summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509')
-rw-r--r--src/lib/libcrypto/x509/by_dir.c96
-rw-r--r--src/lib/libcrypto/x509/by_file.c106
-rw-r--r--src/lib/libcrypto/x509/x509.h1161
-rw-r--r--src/lib/libcrypto/x509/x509_att.c26
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c204
-rw-r--r--src/lib/libcrypto/x509/x509_d2.c23
-rw-r--r--src/lib/libcrypto/x509/x509_def.c18
-rw-r--r--src/lib/libcrypto/x509/x509_err.c162
-rw-r--r--src/lib/libcrypto/x509/x509_ext.c142
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c481
-rw-r--r--src/lib/libcrypto/x509/x509_obj.c75
-rw-r--r--src/lib/libcrypto/x509/x509_r2x.c36
-rw-r--r--src/lib/libcrypto/x509/x509_req.c194
-rw-r--r--src/lib/libcrypto/x509/x509_set.c54
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c65
-rw-r--r--src/lib/libcrypto/x509/x509_txt.c48
-rw-r--r--src/lib/libcrypto/x509/x509_v3.c237
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c1067
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h261
-rw-r--r--src/lib/libcrypto/x509/x509name.c205
-rw-r--r--src/lib/libcrypto/x509/x509rset.c20
-rw-r--r--src/lib/libcrypto/x509/x509spki.c13
-rw-r--r--src/lib/libcrypto/x509/x509type.c13
-rw-r--r--src/lib/libcrypto/x509/x_all.c523
24 files changed, 3081 insertions, 2149 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 11725ec94c..448bd7e69c 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -59,13 +59,20 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include <errno.h> 61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64 62
65#include "cryptlib.h" 63#include "cryptlib.h"
66#include "lhash.h" 64
67#include "x509.h" 65#ifndef NO_SYS_TYPES_H
68#include "pem.h" 66# include <sys/types.h>
67#endif
68#ifdef MAC_OS_pre_X
69# include <stat.h>
70#else
71# include <sys/stat.h>
72#endif
73
74#include <openssl/lhash.h>
75#include <openssl/x509.h>
69 76
70typedef struct lookup_dir_st 77typedef struct lookup_dir_st
71 { 78 {
@@ -76,21 +83,13 @@ typedef struct lookup_dir_st
76 int num_dirs_alloced; 83 int num_dirs_alloced;
77 } BY_DIR; 84 } BY_DIR;
78 85
79#ifndef NOPROTO 86static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
80static int dir_ctrl(X509_LOOKUP *ctx,int cmd,char *argp,long argl,char **ret); 87 char **ret);
81static int new_dir(X509_LOOKUP *lu); 88static int new_dir(X509_LOOKUP *lu);
82static void free_dir(X509_LOOKUP *lu); 89static void free_dir(X509_LOOKUP *lu);
83static int add_cert_dir(BY_DIR *ctx,char *dir,int type); 90static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
84static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name, 91static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
85 X509_OBJECT *ret); 92 X509_OBJECT *ret);
86#else
87static int dir_ctrl();
88static int new_dir();
89static void free_dir();
90static int add_cert_dir();
91static int get_cert_by_subject();
92#endif
93
94X509_LOOKUP_METHOD x509_dir_lookup= 93X509_LOOKUP_METHOD x509_dir_lookup=
95 { 94 {
96 "Load certs from files in a directory", 95 "Load certs from files in a directory",
@@ -105,17 +104,13 @@ X509_LOOKUP_METHOD x509_dir_lookup=
105 NULL, /* get_by_alias */ 104 NULL, /* get_by_alias */
106 }; 105 };
107 106
108X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir() 107X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
109 { 108 {
110 return(&x509_dir_lookup); 109 return(&x509_dir_lookup);
111 } 110 }
112 111
113static int dir_ctrl(ctx,cmd,argp,argl,retp) 112static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
114X509_LOOKUP *ctx; 113 char **retp)
115int cmd;
116long argl;
117char *argp;
118char **retp;
119 { 114 {
120 int ret=0; 115 int ret=0;
121 BY_DIR *ld; 116 BY_DIR *ld;
@@ -147,16 +142,15 @@ char **retp;
147 return(ret); 142 return(ret);
148 } 143 }
149 144
150static int new_dir(lu) 145static int new_dir(X509_LOOKUP *lu)
151X509_LOOKUP *lu;
152 { 146 {
153 BY_DIR *a; 147 BY_DIR *a;
154 148
155 if ((a=(BY_DIR *)Malloc(sizeof(BY_DIR))) == NULL) 149 if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
156 return(0); 150 return(0);
157 if ((a->buffer=BUF_MEM_new()) == NULL) 151 if ((a->buffer=BUF_MEM_new()) == NULL)
158 { 152 {
159 Free(a); 153 OPENSSL_free(a);
160 return(0); 154 return(0);
161 } 155 }
162 a->num_dirs=0; 156 a->num_dirs=0;
@@ -167,32 +161,32 @@ X509_LOOKUP *lu;
167 return(1); 161 return(1);
168 } 162 }
169 163
170static void free_dir(lu) 164static void free_dir(X509_LOOKUP *lu)
171X509_LOOKUP *lu;
172 { 165 {
173 BY_DIR *a; 166 BY_DIR *a;
174 int i; 167 int i;
175 168
176 a=(BY_DIR *)lu->method_data; 169 a=(BY_DIR *)lu->method_data;
177 for (i=0; i<a->num_dirs; i++) 170 for (i=0; i<a->num_dirs; i++)
178 if (a->dirs[i] != NULL) Free(a->dirs[i]); 171 if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
179 if (a->dirs != NULL) Free(a->dirs); 172 if (a->dirs != NULL) OPENSSL_free(a->dirs);
180 if (a->dirs_type != NULL) Free(a->dirs_type); 173 if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
181 if (a->buffer != NULL) BUF_MEM_free(a->buffer); 174 if (a->buffer != NULL) BUF_MEM_free(a->buffer);
182 Free(a); 175 OPENSSL_free(a);
183 } 176 }
184 177
185static int add_cert_dir(ctx,dir, type) 178static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
186BY_DIR *ctx;
187char *dir;
188int type;
189 { 179 {
190 int j,len; 180 int j,len;
191 int *ip; 181 int *ip;
192 char *s,*ss,*p; 182 const char *s,*ss,*p;
193 char **pp; 183 char **pp;
194 184
195 if (dir == NULL) return(0); 185 if (dir == NULL || !*dir)
186 {
187 X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
188 return 0;
189 }
196 190
197 s=dir; 191 s=dir;
198 p=s; 192 p=s;
@@ -210,9 +204,9 @@ int type;
210 if (ctx->num_dirs_alloced < (ctx->num_dirs+1)) 204 if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
211 { 205 {
212 ctx->num_dirs_alloced+=10; 206 ctx->num_dirs_alloced+=10;
213 pp=(char **)Malloc(ctx->num_dirs_alloced* 207 pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
214 sizeof(char *)); 208 sizeof(char *));
215 ip=(int *)Malloc(ctx->num_dirs_alloced* 209 ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
216 sizeof(int)); 210 sizeof(int));
217 if ((pp == NULL) || (ip == NULL)) 211 if ((pp == NULL) || (ip == NULL))
218 { 212 {
@@ -224,14 +218,14 @@ int type;
224 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)* 218 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
225 sizeof(int)); 219 sizeof(int));
226 if (ctx->dirs != NULL) 220 if (ctx->dirs != NULL)
227 Free((char *)ctx->dirs); 221 OPENSSL_free(ctx->dirs);
228 if (ctx->dirs_type != NULL) 222 if (ctx->dirs_type != NULL)
229 Free((char *)ctx->dirs_type); 223 OPENSSL_free(ctx->dirs_type);
230 ctx->dirs=pp; 224 ctx->dirs=pp;
231 ctx->dirs_type=ip; 225 ctx->dirs_type=ip;
232 } 226 }
233 ctx->dirs_type[ctx->num_dirs]=type; 227 ctx->dirs_type[ctx->num_dirs]=type;
234 ctx->dirs[ctx->num_dirs]=(char *)Malloc((unsigned int)len+1); 228 ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
235 if (ctx->dirs[ctx->num_dirs] == NULL) return(0); 229 if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
236 strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len); 230 strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
237 ctx->dirs[ctx->num_dirs][len]='\0'; 231 ctx->dirs[ctx->num_dirs][len]='\0';
@@ -243,11 +237,8 @@ int type;
243 return(1); 237 return(1);
244 } 238 }
245 239
246static int get_cert_by_subject(xl,type,name,ret) 240static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
247X509_LOOKUP *xl; 241 X509_OBJECT *ret)
248int type;
249X509_NAME *name;
250X509_OBJECT *ret;
251 { 242 {
252 BY_DIR *ctx; 243 BY_DIR *ctx;
253 union { 244 union {
@@ -266,7 +257,7 @@ X509_OBJECT *ret;
266 BUF_MEM *b=NULL; 257 BUF_MEM *b=NULL;
267 struct stat st; 258 struct stat st;
268 X509_OBJECT stmp,*tmp; 259 X509_OBJECT stmp,*tmp;
269 char *postfix=""; 260 const char *postfix="";
270 261
271 if (name == NULL) return(0); 262 if (name == NULL) return(0);
272 263
@@ -335,8 +326,9 @@ X509_OBJECT *ret;
335 /* we have added it to the cache so now pull 326 /* we have added it to the cache so now pull
336 * it out again */ 327 * it out again */
337 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); 328 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
338 tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs, 329 j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
339 (char *)&stmp); 330 if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
331 else tmp = NULL;
340 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); 332 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
341 333
342 if (tmp != NULL) 334 if (tmp != NULL)
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
index 09ebb9bf08..92e00d2d73 100644
--- a/src/lib/libcrypto/x509/by_file.c
+++ b/src/lib/libcrypto/x509/by_file.c
@@ -59,24 +59,17 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include <errno.h> 61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64 62
65#include "cryptlib.h" 63#include "cryptlib.h"
66#include "lhash.h" 64#include <openssl/lhash.h>
67#include "buffer.h" 65#include <openssl/buffer.h>
68#include "x509.h" 66#include <openssl/x509.h>
69#include "pem.h" 67#include <openssl/pem.h>
70 68
71#ifndef NO_STDIO 69#ifndef OPENSSL_NO_STDIO
72
73#ifndef NOPROTO
74static int by_file_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,
75 long argl,char **ret);
76#else
77static int by_file_ctrl();
78#endif
79 70
71static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
72 long argl, char **ret);
80X509_LOOKUP_METHOD x509_file_lookup= 73X509_LOOKUP_METHOD x509_file_lookup=
81 { 74 {
82 "Load file into cache", 75 "Load file into cache",
@@ -91,19 +84,15 @@ X509_LOOKUP_METHOD x509_file_lookup=
91 NULL, /* get_by_alias */ 84 NULL, /* get_by_alias */
92 }; 85 };
93 86
94X509_LOOKUP_METHOD *X509_LOOKUP_file() 87X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
95 { 88 {
96 return(&x509_file_lookup); 89 return(&x509_file_lookup);
97 } 90 }
98 91
99static int by_file_ctrl(ctx,cmd,argp,argl,ret) 92static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
100X509_LOOKUP *ctx; 93 char **ret)
101int cmd;
102char *argp;
103long argl;
104char **ret;
105 { 94 {
106 int ok=0,ok2=0; 95 int ok=0;
107 char *file; 96 char *file;
108 97
109 switch (cmd) 98 switch (cmd)
@@ -111,37 +100,33 @@ char **ret;
111 case X509_L_FILE_LOAD: 100 case X509_L_FILE_LOAD:
112 if (argl == X509_FILETYPE_DEFAULT) 101 if (argl == X509_FILETYPE_DEFAULT)
113 { 102 {
114 ok=X509_load_cert_file(ctx,X509_get_default_cert_file(), 103 ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
115 X509_FILETYPE_PEM); 104 X509_FILETYPE_PEM) != 0);
116 ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(), 105 if (!ok)
117 X509_FILETYPE_PEM);
118 if (!ok || !ok2)
119 { 106 {
120 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); 107 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
121 } 108 }
122 else 109 else
123 { 110 {
124 file=(char *)Getenv(X509_get_default_cert_file_env()); 111 file=(char *)Getenv(X509_get_default_cert_file_env());
125 ok=X509_load_cert_file(ctx,file, 112 ok = (X509_load_cert_crl_file(ctx,file,
126 X509_FILETYPE_PEM); 113 X509_FILETYPE_PEM) != 0);
127 ok2=X509_load_crl_file(ctx,file,
128 X509_FILETYPE_PEM);
129 } 114 }
130 } 115 }
131 else 116 else
132 { 117 {
133 ok=X509_load_cert_file(ctx,argp,(int)argl); 118 if(argl == X509_FILETYPE_PEM)
134 ok2=X509_load_crl_file(ctx,argp,(int)argl); 119 ok = (X509_load_cert_crl_file(ctx,argp,
120 X509_FILETYPE_PEM) != 0);
121 else
122 ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
135 } 123 }
136 break; 124 break;
137 } 125 }
138 return((ok && ok2)?ok:0); 126 return(ok);
139 } 127 }
140 128
141int X509_load_cert_file(ctx,file,type) 129int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
142X509_LOOKUP *ctx;
143char *file;
144int type;
145 { 130 {
146 int ret=0; 131 int ret=0;
147 BIO *in=NULL; 132 BIO *in=NULL;
@@ -161,7 +146,7 @@ int type;
161 { 146 {
162 for (;;) 147 for (;;)
163 { 148 {
164 x=PEM_read_bio_X509(in,NULL,NULL); 149 x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
165 if (x == NULL) 150 if (x == NULL)
166 { 151 {
167 if ((ERR_GET_REASON(ERR_peek_error()) == 152 if ((ERR_GET_REASON(ERR_peek_error()) ==
@@ -208,10 +193,7 @@ err:
208 return(ret); 193 return(ret);
209 } 194 }
210 195
211int X509_load_crl_file(ctx,file,type) 196int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
212X509_LOOKUP *ctx;
213char *file;
214int type;
215 { 197 {
216 int ret=0; 198 int ret=0;
217 BIO *in=NULL; 199 BIO *in=NULL;
@@ -231,7 +213,7 @@ int type;
231 { 213 {
232 for (;;) 214 for (;;)
233 { 215 {
234 x=PEM_read_bio_X509_CRL(in,NULL,NULL); 216 x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
235 if (x == NULL) 217 if (x == NULL)
236 { 218 {
237 if ((ERR_GET_REASON(ERR_peek_error()) == 219 if ((ERR_GET_REASON(ERR_peek_error()) ==
@@ -278,5 +260,39 @@ err:
278 return(ret); 260 return(ret);
279 } 261 }
280 262
281#endif /* NO_STDIO */ 263int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
264{
265 STACK_OF(X509_INFO) *inf;
266 X509_INFO *itmp;
267 BIO *in;
268 int i, count = 0;
269 if(type != X509_FILETYPE_PEM)
270 return X509_load_cert_file(ctx, file, type);
271 in = BIO_new_file(file, "r");
272 if(!in) {
273 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
274 return 0;
275 }
276 inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
277 BIO_free(in);
278 if(!inf) {
279 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
280 return 0;
281 }
282 for(i = 0; i < sk_X509_INFO_num(inf); i++) {
283 itmp = sk_X509_INFO_value(inf, i);
284 if(itmp->x509) {
285 X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
286 count++;
287 } else if(itmp->crl) {
288 X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
289 count++;
290 }
291 }
292 sk_X509_INFO_pop_free(inf, X509_INFO_free);
293 return count;
294}
295
296
297#endif /* OPENSSL_NO_STDIO */
282 298
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 95114f7c43..c75aa0c717 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -59,32 +59,46 @@
59#ifndef HEADER_X509_H 59#ifndef HEADER_X509_H
60#define HEADER_X509_H 60#define HEADER_X509_H
61 61
62#ifdef __cplusplus 62#include <openssl/symhacks.h>
63extern "C" { 63#ifndef OPENSSL_NO_BUFFER
64#include <openssl/buffer.h>
65#endif
66#ifndef OPENSSL_NO_EVP
67#include <openssl/evp.h>
64#endif 68#endif
69#ifndef OPENSSL_NO_BIO
70#include <openssl/bio.h>
71#endif
72#include <openssl/stack.h>
73#include <openssl/asn1.h>
74#include <openssl/safestack.h>
65 75
66#include "stack.h" 76#ifndef OPENSSL_NO_RSA
67#include "asn1.h" 77#include <openssl/rsa.h>
78#endif
68 79
69#ifndef NO_RSA 80#ifndef OPENSSL_NO_DSA
70#include "rsa.h" 81#include <openssl/dsa.h>
71#else
72#define RSA long
73#endif 82#endif
74 83
75#ifndef NO_DSA 84#ifndef OPENSSL_NO_DH
76#include "dsa.h" 85#include <openssl/dh.h>
77#else 86#endif
78#define DSA long 87#ifndef OPENSSL_NO_SHA
88#include <openssl/sha.h>
79#endif 89#endif
90#include <openssl/evp.h>
91#include <openssl/e_os2.h>
92#include <openssl/ossl_typ.h>
80 93
81#ifndef NO_DH 94#ifdef __cplusplus
82#include "dh.h" 95extern "C" {
83#else
84#define DH long
85#endif 96#endif
86 97
87#include "evp.h" 98#ifdef OPENSSL_SYS_WIN32
99/* Under Win32 this is defined in wincrypt.h */
100#undef X509_NAME
101#endif
88 102
89#define X509_FILETYPE_PEM 1 103#define X509_FILETYPE_PEM 1
90#define X509_FILETYPE_ASN1 2 104#define X509_FILETYPE_ASN1 2
@@ -108,23 +122,26 @@ typedef struct X509_objects_st
108 int (*i2a)(); 122 int (*i2a)();
109 } X509_OBJECTS; 123 } X509_OBJECTS;
110 124
111typedef struct X509_algor_st 125struct X509_algor_st
112 { 126 {
113 ASN1_OBJECT *algorithm; 127 ASN1_OBJECT *algorithm;
114 ASN1_TYPE *parameter; 128 ASN1_TYPE *parameter;
115 } X509_ALGOR; 129 } /* X509_ALGOR */;
130
131DECLARE_STACK_OF(X509_ALGOR)
132DECLARE_ASN1_SET_OF(X509_ALGOR)
116 133
117typedef struct X509_val_st 134typedef struct X509_val_st
118 { 135 {
119 ASN1_UTCTIME *notBefore; 136 ASN1_TIME *notBefore;
120 ASN1_UTCTIME *notAfter; 137 ASN1_TIME *notAfter;
121 } X509_VAL; 138 } X509_VAL;
122 139
123typedef struct X509_pubkey_st 140typedef struct X509_pubkey_st
124 { 141 {
125 X509_ALGOR *algor; 142 X509_ALGOR *algor;
126 ASN1_BIT_STRING *public_key; 143 ASN1_BIT_STRING *public_key;
127 struct evp_pkey_st /* EVP_PKEY*/ *pkey; 144 EVP_PKEY *pkey;
128 } X509_PUBKEY; 145 } X509_PUBKEY;
129 146
130typedef struct X509_sig_st 147typedef struct X509_sig_st
@@ -141,58 +158,60 @@ typedef struct X509_name_entry_st
141 int size; /* temp variable */ 158 int size; /* temp variable */
142 } X509_NAME_ENTRY; 159 } X509_NAME_ENTRY;
143 160
161DECLARE_STACK_OF(X509_NAME_ENTRY)
162DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
163
144/* we always keep X509_NAMEs in 2 forms. */ 164/* we always keep X509_NAMEs in 2 forms. */
145typedef struct X509_name_st 165struct X509_name_st
146 { 166 {
147 STACK *entries; /* of X509_NAME_ENTRY */ 167 STACK_OF(X509_NAME_ENTRY) *entries;
148 int modified; /* true if 'bytes' needs to be built */ 168 int modified; /* true if 'bytes' needs to be built */
149#ifdef HEADER_BUFFER_H 169#ifndef OPENSSL_NO_BUFFER
150 BUF_MEM *bytes; 170 BUF_MEM *bytes;
151#else 171#else
152 char *bytes; 172 char *bytes;
153#endif 173#endif
154 unsigned long hash; /* Keep the hash around for lookups */ 174 unsigned long hash; /* Keep the hash around for lookups */
155 } X509_NAME; 175 } /* X509_NAME */;
176
177DECLARE_STACK_OF(X509_NAME)
156 178
157#define X509_EX_V_NETSCAPE_HACK 0x8000 179#define X509_EX_V_NETSCAPE_HACK 0x8000
158#define X509_EX_V_INIT 0x0001 180#define X509_EX_V_INIT 0x0001
159typedef struct X509_extension_st 181typedef struct X509_extension_st
160 { 182 {
161 ASN1_OBJECT *object; 183 ASN1_OBJECT *object;
162 short critical; 184 ASN1_BOOLEAN critical;
163 short netscape_hack;
164 ASN1_OCTET_STRING *value; 185 ASN1_OCTET_STRING *value;
165 long argl; /* used when decoding */
166 char *argp; /* used when decoding */
167 void (*ex_free)(); /* clear argp stuff */
168 } X509_EXTENSION; 186 } X509_EXTENSION;
169 187
170/* #if 1 */ 188DECLARE_STACK_OF(X509_EXTENSION)
171typedef struct x509_extension_method_st 189DECLARE_ASN1_SET_OF(X509_EXTENSION)
190
191/* a sequence of these are used */
192typedef struct x509_attributes_st
172 { 193 {
173 int nid; 194 ASN1_OBJECT *object;
174 int data_type; 195 int single; /* 0 for a set, 1 for a single item (which is wrong) */
175 int pack_type; 196 union {
176 void (*ex_clear)(); 197 char *ptr;
177 int (*ex_get_bool)(); 198/* 0 */ STACK_OF(ASN1_TYPE) *set;
178 int (*ex_set_bool)(); 199/* 1 */ ASN1_TYPE *single;
179 int (*ex_get_str)(); 200 } value;
180 int (*ex_set_str)(); 201 } X509_ATTRIBUTE;
181 char *(*ex_get_struct)(); 202
182 int (*ex_set_struct)(); 203DECLARE_STACK_OF(X509_ATTRIBUTE)
183 int (*a2i)(); 204DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
184 int (*i2a)(); 205
185 } X509_EXTENSION_METHOD;
186/* #endif */
187 206
188typedef struct X509_req_info_st 207typedef struct X509_req_info_st
189 { 208 {
209 ASN1_ENCODING enc;
190 ASN1_INTEGER *version; 210 ASN1_INTEGER *version;
191 X509_NAME *subject; 211 X509_NAME *subject;
192 X509_PUBKEY *pubkey; 212 X509_PUBKEY *pubkey;
193 /* d=2 hl=2 l= 0 cons: cont: 00 */ 213 /* d=2 hl=2 l= 0 cons: cont: 00 */
194 STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */ 214 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
195 int req_kludge;
196 } X509_REQ_INFO; 215 } X509_REQ_INFO;
197 216
198typedef struct X509_req_st 217typedef struct X509_req_st
@@ -214,10 +233,25 @@ typedef struct x509_cinf_st
214 X509_PUBKEY *key; 233 X509_PUBKEY *key;
215 ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ 234 ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
216 ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ 235 ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
217 STACK /* X509_EXTENSION */ *extensions; /* [ 3 ] optional in v3 */ 236 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
218 } X509_CINF; 237 } X509_CINF;
219 238
220typedef struct x509_st 239/* This stuff is certificate "auxiliary info"
240 * it contains details which are useful in certificate
241 * stores and databases. When used this is tagged onto
242 * the end of the certificate itself
243 */
244
245typedef struct x509_cert_aux_st
246 {
247 STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
248 STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
249 ASN1_UTF8STRING *alias; /* "friendly name" */
250 ASN1_OCTET_STRING *keyid; /* key id of private key */
251 STACK_OF(X509_ALGOR) *other; /* other unspecified info */
252 } X509_CERT_AUX;
253
254struct x509_st
221 { 255 {
222 X509_CINF *cert_info; 256 X509_CINF *cert_info;
223 X509_ALGOR *sig_alg; 257 X509_ALGOR *sig_alg;
@@ -225,47 +259,170 @@ typedef struct x509_st
225 int valid; 259 int valid;
226 int references; 260 int references;
227 char *name; 261 char *name;
228 } X509; 262 CRYPTO_EX_DATA ex_data;
263 /* These contain copies of various extension values */
264 long ex_pathlen;
265 unsigned long ex_flags;
266 unsigned long ex_kusage;
267 unsigned long ex_xkusage;
268 unsigned long ex_nscert;
269 ASN1_OCTET_STRING *skid;
270 struct AUTHORITY_KEYID_st *akid;
271#ifndef OPENSSL_NO_SHA
272 unsigned char sha1_hash[SHA_DIGEST_LENGTH];
273#endif
274 X509_CERT_AUX *aux;
275 } /* X509 */;
276
277DECLARE_STACK_OF(X509)
278DECLARE_ASN1_SET_OF(X509)
279
280/* This is used for a table of trust checking functions */
281
282typedef struct x509_trust_st {
283 int trust;
284 int flags;
285 int (*check_trust)(struct x509_trust_st *, X509 *, int);
286 char *name;
287 int arg1;
288 void *arg2;
289} X509_TRUST;
290
291DECLARE_STACK_OF(X509_TRUST)
292
293/* standard trust ids */
294
295#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */
296
297#define X509_TRUST_COMPAT 1
298#define X509_TRUST_SSL_CLIENT 2
299#define X509_TRUST_SSL_SERVER 3
300#define X509_TRUST_EMAIL 4
301#define X509_TRUST_OBJECT_SIGN 5
302#define X509_TRUST_OCSP_SIGN 6
303#define X509_TRUST_OCSP_REQUEST 7
304
305/* Keep these up to date! */
306#define X509_TRUST_MIN 1
307#define X509_TRUST_MAX 7
308
309
310/* trust_flags values */
311#define X509_TRUST_DYNAMIC 1
312#define X509_TRUST_DYNAMIC_NAME 2
313
314/* check_trust return codes */
315
316#define X509_TRUST_TRUSTED 1
317#define X509_TRUST_REJECTED 2
318#define X509_TRUST_UNTRUSTED 3
319
320/* Flags for X509_print_ex() */
321
322#define X509_FLAG_COMPAT 0
323#define X509_FLAG_NO_HEADER 1L
324#define X509_FLAG_NO_VERSION (1L << 1)
325#define X509_FLAG_NO_SERIAL (1L << 2)
326#define X509_FLAG_NO_SIGNAME (1L << 3)
327#define X509_FLAG_NO_ISSUER (1L << 4)
328#define X509_FLAG_NO_VALIDITY (1L << 5)
329#define X509_FLAG_NO_SUBJECT (1L << 6)
330#define X509_FLAG_NO_PUBKEY (1L << 7)
331#define X509_FLAG_NO_EXTENSIONS (1L << 8)
332#define X509_FLAG_NO_SIGDUMP (1L << 9)
333#define X509_FLAG_NO_AUX (1L << 10)
334
335/* Flags specific to X509_NAME_print_ex() */
336
337/* The field separator information */
338
339#define XN_FLAG_SEP_MASK (0xf << 16)
340
341#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */
342#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */
343#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */
344#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */
345#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */
346
347#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */
348
349/* How the field name is shown */
350
351#define XN_FLAG_FN_MASK (0x3 << 21)
352
353#define XN_FLAG_FN_SN 0 /* Object short name */
354#define XN_FLAG_FN_LN (1 << 21) /* Object long name */
355#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */
356#define XN_FLAG_FN_NONE (3 << 21) /* No field names */
357
358#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */
359
360/* This determines if we dump fields we don't recognise:
361 * RFC2253 requires this.
362 */
363
364#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
365
366#define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 characters */
367
368/* Complete set of RFC2253 flags */
369
370#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
371 XN_FLAG_SEP_COMMA_PLUS | \
372 XN_FLAG_DN_REV | \
373 XN_FLAG_FN_SN | \
374 XN_FLAG_DUMP_UNKNOWN_FIELDS)
375
376/* readable oneline form */
377
378#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
379 ASN1_STRFLGS_ESC_QUOTE | \
380 XN_FLAG_SEP_CPLUS_SPC | \
381 XN_FLAG_SPC_EQ | \
382 XN_FLAG_FN_SN)
383
384/* readable multiline form */
385
386#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
387 ASN1_STRFLGS_ESC_MSB | \
388 XN_FLAG_SEP_MULTILINE | \
389 XN_FLAG_SPC_EQ | \
390 XN_FLAG_FN_LN | \
391 XN_FLAG_FN_ALIGN)
229 392
230typedef struct X509_revoked_st 393typedef struct X509_revoked_st
231 { 394 {
232 ASN1_INTEGER *serialNumber; 395 ASN1_INTEGER *serialNumber;
233 ASN1_UTCTIME *revocationDate; 396 ASN1_TIME *revocationDate;
234 STACK /* optional X509_EXTENSION */ *extensions; 397 STACK_OF(X509_EXTENSION) /* optional */ *extensions;
235 int sequence; /* load sequence */ 398 int sequence; /* load sequence */
236 } X509_REVOKED; 399 } X509_REVOKED;
237 400
401DECLARE_STACK_OF(X509_REVOKED)
402DECLARE_ASN1_SET_OF(X509_REVOKED)
403
238typedef struct X509_crl_info_st 404typedef struct X509_crl_info_st
239 { 405 {
240 ASN1_INTEGER *version; 406 ASN1_INTEGER *version;
241 X509_ALGOR *sig_alg; 407 X509_ALGOR *sig_alg;
242 X509_NAME *issuer; 408 X509_NAME *issuer;
243 ASN1_UTCTIME *lastUpdate; 409 ASN1_TIME *lastUpdate;
244 ASN1_UTCTIME *nextUpdate; 410 ASN1_TIME *nextUpdate;
245 STACK /* X509_REVOKED */ *revoked; 411 STACK_OF(X509_REVOKED) *revoked;
246 STACK /* [0] X509_EXTENSION */ *extensions; 412 STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
247 } X509_CRL_INFO; 413 } X509_CRL_INFO;
248 414
249typedef struct X509_crl_st 415struct X509_crl_st
250 { 416 {
251 /* actual signature */ 417 /* actual signature */
252 X509_CRL_INFO *crl; 418 X509_CRL_INFO *crl;
253 X509_ALGOR *sig_alg; 419 X509_ALGOR *sig_alg;
254 ASN1_BIT_STRING *signature; 420 ASN1_BIT_STRING *signature;
255 int references; 421 int references;
256 } X509_CRL; 422 } /* X509_CRL */;
257 423
258/* a sequence of these are used */ 424DECLARE_STACK_OF(X509_CRL)
259typedef struct x509_attributes_st 425DECLARE_ASN1_SET_OF(X509_CRL)
260 {
261 ASN1_OBJECT *object;
262 int set; /* 1 for a set, 0 for a single item (which is wrong) */
263 union {
264 char *ptr;
265/* 1 */ STACK /* ASN1_TYPE */ *set;
266/* 0 */ ASN1_TYPE *single;
267 } value;
268 } X509_ATTRIBUTE;
269 426
270typedef struct private_key_st 427typedef struct private_key_st
271 { 428 {
@@ -288,7 +445,7 @@ typedef struct private_key_st
288 int references; 445 int references;
289 } X509_PKEY; 446 } X509_PKEY;
290 447
291#ifdef HEADER_ENVELOPE_H 448#ifndef OPENSSL_NO_EVP
292typedef struct X509_info_st 449typedef struct X509_info_st
293 { 450 {
294 X509 *x509; 451 X509 *x509;
@@ -301,11 +458,13 @@ typedef struct X509_info_st
301 458
302 int references; 459 int references;
303 } X509_INFO; 460 } X509_INFO;
461
462DECLARE_STACK_OF(X509_INFO)
304#endif 463#endif
305 464
306/* The next 2 structures and their 8 routines were sent to me by 465/* The next 2 structures and their 8 routines were sent to me by
307 * Pat Richard <patr@x509.com> and are used to manipulate 466 * Pat Richard <patr@x509.com> and are used to manipulate
308 * Netscapes spki strucutres - usefull if you are writing a CA web page 467 * Netscapes spki structures - useful if you are writing a CA web page
309 */ 468 */
310typedef struct Netscape_spkac_st 469typedef struct Netscape_spkac_st
311 { 470 {
@@ -320,17 +479,65 @@ typedef struct Netscape_spki_st
320 ASN1_BIT_STRING *signature; 479 ASN1_BIT_STRING *signature;
321 } NETSCAPE_SPKI; 480 } NETSCAPE_SPKI;
322 481
323#ifndef HEADER_BN_H 482/* Netscape certificate sequence structure */
324#define BIGNUM char 483typedef struct Netscape_certificate_sequence
325#endif 484 {
485 ASN1_OBJECT *type;
486 STACK_OF(X509) *certs;
487 } NETSCAPE_CERT_SEQUENCE;
326 488
327typedef struct CBCParameter_st 489typedef struct CBCParameter_st
328 { 490 {
329 unsigned char iv[8]; 491 unsigned char iv[8];
330 } CBC_PARAM; 492 } CBC_PARAM;
331 493
332#include "x509_vfy.h" 494/* Password based encryption structure */
333#include "pkcs7.h" 495
496typedef struct PBEPARAM_st {
497ASN1_OCTET_STRING *salt;
498ASN1_INTEGER *iter;
499} PBEPARAM;
500
501/* Password based encryption V2 structures */
502
503typedef struct PBE2PARAM_st {
504X509_ALGOR *keyfunc;
505X509_ALGOR *encryption;
506} PBE2PARAM;
507
508typedef struct PBKDF2PARAM_st {
509ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */
510ASN1_INTEGER *iter;
511ASN1_INTEGER *keylength;
512X509_ALGOR *prf;
513} PBKDF2PARAM;
514
515
516/* PKCS#8 private key info structure */
517
518typedef struct pkcs8_priv_key_info_st
519 {
520 int broken; /* Flag for various broken formats */
521#define PKCS8_OK 0
522#define PKCS8_NO_OCTET 1
523#define PKCS8_EMBEDDED_PARAM 2
524#define PKCS8_NS_DB 3
525 ASN1_INTEGER *version;
526 X509_ALGOR *pkeyalg;
527 ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
528 STACK_OF(X509_ATTRIBUTE) *attributes;
529 } PKCS8_PRIV_KEY_INFO;
530
531#ifdef __cplusplus
532}
533#endif
534
535#include <openssl/x509_vfy.h>
536#include <openssl/pkcs7.h>
537
538#ifdef __cplusplus
539extern "C" {
540#endif
334 541
335#ifdef SSLEAY_MACROS 542#ifdef SSLEAY_MACROS
336#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ 543#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
@@ -355,6 +562,9 @@ typedef struct CBCParameter_st
355 562
356#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ 563#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
357 (char *(*)())d2i_X509,(char *)x509) 564 (char *(*)())d2i_X509,(char *)x509)
565#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
566 (int (*)())i2d_X509_ATTRIBUTE, \
567 (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
358#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ 568#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
359 (int (*)())i2d_X509_EXTENSION, \ 569 (int (*)())i2d_X509_EXTENSION, \
360 (char *(*)())d2i_X509_EXTENSION,(char *)ex) 570 (char *(*)())d2i_X509_EXTENSION,(char *)ex)
@@ -442,6 +652,9 @@ typedef struct CBCParameter_st
442#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ 652#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
443 (unsigned char *)dsa) 653 (unsigned char *)dsa)
444 654
655#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
656 (char *(*)())d2i_X509_ALGOR,(char *)xn)
657
445#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ 658#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
446 (char *(*)())d2i_X509_NAME,(char *)xn) 659 (char *(*)())d2i_X509_NAME,(char *)xn)
447#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ 660#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
@@ -453,10 +666,12 @@ typedef struct CBCParameter_st
453 ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) 666 ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
454#define X509_NAME_digest(data,type,md,len) \ 667#define X509_NAME_digest(data,type,md,len) \
455 ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) 668 ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
669#ifndef PKCS7_ISSUER_AND_SERIAL_digest
456#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ 670#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
457 ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ 671 ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
458 (char *)data,md,len) 672 (char *)data,md,len)
459#endif 673#endif
674#endif
460 675
461#define X509_EXT_PACK_UNKNOWN 1 676#define X509_EXT_PACK_UNKNOWN 1
462#define X509_EXT_PACK_STRING 2 677#define X509_EXT_PACK_STRING 2
@@ -472,193 +687,225 @@ typedef struct CBCParameter_st
472#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) 687#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
473#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) 688#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
474 689
690#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
691#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
692#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
693#define X509_CRL_get_issuer(x) ((x)->crl->issuer)
694#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
695
475/* This one is only used so that a binary form can output, as in 696/* This one is only used so that a binary form can output, as in
476 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ 697 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
477#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) 698#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
478 699
479#ifndef NOPROTO 700
701const char *X509_verify_cert_error_string(long n);
480 702
481#ifndef SSLEAY_MACROS 703#ifndef SSLEAY_MACROS
482#ifdef HEADER_ENVELOPE_H 704#ifndef OPENSSL_NO_EVP
483int X509_verify(X509 *a, EVP_PKEY *r); 705int X509_verify(X509 *a, EVP_PKEY *r);
484char *X509_verify_cert_error_string(long n);
485 706
486int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); 707int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
487int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); 708int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
488int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); 709int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
489 710
490int X509_sign(X509 *x, EVP_PKEY *pkey, EVP_MD *md); 711NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
491int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, EVP_MD *md); 712char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
492int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, EVP_MD *md); 713EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
493int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, EVP_MD *md); 714int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
494 715
495int X509_digest(X509 *data,EVP_MD *type,unsigned char *md,unsigned int *len); 716int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
496int X509_NAME_digest(X509_NAME *data,EVP_MD *type, 717
497 unsigned char *md,unsigned int *len); 718int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
719
720int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
721int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
722int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
723int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
724
725int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
726 unsigned char *md, unsigned int *len);
727int X509_digest(const X509 *data,const EVP_MD *type,
728 unsigned char *md, unsigned int *len);
729int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
730 unsigned char *md, unsigned int *len);
731int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
732 unsigned char *md, unsigned int *len);
733int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
734 unsigned char *md, unsigned int *len);
498#endif 735#endif
499 736
500#ifndef NO_FP_API 737#ifndef OPENSSL_NO_FP_API
501X509 *d2i_X509_fp(FILE *fp, X509 *x509); 738X509 *d2i_X509_fp(FILE *fp, X509 **x509);
502int i2d_X509_fp(FILE *fp,X509 *x509); 739int i2d_X509_fp(FILE *fp,X509 *x509);
503X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL *crl); 740X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
504int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl); 741int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
505X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ *req); 742X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
506int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req); 743int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
507RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA *rsa); 744#ifndef OPENSSL_NO_RSA
745RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
508int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); 746int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
509DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA *dsa); 747RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
510int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
511RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA *rsa);
512int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); 748int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
749RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
750int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
751#endif
752#ifndef OPENSSL_NO_DSA
753DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
754int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
755DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
756int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
757#endif
758X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
759int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
760PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
761 PKCS8_PRIV_KEY_INFO **p8inf);
762int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
763int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
764int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
765EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
766int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
767EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
513#endif 768#endif
514 769
515#ifdef HEADER_BIO_H 770#ifndef OPENSSL_NO_BIO
516X509 *d2i_X509_bio(BIO *bp,X509 *x509); 771X509 *d2i_X509_bio(BIO *bp,X509 **x509);
517int i2d_X509_bio(BIO *bp,X509 *x509); 772int i2d_X509_bio(BIO *bp,X509 *x509);
518X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL *crl); 773X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
519int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl); 774int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
520X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ *req); 775X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
521int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req); 776int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
522RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA *rsa); 777#ifndef OPENSSL_NO_RSA
778RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
523int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); 779int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
524DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA *dsa); 780RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
525int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
526RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA *rsa);
527int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); 781int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
782RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
783int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
784#endif
785#ifndef OPENSSL_NO_DSA
786DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
787int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
788DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
789int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
790#endif
791X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
792int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
793PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
794 PKCS8_PRIV_KEY_INFO **p8inf);
795int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
796int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
797int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
798EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
799int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
800EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
528#endif 801#endif
529 802
530X509 *X509_dup(X509 *x509); 803X509 *X509_dup(X509 *x509);
804X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
531X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); 805X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
532X509_CRL *X509_CRL_dup(X509_CRL *crl); 806X509_CRL *X509_CRL_dup(X509_CRL *crl);
533X509_REQ *X509_REQ_dup(X509_REQ *req); 807X509_REQ *X509_REQ_dup(X509_REQ *req);
808X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
534X509_NAME *X509_NAME_dup(X509_NAME *xn); 809X509_NAME *X509_NAME_dup(X509_NAME *xn);
535X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); 810X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
811#ifndef OPENSSL_NO_RSA
536RSA *RSAPublicKey_dup(RSA *rsa); 812RSA *RSAPublicKey_dup(RSA *rsa);
537RSA *RSAPrivateKey_dup(RSA *rsa); 813RSA *RSAPrivateKey_dup(RSA *rsa);
814#endif
538 815
539#endif /* !SSLEAY_MACROS */ 816#endif /* !SSLEAY_MACROS */
540 817
541int X509_cmp_current_time(ASN1_UTCTIME *s); 818int X509_cmp_time(ASN1_TIME *s, time_t *t);
542ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj); 819int X509_cmp_current_time(ASN1_TIME *s);
820ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
821ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj);
543 822
544char * X509_get_default_cert_area(void ); 823const char * X509_get_default_cert_area(void );
545char * X509_get_default_cert_dir(void ); 824const char * X509_get_default_cert_dir(void );
546char * X509_get_default_cert_file(void ); 825const char * X509_get_default_cert_file(void );
547char * X509_get_default_cert_dir_env(void ); 826const char * X509_get_default_cert_dir_env(void );
548char * X509_get_default_cert_file_env(void ); 827const char * X509_get_default_cert_file_env(void );
549char * X509_get_default_private_dir(void ); 828const char * X509_get_default_private_dir(void );
550 829
551X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md); 830X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
552X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); 831X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
553void ERR_load_X509_strings(void );
554 832
555X509_ALGOR * X509_ALGOR_new(void ); 833DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
556void X509_ALGOR_free(X509_ALGOR *a); 834DECLARE_ASN1_FUNCTIONS(X509_VAL)
557int i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp);
558X509_ALGOR * d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp,
559 long length);
560 835
561X509_VAL * X509_VAL_new(void ); 836DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
562void X509_VAL_free(X509_VAL *a);
563int i2d_X509_VAL(X509_VAL *a,unsigned char **pp);
564X509_VAL * d2i_X509_VAL(X509_VAL **a,unsigned char **pp,
565 long length);
566 837
567X509_PUBKEY * X509_PUBKEY_new(void );
568void X509_PUBKEY_free(X509_PUBKEY *a);
569int i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp);
570X509_PUBKEY * d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp,
571 long length);
572int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); 838int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
573EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); 839EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
574int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK *chain); 840int X509_get_pubkey_parameters(EVP_PKEY *pkey,
575 841 STACK_OF(X509) *chain);
576 842int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
577X509_SIG * X509_SIG_new(void ); 843EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
578void X509_SIG_free(X509_SIG *a);
579int i2d_X509_SIG(X509_SIG *a,unsigned char **pp);
580X509_SIG * d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length);
581
582X509_REQ_INFO *X509_REQ_INFO_new(void);
583void X509_REQ_INFO_free(X509_REQ_INFO *a);
584int i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp);
585X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp,
586 long length); 844 long length);
845#ifndef OPENSSL_NO_RSA
846int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
847RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
848 long length);
849#endif
850#ifndef OPENSSL_NO_DSA
851int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
852DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
853 long length);
854#endif
587 855
588X509_REQ * X509_REQ_new(void); 856DECLARE_ASN1_FUNCTIONS(X509_SIG)
589void X509_REQ_free(X509_REQ *a); 857DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
590int i2d_X509_REQ(X509_REQ *a,unsigned char **pp); 858DECLARE_ASN1_FUNCTIONS(X509_REQ)
591X509_REQ * d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length);
592 859
593X509_ATTRIBUTE *X509_ATTRIBUTE_new(void ); 860DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
594void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a); 861X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
595int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
596X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
597 long length);
598 862
599X509_EXTENSION *X509_EXTENSION_new(void ); 863DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
600void X509_EXTENSION_free(X509_EXTENSION *a);
601int i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp);
602X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp,
603 long length);
604 864
605X509_NAME_ENTRY *X509_NAME_ENTRY_new(void); 865DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
606void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a); 866
607int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp); 867DECLARE_ASN1_FUNCTIONS(X509_NAME)
608X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp,
609 long length);
610 868
611X509_NAME * X509_NAME_new(void);
612void X509_NAME_free(X509_NAME *a);
613int i2d_X509_NAME(X509_NAME *a,unsigned char **pp);
614X509_NAME * d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length);
615int X509_NAME_set(X509_NAME **xn, X509_NAME *name); 869int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
616 870
871DECLARE_ASN1_FUNCTIONS(X509_CINF)
617 872
618X509_CINF * X509_CINF_new(void); 873DECLARE_ASN1_FUNCTIONS(X509)
619void X509_CINF_free(X509_CINF *a); 874DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
620int i2d_X509_CINF(X509_CINF *a,unsigned char **pp);
621X509_CINF * d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length);
622 875
623X509 * X509_new(void); 876int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
624void X509_free(X509 *a); 877 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
625int i2d_X509(X509 *a,unsigned char **pp); 878int X509_set_ex_data(X509 *r, int idx, void *arg);
626X509 * d2i_X509(X509 **a,unsigned char **pp,long length); 879void *X509_get_ex_data(X509 *r, int idx);
880int i2d_X509_AUX(X509 *a,unsigned char **pp);
881X509 * d2i_X509_AUX(X509 **a,unsigned char **pp,long length);
627 882
628X509_REVOKED * X509_REVOKED_new(void); 883int X509_alias_set1(X509 *x, unsigned char *name, int len);
629void X509_REVOKED_free(X509_REVOKED *a); 884int X509_keyid_set1(X509 *x, unsigned char *id, int len);
630int i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp); 885unsigned char * X509_alias_get0(X509 *x, int *len);
631X509_REVOKED * d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length); 886int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
887int X509_TRUST_set(int *t, int trust);
888int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
889int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
890void X509_trust_clear(X509 *x);
891void X509_reject_clear(X509 *x);
632 892
633X509_CRL_INFO *X509_CRL_INFO_new(void); 893DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
634void X509_CRL_INFO_free(X509_CRL_INFO *a); 894DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
635int i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp); 895DECLARE_ASN1_FUNCTIONS(X509_CRL)
636X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp,
637 long length);
638 896
639X509_CRL * X509_CRL_new(void); 897int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
640void X509_CRL_free(X509_CRL *a);
641int i2d_X509_CRL(X509_CRL *a,unsigned char **pp);
642X509_CRL * d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length);
643 898
644X509_PKEY * X509_PKEY_new(void ); 899X509_PKEY * X509_PKEY_new(void );
645void X509_PKEY_free(X509_PKEY *a); 900void X509_PKEY_free(X509_PKEY *a);
646int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); 901int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
647X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length); 902X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
648 903
649NETSCAPE_SPKI * NETSCAPE_SPKI_new(void ); 904DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
650void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a); 905DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
651int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp); 906DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
652NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp,
653 long length);
654 907
655NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void ); 908#ifndef OPENSSL_NO_EVP
656void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a);
657int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp);
658NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp,
659 long length);
660
661#ifdef HEADER_ENVELOPE_H
662X509_INFO * X509_INFO_new(void); 909X509_INFO * X509_INFO_new(void);
663void X509_INFO_free(X509_INFO *a); 910void X509_INFO_free(X509_INFO *a);
664char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); 911char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
@@ -666,12 +913,22 @@ char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
666int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1, 913int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
667 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); 914 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
668 915
669int ASN1_digest(int (*i2d)(),EVP_MD *type,char *data, 916int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data,
670 unsigned char *md,unsigned int *len); 917 unsigned char *md,unsigned int *len);
671 918
672int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, 919int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
673 ASN1_BIT_STRING *signature, 920 ASN1_BIT_STRING *signature,
674 char *data,EVP_PKEY *pkey, EVP_MD *type); 921 char *data,EVP_PKEY *pkey, const EVP_MD *type);
922
923int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
924 unsigned char *md,unsigned int *len);
925
926int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
927 ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);
928
929int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
930 ASN1_BIT_STRING *signature,
931 void *data, EVP_PKEY *pkey, const EVP_MD *type);
675#endif 932#endif
676 933
677int X509_set_version(X509 *x,long version); 934int X509_set_version(X509 *x,long version);
@@ -681,40 +938,83 @@ int X509_set_issuer_name(X509 *x, X509_NAME *name);
681X509_NAME * X509_get_issuer_name(X509 *a); 938X509_NAME * X509_get_issuer_name(X509 *a);
682int X509_set_subject_name(X509 *x, X509_NAME *name); 939int X509_set_subject_name(X509 *x, X509_NAME *name);
683X509_NAME * X509_get_subject_name(X509 *a); 940X509_NAME * X509_get_subject_name(X509 *a);
684int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm); 941int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
685int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm); 942int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
686int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); 943int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
687EVP_PKEY * X509_get_pubkey(X509 *x); 944EVP_PKEY * X509_get_pubkey(X509 *x);
945ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
688int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); 946int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
689 947
690int X509_REQ_set_version(X509_REQ *x,long version); 948int X509_REQ_set_version(X509_REQ *x,long version);
691int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); 949int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
692int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); 950int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
693EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); 951EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
952int X509_REQ_extension_nid(int nid);
953int * X509_REQ_get_extension_nids(void);
954void X509_REQ_set_extension_nids(int *nids);
955STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
956int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
957 int nid);
958int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
959int X509_REQ_get_attr_count(const X509_REQ *req);
960int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
961 int lastpos);
962int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
963 int lastpos);
964X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
965X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
966int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
967int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
968 const ASN1_OBJECT *obj, int type,
969 const unsigned char *bytes, int len);
970int X509_REQ_add1_attr_by_NID(X509_REQ *req,
971 int nid, int type,
972 const unsigned char *bytes, int len);
973int X509_REQ_add1_attr_by_txt(X509_REQ *req,
974 const char *attrname, int type,
975 const unsigned char *bytes, int len);
976
977int X509_CRL_set_version(X509_CRL *x, long version);
978int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
979int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
980int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
981int X509_CRL_sort(X509_CRL *crl);
982
983int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
984int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
694 985
695int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); 986int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
696 987
697int X509_issuer_and_serial_cmp(X509 *a, X509 *b); 988int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
698unsigned long X509_issuer_and_serial_hash(X509 *a); 989unsigned long X509_issuer_and_serial_hash(X509 *a);
699 990
700int X509_issuer_name_cmp(X509 *a, X509 *b); 991int X509_issuer_name_cmp(const X509 *a, const X509 *b);
701unsigned long X509_issuer_name_hash(X509 *a); 992unsigned long X509_issuer_name_hash(X509 *a);
702 993
703int X509_subject_name_cmp(X509 *a,X509 *b); 994int X509_subject_name_cmp(const X509 *a, const X509 *b);
704unsigned long X509_subject_name_hash(X509 *x); 995unsigned long X509_subject_name_hash(X509 *x);
705 996
706int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); 997int X509_cmp(const X509 *a, const X509 *b);
998int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
707unsigned long X509_NAME_hash(X509_NAME *x); 999unsigned long X509_NAME_hash(X509_NAME *x);
708 1000
709int X509_CRL_cmp(X509_CRL *a,X509_CRL *b); 1001int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
710#ifndef NO_FP_API 1002#ifndef OPENSSL_NO_FP_API
1003int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
711int X509_print_fp(FILE *bp,X509 *x); 1004int X509_print_fp(FILE *bp,X509 *x);
1005int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
712int X509_REQ_print_fp(FILE *bp,X509_REQ *req); 1006int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
1007int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
713#endif 1008#endif
714 1009
715#ifdef HEADER_BIO_H 1010#ifndef OPENSSL_NO_BIO
716int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); 1011int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
1012int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
1013int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
717int X509_print(BIO *bp,X509 *x); 1014int X509_print(BIO *bp,X509 *x);
1015int X509_ocspid_print(BIO *bp,X509 *x);
1016int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
1017int X509_CRL_print(BIO *bp,X509_CRL *x);
718int X509_REQ_print(BIO *bp,X509_REQ *req); 1018int X509_REQ_print(BIO *bp,X509_REQ *req);
719#endif 1019#endif
720 1020
@@ -725,7 +1025,7 @@ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
725 char *buf,int len); 1025 char *buf,int len);
726 1026
727/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use 1027/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
728 * lastpos, seach after that position on. */ 1028 * lastpos, search after that position on. */
729int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); 1029int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
730int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, 1030int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
731 int lastpos); 1031 int lastpos);
@@ -733,8 +1033,16 @@ X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
733X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); 1033X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
734int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, 1034int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
735 int loc, int set); 1035 int loc, int set);
1036int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
1037 unsigned char *bytes, int len, int loc, int set);
1038int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
1039 unsigned char *bytes, int len, int loc, int set);
1040X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
1041 char *field, int type, unsigned char *bytes, int len);
736X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, 1042X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
737 int type,unsigned char *bytes, int len); 1043 int type,unsigned char *bytes, int len);
1044int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
1045 unsigned char *bytes, int len, int loc, int set);
738X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, 1046X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
739 ASN1_OBJECT *obj, int type,unsigned char *bytes, 1047 ASN1_OBJECT *obj, int type,unsigned char *bytes,
740 int len); 1048 int len);
@@ -745,18 +1053,17 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
745ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); 1053ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
746ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); 1054ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
747 1055
748int X509v3_get_ext_count(STACK *x); 1056int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
749int X509v3_get_ext_by_NID(STACK *x, int nid, int lastpos); 1057int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
750int X509v3_get_ext_by_OBJ(STACK *x,ASN1_OBJECT *obj,int lastpos); 1058 int nid, int lastpos);
751int X509v3_get_ext_by_critical(STACK *x, int crit, int lastpos); 1059int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
752X509_EXTENSION *X509v3_get_ext(STACK *x, int loc); 1060 ASN1_OBJECT *obj,int lastpos);
753X509_EXTENSION *X509v3_delete_ext(STACK *x, int loc); 1061int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
754STACK * X509v3_add_ext(STACK **x, X509_EXTENSION *ex, int loc); 1062 int crit, int lastpos);
755 1063X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
756int X509v3_data_type_by_OBJ(ASN1_OBJECT *obj); 1064X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
757int X509v3_data_type_by_NID(int nid); 1065STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
758int X509v3_pack_type_by_OBJ(ASN1_OBJECT *obj); 1066 X509_EXTENSION *ex, int loc);
759int X509v3_pack_type_by_NID(int nid);
760 1067
761int X509_get_ext_count(X509 *x); 1068int X509_get_ext_count(X509 *x);
762int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); 1069int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
@@ -765,6 +1072,9 @@ int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
765X509_EXTENSION *X509_get_ext(X509 *x, int loc); 1072X509_EXTENSION *X509_get_ext(X509 *x, int loc);
766X509_EXTENSION *X509_delete_ext(X509 *x, int loc); 1073X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
767int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); 1074int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
1075void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
1076int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
1077 unsigned long flags);
768 1078
769int X509_CRL_get_ext_count(X509_CRL *x); 1079int X509_CRL_get_ext_count(X509_CRL *x);
770int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); 1080int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
@@ -773,6 +1083,9 @@ int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
773X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); 1083X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
774X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); 1084X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
775int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); 1085int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
1086void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
1087int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
1088 unsigned long flags);
776 1089
777int X509_REVOKED_get_ext_count(X509_REVOKED *x); 1090int X509_REVOKED_get_ext_count(X509_REVOKED *x);
778int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); 1091int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
@@ -781,6 +1094,9 @@ int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
781X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); 1094X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
782X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); 1095X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
783int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); 1096int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
1097void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
1098int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
1099 unsigned long flags);
784 1100
785X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, 1101X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
786 int nid, int crit, ASN1_OCTET_STRING *data); 1102 int nid, int crit, ASN1_OCTET_STRING *data);
@@ -793,311 +1109,80 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex,
793ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); 1109ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
794ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); 1110ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
795int X509_EXTENSION_get_critical(X509_EXTENSION *ex); 1111int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
796ASN1_OCTET_STRING *X509v3_pack_string(ASN1_OCTET_STRING **ex,int type,
797 unsigned char *bytes, int len);
798ASN1_STRING * X509v3_unpack_string(ASN1_STRING **ex,int type,
799 ASN1_OCTET_STRING *os);
800 1112
801int X509_verify_cert(X509_STORE_CTX *ctx); 1113int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
802 1114int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
803/* lookup a cert from a X509 STACK */ 1115 int lastpos);
804X509 *X509_find_by_issuer_and_serial(STACK *sk,X509_NAME *name, 1116int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
805 ASN1_INTEGER *serial); 1117 int lastpos);
806X509 *X509_find_by_subject(STACK *sk,X509_NAME *name); 1118X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
807 1119X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
808#else 1120STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
809 1121 X509_ATTRIBUTE *attr);
810#ifndef SSLEAY_MACROS 1122STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
811#ifdef HEADER_ENVELOPE_H 1123 const ASN1_OBJECT *obj, int type,
812int X509_verify(); 1124 const unsigned char *bytes, int len);
813int X509_REQ_verify(); 1125STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
814int X509_CRL_verify(); 1126 int nid, int type,
815int NETSCAPE_SPKI_verify(); 1127 const unsigned char *bytes, int len);
816 1128STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
817int X509_sign(); 1129 const char *attrname, int type,
818int X509_REQ_sign(); 1130 const unsigned char *bytes, int len);
819int X509_CRL_sign(); 1131X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
820int NETSCAPE_SPKI_sign(); 1132 int atrtype, const void *data, int len);
821 1133X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
822int X509_digest(); 1134 const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
823int X509_NAME_digest(); 1135X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
824#endif 1136 const char *atrname, int type, const unsigned char *bytes, int len);
825 1137int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
826#ifndef NO_FP_API 1138int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
827X509 *d2i_X509_fp(); 1139void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
828int i2d_X509_fp(); 1140 int atrtype, void *data);
829X509_CRL *d2i_X509_CRL_fp(); 1141int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
830int i2d_X509_CRL_fp(); 1142ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
831X509_REQ *d2i_X509_REQ_fp(); 1143ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
832int i2d_X509_REQ_fp();
833RSA *d2i_RSAPrivateKey_fp();
834int i2d_RSAPrivateKey_fp();
835DSA *d2i_DSAPrivateKey_fp();
836int i2d_DSAPrivateKey_fp();
837RSA *d2i_RSAPublicKey_fp();
838int i2d_RSAPublicKey_fp();
839#endif
840
841X509 *d2i_X509_bio();
842int i2d_X509_bio();
843X509_CRL *d2i_X509_CRL_bio();
844int i2d_X509_CRL_bio();
845X509_REQ *d2i_X509_REQ_bio();
846int i2d_X509_REQ_bio();
847RSA *d2i_RSAPrivateKey_bio();
848int i2d_RSAPrivateKey_bio();
849DSA *d2i_DSAPrivateKey_bio();
850int i2d_DSAPrivateKey_bio();
851RSA *d2i_RSAPublicKey_bio();
852int i2d_RSAPublicKey_bio();
853
854X509 *X509_dup();
855X509_EXTENSION *X509_EXTENSION_dup();
856X509_CRL *X509_CRL_dup();
857X509_REQ *X509_REQ_dup();
858X509_NAME *X509_NAME_dup();
859X509_NAME_ENTRY *X509_NAME_ENTRY_dup();
860RSA *RSAPublicKey_dup();
861RSA *RSAPrivateKey_dup();
862
863#endif /* !SSLEAY_MACROS */
864 1144
865int X509_cmp_current_time(); 1145int X509_verify_cert(X509_STORE_CTX *ctx);
866ASN1_UTCTIME * X509_gmtime_adj();
867
868char * X509_get_default_cert_area();
869char * X509_get_default_cert_dir();
870char * X509_get_default_cert_file();
871char * X509_get_default_cert_dir_env();
872char * X509_get_default_cert_file_env();
873char * X509_get_default_private_dir();
874
875X509_REQ * X509_to_X509_REQ();
876X509 * X509_REQ_to_X509();
877void ERR_load_X509_strings();
878
879X509_ALGOR * X509_ALGOR_new();
880void X509_ALGOR_free();
881int i2d_X509_ALGOR();
882X509_ALGOR * d2i_X509_ALGOR();
883
884X509_VAL * X509_VAL_new();
885void X509_VAL_free();
886int i2d_X509_VAL();
887X509_VAL * d2i_X509_VAL();
888
889X509_PUBKEY * X509_PUBKEY_new();
890void X509_PUBKEY_free();
891int i2d_X509_PUBKEY();
892X509_PUBKEY * d2i_X509_PUBKEY();
893int X509_PUBKEY_set();
894EVP_PKEY * X509_PUBKEY_get();
895int X509_get_pubkey_parameters();
896
897X509_SIG * X509_SIG_new();
898void X509_SIG_free();
899int i2d_X509_SIG();
900X509_SIG * d2i_X509_SIG();
901
902X509_REQ_INFO *X509_REQ_INFO_new();
903void X509_REQ_INFO_free();
904int i2d_X509_REQ_INFO();
905X509_REQ_INFO *d2i_X509_REQ_INFO();
906
907X509_REQ * X509_REQ_new();
908void X509_REQ_free();
909int i2d_X509_REQ();
910X509_REQ * d2i_X509_REQ();
911
912X509_ATTRIBUTE *X509_ATTRIBUTE_new();
913void X509_ATTRIBUTE_free();
914int i2d_X509_ATTRIBUTE();
915X509_ATTRIBUTE *d2i_X509_ATTRIBUTE();
916
917X509_EXTENSION *X509_EXTENSION_new();
918void X509_EXTENSION_free();
919int i2d_X509_EXTENSION();
920X509_EXTENSION *d2i_X509_EXTENSION();
921
922X509_NAME_ENTRY *X509_NAME_ENTRY_new();
923void X509_NAME_ENTRY_free();
924int i2d_X509_NAME_ENTRY();
925X509_NAME_ENTRY *d2i_X509_NAME_ENTRY();
926
927X509_NAME * X509_NAME_new();
928void X509_NAME_free();
929int i2d_X509_NAME();
930X509_NAME * d2i_X509_NAME();
931int X509_NAME_set();
932
933
934X509_CINF * X509_CINF_new();
935void X509_CINF_free();
936int i2d_X509_CINF();
937X509_CINF * d2i_X509_CINF();
938
939X509 * X509_new();
940void X509_free();
941int i2d_X509();
942X509 * d2i_X509();
943
944X509_REVOKED * X509_REVOKED_new();
945void X509_REVOKED_free();
946int i2d_X509_REVOKED();
947X509_REVOKED * d2i_X509_REVOKED();
948
949X509_CRL_INFO *X509_CRL_INFO_new();
950void X509_CRL_INFO_free();
951int i2d_X509_CRL_INFO();
952X509_CRL_INFO *d2i_X509_CRL_INFO();
953
954X509_CRL * X509_CRL_new();
955void X509_CRL_free();
956int i2d_X509_CRL();
957X509_CRL * d2i_X509_CRL();
958
959X509_PKEY * X509_PKEY_new();
960void X509_PKEY_free();
961int i2d_X509_PKEY();
962X509_PKEY * d2i_X509_PKEY();
963
964NETSCAPE_SPKI * NETSCAPE_SPKI_new();
965void NETSCAPE_SPKI_free();
966int i2d_NETSCAPE_SPKI();
967NETSCAPE_SPKI * d2i_NETSCAPE_SPKI();
968
969NETSCAPE_SPKAC *NETSCAPE_SPKAC_new();
970void NETSCAPE_SPKAC_free();
971int i2d_NETSCAPE_SPKAC();
972NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC();
973
974#ifdef HEADER_ENVELOPE_H
975X509_INFO * X509_INFO_new();
976void X509_INFO_free();
977#endif
978
979char * X509_NAME_oneline();
980
981int ASN1_verify();
982int ASN1_digest();
983int ASN1_sign();
984
985int X509_set_version();
986int X509_set_serialNumber();
987ASN1_INTEGER * X509_get_serialNumber();
988int X509_set_issuer_name();
989X509_NAME * X509_get_issuer_name();
990int X509_set_subject_name();
991X509_NAME * X509_get_subject_name();
992int X509_set_notBefore();
993int X509_set_notAfter();
994int X509_set_pubkey();
995EVP_PKEY * X509_get_pubkey();
996int X509_certificate_type();
997
998int X509_REQ_set_version();
999int X509_REQ_set_subject_name();
1000int X509_REQ_set_pubkey();
1001EVP_PKEY * X509_REQ_get_pubkey();
1002
1003int X509_check_private_key();
1004
1005int X509_issuer_and_serial_cmp();
1006unsigned long X509_issuer_and_serial_hash();
1007
1008int X509_issuer_name_cmp();
1009unsigned long X509_issuer_name_hash();
1010
1011int X509_subject_name_cmp();
1012unsigned long X509_subject_name_hash();
1013
1014int X509_NAME_cmp ();
1015unsigned long X509_NAME_hash();
1016
1017int X509_CRL_cmp();
1018#ifndef NO_FP_API
1019int X509_print_fp();
1020int X509_REQ_print_fp();
1021#endif
1022
1023int X509_NAME_print();
1024int X509_print();
1025int X509_REQ_print();
1026
1027int X509_NAME_entry_count();
1028int X509_NAME_get_text_by_NID();
1029int X509_NAME_get_text_by_OBJ();
1030
1031int X509_NAME_get_index_by_NID();
1032int X509_NAME_get_index_by_OBJ();
1033X509_NAME_ENTRY *X509_NAME_get_entry();
1034X509_NAME_ENTRY *X509_NAME_delete_entry();
1035int X509_NAME_add_entry();
1036X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID();
1037X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ();
1038int X509_NAME_ENTRY_set_object();
1039int X509_NAME_ENTRY_set_data();
1040ASN1_OBJECT * X509_NAME_ENTRY_get_object();
1041ASN1_STRING * X509_NAME_ENTRY_get_data();
1042
1043int X509v3_get_ext_count();
1044int X509v3_get_ext_by_NID();
1045int X509v3_get_ext_by_OBJ();
1046int X509v3_get_ext_by_critical();
1047X509_EXTENSION *X509v3_get_ext();
1048X509_EXTENSION *X509v3_delete_ext();
1049STACK * X509v3_add_ext();
1050
1051int X509v3_data_type_by_OBJ();
1052int X509v3_data_type_by_NID();
1053int X509v3_pack_type_by_OBJ();
1054int X509v3_pack_type_by_NID();
1055
1056int X509_get_ext_count();
1057int X509_get_ext_by_NID();
1058int X509_get_ext_by_OBJ();
1059int X509_get_ext_by_critical();
1060X509_EXTENSION *X509_get_ext();
1061X509_EXTENSION *X509_delete_ext();
1062int X509_add_ext();
1063
1064int X509_CRL_get_ext_count();
1065int X509_CRL_get_ext_by_NID();
1066int X509_CRL_get_ext_by_OBJ();
1067int X509_CRL_get_ext_by_critical();
1068X509_EXTENSION *X509_CRL_get_ext();
1069X509_EXTENSION *X509_CRL_delete_ext();
1070int X509_CRL_add_ext();
1071
1072int X509_REVOKED_get_ext_count();
1073int X509_REVOKED_get_ext_by_NID();
1074int X509_REVOKED_get_ext_by_OBJ();
1075int X509_REVOKED_get_ext_by_critical();
1076X509_EXTENSION *X509_REVOKED_get_ext();
1077X509_EXTENSION *X509_REVOKED_delete_ext();
1078int X509_REVOKED_add_ext();
1079
1080X509_EXTENSION *X509_EXTENSION_create_by_NID();
1081X509_EXTENSION *X509_EXTENSION_create_by_OBJ();
1082int X509_EXTENSION_set_object();
1083int X509_EXTENSION_set_critical();
1084int X509_EXTENSION_set_data();
1085ASN1_OBJECT * X509_EXTENSION_get_object();
1086ASN1_OCTET_STRING *X509_EXTENSION_get_data();
1087int X509_EXTENSION_get_critical();
1088ASN1_OCTET_STRING *X509v3_pack_string();
1089ASN1_STRING * X509v3_unpack_string();
1090
1091int X509_verify_cert();
1092char * X509_verify_cert_error_string();
1093 1146
1094/* lookup a cert from a X509 STACK */ 1147/* lookup a cert from a X509 STACK */
1095X509 *X509_find_by_issuer_and_serial(); 1148X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
1096X509 *X509_find_by_subject(); 1149 ASN1_INTEGER *serial);
1097 1150X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
1098#endif 1151
1152DECLARE_ASN1_FUNCTIONS(PBEPARAM)
1153DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
1154DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
1155
1156X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
1157X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
1158 unsigned char *salt, int saltlen);
1159
1160/* PKCS#8 utilities */
1161
1162DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
1163
1164EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
1165PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
1166PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
1167PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
1168
1169int X509_check_trust(X509 *x, int id, int flags);
1170int X509_TRUST_get_count(void);
1171X509_TRUST * X509_TRUST_get0(int idx);
1172int X509_TRUST_get_by_id(int id);
1173int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
1174 char *name, int arg1, void *arg2);
1175void X509_TRUST_cleanup(void);
1176int X509_TRUST_get_flags(X509_TRUST *xp);
1177char *X509_TRUST_get0_name(X509_TRUST *xp);
1178int X509_TRUST_get_trust(X509_TRUST *xp);
1099 1179
1100/* BEGIN ERROR CODES */ 1180/* BEGIN ERROR CODES */
1181/* The following lines are auto generated by the script mkerr.pl. Any changes
1182 * made after this point may be overwritten when the script is next run.
1183 */
1184void ERR_load_X509_strings(void);
1185
1101/* Error codes for the X509 functions. */ 1186/* Error codes for the X509 functions. */
1102 1187
1103/* Function codes. */ 1188/* Function codes. */
@@ -1105,17 +1190,25 @@ X509 *X509_find_by_subject();
1105#define X509_F_BY_FILE_CTRL 101 1190#define X509_F_BY_FILE_CTRL 101
1106#define X509_F_DIR_CTRL 102 1191#define X509_F_DIR_CTRL 102
1107#define X509_F_GET_CERT_BY_SUBJECT 103 1192#define X509_F_GET_CERT_BY_SUBJECT 103
1193#define X509_F_NETSCAPE_SPKI_B64_DECODE 129
1194#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130
1108#define X509_F_X509V3_ADD_EXT 104 1195#define X509_F_X509V3_ADD_EXT 104
1109#define X509_F_X509V3_ADD_EXTENSION 105 1196#define X509_F_X509_ADD_ATTR 135
1110#define X509_F_X509V3_PACK_STRING 106 1197#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136
1111#define X509_F_X509V3_UNPACK_STRING 107 1198#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137
1199#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140
1200#define X509_F_X509_ATTRIBUTE_GET0_DATA 139
1201#define X509_F_X509_ATTRIBUTE_SET1_DATA 138
1202#define X509_F_X509_CHECK_PRIVATE_KEY 128
1112#define X509_F_X509_EXTENSION_CREATE_BY_NID 108 1203#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
1113#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 1204#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
1114#define X509_F_X509_GET_PUBKEY_PARAMETERS 110 1205#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
1206#define X509_F_X509_LOAD_CERT_CRL_FILE 132
1115#define X509_F_X509_LOAD_CERT_FILE 111 1207#define X509_F_X509_LOAD_CERT_FILE 111
1116#define X509_F_X509_LOAD_CRL_FILE 112 1208#define X509_F_X509_LOAD_CRL_FILE 112
1117#define X509_F_X509_NAME_ADD_ENTRY 113 1209#define X509_F_X509_NAME_ADD_ENTRY 113
1118#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 1210#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
1211#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131
1119#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 1212#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
1120#define X509_F_X509_NAME_ONELINE 116 1213#define X509_F_X509_NAME_ONELINE 116
1121#define X509_F_X509_NAME_PRINT 117 1214#define X509_F_X509_NAME_PRINT 117
@@ -1127,26 +1220,40 @@ X509 *X509_find_by_subject();
1127#define X509_F_X509_REQ_TO_X509 123 1220#define X509_F_X509_REQ_TO_X509 123
1128#define X509_F_X509_STORE_ADD_CERT 124 1221#define X509_F_X509_STORE_ADD_CERT 124
1129#define X509_F_X509_STORE_ADD_CRL 125 1222#define X509_F_X509_STORE_ADD_CRL 125
1223#define X509_F_X509_STORE_CTX_INIT 143
1224#define X509_F_X509_STORE_CTX_NEW 142
1225#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
1130#define X509_F_X509_TO_X509_REQ 126 1226#define X509_F_X509_TO_X509_REQ 126
1227#define X509_F_X509_TRUST_ADD 133
1228#define X509_F_X509_TRUST_SET 141
1131#define X509_F_X509_VERIFY_CERT 127 1229#define X509_F_X509_VERIFY_CERT 127
1132 1230
1133/* Reason codes. */ 1231/* Reason codes. */
1134#define X509_R_BAD_X509_FILETYPE 100 1232#define X509_R_BAD_X509_FILETYPE 100
1233#define X509_R_BASE64_DECODE_ERROR 118
1234#define X509_R_CANT_CHECK_DH_KEY 114
1135#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 1235#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
1136#define X509_R_ERR_ASN1_LIB 102 1236#define X509_R_ERR_ASN1_LIB 102
1237#define X509_R_INVALID_DIRECTORY 113
1238#define X509_R_INVALID_FIELD_NAME 119
1239#define X509_R_INVALID_TRUST 123
1240#define X509_R_KEY_TYPE_MISMATCH 115
1241#define X509_R_KEY_VALUES_MISMATCH 116
1137#define X509_R_LOADING_CERT_DIR 103 1242#define X509_R_LOADING_CERT_DIR 103
1138#define X509_R_LOADING_DEFAULTS 104 1243#define X509_R_LOADING_DEFAULTS 104
1139#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 1244#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
1140#define X509_R_SHOULD_RETRY 106 1245#define X509_R_SHOULD_RETRY 106
1141#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 1246#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
1142#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 1247#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
1248#define X509_R_UNKNOWN_KEY_TYPE 117
1143#define X509_R_UNKNOWN_NID 109 1249#define X509_R_UNKNOWN_NID 109
1144#define X509_R_UNKNOWN_STRING_TYPE 110 1250#define X509_R_UNKNOWN_PURPOSE_ID 121
1251#define X509_R_UNKNOWN_TRUST_ID 120
1145#define X509_R_UNSUPPORTED_ALGORITHM 111 1252#define X509_R_UNSUPPORTED_ALGORITHM 111
1146#define X509_R_WRONG_LOOKUP_TYPE 112 1253#define X509_R_WRONG_LOOKUP_TYPE 112
1147 1254#define X509_R_WRONG_TYPE 122
1255
1148#ifdef __cplusplus 1256#ifdef __cplusplus
1149} 1257}
1150#endif 1258#endif
1151#endif 1259#endif
1152
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
index caafde658f..0bae3d32a1 100644
--- a/src/lib/libcrypto/x509/x509_att.c
+++ b/src/lib/libcrypto/x509/x509_att.c
@@ -149,8 +149,8 @@ err2:
149} 149}
150 150
151STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, 151STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
152 ASN1_OBJECT *obj, int type, 152 const ASN1_OBJECT *obj, int type,
153 unsigned char *bytes, int len) 153 const unsigned char *bytes, int len)
154{ 154{
155 X509_ATTRIBUTE *attr; 155 X509_ATTRIBUTE *attr;
156 STACK_OF(X509_ATTRIBUTE) *ret; 156 STACK_OF(X509_ATTRIBUTE) *ret;
@@ -163,7 +163,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
163 163
164STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, 164STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
165 int nid, int type, 165 int nid, int type,
166 unsigned char *bytes, int len) 166 const unsigned char *bytes, int len)
167{ 167{
168 X509_ATTRIBUTE *attr; 168 X509_ATTRIBUTE *attr;
169 STACK_OF(X509_ATTRIBUTE) *ret; 169 STACK_OF(X509_ATTRIBUTE) *ret;
@@ -175,8 +175,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
175} 175}
176 176
177STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, 177STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
178 char *attrname, int type, 178 const char *attrname, int type,
179 unsigned char *bytes, int len) 179 const unsigned char *bytes, int len)
180{ 180{
181 X509_ATTRIBUTE *attr; 181 X509_ATTRIBUTE *attr;
182 STACK_OF(X509_ATTRIBUTE) *ret; 182 STACK_OF(X509_ATTRIBUTE) *ret;
@@ -188,7 +188,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
188} 188}
189 189
190X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, 190X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
191 int atrtype, void *data, int len) 191 int atrtype, const void *data, int len)
192{ 192{
193 ASN1_OBJECT *obj; 193 ASN1_OBJECT *obj;
194 X509_ATTRIBUTE *ret; 194 X509_ATTRIBUTE *ret;
@@ -205,7 +205,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
205} 205}
206 206
207X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, 207X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
208 ASN1_OBJECT *obj, int atrtype, void *data, int len) 208 const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
209{ 209{
210 X509_ATTRIBUTE *ret; 210 X509_ATTRIBUTE *ret;
211 211
@@ -234,7 +234,7 @@ err:
234} 234}
235 235
236X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, 236X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
237 char *atrname, int type, unsigned char *bytes, int len) 237 const char *atrname, int type, const unsigned char *bytes, int len)
238 { 238 {
239 ASN1_OBJECT *obj; 239 ASN1_OBJECT *obj;
240 X509_ATTRIBUTE *nattr; 240 X509_ATTRIBUTE *nattr;
@@ -252,7 +252,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
252 return nattr; 252 return nattr;
253 } 253 }
254 254
255int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj) 255int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
256{ 256{
257 if ((attr == NULL) || (obj == NULL)) 257 if ((attr == NULL) || (obj == NULL))
258 return(0); 258 return(0);
@@ -261,7 +261,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj)
261 return(1); 261 return(1);
262} 262}
263 263
264int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len) 264int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
265{ 265{
266 ASN1_TYPE *ttmp; 266 ASN1_TYPE *ttmp;
267 ASN1_STRING *stmp; 267 ASN1_STRING *stmp;
@@ -283,7 +283,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int
283 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; 283 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
284 if(!(ttmp = ASN1_TYPE_new())) goto err; 284 if(!(ttmp = ASN1_TYPE_new())) goto err;
285 if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; 285 if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
286 attr->set = 1; 286 attr->single = 0;
287 ASN1_TYPE_set(ttmp, atype, stmp); 287 ASN1_TYPE_set(ttmp, atype, stmp);
288 return 1; 288 return 1;
289 err: 289 err:
@@ -293,7 +293,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int
293 293
294int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr) 294int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
295{ 295{
296 if(attr->set) return sk_ASN1_TYPE_num(attr->value.set); 296 if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
297 if(attr->value.single) return 1; 297 if(attr->value.single) return 1;
298 return 0; 298 return 0;
299} 299}
@@ -321,6 +321,6 @@ ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
321{ 321{
322 if (attr == NULL) return(NULL); 322 if (attr == NULL) return(NULL);
323 if(idx >= X509_ATTRIBUTE_count(attr)) return NULL; 323 if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
324 if(attr->set) return sk_ASN1_TYPE_value(attr->value.set, idx); 324 if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
325 else return attr->value.single; 325 else return attr->value.single;
326} 326}
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index f9d9510ac5..cd20b6d66f 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -57,114 +57,121 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
63#include "asn1.h" 61#include <openssl/asn1.h>
64#include "objects.h" 62#include <openssl/objects.h>
65#include "x509.h" 63#include <openssl/x509.h>
64#include <openssl/x509v3.h>
66 65
67int X509_issuer_and_serial_cmp(a,b) 66int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
68X509 *a;
69X509 *b;
70 { 67 {
71 int i; 68 int i;
72 X509_CINF *ai,*bi; 69 X509_CINF *ai,*bi;
73 70
74 ai=a->cert_info; 71 ai=a->cert_info;
75 bi=b->cert_info; 72 bi=b->cert_info;
76 i=ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber); 73 i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
77 if (i) return(i); 74 if (i) return(i);
78 return(X509_NAME_cmp(ai->issuer,bi->issuer)); 75 return(X509_NAME_cmp(ai->issuer,bi->issuer));
79 } 76 }
80 77
81#ifndef NO_MD5 78#ifndef OPENSSL_NO_MD5
82unsigned long X509_issuer_and_serial_hash(a) 79unsigned long X509_issuer_and_serial_hash(X509 *a)
83X509 *a;
84 { 80 {
85 unsigned long ret=0; 81 unsigned long ret=0;
86 MD5_CTX ctx; 82 EVP_MD_CTX ctx;
87 unsigned char md[16]; 83 unsigned char md[16];
88 char str[256]; 84 char str[256];
89 85
86 EVP_MD_CTX_init(&ctx);
90 X509_NAME_oneline(a->cert_info->issuer,str,256); 87 X509_NAME_oneline(a->cert_info->issuer,str,256);
91 ret=strlen(str); 88 ret=strlen(str);
92 MD5_Init(&ctx); 89 EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
93 MD5_Update(&ctx,(unsigned char *)str,ret); 90 EVP_DigestUpdate(&ctx,(unsigned char *)str,ret);
94 MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data, 91 EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
95 (unsigned long)a->cert_info->serialNumber->length); 92 (unsigned long)a->cert_info->serialNumber->length);
96 MD5_Final(&(md[0]),&ctx); 93 EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
97 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| 94 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
98 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) 95 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
99 )&0xffffffffL; 96 )&0xffffffffL;
97 EVP_MD_CTX_cleanup(&ctx);
100 return(ret); 98 return(ret);
101 } 99 }
102#endif 100#endif
103 101
104int X509_issuer_name_cmp(a, b) 102int X509_issuer_name_cmp(const X509 *a, const X509 *b)
105X509 *a;
106X509 *b;
107 { 103 {
108 return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); 104 return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
109 } 105 }
110 106
111int X509_subject_name_cmp(a, b) 107int X509_subject_name_cmp(const X509 *a, const X509 *b)
112X509 *a;
113X509 *b;
114 { 108 {
115 return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); 109 return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
116 } 110 }
117 111
118int X509_CRL_cmp(a, b) 112int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
119X509_CRL *a;
120X509_CRL *b;
121 { 113 {
122 return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); 114 return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
123 } 115 }
124 116
125X509_NAME *X509_get_issuer_name(a) 117X509_NAME *X509_get_issuer_name(X509 *a)
126X509 *a;
127 { 118 {
128 return(a->cert_info->issuer); 119 return(a->cert_info->issuer);
129 } 120 }
130 121
131unsigned long X509_issuer_name_hash(x) 122unsigned long X509_issuer_name_hash(X509 *x)
132X509 *x;
133 { 123 {
134 return(X509_NAME_hash(x->cert_info->issuer)); 124 return(X509_NAME_hash(x->cert_info->issuer));
135 } 125 }
136 126
137X509_NAME *X509_get_subject_name(a) 127X509_NAME *X509_get_subject_name(X509 *a)
138X509 *a;
139 { 128 {
140 return(a->cert_info->subject); 129 return(a->cert_info->subject);
141 } 130 }
142 131
143ASN1_INTEGER *X509_get_serialNumber(a) 132ASN1_INTEGER *X509_get_serialNumber(X509 *a)
144X509 *a;
145 { 133 {
146 return(a->cert_info->serialNumber); 134 return(a->cert_info->serialNumber);
147 } 135 }
148 136
149unsigned long X509_subject_name_hash(x) 137unsigned long X509_subject_name_hash(X509 *x)
150X509 *x;
151 { 138 {
152 return(X509_NAME_hash(x->cert_info->subject)); 139 return(X509_NAME_hash(x->cert_info->subject));
153 } 140 }
154 141
155int X509_NAME_cmp(a, b) 142#ifndef OPENSSL_NO_SHA
156X509_NAME *a; 143/* Compare two certificates: they must be identical for
157X509_NAME *b; 144 * this to work. NB: Although "cmp" operations are generally
145 * prototyped to take "const" arguments (eg. for use in
146 * STACKs), the way X509 handling is - these operations may
147 * involve ensuring the hashes are up-to-date and ensuring
148 * certain cert information is cached. So this is the point
149 * where the "depth-first" constification tree has to halt
150 * with an evil cast.
151 */
152int X509_cmp(const X509 *a, const X509 *b)
153{
154 /* ensure hash is valid */
155 X509_check_purpose((X509 *)a, -1, 0);
156 X509_check_purpose((X509 *)b, -1, 0);
157
158 return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
159}
160#endif
161
162int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
158 { 163 {
159 int i,j; 164 int i,j;
160 X509_NAME_ENTRY *na,*nb; 165 X509_NAME_ENTRY *na,*nb;
161 166
162 if (sk_num(a->entries) != sk_num(b->entries)) 167 if (sk_X509_NAME_ENTRY_num(a->entries)
163 return(sk_num(a->entries)-sk_num(b->entries)); 168 != sk_X509_NAME_ENTRY_num(b->entries))
164 for (i=sk_num(a->entries)-1; i>=0; i--) 169 return sk_X509_NAME_ENTRY_num(a->entries)
170 -sk_X509_NAME_ENTRY_num(b->entries);
171 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
165 { 172 {
166 na=(X509_NAME_ENTRY *)sk_value(a->entries,i); 173 na=sk_X509_NAME_ENTRY_value(a->entries,i);
167 nb=(X509_NAME_ENTRY *)sk_value(b->entries,i); 174 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
168 j=na->value->length-nb->value->length; 175 j=na->value->length-nb->value->length;
169 if (j) return(j); 176 if (j) return(j);
170 j=memcmp(na->value->data,nb->value->data, 177 j=memcmp(na->value->data,nb->value->data,
@@ -177,37 +184,27 @@ X509_NAME *b;
177 /* We will check the object types after checking the values 184 /* We will check the object types after checking the values
178 * since the values will more often be different than the object 185 * since the values will more often be different than the object
179 * types. */ 186 * types. */
180 for (i=sk_num(a->entries)-1; i>=0; i--) 187 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
181 { 188 {
182 na=(X509_NAME_ENTRY *)sk_value(a->entries,i); 189 na=sk_X509_NAME_ENTRY_value(a->entries,i);
183 nb=(X509_NAME_ENTRY *)sk_value(b->entries,i); 190 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
184 j=OBJ_cmp(na->object,nb->object); 191 j=OBJ_cmp(na->object,nb->object);
185 if (j) return(j); 192 if (j) return(j);
186 } 193 }
187 return(0); 194 return(0);
188 } 195 }
189 196
190#ifndef NO_MD5 197#ifndef OPENSSL_NO_MD5
191/* I now DER encode the name and hash it. Since I cache the DER encoding, 198/* I now DER encode the name and hash it. Since I cache the DER encoding,
192 * this is reasonably effiecent. */ 199 * this is reasonably efficient. */
193unsigned long X509_NAME_hash(x) 200unsigned long X509_NAME_hash(X509_NAME *x)
194X509_NAME *x;
195 { 201 {
196 unsigned long ret=0; 202 unsigned long ret=0;
197 unsigned char md[16]; 203 unsigned char md[16];
198 unsigned char str[256],*p,*pp;
199 int i;
200
201 i=i2d_X509_NAME(x,NULL);
202 if (i > sizeof(str))
203 p=Malloc(i);
204 else
205 p=str;
206 204
207 pp=p; 205 /* Make sure X509_NAME structure contains valid cached encoding */
208 i2d_X509_NAME(x,&pp); 206 i2d_X509_NAME(x,NULL);
209 MD5((unsigned char *)p,i,&(md[0])); 207 EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
210 if (p != str) Free(p);
211 208
212 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| 209 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
213 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) 210 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
@@ -217,41 +214,100 @@ X509_NAME *x;
217#endif 214#endif
218 215
219/* Search a stack of X509 for a match */ 216/* Search a stack of X509 for a match */
220X509 *X509_find_by_issuer_and_serial(sk,name,serial) 217X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
221STACK *sk; 218 ASN1_INTEGER *serial)
222X509_NAME *name;
223ASN1_INTEGER *serial;
224 { 219 {
225 int i; 220 int i;
226 X509_CINF cinf; 221 X509_CINF cinf;
227 X509 x,*x509=NULL; 222 X509 x,*x509=NULL;
228 223
224 if(!sk) return NULL;
225
229 x.cert_info= &cinf; 226 x.cert_info= &cinf;
230 cinf.serialNumber=serial; 227 cinf.serialNumber=serial;
231 cinf.issuer=name; 228 cinf.issuer=name;
232 229
233 for (i=0; i<sk_num(sk); i++) 230 for (i=0; i<sk_X509_num(sk); i++)
234 { 231 {
235 x509=(X509 *)sk_value(sk,i); 232 x509=sk_X509_value(sk,i);
236 if (X509_issuer_and_serial_cmp(x509,&x) == 0) 233 if (X509_issuer_and_serial_cmp(x509,&x) == 0)
237 return(x509); 234 return(x509);
238 } 235 }
239 return(NULL); 236 return(NULL);
240 } 237 }
241 238
242X509 *X509_find_by_subject(sk,name) 239X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
243STACK *sk;
244X509_NAME *name;
245 { 240 {
246 X509 *x509; 241 X509 *x509;
247 int i; 242 int i;
248 243
249 for (i=0; i<sk_num(sk); i++) 244 for (i=0; i<sk_X509_num(sk); i++)
250 { 245 {
251 x509=(X509 *)sk_value(sk,i); 246 x509=sk_X509_value(sk,i);
252 if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0) 247 if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
253 return(x509); 248 return(x509);
254 } 249 }
255 return(NULL); 250 return(NULL);
256 } 251 }
257 252
253EVP_PKEY *X509_get_pubkey(X509 *x)
254 {
255 if ((x == NULL) || (x->cert_info == NULL))
256 return(NULL);
257 return(X509_PUBKEY_get(x->cert_info->key));
258 }
259
260ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
261 {
262 if(!x) return NULL;
263 return x->cert_info->key->public_key;
264 }
265
266int X509_check_private_key(X509 *x, EVP_PKEY *k)
267 {
268 EVP_PKEY *xk=NULL;
269 int ok=0;
270
271 xk=X509_get_pubkey(x);
272 if (xk->type != k->type)
273 {
274 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
275 goto err;
276 }
277 switch (k->type)
278 {
279#ifndef OPENSSL_NO_RSA
280 case EVP_PKEY_RSA:
281 if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
282 || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
283 {
284 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
285 goto err;
286 }
287 break;
288#endif
289#ifndef OPENSSL_NO_DSA
290 case EVP_PKEY_DSA:
291 if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
292 {
293 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
294 goto err;
295 }
296 break;
297#endif
298#ifndef OPENSSL_NO_DH
299 case EVP_PKEY_DH:
300 /* No idea */
301 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
302 goto err;
303#endif
304 default:
305 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
306 goto err;
307 }
308
309 ok=1;
310err:
311 EVP_PKEY_free(xk);
312 return(ok);
313 }
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
index 01e22f4cb4..51410cfd1a 100644
--- a/src/lib/libcrypto/x509/x509_d2.c
+++ b/src/lib/libcrypto/x509/x509_d2.c
@@ -57,15 +57,12 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
63#include "crypto.h" 61#include <openssl/crypto.h>
64#include "x509.h" 62#include <openssl/x509.h>
65 63
66#ifndef NO_STDIO 64#ifndef OPENSSL_NO_STDIO
67int X509_STORE_set_default_paths(ctx) 65int X509_STORE_set_default_paths(X509_STORE *ctx)
68X509_STORE *ctx;
69 { 66 {
70 X509_LOOKUP *lookup; 67 X509_LOOKUP *lookup;
71 68
@@ -83,10 +80,8 @@ X509_STORE *ctx;
83 return(1); 80 return(1);
84 } 81 }
85 82
86int X509_STORE_load_locations(ctx,file,path) 83int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
87X509_STORE *ctx; 84 const char *path)
88char *file;
89char *path;
90 { 85 {
91 X509_LOOKUP *lookup; 86 X509_LOOKUP *lookup;
92 87
@@ -94,13 +89,15 @@ char *path;
94 { 89 {
95 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); 90 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
96 if (lookup == NULL) return(0); 91 if (lookup == NULL) return(0);
97 X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM); 92 if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
93 return(0);
98 } 94 }
99 if (path != NULL) 95 if (path != NULL)
100 { 96 {
101 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); 97 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
102 if (lookup == NULL) return(0); 98 if (lookup == NULL) return(0);
103 X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM); 99 if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
100 return(0);
104 } 101 }
105 if ((path == NULL) && (file == NULL)) 102 if ((path == NULL) && (file == NULL))
106 return(0); 103 return(0);
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
index d9ab39b15a..e0ac151a76 100644
--- a/src/lib/libcrypto/x509/x509_def.c
+++ b/src/lib/libcrypto/x509/x509_def.c
@@ -57,27 +57,25 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
63#include "crypto.h" 61#include <openssl/crypto.h>
64#include "x509.h" 62#include <openssl/x509.h>
65 63
66char *X509_get_default_private_dir() 64const char *X509_get_default_private_dir(void)
67 { return(X509_PRIVATE_DIR); } 65 { return(X509_PRIVATE_DIR); }
68 66
69char *X509_get_default_cert_area() 67const char *X509_get_default_cert_area(void)
70 { return(X509_CERT_AREA); } 68 { return(X509_CERT_AREA); }
71 69
72char *X509_get_default_cert_dir() 70const char *X509_get_default_cert_dir(void)
73 { return(X509_CERT_DIR); } 71 { return(X509_CERT_DIR); }
74 72
75char *X509_get_default_cert_file() 73const char *X509_get_default_cert_file(void)
76 { return(X509_CERT_FILE); } 74 { return(X509_CERT_FILE); }
77 75
78char *X509_get_default_cert_dir_env() 76const char *X509_get_default_cert_dir_env(void)
79 { return(X509_CERT_DIR_EVP); } 77 { return(X509_CERT_DIR_EVP); }
80 78
81char *X509_get_default_cert_file_env() 79const char *X509_get_default_cert_file_env(void)
82 { return(X509_CERT_FILE_EVP); } 80 { return(X509_CERT_FILE_EVP); }
83 81
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
index 9304721612..5bbf4acf76 100644
--- a/src/lib/libcrypto/x509/x509_err.c
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -1,83 +1,94 @@
1/* lib/x509/x509_err.c */ 1/* crypto/x509/x509_err.c */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) 2/* ====================================================================
3 * All rights reserved. 3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
25 * are met: 7 * are met:
26 * 1. Redistributions of source code must retain the copyright 8 *
27 * notice, this list of conditions and the following disclaimer. 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
28 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in
30 * documentation and/or other materials provided with the distribution. 14 * the documentation and/or other materials provided with the
31 * 3. All advertising materials mentioning features or use of this software 15 * distribution.
32 * must display the following acknowledgement: 16 *
33 * "This product includes cryptographic software written by 17 * 3. All advertising materials mentioning features or use of this
34 * Eric Young (eay@cryptsoft.com)" 18 * software must display the following acknowledgment:
35 * The word 'cryptographic' can be left out if the rouines from the library 19 * "This product includes software developed by the OpenSSL Project
36 * being used are not cryptographic related :-). 20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
37 * 4. If you include any Windows specific code (or a derivative thereof) from 21 *
38 * the apps directory (application code) you must include an acknowledgement: 22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 23 * endorse or promote products derived from this software without
40 * 24 * prior written permission. For written permission, please contact
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 25 * openssl-core@OpenSSL.org.
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 *
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * 5. Products derived from this software may not be called "OpenSSL"
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 28 * nor may "OpenSSL" appear in their names without prior written
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * permission of the OpenSSL Project.
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 *
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * 6. Redistributions of any form whatsoever must retain the following
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * acknowledgment:
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * "This product includes software developed by the OpenSSL Project
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
51 * SUCH DAMAGE. 35 *
52 * 36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
53 * The licence and distribution terms for any publically available version or 37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
55 * copied and put under another distribution licence 39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
56 * [including the GNU Public Licence.] 40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
57 */ 54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
58#include <stdio.h> 61#include <stdio.h>
59#include "err.h" 62#include <openssl/err.h>
60#include "x509.h" 63#include <openssl/x509.h>
61 64
62/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
63#ifndef NO_ERR 66#ifndef OPENSSL_NO_ERR
64static ERR_STRING_DATA X509_str_functs[]= 67static ERR_STRING_DATA X509_str_functs[]=
65 { 68 {
66{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"}, 69{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"},
67{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"}, 70{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"},
68{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"}, 71{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"},
69{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"}, 72{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"},
73{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"},
74{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"},
70{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"}, 75{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"},
71{ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0), "X509V3_ADD_EXTENSION"}, 76{ERR_PACK(0,X509_F_X509_ADD_ATTR,0), "X509_ADD_ATTR"},
72{ERR_PACK(0,X509_F_X509V3_PACK_STRING,0), "X509v3_pack_string"}, 77{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"},
73{ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0), "X509v3_unpack_string"}, 78{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"},
79{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0), "X509_ATTRIBUTE_create_by_txt"},
80{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"},
81{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"},
82{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"},
74{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"}, 83{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
75{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"}, 84{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
76{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"}, 85{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
77{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_LOAD_CERT_FILE"}, 86{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"},
78{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_LOAD_CRL_FILE"}, 87{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"},
88{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"},
79{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"}, 89{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"},
80{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"}, 90{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"},
91{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0), "X509_NAME_ENTRY_create_by_txt"},
81{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"}, 92{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"},
82{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"}, 93{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"},
83{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"}, 94{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"},
@@ -87,41 +98,56 @@ static ERR_STRING_DATA X509_str_functs[]=
87{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"}, 98{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"},
88{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"}, 99{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"},
89{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, 100{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
90{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_ADD_CERT"}, 101{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"},
91{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_ADD_CRL"}, 102{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"},
103{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0), "X509_STORE_CTX_init"},
104{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0), "X509_STORE_CTX_new"},
105{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"},
92{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"}, 106{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
107{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"},
108{ERR_PACK(0,X509_F_X509_TRUST_SET,0), "X509_TRUST_set"},
93{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"}, 109{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
94{0,NULL}, 110{0,NULL}
95 }; 111 };
96 112
97static ERR_STRING_DATA X509_str_reasons[]= 113static ERR_STRING_DATA X509_str_reasons[]=
98 { 114 {
99{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"}, 115{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
116{X509_R_BASE64_DECODE_ERROR ,"base64 decode error"},
117{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"},
100{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"}, 118{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
101{X509_R_ERR_ASN1_LIB ,"err asn1 lib"}, 119{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
120{X509_R_INVALID_DIRECTORY ,"invalid directory"},
121{X509_R_INVALID_FIELD_NAME ,"invalid field name"},
122{X509_R_INVALID_TRUST ,"invalid trust"},
123{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"},
124{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"},
102{X509_R_LOADING_CERT_DIR ,"loading cert dir"}, 125{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
103{X509_R_LOADING_DEFAULTS ,"loading defaults"}, 126{X509_R_LOADING_DEFAULTS ,"loading defaults"},
104{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"}, 127{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"},
105{X509_R_SHOULD_RETRY ,"should retry"}, 128{X509_R_SHOULD_RETRY ,"should retry"},
106{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"}, 129{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
107{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"}, 130{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
131{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"},
108{X509_R_UNKNOWN_NID ,"unknown nid"}, 132{X509_R_UNKNOWN_NID ,"unknown nid"},
109{X509_R_UNKNOWN_STRING_TYPE ,"unknown string type"}, 133{X509_R_UNKNOWN_PURPOSE_ID ,"unknown purpose id"},
134{X509_R_UNKNOWN_TRUST_ID ,"unknown trust id"},
110{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"}, 135{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},
111{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"}, 136{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"},
112{0,NULL}, 137{X509_R_WRONG_TYPE ,"wrong type"},
138{0,NULL}
113 }; 139 };
114 140
115#endif 141#endif
116 142
117void ERR_load_X509_strings() 143void ERR_load_X509_strings(void)
118 { 144 {
119 static int init=1; 145 static int init=1;
120 146
121 if (init); 147 if (init)
122 {; 148 {
123 init=0; 149 init=0;
124#ifndef NO_ERR 150#ifndef OPENSSL_NO_ERR
125 ERR_load_strings(ERR_LIB_X509,X509_str_functs); 151 ERR_load_strings(ERR_LIB_X509,X509_str_functs);
126 ERR_load_strings(ERR_LIB_X509,X509_str_reasons); 152 ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
127#endif 153#endif
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
index 1d76ecfcfd..e7fdacb5e4 100644
--- a/src/lib/libcrypto/x509/x509_ext.c
+++ b/src/lib/libcrypto/x509/x509_ext.c
@@ -57,166 +57,154 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "stack.h" 60#include <openssl/stack.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include "asn1.h" 62#include <openssl/asn1.h>
63#include "objects.h" 63#include <openssl/objects.h>
64#include "evp.h" 64#include <openssl/evp.h>
65#include "x509.h" 65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
66 67
67int X509_CRL_get_ext_count(x) 68
68X509_CRL *x; 69int X509_CRL_get_ext_count(X509_CRL *x)
69 { 70 {
70 return(X509v3_get_ext_count(x->crl->extensions)); 71 return(X509v3_get_ext_count(x->crl->extensions));
71 } 72 }
72 73
73int X509_CRL_get_ext_by_NID(x,nid,lastpos) 74int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
74X509_CRL *x;
75int nid;
76int lastpos;
77 { 75 {
78 return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos)); 76 return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
79 } 77 }
80 78
81int X509_CRL_get_ext_by_OBJ(x,obj,lastpos) 79int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
82X509_CRL *x;
83ASN1_OBJECT *obj;
84int lastpos;
85 { 80 {
86 return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos)); 81 return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
87 } 82 }
88 83
89int X509_CRL_get_ext_by_critical(x,crit,lastpos) 84int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
90X509_CRL *x;
91int crit;
92int lastpos;
93 { 85 {
94 return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos)); 86 return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
95 } 87 }
96 88
97X509_EXTENSION *X509_CRL_get_ext(x,loc) 89X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
98X509_CRL *x;
99int loc;
100 { 90 {
101 return(X509v3_get_ext(x->crl->extensions,loc)); 91 return(X509v3_get_ext(x->crl->extensions,loc));
102 } 92 }
103 93
104X509_EXTENSION *X509_CRL_delete_ext(x,loc) 94X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
105X509_CRL *x;
106int loc;
107 { 95 {
108 return(X509v3_delete_ext(x->crl->extensions,loc)); 96 return(X509v3_delete_ext(x->crl->extensions,loc));
109 } 97 }
110 98
111int X509_CRL_add_ext(x,ex,loc) 99void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
112X509_CRL *x; 100{
113X509_EXTENSION *ex; 101 return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
114int loc; 102}
103
104int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
105 unsigned long flags)
106{
107 return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
108}
109
110int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
115 { 111 {
116 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); 112 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
117 } 113 }
118 114
119int X509_get_ext_count(x) 115int X509_get_ext_count(X509 *x)
120X509 *x;
121 { 116 {
122 return(X509v3_get_ext_count(x->cert_info->extensions)); 117 return(X509v3_get_ext_count(x->cert_info->extensions));
123 } 118 }
124 119
125int X509_get_ext_by_NID(x,nid,lastpos) 120int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
126X509 *x;
127int nid;
128int lastpos;
129 { 121 {
130 return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos)); 122 return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
131 } 123 }
132 124
133int X509_get_ext_by_OBJ(x,obj,lastpos) 125int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
134X509 *x;
135ASN1_OBJECT *obj;
136int lastpos;
137 { 126 {
138 return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos)); 127 return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
139 } 128 }
140 129
141int X509_get_ext_by_critical(x,crit,lastpos) 130int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
142X509 *x;
143int crit;
144int lastpos;
145 { 131 {
146 return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos)); 132 return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
147 } 133 }
148 134
149X509_EXTENSION *X509_get_ext(x,loc) 135X509_EXTENSION *X509_get_ext(X509 *x, int loc)
150X509 *x;
151int loc;
152 { 136 {
153 return(X509v3_get_ext(x->cert_info->extensions,loc)); 137 return(X509v3_get_ext(x->cert_info->extensions,loc));
154 } 138 }
155 139
156X509_EXTENSION *X509_delete_ext(x,loc) 140X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
157X509 *x;
158int loc;
159 { 141 {
160 return(X509v3_delete_ext(x->cert_info->extensions,loc)); 142 return(X509v3_delete_ext(x->cert_info->extensions,loc));
161 } 143 }
162 144
163int X509_add_ext(x,ex,loc) 145int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
164X509 *x;
165X509_EXTENSION *ex;
166int loc;
167 { 146 {
168 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); 147 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
169 } 148 }
170 149
171int X509_REVOKED_get_ext_count(x) 150void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
172X509_REVOKED *x; 151{
152 return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
153}
154
155int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
156 unsigned long flags)
157{
158 return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
159 flags);
160}
161
162int X509_REVOKED_get_ext_count(X509_REVOKED *x)
173 { 163 {
174 return(X509v3_get_ext_count(x->extensions)); 164 return(X509v3_get_ext_count(x->extensions));
175 } 165 }
176 166
177int X509_REVOKED_get_ext_by_NID(x,nid,lastpos) 167int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
178X509_REVOKED *x;
179int nid;
180int lastpos;
181 { 168 {
182 return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos)); 169 return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
183 } 170 }
184 171
185int X509_REVOKED_get_ext_by_OBJ(x,obj,lastpos) 172int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
186X509_REVOKED *x; 173 int lastpos)
187ASN1_OBJECT *obj;
188int lastpos;
189 { 174 {
190 return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos)); 175 return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
191 } 176 }
192 177
193int X509_REVOKED_get_ext_by_critical(x,crit,lastpos) 178int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
194X509_REVOKED *x;
195int crit;
196int lastpos;
197 { 179 {
198 return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos)); 180 return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
199 } 181 }
200 182
201X509_EXTENSION *X509_REVOKED_get_ext(x,loc) 183X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
202X509_REVOKED *x;
203int loc;
204 { 184 {
205 return(X509v3_get_ext(x->extensions,loc)); 185 return(X509v3_get_ext(x->extensions,loc));
206 } 186 }
207 187
208X509_EXTENSION *X509_REVOKED_delete_ext(x,loc) 188X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
209X509_REVOKED *x;
210int loc;
211 { 189 {
212 return(X509v3_delete_ext(x->extensions,loc)); 190 return(X509v3_delete_ext(x->extensions,loc));
213 } 191 }
214 192
215int X509_REVOKED_add_ext(x,ex,loc) 193int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
216X509_REVOKED *x;
217X509_EXTENSION *ex;
218int loc;
219 { 194 {
220 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); 195 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
221 } 196 }
222 197
198void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
199{
200 return X509V3_get_d2i(x->extensions, nid, crit, idx);
201}
202
203int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
204 unsigned long flags)
205{
206 return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
207}
208
209IMPLEMENT_STACK_OF(X509_EXTENSION)
210IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index 2c7e10a46e..b780dae5e2 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -58,19 +58,16 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "lhash.h" 61#include <openssl/lhash.h>
62#include "x509.h" 62#include <openssl/x509.h>
63#include <openssl/x509v3.h>
63 64
64static STACK *x509_store_meth=NULL; 65X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
65static STACK *x509_store_ctx_meth=NULL;
66
67X509_LOOKUP *X509_LOOKUP_new(method)
68X509_LOOKUP_METHOD *method;
69 { 66 {
70 X509_LOOKUP *ret; 67 X509_LOOKUP *ret;
71 68
72 ret=(X509_LOOKUP *)Malloc(sizeof(X509_LOOKUP)); 69 ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
73 if (ret == NULL) return(NULL); 70 if (ret == NULL) return NULL;
74 71
75 ret->init=0; 72 ret->init=0;
76 ret->skip=0; 73 ret->skip=0;
@@ -79,163 +76,137 @@ X509_LOOKUP_METHOD *method;
79 ret->store_ctx=NULL; 76 ret->store_ctx=NULL;
80 if ((method->new_item != NULL) && !method->new_item(ret)) 77 if ((method->new_item != NULL) && !method->new_item(ret))
81 { 78 {
82 Free(ret); 79 OPENSSL_free(ret);
83 return(NULL); 80 return NULL;
84 } 81 }
85 return(ret); 82 return ret;
86 } 83 }
87 84
88void X509_LOOKUP_free(ctx) 85void X509_LOOKUP_free(X509_LOOKUP *ctx)
89X509_LOOKUP *ctx;
90 { 86 {
91 if (ctx == NULL) return; 87 if (ctx == NULL) return;
92 if ( (ctx->method != NULL) && 88 if ( (ctx->method != NULL) &&
93 (ctx->method->free != NULL)) 89 (ctx->method->free != NULL))
94 ctx->method->free(ctx); 90 ctx->method->free(ctx);
95 Free(ctx); 91 OPENSSL_free(ctx);
96 } 92 }
97 93
98int X509_LOOKUP_init(ctx) 94int X509_LOOKUP_init(X509_LOOKUP *ctx)
99X509_LOOKUP *ctx;
100 { 95 {
101 if (ctx->method == NULL) return(0); 96 if (ctx->method == NULL) return 0;
102 if (ctx->method->init != NULL) 97 if (ctx->method->init != NULL)
103 return(ctx->method->init(ctx)); 98 return ctx->method->init(ctx);
104 else 99 else
105 return(1); 100 return 1;
106 } 101 }
107 102
108int X509_LOOKUP_shutdown(ctx) 103int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
109X509_LOOKUP *ctx;
110 { 104 {
111 if (ctx->method == NULL) return(0); 105 if (ctx->method == NULL) return 0;
112 if (ctx->method->init != NULL) 106 if (ctx->method->shutdown != NULL)
113 return(ctx->method->shutdown(ctx)); 107 return ctx->method->shutdown(ctx);
114 else 108 else
115 return(1); 109 return 1;
116 } 110 }
117 111
118int X509_LOOKUP_ctrl(ctx,cmd,argc,argl,ret) 112int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
119X509_LOOKUP *ctx; 113 char **ret)
120int cmd;
121char *argc;
122long argl;
123char **ret;
124 { 114 {
125 if (ctx->method == NULL) return(-1); 115 if (ctx->method == NULL) return -1;
126 if (ctx->method->ctrl != NULL) 116 if (ctx->method->ctrl != NULL)
127 return(ctx->method->ctrl(ctx,cmd,argc,argl,ret)); 117 return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
128 else 118 else
129 return(1); 119 return 1;
130 } 120 }
131 121
132int X509_LOOKUP_by_subject(ctx,type,name,ret) 122int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
133X509_LOOKUP *ctx; 123 X509_OBJECT *ret)
134int type;
135X509_NAME *name;
136X509_OBJECT *ret;
137 { 124 {
138 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) 125 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
139 return(X509_LU_FAIL); 126 return X509_LU_FAIL;
140 if (ctx->skip) return(0); 127 if (ctx->skip) return 0;
141 return(ctx->method->get_by_subject(ctx,type,name,ret)); 128 return ctx->method->get_by_subject(ctx,type,name,ret);
142 } 129 }
143 130
144int X509_LOOKUP_by_issuer_serial(ctx,type,name,serial,ret) 131int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
145X509_LOOKUP *ctx; 132 ASN1_INTEGER *serial, X509_OBJECT *ret)
146int type;
147X509_NAME *name;
148ASN1_INTEGER *serial;
149X509_OBJECT *ret;
150 { 133 {
151 if ((ctx->method == NULL) || 134 if ((ctx->method == NULL) ||
152 (ctx->method->get_by_issuer_serial == NULL)) 135 (ctx->method->get_by_issuer_serial == NULL))
153 return(X509_LU_FAIL); 136 return X509_LU_FAIL;
154 return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret)); 137 return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
155 } 138 }
156 139
157int X509_LOOKUP_by_fingerprint(ctx,type,bytes,len,ret) 140int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
158X509_LOOKUP *ctx; 141 unsigned char *bytes, int len, X509_OBJECT *ret)
159int type;
160unsigned char *bytes;
161int len;
162X509_OBJECT *ret;
163 { 142 {
164 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) 143 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
165 return(X509_LU_FAIL); 144 return X509_LU_FAIL;
166 return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret)); 145 return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
167 } 146 }
168 147
169int X509_LOOKUP_by_alias(ctx,type,str,len,ret) 148int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
170X509_LOOKUP *ctx; 149 X509_OBJECT *ret)
171int type;
172char *str;
173int len;
174X509_OBJECT *ret;
175 { 150 {
176 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) 151 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
177 return(X509_LU_FAIL); 152 return X509_LU_FAIL;
178 return(ctx->method->get_by_alias(ctx,str,len,ret)); 153 return ctx->method->get_by_alias(ctx,type,str,len,ret);
179 } 154 }
180 155
181static unsigned long x509_object_hash(a) 156
182X509_OBJECT *a; 157static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
183 { 158 {
184 unsigned long h; 159 int ret;
185 160
186 switch (a->type) 161 ret=((*a)->type - (*b)->type);
187 { 162 if (ret) return ret;
188 case X509_LU_X509: 163 switch ((*a)->type)
189 h=X509_NAME_hash(a->data.x509->cert_info->subject); 164 {
190 break; 165 case X509_LU_X509:
191 case X509_LU_CRL: 166 ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
192 h=X509_NAME_hash(a->data.crl->crl->issuer); 167 break;
193 break; 168 case X509_LU_CRL:
169 ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
170 break;
194 default: 171 default:
195 abort(); 172 /* abort(); */
173 return 0;
196 } 174 }
197 return(h); 175 return ret;
198 } 176 }
199 177
200static int x509_object_cmp(a,b) 178X509_STORE *X509_STORE_new(void)
201X509_OBJECT *a,*b;
202 {
203 int ret;
204
205 ret=(a->type - b->type);
206 if (ret) return(ret);
207 switch (a->type)
208 {
209 case X509_LU_X509:
210 ret=X509_subject_name_cmp(a->data.x509,b->data.x509);
211 break;
212 case X509_LU_CRL:
213 ret=X509_CRL_cmp(a->data.crl,b->data.crl);
214 break;
215 default:
216 abort();
217 }
218 return(ret);
219 }
220
221X509_STORE *X509_STORE_new()
222 { 179 {
223 X509_STORE *ret; 180 X509_STORE *ret;
224 181
225 if ((ret=(X509_STORE *)Malloc(sizeof(X509_STORE))) == NULL) 182 if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
226 return(NULL); 183 return NULL;
227 ret->certs=lh_new(x509_object_hash,x509_object_cmp); 184 ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
228 ret->cache=1; 185 ret->cache=1;
229 ret->get_cert_methods=sk_new_null(); 186 ret->get_cert_methods=sk_X509_LOOKUP_new_null();
230 ret->verify=NULL; 187 ret->verify=0;
231 ret->verify_cb=NULL; 188 ret->verify_cb=0;
232 memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA)); 189
190 ret->purpose = 0;
191 ret->trust = 0;
192
193 ret->flags = 0;
194
195 ret->get_issuer = 0;
196 ret->check_issued = 0;
197 ret->check_revocation = 0;
198 ret->get_crl = 0;
199 ret->check_crl = 0;
200 ret->cert_crl = 0;
201 ret->cleanup = 0;
202
203 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
233 ret->references=1; 204 ret->references=1;
234 return(ret); 205 ret->depth=0;
206 return ret;
235 } 207 }
236 208
237static void cleanup(a) 209static void cleanup(X509_OBJECT *a)
238X509_OBJECT *a;
239 { 210 {
240 if (a->type == X509_LU_X509) 211 if (a->type == X509_LU_X509)
241 { 212 {
@@ -246,90 +217,88 @@ X509_OBJECT *a;
246 X509_CRL_free(a->data.crl); 217 X509_CRL_free(a->data.crl);
247 } 218 }
248 else 219 else
249 abort(); 220 {
221 /* abort(); */
222 }
250 223
251 Free(a); 224 OPENSSL_free(a);
252 } 225 }
253 226
254void X509_STORE_free(vfy) 227void X509_STORE_free(X509_STORE *vfy)
255X509_STORE *vfy;
256 { 228 {
257 int i; 229 int i;
258 STACK *sk; 230 STACK_OF(X509_LOOKUP) *sk;
259 X509_LOOKUP *lu; 231 X509_LOOKUP *lu;
260 232
233 if (vfy == NULL)
234 return;
235
261 sk=vfy->get_cert_methods; 236 sk=vfy->get_cert_methods;
262 for (i=0; i<sk_num(sk); i++) 237 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
263 { 238 {
264 lu=(X509_LOOKUP *)sk_value(sk,i); 239 lu=sk_X509_LOOKUP_value(sk,i);
265 X509_LOOKUP_shutdown(lu); 240 X509_LOOKUP_shutdown(lu);
266 X509_LOOKUP_free(lu); 241 X509_LOOKUP_free(lu);
267 } 242 }
268 sk_free(sk); 243 sk_X509_LOOKUP_free(sk);
244 sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
269 245
270 CRYPTO_free_ex_data(x509_store_meth,(char *)vfy,&vfy->ex_data); 246 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
271 lh_doall(vfy->certs,cleanup); 247 OPENSSL_free(vfy);
272 lh_free(vfy->certs);
273 Free(vfy);
274 } 248 }
275 249
276X509_LOOKUP *X509_STORE_add_lookup(v,m) 250X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
277X509_STORE *v;
278X509_LOOKUP_METHOD *m;
279 { 251 {
280 int i; 252 int i;
281 STACK *sk; 253 STACK_OF(X509_LOOKUP) *sk;
282 X509_LOOKUP *lu; 254 X509_LOOKUP *lu;
283 255
284 sk=v->get_cert_methods; 256 sk=v->get_cert_methods;
285 for (i=0; i<sk_num(sk); i++) 257 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
286 { 258 {
287 lu=(X509_LOOKUP *)sk_value(sk,i); 259 lu=sk_X509_LOOKUP_value(sk,i);
288 if (m == lu->method) 260 if (m == lu->method)
289 { 261 {
290 return(lu); 262 return lu;
291 } 263 }
292 } 264 }
293 /* a new one */ 265 /* a new one */
294 lu=X509_LOOKUP_new(m); 266 lu=X509_LOOKUP_new(m);
295 if (lu == NULL) 267 if (lu == NULL)
296 return(NULL); 268 return NULL;
297 else 269 else
298 { 270 {
299 lu->store_ctx=v; 271 lu->store_ctx=v;
300 if (sk_push(v->get_cert_methods,(char *)lu)) 272 if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
301 return(lu); 273 return lu;
302 else 274 else
303 { 275 {
304 X509_LOOKUP_free(lu); 276 X509_LOOKUP_free(lu);
305 return(NULL); 277 return NULL;
306 } 278 }
307 } 279 }
308 } 280 }
309 281
310int X509_STORE_get_by_subject(vs,type,name,ret) 282int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
311X509_STORE_CTX *vs; 283 X509_OBJECT *ret)
312int type;
313X509_NAME *name;
314X509_OBJECT *ret;
315 { 284 {
316 X509_STORE *ctx=vs->ctx; 285 X509_STORE *ctx=vs->ctx;
317 X509_LOOKUP *lu; 286 X509_LOOKUP *lu;
318 X509_OBJECT stmp,*tmp; 287 X509_OBJECT stmp,*tmp;
319 int i,j; 288 int i,j;
320 289
321 tmp=X509_OBJECT_retrive_by_subject(ctx->certs,type,name); 290 tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
322 291
323 if (tmp == NULL) 292 if (tmp == NULL)
324 { 293 {
325 for (i=vs->current_method; i<sk_num(ctx->get_cert_methods); i++) 294 for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
326 { 295 {
327 lu=(X509_LOOKUP *)sk_value(ctx->get_cert_methods,i); 296 lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
328 j=X509_LOOKUP_by_subject(lu,type,name,&stmp); 297 j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
329 if (j < 0) 298 if (j < 0)
330 { 299 {
331 vs->current_method=j; 300 vs->current_method=j;
332 return(j); 301 return j;
333 } 302 }
334 else if (j) 303 else if (j)
335 { 304 {
@@ -339,7 +308,7 @@ X509_OBJECT *ret;
339 } 308 }
340 vs->current_method=0; 309 vs->current_method=0;
341 if (tmp == NULL) 310 if (tmp == NULL)
342 return(0); 311 return 0;
343 } 312 }
344 313
345/* if (ret->data.ptr != NULL) 314/* if (ret->data.ptr != NULL)
@@ -350,11 +319,77 @@ X509_OBJECT *ret;
350 319
351 X509_OBJECT_up_ref_count(ret); 320 X509_OBJECT_up_ref_count(ret);
352 321
353 return(1); 322 return 1;
323 }
324
325int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
326 {
327 X509_OBJECT *obj;
328 int ret=1;
329
330 if (x == NULL) return 0;
331 obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
332 if (obj == NULL)
333 {
334 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
335 return 0;
336 }
337 obj->type=X509_LU_X509;
338 obj->data.x509=x;
339
340 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
341
342 X509_OBJECT_up_ref_count(obj);
343
344
345 if (X509_OBJECT_retrieve_match(ctx->objs, obj))
346 {
347 X509_OBJECT_free_contents(obj);
348 OPENSSL_free(obj);
349 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
350 ret=0;
351 }
352 else sk_X509_OBJECT_push(ctx->objs, obj);
353
354 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
355
356 return ret;
354 } 357 }
355 358
356void X509_OBJECT_up_ref_count(a) 359int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
357X509_OBJECT *a; 360 {
361 X509_OBJECT *obj;
362 int ret=1;
363
364 if (x == NULL) return 0;
365 obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
366 if (obj == NULL)
367 {
368 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
369 return 0;
370 }
371 obj->type=X509_LU_CRL;
372 obj->data.crl=x;
373
374 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
375
376 X509_OBJECT_up_ref_count(obj);
377
378 if (X509_OBJECT_retrieve_match(ctx->objs, obj))
379 {
380 X509_OBJECT_free_contents(obj);
381 OPENSSL_free(obj);
382 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
383 ret=0;
384 }
385 else sk_X509_OBJECT_push(ctx->objs, obj);
386
387 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
388
389 return ret;
390 }
391
392void X509_OBJECT_up_ref_count(X509_OBJECT *a)
358 { 393 {
359 switch (a->type) 394 switch (a->type)
360 { 395 {
@@ -367,8 +402,7 @@ X509_OBJECT *a;
367 } 402 }
368 } 403 }
369 404
370void X509_OBJECT_free_contents(a) 405void X509_OBJECT_free_contents(X509_OBJECT *a)
371X509_OBJECT *a;
372 { 406 {
373 switch (a->type) 407 switch (a->type)
374 { 408 {
@@ -381,12 +415,10 @@ X509_OBJECT *a;
381 } 415 }
382 } 416 }
383 417
384X509_OBJECT *X509_OBJECT_retrive_by_subject(h,type,name) 418int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
385LHASH *h; 419 X509_NAME *name)
386int type;
387X509_NAME *name;
388 { 420 {
389 X509_OBJECT stmp,*tmp; 421 X509_OBJECT stmp;
390 X509 x509_s; 422 X509 x509_s;
391 X509_CINF cinf_s; 423 X509_CINF cinf_s;
392 X509_CRL crl_s; 424 X509_CRL crl_s;
@@ -406,41 +438,120 @@ X509_NAME *name;
406 crl_info_s.issuer=name; 438 crl_info_s.issuer=name;
407 break; 439 break;
408 default: 440 default:
409 abort(); 441 /* abort(); */
442 return -1;
410 } 443 }
411 444
412 tmp=(X509_OBJECT *)lh_retrieve(h,(char *)&stmp); 445 return sk_X509_OBJECT_find(h,&stmp);
413 return(tmp);
414 } 446 }
415 447
416void X509_STORE_CTX_init(ctx,store,x509,chain) 448X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
417X509_STORE_CTX *ctx; 449 X509_NAME *name)
418X509_STORE *store; 450{
419X509 *x509; 451 int idx;
420STACK *chain; 452 idx = X509_OBJECT_idx_by_subject(h, type, name);
453 if (idx==-1) return NULL;
454 return sk_X509_OBJECT_value(h, idx);
455}
456
457X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
458{
459 int idx, i;
460 X509_OBJECT *obj;
461 idx = sk_X509_OBJECT_find(h, x);
462 if (idx == -1) return NULL;
463 if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
464 for (i = idx; i < sk_X509_OBJECT_num(h); i++)
465 {
466 obj = sk_X509_OBJECT_value(h, i);
467 if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
468 return NULL;
469 if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
470 return obj;
471 }
472 return NULL;
473}
474
475
476/* Try to get issuer certificate from store. Due to limitations
477 * of the API this can only retrieve a single certificate matching
478 * a given subject name. However it will fill the cache with all
479 * matching certificates, so we can examine the cache for all
480 * matches.
481 *
482 * Return values are:
483 * 1 lookup successful.
484 * 0 certificate not found.
485 * -1 some other error.
486 */
487
488
489int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
490{
491 X509_NAME *xn;
492 X509_OBJECT obj, *pobj;
493 int i, ok, idx;
494 xn=X509_get_issuer_name(x);
495 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
496 if (ok != X509_LU_X509)
497 {
498 if (ok == X509_LU_RETRY)
499 {
500 X509_OBJECT_free_contents(&obj);
501 X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
502 return -1;
503 }
504 else if (ok != X509_LU_FAIL)
505 {
506 X509_OBJECT_free_contents(&obj);
507 /* not good :-(, break anyway */
508 return -1;
509 }
510 return 0;
511 }
512 /* If certificate matches all OK */
513 if (ctx->check_issued(ctx, x, obj.data.x509))
514 {
515 *issuer = obj.data.x509;
516 return 1;
517 }
518 X509_OBJECT_free_contents(&obj);
519 /* Else find index of first matching cert */
520 idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
521 /* This shouldn't normally happen since we already have one match */
522 if (idx == -1) return 0;
523
524 /* Look through all matching certificates for a suitable issuer */
525 for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
526 {
527 pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
528 /* See if we've ran out of matches */
529 if (pobj->type != X509_LU_X509) return 0;
530 if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
531 if (ctx->check_issued(ctx, x, pobj->data.x509))
532 {
533 *issuer = pobj->data.x509;
534 X509_OBJECT_up_ref_count(pobj);
535 return 1;
536 }
537 }
538 return 0;
539}
540
541void X509_STORE_set_flags(X509_STORE *ctx, long flags)
421 { 542 {
422 ctx->ctx=store; 543 ctx->flags |= flags;
423 ctx->current_method=0;
424 ctx->cert=x509;
425 ctx->untrusted=chain;
426 ctx->last_untrusted=0;
427 ctx->valid=0;
428 ctx->chain=NULL;
429 ctx->depth=10;
430 ctx->error=0;
431 ctx->current_cert=NULL;
432 memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
433 } 544 }
434 545
435void X509_STORE_CTX_cleanup(ctx) 546int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
436X509_STORE_CTX *ctx;
437 { 547 {
438 if (ctx->chain != NULL) 548 return X509_PURPOSE_set(&ctx->purpose, purpose);
439 { 549 }
440 sk_pop_free(ctx->chain,X509_free); 550
441 ctx->chain=NULL; 551int X509_STORE_set_trust(X509_STORE *ctx, int trust)
442 } 552 {
443 CRYPTO_free_ex_data(x509_store_ctx_meth,(char *)ctx,&(ctx->ex_data)); 553 return X509_TRUST_set(&ctx->trust, trust);
444 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
445 } 554 }
446 555
556IMPLEMENT_STACK_OF(X509_LOOKUP)
557IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
index c0576fd6f6..1e718f76eb 100644
--- a/src/lib/libcrypto/x509/x509_obj.c
+++ b/src/lib/libcrypto/x509/x509_obj.c
@@ -58,27 +58,27 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "lhash.h" 61#include <openssl/lhash.h>
62#include "objects.h" 62#include <openssl/objects.h>
63#include "x509.h" 63#include <openssl/x509.h>
64#include "buffer.h" 64#include <openssl/buffer.h>
65 65
66char *X509_NAME_oneline(a,buf,len) 66char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
67X509_NAME *a;
68char *buf;
69int len;
70 { 67 {
71 X509_NAME_ENTRY *ne; 68 X509_NAME_ENTRY *ne;
72 unsigned int i; 69int i;
73 int n,lold,l,l1,l2,num,j,type; 70 int n,lold,l,l1,l2,num,j,type;
74 char *s,*p; 71 const char *s;
72 char *p;
75 unsigned char *q; 73 unsigned char *q;
76 BUF_MEM *b=NULL; 74 BUF_MEM *b=NULL;
77 static char hex[17]="0123456789ABCDEF"; 75 static char hex[17]="0123456789ABCDEF";
78 int gs_doit[4]; 76 int gs_doit[4];
79 char tmp_buf[80]; 77 char tmp_buf[80];
78#ifdef CHARSET_EBCDIC
79 char ebcdic_buf[1024];
80#endif
80 81
81 if (a == NULL) return("NO X509_NAME");
82 if (buf == NULL) 82 if (buf == NULL)
83 { 83 {
84 if ((b=BUF_MEM_new()) == NULL) goto err; 84 if ((b=BUF_MEM_new()) == NULL) goto err;
@@ -86,12 +86,23 @@ int len;
86 b->data[0]='\0'; 86 b->data[0]='\0';
87 len=200; 87 len=200;
88 } 88 }
89 if (a == NULL)
90 {
91 if(b)
92 {
93 buf=b->data;
94 OPENSSL_free(b);
95 }
96 strncpy(buf,"NO X509_NAME",len);
97 buf[len-1]='\0';
98 return buf;
99 }
89 100
90 len--; /* space for '\0' */ 101 len--; /* space for '\0' */
91 l=0; 102 l=0;
92 for (i=0; (int)i<sk_num(a->entries); i++) 103 for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
93 { 104 {
94 ne=(X509_NAME_ENTRY *)sk_value(a->entries,i); 105 ne=sk_X509_NAME_ENTRY_value(a->entries,i);
95 n=OBJ_obj2nid(ne->object); 106 n=OBJ_obj2nid(ne->object);
96 if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) 107 if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
97 { 108 {
@@ -103,6 +114,19 @@ int len;
103 type=ne->value->type; 114 type=ne->value->type;
104 num=ne->value->length; 115 num=ne->value->length;
105 q=ne->value->data; 116 q=ne->value->data;
117#ifdef CHARSET_EBCDIC
118 if (type == V_ASN1_GENERALSTRING ||
119 type == V_ASN1_VISIBLESTRING ||
120 type == V_ASN1_PRINTABLESTRING ||
121 type == V_ASN1_TELETEXSTRING ||
122 type == V_ASN1_VISIBLESTRING ||
123 type == V_ASN1_IA5STRING) {
124 ascii2ebcdic(ebcdic_buf, q,
125 (num > sizeof ebcdic_buf)
126 ? sizeof ebcdic_buf : num);
127 q=ebcdic_buf;
128 }
129#endif
106 130
107 if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0)) 131 if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
108 { 132 {
@@ -125,7 +149,12 @@ int len;
125 { 149 {
126 if (!gs_doit[j&3]) continue; 150 if (!gs_doit[j&3]) continue;
127 l2++; 151 l2++;
152#ifndef CHARSET_EBCDIC
128 if ((q[j] < ' ') || (q[j] > '~')) l2+=3; 153 if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
154#else
155 if ((os_toascii[q[j]] < os_toascii[' ']) ||
156 (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
157#endif
129 } 158 }
130 159
131 lold=l; 160 lold=l;
@@ -145,11 +174,14 @@ int len;
145 memcpy(p,s,(unsigned int)l1); p+=l1; 174 memcpy(p,s,(unsigned int)l1); p+=l1;
146 *(p++)='='; 175 *(p++)='=';
147 176
177#ifndef CHARSET_EBCDIC /* q was assigned above already. */
148 q=ne->value->data; 178 q=ne->value->data;
179#endif
149 180
150 for (j=0; j<num; j++) 181 for (j=0; j<num; j++)
151 { 182 {
152 if (!gs_doit[j&3]) continue; 183 if (!gs_doit[j&3]) continue;
184#ifndef CHARSET_EBCDIC
153 n=q[j]; 185 n=q[j];
154 if ((n < ' ') || (n > '~')) 186 if ((n < ' ') || (n > '~'))
155 { 187 {
@@ -160,16 +192,31 @@ int len;
160 } 192 }
161 else 193 else
162 *(p++)=n; 194 *(p++)=n;
195#else
196 n=os_toascii[q[j]];
197 if ((n < os_toascii[' ']) ||
198 (n > os_toascii['~']))
199 {
200 *(p++)='\\';
201 *(p++)='x';
202 *(p++)=hex[(n>>4)&0x0f];
203 *(p++)=hex[n&0x0f];
204 }
205 else
206 *(p++)=q[j];
207#endif
163 } 208 }
164 *p='\0'; 209 *p='\0';
165 } 210 }
166 if (b != NULL) 211 if (b != NULL)
167 { 212 {
168 p=b->data; 213 p=b->data;
169 Free((char *)b); 214 OPENSSL_free(b);
170 } 215 }
171 else 216 else
172 p=buf; 217 p=buf;
218 if (i == 0)
219 *p = '\0';
173 return(p); 220 return(p);
174err: 221err:
175 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); 222 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
index 6aec2427f7..db051033d9 100644
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ b/src/lib/libcrypto/x509/x509_r2x.c
@@ -58,22 +58,16 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "bn.h" 61#include <openssl/bn.h>
62#include "evp.h" 62#include <openssl/evp.h>
63#include "asn1.h" 63#include <openssl/asn1.h>
64#include "x509.h" 64#include <openssl/x509.h>
65#include "objects.h" 65#include <openssl/objects.h>
66#include "buffer.h" 66#include <openssl/buffer.h>
67#include "pem.h"
68 67
69X509 *X509_REQ_to_X509(r,days,pkey) 68X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
70X509_REQ *r;
71int days;
72EVP_PKEY *pkey;
73 { 69 {
74 X509 *ret=NULL; 70 X509 *ret=NULL;
75 int er=1;
76 X509_REQ_INFO *ri=NULL;
77 X509_CINF *xi=NULL; 71 X509_CINF *xi=NULL;
78 X509_NAME *xn; 72 X509_NAME *xn;
79 73
@@ -84,15 +78,11 @@ EVP_PKEY *pkey;
84 } 78 }
85 79
86 /* duplicate the request */ 80 /* duplicate the request */
87 ri=(X509_REQ_INFO *)ASN1_dup(i2d_X509_REQ_INFO,
88 (char *(*)())d2i_X509_REQ_INFO,(char *)r->req_info);
89 if (ri == NULL) goto err;
90
91 xi=ret->cert_info; 81 xi=ret->cert_info;
92 82
93 if (sk_num(ri->attributes) != 0) 83 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
94 { 84 {
95 if ((xi->version=ASN1_INTEGER_new()) == NULL) goto err; 85 if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
96 if (!ASN1_INTEGER_set(xi->version,2)) goto err; 86 if (!ASN1_INTEGER_set(xi->version,2)) goto err;
97/* xi->extensions=ri->attributes; <- bad, should not ever be done 87/* xi->extensions=ri->attributes; <- bad, should not ever be done
98 ri->attributes=NULL; */ 88 ri->attributes=NULL; */
@@ -109,13 +99,11 @@ EVP_PKEY *pkey;
109 99
110 if (!X509_sign(ret,pkey,EVP_md5())) 100 if (!X509_sign(ret,pkey,EVP_md5()))
111 goto err; 101 goto err;
112 er=0; 102 if (0)
113err:
114 if (er)
115 { 103 {
104err:
116 X509_free(ret); 105 X509_free(ret);
117 X509_REQ_INFO_free(ri); 106 ret=NULL;
118 return(NULL);
119 } 107 }
120 return(ret); 108 return(ret);
121 } 109 }
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 5004365bad..0affa3bf30 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -58,22 +58,20 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "bn.h" 61#include <openssl/bn.h>
62#include "evp.h" 62#include <openssl/evp.h>
63#include "asn1.h" 63#include <openssl/asn1.h>
64#include "x509.h" 64#include <openssl/x509.h>
65#include "objects.h" 65#include <openssl/objects.h>
66#include "buffer.h" 66#include <openssl/buffer.h>
67#include "pem.h" 67#include <openssl/pem.h>
68 68
69X509_REQ *X509_to_X509_REQ(x,pkey,md) 69X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
70X509 *x;
71EVP_PKEY *pkey;
72EVP_MD *md;
73 { 70 {
74 X509_REQ *ret; 71 X509_REQ *ret;
75 X509_REQ_INFO *ri; 72 X509_REQ_INFO *ri;
76 int i; 73 int i;
74 EVP_PKEY *pktmp;
77 75
78 ret=X509_REQ_new(); 76 ret=X509_REQ_new();
79 if (ret == NULL) 77 if (ret == NULL)
@@ -85,14 +83,16 @@ EVP_MD *md;
85 ri=ret->req_info; 83 ri=ret->req_info;
86 84
87 ri->version->length=1; 85 ri->version->length=1;
88 ri->version->data=(unsigned char *)Malloc(1); 86 ri->version->data=(unsigned char *)OPENSSL_malloc(1);
89 if (ri->version->data == NULL) goto err; 87 if (ri->version->data == NULL) goto err;
90 ri->version->data[0]=0; /* version == 0 */ 88 ri->version->data[0]=0; /* version == 0 */
91 89
92 if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x))) 90 if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
93 goto err; 91 goto err;
94 92
95 i=X509_REQ_set_pubkey(ret,X509_get_pubkey(x)); 93 pktmp = X509_get_pubkey(x);
94 i=X509_REQ_set_pubkey(ret,pktmp);
95 EVP_PKEY_free(pktmp);
96 if (!i) goto err; 96 if (!i) goto err;
97 97
98 if (pkey != NULL) 98 if (pkey != NULL)
@@ -106,11 +106,173 @@ err:
106 return(NULL); 106 return(NULL);
107 } 107 }
108 108
109EVP_PKEY *X509_REQ_get_pubkey(req) 109EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
110X509_REQ *req;
111 { 110 {
112 if ((req == NULL) || (req->req_info == NULL)) 111 if ((req == NULL) || (req->req_info == NULL))
113 return(NULL); 112 return(NULL);
114 return(X509_PUBKEY_get(req->req_info->pubkey)); 113 return(X509_PUBKEY_get(req->req_info->pubkey));
115 } 114 }
116 115
116/* It seems several organisations had the same idea of including a list of
117 * extensions in a certificate request. There are at least two OIDs that are
118 * used and there may be more: so the list is configurable.
119 */
120
121static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};
122
123static int *ext_nids = ext_nid_list;
124
125int X509_REQ_extension_nid(int req_nid)
126{
127 int i, nid;
128 for(i = 0; ; i++) {
129 nid = ext_nids[i];
130 if(nid == NID_undef) return 0;
131 else if (req_nid == nid) return 1;
132 }
133}
134
135int *X509_REQ_get_extension_nids(void)
136{
137 return ext_nids;
138}
139
140void X509_REQ_set_extension_nids(int *nids)
141{
142 ext_nids = nids;
143}
144
145STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
146{
147 X509_ATTRIBUTE *attr;
148 STACK_OF(X509_ATTRIBUTE) *sk;
149 ASN1_TYPE *ext = NULL;
150 int i;
151 unsigned char *p;
152 if ((req == NULL) || (req->req_info == NULL))
153 return(NULL);
154 sk=req->req_info->attributes;
155 if (!sk) return NULL;
156 for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
157 attr = sk_X509_ATTRIBUTE_value(sk, i);
158 if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {
159 if(attr->single) ext = attr->value.single;
160 else if(sk_ASN1_TYPE_num(attr->value.set))
161 ext = sk_ASN1_TYPE_value(attr->value.set, 0);
162 break;
163 }
164 }
165 if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL;
166 p = ext->value.sequence->data;
167 return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
168 ext->value.sequence->length,
169 d2i_X509_EXTENSION, X509_EXTENSION_free,
170 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
171}
172
173/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
174 * in case we want to create a non standard one.
175 */
176
177int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
178 int nid)
179{
180 unsigned char *p = NULL, *q;
181 long len;
182 ASN1_TYPE *at = NULL;
183 X509_ATTRIBUTE *attr = NULL;
184 if(!(at = ASN1_TYPE_new()) ||
185 !(at->value.sequence = ASN1_STRING_new())) goto err;
186
187 at->type = V_ASN1_SEQUENCE;
188 /* Generate encoding of extensions */
189 len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
190 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
191 if(!(p = OPENSSL_malloc(len))) goto err;
192 q = p;
193 i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
194 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
195 at->value.sequence->data = p;
196 p = NULL;
197 at->value.sequence->length = len;
198 if(!(attr = X509_ATTRIBUTE_new())) goto err;
199 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
200 if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
201 at = NULL;
202 attr->single = 0;
203 attr->object = OBJ_nid2obj(nid);
204 if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
205 return 1;
206 err:
207 if(p) OPENSSL_free(p);
208 X509_ATTRIBUTE_free(attr);
209 ASN1_TYPE_free(at);
210 return 0;
211}
212/* This is the normal usage: use the "official" OID */
213int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
214{
215 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
216}
217
218/* Request attribute functions */
219
220int X509_REQ_get_attr_count(const X509_REQ *req)
221{
222 return X509at_get_attr_count(req->req_info->attributes);
223}
224
225int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
226 int lastpos)
227{
228 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
229}
230
231int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
232 int lastpos)
233{
234 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
235}
236
237X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
238{
239 return X509at_get_attr(req->req_info->attributes, loc);
240}
241
242X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
243{
244 return X509at_delete_attr(req->req_info->attributes, loc);
245}
246
247int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
248{
249 if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
250 return 0;
251}
252
253int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
254 const ASN1_OBJECT *obj, int type,
255 const unsigned char *bytes, int len)
256{
257 if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
258 type, bytes, len)) return 1;
259 return 0;
260}
261
262int X509_REQ_add1_attr_by_NID(X509_REQ *req,
263 int nid, int type,
264 const unsigned char *bytes, int len)
265{
266 if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
267 type, bytes, len)) return 1;
268 return 0;
269}
270
271int X509_REQ_add1_attr_by_txt(X509_REQ *req,
272 const char *attrname, int type,
273 const unsigned char *bytes, int len)
274{
275 if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
276 type, bytes, len)) return 1;
277 return 0;
278}
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
index 5d0a3a0c0e..aaf61ca062 100644
--- a/src/lib/libcrypto/x509/x509_set.c
+++ b/src/lib/libcrypto/x509/x509_set.c
@@ -58,27 +58,23 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "asn1.h" 61#include <openssl/asn1.h>
62#include "objects.h" 62#include <openssl/objects.h>
63#include "evp.h" 63#include <openssl/evp.h>
64#include "x509.h" 64#include <openssl/x509.h>
65 65
66int X509_set_version(x,version) 66int X509_set_version(X509 *x, long version)
67X509 *x;
68long version;
69 { 67 {
70 if (x == NULL) return(0); 68 if (x == NULL) return(0);
71 if (x->cert_info->version == NULL) 69 if (x->cert_info->version == NULL)
72 { 70 {
73 if ((x->cert_info->version=ASN1_INTEGER_new()) == NULL) 71 if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
74 return(0); 72 return(0);
75 } 73 }
76 return(ASN1_INTEGER_set(x->cert_info->version,version)); 74 return(ASN1_INTEGER_set(x->cert_info->version,version));
77 } 75 }
78 76
79int X509_set_serialNumber(x,serial) 77int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
80X509 *x;
81ASN1_INTEGER *serial;
82 { 78 {
83 ASN1_INTEGER *in; 79 ASN1_INTEGER *in;
84 80
@@ -86,75 +82,65 @@ ASN1_INTEGER *serial;
86 in=x->cert_info->serialNumber; 82 in=x->cert_info->serialNumber;
87 if (in != serial) 83 if (in != serial)
88 { 84 {
89 in=ASN1_INTEGER_dup(serial); 85 in=M_ASN1_INTEGER_dup(serial);
90 if (in != NULL) 86 if (in != NULL)
91 { 87 {
92 ASN1_INTEGER_free(x->cert_info->serialNumber); 88 M_ASN1_INTEGER_free(x->cert_info->serialNumber);
93 x->cert_info->serialNumber=in; 89 x->cert_info->serialNumber=in;
94 } 90 }
95 } 91 }
96 return(in != NULL); 92 return(in != NULL);
97 } 93 }
98 94
99int X509_set_issuer_name(x,name) 95int X509_set_issuer_name(X509 *x, X509_NAME *name)
100X509 *x;
101X509_NAME *name;
102 { 96 {
103 if ((x == NULL) || (x->cert_info == NULL)) return(0); 97 if ((x == NULL) || (x->cert_info == NULL)) return(0);
104 return(X509_NAME_set(&x->cert_info->issuer,name)); 98 return(X509_NAME_set(&x->cert_info->issuer,name));
105 } 99 }
106 100
107int X509_set_subject_name(x,name) 101int X509_set_subject_name(X509 *x, X509_NAME *name)
108X509 *x;
109X509_NAME *name;
110 { 102 {
111 if ((x == NULL) || (x->cert_info == NULL)) return(0); 103 if ((x == NULL) || (x->cert_info == NULL)) return(0);
112 return(X509_NAME_set(&x->cert_info->subject,name)); 104 return(X509_NAME_set(&x->cert_info->subject,name));
113 } 105 }
114 106
115int X509_set_notBefore(x,tm) 107int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
116X509 *x;
117ASN1_UTCTIME *tm;
118 { 108 {
119 ASN1_UTCTIME *in; 109 ASN1_TIME *in;
120 110
121 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); 111 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
122 in=x->cert_info->validity->notBefore; 112 in=x->cert_info->validity->notBefore;
123 if (in != tm) 113 if (in != tm)
124 { 114 {
125 in=ASN1_UTCTIME_dup(tm); 115 in=M_ASN1_TIME_dup(tm);
126 if (in != NULL) 116 if (in != NULL)
127 { 117 {
128 ASN1_UTCTIME_free(x->cert_info->validity->notBefore); 118 M_ASN1_TIME_free(x->cert_info->validity->notBefore);
129 x->cert_info->validity->notBefore=in; 119 x->cert_info->validity->notBefore=in;
130 } 120 }
131 } 121 }
132 return(in != NULL); 122 return(in != NULL);
133 } 123 }
134 124
135int X509_set_notAfter(x,tm) 125int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
136X509 *x;
137ASN1_UTCTIME *tm;
138 { 126 {
139 ASN1_UTCTIME *in; 127 ASN1_TIME *in;
140 128
141 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); 129 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
142 in=x->cert_info->validity->notAfter; 130 in=x->cert_info->validity->notAfter;
143 if (in != tm) 131 if (in != tm)
144 { 132 {
145 in=ASN1_UTCTIME_dup(tm); 133 in=M_ASN1_TIME_dup(tm);
146 if (in != NULL) 134 if (in != NULL)
147 { 135 {
148 ASN1_UTCTIME_free(x->cert_info->validity->notAfter); 136 M_ASN1_TIME_free(x->cert_info->validity->notAfter);
149 x->cert_info->validity->notAfter=in; 137 x->cert_info->validity->notAfter=in;
150 } 138 }
151 } 139 }
152 return(in != NULL); 140 return(in != NULL);
153 } 141 }
154 142
155int X509_set_pubkey(x,pkey) 143int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
156X509 *x;
157EVP_PKEY *pkey;
158 { 144 {
159 if ((x == NULL) || (x->cert_info == NULL)) return(0); 145 if ((x == NULL) || (x->cert_info == NULL)) return(0);
160 return(X509_PUBKEY_set(&(x->cert_info->key),pkey)); 146 return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index 9f7d67952d..17d69ac005 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -61,11 +61,13 @@
61#include <openssl/x509v3.h> 61#include <openssl/x509v3.h>
62 62
63 63
64static int tr_cmp(X509_TRUST **a, X509_TRUST **b); 64static int tr_cmp(const X509_TRUST * const *a,
65 const X509_TRUST * const *b);
65static void trtable_free(X509_TRUST *p); 66static void trtable_free(X509_TRUST *p);
66 67
67static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); 68static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
68static int trust_any(X509_TRUST *trust, X509 *x, int flags); 69static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
70static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
69 71
70static int obj_trust(int id, X509 *x, int flags); 72static int obj_trust(int id, X509 *x, int flags);
71static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; 73static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
@@ -76,10 +78,12 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
76 */ 78 */
77 79
78static X509_TRUST trstandard[] = { 80static X509_TRUST trstandard[] = {
79{X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL}, 81{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
80{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, 82{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
81{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL}, 83{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
82{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, 84{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
85{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
86{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
83}; 87};
84 88
85#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) 89#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
@@ -88,17 +92,18 @@ IMPLEMENT_STACK_OF(X509_TRUST)
88 92
89static STACK_OF(X509_TRUST) *trtable = NULL; 93static STACK_OF(X509_TRUST) *trtable = NULL;
90 94
91static int tr_cmp(X509_TRUST **a, X509_TRUST **b) 95static int tr_cmp(const X509_TRUST * const *a,
96 const X509_TRUST * const *b)
92{ 97{
93 return (*a)->trust - (*b)->trust; 98 return (*a)->trust - (*b)->trust;
94} 99}
95 100
96int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) 101int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
97{ 102{
98int (*oldtrust)(int , X509 *, int); 103 int (*oldtrust)(int , X509 *, int);
99oldtrust = default_trust; 104 oldtrust = default_trust;
100default_trust = trust; 105 default_trust = trust;
101return oldtrust; 106 return oldtrust;
102} 107}
103 108
104 109
@@ -107,8 +112,8 @@ int X509_check_trust(X509 *x, int id, int flags)
107 X509_TRUST *pt; 112 X509_TRUST *pt;
108 int idx; 113 int idx;
109 if(id == -1) return 1; 114 if(id == -1) return 1;
110 if(!(idx = X509_TRUST_get_by_id(id))) 115 idx = X509_TRUST_get_by_id(id);
111 return default_trust(id, x, flags); 116 if(idx == -1) return default_trust(id, x, flags);
112 pt = X509_TRUST_get0(idx); 117 pt = X509_TRUST_get0(idx);
113 return pt->check_trust(pt, x, flags); 118 return pt->check_trust(pt, x, flags);
114} 119}
@@ -139,6 +144,16 @@ int X509_TRUST_get_by_id(int id)
139 return idx + X509_TRUST_COUNT; 144 return idx + X509_TRUST_COUNT;
140} 145}
141 146
147int X509_TRUST_set(int *t, int trust)
148{
149 if(X509_TRUST_get_by_id(trust) == -1) {
150 X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
151 return 0;
152 }
153 *t = trust;
154 return 1;
155}
156
142int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), 157int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
143 char *name, int arg1, void *arg2) 158 char *name, int arg1, void *arg2)
144{ 159{
@@ -152,15 +167,15 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
152 idx = X509_TRUST_get_by_id(id); 167 idx = X509_TRUST_get_by_id(id);
153 /* Need a new entry */ 168 /* Need a new entry */
154 if(idx == -1) { 169 if(idx == -1) {
155 if(!(trtmp = Malloc(sizeof(X509_TRUST)))) { 170 if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
156 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); 171 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
157 return 0; 172 return 0;
158 } 173 }
159 trtmp->flags = X509_TRUST_DYNAMIC; 174 trtmp->flags = X509_TRUST_DYNAMIC;
160 } else trtmp = X509_TRUST_get0(idx); 175 } else trtmp = X509_TRUST_get0(idx);
161 176
162 /* Free existing name if dynamic */ 177 /* OPENSSL_free existing name if dynamic */
163 if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name); 178 if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
164 /* dup supplied name */ 179 /* dup supplied name */
165 if(!(trtmp->name = BUF_strdup(name))) { 180 if(!(trtmp->name = BUF_strdup(name))) {
166 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); 181 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
@@ -196,8 +211,8 @@ static void trtable_free(X509_TRUST *p)
196 if (p->flags & X509_TRUST_DYNAMIC) 211 if (p->flags & X509_TRUST_DYNAMIC)
197 { 212 {
198 if (p->flags & X509_TRUST_DYNAMIC_NAME) 213 if (p->flags & X509_TRUST_DYNAMIC_NAME)
199 Free(p->name); 214 OPENSSL_free(p->name);
200 Free(p); 215 OPENSSL_free(p);
201 } 216 }
202 } 217 }
203 218
@@ -226,10 +241,22 @@ int X509_TRUST_get_trust(X509_TRUST *xp)
226 241
227static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) 242static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
228{ 243{
229 if(x->aux) return obj_trust(trust->arg1, x, flags); 244 if(x->aux && (x->aux->trust || x->aux->reject))
245 return obj_trust(trust->arg1, x, flags);
230 /* we don't have any trust settings: for compatibility 246 /* we don't have any trust settings: for compatibility
231 * we return trusted if it is self signed 247 * we return trusted if it is self signed
232 */ 248 */
249 return trust_compat(trust, x, flags);
250}
251
252static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
253{
254 if(x->aux) return obj_trust(trust->arg1, x, flags);
255 return X509_TRUST_UNTRUSTED;
256}
257
258static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
259{
233 X509_check_purpose(x, -1, 0); 260 X509_check_purpose(x, -1, 0);
234 if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; 261 if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
235 else return X509_TRUST_UNTRUSTED; 262 else return X509_TRUST_UNTRUSTED;
@@ -257,7 +284,3 @@ static int obj_trust(int id, X509 *x, int flags)
257 return X509_TRUST_UNTRUSTED; 284 return X509_TRUST_UNTRUSTED;
258} 285}
259 286
260static int trust_any(X509_TRUST *trust, X509 *x, int flags)
261{
262 return X509_TRUST_TRUSTED;
263}
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
index 408d1c277c..4f83db8ba2 100644
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ b/src/lib/libcrypto/x509/x509_txt.c
@@ -59,19 +59,16 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include <errno.h> 61#include <errno.h>
62#include <sys/types.h>
63 62
64#include "cryptlib.h" 63#include "cryptlib.h"
65#include "lhash.h" 64#include <openssl/lhash.h>
66#include "buffer.h" 65#include <openssl/buffer.h>
67#include "evp.h" 66#include <openssl/evp.h>
68#include "asn1.h" 67#include <openssl/asn1.h>
69#include "x509.h" 68#include <openssl/x509.h>
70#include "objects.h" 69#include <openssl/objects.h>
71#include "pem.h"
72 70
73char *X509_verify_cert_error_string(n) 71const char *X509_verify_cert_error_string(long n)
74long n;
75 { 72 {
76 static char buf[100]; 73 static char buf[100];
77 74
@@ -86,7 +83,7 @@ long n;
86 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 83 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
87 return("unable to decrypt certificate's signature"); 84 return("unable to decrypt certificate's signature");
88 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 85 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
89 return("unable to decrypt CRL's's signature"); 86 return("unable to decrypt CRL's signature");
90 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: 87 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
91 return("unable to decode issuer public key"); 88 return("unable to decode issuer public key");
92 case X509_V_ERR_CERT_SIGNATURE_FAILURE: 89 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
@@ -98,7 +95,7 @@ long n;
98 case X509_V_ERR_CRL_NOT_YET_VALID: 95 case X509_V_ERR_CRL_NOT_YET_VALID:
99 return("CRL is not yet valid"); 96 return("CRL is not yet valid");
100 case X509_V_ERR_CERT_HAS_EXPIRED: 97 case X509_V_ERR_CERT_HAS_EXPIRED:
101 return("Certificate has expired"); 98 return("certificate has expired");
102 case X509_V_ERR_CRL_HAS_EXPIRED: 99 case X509_V_ERR_CRL_HAS_EXPIRED:
103 return("CRL has expired"); 100 return("CRL has expired");
104 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 101 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
@@ -121,8 +118,35 @@ long n;
121 return("unable to verify the first certificate"); 118 return("unable to verify the first certificate");
122 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 119 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
123 return("certificate chain too long"); 120 return("certificate chain too long");
121 case X509_V_ERR_CERT_REVOKED:
122 return("certificate revoked");
123 case X509_V_ERR_INVALID_CA:
124 return ("invalid CA certificate");
125 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
126 return ("path length constraint exceeded");
127 case X509_V_ERR_INVALID_PURPOSE:
128 return ("unsupported certificate purpose");
129 case X509_V_ERR_CERT_UNTRUSTED:
130 return ("certificate not trusted");
131 case X509_V_ERR_CERT_REJECTED:
132 return ("certificate rejected");
124 case X509_V_ERR_APPLICATION_VERIFICATION: 133 case X509_V_ERR_APPLICATION_VERIFICATION:
125 return("application verification failure"); 134 return("application verification failure");
135 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
136 return("subject issuer mismatch");
137 case X509_V_ERR_AKID_SKID_MISMATCH:
138 return("authority and subject key identifier mismatch");
139 case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
140 return("authority and issuer serial number mismatch");
141 case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
142 return("key usage does not include certificate signing");
143
144 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
145 return("unable to get CRL issuer certificate");
146
147 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
148 return("unhandled critical extension");
149
126 default: 150 default:
127 sprintf(buf,"error number %ld",n); 151 sprintf(buf,"error number %ld",n);
128 return(buf); 152 return(buf);
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
index 1c03602f0b..b5f7daa2e5 100644
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -57,34 +57,22 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "stack.h" 60#include <openssl/stack.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include "asn1.h" 62#include <openssl/asn1.h>
63#include "objects.h" 63#include <openssl/objects.h>
64#include "evp.h" 64#include <openssl/evp.h>
65#include "x509.h" 65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
66 67
67#ifndef NOPROTO 68int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
68static X509_EXTENSION_METHOD *find_by_nid(int nid);
69static int xem_cmp(X509_EXTENSION_METHOD **a, X509_EXTENSION_METHOD **b);
70#else
71static X509_EXTENSION_METHOD *find_by_nid();
72static int xem_cmp();
73#endif
74
75static STACK *extensions=NULL;
76
77int X509v3_get_ext_count(x)
78STACK *x;
79 { 69 {
80 if (x == NULL) return(0); 70 if (x == NULL) return(0);
81 return(sk_num(x)); 71 return(sk_X509_EXTENSION_num(x));
82 } 72 }
83 73
84int X509v3_get_ext_by_NID(x,nid,lastpos) 74int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
85STACK *x; 75 int lastpos)
86int nid;
87int lastpos;
88 { 76 {
89 ASN1_OBJECT *obj; 77 ASN1_OBJECT *obj;
90 78
@@ -93,10 +81,8 @@ int lastpos;
93 return(X509v3_get_ext_by_OBJ(x,obj,lastpos)); 81 return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
94 } 82 }
95 83
96int X509v3_get_ext_by_OBJ(sk,obj,lastpos) 84int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
97STACK *sk; 85 int lastpos)
98ASN1_OBJECT *obj;
99int lastpos;
100 { 86 {
101 int n; 87 int n;
102 X509_EXTENSION *ex; 88 X509_EXTENSION *ex;
@@ -105,20 +91,18 @@ int lastpos;
105 lastpos++; 91 lastpos++;
106 if (lastpos < 0) 92 if (lastpos < 0)
107 lastpos=0; 93 lastpos=0;
108 n=sk_num(sk); 94 n=sk_X509_EXTENSION_num(sk);
109 for ( ; lastpos < n; lastpos++) 95 for ( ; lastpos < n; lastpos++)
110 { 96 {
111 ex=(X509_EXTENSION *)sk_value(sk,lastpos); 97 ex=sk_X509_EXTENSION_value(sk,lastpos);
112 if (OBJ_cmp(ex->object,obj) == 0) 98 if (OBJ_cmp(ex->object,obj) == 0)
113 return(lastpos); 99 return(lastpos);
114 } 100 }
115 return(-1); 101 return(-1);
116 } 102 }
117 103
118int X509v3_get_ext_by_critical(sk,crit,lastpos) 104int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
119STACK *sk; 105 int lastpos)
120int crit;
121int lastpos;
122 { 106 {
123 int n; 107 int n;
124 X509_EXTENSION *ex; 108 X509_EXTENSION *ex;
@@ -127,63 +111,57 @@ int lastpos;
127 lastpos++; 111 lastpos++;
128 if (lastpos < 0) 112 if (lastpos < 0)
129 lastpos=0; 113 lastpos=0;
130 n=sk_num(sk); 114 n=sk_X509_EXTENSION_num(sk);
131 for ( ; lastpos < n; lastpos++) 115 for ( ; lastpos < n; lastpos++)
132 { 116 {
133 ex=(X509_EXTENSION *)sk_value(sk,lastpos); 117 ex=sk_X509_EXTENSION_value(sk,lastpos);
134 if ( (ex->critical && crit) || 118 if ( ((ex->critical > 0) && crit) ||
135 (!ex->critical && !crit)) 119 (!(ex->critical <= 0) && !crit))
136 return(lastpos); 120 return(lastpos);
137 } 121 }
138 return(-1); 122 return(-1);
139 } 123 }
140 124
141X509_EXTENSION *X509v3_get_ext(x,loc) 125X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
142STACK *x;
143int loc;
144 { 126 {
145 if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0)) 127 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
146 return(NULL); 128 return NULL;
147 else 129 else
148 return((X509_EXTENSION *)sk_value(x,loc)); 130 return sk_X509_EXTENSION_value(x,loc);
149 } 131 }
150 132
151X509_EXTENSION *X509v3_delete_ext(x,loc) 133X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
152STACK *x;
153int loc;
154 { 134 {
155 X509_EXTENSION *ret; 135 X509_EXTENSION *ret;
156 136
157 if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0)) 137 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
158 return(NULL); 138 return(NULL);
159 ret=(X509_EXTENSION *)sk_delete(x,loc); 139 ret=sk_X509_EXTENSION_delete(x,loc);
160 return(ret); 140 return(ret);
161 } 141 }
162 142
163STACK *X509v3_add_ext(x,ex,loc) 143STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
164STACK **x; 144 X509_EXTENSION *ex, int loc)
165X509_EXTENSION *ex;
166int loc;
167 { 145 {
168 X509_EXTENSION *new_ex=NULL; 146 X509_EXTENSION *new_ex=NULL;
169 int n; 147 int n;
170 STACK *sk=NULL; 148 STACK_OF(X509_EXTENSION) *sk=NULL;
171 149
172 if ((x != NULL) && (*x == NULL)) 150 if ((x != NULL) && (*x == NULL))
173 { 151 {
174 if ((sk=sk_new_null()) == NULL) 152 if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
175 goto err; 153 goto err;
176 } 154 }
177 else 155 else
178 sk= *x; 156 sk= *x;
179 157
180 n=sk_num(sk); 158 n=sk_X509_EXTENSION_num(sk);
181 if (loc > n) loc=n; 159 if (loc > n) loc=n;
182 else if (loc < 0) loc=n; 160 else if (loc < 0) loc=n;
183 161
184 if ((new_ex=X509_EXTENSION_dup(ex)) == NULL) 162 if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
185 goto err2; 163 goto err2;
186 if (!sk_insert(sk,(char *)new_ex,loc)) 164 if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
187 goto err; 165 goto err;
188 if ((x != NULL) && (*x == NULL)) 166 if ((x != NULL) && (*x == NULL))
189 *x=sk; 167 *x=sk;
@@ -192,15 +170,12 @@ err:
192 X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE); 170 X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
193err2: 171err2:
194 if (new_ex != NULL) X509_EXTENSION_free(new_ex); 172 if (new_ex != NULL) X509_EXTENSION_free(new_ex);
195 if (sk != NULL) sk_free(sk); 173 if (sk != NULL) sk_X509_EXTENSION_free(sk);
196 return(NULL); 174 return(NULL);
197 } 175 }
198 176
199X509_EXTENSION *X509_EXTENSION_create_by_NID(ex,nid,crit,data) 177X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
200X509_EXTENSION **ex; 178 int crit, ASN1_OCTET_STRING *data)
201int nid;
202int crit;
203ASN1_OCTET_STRING *data;
204 { 179 {
205 ASN1_OBJECT *obj; 180 ASN1_OBJECT *obj;
206 X509_EXTENSION *ret; 181 X509_EXTENSION *ret;
@@ -216,11 +191,8 @@ ASN1_OCTET_STRING *data;
216 return(ret); 191 return(ret);
217 } 192 }
218 193
219X509_EXTENSION *X509_EXTENSION_create_by_OBJ(ex,obj,crit,data) 194X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
220X509_EXTENSION **ex; 195 ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
221ASN1_OBJECT *obj;
222int crit;
223ASN1_OCTET_STRING *data;
224 { 196 {
225 X509_EXTENSION *ret; 197 X509_EXTENSION *ret;
226 198
@@ -250,9 +222,7 @@ err:
250 return(NULL); 222 return(NULL);
251 } 223 }
252 224
253int X509_EXTENSION_set_object(ex,obj) 225int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
254X509_EXTENSION *ex;
255ASN1_OBJECT *obj;
256 { 226 {
257 if ((ex == NULL) || (obj == NULL)) 227 if ((ex == NULL) || (obj == NULL))
258 return(0); 228 return(0);
@@ -261,149 +231,38 @@ ASN1_OBJECT *obj;
261 return(1); 231 return(1);
262 } 232 }
263 233
264int X509_EXTENSION_set_critical(ex,crit) 234int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
265X509_EXTENSION *ex;
266int crit;
267 { 235 {
268 if (ex == NULL) return(0); 236 if (ex == NULL) return(0);
269 ex->critical=(crit)?0xFF:0; 237 ex->critical=(crit)?0xFF:-1;
270 return(1); 238 return(1);
271 } 239 }
272 240
273int X509_EXTENSION_set_data(ex,data) 241int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
274X509_EXTENSION *ex;
275ASN1_OCTET_STRING *data;
276 { 242 {
277 int i; 243 int i;
278 244
279 if (ex == NULL) return(0); 245 if (ex == NULL) return(0);
280 i=ASN1_OCTET_STRING_set(ex->value,data->data,data->length); 246 i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
281 if (!i) return(0); 247 if (!i) return(0);
282 return(1); 248 return(1);
283 } 249 }
284 250
285ASN1_OBJECT *X509_EXTENSION_get_object(ex) 251ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
286X509_EXTENSION *ex;
287 { 252 {
288 if (ex == NULL) return(NULL); 253 if (ex == NULL) return(NULL);
289 return(ex->object); 254 return(ex->object);
290 } 255 }
291 256
292ASN1_OCTET_STRING *X509_EXTENSION_get_data(ex) 257ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
293X509_EXTENSION *ex;
294 { 258 {
295 if (ex == NULL) return(NULL); 259 if (ex == NULL) return(NULL);
296 return(ex->value); 260 return(ex->value);
297 } 261 }
298 262
299int X509_EXTENSION_get_critical(ex) 263int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
300X509_EXTENSION *ex;
301 { 264 {
302 if (ex == NULL) return(0); 265 if (ex == NULL) return(0);
303 return(ex->critical); 266 if(ex->critical > 0) return 1;
304 } 267 return 0;
305
306int X509v3_data_type_by_OBJ(obj)
307ASN1_OBJECT *obj;
308 {
309 int nid;
310
311 nid=OBJ_obj2nid(obj);
312 if (nid == V_ASN1_UNDEF) return(V_ASN1_UNDEF);
313 return(X509v3_data_type_by_NID(nid));
314 }
315
316int X509v3_data_type_by_NID(nid)
317int nid;
318 {
319 X509_EXTENSION_METHOD *x;
320
321 x=find_by_nid(nid);
322 if (x == NULL)
323 return(V_ASN1_UNDEF);
324 else
325 return(x->data_type);
326 }
327
328int X509v3_pack_type_by_OBJ(obj)
329ASN1_OBJECT *obj;
330 {
331 int nid;
332
333 nid=OBJ_obj2nid(obj);
334 if (nid == NID_undef) return(X509_EXT_PACK_UNKNOWN);
335 return(X509v3_pack_type_by_NID(nid));
336 }
337
338int X509v3_pack_type_by_NID(nid)
339int nid;
340 {
341 X509_EXTENSION_METHOD *x;
342
343 x=find_by_nid(nid);
344 if (x == NULL)
345 return(X509_EXT_PACK_UNKNOWN);
346 else
347 return(x->pack_type);
348 }
349
350static X509_EXTENSION_METHOD *find_by_nid(nid)
351int nid;
352 {
353 X509_EXTENSION_METHOD x;
354 int i;
355
356 x.nid=nid;
357 if (extensions == NULL) return(NULL);
358 i=sk_find(extensions,(char *)&x);
359 if (i < 0)
360 return(NULL);
361 else
362 return((X509_EXTENSION_METHOD *)sk_value(extensions,i));
363 }
364
365static int xem_cmp(a,b)
366X509_EXTENSION_METHOD **a,**b;
367 {
368 return((*a)->nid-(*b)->nid);
369 }
370
371void X509v3_cleanup_extensions()
372 {
373 int i;
374
375 if (extensions != NULL)
376 {
377 for (i=0; i<sk_num(extensions); i++)
378 Free(sk_value(extensions,i));
379 sk_free(extensions);
380 extensions=NULL;
381 }
382 } 268 }
383
384int X509v3_add_extension(x)
385X509_EXTENSION_METHOD *x;
386 {
387 X509_EXTENSION_METHOD *newx;
388
389 if (extensions == NULL)
390 {
391 extensions=sk_new(xem_cmp);
392 if (extensions == NULL) goto err;
393 }
394 newx=(X509_EXTENSION_METHOD *)Malloc(sizeof(X509_EXTENSION_METHOD));
395 if (newx == NULL) goto err;
396 newx->nid=x->nid;
397 newx->data_type=x->data_type;
398 newx->pack_type=x->pack_type;
399 if (!sk_push(extensions,(char *)newx))
400 {
401 Free(newx);
402 goto err;
403 }
404 return(1);
405err:
406 X509err(X509_F_X509V3_ADD_EXTENSION,ERR_R_MALLOC_FAILURE);
407 return(0);
408 }
409
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index c1be91edba..db12f7bd35 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -59,76 +59,63 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include <errno.h> 61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64 62
65#include "crypto.h"
66#include "cryptlib.h" 63#include "cryptlib.h"
67#include "lhash.h" 64#include <openssl/crypto.h>
68#include "buffer.h" 65#include <openssl/lhash.h>
69#include "evp.h" 66#include <openssl/buffer.h>
70#include "asn1.h" 67#include <openssl/evp.h>
71#include "x509.h" 68#include <openssl/asn1.h>
72#include "objects.h" 69#include <openssl/x509.h>
73#include "pem.h" 70#include <openssl/x509v3.h>
74 71#include <openssl/objects.h>
75#ifndef NOPROTO 72
76static int null_callback(int ok,X509_STORE_CTX *e); 73static int null_callback(int ok,X509_STORE_CTX *e);
74static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
75static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
76static int check_chain_purpose(X509_STORE_CTX *ctx);
77static int check_trust(X509_STORE_CTX *ctx);
78static int check_revocation(X509_STORE_CTX *ctx);
79static int check_cert(X509_STORE_CTX *ctx);
77static int internal_verify(X509_STORE_CTX *ctx); 80static int internal_verify(X509_STORE_CTX *ctx);
78#else 81const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
79static int null_callback();
80static int internal_verify();
81#endif
82 82
83char *X509_version="X509 part of SSLeay 0.9.0b 29-Jun-1998";
84static STACK *x509_store_ctx_method=NULL;
85static int x509_store_ctx_num=0;
86#if 0
87static int x509_store_num=1;
88static STACK *x509_store_method=NULL;
89#endif
90 83
91static int null_callback(ok,e) 84static int null_callback(int ok, X509_STORE_CTX *e)
92int ok;
93X509_STORE_CTX *e;
94 { 85 {
95 return(ok); 86 return ok;
96 } 87 }
97 88
98#if 0 89#if 0
99static int x509_subject_cmp(a,b) 90static int x509_subject_cmp(X509 **a, X509 **b)
100X509 **a,**b;
101 { 91 {
102 return(X509_subject_name_cmp(*a,*b)); 92 return X509_subject_name_cmp(*a,*b);
103 } 93 }
104#endif 94#endif
105 95
106int X509_verify_cert(ctx) 96int X509_verify_cert(X509_STORE_CTX *ctx)
107X509_STORE_CTX *ctx;
108 { 97 {
109 X509 *x,*xtmp,*chain_ss=NULL; 98 X509 *x,*xtmp,*chain_ss=NULL;
110 X509_NAME *xn; 99 X509_NAME *xn;
111 X509_OBJECT obj;
112 int depth,i,ok=0; 100 int depth,i,ok=0;
113 int num; 101 int num;
114 int (*cb)(); 102 int (*cb)();
115 STACK *sktmp=NULL; 103 STACK_OF(X509) *sktmp=NULL;
116 104
117 if (ctx->cert == NULL) 105 if (ctx->cert == NULL)
118 { 106 {
119 X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); 107 X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
120 return(-1); 108 return -1;
121 } 109 }
122 110
123 cb=ctx->ctx->verify_cb; 111 cb=ctx->verify_cb;
124 if (cb == NULL) cb=null_callback;
125 112
126 /* first we make sure the chain we are going to build is 113 /* first we make sure the chain we are going to build is
127 * present and that the first entry is in place */ 114 * present and that the first entry is in place */
128 if (ctx->chain == NULL) 115 if (ctx->chain == NULL)
129 { 116 {
130 if ( ((ctx->chain=sk_new_null()) == NULL) || 117 if ( ((ctx->chain=sk_X509_new_null()) == NULL) ||
131 (!sk_push(ctx->chain,(char *)ctx->cert))) 118 (!sk_X509_push(ctx->chain,ctx->cert)))
132 { 119 {
133 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); 120 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
134 goto end; 121 goto end;
@@ -137,41 +124,45 @@ X509_STORE_CTX *ctx;
137 ctx->last_untrusted=1; 124 ctx->last_untrusted=1;
138 } 125 }
139 126
140 /* We use a temporary so we can chop and hack at it */ 127 /* We use a temporary STACK so we can chop and hack at it */
141 if ((ctx->untrusted != NULL) && (sktmp=sk_dup(ctx->untrusted)) == NULL) 128 if (ctx->untrusted != NULL
129 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
142 { 130 {
143 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); 131 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
144 goto end; 132 goto end;
145 } 133 }
146 134
147 num=sk_num(ctx->chain); 135 num=sk_X509_num(ctx->chain);
148 x=(X509 *)sk_value(ctx->chain,num-1); 136 x=sk_X509_value(ctx->chain,num-1);
149 depth=ctx->depth; 137 depth=ctx->depth;
150 138
151 139
152 for (;;) 140 for (;;)
153 { 141 {
154 /* If we have enough, we break */ 142 /* If we have enough, we break */
155 if (depth <= num) break; 143 if (depth < num) break; /* FIXME: If this happens, we should take
144 * note of it and, if appropriate, use the
145 * X509_V_ERR_CERT_CHAIN_TOO_LONG error
146 * code later.
147 */
156 148
157 /* If we are self signed, we break */ 149 /* If we are self signed, we break */
158 xn=X509_get_issuer_name(x); 150 xn=X509_get_issuer_name(x);
159 if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0) 151 if (ctx->check_issued(ctx, x,x)) break;
160 break;
161 152
162 /* If we were passed a cert chain, use it first */ 153 /* If we were passed a cert chain, use it first */
163 if (ctx->untrusted != NULL) 154 if (ctx->untrusted != NULL)
164 { 155 {
165 xtmp=X509_find_by_subject(sktmp,xn); 156 xtmp=find_issuer(ctx, sktmp,x);
166 if (xtmp != NULL) 157 if (xtmp != NULL)
167 { 158 {
168 if (!sk_push(ctx->chain,(char *)xtmp)) 159 if (!sk_X509_push(ctx->chain,xtmp))
169 { 160 {
170 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); 161 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
171 goto end; 162 goto end;
172 } 163 }
173 CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); 164 CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
174 sk_delete_ptr(sktmp,(char *)xtmp); 165 sk_X509_delete_ptr(sktmp,xtmp);
175 ctx->last_untrusted++; 166 ctx->last_untrusted++;
176 x=xtmp; 167 x=xtmp;
177 num++; 168 num++;
@@ -187,27 +178,50 @@ X509_STORE_CTX *ctx;
187 * certificates. We now need to add at least one trusted one, 178 * certificates. We now need to add at least one trusted one,
188 * if possible, otherwise we complain. */ 179 * if possible, otherwise we complain. */
189 180
190 i=sk_num(ctx->chain); 181 /* Examine last certificate in chain and see if it
191 x=(X509 *)sk_value(ctx->chain,i-1); 182 * is self signed.
192 if (X509_NAME_cmp(X509_get_subject_name(x),X509_get_issuer_name(x)) 183 */
193 == 0) 184
185 i=sk_X509_num(ctx->chain);
186 x=sk_X509_value(ctx->chain,i-1);
187 xn = X509_get_subject_name(x);
188 if (ctx->check_issued(ctx, x, x))
194 { 189 {
195 /* we have a self signed certificate */ 190 /* we have a self signed certificate */
196 if (sk_num(ctx->chain) == 1) 191 if (sk_X509_num(ctx->chain) == 1)
197 { 192 {
198 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; 193 /* We have a single self signed certificate: see if
199 ctx->current_cert=x; 194 * we can find it in the store. We must have an exact
200 ctx->error_depth=i-1; 195 * match to avoid possible impersonation.
201 ok=cb(0,ctx); 196 */
202 if (!ok) goto end; 197 ok = ctx->get_issuer(&xtmp, ctx, x);
198 if ((ok <= 0) || X509_cmp(x, xtmp))
199 {
200 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
201 ctx->current_cert=x;
202 ctx->error_depth=i-1;
203 if (ok == 1) X509_free(xtmp);
204 ok=cb(0,ctx);
205 if (!ok) goto end;
206 }
207 else
208 {
209 /* We have a match: replace certificate with store version
210 * so we get any trust settings.
211 */
212 X509_free(x);
213 x = xtmp;
214 sk_X509_set(ctx->chain, i - 1, x);
215 ctx->last_untrusted=0;
216 }
203 } 217 }
204 else 218 else
205 { 219 {
206 /* worry more about this one elsewhere */ 220 /* extract and save self signed certificate for later use */
207 chain_ss=(X509 *)sk_pop(ctx->chain); 221 chain_ss=sk_X509_pop(ctx->chain);
208 ctx->last_untrusted--; 222 ctx->last_untrusted--;
209 num--; 223 num--;
210 x=(X509 *)sk_value(ctx->chain,num-1); 224 x=sk_X509_value(ctx->chain,num-1);
211 } 225 }
212 } 226 }
213 227
@@ -215,45 +229,34 @@ X509_STORE_CTX *ctx;
215 for (;;) 229 for (;;)
216 { 230 {
217 /* If we have enough, we break */ 231 /* If we have enough, we break */
218 if (depth <= num) break; 232 if (depth < num) break;
219 233
220 /* If we are self signed, we break */ 234 /* If we are self signed, we break */
221 xn=X509_get_issuer_name(x); 235 xn=X509_get_issuer_name(x);
222 if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0) 236 if (ctx->check_issued(ctx,x,x)) break;
223 break;
224 237
225 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); 238 ok = ctx->get_issuer(&xtmp, ctx, x);
226 if (ok != X509_LU_X509) 239
227 { 240 if (ok < 0) return ok;
228 if (ok == X509_LU_RETRY) 241 if (ok == 0) break;
229 { 242
230 X509_OBJECT_free_contents(&obj); 243 x = xtmp;
231 X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY); 244 if (!sk_X509_push(ctx->chain,x))
232 return(ok);
233 }
234 else if (ok != X509_LU_FAIL)
235 {
236 X509_OBJECT_free_contents(&obj);
237 /* not good :-(, break anyway */
238 return(ok);
239 }
240 break;
241 }
242 x=obj.data.x509;
243 if (!sk_push(ctx->chain,(char *)obj.data.x509))
244 { 245 {
245 X509_OBJECT_free_contents(&obj); 246 X509_free(xtmp);
246 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); 247 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
247 return(0); 248 return 0;
248 } 249 }
249 num++; 250 num++;
250 } 251 }
251 252
252 /* we now have our chain, lets check it... */ 253 /* we now have our chain, lets check it... */
253 xn=X509_get_issuer_name(x); 254 xn=X509_get_issuer_name(x);
254 if (X509_NAME_cmp(X509_get_subject_name(x),xn) != 0) 255
256 /* Is last certificate looked up self signed? */
257 if (!ctx->check_issued(ctx,x,x))
255 { 258 {
256 if ((chain_ss == NULL) || (X509_NAME_cmp(X509_get_subject_name(chain_ss),xn) != 0)) 259 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
257 { 260 {
258 if (ctx->last_untrusted >= num) 261 if (ctx->last_untrusted >= num)
259 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; 262 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
@@ -264,7 +267,7 @@ X509_STORE_CTX *ctx;
264 else 267 else
265 { 268 {
266 269
267 sk_push(ctx->chain,(char *)chain_ss); 270 sk_X509_push(ctx->chain,chain_ss);
268 num++; 271 num++;
269 ctx->last_untrusted=num; 272 ctx->last_untrusted=num;
270 ctx->current_cert=chain_ss; 273 ctx->current_cert=chain_ss;
@@ -277,37 +280,369 @@ X509_STORE_CTX *ctx;
277 if (!ok) goto end; 280 if (!ok) goto end;
278 } 281 }
279 282
283 /* We have the chain complete: now we need to check its purpose */
284 if (ctx->purpose > 0) ok = check_chain_purpose(ctx);
285
286 if (!ok) goto end;
287
288 /* The chain extensions are OK: check trust */
289
290 if (ctx->trust > 0) ok = check_trust(ctx);
291
292 if (!ok) goto end;
293
280 /* We may as well copy down any DSA parameters that are required */ 294 /* We may as well copy down any DSA parameters that are required */
281 X509_get_pubkey_parameters(NULL,ctx->chain); 295 X509_get_pubkey_parameters(NULL,ctx->chain);
282 296
297 /* Check revocation status: we do this after copying parameters
298 * because they may be needed for CRL signature verification.
299 */
300
301 ok = ctx->check_revocation(ctx);
302 if(!ok) goto end;
303
283 /* At this point, we have a chain and just need to verify it */ 304 /* At this point, we have a chain and just need to verify it */
284 if (ctx->ctx->verify != NULL) 305 if (ctx->verify != NULL)
285 ok=ctx->ctx->verify(ctx); 306 ok=ctx->verify(ctx);
286 else 307 else
287 ok=internal_verify(ctx); 308 ok=internal_verify(ctx);
309 if (0)
310 {
288end: 311end:
289 if (sktmp != NULL) sk_free(sktmp); 312 X509_get_pubkey_parameters(NULL,ctx->chain);
313 }
314 if (sktmp != NULL) sk_X509_free(sktmp);
290 if (chain_ss != NULL) X509_free(chain_ss); 315 if (chain_ss != NULL) X509_free(chain_ss);
291 return(ok); 316 return ok;
317 }
318
319
320/* Given a STACK_OF(X509) find the issuer of cert (if any)
321 */
322
323static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
324{
325 int i;
326 X509 *issuer;
327 for (i = 0; i < sk_X509_num(sk); i++)
328 {
329 issuer = sk_X509_value(sk, i);
330 if (ctx->check_issued(ctx, x, issuer))
331 return issuer;
332 }
333 return NULL;
334}
335
336/* Given a possible certificate and issuer check them */
337
338static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
339{
340 int ret;
341 ret = X509_check_issued(issuer, x);
342 if (ret == X509_V_OK)
343 return 1;
344 /* If we haven't asked for issuer errors don't set ctx */
345 if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
346 return 0;
347
348 ctx->error = ret;
349 ctx->current_cert = x;
350 ctx->current_issuer = issuer;
351 return ctx->verify_cb(0, ctx);
352 return 0;
353}
354
355/* Alternative lookup method: look from a STACK stored in other_ctx */
356
357static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
358{
359 *issuer = find_issuer(ctx, ctx->other_ctx, x);
360 if (*issuer)
361 {
362 CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
363 return 1;
364 }
365 else
366 return 0;
367}
368
369
370/* Check a certificate chains extensions for consistency
371 * with the supplied purpose
372 */
373
374static int check_chain_purpose(X509_STORE_CTX *ctx)
375{
376#ifdef OPENSSL_NO_CHAIN_VERIFY
377 return 1;
378#else
379 int i, ok=0;
380 X509 *x;
381 int (*cb)();
382 cb=ctx->verify_cb;
383 /* Check all untrusted certificates */
384 for (i = 0; i < ctx->last_untrusted; i++)
385 {
386 x = sk_X509_value(ctx->chain, i);
387 if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
388 && (x->ex_flags & EXFLAG_CRITICAL))
389 {
390 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
391 ctx->error_depth = i;
392 ctx->current_cert = x;
393 ok=cb(0,ctx);
394 if (!ok) goto end;
395 }
396 if (!X509_check_purpose(x, ctx->purpose, i))
397 {
398 if (i)
399 ctx->error = X509_V_ERR_INVALID_CA;
400 else
401 ctx->error = X509_V_ERR_INVALID_PURPOSE;
402 ctx->error_depth = i;
403 ctx->current_cert = x;
404 ok=cb(0,ctx);
405 if (!ok) goto end;
406 }
407 /* Check pathlen */
408 if ((i > 1) && (x->ex_pathlen != -1)
409 && (i > (x->ex_pathlen + 1)))
410 {
411 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
412 ctx->error_depth = i;
413 ctx->current_cert = x;
414 ok=cb(0,ctx);
415 if (!ok) goto end;
416 }
417 }
418 ok = 1;
419 end:
420 return ok;
421#endif
422}
423
424static int check_trust(X509_STORE_CTX *ctx)
425{
426#ifdef OPENSSL_NO_CHAIN_VERIFY
427 return 1;
428#else
429 int i, ok;
430 X509 *x;
431 int (*cb)();
432 cb=ctx->verify_cb;
433/* For now just check the last certificate in the chain */
434 i = sk_X509_num(ctx->chain) - 1;
435 x = sk_X509_value(ctx->chain, i);
436 ok = X509_check_trust(x, ctx->trust, 0);
437 if (ok == X509_TRUST_TRUSTED)
438 return 1;
439 ctx->error_depth = i;
440 ctx->current_cert = x;
441 if (ok == X509_TRUST_REJECTED)
442 ctx->error = X509_V_ERR_CERT_REJECTED;
443 else
444 ctx->error = X509_V_ERR_CERT_UNTRUSTED;
445 ok = cb(0, ctx);
446 return ok;
447#endif
448}
449
450static int check_revocation(X509_STORE_CTX *ctx)
451 {
452 int i, last, ok;
453 if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
454 return 1;
455 if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
456 last = 0;
457 else
458 last = sk_X509_num(ctx->chain) - 1;
459 for(i = 0; i <= last; i++)
460 {
461 ctx->error_depth = i;
462 ok = check_cert(ctx);
463 if (!ok) return ok;
464 }
465 return 1;
466 }
467
468static int check_cert(X509_STORE_CTX *ctx)
469 {
470 X509_CRL *crl = NULL;
471 X509 *x;
472 int ok, cnum;
473 cnum = ctx->error_depth;
474 x = sk_X509_value(ctx->chain, cnum);
475 ctx->current_cert = x;
476 /* Try to retrieve relevant CRL */
477 ok = ctx->get_crl(ctx, &crl, x);
478 /* If error looking up CRL, nothing we can do except
479 * notify callback
480 */
481 if(!ok)
482 {
483 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
484 ok = ctx->verify_cb(0, ctx);
485 goto err;
486 }
487 ctx->current_crl = crl;
488 ok = ctx->check_crl(ctx, crl);
489 if (!ok) goto err;
490 ok = ctx->cert_crl(ctx, crl, x);
491 err:
492 ctx->current_crl = NULL;
493 X509_CRL_free(crl);
494 return ok;
495
496 }
497
498/* Retrieve CRL corresponding to certificate: currently just a
499 * subject lookup: maybe use AKID later...
500 * Also might look up any included CRLs too (e.g PKCS#7 signedData).
501 */
502static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x)
503 {
504 int ok;
505 X509_OBJECT xobj;
506 ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj);
507 if (!ok) return 0;
508 *crl = xobj.data.crl;
509 return 1;
510 }
511
512/* Check CRL validity */
513static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
514 {
515 X509 *issuer = NULL;
516 EVP_PKEY *ikey = NULL;
517 int ok = 0, chnum, cnum, i;
518 time_t *ptime;
519 cnum = ctx->error_depth;
520 chnum = sk_X509_num(ctx->chain) - 1;
521 /* Find CRL issuer: if not last certificate then issuer
522 * is next certificate in chain.
523 */
524 if(cnum < chnum)
525 issuer = sk_X509_value(ctx->chain, cnum + 1);
526 else
527 {
528 issuer = sk_X509_value(ctx->chain, chnum);
529 /* If not self signed, can't check signature */
530 if(!ctx->check_issued(ctx, issuer, issuer))
531 {
532 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
533 ok = ctx->verify_cb(0, ctx);
534 if(!ok) goto err;
535 }
536 }
537
538 if(issuer)
539 {
540
541 /* Attempt to get issuer certificate public key */
542 ikey = X509_get_pubkey(issuer);
543
544 if(!ikey)
545 {
546 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
547 ok = ctx->verify_cb(0, ctx);
548 if (!ok) goto err;
549 }
550 else
551 {
552 /* Verify CRL signature */
553 if(X509_CRL_verify(crl, ikey) <= 0)
554 {
555 ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
556 ok = ctx->verify_cb(0, ctx);
557 if (!ok) goto err;
558 }
559 }
560 }
561
562 /* OK, CRL signature valid check times */
563 if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
564 ptime = &ctx->check_time;
565 else
566 ptime = NULL;
567
568 i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
569 if (i == 0)
570 {
571 ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
572 ok = ctx->verify_cb(0, ctx);
573 if (!ok) goto err;
574 }
575
576 if (i > 0)
577 {
578 ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
579 ok = ctx->verify_cb(0, ctx);
580 if (!ok) goto err;
581 }
582
583 if(X509_CRL_get_nextUpdate(crl))
584 {
585 i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
586
587 if (i == 0)
588 {
589 ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
590 ok = ctx->verify_cb(0, ctx);
591 if (!ok) goto err;
592 }
593
594 if (i < 0)
595 {
596 ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
597 ok = ctx->verify_cb(0, ctx);
598 if (!ok) goto err;
599 }
600 }
601
602 ok = 1;
603
604 err:
605 EVP_PKEY_free(ikey);
606 return ok;
607 }
608
609/* Check certificate against CRL */
610static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
611 {
612 int idx, ok;
613 X509_REVOKED rtmp;
614 /* Look for serial number of certificate in CRL */
615 rtmp.serialNumber = X509_get_serialNumber(x);
616 idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
617 /* Not found: OK */
618 if(idx == -1) return 1;
619 /* Otherwise revoked: want something cleverer than
620 * this to handle entry extensions in V2 CRLs.
621 */
622 ctx->error = X509_V_ERR_CERT_REVOKED;
623 ok = ctx->verify_cb(0, ctx);
624 return ok;
292 } 625 }
293 626
294static int internal_verify(ctx) 627static int internal_verify(X509_STORE_CTX *ctx)
295X509_STORE_CTX *ctx;
296 { 628 {
297 int i,ok=0,n; 629 int i,ok=0,n;
298 X509 *xs,*xi; 630 X509 *xs,*xi;
299 EVP_PKEY *pkey=NULL; 631 EVP_PKEY *pkey=NULL;
632 time_t *ptime;
300 int (*cb)(); 633 int (*cb)();
301 634
302 cb=ctx->ctx->verify_cb; 635 cb=ctx->verify_cb;
303 if (cb == NULL) cb=null_callback;
304 636
305 n=sk_num(ctx->chain); 637 n=sk_X509_num(ctx->chain);
306 ctx->error_depth=n-1; 638 ctx->error_depth=n-1;
307 n--; 639 n--;
308 xi=(X509 *)sk_value(ctx->chain,n); 640 xi=sk_X509_value(ctx->chain,n);
309 if (X509_NAME_cmp(X509_get_subject_name(xi), 641 if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
310 X509_get_issuer_name(xi)) == 0) 642 ptime = &ctx->check_time;
643 else
644 ptime = NULL;
645 if (ctx->check_issued(ctx, xi, xi))
311 xs=xi; 646 xs=xi;
312 else 647 else
313 { 648 {
@@ -322,7 +657,7 @@ X509_STORE_CTX *ctx;
322 { 657 {
323 n--; 658 n--;
324 ctx->error_depth=n; 659 ctx->error_depth=n;
325 xs=(X509 *)sk_value(ctx->chain,n); 660 xs=sk_X509_value(ctx->chain,n);
326 } 661 }
327 } 662 }
328 663
@@ -340,15 +675,27 @@ X509_STORE_CTX *ctx;
340 if (!ok) goto end; 675 if (!ok) goto end;
341 } 676 }
342 if (X509_verify(xs,pkey) <= 0) 677 if (X509_verify(xs,pkey) <= 0)
678 /* XXX For the final trusted self-signed cert,
679 * this is a waste of time. That check should
680 * optional so that e.g. 'openssl x509' can be
681 * used to detect invalid self-signatures, but
682 * we don't verify again and again in SSL
683 * handshakes and the like once the cert has
684 * been declared trusted. */
343 { 685 {
344 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; 686 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
345 ctx->current_cert=xs; 687 ctx->current_cert=xs;
346 ok=(*cb)(0,ctx); 688 ok=(*cb)(0,ctx);
347 if (!ok) goto end; 689 if (!ok)
690 {
691 EVP_PKEY_free(pkey);
692 goto end;
693 }
348 } 694 }
695 EVP_PKEY_free(pkey);
349 pkey=NULL; 696 pkey=NULL;
350 697
351 i=X509_cmp_current_time(X509_get_notBefore(xs)); 698 i=X509_cmp_time(X509_get_notBefore(xs), ptime);
352 if (i == 0) 699 if (i == 0)
353 { 700 {
354 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; 701 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
@@ -366,7 +713,7 @@ X509_STORE_CTX *ctx;
366 xs->valid=1; 713 xs->valid=1;
367 } 714 }
368 715
369 i=X509_cmp_current_time(X509_get_notAfter(xs)); 716 i=X509_cmp_time(X509_get_notAfter(xs), ptime);
370 if (i == 0) 717 if (i == 0)
371 { 718 {
372 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; 719 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
@@ -383,8 +730,6 @@ X509_STORE_CTX *ctx;
383 if (!ok) goto end; 730 if (!ok) goto end;
384 } 731 }
385 732
386 /* CRL CHECK */
387
388 /* The last error (if any) is still in the error value */ 733 /* The last error (if any) is still in the error value */
389 ctx->current_cert=xs; 734 ctx->current_cert=xs;
390 ok=(*cb)(1,ctx); 735 ok=(*cb)(1,ctx);
@@ -394,19 +739,23 @@ X509_STORE_CTX *ctx;
394 if (n >= 0) 739 if (n >= 0)
395 { 740 {
396 xi=xs; 741 xi=xs;
397 xs=(X509 *)sk_value(ctx->chain,n); 742 xs=sk_X509_value(ctx->chain,n);
398 } 743 }
399 } 744 }
400 ok=1; 745 ok=1;
401end: 746end:
402 return(ok); 747 return ok;
403 } 748 }
404 749
405int X509_cmp_current_time(ctm) 750int X509_cmp_current_time(ASN1_TIME *ctm)
406ASN1_UTCTIME *ctm; 751{
752 return X509_cmp_time(ctm, NULL);
753}
754
755int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
407 { 756 {
408 char *str; 757 char *str;
409 ASN1_UTCTIME atm; 758 ASN1_TIME atm;
410 time_t offset; 759 time_t offset;
411 char buff1[24],buff2[24],*p; 760 char buff1[24],buff2[24],*p;
412 int i,j; 761 int i,j;
@@ -414,14 +763,35 @@ ASN1_UTCTIME *ctm;
414 p=buff1; 763 p=buff1;
415 i=ctm->length; 764 i=ctm->length;
416 str=(char *)ctm->data; 765 str=(char *)ctm->data;
417 if ((i < 11) || (i > 17)) return(0); 766 if (ctm->type == V_ASN1_UTCTIME)
418 memcpy(p,str,10); 767 {
419 p+=10; 768 if ((i < 11) || (i > 17)) return 0;
420 str+=10; 769 memcpy(p,str,10);
770 p+=10;
771 str+=10;
772 }
773 else
774 {
775 if (i < 13) return 0;
776 memcpy(p,str,12);
777 p+=12;
778 str+=12;
779 }
421 780
422 if ((*str == 'Z') || (*str == '-') || (*str == '+')) 781 if ((*str == 'Z') || (*str == '-') || (*str == '+'))
423 { *(p++)='0'; *(p++)='0'; } 782 { *(p++)='0'; *(p++)='0'; }
424 else { *(p++)= *(str++); *(p++)= *(str++); } 783 else
784 {
785 *(p++)= *(str++);
786 *(p++)= *(str++);
787 /* Skip any fractional seconds... */
788 if (*str == '.')
789 {
790 str++;
791 while ((*str >= '0') && (*str <= '9')) str++;
792 }
793
794 }
425 *(p++)='Z'; 795 *(p++)='Z';
426 *(p++)='\0'; 796 *(p++)='\0';
427 797
@@ -430,275 +800,388 @@ ASN1_UTCTIME *ctm;
430 else 800 else
431 { 801 {
432 if ((*str != '+') && (str[5] != '-')) 802 if ((*str != '+') && (str[5] != '-'))
433 return(0); 803 return 0;
434 offset=((str[1]-'0')*10+(str[2]-'0'))*60; 804 offset=((str[1]-'0')*10+(str[2]-'0'))*60;
435 offset+=(str[3]-'0')*10+(str[4]-'0'); 805 offset+=(str[3]-'0')*10+(str[4]-'0');
436 if (*str == '-') 806 if (*str == '-')
437 offset=-offset; 807 offset= -offset;
438 } 808 }
439 atm.type=V_ASN1_UTCTIME; 809 atm.type=ctm->type;
440 atm.length=sizeof(buff2); 810 atm.length=sizeof(buff2);
441 atm.data=(unsigned char *)buff2; 811 atm.data=(unsigned char *)buff2;
442 812
443 X509_gmtime_adj(&atm,-offset); 813 X509_time_adj(&atm,-offset*60, cmp_time);
444 814
445 i=(buff1[0]-'0')*10+(buff1[1]-'0'); 815 if (ctm->type == V_ASN1_UTCTIME)
446 if (i < 70) i+=100; 816 {
447 j=(buff2[0]-'0')*10+(buff2[1]-'0'); 817 i=(buff1[0]-'0')*10+(buff1[1]-'0');
448 if (j < 70) j+=100; 818 if (i < 50) i+=100; /* cf. RFC 2459 */
819 j=(buff2[0]-'0')*10+(buff2[1]-'0');
820 if (j < 50) j+=100;
449 821
450 if (i < j) return (-1); 822 if (i < j) return -1;
451 if (i > j) return (1); 823 if (i > j) return 1;
824 }
452 i=strcmp(buff1,buff2); 825 i=strcmp(buff1,buff2);
453 if (i == 0) /* wait a second then return younger :-) */ 826 if (i == 0) /* wait a second then return younger :-) */
454 return(-1); 827 return -1;
455 else 828 else
456 return(i); 829 return i;
457 } 830 }
458 831
459ASN1_UTCTIME *X509_gmtime_adj(s, adj) 832ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
460ASN1_UTCTIME *s; 833{
461long adj; 834 return X509_time_adj(s, adj, NULL);
835}
836
837ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
462 { 838 {
463 time_t t; 839 time_t t;
840 int type = -1;
841
842 if (in_tm) t = *in_tm;
843 else time(&t);
464 844
465 time(&t);
466 t+=adj; 845 t+=adj;
467 return(ASN1_UTCTIME_set(s,t)); 846 if (s) type = s->type;
847 if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
848 if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
849 return ASN1_TIME_set(s, t);
468 } 850 }
469 851
470int X509_get_pubkey_parameters(pkey,chain) 852int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
471EVP_PKEY *pkey;
472STACK *chain;
473 { 853 {
474 EVP_PKEY *ktmp=NULL,*ktmp2; 854 EVP_PKEY *ktmp=NULL,*ktmp2;
475 int i,j; 855 int i,j;
476 856
477 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1); 857 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
478 858
479 for (i=0; i<sk_num(chain); i++) 859 for (i=0; i<sk_X509_num(chain); i++)
480 { 860 {
481 ktmp=X509_get_pubkey((X509 *)sk_value(chain,i)); 861 ktmp=X509_get_pubkey(sk_X509_value(chain,i));
482 if (ktmp == NULL) 862 if (ktmp == NULL)
483 { 863 {
484 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); 864 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
485 return(0); 865 return 0;
486 } 866 }
487 if (!EVP_PKEY_missing_parameters(ktmp)) 867 if (!EVP_PKEY_missing_parameters(ktmp))
488 break; 868 break;
489 else 869 else
490 { 870 {
871 EVP_PKEY_free(ktmp);
491 ktmp=NULL; 872 ktmp=NULL;
492 } 873 }
493 } 874 }
494 if (ktmp == NULL) 875 if (ktmp == NULL)
495 { 876 {
496 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); 877 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
497 return(0); 878 return 0;
498 } 879 }
499 880
500 /* first, populate the other certs */ 881 /* first, populate the other certs */
501 for (j=i-1; j >= 0; j--) 882 for (j=i-1; j >= 0; j--)
502 { 883 {
503 ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j)); 884 ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
504 EVP_PKEY_copy_parameters(ktmp2,ktmp); 885 EVP_PKEY_copy_parameters(ktmp2,ktmp);
886 EVP_PKEY_free(ktmp2);
505 } 887 }
506 888
507 if (pkey != NULL) 889 if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
508 EVP_PKEY_copy_parameters(pkey,ktmp); 890 EVP_PKEY_free(ktmp);
509 return(1); 891 return 1;
510 } 892 }
511 893
512EVP_PKEY *X509_get_pubkey(x) 894int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
513X509 *x; 895 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
514 { 896 {
515 if ((x == NULL) || (x->cert_info == NULL)) 897 /* This function is (usually) called only once, by
516 return(NULL); 898 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
517 return(X509_PUBKEY_get(x->cert_info->key)); 899 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
900 new_func, dup_func, free_func);
518 } 901 }
519 902
520int X509_check_private_key(x,k) 903int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
521X509 *x;
522EVP_PKEY *k;
523 { 904 {
524 EVP_PKEY *xk=NULL; 905 return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
525 int ok=0;
526
527 xk=X509_get_pubkey(x);
528 if (xk->type != k->type) goto err;
529 switch (k->type)
530 {
531#ifndef NO_RSA
532 case EVP_PKEY_RSA:
533 if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err;
534 if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err;
535 break;
536#endif
537#ifndef NO_DSA
538 case EVP_PKEY_DSA:
539 if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
540 goto err;
541 break;
542#endif
543#ifndef NO_DH
544 case EVP_PKEY_DH:
545 /* No idea */
546 goto err;
547#endif
548 default:
549 goto err;
550 }
551
552 ok=1;
553err:
554 return(ok);
555 } 906 }
556 907
557int X509_STORE_add_cert(ctx,x) 908void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
558X509_STORE *ctx;
559X509 *x;
560 { 909 {
561 X509_OBJECT *obj,*r; 910 return CRYPTO_get_ex_data(&ctx->ex_data,idx);
562 int ret=1; 911 }
563
564 if (x == NULL) return(0);
565 obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
566 if (obj == NULL)
567 {
568 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
569 return(0);
570 }
571 obj->type=X509_LU_X509;
572 obj->data.x509=x;
573
574 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
575 912
576 X509_OBJECT_up_ref_count(obj); 913int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
914 {
915 return ctx->error;
916 }
577 917
578 r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj); 918void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
579 if (r != NULL) 919 {
580 { /* oops, put it back */ 920 ctx->error=err;
581 lh_delete(ctx->certs,(char *)obj); 921 }
582 X509_OBJECT_free_contents(obj);
583 Free(obj);
584 lh_insert(ctx->certs,(char *)r);
585 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
586 ret=0;
587 }
588 922
589 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 923int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
924 {
925 return ctx->error_depth;
926 }
590 927
591 return(ret); 928X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
929 {
930 return ctx->current_cert;
592 } 931 }
593 932
594int X509_STORE_add_crl(ctx,x) 933STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
595X509_STORE *ctx;
596X509_CRL *x;
597 { 934 {
598 X509_OBJECT *obj,*r; 935 return ctx->chain;
599 int ret=1; 936 }
600 937
601 if (x == NULL) return(0); 938STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
602 obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT)); 939 {
603 if (obj == NULL) 940 int i;
941 X509 *x;
942 STACK_OF(X509) *chain;
943 if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
944 for (i = 0; i < sk_X509_num(chain); i++)
604 { 945 {
605 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); 946 x = sk_X509_value(chain, i);
606 return(0); 947 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
607 } 948 }
608 obj->type=X509_LU_CRL; 949 return chain;
609 obj->data.crl=x;
610
611 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
612
613 X509_OBJECT_up_ref_count(obj);
614
615 r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
616 if (r != NULL)
617 { /* oops, put it back */
618 lh_delete(ctx->certs,(char *)obj);
619 X509_OBJECT_free_contents(obj);
620 Free(obj);
621 lh_insert(ctx->certs,(char *)r);
622 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
623 ret=0;
624 }
625
626 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
627
628 return(ret);
629 } 950 }
630 951
631int X509_STORE_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func) 952void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
632long argl;
633char *argp;
634int (*new_func)();
635int (*dup_func)();
636void (*free_func)();
637 {
638 x509_store_ctx_num++;
639 return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
640 &x509_store_ctx_method,
641 argl,argp,new_func,dup_func,free_func));
642 }
643
644int X509_STORE_CTX_set_ex_data(ctx,idx,data)
645X509_STORE_CTX *ctx;
646int idx;
647char *data;
648 { 953 {
649 return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data)); 954 ctx->cert=x;
650 } 955 }
651 956
652char *X509_STORE_CTX_get_ex_data(ctx,idx) 957void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
653X509_STORE_CTX *ctx;
654int idx;
655 { 958 {
656 return(CRYPTO_get_ex_data(&ctx->ex_data,idx)); 959 ctx->untrusted=sk;
657 } 960 }
658 961
659int X509_STORE_CTX_get_error(ctx) 962int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
660X509_STORE_CTX *ctx;
661 { 963 {
662 return(ctx->error); 964 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
663 } 965 }
664 966
665void X509_STORE_CTX_set_error(ctx,err) 967int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
666X509_STORE_CTX *ctx;
667int err;
668 { 968 {
669 ctx->error=err; 969 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
670 } 970 }
671 971
672int X509_STORE_CTX_get_error_depth(ctx) 972/* This function is used to set the X509_STORE_CTX purpose and trust
673X509_STORE_CTX *ctx; 973 * values. This is intended to be used when another structure has its
974 * own trust and purpose values which (if set) will be inherited by
975 * the ctx. If they aren't set then we will usually have a default
976 * purpose in mind which should then be used to set the trust value.
977 * An example of this is SSL use: an SSL structure will have its own
978 * purpose and trust settings which the application can set: if they
979 * aren't set then we use the default of SSL client/server.
980 */
981
982int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
983 int purpose, int trust)
984{
985 int idx;
986 /* If purpose not set use default */
987 if (!purpose) purpose = def_purpose;
988 /* If we have a purpose then check it is valid */
989 if (purpose)
990 {
991 X509_PURPOSE *ptmp;
992 idx = X509_PURPOSE_get_by_id(purpose);
993 if (idx == -1)
994 {
995 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
996 X509_R_UNKNOWN_PURPOSE_ID);
997 return 0;
998 }
999 ptmp = X509_PURPOSE_get0(idx);
1000 if (ptmp->trust == X509_TRUST_DEFAULT)
1001 {
1002 idx = X509_PURPOSE_get_by_id(def_purpose);
1003 if (idx == -1)
1004 {
1005 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
1006 X509_R_UNKNOWN_PURPOSE_ID);
1007 return 0;
1008 }
1009 ptmp = X509_PURPOSE_get0(idx);
1010 }
1011 /* If trust not set then get from purpose default */
1012 if (!trust) trust = ptmp->trust;
1013 }
1014 if (trust)
1015 {
1016 idx = X509_TRUST_get_by_id(trust);
1017 if (idx == -1)
1018 {
1019 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
1020 X509_R_UNKNOWN_TRUST_ID);
1021 return 0;
1022 }
1023 }
1024
1025 if (purpose && !ctx->purpose) ctx->purpose = purpose;
1026 if (trust && !ctx->trust) ctx->trust = trust;
1027 return 1;
1028}
1029
1030X509_STORE_CTX *X509_STORE_CTX_new(void)
1031{
1032 X509_STORE_CTX *ctx;
1033 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
1034 if (!ctx)
1035 {
1036 X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
1037 return NULL;
1038 }
1039 memset(ctx, 0, sizeof(X509_STORE_CTX));
1040 return ctx;
1041}
1042
1043void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
1044{
1045 X509_STORE_CTX_cleanup(ctx);
1046 OPENSSL_free(ctx);
1047}
1048
1049int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
1050 STACK_OF(X509) *chain)
674 { 1051 {
675 return(ctx->error_depth); 1052 ctx->ctx=store;
1053 ctx->current_method=0;
1054 ctx->cert=x509;
1055 ctx->untrusted=chain;
1056 ctx->last_untrusted=0;
1057 ctx->check_time=0;
1058 ctx->other_ctx=NULL;
1059 ctx->valid=0;
1060 ctx->chain=NULL;
1061 ctx->depth=9;
1062 ctx->error=0;
1063 ctx->error_depth=0;
1064 ctx->current_cert=NULL;
1065 ctx->current_issuer=NULL;
1066
1067 /* Inherit callbacks and flags from X509_STORE if not set
1068 * use defaults.
1069 */
1070
1071
1072 if (store)
1073 {
1074 ctx->purpose=store->purpose;
1075 ctx->trust=store->trust;
1076 ctx->flags = store->flags;
1077 ctx->cleanup = store->cleanup;
1078 }
1079 else
1080 {
1081 ctx->purpose = 0;
1082 ctx->trust = 0;
1083 ctx->flags = 0;
1084 ctx->cleanup = 0;
1085 }
1086
1087 if (store && store->check_issued)
1088 ctx->check_issued = store->check_issued;
1089 else
1090 ctx->check_issued = check_issued;
1091
1092 if (store && store->get_issuer)
1093 ctx->get_issuer = store->get_issuer;
1094 else
1095 ctx->get_issuer = X509_STORE_CTX_get1_issuer;
1096
1097 if (store && store->verify_cb)
1098 ctx->verify_cb = store->verify_cb;
1099 else
1100 ctx->verify_cb = null_callback;
1101
1102 if (store && store->verify)
1103 ctx->verify = store->verify;
1104 else
1105 ctx->verify = internal_verify;
1106
1107 if (store && store->check_revocation)
1108 ctx->check_revocation = store->check_revocation;
1109 else
1110 ctx->check_revocation = check_revocation;
1111
1112 if (store && store->get_crl)
1113 ctx->get_crl = store->get_crl;
1114 else
1115 ctx->get_crl = get_crl;
1116
1117 if (store && store->check_crl)
1118 ctx->check_crl = store->check_crl;
1119 else
1120 ctx->check_crl = check_crl;
1121
1122 if (store && store->cert_crl)
1123 ctx->cert_crl = store->cert_crl;
1124 else
1125 ctx->cert_crl = cert_crl;
1126
1127
1128 /* This memset() can't make any sense anyway, so it's removed. As
1129 * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
1130 * corresponding "new" here and remove this bogus initialisation. */
1131 /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
1132 if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
1133 &(ctx->ex_data)))
1134 {
1135 OPENSSL_free(ctx);
1136 X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
1137 return 0;
1138 }
1139 return 1;
676 } 1140 }
677 1141
678X509 *X509_STORE_CTX_get_current_cert(ctx) 1142/* Set alternative lookup method: just a STACK of trusted certificates.
679X509_STORE_CTX *ctx; 1143 * This avoids X509_STORE nastiness where it isn't needed.
1144 */
1145
1146void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
1147{
1148 ctx->other_ctx = sk;
1149 ctx->get_issuer = get_issuer_sk;
1150}
1151
1152void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
680 { 1153 {
681 return(ctx->current_cert); 1154 if (ctx->cleanup) ctx->cleanup(ctx);
1155 if (ctx->chain != NULL)
1156 {
1157 sk_X509_pop_free(ctx->chain,X509_free);
1158 ctx->chain=NULL;
1159 }
1160 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
1161 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
682 } 1162 }
683 1163
684STACK *X509_STORE_CTX_get_chain(ctx) 1164void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
685X509_STORE_CTX *ctx;
686 { 1165 {
687 return(ctx->chain); 1166 ctx->flags |= flags;
688 } 1167 }
689 1168
690void X509_STORE_CTX_set_cert(ctx,x) 1169void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
691X509_STORE_CTX *ctx;
692X509 *x;
693 { 1170 {
694 ctx->cert=x; 1171 ctx->check_time = t;
1172 ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
695 } 1173 }
696 1174
697void X509_STORE_CTX_set_chain(ctx,sk) 1175void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
698X509_STORE_CTX *ctx; 1176 int (*verify_cb)(int, X509_STORE_CTX *))
699STACK *sk;
700 { 1177 {
701 ctx->untrusted=sk; 1178 ctx->verify_cb=verify_cb;
702 } 1179 }
703 1180
1181IMPLEMENT_STACK_OF(X509)
1182IMPLEMENT_ASN1_SET_OF(X509)
1183
1184IMPLEMENT_STACK_OF(X509_NAME)
704 1185
1186IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
1187IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index dfc060f899..f0be21f452 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -56,16 +56,26 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef HEADER_X509_H
60#include <openssl/x509.h>
61/* openssl/x509.h ends up #include-ing this file at about the only
62 * appropriate moment. */
63#endif
64
59#ifndef HEADER_X509_VFY_H 65#ifndef HEADER_X509_VFY_H
60#define HEADER_X509_VFY_H 66#define HEADER_X509_VFY_H
61 67
68#ifndef OPENSSL_NO_LHASH
69#include <openssl/lhash.h>
70#endif
71#include <openssl/bio.h>
72#include <openssl/crypto.h>
73#include <openssl/symhacks.h>
74
62#ifdef __cplusplus 75#ifdef __cplusplus
63extern "C" { 76extern "C" {
64#endif 77#endif
65 78
66#include "bio.h"
67#include "crypto.h"
68
69/* Outer object */ 79/* Outer object */
70typedef struct x509_hash_dir_st 80typedef struct x509_hash_dir_st
71 { 81 {
@@ -119,43 +129,66 @@ typedef struct x509_object_st
119 } data; 129 } data;
120 } X509_OBJECT; 130 } X509_OBJECT;
121 131
132typedef struct x509_lookup_st X509_LOOKUP;
133
134DECLARE_STACK_OF(X509_LOOKUP)
135DECLARE_STACK_OF(X509_OBJECT)
136
122/* This is a static that defines the function interface */ 137/* This is a static that defines the function interface */
123typedef struct x509_lookup_method_st 138typedef struct x509_lookup_method_st
124 { 139 {
125 char *name; 140 const char *name;
126 int (*new_item)(); 141 int (*new_item)(X509_LOOKUP *ctx);
127 void (*free)(); 142 void (*free)(X509_LOOKUP *ctx);
128 int (*init)(/* meth, char ** */); 143 int (*init)(X509_LOOKUP *ctx);
129 int (*shutdown)( /* meth, char ** */); 144 int (*shutdown)(X509_LOOKUP *ctx);
130 int (*ctrl)( /* meth, char **, int cmd, char *argp, int argi */); 145 int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
131 int (*get_by_subject)(/* meth, char **, XNAME *, X509 **ret */); 146 char **ret);
132 int (*get_by_issuer_serial)(); 147 int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
133 int (*get_by_fingerprint)(); 148 X509_OBJECT *ret);
134 int (*get_by_alias)(); 149 int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
150 ASN1_INTEGER *serial,X509_OBJECT *ret);
151 int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
152 unsigned char *bytes,int len,
153 X509_OBJECT *ret);
154 int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
155 X509_OBJECT *ret);
135 } X509_LOOKUP_METHOD; 156 } X509_LOOKUP_METHOD;
136 157
137/* This is used to hold everything. It is used for all certificate 158/* This is used to hold everything. It is used for all certificate
138 * validation. Once we have a certificate chain, the 'verify' 159 * validation. Once we have a certificate chain, the 'verify'
139 * function is then called to actually check the cert chain. */ 160 * function is then called to actually check the cert chain. */
140typedef struct x509_store_st 161struct x509_store_st
141 { 162 {
142 /* The following is a cache of trusted certs */ 163 /* The following is a cache of trusted certs */
143 int cache; /* if true, stash any hits */ 164 int cache; /* if true, stash any hits */
144#ifdef HEADER_LHASH_H 165 STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
145 LHASH *certs; /* cached certs; */
146#else
147 char *certs;
148#endif
149 166
150 /* These are external lookup methods */ 167 /* These are external lookup methods */
151 STACK *get_cert_methods;/* X509_LOOKUP */ 168 STACK_OF(X509_LOOKUP) *get_cert_methods;
152 int (*verify)(); /* called to verify a certificate */ 169
153 int (*verify_cb)(); /* error callback */ 170 /* The following fields are not used by X509_STORE but are
171 * inherited by X509_STORE_CTX when it is initialised.
172 */
173
174 unsigned long flags; /* Various verify flags */
175 int purpose;
176 int trust;
177 /* Callbacks for various operations */
178 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
179 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
180 int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
181 int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
182 int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
183 int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
184 int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
185 int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
186 int (*cleanup)(X509_STORE_CTX *ctx);
154 187
155 CRYPTO_EX_DATA ex_data; 188 CRYPTO_EX_DATA ex_data;
156 int references; 189 int references;
157 int depth; /* how deep to look */ 190 int depth; /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
158 } X509_STORE; 191 } /* X509_STORE */;
159 192
160#define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d)) 193#define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d))
161 194
@@ -163,7 +196,7 @@ typedef struct x509_store_st
163#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) 196#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
164 197
165/* This is the functions plus an instance of the local variables. */ 198/* This is the functions plus an instance of the local variables. */
166typedef struct x509_lookup_st 199struct x509_lookup_st
167 { 200 {
168 int init; /* have we been started */ 201 int init; /* have we been started */
169 int skip; /* don't use us. */ 202 int skip; /* don't use us. */
@@ -171,33 +204,53 @@ typedef struct x509_lookup_st
171 char *method_data; /* method data */ 204 char *method_data; /* method data */
172 205
173 X509_STORE *store_ctx; /* who owns us */ 206 X509_STORE *store_ctx; /* who owns us */
174 } X509_LOOKUP; 207 } /* X509_LOOKUP */;
175 208
176/* This is a temporary used when processing cert chains. Since the 209/* This is a used when verifying cert chains. Since the
177 * gathering of the cert chain can take some time (and have to be 210 * gathering of the cert chain can take some time (and have to be
178 * 'retried', this needs to be kept and passed around. */ 211 * 'retried', this needs to be kept and passed around. */
179typedef struct x509_store_state_st 212struct x509_store_ctx_st /* X509_STORE_CTX */
180 { 213 {
181 X509_STORE *ctx; 214 X509_STORE *ctx;
182 int current_method; /* used when looking up certs */ 215 int current_method; /* used when looking up certs */
183 216
184 /* The following are set by the caller */ 217 /* The following are set by the caller */
185 X509 *cert; /* The cert to check */ 218 X509 *cert; /* The cert to check */
186 STACK *untrusted; /* chain of X509s - untrusted - passed in */ 219 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
220 int purpose; /* purpose to check untrusted certificates */
221 int trust; /* trust setting to check */
222 time_t check_time; /* time to make verify at */
223 unsigned long flags; /* Various verify flags */
224 void *other_ctx; /* Other info for use with get_issuer() */
225
226 /* Callbacks for various operations */
227 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
228 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
229 int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
230 int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
231 int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
232 int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
233 int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
234 int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
235 int (*cleanup)(X509_STORE_CTX *ctx);
187 236
188 /* The following is built up */ 237 /* The following is built up */
189 int depth; /* how far to go looking up certs */ 238 int depth; /* how far to go looking up certs */
190 int valid; /* if 0, rebuild chain */ 239 int valid; /* if 0, rebuild chain */
191 int last_untrusted; /* index of last untrusted cert */ 240 int last_untrusted; /* index of last untrusted cert */
192 STACK *chain; /* chain of X509s - built up and trusted */ 241 STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
193 242
194 /* When something goes wrong, this is why */ 243 /* When something goes wrong, this is why */
195 int error_depth; 244 int error_depth;
196 int error; 245 int error;
197 X509 *current_cert; 246 X509 *current_cert;
247 X509 *current_issuer; /* cert currently being tested as valid issuer */
248 X509_CRL *current_crl; /* current CRL */
198 249
199 CRYPTO_EX_DATA ex_data; 250 CRYPTO_EX_DATA ex_data;
200 } X509_STORE_CTX; 251 } /* X509_STORE_CTX */;
252
253#define X509_STORE_CTX_set_depth(ctx,d) ((ctx)->depth=(d))
201 254
202#define X509_STORE_CTX_set_app_data(ctx,data) \ 255#define X509_STORE_CTX_set_app_data(ctx,data) \
203 X509_STORE_CTX_set_ex_data(ctx,0,data) 256 X509_STORE_CTX_set_ex_data(ctx,0,data)
@@ -207,15 +260,14 @@ typedef struct x509_store_state_st
207#define X509_L_FILE_LOAD 1 260#define X509_L_FILE_LOAD 1
208#define X509_L_ADD_DIR 2 261#define X509_L_ADD_DIR 2
209 262
210X509_LOOKUP_METHOD *X509_LOOKUP_file();
211#define X509_LOOKUP_load_file(x,name,type) \ 263#define X509_LOOKUP_load_file(x,name,type) \
212 X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) 264 X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
213 265
214X509_LOOKUP_METHOD *X509_LOOKUP_dir();
215#define X509_LOOKUP_add_dir(x,name,type) \ 266#define X509_LOOKUP_add_dir(x,name,type) \
216 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) 267 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
217 268
218#define X509_V_OK 0 269#define X509_V_OK 0
270/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
219 271
220#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 272#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
221#define X509_V_ERR_UNABLE_TO_GET_CRL 3 273#define X509_V_ERR_UNABLE_TO_GET_CRL 3
@@ -239,21 +291,52 @@ X509_LOOKUP_METHOD *X509_LOOKUP_dir();
239#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 291#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
240#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 292#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
241#define X509_V_ERR_CERT_REVOKED 23 293#define X509_V_ERR_CERT_REVOKED 23
294#define X509_V_ERR_INVALID_CA 24
295#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
296#define X509_V_ERR_INVALID_PURPOSE 26
297#define X509_V_ERR_CERT_UNTRUSTED 27
298#define X509_V_ERR_CERT_REJECTED 28
299/* These are 'informational' when looking for issuer cert */
300#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
301#define X509_V_ERR_AKID_SKID_MISMATCH 30
302#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
303#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
304
305#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
306#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
242 307
243/* The application is not happy */ 308/* The application is not happy */
244#define X509_V_ERR_APPLICATION_VERIFICATION 50 309#define X509_V_ERR_APPLICATION_VERIFICATION 50
245 310
246#ifndef NOPROTO 311/* Certificate verify flags */
247#ifdef HEADER_LHASH_H 312
248X509_OBJECT *X509_OBJECT_retrive_by_subject(LHASH *h,int type,X509_NAME *name); 313#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */
249#endif 314#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */
315#define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs */
316#define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Lookup CRLs for whole chain */
317#define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Ignore unhandled critical extensions */
318
319int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
320 X509_NAME *name);
321X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
322X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
250void X509_OBJECT_up_ref_count(X509_OBJECT *a); 323void X509_OBJECT_up_ref_count(X509_OBJECT *a);
251void X509_OBJECT_free_contents(X509_OBJECT *a); 324void X509_OBJECT_free_contents(X509_OBJECT *a);
252X509_STORE *X509_STORE_new(void ); 325X509_STORE *X509_STORE_new(void );
253void X509_STORE_free(X509_STORE *v); 326void X509_STORE_free(X509_STORE *v);
254 327
255void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, 328void X509_STORE_set_flags(X509_STORE *ctx, long flags);
256 X509 *x509, STACK *chain); 329int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
330int X509_STORE_set_trust(X509_STORE *ctx, int trust);
331
332X509_STORE_CTX *X509_STORE_CTX_new(void);
333
334int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
335
336void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
337int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
338 X509 *x509, STACK_OF(X509) *chain);
339void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
257void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); 340void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
258 341
259X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); 342X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
@@ -267,17 +350,15 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
267int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name, 350int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
268 X509_OBJECT *ret); 351 X509_OBJECT *ret);
269 352
270int X509_LOOKUP_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,long argl,char **ret); 353int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
354 long argl, char **ret);
271 355
272#ifndef NO_STDIO 356#ifndef OPENSSL_NO_STDIO
273int X509_load_cert_file(X509_LOOKUP *ctx, char *file, int type); 357int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
274int X509_load_crl_file(X509_LOOKUP *ctx, char *file, int type); 358int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
359int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
275#endif 360#endif
276 361
277void X509v3_cleanup_extensions(void );
278int X509v3_add_extension(X509_EXTENSION_METHOD *x);
279int X509v3_add_netscape_extensions(void );
280int X509v3_add_standard_extensions(void );
281 362
282X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); 363X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
283void X509_LOOKUP_free(X509_LOOKUP *ctx); 364void X509_LOOKUP_free(X509_LOOKUP *ctx);
@@ -292,84 +373,32 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
292 int len, X509_OBJECT *ret); 373 int len, X509_OBJECT *ret);
293int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); 374int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
294 375
295#ifndef NO_STDIO 376#ifndef OPENSSL_NO_STDIO
296int X509_STORE_load_locations (X509_STORE *ctx, 377int X509_STORE_load_locations (X509_STORE *ctx,
297 char *file, char *dir); 378 const char *file, const char *dir);
298int X509_STORE_set_default_paths(X509_STORE *ctx); 379int X509_STORE_set_default_paths(X509_STORE *ctx);
299#endif 380#endif
300 381
301int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), 382int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
302 int (*dup_func)(), void (*free_func)()); 383 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
303int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,char *data); 384int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
304char * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); 385void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
305int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); 386int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
306void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); 387void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
307int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); 388int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
308X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); 389X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
309STACK * X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); 390STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
391STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
310void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); 392void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
311void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK /* X509 */ *sk); 393void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
312 394int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
313#else 395int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
314 396int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
315#ifdef HEADER_LHASH_H 397 int purpose, int trust);
316X509_OBJECT *X509_OBJECT_retrive_by_subject(); 398void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
317#endif 399void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
318void X509_OBJECT_up_ref_count(); 400void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
319void X509_OBJECT_free_contents(); 401 int (*verify_cb)(int, X509_STORE_CTX *));
320X509_STORE *X509_STORE_new();
321void X509_STORE_free();
322
323void X509_STORE_CTX_init();
324void X509_STORE_CTX_cleanup();
325
326X509_LOOKUP *X509_STORE_add_lookup();
327
328X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir();
329X509_LOOKUP_METHOD *X509_LOOKUP_file();
330
331int X509_STORE_add_cert();
332int X509_STORE_add_crl();
333
334int X509_STORE_get_by_subject();
335
336int X509_LOOKUP_ctrl();
337
338#ifndef NO_STDIO
339int X509_load_cert_file();
340int X509_load_crl_file();
341#endif
342
343void X509v3_cleanup_extensions();
344int X509v3_add_extension();
345int X509v3_add_netscape_extensions();
346int X509v3_add_standard_extensions();
347
348X509_LOOKUP *X509_LOOKUP_new();
349void X509_LOOKUP_free();
350int X509_LOOKUP_init();
351int X509_LOOKUP_by_subject();
352int X509_LOOKUP_by_issuer_serial();
353int X509_LOOKUP_by_fingerprint();
354int X509_LOOKUP_by_alias();
355int X509_LOOKUP_shutdown();
356
357#ifndef NO_STDIO
358int X509_STORE_load_locations ();
359int X509_STORE_set_default_paths();
360#endif
361
362int X509_STORE_CTX_set_ex_data();
363char * X509_STORE_CTX_get_ex_data();
364int X509_STORE_CTX_get_error();
365void X509_STORE_CTX_set_error();
366int X509_STORE_CTX_get_error_depth();
367X509 * X509_STORE_CTX_get_current_cert();
368STACK * X509_STORE_CTX_get_chain();
369void X509_STORE_CTX_set_cert();
370void X509_STORE_CTX_set_chain();
371
372#endif
373 402
374#ifdef __cplusplus 403#ifdef __cplusplus
375} 404}
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
index 650e71b1b5..4c20e03ece 100644
--- a/src/lib/libcrypto/x509/x509name.c
+++ b/src/lib/libcrypto/x509/x509name.c
@@ -57,18 +57,14 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "stack.h" 60#include <openssl/stack.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include "asn1.h" 62#include <openssl/asn1.h>
63#include "objects.h" 63#include <openssl/objects.h>
64#include "evp.h" 64#include <openssl/evp.h>
65#include "x509.h" 65#include <openssl/x509.h>
66 66
67int X509_NAME_get_text_by_NID(name,nid,buf,len) 67int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
68X509_NAME *name;
69int nid;
70char *buf;
71int len;
72 { 68 {
73 ASN1_OBJECT *obj; 69 ASN1_OBJECT *obj;
74 70
@@ -77,11 +73,8 @@ int len;
77 return(X509_NAME_get_text_by_OBJ(name,obj,buf,len)); 73 return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
78 } 74 }
79 75
80int X509_NAME_get_text_by_OBJ(name,obj,buf,len) 76int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
81X509_NAME *name; 77 int len)
82ASN1_OBJECT *obj;
83char *buf;
84int len;
85 { 78 {
86 int i; 79 int i;
87 ASN1_STRING *data; 80 ASN1_STRING *data;
@@ -96,17 +89,13 @@ int len;
96 return(i); 89 return(i);
97 } 90 }
98 91
99int X509_NAME_entry_count(name) 92int X509_NAME_entry_count(X509_NAME *name)
100X509_NAME *name;
101 { 93 {
102 if (name == NULL) return(0); 94 if (name == NULL) return(0);
103 return(sk_num(name->entries)); 95 return(sk_X509_NAME_ENTRY_num(name->entries));
104 } 96 }
105 97
106int X509_NAME_get_index_by_NID(name,nid,lastpos) 98int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
107X509_NAME *name;
108int nid;
109int lastpos;
110 { 99 {
111 ASN1_OBJECT *obj; 100 ASN1_OBJECT *obj;
112 101
@@ -116,61 +105,57 @@ int lastpos;
116 } 105 }
117 106
118/* NOTE: you should be passsing -1, not 0 as lastpos */ 107/* NOTE: you should be passsing -1, not 0 as lastpos */
119int X509_NAME_get_index_by_OBJ(name,obj,lastpos) 108int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
120X509_NAME *name; 109 int lastpos)
121ASN1_OBJECT *obj;
122int lastpos;
123 { 110 {
124 int n; 111 int n;
125 X509_NAME_ENTRY *ne; 112 X509_NAME_ENTRY *ne;
126 STACK *sk; 113 STACK_OF(X509_NAME_ENTRY) *sk;
127 114
128 if (name == NULL) return(-1); 115 if (name == NULL) return(-1);
129 if (lastpos < 0) 116 if (lastpos < 0)
130 lastpos= -1; 117 lastpos= -1;
131 sk=name->entries; 118 sk=name->entries;
132 n=sk_num(sk); 119 n=sk_X509_NAME_ENTRY_num(sk);
133 for (lastpos++; lastpos < n; lastpos++) 120 for (lastpos++; lastpos < n; lastpos++)
134 { 121 {
135 ne=(X509_NAME_ENTRY *)sk_value(sk,lastpos); 122 ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
136 if (OBJ_cmp(ne->object,obj) == 0) 123 if (OBJ_cmp(ne->object,obj) == 0)
137 return(lastpos); 124 return(lastpos);
138 } 125 }
139 return(-1); 126 return(-1);
140 } 127 }
141 128
142X509_NAME_ENTRY *X509_NAME_get_entry(name,loc) 129X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
143X509_NAME *name;
144int loc;
145 { 130 {
146 if ( (name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0)) 131 if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
132 || loc < 0)
147 return(NULL); 133 return(NULL);
148 else 134 else
149 return((X509_NAME_ENTRY *)sk_value(name->entries,loc)); 135 return(sk_X509_NAME_ENTRY_value(name->entries,loc));
150 } 136 }
151 137
152X509_NAME_ENTRY *X509_NAME_delete_entry(name,loc) 138X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
153X509_NAME *name;
154int loc;
155 { 139 {
156 X509_NAME_ENTRY *ret; 140 X509_NAME_ENTRY *ret;
157 int i,j,n,set_prev,set_next; 141 int i,n,set_prev,set_next;
158 STACK *sk; 142 STACK_OF(X509_NAME_ENTRY) *sk;
159 143
160 if ((name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0)) 144 if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
145 || loc < 0)
161 return(NULL); 146 return(NULL);
162 sk=name->entries; 147 sk=name->entries;
163 ret=(X509_NAME_ENTRY *)sk_delete(sk,loc); 148 ret=sk_X509_NAME_ENTRY_delete(sk,loc);
164 n=sk_num(sk); 149 n=sk_X509_NAME_ENTRY_num(sk);
165 name->modified=1; 150 name->modified=1;
166 if (loc == n) return(ret); 151 if (loc == n) return(ret);
167 152
168 /* else we need to fixup the set field */ 153 /* else we need to fixup the set field */
169 if (loc != 0) 154 if (loc != 0)
170 set_prev=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set; 155 set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
171 else 156 else
172 set_prev=ret->set-1; 157 set_prev=ret->set-1;
173 set_next=((X509_NAME_ENTRY *)sk_value(sk,loc))->set; 158 set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
174 159
175 /* set_prev is the previous set 160 /* set_prev is the previous set
176 * set is the current set 161 * set is the current set
@@ -181,29 +166,59 @@ int loc;
181 * so basically only if prev and next differ by 2, then 166 * so basically only if prev and next differ by 2, then
182 * re-number down by 1 */ 167 * re-number down by 1 */
183 if (set_prev+1 < set_next) 168 if (set_prev+1 < set_next)
184 {
185 j=set_next-set_prev-1;
186 for (i=loc; i<n; i++) 169 for (i=loc; i<n; i++)
187 ((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set-=j; 170 sk_X509_NAME_ENTRY_value(sk,i)->set--;
188 }
189 return(ret); 171 return(ret);
190 } 172 }
191 173
174int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
175 unsigned char *bytes, int len, int loc, int set)
176{
177 X509_NAME_ENTRY *ne;
178 int ret;
179 ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
180 if(!ne) return 0;
181 ret = X509_NAME_add_entry(name, ne, loc, set);
182 X509_NAME_ENTRY_free(ne);
183 return ret;
184}
185
186int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
187 unsigned char *bytes, int len, int loc, int set)
188{
189 X509_NAME_ENTRY *ne;
190 int ret;
191 ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
192 if(!ne) return 0;
193 ret = X509_NAME_add_entry(name, ne, loc, set);
194 X509_NAME_ENTRY_free(ne);
195 return ret;
196}
197
198int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
199 unsigned char *bytes, int len, int loc, int set)
200{
201 X509_NAME_ENTRY *ne;
202 int ret;
203 ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
204 if(!ne) return 0;
205 ret = X509_NAME_add_entry(name, ne, loc, set);
206 X509_NAME_ENTRY_free(ne);
207 return ret;
208}
209
192/* if set is -1, append to previous set, 0 'a new one', and 1, 210/* if set is -1, append to previous set, 0 'a new one', and 1,
193 * prepend to the guy we are about to stomp on. */ 211 * prepend to the guy we are about to stomp on. */
194int X509_NAME_add_entry(name,ne,loc,set) 212int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
195X509_NAME *name; 213 int set)
196X509_NAME_ENTRY *ne;
197int loc;
198int set;
199 { 214 {
200 X509_NAME_ENTRY *new_name=NULL; 215 X509_NAME_ENTRY *new_name=NULL;
201 int n,i,inc; 216 int n,i,inc;
202 STACK *sk; 217 STACK_OF(X509_NAME_ENTRY) *sk;
203 218
204 if (name == NULL) return(0); 219 if (name == NULL) return(0);
205 sk=name->entries; 220 sk=name->entries;
206 n=sk_num(sk); 221 n=sk_X509_NAME_ENTRY_num(sk);
207 if (loc > n) loc=n; 222 if (loc > n) loc=n;
208 else if (loc < 0) loc=n; 223 else if (loc < 0) loc=n;
209 224
@@ -218,7 +233,7 @@ int set;
218 } 233 }
219 else 234 else
220 { 235 {
221 set=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set; 236 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
222 inc=0; 237 inc=0;
223 } 238 }
224 } 239 }
@@ -227,45 +242,60 @@ int set;
227 if (loc >= n) 242 if (loc >= n)
228 { 243 {
229 if (loc != 0) 244 if (loc != 0)
230 set=((X509_NAME_ENTRY *) 245 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
231 sk_value(sk,loc-1))->set+1;
232 else 246 else
233 set=0; 247 set=0;
234 } 248 }
235 else 249 else
236 set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set; 250 set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
237 inc=(set == 0)?1:0; 251 inc=(set == 0)?1:0;
238 } 252 }
239 253
240 if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL) 254 if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
241 goto err; 255 goto err;
242 new_name->set=set; 256 new_name->set=set;
243 if (!sk_insert(sk,(char *)new_name,loc)) 257 if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
244 { 258 {
245 X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE); 259 X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
246 goto err; 260 goto err;
247 } 261 }
248 if (inc) 262 if (inc)
249 { 263 {
250 n=sk_num(sk); 264 n=sk_X509_NAME_ENTRY_num(sk);
251 for (i=loc+1; i<n; i++) 265 for (i=loc+1; i<n; i++)
252 ((X509_NAME_ENTRY *)sk_value(sk,i-1))->set+=1; 266 sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
253 } 267 }
254 return(1); 268 return(1);
255err: 269err:
256 if (new_name != NULL) 270 if (new_name != NULL)
257 X509_NAME_ENTRY_free(ne); 271 X509_NAME_ENTRY_free(new_name);
258 return(0); 272 return(0);
259 } 273 }
260 274
261X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(ne,nid,type,bytes,len) 275X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
262X509_NAME_ENTRY **ne; 276 char *field, int type, unsigned char *bytes, int len)
263int nid;
264int type;
265unsigned char *bytes;
266int len;
267 { 277 {
268 ASN1_OBJECT *obj; 278 ASN1_OBJECT *obj;
279 X509_NAME_ENTRY *nentry;
280
281 obj=OBJ_txt2obj(field, 0);
282 if (obj == NULL)
283 {
284 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
285 X509_R_INVALID_FIELD_NAME);
286 ERR_add_error_data(2, "name=", field);
287 return(NULL);
288 }
289 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
290 ASN1_OBJECT_free(obj);
291 return nentry;
292 }
293
294X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
295 int type, unsigned char *bytes, int len)
296 {
297 ASN1_OBJECT *obj;
298 X509_NAME_ENTRY *nentry;
269 299
270 obj=OBJ_nid2obj(nid); 300 obj=OBJ_nid2obj(nid);
271 if (obj == NULL) 301 if (obj == NULL)
@@ -273,15 +303,13 @@ int len;
273 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID); 303 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
274 return(NULL); 304 return(NULL);
275 } 305 }
276 return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len)); 306 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
307 ASN1_OBJECT_free(obj);
308 return nentry;
277 } 309 }
278 310
279X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len) 311X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
280X509_NAME_ENTRY **ne; 312 ASN1_OBJECT *obj, int type, unsigned char *bytes, int len)
281ASN1_OBJECT *obj;
282int type;
283unsigned char *bytes;
284int len;
285 { 313 {
286 X509_NAME_ENTRY *ret; 314 X509_NAME_ENTRY *ret;
287 315
@@ -297,7 +325,7 @@ int len;
297 goto err; 325 goto err;
298 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len)) 326 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
299 goto err; 327 goto err;
300 328
301 if ((ne != NULL) && (*ne == NULL)) *ne=ret; 329 if ((ne != NULL) && (*ne == NULL)) *ne=ret;
302 return(ret); 330 return(ret);
303err: 331err:
@@ -306,9 +334,7 @@ err:
306 return(NULL); 334 return(NULL);
307 } 335 }
308 336
309int X509_NAME_ENTRY_set_object(ne,obj) 337int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
310X509_NAME_ENTRY *ne;
311ASN1_OBJECT *obj;
312 { 338 {
313 if ((ne == NULL) || (obj == NULL)) 339 if ((ne == NULL) || (obj == NULL))
314 { 340 {
@@ -320,15 +346,16 @@ ASN1_OBJECT *obj;
320 return((ne->object == NULL)?0:1); 346 return((ne->object == NULL)?0:1);
321 } 347 }
322 348
323int X509_NAME_ENTRY_set_data(ne,type,bytes,len) 349int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
324X509_NAME_ENTRY *ne; 350 unsigned char *bytes, int len)
325int type;
326unsigned char *bytes;
327int len;
328 { 351 {
329 int i; 352 int i;
330 353
331 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0); 354 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
355 if((type > 0) && (type & MBSTRING_FLAG))
356 return ASN1_STRING_set_by_NID(&ne->value, bytes,
357 len, type,
358 OBJ_obj2nid(ne->object)) ? 1 : 0;
332 if (len < 0) len=strlen((char *)bytes); 359 if (len < 0) len=strlen((char *)bytes);
333 i=ASN1_STRING_set(ne->value,bytes,len); 360 i=ASN1_STRING_set(ne->value,bytes,len);
334 if (!i) return(0); 361 if (!i) return(0);
@@ -342,15 +369,13 @@ int len;
342 return(1); 369 return(1);
343 } 370 }
344 371
345ASN1_OBJECT *X509_NAME_ENTRY_get_object(ne) 372ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
346X509_NAME_ENTRY *ne;
347 { 373 {
348 if (ne == NULL) return(NULL); 374 if (ne == NULL) return(NULL);
349 return(ne->object); 375 return(ne->object);
350 } 376 }
351 377
352ASN1_STRING *X509_NAME_ENTRY_get_data(ne) 378ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
353X509_NAME_ENTRY *ne;
354 { 379 {
355 if (ne == NULL) return(NULL); 380 if (ne == NULL) return(NULL);
356 return(ne->value); 381 return(ne->value);
diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c
index 323b25470a..d9f6b57372 100644
--- a/src/lib/libcrypto/x509/x509rset.c
+++ b/src/lib/libcrypto/x509/x509rset.c
@@ -58,30 +58,24 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "asn1.h" 61#include <openssl/asn1.h>
62#include "objects.h" 62#include <openssl/objects.h>
63#include "evp.h" 63#include <openssl/evp.h>
64#include "x509.h" 64#include <openssl/x509.h>
65 65
66int X509_REQ_set_version(x,version) 66int X509_REQ_set_version(X509_REQ *x, long version)
67X509_REQ *x;
68long version;
69 { 67 {
70 if (x == NULL) return(0); 68 if (x == NULL) return(0);
71 return(ASN1_INTEGER_set(x->req_info->version,version)); 69 return(ASN1_INTEGER_set(x->req_info->version,version));
72 } 70 }
73 71
74int X509_REQ_set_subject_name(x,name) 72int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
75X509_REQ *x;
76X509_NAME *name;
77 { 73 {
78 if ((x == NULL) || (x->req_info == NULL)) return(0); 74 if ((x == NULL) || (x->req_info == NULL)) return(0);
79 return(X509_NAME_set(&x->req_info->subject,name)); 75 return(X509_NAME_set(&x->req_info->subject,name));
80 } 76 }
81 77
82int X509_REQ_set_pubkey(x,pkey) 78int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
83X509_REQ *x;
84EVP_PKEY *pkey;
85 { 79 {
86 if ((x == NULL) || (x->req_info == NULL)) return(0); 80 if ((x == NULL) || (x->req_info == NULL)) return(0);
87 return(X509_PUBKEY_set(&x->req_info->pubkey,pkey)); 81 return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
index b35c3f92e7..4c3af946ec 100644
--- a/src/lib/libcrypto/x509/x509spki.c
+++ b/src/lib/libcrypto/x509/x509spki.c
@@ -59,7 +59,6 @@
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/x509.h> 61#include <openssl/x509.h>
62#include <openssl/asn1_mac.h>
63 62
64int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) 63int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
65{ 64{
@@ -82,7 +81,7 @@ NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
82 int spki_len; 81 int spki_len;
83 NETSCAPE_SPKI *spki; 82 NETSCAPE_SPKI *spki;
84 if(len <= 0) len = strlen(str); 83 if(len <= 0) len = strlen(str);
85 if (!(spki_der = Malloc(len + 1))) { 84 if (!(spki_der = OPENSSL_malloc(len + 1))) {
86 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); 85 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
87 return NULL; 86 return NULL;
88 } 87 }
@@ -90,12 +89,12 @@ NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
90 if(spki_len < 0) { 89 if(spki_len < 0) {
91 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, 90 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
92 X509_R_BASE64_DECODE_ERROR); 91 X509_R_BASE64_DECODE_ERROR);
93 Free(spki_der); 92 OPENSSL_free(spki_der);
94 return NULL; 93 return NULL;
95 } 94 }
96 p = spki_der; 95 p = spki_der;
97 spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len); 96 spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
98 Free(spki_der); 97 OPENSSL_free(spki_der);
99 return spki; 98 return spki;
100} 99}
101 100
@@ -107,8 +106,8 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
107 char *b64_str; 106 char *b64_str;
108 int der_len; 107 int der_len;
109 der_len = i2d_NETSCAPE_SPKI(spki, NULL); 108 der_len = i2d_NETSCAPE_SPKI(spki, NULL);
110 der_spki = Malloc(der_len); 109 der_spki = OPENSSL_malloc(der_len);
111 b64_str = Malloc(der_len * 2); 110 b64_str = OPENSSL_malloc(der_len * 2);
112 if(!der_spki || !b64_str) { 111 if(!der_spki || !b64_str) {
113 X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); 112 X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
114 return NULL; 113 return NULL;
@@ -116,6 +115,6 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
116 p = der_spki; 115 p = der_spki;
117 i2d_NETSCAPE_SPKI(spki, &p); 116 i2d_NETSCAPE_SPKI(spki, &p);
118 EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len); 117 EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
119 Free(der_spki); 118 OPENSSL_free(der_spki);
120 return b64_str; 119 return b64_str;
121} 120}
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
index 42c23bcfca..8e78b34458 100644
--- a/src/lib/libcrypto/x509/x509type.c
+++ b/src/lib/libcrypto/x509/x509type.c
@@ -58,13 +58,11 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "evp.h" 61#include <openssl/evp.h>
62#include "objects.h" 62#include <openssl/objects.h>
63#include "x509.h" 63#include <openssl/x509.h>
64 64
65int X509_certificate_type(x,pkey) 65int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
66X509 *x;
67EVP_PKEY *pkey;
68 { 66 {
69 EVP_PKEY *pk; 67 EVP_PKEY *pk;
70 int ret=0,i; 68 int ret=0,i;
@@ -108,8 +106,9 @@ EVP_PKEY *pkey;
108 break; 106 break;
109 } 107 }
110 108
111 if (EVP_PKEY_size(pkey) <= 512) 109 if (EVP_PKEY_size(pk) <= 512)
112 ret|=EVP_PKT_EXP; 110 ret|=EVP_PKT_EXP;
111 if(pkey==NULL) EVP_PKEY_free(pk);
113 return(ret); 112 return(ret);
114 } 113 }
115 114
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
index b7dde23e9a..fb5015cd4d 100644
--- a/src/lib/libcrypto/x509/x_all.c
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -58,408 +58,431 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#undef SSLEAY_MACROS 60#undef SSLEAY_MACROS
61#include "stack.h" 61#include <openssl/stack.h>
62#include "cryptlib.h" 62#include "cryptlib.h"
63#include "buffer.h" 63#include <openssl/buffer.h>
64#include "asn1.h" 64#include <openssl/asn1.h>
65#include "evp.h" 65#include <openssl/evp.h>
66#include "x509.h" 66#include <openssl/x509.h>
67 67
68int X509_verify(a,r) 68int X509_verify(X509 *a, EVP_PKEY *r)
69X509 *a;
70EVP_PKEY *r;
71 { 69 {
72 return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg, 70 return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
73 a->signature,(char *)a->cert_info,r)); 71 a->signature,a->cert_info,r));
74 } 72 }
75 73
76int X509_REQ_verify(a,r) 74int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
77X509_REQ *a;
78EVP_PKEY *r;
79 { 75 {
80 return( ASN1_verify((int (*)())i2d_X509_REQ_INFO, 76 return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
81 a->sig_alg,a->signature,(char *)a->req_info,r)); 77 a->sig_alg,a->signature,a->req_info,r));
82 } 78 }
83 79
84int X509_CRL_verify(a,r) 80int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
85X509_CRL *a;
86EVP_PKEY *r;
87 { 81 {
88 return(ASN1_verify((int (*)())i2d_X509_CRL_INFO, 82 return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
89 a->sig_alg, a->signature,(char *)a->crl,r)); 83 a->sig_alg, a->signature,a->crl,r));
90 } 84 }
91 85
92int NETSCAPE_SPKI_verify(a,r) 86int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
93NETSCAPE_SPKI *a;
94EVP_PKEY *r;
95 { 87 {
96 return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC, 88 return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
97 a->sig_algor,a->signature, (char *)a->spkac,r)); 89 a->sig_algor,a->signature,a->spkac,r));
98 } 90 }
99 91
100int X509_sign(x,pkey,md) 92int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
101X509 *x;
102EVP_PKEY *pkey;
103EVP_MD *md;
104 { 93 {
105 return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, 94 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
106 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)); 95 x->sig_alg, x->signature, x->cert_info,pkey,md));
107 } 96 }
108 97
109int X509_REQ_sign(x,pkey,md) 98int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
110X509_REQ *x;
111EVP_PKEY *pkey;
112EVP_MD *md;
113 { 99 {
114 return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, 100 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
115 x->signature, (char *)x->req_info,pkey,md)); 101 x->signature, x->req_info,pkey,md));
116 } 102 }
117 103
118int X509_CRL_sign(x,pkey,md) 104int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
119X509_CRL *x;
120EVP_PKEY *pkey;
121EVP_MD *md;
122 { 105 {
123 return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg, 106 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
124 x->sig_alg, x->signature, (char *)x->crl,pkey,md)); 107 x->sig_alg, x->signature, x->crl,pkey,md));
125 } 108 }
126 109
127int NETSCAPE_SPKI_sign(x,pkey,md) 110int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
128NETSCAPE_SPKI *x;
129EVP_PKEY *pkey;
130EVP_MD *md;
131 { 111 {
132 return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, 112 return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
133 x->signature, (char *)x->spkac,pkey,md)); 113 x->signature, x->spkac,pkey,md));
134 } 114 }
135 115
136X509 *X509_dup(x509) 116#ifndef OPENSSL_NO_FP_API
137X509 *x509; 117X509 *d2i_X509_fp(FILE *fp, X509 **x509)
138 { 118 {
139 return((X509 *)ASN1_dup((int (*)())i2d_X509, 119 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
140 (char *(*)())d2i_X509,(char *)x509));
141 } 120 }
142 121
143X509_EXTENSION *X509_EXTENSION_dup(ex) 122int i2d_X509_fp(FILE *fp, X509 *x509)
144X509_EXTENSION *ex;
145 { 123 {
146 return((X509_EXTENSION *)ASN1_dup( 124 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
147 (int (*)())i2d_X509_EXTENSION,
148 (char *(*)())d2i_X509_EXTENSION,(char *)ex));
149 } 125 }
126#endif
150 127
151#ifndef NO_FP_API 128X509 *d2i_X509_bio(BIO *bp, X509 **x509)
152X509 *d2i_X509_fp(fp,x509)
153FILE *fp;
154X509 *x509;
155 { 129 {
156 return((X509 *)ASN1_d2i_fp((char *(*)())X509_new, 130 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
157 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)));
158 } 131 }
159 132
160int i2d_X509_fp(fp,x509) 133int i2d_X509_bio(BIO *bp, X509 *x509)
161FILE *fp;
162X509 *x509;
163 { 134 {
164 return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)); 135 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
165 } 136 }
166#endif
167 137
168X509 *d2i_X509_bio(bp,x509) 138#ifndef OPENSSL_NO_FP_API
169BIO *bp; 139X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
170X509 *x509;
171 { 140 {
172 return((X509 *)ASN1_d2i_bio((char *(*)())X509_new, 141 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
173 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)));
174 } 142 }
175 143
176int i2d_X509_bio(bp,x509) 144int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
177BIO *bp;
178X509 *x509;
179 { 145 {
180 return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)); 146 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
181 } 147 }
148#endif
182 149
183X509_CRL *X509_CRL_dup(crl) 150X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
184X509_CRL *crl;
185 { 151 {
186 return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, 152 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
187 (char *(*)())d2i_X509_CRL,(char *)crl));
188 } 153 }
189 154
190#ifndef NO_FP_API 155int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
191X509_CRL *d2i_X509_CRL_fp(fp,crl)
192FILE *fp;
193X509_CRL *crl;
194 { 156 {
195 return((X509_CRL *)ASN1_d2i_fp((char *(*)()) 157 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
196 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),
197 (unsigned char **)(crl)));
198 } 158 }
199 159
200int i2d_X509_CRL_fp(fp,crl) 160#ifndef OPENSSL_NO_FP_API
201FILE *fp; 161PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
202X509_CRL *crl;
203 { 162 {
204 return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl)); 163 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
205 } 164 }
206#endif
207 165
208X509_CRL *d2i_X509_CRL_bio(bp,crl) 166int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
209BIO *bp;
210X509_CRL *crl;
211 { 167 {
212 return((X509_CRL *)ASN1_d2i_bio((char *(*)()) 168 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
213 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),
214 (unsigned char **)(crl)));
215 } 169 }
170#endif
216 171
217int i2d_X509_CRL_bio(bp,crl) 172PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
218BIO *bp;
219X509_CRL *crl;
220 { 173 {
221 return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl)); 174 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
222 } 175 }
223 176
224PKCS7 *PKCS7_dup(p7) 177int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
225PKCS7 *p7;
226 { 178 {
227 return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, 179 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
228 (char *(*)())d2i_PKCS7,(char *)p7));
229 } 180 }
230 181
231#ifndef NO_FP_API 182#ifndef OPENSSL_NO_FP_API
232PKCS7 *d2i_PKCS7_fp(fp,p7) 183X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
233FILE *fp;
234PKCS7 *p7;
235 { 184 {
236 return((PKCS7 *)ASN1_d2i_fp((char *(*)()) 185 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
237 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),
238 (unsigned char **)(p7)));
239 } 186 }
240 187
241int i2d_PKCS7_fp(fp,p7) 188int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
242FILE *fp;
243PKCS7 *p7;
244 { 189 {
245 return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7)); 190 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
246 } 191 }
247#endif 192#endif
248 193
249PKCS7 *d2i_PKCS7_bio(bp,p7) 194X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
250BIO *bp;
251PKCS7 *p7;
252 { 195 {
253 return((PKCS7 *)ASN1_d2i_bio((char *(*)()) 196 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
254 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),
255 (unsigned char **)(p7)));
256 } 197 }
257 198
258int i2d_PKCS7_bio(bp,p7) 199int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
259BIO *bp;
260PKCS7 *p7;
261 { 200 {
262 return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7)); 201 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
263 } 202 }
264 203
265X509_REQ *X509_REQ_dup(req) 204#ifndef OPENSSL_NO_RSA
266X509_REQ *req; 205
206#ifndef OPENSSL_NO_FP_API
207RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
267 { 208 {
268 return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, 209 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
269 (char *(*)())d2i_X509_REQ,(char *)req));
270 } 210 }
271 211
272#ifndef NO_FP_API 212int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
273X509_REQ *d2i_X509_REQ_fp(fp,req)
274FILE *fp;
275X509_REQ *req;
276 { 213 {
277 return((X509_REQ *)ASN1_d2i_fp((char *(*)()) 214 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
278 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),
279 (unsigned char **)(req)));
280 } 215 }
281 216
282int i2d_X509_REQ_fp(fp,req) 217RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
283FILE *fp;
284X509_REQ *req;
285 { 218 {
286 return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req)); 219 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
287 } 220 }
288#endif
289 221
290X509_REQ *d2i_X509_REQ_bio(bp,req) 222
291BIO *bp; 223RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
292X509_REQ *req;
293 { 224 {
294 return((X509_REQ *)ASN1_d2i_bio((char *(*)()) 225 return((RSA *)ASN1_d2i_fp((char *(*)())
295 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp), 226 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp),
296 (unsigned char **)(req))); 227 (unsigned char **)(rsa)));
297 } 228 }
298 229
299int i2d_X509_REQ_bio(bp,req) 230int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
300BIO *bp;
301X509_REQ *req;
302 { 231 {
303 return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req)); 232 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
304 } 233 }
305 234
306#ifndef NO_RSA 235int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
307RSA *RSAPublicKey_dup(rsa)
308RSA *rsa;
309 { 236 {
310 return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, 237 return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa));
311 (char *(*)())d2i_RSAPublicKey,(char *)rsa));
312 } 238 }
239#endif
313 240
314RSA *RSAPrivateKey_dup(rsa) 241RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
315RSA *rsa;
316 { 242 {
317 return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, 243 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
318 (char *(*)())d2i_RSAPrivateKey,(char *)rsa));
319 } 244 }
320 245
321#ifndef NO_FP_API 246int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
322RSA *d2i_RSAPrivateKey_fp(fp,rsa)
323FILE *fp;
324RSA *rsa;
325 { 247 {
326 return((RSA *)ASN1_d2i_fp((char *(*)()) 248 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
327 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp),
328 (unsigned char **)(rsa)));
329 } 249 }
330 250
331int i2d_RSAPrivateKey_fp(fp,rsa) 251RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
332FILE *fp;
333RSA *rsa;
334 { 252 {
335 return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa)); 253 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
336 } 254 }
337 255
338RSA *d2i_RSAPublicKey_fp(fp,rsa) 256
339FILE *fp; 257RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
340RSA *rsa;
341 { 258 {
342 return((RSA *)ASN1_d2i_fp((char *(*)()) 259 return((RSA *)ASN1_d2i_bio((char *(*)())
343 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), 260 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp),
344 (unsigned char **)(rsa))); 261 (unsigned char **)(rsa)));
345 } 262 }
346 263
347int i2d_RSAPublicKey_fp(fp,rsa) 264int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
348FILE *fp; 265 {
349RSA *rsa; 266 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
267 }
268
269int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
350 { 270 {
351 return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa)); 271 return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa));
352 } 272 }
353#endif 273#endif
354 274
355RSA *d2i_RSAPrivateKey_bio(bp,rsa) 275#ifndef OPENSSL_NO_DSA
356BIO *bp; 276#ifndef OPENSSL_NO_FP_API
357RSA *rsa; 277DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
358 { 278 {
359 return((RSA *)ASN1_d2i_bio((char *(*)()) 279 return((DSA *)ASN1_d2i_fp((char *(*)())
360 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), 280 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
361 (unsigned char **)(rsa))); 281 (unsigned char **)(dsa)));
362 } 282 }
363 283
364int i2d_RSAPrivateKey_bio(bp,rsa) 284int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
365BIO *bp;
366RSA *rsa;
367 { 285 {
368 return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa)); 286 return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
369 } 287 }
370 288
371RSA *d2i_RSAPublicKey_bio(bp,rsa) 289DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
372BIO *bp;
373RSA *rsa;
374 { 290 {
375 return((RSA *)ASN1_d2i_bio((char *(*)()) 291 return((DSA *)ASN1_d2i_fp((char *(*)())
376 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), 292 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp),
377 (unsigned char **)(rsa))); 293 (unsigned char **)(dsa)));
378 } 294 }
379 295
380int i2d_RSAPublicKey_bio(bp,rsa) 296int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
381BIO *bp;
382RSA *rsa;
383 { 297 {
384 return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa)); 298 return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa));
385 } 299 }
386#endif 300#endif
387 301
388#ifndef NO_DSA 302DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
389#ifndef NO_FP_API
390DSA *d2i_DSAPrivateKey_fp(fp,dsa)
391FILE *fp;
392DSA *dsa;
393 { 303 {
394 return((DSA *)ASN1_d2i_fp((char *(*)()) 304 return((DSA *)ASN1_d2i_bio((char *(*)())
395 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), 305 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
396 (unsigned char **)(dsa))); 306 (unsigned char **)(dsa)));
397 } 307 }
398 308
399int i2d_DSAPrivateKey_fp(fp,dsa) 309int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
400FILE *fp;
401DSA *dsa;
402 { 310 {
403 return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa)); 311 return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
404 } 312 }
405#endif
406 313
407DSA *d2i_DSAPrivateKey_bio(bp,dsa) 314DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
408BIO *bp;
409DSA *dsa;
410 { 315 {
411 return((DSA *)ASN1_d2i_bio((char *(*)()) 316 return((DSA *)ASN1_d2i_bio((char *(*)())
412 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), 317 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp),
413 (unsigned char **)(dsa))); 318 (unsigned char **)(dsa)));
414 } 319 }
415 320
416int i2d_DSAPrivateKey_bio(bp,dsa) 321int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
417BIO *bp;
418DSA *dsa;
419 { 322 {
420 return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa)); 323 return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa));
421 } 324 }
325
422#endif 326#endif
423 327
424X509_NAME *X509_NAME_dup(xn) 328int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
425X509_NAME *xn; 329 unsigned int *len)
330 {
331 ASN1_BIT_STRING *key;
332 key = X509_get0_pubkey_bitstr(data);
333 if(!key) return 0;
334 return EVP_Digest(key->data, key->length, md, len, type, NULL);
335 }
336
337int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
338 unsigned int *len)
426 { 339 {
427 return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, 340 return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
428 (char *(*)())d2i_X509_NAME,(char *)xn));
429 } 341 }
430 342
431X509_NAME_ENTRY *X509_NAME_ENTRY_dup(ne) 343int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
432X509_NAME_ENTRY *ne; 344 unsigned int *len)
433 { 345 {
434 return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY, 346 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
435 (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
436 } 347 }
437 348
438int X509_digest(data,type,md,len) 349int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
439X509 *data; 350 unsigned int *len)
440EVP_MD *type;
441unsigned char *md;
442unsigned int *len;
443 { 351 {
444 return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)); 352 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
445 } 353 }
446 354
447int X509_NAME_digest(data,type,md,len) 355int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
448X509_NAME *data; 356 unsigned int *len)
449EVP_MD *type;
450unsigned char *md;
451unsigned int *len;
452 { 357 {
453 return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)); 358 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
454 } 359 }
455 360
456int PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) 361int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
457PKCS7_ISSUER_AND_SERIAL *data; 362 unsigned char *md, unsigned int *len)
458EVP_MD *type;
459unsigned char *md;
460unsigned int *len;
461 { 363 {
462 return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type, 364 return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
463 (char *)data,md,len)); 365 (char *)data,md,len));
464 } 366 }
465 367
368
369#ifndef OPENSSL_NO_FP_API
370X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
371 {
372 return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
373 (char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8)));
374 }
375
376int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
377 {
378 return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8));
379 }
380#endif
381
382X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
383 {
384 return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new,
385 (char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8)));
386 }
387
388int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
389 {
390 return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
391 }
392
393#ifndef OPENSSL_NO_FP_API
394PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
395 PKCS8_PRIV_KEY_INFO **p8inf)
396 {
397 return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp(
398 (char *(*)())PKCS8_PRIV_KEY_INFO_new,
399 (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp),
400 (unsigned char **)(p8inf)));
401 }
402
403int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
404 {
405 return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
406 }
407
408int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
409 {
410 PKCS8_PRIV_KEY_INFO *p8inf;
411 int ret;
412 p8inf = EVP_PKEY2PKCS8(key);
413 if(!p8inf) return 0;
414 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
415 PKCS8_PRIV_KEY_INFO_free(p8inf);
416 return ret;
417 }
418
419int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
420 {
421 return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey));
422 }
423
424EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
425{
426 return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
427 (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
428}
429
430int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
431 {
432 return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey));
433 }
434
435EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
436{
437 return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
438 (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a)));
439}
440
441#endif
442
443PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
444 PKCS8_PRIV_KEY_INFO **p8inf)
445 {
446 return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio(
447 (char *(*)())PKCS8_PRIV_KEY_INFO_new,
448 (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp),
449 (unsigned char **)(p8inf)));
450 }
451
452int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
453 {
454 return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
455 }
456
457int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
458 {
459 PKCS8_PRIV_KEY_INFO *p8inf;
460 int ret;
461 p8inf = EVP_PKEY2PKCS8(key);
462 if(!p8inf) return 0;
463 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
464 PKCS8_PRIV_KEY_INFO_free(p8inf);
465 return ret;
466 }
467
468int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
469 {
470 return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey));
471 }
472
473EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
474 {
475 return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
476 (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
477 }
478
479int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
480 {
481 return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey));
482 }
483
484EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
485 {
486 return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
487 (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a)));
488 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-09 20:00:03 +0000