 flags &= ~X509_TRUST_DYNAMIC;
165 /* This will always be set for application modified trust entries */
166 flags |= X509_TRUST_DYNAMIC_NAME;
167 /* Get existing entry if any */
168 idx = X509_TRUST_get_by_id(id);
169 /* Need a new entry */
170 if(idx == -1) {
171 if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
172 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
173 return 0;
174 }
175 trtmp->flags = X509_TRUST_DYNAMIC;
176 } else trtmp = X509_TRUST_get0(idx);
177
178 /* OPENSSL_free existing name if dynamic */
179 if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
180 /* dup supplied name */
181 if(!(trtmp->name = BUF_strdup(name))) {
182 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
183 return 0;
184 }
185 /* Keep the dynamic flag of existing entry */
186 trtmp->flags &= X509_TRUST_DYNAMIC;
187 /* Set all other flags */
188 trtmp->flags |= flags;
189
190 trtmp->trust = id;
191 trtmp->check_trust = ck;
192 trtmp->arg1 = arg1;
193 trtmp->arg2 = arg2;
194
195 /* If its a new entry manage the dynamic table */
196 if(idx == -1) {
197 if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
198 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
199 return 0;
200 }
201 if (!sk_X509_TRUST_push(trtable, trtmp)) {
202 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
203 return 0;
204 }
205 }
206 return 1;
207}
208
209static void trtable_free(X509_TRUST *p)
210 {
211 if(!p) return;
212 if (p->flags & X509_TRUST_DYNAMIC)
213 {
214 if (p->flags & X509_TRUST_DYNAMIC_NAME)
215 OPENSSL_free(p->name);
216 OPENSSL_free(p);
217 }
218 }
219
220void X509_TRUST_cleanup(void)
221{
222 unsigned int i;
223 for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
224 sk_X509_TRUST_pop_free(trtable, trtable_free);
225 trtable = NULL;
226}
227
228int X509_TRUST_get_flags(X509_TRUST *xp)
229{
230 return xp->flags;
231}
232
233char *X509_TRUST_get0_name(X509_TRUST *xp)
234{
235 return xp->name;
236}
237
238int X509_TRUST_get_trust(X509_TRUST *xp)
239{
240 return xp->trust;
241}
242
243static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
244{
245 if(x->aux && (x->aux->trust || x->aux->reject))
246 return obj_trust(trust->arg1, x, flags);
247 /* we don't have any trust settings: for compatibility
248 * we return trusted if it is self signed
249 */
250 return trust_compat(trust, x, flags);
251}
252
253static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
254{
255 if(x->aux) return obj_trust(trust->arg1, x, flags);
256 return X509_TRUST_UNTRUSTED;
257}
258
259static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
260{
261 X509_check_purpose(x, -1, 0);
262 if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
263 else return X509_TRUST_UNTRUSTED;
264}
265
266static int obj_trust(int id, X509 *x, int flags)
267{
268 ASN1_OBJECT *obj;
269 int i;
270 X509_CERT_AUX *ax;
271 ax = x->aux;
272 if(!ax) return X509_TRUST_UNTRUSTED;
273 if(ax->reject) {
274 for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
275 obj = sk_ASN1_OBJECT_value(ax->reject, i);
276 if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
277 }
278 }
279 if(ax->trust) {
280 for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
281 obj = sk_ASN1_OBJECT_value(ax->trust, i);
282 if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
283 }
284 }
285 return X509_TRUST_UNTRUSTED;
286}
287
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
deleted file mode 100644
index 73a8ec726f..0000000000
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ /dev/null
@@ -1,173 +0,0 @@
1/* crypto/x509/x509_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/lhash.h>
65#include <openssl/buffer.h>
66#include <openssl/evp.h>
67#include <openssl/asn1.h>
68#include <openssl/x509.h>
69#include <openssl/objects.h>
70
71const char *X509_verify_cert_error_string(long n)
72 {
73 static char buf[100];
74
75 switch ((int)n)
76 {
77 case X509_V_OK:
78 return("ok");
79 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
80 return("unable to get issuer certificate");
81 case X509_V_ERR_UNABLE_TO_GET_CRL:
82 return("unable to get certificate CRL");
83 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
84 return("unable to decrypt certificate's signature");
85 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
86 return("unable to decrypt CRL's signature");
87 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
88 return("unable to decode issuer public key");
89 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
90 return("certificate signature failure");
91 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
92 return("CRL signature failure");
93 case X509_V_ERR_CERT_NOT_YET_VALID:
94 return("certificate is not yet valid");
95 case X509_V_ERR_CRL_NOT_YET_VALID:
96 return("CRL is not yet valid");
97 case X509_V_ERR_CERT_HAS_EXPIRED:
98 return("certificate has expired");
99 case X509_V_ERR_CRL_HAS_EXPIRED:
100 return("CRL has expired");
101 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
102 return("format error in certificate's notBefore field");
103 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
104 return("format error in certificate's notAfter field");
105 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
106 return("format error in CRL's lastUpdate field");
107 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
108 return("format error in CRL's nextUpdate field");
109 case X509_V_ERR_OUT_OF_MEM:
110 return("out of memory");
111 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
112 return("self signed certificate");
113 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
114 return("self signed certificate in certificate chain");
115 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
116 return("unable to get local issuer certificate");
117 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
118 return("unable to verify the first certificate");
119 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
120 return("certificate chain too long");
121 case X509_V_ERR_CERT_REVOKED:
122 return("certificate revoked");
123 case X509_V_ERR_INVALID_CA:
124 return ("invalid CA certificate");
125 case X509_V_ERR_INVALID_NON_CA:
126 return ("invalid non-CA certificate (has CA markings)");
127 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
128 return ("path length constraint exceeded");
129 case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
130 return("proxy path length constraint exceeded");
131 case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
132 return("proxy certificates not allowed, please set the appropriate flag");
133 case X509_V_ERR_INVALID_PURPOSE:
134 return ("unsupported certificate purpose");
135 case X509_V_ERR_CERT_UNTRUSTED:
136 return ("certificate not trusted");
137 case X509_V_ERR_CERT_REJECTED:
138 return ("certificate rejected");
139 case X509_V_ERR_APPLICATION_VERIFICATION:
140 return("application verification failure");
141 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
142 return("subject issuer mismatch");
143 case X509_V_ERR_AKID_SKID_MISMATCH:
144 return("authority and subject key identifier mismatch");
145 case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
146 return("authority and issuer serial number mismatch");
147 case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
148 return("key usage does not include certificate signing");
149 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
150 return("unable to get CRL issuer certificate");
151 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
152 return("unhandled critical extension");
153 case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
154 return("key usage does not include CRL signing");
155 case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
156 return("key usage does not include digital signature");
157 case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
158 return("unhandled critical CRL extension");
159 case X509_V_ERR_INVALID_EXTENSION:
160 return("invalid or inconsistent certificate extension");
161 case X509_V_ERR_INVALID_POLICY_EXTENSION:
162 return("invalid or inconsistent certificate policy extension");
163 case X509_V_ERR_NO_EXPLICIT_POLICY:
164 return("no explicit policy");
165 case X509_V_ERR_UNNESTED_RESOURCE:
166 return("RFC 3779 resource not subset of parent's resources");
167 default:
168 BIO_snprintf(buf,sizeof buf,"error number %ld",n);
169 return(buf);
170 }
171 }
172
173
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
deleted file mode 100644
index 42e6f0ab05..0000000000
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ /dev/null
@@ -1,274 +0,0 @@
1/* crypto/x509/x509_v3.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
69 {
70 if (x == NULL) return(0);
71 return(sk_X509_EXTENSION_num(x));
72 }
73
74int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
75 int lastpos)
76 {
77 ASN1_OBJECT *obj;
78
79 obj=OBJ_nid2obj(nid);
80 if (obj == NULL) return(-2);
81 return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
82 }
83
84int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
85 int lastpos)
86 {
87 int n;
88 X509_EXTENSION *ex;
89
90 if (sk == NULL) return(-1);
91 lastpos++;
92 if (lastpos < 0)
93 lastpos=0;
94 n=sk_X509_EXTENSION_num(sk);
95 for ( ; lastpos < n; lastpos++)
96 {
97 ex=sk_X509_EXTENSION_value(sk,lastpos);
98 if (OBJ_cmp(ex->object,obj) == 0)
99 return(lastpos);
100 }
101 return(-1);
102 }
103
104int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
105 int lastpos)
106 {
107 int n;
108 X509_EXTENSION *ex;
109
110 if (sk == NULL) return(-1);
111 lastpos++;
112 if (lastpos < 0)
113 lastpos=0;
114 n=sk_X509_EXTENSION_num(sk);
115 for ( ; lastpos < n; lastpos++)
116 {
117 ex=sk_X509_EXTENSION_value(sk,lastpos);
118 if ( ((ex->critical > 0) && crit) ||
119 ((ex->critical <= 0) && !crit))
120 return(lastpos);
121 }
122 return(-1);
123 }
124
125X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
126 {
127 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
128 return NULL;
129 else
130 return sk_X509_EXTENSION_value(x,loc);
131 }
132
133X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
134 {
135 X509_EXTENSION *ret;
136
137 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
138 return(NULL);
139 ret=sk_X509_EXTENSION_delete(x,loc);
140 return(ret);
141 }
142
143STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
144 X509_EXTENSION *ex, int loc)
145 {
146 X509_EXTENSION *new_ex=NULL;
147 int n;
148 STACK_OF(X509_EXTENSION) *sk=NULL;
149
150 if (x == NULL)
151 {
152 X509err(X509_F_X509V3_ADD_EXT,ERR_R_PASSED_NULL_PARAMETER);
153 goto err2;
154 }
155
156 if (*x == NULL)
157 {
158 if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
159 goto err;
160 }
161 else
162 sk= *x;
163
164 n=sk_X509_EXTENSION_num(sk);
165 if (loc > n) loc=n;
166 else if (loc < 0) loc=n;
167
168 if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
169 goto err2;
170 if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
171 goto err;
172 if (*x == NULL)
173 *x=sk;
174 return(sk);
175err:
176 X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
177err2:
178 if (new_ex != NULL) X509_EXTENSION_free(new_ex);
179 if (sk != NULL) sk_X509_EXTENSION_free(sk);
180 return(NULL);
181 }
182
183X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
184 int crit, ASN1_OCTET_STRING *data)
185 {
186 ASN1_OBJECT *obj;
187 X509_EXTENSION *ret;
188
189 obj=OBJ_nid2obj(nid);
190 if (obj == NULL)
191 {
192 X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
193 return(NULL);
194 }
195 ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
196 if (ret == NULL) ASN1_OBJECT_free(obj);
197 return(ret);
198 }
199
200X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
201 ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
202 {
203 X509_EXTENSION *ret;
204
205 if ((ex == NULL) || (*ex == NULL))
206 {
207 if ((ret=X509_EXTENSION_new()) == NULL)
208 {
209 X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
210 return(NULL);
211 }
212 }
213 else
214 ret= *ex;
215
216 if (!X509_EXTENSION_set_object(ret,obj))
217 goto err;
218 if (!X509_EXTENSION_set_critical(ret,crit))
219 goto err;
220 if (!X509_EXTENSION_set_data(ret,data))
221 goto err;
222
223 if ((ex != NULL) && (*ex == NULL)) *ex=ret;
224 return(ret);
225err:
226 if ((ex == NULL) || (ret != *ex))
227 X509_EXTENSION_free(ret);
228 return(NULL);
229 }
230
231int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
232 {
233 if ((ex == NULL) || (obj == NULL))
234 return(0);
235 ASN1_OBJECT_free(ex->object);
236 ex->object=OBJ_dup(obj);
237 return(1);
238 }
239
240int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
241 {
242 if (ex == NULL) return(0);
243 ex->critical=(crit)?0xFF:-1;
244 return(1);
245 }
246
247int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
248 {
249 int i;
250
251 if (ex == NULL) return(0);
252 i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
253 if (!i) return(0);
254 return(1);
255 }
256
257ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
258 {
259 if (ex == NULL) return(NULL);
260 return(ex->object);
261 }
262
263ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
264 {
265 if (ex == NULL) return(NULL);
266 return(ex->value);
267 }
268
269int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
270 {
271 if (ex == NULL) return(0);
272 if(ex->critical > 0) return 1;
273 return 0;
274 }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
deleted file mode 100644
index 336c40ddd7..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ /dev/null
@@ -1,1552 +0,0 @@
1/* crypto/x509/x509_vfy.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/crypto.h>
65#include <openssl/lhash.h>
66#include <openssl/buffer.h>
67#include <openssl/evp.h>
68#include <openssl/asn1.h>
69#include <openssl/x509.h>
70#include <openssl/x509v3.h>
71#include <openssl/objects.h>
72
73static int null_callback(int ok,X509_STORE_CTX *e);
74static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
75static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
76static int check_chain_extensions(X509_STORE_CTX *ctx);
77static int check_trust(X509_STORE_CTX *ctx);
78static int check_revocation(X509_STORE_CTX *ctx);
79static int check_cert(X509_STORE_CTX *ctx);
80static int check_policy(X509_STORE_CTX *ctx);
81static int internal_verify(X509_STORE_CTX *ctx);
82const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT;
83
84
85static int null_callback(int ok, X509_STORE_CTX *e)
86 {
87 return ok;
88 }
89
90#if 0
91static int x509_subject_cmp(X509 **a, X509 **b)
92 {
93 return X509_subject_name_cmp(*a,*b);
94 }
95#endif
96
97int X509_verify_cert(X509_STORE_CTX *ctx)
98 {
99 X509 *x,*xtmp,*chain_ss=NULL;
100 X509_NAME *xn;
101 int bad_chain = 0;
102 X509_VERIFY_PARAM *param = ctx->param;
103 int depth,i,ok=0;
104 int num;
105 int (*cb)(int xok,X509_STORE_CTX *xctx);
106 STACK_OF(X509) *sktmp=NULL;
107 if (ctx->cert == NULL)
108 {
109 X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
110 return -1;
111 }
112
113 cb=ctx->verify_cb;
114
115 /* first we make sure the chain we are going to build is
116 * present and that the first entry is in place */
117 if (ctx->chain == NULL)
118 {
119 if ( ((ctx->chain=sk_X509_new_null()) == NULL) ||
120 (!sk_X509_push(ctx->chain,ctx->cert)))
121 {
122 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
123 goto end;
124 }
125 CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
126 ctx->last_untrusted=1;
127 }
128
129 /* We use a temporary STACK so we can chop and hack at it */
130 if (ctx->untrusted != NULL
131 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
132 {
133 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
134 goto end;
135 }
136
137 num=sk_X509_num(ctx->chain);
138 x=sk_X509_value(ctx->chain,num-1);
139 depth=param->depth;
140
141
142 for (;;)
143 {
144 /* If we have enough, we break */
145 if (depth < num) break; /* FIXME: If this happens, we should take
146 * note of it and, if appropriate, use the
147 * X509_V_ERR_CERT_CHAIN_TOO_LONG error
148 * code later.
149 */
150
151 /* If we are self signed, we break */
152 xn=X509_get_issuer_name(x);
153 if (ctx->check_issued(ctx, x,x)) break;
154
155 /* If we were passed a cert chain, use it first */
156 if (ctx->untrusted != NULL)
157 {
158 xtmp=find_issuer(ctx, sktmp,x);
159 if (xtmp != NULL)
160 {
161 if (!sk_X509_push(ctx->chain,xtmp))
162 {
163 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
164 goto end;
165 }
166 CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
167 (void)sk_X509_delete_ptr(sktmp,xtmp);
168 ctx->last_untrusted++;
169 x=xtmp;
170 num++;
171 /* reparse the full chain for
172 * the next one */
173 continue;
174 }
175 }
176 break;
177 }
178
179 /* at this point, chain should contain a list of untrusted
180 * certificates. We now need to add at least one trusted one,
181 * if possible, otherwise we complain. */
182
183 /* Examine last certificate in chain and see if it
184 * is self signed.
185 */
186
187 i=sk_X509_num(ctx->chain);
188 x=sk_X509_value(ctx->chain,i-1);
189 xn = X509_get_subject_name(x);
190 if (ctx->check_issued(ctx, x, x))
191 {
192 /* we have a self signed certificate */
193 if (sk_X509_num(ctx->chain) == 1)
194 {
195 /* We have a single self signed certificate: see if
196 * we can find it in the store. We must have an exact
197 * match to avoid possible impersonation.
198 */
199 ok = ctx->get_issuer(&xtmp, ctx, x);
200 if ((ok <= 0) || X509_cmp(x, xtmp))
201 {
202 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
203 ctx->current_cert=x;
204 ctx->error_depth=i-1;
205 if (ok == 1) X509_free(xtmp);
206 bad_chain = 1;
207 ok=cb(0,ctx);
208 if (!ok) goto end;
209 }
210 else
211 {
212 /* We have a match: replace certificate with store version
213 * so we get any trust settings.
214 */
215 X509_free(x);
216 x = xtmp;
217 (void)sk_X509_set(ctx->chain, i - 1, x);
218 ctx->last_untrusted=0;
219 }
220 }
221 else
222 {
223 /* extract and save self signed certificate for later use */
224 chain_ss=sk_X509_pop(ctx->chain);
225 ctx->last_untrusted--;
226 num--;
227 x=sk_X509_value(ctx->chain,num-1);
228 }
229 }
230
231 /* We now lookup certs from the certificate store */
232 for (;;)
233 {
234 /* If we have enough, we break */
235 if (depth < num) break;
236
237 /* If we are self signed, we break */
238 xn=X509_get_issuer_name(x);
239 if (ctx->check_issued(ctx,x,x)) break;
240
241 ok = ctx->get_issuer(&xtmp, ctx, x);
242
243 if (ok < 0) return ok;
244 if (ok == 0) break;
245
246 x = xtmp;
247 if (!sk_X509_push(ctx->chain,x))
248 {
249 X509_free(xtmp);
250 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
251 return 0;
252 }
253 num++;
254 }
255
256 /* we now have our chain, lets check it... */
257 xn=X509_get_issuer_name(x);
258
259 /* Is last certificate looked up self signed? */
260 if (!ctx->check_issued(ctx,x,x))
261 {
262 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
263 {
264 if (ctx->last_untrusted >= num)
265 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
266 else
267 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
268 ctx->current_cert=x;
269 }
270 else
271 {
272
273 sk_X509_push(ctx->chain,chain_ss);
274 num++;
275 ctx->last_untrusted=num;
276 ctx->current_cert=chain_ss;
277 ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
278 chain_ss=NULL;
279 }
280
281 ctx->error_depth=num-1;
282 bad_chain = 1;
283 ok=cb(0,ctx);
284 if (!ok) goto end;
285 }
286
287 /* We have the chain complete: now we need to check its purpose */
288 ok = check_chain_extensions(ctx);
289
290 if (!ok) goto end;
291
292 /* The chain extensions are OK: check trust */
293
294 if (param->trust > 0) ok = check_trust(ctx);
295
296 if (!ok) goto end;
297
298 /* We may as well copy down any DSA parameters that are required */
299 X509_get_pubkey_parameters(NULL,ctx->chain);
300
301 /* Check revocation status: we do this after copying parameters
302 * because they may be needed for CRL signature verification.
303 */
304
305 ok = ctx->check_revocation(ctx);
306 if(!ok) goto end;
307
308 /* At this point, we have a chain and need to verify it */
309 if (ctx->verify != NULL)
310 ok=ctx->verify(ctx);
311 else
312 ok=internal_verify(ctx);
313 if(!ok) goto end;
314
315#ifndef OPENSSL_NO_RFC3779
316 /* RFC 3779 path validation, now that CRL check has been done */
317 ok = v3_asid_validate_path(ctx);
318 if (!ok) goto end;
319 ok = v3_addr_validate_path(ctx);
320 if (!ok) goto end;
321#endif
322
323 /* If we get this far evaluate policies */
324 if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
325 ok = ctx->check_policy(ctx);
326 if(!ok) goto end;
327 if (0)
328 {
329end:
330 X509_get_pubkey_parameters(NULL,ctx->chain);
331 }
332 if (sktmp != NULL) sk_X509_free(sktmp);
333 if (chain_ss != NULL) X509_free(chain_ss);
334 return ok;
335 }
336
337
338/* Given a STACK_OF(X509) find the issuer of cert (if any)
339 */
340
341static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
342{
343 int i;
344 X509 *issuer;
345 for (i = 0; i < sk_X509_num(sk); i++)
346 {
347 issuer = sk_X509_value(sk, i);
348 if (ctx->check_issued(ctx, x, issuer))
349 return issuer;
350 }
351 return NULL;
352}
353
354/* Given a possible certificate and issuer check them */
355
356static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
357{
358 int ret;
359 ret = X509_check_issued(issuer, x);
360 if (ret == X509_V_OK)
361 return 1;
362 /* If we haven't asked for issuer errors don't set ctx */
363 if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
364 return 0;
365
366 ctx->error = ret;
367 ctx->current_cert = x;
368 ctx->current_issuer = issuer;
369 return ctx->verify_cb(0, ctx);
370 return 0;
371}
372
373/* Alternative lookup method: look from a STACK stored in other_ctx */
374
375static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
376{
377 *issuer = find_issuer(ctx, ctx->other_ctx, x);
378 if (*issuer)
379 {
380 CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
381 return 1;
382 }
383 else
384 return 0;
385}
386
387
388/* Check a certificate chains extensions for consistency
389 * with the supplied purpose
390 */
391
392static int check_chain_extensions(X509_STORE_CTX *ctx)
393{
394#ifdef OPENSSL_NO_CHAIN_VERIFY
395 return 1;
396#else
397 int i, ok=0, must_be_ca, plen = 0;
398 X509 *x;
399 int (*cb)(int xok,X509_STORE_CTX *xctx);
400 int proxy_path_length = 0;
401 int allow_proxy_certs =
402 !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
403 cb=ctx->verify_cb;
404
405 /* must_be_ca can have 1 of 3 values:
406 -1: we accept both CA and non-CA certificates, to allow direct
407 use of self-signed certificates (which are marked as CA).
408 0: we only accept non-CA certificates. This is currently not
409 used, but the possibility is present for future extensions.
410 1: we only accept CA certificates. This is currently used for
411 all certificates in the chain except the leaf certificate.
412 */
413 must_be_ca = -1;
414
415 /* A hack to keep people who don't want to modify their software
416 happy */
417 if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
418 allow_proxy_certs = 1;
419
420 /* Check all untrusted certificates */
421 for (i = 0; i < ctx->last_untrusted; i++)
422 {
423 int ret;
424 x = sk_X509_value(ctx->chain, i);
425 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
426 && (x->ex_flags & EXFLAG_CRITICAL))
427 {
428 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
429 ctx->error_depth = i;
430 ctx->current_cert = x;
431 ok=cb(0,ctx);
432 if (!ok) goto end;
433 }
434 if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY))
435 {
436 ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
437 ctx->error_depth = i;
438 ctx->current_cert = x;
439 ok=cb(0,ctx);
440 if (!ok) goto end;
441 }
442 ret = X509_check_ca(x);
443 switch(must_be_ca)
444 {
445 case -1:
446 if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
447 && (ret != 1) && (ret != 0))
448 {
449 ret = 0;
450 ctx->error = X509_V_ERR_INVALID_CA;
451 }
452 else
453 ret = 1;
454 break;
455 case 0:
456 if (ret != 0)
457 {
458 ret = 0;
459 ctx->error = X509_V_ERR_INVALID_NON_CA;
460 }
461 else
462 ret = 1;
463 break;
464 default:
465 if ((ret == 0)
466 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
467 && (ret != 1)))
468 {
469 ret = 0;
470 ctx->error = X509_V_ERR_INVALID_CA;
471 }
472 else
473 ret = 1;
474 break;
475 }
476 if (ret == 0)
477 {
478 ctx->error_depth = i;
479 ctx->current_cert = x;
480 ok=cb(0,ctx);
481 if (!ok) goto end;
482 }
483 if (ctx->param->purpose > 0)
484 {
485 ret = X509_check_purpose(x, ctx->param->purpose,
486 must_be_ca > 0);
487 if ((ret == 0)
488 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
489 && (ret != 1)))
490 {
491 ctx->error = X509_V_ERR_INVALID_PURPOSE;
492 ctx->error_depth = i;
493 ctx->current_cert = x;
494 ok=cb(0,ctx);
495 if (!ok) goto end;
496 }
497 }
498 /* Check pathlen if not self issued */
499 if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
500 && (x->ex_pathlen != -1)
501 && (plen > (x->ex_pathlen + proxy_path_length + 1)))
502 {
503 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
504 ctx->error_depth = i;
505 ctx->current_cert = x;
506 ok=cb(0,ctx);
507 if (!ok) goto end;
508 }
509 /* Increment path length if not self issued */
510 if (!(x->ex_flags & EXFLAG_SI))
511 plen++;
512 /* If this certificate is a proxy certificate, the next
513 certificate must be another proxy certificate or a EE
514 certificate. If not, the next certificate must be a
515 CA certificate. */
516 if (x->ex_flags & EXFLAG_PROXY)
517 {
518 if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen)
519 {
520 ctx->error =
521 X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
522 ctx->error_depth = i;
523 ctx->current_cert = x;
524 ok=cb(0,ctx);
525 if (!ok) goto end;
526 }
527 proxy_path_length++;
528 must_be_ca = 0;
529 }
530 else
531 must_be_ca = 1;
532 }
533 ok = 1;
534 end:
535 return ok;
536#endif
537}
538
539static int check_trust(X509_STORE_CTX *ctx)
540{
541#ifdef OPENSSL_NO_CHAIN_VERIFY
542 return 1;
543#else
544 int i, ok;
545 X509 *x;
546 int (*cb)(int xok,X509_STORE_CTX *xctx);
547 cb=ctx->verify_cb;
548/* For now just check the last certificate in the chain */
549 i = sk_X509_num(ctx->chain) - 1;
550 x = sk_X509_value(ctx->chain, i);
551 ok = X509_check_trust(x, ctx->param->trust, 0);
552 if (ok == X509_TRUST_TRUSTED)
553 return 1;
554 ctx->error_depth = i;
555 ctx->current_cert = x;
556 if (ok == X509_TRUST_REJECTED)
557 ctx->error = X509_V_ERR_CERT_REJECTED;
558 else
559 ctx->error = X509_V_ERR_CERT_UNTRUSTED;
560 ok = cb(0, ctx);
561 return ok;
562#endif
563}
564
565static int check_revocation(X509_STORE_CTX *ctx)
566 {
567 int i, last, ok;
568 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
569 return 1;
570 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
571 last = sk_X509_num(ctx->chain) - 1;
572 else
573 last = 0;
574 for(i = 0; i <= last; i++)
575 {
576 ctx->error_depth = i;
577 ok = check_cert(ctx);
578 if (!ok) return ok;
579 }
580 return 1;
581 }
582
583static int check_cert(X509_STORE_CTX *ctx)
584 {
585 X509_CRL *crl = NULL;
586 X509 *x;
587 int ok, cnum;
588 cnum = ctx->error_depth;
589 x = sk_X509_value(ctx->chain, cnum);
590 ctx->current_cert = x;
591 /* Try to retrieve relevant CRL */
592 ok = ctx->get_crl(ctx, &crl, x);
593 /* If error looking up CRL, nothing we can do except
594 * notify callback
595 */
596 if(!ok)
597 {
598 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
599 ok = ctx->verify_cb(0, ctx);
600 goto err;
601 }
602 ctx->current_crl = crl;
603 ok = ctx->check_crl(ctx, crl);
604 if (!ok) goto err;
605 ok = ctx->cert_crl(ctx, crl, x);
606 err:
607 ctx->current_crl = NULL;
608 X509_CRL_free(crl);
609 return ok;
610
611 }
612
613/* Check CRL times against values in X509_STORE_CTX */
614
615static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
616 {
617 time_t *ptime;
618 int i;
619 ctx->current_crl = crl;
620 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
621 ptime = &ctx->param->check_time;
622 else
623 ptime = NULL;
624
625 i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
626 if (i == 0)
627 {
628 ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
629 if (!notify || !ctx->verify_cb(0, ctx))
630 return 0;
631 }
632
633 if (i > 0)
634 {
635 ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
636 if (!notify || !ctx->verify_cb(0, ctx))
637 return 0;
638 }
639
640 if(X509_CRL_get_nextUpdate(crl))
641 {
642 i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
643
644 if (i == 0)
645 {
646 ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
647 if (!notify || !ctx->verify_cb(0, ctx))
648 return 0;
649 }
650
651 if (i < 0)
652 {
653 ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
654 if (!notify || !ctx->verify_cb(0, ctx))
655 return 0;
656 }
657 }
658
659 ctx->current_crl = NULL;
660
661 return 1;
662 }
663
664/* Lookup CRLs from the supplied list. Look for matching isser name
665 * and validity. If we can't find a valid CRL return the last one
666 * with matching name. This gives more meaningful error codes. Otherwise
667 * we'd get a CRL not found error if a CRL existed with matching name but
668 * was invalid.
669 */
670
671static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl,
672 X509_NAME *nm, STACK_OF(X509_CRL) *crls)
673 {
674 int i;
675 X509_CRL *crl, *best_crl = NULL;
676 for (i = 0; i < sk_X509_CRL_num(crls); i++)
677 {
678 crl = sk_X509_CRL_value(crls, i);
679 if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
680 continue;
681 if (check_crl_time(ctx, crl, 0))
682 {
683 *pcrl = crl;
684 CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509);
685 return 1;
686 }
687 best_crl = crl;
688 }
689 if (best_crl)
690 {
691 *pcrl = best_crl;
692 CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509);
693 }
694
695 return 0;
696 }
697
698/* Retrieve CRL corresponding to certificate: currently just a
699 * subject lookup: maybe use AKID later...
700 */
701static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x)
702 {
703 int ok;
704 X509_CRL *crl = NULL;
705 X509_OBJECT xobj;
706 X509_NAME *nm;
707 nm = X509_get_issuer_name(x);
708 ok = get_crl_sk(ctx, &crl, nm, ctx->crls);
709 if (ok)
710 {
711 *pcrl = crl;
712 return 1;
713 }
714
715 ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj);
716
717 if (!ok)
718 {
719 /* If we got a near match from get_crl_sk use that */
720 if (crl)
721 {
722 *pcrl = crl;
723 return 1;
724 }
725 return 0;
726 }
727
728 *pcrl = xobj.data.crl;
729 if (crl)
730 X509_CRL_free(crl);
731 return 1;
732 }
733
734/* Check CRL validity */
735static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
736 {
737 X509 *issuer = NULL;
738 EVP_PKEY *ikey = NULL;
739 int ok = 0, chnum, cnum;
740 cnum = ctx->error_depth;
741 chnum = sk_X509_num(ctx->chain) - 1;
742 /* Find CRL issuer: if not last certificate then issuer
743 * is next certificate in chain.
744 */
745 if(cnum < chnum)
746 issuer = sk_X509_value(ctx->chain, cnum + 1);
747 else
748 {
749 issuer = sk_X509_value(ctx->chain, chnum);
750 /* If not self signed, can't check signature */
751 if(!ctx->check_issued(ctx, issuer, issuer))
752 {
753 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
754 ok = ctx->verify_cb(0, ctx);
755 if(!ok) goto err;
756 }
757 }
758
759 if(issuer)
760 {
761 /* Check for cRLSign bit if keyUsage present */
762 if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
763 !(issuer->ex_kusage & KU_CRL_SIGN))
764 {
765 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
766 ok = ctx->verify_cb(0, ctx);
767 if(!ok) goto err;
768 }
769
770 /* Attempt to get issuer certificate public key */
771 ikey = X509_get_pubkey(issuer);
772
773 if(!ikey)
774 {
775 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
776 ok = ctx->verify_cb(0, ctx);
777 if (!ok) goto err;
778 }
779 else
780 {
781 /* Verify CRL signature */
782 if(X509_CRL_verify(crl, ikey) <= 0)
783 {
784 ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
785 ok = ctx->verify_cb(0, ctx);
786 if (!ok) goto err;
787 }
788 }
789 }
790
791 ok = check_crl_time(ctx, crl, 1);
792 if (!ok)
793 goto err;
794
795 ok = 1;
796
797 err:
798 EVP_PKEY_free(ikey);
799 return ok;
800 }
801
802/* Check certificate against CRL */
803static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
804 {
805 int idx, ok;
806 X509_REVOKED rtmp;
807 STACK_OF(X509_EXTENSION) *exts;
808 X509_EXTENSION *ext;
809 /* Look for serial number of certificate in CRL */
810 rtmp.serialNumber = X509_get_serialNumber(x);
811 /* Sort revoked into serial number order if not already sorted.
812 * Do this under a lock to avoid race condition.
813 */
814 if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
815 {
816 CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
817 sk_X509_REVOKED_sort(crl->crl->revoked);
818 CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
819 }
820 idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
821 /* If found assume revoked: want something cleverer than
822 * this to handle entry extensions in V2 CRLs.
823 */
824 if(idx >= 0)
825 {
826 ctx->error = X509_V_ERR_CERT_REVOKED;
827 ok = ctx->verify_cb(0, ctx);
828 if (!ok) return 0;
829 }
830
831 if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
832 return 1;
833
834 /* See if we have any critical CRL extensions: since we
835 * currently don't handle any CRL extensions the CRL must be
836 * rejected.
837 * This code accesses the X509_CRL structure directly: applications
838 * shouldn't do this.
839 */
840
841 exts = crl->crl->extensions;
842
843 for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
844 {
845 ext = sk_X509_EXTENSION_value(exts, idx);
846 if (ext->critical > 0)
847 {
848 ctx->error =
849 X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
850 ok = ctx->verify_cb(0, ctx);
851 if(!ok) return 0;
852 break;
853 }
854 }
855 return 1;
856 }
857
858static int check_policy(X509_STORE_CTX *ctx)
859 {
860 int ret;
861 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
862 ctx->param->policies, ctx->param->flags);
863 if (ret == 0)
864 {
865 X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE);
866 return 0;
867 }
868 /* Invalid or inconsistent extensions */
869 if (ret == -1)
870 {
871 /* Locate certificates with bad extensions and notify
872 * callback.
873 */
874 X509 *x;
875 int i;
876 for (i = 1; i < sk_X509_num(ctx->chain); i++)
877 {
878 x = sk_X509_value(ctx->chain, i);
879 if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
880 continue;
881 ctx->current_cert = x;
882 ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
883 ret = ctx->verify_cb(0, ctx);
884 }
885 return 1;
886 }
887 if (ret == -2)
888 {
889 ctx->current_cert = NULL;
890 ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
891 return ctx->verify_cb(0, ctx);
892 }
893
894 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY)
895 {
896 ctx->current_cert = NULL;
897 ctx->error = X509_V_OK;
898 if (!ctx->verify_cb(2, ctx))
899 return 0;
900 }
901
902 return 1;
903 }
904
905static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
906 {
907 time_t *ptime;
908 int i;
909
910 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
911 ptime = &ctx->param->check_time;
912 else
913 ptime = NULL;
914
915 i=X509_cmp_time(X509_get_notBefore(x), ptime);
916 if (i == 0)
917 {
918 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
919 ctx->current_cert=x;
920 if (!ctx->verify_cb(0, ctx))
921 return 0;
922 }
923
924 if (i > 0)
925 {
926 ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
927 ctx->current_cert=x;
928 if (!ctx->verify_cb(0, ctx))
929 return 0;
930 }
931
932 i=X509_cmp_time(X509_get_notAfter(x), ptime);
933 if (i == 0)
934 {
935 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
936 ctx->current_cert=x;
937 if (!ctx->verify_cb(0, ctx))
938 return 0;
939 }
940
941 if (i < 0)
942 {
943 ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
944 ctx->current_cert=x;
945 if (!ctx->verify_cb(0, ctx))
946 return 0;
947 }
948
949 return 1;
950 }
951
952static int internal_verify(X509_STORE_CTX *ctx)
953 {
954 int ok=0,n;
955 X509 *xs,*xi;
956 EVP_PKEY *pkey=NULL;
957 int (*cb)(int xok,X509_STORE_CTX *xctx);
958
959 cb=ctx->verify_cb;
960
961 n=sk_X509_num(ctx->chain);
962 ctx->error_depth=n-1;
963 n--;
964 xi=sk_X509_value(ctx->chain,n);
965
966 if (ctx->check_issued(ctx, xi, xi))
967 xs=xi;
968 else
969 {
970 if (n <= 0)
971 {
972 ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
973 ctx->current_cert=xi;
974 ok=cb(0,ctx);
975 goto end;
976 }
977 else
978 {
979 n--;
980 ctx->error_depth=n;
981 xs=sk_X509_value(ctx->chain,n);
982 }
983 }
984
985/* ctx->error=0; not needed */
986 while (n >= 0)
987 {
988 ctx->error_depth=n;
989 if (!xs->valid)
990 {
991 if ((pkey=X509_get_pubkey(xi)) == NULL)
992 {
993 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
994 ctx->current_cert=xi;
995 ok=(*cb)(0,ctx);
996 if (!ok) goto end;
997 }
998 else if (X509_verify(xs,pkey) <= 0)
999 /* XXX For the final trusted self-signed cert,
1000 * this is a waste of time. That check should
1001 * optional so that e.g. 'openssl x509' can be
1002 * used to detect invalid self-signatures, but
1003 * we don't verify again and again in SSL
1004 * handshakes and the like once the cert has
1005 * been declared trusted. */
1006 {
1007 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
1008 ctx->current_cert=xs;
1009 ok=(*cb)(0,ctx);
1010 if (!ok)
1011 {
1012 EVP_PKEY_free(pkey);
1013 goto end;
1014 }
1015 }
1016 EVP_PKEY_free(pkey);
1017 pkey=NULL;
1018 }
1019
1020 xs->valid = 1;
1021
1022 ok = check_cert_time(ctx, xs);
1023 if (!ok)
1024 goto end;
1025
1026 /* The last error (if any) is still in the error value */
1027 ctx->current_issuer=xi;
1028 ctx->current_cert=xs;
1029 ok=(*cb)(1,ctx);
1030 if (!ok) goto end;
1031
1032 n--;
1033 if (n >= 0)
1034 {
1035 xi=xs;
1036 xs=sk_X509_value(ctx->chain,n);
1037 }
1038 }
1039 ok=1;
1040end:
1041 return ok;
1042 }
1043
1044int X509_cmp_current_time(ASN1_TIME *ctm)
1045{
1046 return X509_cmp_time(ctm, NULL);
1047}
1048
1049int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
1050 {
1051 char *str;
1052 ASN1_TIME atm;
1053 long offset;
1054 char buff1[24],buff2[24],*p;
1055 int i,j;
1056
1057 p=buff1;
1058 i=ctm->length;
1059 str=(char *)ctm->data;
1060 if (ctm->type == V_ASN1_UTCTIME)
1061 {
1062 if ((i < 11) || (i > 17)) return 0;
1063 memcpy(p,str,10);
1064 p+=10;
1065 str+=10;
1066 }
1067 else
1068 {
1069 if (i < 13) return 0;
1070 memcpy(p,str,12);
1071 p+=12;
1072 str+=12;
1073 }
1074
1075 if ((*str == 'Z') || (*str == '-') || (*str == '+'))
1076 { *(p++)='0'; *(p++)='0'; }
1077 else
1078 {
1079 *(p++)= *(str++);
1080 *(p++)= *(str++);
1081 /* Skip any fractional seconds... */
1082 if (*str == '.')
1083 {
1084 str++;
1085 while ((*str >= '0') && (*str <= '9')) str++;
1086 }
1087
1088 }
1089 *(p++)='Z';
1090 *(p++)='\0';
1091
1092 if (*str == 'Z')
1093 offset=0;
1094 else
1095 {
1096 if ((*str != '+') && (*str != '-'))
1097 return 0;
1098 offset=((str[1]-'0')*10+(str[2]-'0'))*60;
1099 offset+=(str[3]-'0')*10+(str[4]-'0');
1100 if (*str == '-')
1101 offset= -offset;
1102 }
1103 atm.type=ctm->type;
1104 atm.length=sizeof(buff2);
1105 atm.data=(unsigned char *)buff2;
1106
1107 if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL)
1108 return 0;
1109
1110 if (ctm->type == V_ASN1_UTCTIME)
1111 {
1112 i=(buff1[0]-'0')*10+(buff1[1]-'0');
1113 if (i < 50) i+=100; /* cf. RFC 2459 */
1114 j=(buff2[0]-'0')*10+(buff2[1]-'0');
1115 if (j < 50) j+=100;
1116
1117 if (i < j) return -1;
1118 if (i > j) return 1;
1119 }
1120 i=strcmp(buff1,buff2);
1121 if (i == 0) /* wait a second then return younger :-) */
1122 return -1;
1123 else
1124 return i;
1125 }
1126
1127ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
1128{
1129 return X509_time_adj(s, adj, NULL);
1130}
1131
1132ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
1133 {
1134 time_t t;
1135 int type = -1;
1136
1137 if (in_tm) t = *in_tm;
1138 else time(&t);
1139
1140 t+=adj;
1141 if (s) type = s->type;
1142 if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
1143 if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
1144 return ASN1_TIME_set(s, t);
1145 }
1146
1147int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
1148 {
1149 EVP_PKEY *ktmp=NULL,*ktmp2;
1150 int i,j;
1151
1152 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
1153
1154 for (i=0; i<sk_X509_num(chain); i++)
1155 {
1156 ktmp=X509_get_pubkey(sk_X509_value(chain,i));
1157 if (ktmp == NULL)
1158 {
1159 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
1160 return 0;
1161 }
1162 if (!EVP_PKEY_missing_parameters(ktmp))
1163 break;
1164 else
1165 {
1166 EVP_PKEY_free(ktmp);
1167 ktmp=NULL;
1168 }
1169 }
1170 if (ktmp == NULL)
1171 {
1172 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
1173 return 0;
1174 }
1175
1176 /* first, populate the other certs */
1177 for (j=i-1; j >= 0; j--)
1178 {
1179 ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
1180 EVP_PKEY_copy_parameters(ktmp2,ktmp);
1181 EVP_PKEY_free(ktmp2);
1182 }
1183
1184 if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
1185 EVP_PKEY_free(ktmp);
1186 return 1;
1187 }
1188
1189int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1190 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
1191 {
1192 /* This function is (usually) called only once, by
1193 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
1194 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
1195 new_func, dup_func, free_func);
1196 }
1197
1198int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
1199 {
1200 return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
1201 }
1202
1203void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
1204 {
1205 return CRYPTO_get_ex_data(&ctx->ex_data,idx);
1206 }
1207
1208int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
1209 {
1210 return ctx->error;
1211 }
1212
1213void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
1214 {
1215 ctx->error=err;
1216 }
1217
1218int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
1219 {
1220 return ctx->error_depth;
1221 }
1222
1223X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
1224 {
1225 return ctx->current_cert;
1226 }
1227
1228STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
1229 {
1230 return ctx->chain;
1231 }
1232
1233STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
1234 {
1235 int i;
1236 X509 *x;
1237 STACK_OF(X509) *chain;
1238 if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
1239 for (i = 0; i < sk_X509_num(chain); i++)
1240 {
1241 x = sk_X509_value(chain, i);
1242 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1243 }
1244 return chain;
1245 }
1246
1247void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
1248 {
1249 ctx->cert=x;
1250 }
1251
1252void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
1253 {
1254 ctx->untrusted=sk;
1255 }
1256
1257void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
1258 {
1259 ctx->crls=sk;
1260 }
1261
1262int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
1263 {
1264 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
1265 }
1266
1267int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
1268 {
1269 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
1270 }
1271
1272/* This function is used to set the X509_STORE_CTX purpose and trust
1273 * values. This is intended to be used when another structure has its
1274 * own trust and purpose values which (if set) will be inherited by
1275 * the ctx. If they aren't set then we will usually have a default
1276 * purpose in mind which should then be used to set the trust value.
1277 * An example of this is SSL use: an SSL structure will have its own
1278 * purpose and trust settings which the application can set: if they
1279 * aren't set then we use the default of SSL client/server.
1280 */
1281
1282int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
1283 int purpose, int trust)
1284{
1285 int idx;
1286 /* If purpose not set use default */
1287 if (!purpose) purpose = def_purpose;
1288 /* If we have a purpose then check it is valid */
1289 if (purpose)
1290 {
1291 X509_PURPOSE *ptmp;
1292 idx = X509_PURPOSE_get_by_id(purpose);
1293 if (idx == -1)
1294 {
1295 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
1296 X509_R_UNKNOWN_PURPOSE_ID);
1297 return 0;
1298 }
1299 ptmp = X509_PURPOSE_get0(idx);
1300 if (ptmp->trust == X509_TRUST_DEFAULT)
1301 {
1302 idx = X509_PURPOSE_get_by_id(def_purpose);
1303 if (idx == -1)
1304 {
1305 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
1306 X509_R_UNKNOWN_PURPOSE_ID);
1307 return 0;
1308 }
1309 ptmp = X509_PURPOSE_get0(idx);
1310 }
1311 /* If trust not set then get from purpose default */
1312 if (!trust) trust = ptmp->trust;
1313 }
1314 if (trust)
1315 {
1316 idx = X509_TRUST_get_by_id(trust);
1317 if (idx == -1)
1318 {
1319 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
1320 X509_R_UNKNOWN_TRUST_ID);
1321 return 0;
1322 }
1323 }
1324
1325 if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose;
1326 if (trust && !ctx->param->trust) ctx->param->trust = trust;
1327 return 1;
1328}
1329
1330X509_STORE_CTX *X509_STORE_CTX_new(void)
1331{
1332 X509_STORE_CTX *ctx;
1333 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
1334 if (!ctx)
1335 {
1336 X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
1337 return NULL;
1338 }
1339 memset(ctx, 0, sizeof(X509_STORE_CTX));
1340 return ctx;
1341}
1342
1343void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
1344{
1345 X509_STORE_CTX_cleanup(ctx);
1346 OPENSSL_free(ctx);
1347}
1348
1349int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
1350 STACK_OF(X509) *chain)
1351 {
1352 int ret = 1;
1353 ctx->ctx=store;
1354 ctx->current_method=0;
1355 ctx->cert=x509;
1356 ctx->untrusted=chain;
1357 ctx->crls = NULL;
1358 ctx->last_untrusted=0;
1359 ctx->other_ctx=NULL;
1360 ctx->valid=0;
1361 ctx->chain=NULL;
1362 ctx->error=0;
1363 ctx->explicit_policy=0;
1364 ctx->error_depth=0;
1365 ctx->current_cert=NULL;
1366 ctx->current_issuer=NULL;
1367 ctx->tree = NULL;
1368
1369 ctx->param = X509_VERIFY_PARAM_new();
1370
1371 if (!ctx->param)
1372 {
1373 X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
1374 return 0;
1375 }
1376
1377 /* Inherit callbacks and flags from X509_STORE if not set
1378 * use defaults.
1379 */
1380
1381
1382 if (store)
1383 ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
1384 else
1385 ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
1386
1387 if (store)
1388 {
1389 ctx->verify_cb = store->verify_cb;
1390 ctx->cleanup = store->cleanup;
1391 }
1392 else
1393 ctx->cleanup = 0;
1394
1395 if (ret)
1396 ret = X509_VERIFY_PARAM_inherit(ctx->param,
1397 X509_VERIFY_PARAM_lookup("default"));
1398
1399 if (ret == 0)
1400 {
1401 X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
1402 return 0;
1403 }
1404
1405 if (store && store->check_issued)
1406 ctx->check_issued = store->check_issued;
1407 else
1408 ctx->check_issued = check_issued;
1409
1410 if (store && store->get_issuer)
1411 ctx->get_issuer = store->get_issuer;
1412 else
1413 ctx->get_issuer = X509_STORE_CTX_get1_issuer;
1414
1415 if (store && store->verify_cb)
1416 ctx->verify_cb = store->verify_cb;
1417 else
1418 ctx->verify_cb = null_callback;
1419
1420 if (store && store->verify)
1421 ctx->verify = store->verify;
1422 else
1423 ctx->verify = internal_verify;
1424
1425 if (store && store->check_revocation)
1426 ctx->check_revocation = store->check_revocation;
1427 else
1428 ctx->check_revocation = check_revocation;
1429
1430 if (store && store->get_crl)
1431 ctx->get_crl = store->get_crl;
1432 else
1433 ctx->get_crl = get_crl;
1434
1435 if (store && store->check_crl)
1436 ctx->check_crl = store->check_crl;
1437 else
1438 ctx->check_crl = check_crl;
1439
1440 if (store && store->cert_crl)
1441 ctx->cert_crl = store->cert_crl;
1442 else
1443 ctx->cert_crl = cert_crl;
1444
1445 ctx->check_policy = check_policy;
1446
1447
1448 /* This memset() can't make any sense anyway, so it's removed. As
1449 * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
1450 * corresponding "new" here and remove this bogus initialisation. */
1451 /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
1452 if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
1453 &(ctx->ex_data)))
1454 {
1455 OPENSSL_free(ctx);
1456 X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
1457 return 0;
1458 }
1459 return 1;
1460 }
1461
1462/* Set alternative lookup method: just a STACK of trusted certificates.
1463 * This avoids X509_STORE nastiness where it isn't needed.
1464 */
1465
1466void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
1467{
1468 ctx->other_ctx = sk;
1469 ctx->get_issuer = get_issuer_sk;
1470}
1471
1472void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
1473 {
1474 if (ctx->cleanup) ctx->cleanup(ctx);
1475 if (ctx->param != NULL)
1476 {
1477 X509_VERIFY_PARAM_free(ctx->param);
1478 ctx->param=NULL;
1479 }
1480 if (ctx->tree != NULL)
1481 {
1482 X509_policy_tree_free(ctx->tree);
1483 ctx->tree=NULL;
1484 }
1485 if (ctx->chain != NULL)
1486 {
1487 sk_X509_pop_free(ctx->chain,X509_free);
1488 ctx->chain=NULL;
1489 }
1490 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
1491 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
1492 }
1493
1494void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
1495 {
1496 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
1497 }
1498
1499void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
1500 {
1501 X509_VERIFY_PARAM_set_flags(ctx->param, flags);
1502 }
1503
1504void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t)
1505 {
1506 X509_VERIFY_PARAM_set_time(ctx->param, t);
1507 }
1508
1509void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
1510 int (*verify_cb)(int, X509_STORE_CTX *))
1511 {
1512 ctx->verify_cb=verify_cb;
1513 }
1514
1515X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
1516 {
1517 return ctx->tree;
1518 }
1519
1520int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
1521 {
1522 return ctx->explicit_policy;
1523 }
1524
1525int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
1526 {
1527 const X509_VERIFY_PARAM *param;
1528 param = X509_VERIFY_PARAM_lookup(name);
1529 if (!param)
1530 return 0;
1531 return X509_VERIFY_PARAM_inherit(ctx->param, param);
1532 }
1533
1534X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
1535 {
1536 return ctx->param;
1537 }
1538
1539void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
1540 {
1541 if (ctx->param)
1542 X509_VERIFY_PARAM_free(ctx->param);
1543 ctx->param = param;
1544 }
1545
1546IMPLEMENT_STACK_OF(X509)
1547IMPLEMENT_ASN1_SET_OF(X509)
1548
1549IMPLEMENT_STACK_OF(X509_NAME)
1550
1551IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
1552IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
deleted file mode 100644
index 76c76e1719..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ /dev/null
@@ -1,531 +0,0 @@
1/* crypto/x509/x509_vfy.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_H
60#include <openssl/x509.h>
61/* openssl/x509.h ends up #include-ing this file at about the only
62 * appropriate moment. */
63#endif
64
65#ifndef HEADER_X509_VFY_H
66#define HEADER_X509_VFY_H
67
68#include <openssl/opensslconf.h>
69#ifndef OPENSSL_NO_LHASH
70#include <openssl/lhash.h>
71#endif
72#include <openssl/bio.h>
73#include <openssl/crypto.h>
74#include <openssl/symhacks.h>
75
76#ifdef __cplusplus
77extern "C" {
78#endif
79
80/* Outer object */
81typedef struct x509_hash_dir_st
82 {
83 int num_dirs;
84 char **dirs;
85 int *dirs_type;
86 int num_dirs_alloced;
87 } X509_HASH_DIR_CTX;
88
89typedef struct x509_file_st
90 {
91 int num_paths; /* number of paths to files or directories */
92 int num_alloced;
93 char **paths; /* the list of paths or directories */
94 int *path_type;
95 } X509_CERT_FILE_CTX;
96
97/*******************************/
98/*
99SSL_CTX -> X509_STORE
100 -> X509_LOOKUP
101 ->X509_LOOKUP_METHOD
102 -> X509_LOOKUP
103 ->X509_LOOKUP_METHOD
104
105SSL -> X509_STORE_CTX
106 ->X509_STORE
107
108The X509_STORE holds the tables etc for verification stuff.
109A X509_STORE_CTX is used while validating a single certificate.
110The X509_STORE has X509_LOOKUPs for looking up certs.
111The X509_STORE then calls a function to actually verify the
112certificate chain.
113*/
114
115#define X509_LU_RETRY -1
116#define X509_LU_FAIL 0
117#define X509_LU_X509 1
118#define X509_LU_CRL 2
119#define X509_LU_PKEY 3
120
121typedef struct x509_object_st
122 {
123 /* one of the above types */
124 int type;
125 union {
126 char *ptr;
127 X509 *x509;
128 X509_CRL *crl;
129 EVP_PKEY *pkey;
130 } data;
131 } X509_OBJECT;
132
133typedef struct x509_lookup_st X509_LOOKUP;
134
135DECLARE_STACK_OF(X509_LOOKUP)
136DECLARE_STACK_OF(X509_OBJECT)
137
138/* This is a static that defines the function interface */
139typedef struct x509_lookup_method_st
140 {
141 const char *name;
142 int (*new_item)(X509_LOOKUP *ctx);
143 void (*free)(X509_LOOKUP *ctx);
144 int (*init)(X509_LOOKUP *ctx);
145 int (*shutdown)(X509_LOOKUP *ctx);
146 int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
147 char **ret);
148 int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
149 X509_OBJECT *ret);
150 int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
151 ASN1_INTEGER *serial,X509_OBJECT *ret);
152 int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
153 unsigned char *bytes,int len,
154 X509_OBJECT *ret);
155 int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
156 X509_OBJECT *ret);
157 } X509_LOOKUP_METHOD;
158
159/* This structure hold all parameters associated with a verify operation
160 * by including an X509_VERIFY_PARAM structure in related structures the
161 * parameters used can be customized
162 */
163
164typedef struct X509_VERIFY_PARAM_st
165 {
166 char *name;
167 time_t check_time; /* Time to use */
168 unsigned long inh_flags; /* Inheritance flags */
169 unsigned long flags; /* Various verify flags */
170 int purpose; /* purpose to check untrusted certificates */
171 int trust; /* trust setting to check */
172 int depth; /* Verify depth */
173 STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
174 } X509_VERIFY_PARAM;
175
176DECLARE_STACK_OF(X509_VERIFY_PARAM)
177
178/* This is used to hold everything. It is used for all certificate
179 * validation. Once we have a certificate chain, the 'verify'
180 * function is then called to actually check the cert chain. */
181struct x509_store_st
182 {
183 /* The following is a cache of trusted certs */
184 int cache; /* if true, stash any hits */
185 STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
186
187 /* These are external lookup methods */
188 STACK_OF(X509_LOOKUP) *get_cert_methods;
189
190 X509_VERIFY_PARAM *param;
191
192 /* Callbacks for various operations */
193 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
194 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
195 int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
196 int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
197 int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
198 int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
199 int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
200 int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
201 int (*cleanup)(X509_STORE_CTX *ctx);
202
203 CRYPTO_EX_DATA ex_data;
204 int references;
205 } /* X509_STORE */;
206
207int X509_STORE_set_depth(X509_STORE *store, int depth);
208
209#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
210#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
211
212/* This is the functions plus an instance of the local variables. */
213struct x509_lookup_st
214 {
215 int init; /* have we been started */
216 int skip; /* don't use us. */
217 X509_LOOKUP_METHOD *method; /* the functions */
218 char *method_data; /* method data */
219
220 X509_STORE *store_ctx; /* who owns us */
221 } /* X509_LOOKUP */;
222
223/* This is a used when verifying cert chains. Since the
224 * gathering of the cert chain can take some time (and have to be
225 * 'retried', this needs to be kept and passed around. */
226struct x509_store_ctx_st /* X509_STORE_CTX */
227 {
228 X509_STORE *ctx;
229 int current_method; /* used when looking up certs */
230
231 /* The following are set by the caller */
232 X509 *cert; /* The cert to check */
233 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
234 STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */
235
236 X509_VERIFY_PARAM *param;
237 void *other_ctx; /* Other info for use with get_issuer() */
238
239 /* Callbacks for various operations */
240 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
241 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
242 int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
243 int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
244 int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
245 int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
246 int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
247 int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
248 int (*check_policy)(X509_STORE_CTX *ctx);
249 int (*cleanup)(X509_STORE_CTX *ctx);
250
251 /* The following is built up */
252 int valid; /* if 0, rebuild chain */
253 int last_untrusted; /* index of last untrusted cert */
254 STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
255 X509_POLICY_TREE *tree; /* Valid policy tree */
256
257 int explicit_policy; /* Require explicit policy value */
258
259 /* When something goes wrong, this is why */
260 int error_depth;
261 int error;
262 X509 *current_cert;
263 X509 *current_issuer; /* cert currently being tested as valid issuer */
264 X509_CRL *current_crl; /* current CRL */
265
266 CRYPTO_EX_DATA ex_data;
267 } /* X509_STORE_CTX */;
268
269void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
270
271#define X509_STORE_CTX_set_app_data(ctx,data) \
272 X509_STORE_CTX_set_ex_data(ctx,0,data)
273#define X509_STORE_CTX_get_app_data(ctx) \
274 X509_STORE_CTX_get_ex_data(ctx,0)
275
276#define X509_L_FILE_LOAD 1
277#define X509_L_ADD_DIR 2
278
279#define X509_LOOKUP_load_file(x,name,type) \
280 X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
281
282#define X509_LOOKUP_add_dir(x,name,type) \
283 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
284
285#define X509_V_OK 0
286/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
287
288#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
289#define X509_V_ERR_UNABLE_TO_GET_CRL 3
290#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
291#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
292#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
293#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
294#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
295#define X509_V_ERR_CERT_NOT_YET_VALID 9
296#define X509_V_ERR_CERT_HAS_EXPIRED 10
297#define X509_V_ERR_CRL_NOT_YET_VALID 11
298#define X509_V_ERR_CRL_HAS_EXPIRED 12
299#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
300#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
301#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
302#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
303#define X509_V_ERR_OUT_OF_MEM 17
304#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
305#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
306#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
307#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
308#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
309#define X509_V_ERR_CERT_REVOKED 23
310#define X509_V_ERR_INVALID_CA 24
311#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
312#define X509_V_ERR_INVALID_PURPOSE 26
313#define X509_V_ERR_CERT_UNTRUSTED 27
314#define X509_V_ERR_CERT_REJECTED 28
315/* These are 'informational' when looking for issuer cert */
316#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
317#define X509_V_ERR_AKID_SKID_MISMATCH 30
318#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
319#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
320
321#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
322#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
323#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
324#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
325#define X509_V_ERR_INVALID_NON_CA 37
326#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
327#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
328#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
329
330#define X509_V_ERR_INVALID_EXTENSION 41
331#define X509_V_ERR_INVALID_POLICY_EXTENSION 42
332#define X509_V_ERR_NO_EXPLICIT_POLICY 43
333
334#define X509_V_ERR_UNNESTED_RESOURCE 44
335
336/* The application is not happy */
337#define X509_V_ERR_APPLICATION_VERIFICATION 50
338
339/* Certificate verify flags */
340
341/* Send issuer+subject checks to verify_cb */
342#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
343/* Use check time instead of current time */
344#define X509_V_FLAG_USE_CHECK_TIME 0x2
345/* Lookup CRLs */
346#define X509_V_FLAG_CRL_CHECK 0x4
347/* Lookup CRLs for whole chain */
348#define X509_V_FLAG_CRL_CHECK_ALL 0x8
349/* Ignore unhandled critical extensions */
350#define X509_V_FLAG_IGNORE_CRITICAL 0x10
351/* Disable workarounds for broken certificates */
352#define X509_V_FLAG_X509_STRICT 0x20
353/* Enable proxy certificate validation */
354#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40
355/* Enable policy checking */
356#define X509_V_FLAG_POLICY_CHECK 0x80
357/* Policy variable require-explicit-policy */
358#define X509_V_FLAG_EXPLICIT_POLICY 0x100
359/* Policy variable inhibit-any-policy */
360#define X509_V_FLAG_INHIBIT_ANY 0x200
361/* Policy variable inhibit-policy-mapping */
362#define X509_V_FLAG_INHIBIT_MAP 0x400
363/* Notify callback that policy is OK */
364#define X509_V_FLAG_NOTIFY_POLICY 0x800
365
366#define X509_VP_FLAG_DEFAULT 0x1
367#define X509_VP_FLAG_OVERWRITE 0x2
368#define X509_VP_FLAG_RESET_FLAGS 0x4
369#define X509_VP_FLAG_LOCKED 0x8
370#define X509_VP_FLAG_ONCE 0x10
371
372/* Internal use: mask of policy related options */
373#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
374 | X509_V_FLAG_EXPLICIT_POLICY \
375 | X509_V_FLAG_INHIBIT_ANY \
376 | X509_V_FLAG_INHIBIT_MAP)
377
378int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
379 X509_NAME *name);
380X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
381X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
382void X509_OBJECT_up_ref_count(X509_OBJECT *a);
383void X509_OBJECT_free_contents(X509_OBJECT *a);
384X509_STORE *X509_STORE_new(void );
385void X509_STORE_free(X509_STORE *v);
386
387int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
388int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
389int X509_STORE_set_trust(X509_STORE *ctx, int trust);
390int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
391
392X509_STORE_CTX *X509_STORE_CTX_new(void);
393
394int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
395
396void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
397int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
398 X509 *x509, STACK_OF(X509) *chain);
399void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
400void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
401
402X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
403
404X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
405X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
406
407int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
408int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
409
410int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
411 X509_OBJECT *ret);
412
413int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
414 long argl, char **ret);
415
416#ifndef OPENSSL_NO_STDIO
417int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
418int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
419int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
420#endif
421
422
423X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
424void X509_LOOKUP_free(X509_LOOKUP *ctx);
425int X509_LOOKUP_init(X509_LOOKUP *ctx);
426int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
427 X509_OBJECT *ret);
428int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
429 ASN1_INTEGER *serial, X509_OBJECT *ret);
430int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
431 unsigned char *bytes, int len, X509_OBJECT *ret);
432int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
433 int len, X509_OBJECT *ret);
434int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
435
436#ifndef OPENSSL_NO_STDIO
437int X509_STORE_load_locations (X509_STORE *ctx,
438 const char *file, const char *dir);
439int X509_STORE_set_default_paths(X509_STORE *ctx);
440#endif
441
442int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
443 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
444int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
445void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
446int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
447void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
448int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
449X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
450STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
451STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
452void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
453void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
454void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk);
455int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
456int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
457int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
458 int purpose, int trust);
459void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
460void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
461 time_t t);
462void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
463 int (*verify_cb)(int, X509_STORE_CTX *));
464
465X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
466int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
467
468X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
469void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
470int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
471
472/* X509_VERIFY_PARAM functions */
473
474X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
475void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
476int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
477 const X509_VERIFY_PARAM *from);
478int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
479 const X509_VERIFY_PARAM *from);
480int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
481int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
482int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
483 unsigned long flags);
484unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
485int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
486int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
487void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
488void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
489int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
490 ASN1_OBJECT *policy);
491int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
492 STACK_OF(ASN1_OBJECT) *policies);
493int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
494
495int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
496const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
497void X509_VERIFY_PARAM_table_cleanup(void);
498
499int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
500 STACK_OF(X509) *certs,
501 STACK_OF(ASN1_OBJECT) *policy_oids,
502 unsigned int flags);
503
504void X509_policy_tree_free(X509_POLICY_TREE *tree);
505
506int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
507X509_POLICY_LEVEL *
508 X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i);
509
510STACK_OF(X509_POLICY_NODE) *
511 X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);
512
513STACK_OF(X509_POLICY_NODE) *
514 X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);
515
516int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
517
518X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i);
519
520const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
521
522STACK_OF(POLICYQUALINFO) *
523 X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);
524const X509_POLICY_NODE *
525 X509_policy_node_get0_parent(const X509_POLICY_NODE *node);
526
527#ifdef __cplusplus
528}
529#endif
530#endif
531
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c
deleted file mode 100644
index 2b06718aec..0000000000
--- a/src/lib/libcrypto/x509/x509_vpm.c
+++ /dev/null
@@ -1,430 +0,0 @@
1/* x509_vpm.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004.
4 */
5/* ====================================================================
6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include "cryptlib.h"
62#include <openssl/crypto.h>
63#include <openssl/lhash.h>
64#include <openssl/buffer.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68/* X509_VERIFY_PARAM functions */
69
70static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
71 {
72 if (!param)
73 return;
74 param->name = NULL;
75 param->purpose = 0;
76 param->trust = 0;
77 param->inh_flags = 0;
78 param->flags = 0;
79 param->depth = -1;
80 if (param->policies)
81 {
82 sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
83 param->policies = NULL;
84 }
85 }
86
87X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
88 {
89 X509_VERIFY_PARAM *param;
90 param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
91 memset(param, 0, sizeof(X509_VERIFY_PARAM));
92 x509_verify_param_zero(param);
93 return param;
94 }
95
96void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
97 {
98 x509_verify_param_zero(param);
99 OPENSSL_free(param);
100 }
101
102/* This function determines how parameters are "inherited" from one structure
103 * to another. There are several different ways this can happen.
104 *
105 * 1. If a child structure needs to have its values initialized from a parent
106 * they are simply copied across. For example SSL_CTX copied to SSL.
107 * 2. If the structure should take on values only if they are currently unset.
108 * For example the values in an SSL structure will take appropriate value
109 * for SSL servers or clients but only if the application has not set new
110 * ones.
111 *
112 * The "inh_flags" field determines how this function behaves.
113 *
114 * Normally any values which are set in the default are not copied from the
115 * destination and verify flags are ORed together.
116 *
117 * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
118 * to the destination. Effectively the values in "to" become default values
119 * which will be used only if nothing new is set in "from".
120 *
121 * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
122 * they are set or not. Flags is still Ored though.
123 *
124 * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
125 * of ORed.
126 *
127 * If X509_VP_FLAG_LOCKED is set then no values are copied.
128 *
129 * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
130 * after the next call.
131 */
132
133/* Macro to test if a field should be copied from src to dest */
134
135#define test_x509_verify_param_copy(field, def) \
136 (to_overwrite || \
137 ((src->field != def) && (to_default || (dest->field == def))))
138
139/* Macro to test and copy a field if necessary */
140
141#define x509_verify_param_copy(field, def) \
142 if (test_x509_verify_param_copy(field, def)) \
143 dest->field = src->field
144
145
146int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
147 const X509_VERIFY_PARAM *src)
148 {
149 unsigned long inh_flags;
150 int to_default, to_overwrite;
151 if (!src)
152 return 1;
153 inh_flags = dest->inh_flags | src->inh_flags;
154
155 if (inh_flags & X509_VP_FLAG_ONCE)
156 dest->inh_flags = 0;
157
158 if (inh_flags & X509_VP_FLAG_LOCKED)
159 return 1;
160
161 if (inh_flags & X509_VP_FLAG_DEFAULT)
162 to_default = 1;
163 else
164 to_default = 0;
165
166 if (inh_flags & X509_VP_FLAG_OVERWRITE)
167 to_overwrite = 1;
168 else
169 to_overwrite = 0;
170
171 x509_verify_param_copy(purpose, 0);
172 x509_verify_param_copy(trust, 0);
173 x509_verify_param_copy(depth, -1);
174
175 /* If overwrite or check time not set, copy across */
176
177 if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME))
178 {
179 dest->check_time = src->check_time;
180 dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
181 /* Don't need to copy flag: that is done below */
182 }
183
184 if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
185 dest->flags = 0;
186
187 dest->flags |= src->flags;
188
189 if (test_x509_verify_param_copy(policies, NULL))
190 {
191 if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
192 return 0;
193 }
194
195 return 1;
196 }
197
198int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
199 const X509_VERIFY_PARAM *from)
200 {
201 to->inh_flags |= X509_VP_FLAG_DEFAULT;
202 return X509_VERIFY_PARAM_inherit(to, from);
203 }
204
205int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
206 {
207 if (param->name)
208 OPENSSL_free(param->name);
209 param->name = BUF_strdup(name);
210 if (param->name)
211 return 1;
212 return 0;
213 }
214
215int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
216 {
217 param->flags |= flags;
218 if (flags & X509_V_FLAG_POLICY_MASK)
219 param->flags |= X509_V_FLAG_POLICY_CHECK;
220 return 1;
221 }
222
223int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags)
224 {
225 param->flags &= ~flags;
226 return 1;
227 }
228
229unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
230 {
231 return param->flags;
232 }
233
234int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
235 {
236 return X509_PURPOSE_set(&param->purpose, purpose);
237 }
238
239int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
240 {
241 return X509_TRUST_set(&param->trust, trust);
242 }
243
244void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
245 {
246 param->depth = depth;
247 }
248
249void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
250 {
251 param->check_time = t;
252 param->flags |= X509_V_FLAG_USE_CHECK_TIME;
253 }
254
255int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy)
256 {
257 if (!param->policies)
258 {
259 param->policies = sk_ASN1_OBJECT_new_null();
260 if (!param->policies)
261 return 0;
262 }
263 if (!sk_ASN1_OBJECT_push(param->policies, policy))
264 return 0;
265 return 1;
266 }
267
268int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
269 STACK_OF(ASN1_OBJECT) *policies)
270 {
271 int i;
272 ASN1_OBJECT *oid, *doid;
273 if (!param)
274 return 0;
275 if (param->policies)
276 sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
277
278 if (!policies)
279 {
280 param->policies = NULL;
281 return 1;
282 }
283
284 param->policies = sk_ASN1_OBJECT_new_null();
285 if (!param->policies)
286 return 0;
287
288 for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++)
289 {
290 oid = sk_ASN1_OBJECT_value(policies, i);
291 doid = OBJ_dup(oid);
292 if (!doid)
293 return 0;
294 if (!sk_ASN1_OBJECT_push(param->policies, doid))
295 {
296 ASN1_OBJECT_free(doid);
297 return 0;
298 }
299 }
300 param->flags |= X509_V_FLAG_POLICY_CHECK;
301 return 1;
302 }
303
304int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
305 {
306 return param->depth;
307 }
308
309/* Default verify parameters: these are used for various
310 * applications and can be overridden by the user specified table.
311 * NB: the 'name' field *must* be in alphabetical order because it
312 * will be searched using OBJ_search.
313 */
314
315static const X509_VERIFY_PARAM default_table[] = {
316 {
317 "default", /* X509 default parameters */
318 0, /* Check time */
319 0, /* internal flags */
320 0, /* flags */
321 0, /* purpose */
322 0, /* trust */
323 100, /* depth */
324 NULL /* policies */
325 },
326 {
327 "pkcs7", /* S/MIME signing parameters */
328 0, /* Check time */
329 0, /* internal flags */
330 0, /* flags */
331 X509_PURPOSE_SMIME_SIGN, /* purpose */
332 X509_TRUST_EMAIL, /* trust */
333 -1, /* depth */
334 NULL /* policies */
335 },
336 {
337 "smime_sign", /* S/MIME signing parameters */
338 0, /* Check time */
339 0, /* internal flags */
340 0, /* flags */
341 X509_PURPOSE_SMIME_SIGN, /* purpose */
342 X509_TRUST_EMAIL, /* trust */
343 -1, /* depth */
344 NULL /* policies */
345 },
346 {
347 "ssl_client", /* SSL/TLS client parameters */
348 0, /* Check time */
349 0, /* internal flags */
350 0, /* flags */
351 X509_PURPOSE_SSL_CLIENT, /* purpose */
352 X509_TRUST_SSL_CLIENT, /* trust */
353 -1, /* depth */
354 NULL /* policies */
355 },
356 {
357 "ssl_server", /* SSL/TLS server parameters */
358 0, /* Check time */
359 0, /* internal flags */
360 0, /* flags */
361 X509_PURPOSE_SSL_SERVER, /* purpose */
362 X509_TRUST_SSL_SERVER, /* trust */
363 -1, /* depth */
364 NULL /* policies */
365 }};
366
367static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
368
369static int table_cmp(const void *pa, const void *pb)
370 {
371 const X509_VERIFY_PARAM *a = pa, *b = pb;
372 return strcmp(a->name, b->name);
373 }
374
375static int param_cmp(const X509_VERIFY_PARAM * const *a,
376 const X509_VERIFY_PARAM * const *b)
377 {
378 return strcmp((*a)->name, (*b)->name);
379 }
380
381int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
382 {
383 int idx;
384 X509_VERIFY_PARAM *ptmp;
385 if (!param_table)
386 {
387 param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
388 if (!param_table)
389 return 0;
390 }
391 else
392 {
393 idx = sk_X509_VERIFY_PARAM_find(param_table, param);
394 if (idx != -1)
395 {
396 ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
397 X509_VERIFY_PARAM_free(ptmp);
398 (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
399 }
400 }
401 if (!sk_X509_VERIFY_PARAM_push(param_table, param))
402 return 0;
403 return 1;
404 }
405
406const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
407 {
408 int idx;
409 X509_VERIFY_PARAM pm;
410 pm.name = (char *)name;
411 if (param_table)
412 {
413 idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
414 if (idx != -1)
415 return sk_X509_VERIFY_PARAM_value(param_table, idx);
416 }
417 return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm,
418 (char *)&default_table,
419 sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
420 sizeof(X509_VERIFY_PARAM),
421 table_cmp);
422 }
423
424void X509_VERIFY_PARAM_table_cleanup(void)
425 {
426 if (param_table)
427 sk_X509_VERIFY_PARAM_pop_free(param_table,
428 X509_VERIFY_PARAM_free);
429 param_table = NULL;
430 }
diff --git a/src/lib/libcrypto/x509/x509cset.c b/src/lib/libcrypto/x509/x509cset.c
deleted file mode 100644
index 7f4004b291..0000000000
--- a/src/lib/libcrypto/x509/x509cset.c
+++ /dev/null
@@ -1,170 +0,0 @@
1/* crypto/x509/x509cset.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_CRL_set_version(X509_CRL *x, long version)
67 {
68 if (x == NULL) return(0);
69 if (x->crl->version == NULL)
70 {
71 if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
72 return(0);
73 }
74 return(ASN1_INTEGER_set(x->crl->version,version));
75 }
76
77int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
78 {
79 if ((x == NULL) || (x->crl == NULL)) return(0);
80 return(X509_NAME_set(&x->crl->issuer,name));
81 }
82
83
84int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
85 {
86 ASN1_TIME *in;
87
88 if (x == NULL) return(0);
89 in=x->crl->lastUpdate;
90 if (in != tm)
91 {
92 in=M_ASN1_TIME_dup(tm);
93 if (in != NULL)
94 {
95 M_ASN1_TIME_free(x->crl->lastUpdate);
96 x->crl->lastUpdate=in;
97 }
98 }
99 return(in != NULL);
100 }
101
102int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
103 {
104 ASN1_TIME *in;
105
106 if (x == NULL) return(0);
107 in=x->crl->nextUpdate;
108 if (in != tm)
109 {
110 in=M_ASN1_TIME_dup(tm);
111 if (in != NULL)
112 {
113 M_ASN1_TIME_free(x->crl->nextUpdate);
114 x->crl->nextUpdate=in;
115 }
116 }
117 return(in != NULL);
118 }
119
120int X509_CRL_sort(X509_CRL *c)
121 {
122 int i;
123 X509_REVOKED *r;
124 /* sort the data so it will be written in serial
125 * number order */
126 sk_X509_REVOKED_sort(c->crl->revoked);
127 for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
128 {
129 r=sk_X509_REVOKED_value(c->crl->revoked,i);
130 r->sequence=i;
131 }
132 c->crl->enc.modified = 1;
133 return 1;
134 }
135
136int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
137 {
138 ASN1_TIME *in;
139
140 if (x == NULL) return(0);
141 in=x->revocationDate;
142 if (in != tm)
143 {
144 in=M_ASN1_TIME_dup(tm);
145 if (in != NULL)
146 {
147 M_ASN1_TIME_free(x->revocationDate);
148 x->revocationDate=in;
149 }
150 }
151 return(in != NULL);
152 }
153
154int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
155 {
156 ASN1_INTEGER *in;
157
158 if (x == NULL) return(0);
159 in=x->serialNumber;
160 if (in != serial)
161 {
162 in=M_ASN1_INTEGER_dup(serial);
163 if (in != NULL)
164 {
165 M_ASN1_INTEGER_free(x->serialNumber);
166 x->serialNumber=in;
167 }
168 }
169 return(in != NULL);
170 }
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
deleted file mode 100644
index 068abfe5f0..0000000000
--- a/src/lib/libcrypto/x509/x509name.c
+++ /dev/null
@@ -1,383 +0,0 @@
1/* crypto/x509/x509name.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
68 {
69 ASN1_OBJECT *obj;
70
71 obj=OBJ_nid2obj(nid);
72 if (obj == NULL) return(-1);
73 return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
74 }
75
76int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
77 int len)
78 {
79 int i;
80 ASN1_STRING *data;
81
82 i=X509_NAME_get_index_by_OBJ(name,obj,-1);
83 if (i < 0) return(-1);
84 data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
85 i=(data->length > (len-1))?(len-1):data->length;
86 if (buf == NULL) return(data->length);
87 memcpy(buf,data->data,i);
88 buf[i]='\0';
89 return(i);
90 }
91
92int X509_NAME_entry_count(X509_NAME *name)
93 {
94 if (name == NULL) return(0);
95 return(sk_X509_NAME_ENTRY_num(name->entries));
96 }
97
98int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
99 {
100 ASN1_OBJECT *obj;
101
102 obj=OBJ_nid2obj(nid);
103 if (obj == NULL) return(-2);
104 return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
105 }
106
107/* NOTE: you should be passsing -1, not 0 as lastpos */
108int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
109 int lastpos)
110 {
111 int n;
112 X509_NAME_ENTRY *ne;
113 STACK_OF(X509_NAME_ENTRY) *sk;
114
115 if (name == NULL) return(-1);
116 if (lastpos < 0)
117 lastpos= -1;
118 sk=name->entries;
119 n=sk_X509_NAME_ENTRY_num(sk);
120 for (lastpos++; lastpos < n; lastpos++)
121 {
122 ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
123 if (OBJ_cmp(ne->object,obj) == 0)
124 return(lastpos);
125 }
126 return(-1);
127 }
128
129X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
130 {
131 if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
132 || loc < 0)
133 return(NULL);
134 else
135 return(sk_X509_NAME_ENTRY_value(name->entries,loc));
136 }
137
138X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
139 {
140 X509_NAME_ENTRY *ret;
141 int i,n,set_prev,set_next;
142 STACK_OF(X509_NAME_ENTRY) *sk;
143
144 if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
145 || loc < 0)
146 return(NULL);
147 sk=name->entries;
148 ret=sk_X509_NAME_ENTRY_delete(sk,loc);
149 n=sk_X509_NAME_ENTRY_num(sk);
150 name->modified=1;
151 if (loc == n) return(ret);
152
153 /* else we need to fixup the set field */
154 if (loc != 0)
155 set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
156 else
157 set_prev=ret->set-1;
158 set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
159
160 /* set_prev is the previous set
161 * set is the current set
162 * set_next is the following
163 * prev 1 1 1 1 1 1 1 1
164 * set 1 1 2 2
165 * next 1 1 2 2 2 2 3 2
166 * so basically only if prev and next differ by 2, then
167 * re-number down by 1 */
168 if (set_prev+1 < set_next)
169 for (i=loc; i<n; i++)
170 sk_X509_NAME_ENTRY_value(sk,i)->set--;
171 return(ret);
172 }
173
174int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
175 unsigned char *bytes, int len, int loc, int set)
176{
177 X509_NAME_ENTRY *ne;
178 int ret;
179 ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
180 if(!ne) return 0;
181 ret = X509_NAME_add_entry(name, ne, loc, set);
182 X509_NAME_ENTRY_free(ne);
183 return ret;
184}
185
186int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
187 unsigned char *bytes, int len, int loc, int set)
188{
189 X509_NAME_ENTRY *ne;
190 int ret;
191 ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
192 if(!ne) return 0;
193 ret = X509_NAME_add_entry(name, ne, loc, set);
194 X509_NAME_ENTRY_free(ne);
195 return ret;
196}
197
198int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
199 const unsigned char *bytes, int len, int loc, int set)
200{
201 X509_NAME_ENTRY *ne;
202 int ret;
203 ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
204 if(!ne) return 0;
205 ret = X509_NAME_add_entry(name, ne, loc, set);
206 X509_NAME_ENTRY_free(ne);
207 return ret;
208}
209
210/* if set is -1, append to previous set, 0 'a new one', and 1,
211 * prepend to the guy we are about to stomp on. */
212int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
213 int set)
214 {
215 X509_NAME_ENTRY *new_name=NULL;
216 int n,i,inc;
217 STACK_OF(X509_NAME_ENTRY) *sk;
218
219 if (name == NULL) return(0);
220 sk=name->entries;
221 n=sk_X509_NAME_ENTRY_num(sk);
222 if (loc > n) loc=n;
223 else if (loc < 0) loc=n;
224
225 name->modified=1;
226
227 if (set == -1)
228 {
229 if (loc == 0)
230 {
231 set=0;
232 inc=1;
233 }
234 else
235 {
236 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
237 inc=0;
238 }
239 }
240 else /* if (set >= 0) */
241 {
242 if (loc >= n)
243 {
244 if (loc != 0)
245 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
246 else
247 set=0;
248 }
249 else
250 set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
251 inc=(set == 0)?1:0;
252 }
253
254 if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
255 goto err;
256 new_name->set=set;
257 if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
258 {
259 X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
260 goto err;
261 }
262 if (inc)
263 {
264 n=sk_X509_NAME_ENTRY_num(sk);
265 for (i=loc+1; i<n; i++)
266 sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
267 }
268 return(1);
269err:
270 if (new_name != NULL)
271 X509_NAME_ENTRY_free(new_name);
272 return(0);
273 }
274
275X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
276 const char *field, int type, const unsigned char *bytes, int len)
277 {
278 ASN1_OBJECT *obj;
279 X509_NAME_ENTRY *nentry;
280
281 obj=OBJ_txt2obj(field, 0);
282 if (obj == NULL)
283 {
284 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
285 X509_R_INVALID_FIELD_NAME);
286 ERR_add_error_data(2, "name=", field);
287 return(NULL);
288 }
289 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
290 ASN1_OBJECT_free(obj);
291 return nentry;
292 }
293
294X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
295 int type, unsigned char *bytes, int len)
296 {
297 ASN1_OBJECT *obj;
298 X509_NAME_ENTRY *nentry;
299
300 obj=OBJ_nid2obj(nid);
301 if (obj == NULL)
302 {
303 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
304 return(NULL);
305 }
306 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
307 ASN1_OBJECT_free(obj);
308 return nentry;
309 }
310
311X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
312 ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len)
313 {
314 X509_NAME_ENTRY *ret;
315
316 if ((ne == NULL) || (*ne == NULL))
317 {
318 if ((ret=X509_NAME_ENTRY_new()) == NULL)
319 return(NULL);
320 }
321 else
322 ret= *ne;
323
324 if (!X509_NAME_ENTRY_set_object(ret,obj))
325 goto err;
326 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
327 goto err;
328
329 if ((ne != NULL) && (*ne == NULL)) *ne=ret;
330 return(ret);
331err:
332 if ((ne == NULL) || (ret != *ne))
333 X509_NAME_ENTRY_free(ret);
334 return(NULL);
335 }
336
337int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
338 {
339 if ((ne == NULL) || (obj == NULL))
340 {
341 X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
342 return(0);
343 }
344 ASN1_OBJECT_free(ne->object);
345 ne->object=OBJ_dup(obj);
346 return((ne->object == NULL)?0:1);
347 }
348
349int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
350 const unsigned char *bytes, int len)
351 {
352 int i;
353
354 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
355 if((type > 0) && (type & MBSTRING_FLAG))
356 return ASN1_STRING_set_by_NID(&ne->value, bytes,
357 len, type,
358 OBJ_obj2nid(ne->object)) ? 1 : 0;
359 if (len < 0) len=strlen((char *)bytes);
360 i=ASN1_STRING_set(ne->value,bytes,len);
361 if (!i) return(0);
362 if (type != V_ASN1_UNDEF)
363 {
364 if (type == V_ASN1_APP_CHOOSE)
365 ne->value->type=ASN1_PRINTABLE_type(bytes,len);
366 else
367 ne->value->type=type;
368 }
369 return(1);
370 }
371
372ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
373 {
374 if (ne == NULL) return(NULL);
375 return(ne->object);
376 }
377
378ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
379 {
380 if (ne == NULL) return(NULL);
381 return(ne->value);
382 }
383
diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c
deleted file mode 100644
index d9f6b57372..0000000000
--- a/src/lib/libcrypto/x509/x509rset.c
+++ /dev/null
@@ -1,83 +0,0 @@
1/* crypto/x509/x509rset.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_REQ_set_version(X509_REQ *x, long version)
67 {
68 if (x == NULL) return(0);
69 return(ASN1_INTEGER_set(x->req_info->version,version));
70 }
71
72int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
73 {
74 if ((x == NULL) || (x->req_info == NULL)) return(0);
75 return(X509_NAME_set(&x->req_info->subject,name));
76 }
77
78int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
79 {
80 if ((x == NULL) || (x->req_info == NULL)) return(0);
81 return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
82 }
83
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
deleted file mode 100644
index 02a203d72c..0000000000
--- a/src/lib/libcrypto/x509/x509spki.c
+++ /dev/null
@@ -1,121 +0,0 @@
1/* x509spki.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509.h>
62
63int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
64{
65 if ((x == NULL) || (x->spkac == NULL)) return(0);
66 return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
67}
68
69EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
70{
71 if ((x == NULL) || (x->spkac == NULL))
72 return(NULL);
73 return(X509_PUBKEY_get(x->spkac->pubkey));
74}
75
76/* Load a Netscape SPKI from a base64 encoded string */
77
78NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
79{
80 unsigned char *spki_der;
81 const unsigned char *p;
82 int spki_len;
83 NETSCAPE_SPKI *spki;
84 if(len <= 0) len = strlen(str);
85 if (!(spki_der = OPENSSL_malloc(len + 1))) {
86 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89 spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
90 if(spki_len < 0) {
91 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
92 X509_R_BASE64_DECODE_ERROR);
93 OPENSSL_free(spki_der);
94 return NULL;
95 }
96 p = spki_der;
97 spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
98 OPENSSL_free(spki_der);
99 return spki;
100}
101
102/* Generate a base64 encoded string from an SPKI */
103
104char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
105{
106 unsigned char *der_spki, *p;
107 char *b64_str;
108 int der_len;
109 der_len = i2d_NETSCAPE_SPKI(spki, NULL);
110 der_spki = OPENSSL_malloc(der_len);
111 b64_str = OPENSSL_malloc(der_len * 2);
112 if(!der_spki || !b64_str) {
113 X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
114 return NULL;
115 }
116 p = der_spki;
117 i2d_NETSCAPE_SPKI(spki, &p);
118 EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
119 OPENSSL_free(der_spki);
120 return b64_str;
121}
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
deleted file mode 100644
index 2cd994c5b0..0000000000
--- a/src/lib/libcrypto/x509/x509type.c
+++ /dev/null
@@ -1,121 +0,0 @@
1/* crypto/x509/x509type.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/evp.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64
65int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
66 {
67 EVP_PKEY *pk;
68 int ret=0,i;
69
70 if (x == NULL) return(0);
71
72 if (pkey == NULL)
73 pk=X509_get_pubkey(x);
74 else
75 pk=pkey;
76
77 if (pk == NULL) return(0);
78
79 switch (pk->type)
80 {
81 case EVP_PKEY_RSA:
82 ret=EVP_PK_RSA|EVP_PKT_SIGN;
83/* if (!sign only extension) */
84 ret|=EVP_PKT_ENC;
85 break;
86 case EVP_PKEY_DSA:
87 ret=EVP_PK_DSA|EVP_PKT_SIGN;
88 break;
89 case EVP_PKEY_EC:
90 ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH;
91 break;
92 case EVP_PKEY_DH:
93 ret=EVP_PK_DH|EVP_PKT_EXCH;
94 break;
95 default:
96 break;
97 }
98
99 i=X509_get_signature_type(x);
100 switch (i)
101 {
102 case EVP_PKEY_RSA:
103 ret|=EVP_PKS_RSA;
104 break;
105 case EVP_PKEY_DSA:
106 ret|=EVP_PKS_DSA;
107 break;
108 case EVP_PKEY_EC:
109 ret|=EVP_PKS_EC;
110 break;
111 default:
112 break;
113 }
114
115 if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
116 for, not bytes */
117 ret|=EVP_PKT_EXP;
118 if(pkey==NULL) EVP_PKEY_free(pk);
119 return(ret);
120 }
121
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
deleted file mode 100644
index 9039caad60..0000000000
--- a/src/lib/libcrypto/x509/x_all.c
+++ /dev/null
@@ -1,522 +0,0 @@
1/* crypto/x509/x_all.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#undef SSLEAY_MACROS
61#include <openssl/stack.h>
62#include "cryptlib.h"
63#include <openssl/buffer.h>
64#include <openssl/asn1.h>
65#include <openssl/evp.h>
66#include <openssl/x509.h>
67#ifndef OPENSSL_NO_RSA
68#include <openssl/rsa.h>
69#endif
70#ifndef OPENSSL_NO_DSA
71#include <openssl/dsa.h>
72#endif
73
74int X509_verify(X509 *a, EVP_PKEY *r)
75 {
76 return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
77 a->signature,a->cert_info,r));
78 }
79
80int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
81 {
82 return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
83 a->sig_alg,a->signature,a->req_info,r));
84 }
85
86int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
87 {
88 return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
89 a->sig_alg, a->signature,a->crl,r));
90 }
91
92int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
93 {
94 return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
95 a->sig_algor,a->signature,a->spkac,r));
96 }
97
98int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
99 {
100 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
101 x->sig_alg, x->signature, x->cert_info,pkey,md));
102 }
103
104int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
105 {
106 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
107 x->signature, x->req_info,pkey,md));
108 }
109
110int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
111 {
112 x->crl->enc.modified = 1;
113 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
114 x->sig_alg, x->signature, x->crl,pkey,md));
115 }
116
117int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
118 {
119 return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
120 x->signature, x->spkac,pkey,md));
121 }
122
123#ifndef OPENSSL_NO_FP_API
124X509 *d2i_X509_fp(FILE *fp, X509 **x509)
125 {
126 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
127 }
128
129int i2d_X509_fp(FILE *fp, X509 *x509)
130 {
131 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
132 }
133#endif
134
135X509 *d2i_X509_bio(BIO *bp, X509 **x509)
136 {
137 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
138 }
139
140int i2d_X509_bio(BIO *bp, X509 *x509)
141 {
142 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
143 }
144
145#ifndef OPENSSL_NO_FP_API
146X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
147 {
148 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
149 }
150
151int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
152 {
153 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
154 }
155#endif
156
157X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
158 {
159 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
160 }
161
162int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
163 {
164 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
165 }
166
167#ifndef OPENSSL_NO_FP_API
168PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
169 {
170 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
171 }
172
173int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
174 {
175 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
176 }
177#endif
178
179PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
180 {
181 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
182 }
183
184int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
185 {
186 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
187 }
188
189#ifndef OPENSSL_NO_FP_API
190X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
191 {
192 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
193 }
194
195int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
196 {
197 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
198 }
199#endif
200
201X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
202 {
203 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
204 }
205
206int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
207 {
208 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
209 }
210
211#ifndef OPENSSL_NO_RSA
212
213#ifndef OPENSSL_NO_FP_API
214RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
215 {
216 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
217 }
218
219int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
220 {
221 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
222 }
223
224RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
225 {
226 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
227 }
228
229
230RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
231 {
232 return ASN1_d2i_fp((void *(*)(void))
233 RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp,
234 (void **)rsa);
235 }
236
237int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
238 {
239 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
240 }
241
242int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
243 {
244 return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa);
245 }
246#endif
247
248RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
249 {
250 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
251 }
252
253int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
254 {
255 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
256 }
257
258RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
259 {
260 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
261 }
262
263
264RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
265 {
266 return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa);
267 }
268
269int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
270 {
271 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
272 }
273
274int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
275 {
276 return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa);
277 }
278#endif
279
280#ifndef OPENSSL_NO_DSA
281#ifndef OPENSSL_NO_FP_API
282DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
283 {
284 return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa);
285 }
286
287int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
288 {
289 return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa);
290 }
291
292DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
293 {
294 return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa);
295 }
296
297int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
298 {
299 return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa);
300 }
301#endif
302
303DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
304 {
305 return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa
306);
307 }
308
309int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
310 {
311 return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa);
312 }
313
314DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
315 {
316 return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa);
317 }
318
319int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
320 {
321 return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa);
322 }
323
324#endif
325
326#ifndef OPENSSL_NO_EC
327#ifndef OPENSSL_NO_FP_API
328EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
329 {
330 return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey);
331 }
332
333int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
334 {
335 return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey);
336 }
337
338EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
339 {
340 return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey);
341 }
342
343int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
344 {
345 return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey);
346 }
347#endif
348EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
349 {
350 return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey);
351 }
352
353int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
354 {
355 return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa);
356 }
357
358EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
359 {
360 return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey);
361 }
362
363int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
364 {
365 return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey);
366 }
367#endif
368
369
370int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
371 unsigned int *len)
372 {
373 ASN1_BIT_STRING *key;
374 key = X509_get0_pubkey_bitstr(data);
375 if(!key) return 0;
376 return EVP_Digest(key->data, key->length, md, len, type, NULL);
377 }
378
379int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
380 unsigned int *len)
381 {
382 return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
383 }
384
385int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
386 unsigned int *len)
387 {
388 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
389 }
390
391int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
392 unsigned int *len)
393 {
394 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
395 }
396
397int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
398 unsigned int *len)
399 {
400 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
401 }
402
403int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
404 unsigned char *md, unsigned int *len)
405 {
406 return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
407 (char *)data,md,len));
408 }
409
410
411#ifndef OPENSSL_NO_FP_API
412X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
413 {
414 return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8);
415 }
416
417int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
418 {
419 return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8);
420 }
421#endif
422
423X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
424 {
425 return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8);
426 }
427
428int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
429 {
430 return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8);
431 }
432
433#ifndef OPENSSL_NO_FP_API
434PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
435 PKCS8_PRIV_KEY_INFO **p8inf)
436 {
437 return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
438 d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf);
439 }
440
441int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
442 {
443 return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp,
444 p8inf);
445 }
446
447int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
448 {
449 PKCS8_PRIV_KEY_INFO *p8inf;
450 int ret;
451 p8inf = EVP_PKEY2PKCS8(key);
452 if(!p8inf) return 0;
453 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
454 PKCS8_PRIV_KEY_INFO_free(p8inf);
455 return ret;
456 }
457
458int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
459 {
460 return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey);
461 }
462
463EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
464{
465 return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a);
466}
467
468int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
469 {
470 return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey);
471 }
472
473EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
474{
475 return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a);
476}
477
478#endif
479
480PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
481 PKCS8_PRIV_KEY_INFO **p8inf)
482 {
483 return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
484 d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf);
485 }
486
487int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
488 {
489 return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp,
490 p8inf);
491 }
492
493int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
494 {
495 PKCS8_PRIV_KEY_INFO *p8inf;
496 int ret;
497 p8inf = EVP_PKEY2PKCS8(key);
498 if(!p8inf) return 0;
499 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
500 PKCS8_PRIV_KEY_INFO_free(p8inf);
501 return ret;
502 }
503
504int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
505 {
506 return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey);
507 }
508
509EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
510 {
511 return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a);
512 }
513
514int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
515 {
516 return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey);
517 }
518
519EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
520 {
521 return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a);
522 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-04 16:23:00 +0000