summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509')
-rw-r--r--src/lib/libcrypto/x509/Makefile.ssl123
-rw-r--r--src/lib/libcrypto/x509/by_dir.c19
-rw-r--r--src/lib/libcrypto/x509/by_file.c63
-rw-r--r--src/lib/libcrypto/x509/x509.h239
-rw-r--r--src/lib/libcrypto/x509/x509_att.c326
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c23
-rw-r--r--src/lib/libcrypto/x509/x509_d2.c8
-rw-r--r--src/lib/libcrypto/x509/x509_def.c2
-rw-r--r--src/lib/libcrypto/x509/x509_err.c17
-rw-r--r--src/lib/libcrypto/x509/x509_ext.c17
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c26
-rw-r--r--src/lib/libcrypto/x509/x509_r2x.c2
-rw-r--r--src/lib/libcrypto/x509/x509_req.c165
-rw-r--r--src/lib/libcrypto/x509/x509_set.c14
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c263
-rw-r--r--src/lib/libcrypto/x509/x509_txt.c11
-rw-r--r--src/lib/libcrypto/x509/x509_v3.c3
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c206
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h20
-rw-r--r--src/lib/libcrypto/x509/x509name.c66
-rw-r--r--src/lib/libcrypto/x509/x509spki.c121
-rw-r--r--src/lib/libcrypto/x509/x_all.c100
22 files changed, 1713 insertions, 121 deletions
diff --git a/src/lib/libcrypto/x509/Makefile.ssl b/src/lib/libcrypto/x509/Makefile.ssl
index c7ac35f6cc..48937b43af 100644
--- a/src/lib/libcrypto/x509/Makefile.ssl
+++ b/src/lib/libcrypto/x509/Makefile.ssl
@@ -23,17 +23,17 @@ APPS=
23 23
24LIB=$(TOP)/libcrypto.a 24LIB=$(TOP)/libcrypto.a
25LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \ 25LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
26 x509_obj.c x509_req.c x509_vfy.c \ 26 x509_obj.c x509_req.c x509spki.c x509_vfy.c \
27 x509_set.c x509rset.c x509_err.c \ 27 x509_set.c x509rset.c x509_err.c \
28 x509name.c x509_v3.c x509_ext.c \ 28 x509name.c x509_v3.c x509_ext.c x509_att.c \
29 x509type.c x509_lu.c x_all.c x509_txt.c \ 29 x509type.c x509_lu.c x_all.c x509_txt.c \
30 by_file.c by_dir.c 30 x509_trs.c by_file.c by_dir.c
31LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \ 31LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
32 x509_obj.o x509_req.o x509_vfy.o \ 32 x509_obj.o x509_req.o x509spki.o x509_vfy.o \
33 x509_set.o x509rset.o x509_err.o \ 33 x509_set.o x509rset.o x509_err.o \
34 x509name.o x509_v3.o x509_ext.o \ 34 x509name.o x509_v3.o x509_ext.o x509_att.o \
35 x509type.o x509_lu.o x_all.o x509_txt.o \ 35 x509type.o x509_lu.o x_all.o x509_txt.o \
36 by_file.o by_dir.o 36 x509_trs.o by_file.o by_dir.o
37 37
38SRC= $(LIBSRC) 38SRC= $(LIBSRC)
39 39
@@ -123,14 +123,33 @@ by_file.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
123by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h 123by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
124by_file.o: ../../include/openssl/stack.h ../../include/openssl/x509.h 124by_file.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
125by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h 125by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
126x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
127x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
128x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
129x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
130x509_att.o: ../../include/openssl/des.h ../../include/openssl/dh.h
131x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
132x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
133x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
134x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
135x509_att.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
136x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
137x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
138x509_att.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
139x509_att.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
140x509_att.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
141x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
142x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
143x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h
126x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 144x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
127x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 145x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
128x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 146x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
129x509_cmp.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 147x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
130x509_cmp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 148x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
131x509_cmp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 149x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
132x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h 150x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
133x509_cmp.o: ../../include/openssl/idea.h ../../include/openssl/md2.h 151x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
152x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
134x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h 153x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
135x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 154x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
136x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h 155x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
@@ -139,7 +158,7 @@ x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
139x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 158x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
140x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 159x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
141x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 160x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
142x509_cmp.o: ../cryptlib.h 161x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h
143x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 162x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
144x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 163x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
145x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 164x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -192,11 +211,12 @@ x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
192x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 211x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
193x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 212x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
194x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 213x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
195x509_ext.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 214x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
196x509_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 215x509_ext.o: ../../include/openssl/des.h ../../include/openssl/dh.h
197x509_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 216x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
198x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h 217x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
199x509_ext.o: ../../include/openssl/idea.h ../../include/openssl/md2.h 218x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
219x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
200x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h 220x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
201x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 221x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
202x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h 222x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
@@ -205,7 +225,7 @@ x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
205x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 225x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
206x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 226x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
207x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 227x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
208x509_ext.o: ../cryptlib.h 228x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h
209x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 229x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
210x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 230x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
211x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 231x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -293,6 +313,24 @@ x509_set.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
293x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 313x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
294x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 314x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
295x509_set.o: ../cryptlib.h 315x509_set.o: ../cryptlib.h
316x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
317x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
318x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
319x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
320x509_trs.o: ../../include/openssl/des.h ../../include/openssl/dh.h
321x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
322x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
323x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
324x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
325x509_trs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
326x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
327x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
328x509_trs.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
329x509_trs.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
330x509_trs.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
331x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
332x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
333x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h
296x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 334x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
297x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 335x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
298x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 336x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -314,11 +352,12 @@ x509_txt.o: ../cryptlib.h
314x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 352x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
315x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 353x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
316x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 354x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
317x509_v3.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 355x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
318x509_v3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 356x509_v3.o: ../../include/openssl/des.h ../../include/openssl/dh.h
319x509_v3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 357x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
320x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h 358x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
321x509_v3.o: ../../include/openssl/idea.h ../../include/openssl/md2.h 359x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
360x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
322x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h 361x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
323x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 362x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
324x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h 363x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
@@ -327,25 +366,25 @@ x509_v3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
327x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 366x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
328x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 367x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
329x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 368x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
330x509_v3.o: ../cryptlib.h 369x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h
331x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 370x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
332x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 371x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
333x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 372x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
334x509_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 373x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
335x509_vfy.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 374x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/dh.h
336x509_vfy.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 375x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
337x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h 376x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
338x509_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h 377x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
339x509_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md5.h 378x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
340x509_vfy.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h 379x509_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
341x509_vfy.o: ../../include/openssl/opensslconf.h 380x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
342x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h 381x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
343x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h 382x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
344x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h 383x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
345x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 384x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
346x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 385x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
347x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 386x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
348x509_vfy.o: ../cryptlib.h 387x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h
349x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 388x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
350x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 389x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
351x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 390x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -380,6 +419,24 @@ x509rset.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
380x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 419x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
381x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 420x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
382x509rset.o: ../cryptlib.h 421x509rset.o: ../cryptlib.h
422x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
423x509spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
424x509spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
425x509spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
426x509spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
427x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
428x509spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
429x509spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
430x509spki.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
431x509spki.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
432x509spki.o: ../../include/openssl/opensslconf.h
433x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
434x509spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
435x509spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
436x509spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
437x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
438x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
439x509spki.o: ../cryptlib.h
383x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 440x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
384x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 441x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
385x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 442x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 734e39ac77..14d12c56bd 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -59,10 +59,18 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include <errno.h> 61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64 62
65#include "cryptlib.h" 63#include "cryptlib.h"
64
65#ifndef NO_SYS_TYPES_H
66# include <sys/types.h>
67#endif
68#ifdef MAC_OS_pre_X
69# include <stat.h>
70#else
71# include <sys/stat.h>
72#endif
73
66#include <openssl/lhash.h> 74#include <openssl/lhash.h>
67#include <openssl/x509.h> 75#include <openssl/x509.h>
68 76
@@ -210,9 +218,9 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
210 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)* 218 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
211 sizeof(int)); 219 sizeof(int));
212 if (ctx->dirs != NULL) 220 if (ctx->dirs != NULL)
213 Free((char *)ctx->dirs); 221 Free(ctx->dirs);
214 if (ctx->dirs_type != NULL) 222 if (ctx->dirs_type != NULL)
215 Free((char *)ctx->dirs_type); 223 Free(ctx->dirs_type);
216 ctx->dirs=pp; 224 ctx->dirs=pp;
217 ctx->dirs_type=ip; 225 ctx->dirs_type=ip;
218 } 226 }
@@ -318,8 +326,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
318 /* we have added it to the cache so now pull 326 /* we have added it to the cache so now pull
319 * it out again */ 327 * it out again */
320 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); 328 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
321 tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs, 329 tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,&stmp);
322 (char *)&stmp);
323 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); 330 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
324 331
325 if (tmp != NULL) 332 if (tmp != NULL)
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
index 00ee5e8bbc..78e9240a8d 100644
--- a/src/lib/libcrypto/x509/by_file.c
+++ b/src/lib/libcrypto/x509/by_file.c
@@ -59,8 +59,6 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include <errno.h> 61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64 62
65#include "cryptlib.h" 63#include "cryptlib.h"
66#include <openssl/lhash.h> 64#include <openssl/lhash.h>
@@ -94,7 +92,7 @@ X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
94static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, 92static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
95 char **ret) 93 char **ret)
96 { 94 {
97 int ok=0,ok2=0; 95 int ok=0;
98 char *file; 96 char *file;
99 97
100 switch (cmd) 98 switch (cmd)
@@ -102,31 +100,30 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
102 case X509_L_FILE_LOAD: 100 case X509_L_FILE_LOAD:
103 if (argl == X509_FILETYPE_DEFAULT) 101 if (argl == X509_FILETYPE_DEFAULT)
104 { 102 {
105 ok=X509_load_cert_file(ctx,X509_get_default_cert_file(), 103 ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
106 X509_FILETYPE_PEM); 104 X509_FILETYPE_PEM) != 0);
107 ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(), 105 if (!ok)
108 X509_FILETYPE_PEM);
109 if (!ok || !ok2)
110 { 106 {
111 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); 107 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
112 } 108 }
113 else 109 else
114 { 110 {
115 file=(char *)Getenv(X509_get_default_cert_file_env()); 111 file=(char *)Getenv(X509_get_default_cert_file_env());
116 ok=X509_load_cert_file(ctx,file, 112 ok = (X509_load_cert_crl_file(ctx,file,
117 X509_FILETYPE_PEM); 113 X509_FILETYPE_PEM) != 0);
118 ok2=X509_load_crl_file(ctx,file,
119 X509_FILETYPE_PEM);
120 } 114 }
121 } 115 }
122 else 116 else
123 { 117 {
124 ok=X509_load_cert_file(ctx,argp,(int)argl); 118 if(argl == X509_FILETYPE_PEM)
125 ok2=X509_load_crl_file(ctx,argp,(int)argl); 119 ok = (X509_load_cert_crl_file(ctx,argp,
120 X509_FILETYPE_PEM) != 0);
121 else
122 ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
126 } 123 }
127 break; 124 break;
128 } 125 }
129 return((ok && ok2)?ok:0); 126 return(ok);
130 } 127 }
131 128
132int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) 129int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
@@ -149,7 +146,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
149 { 146 {
150 for (;;) 147 for (;;)
151 { 148 {
152 x=PEM_read_bio_X509(in,NULL,NULL,NULL); 149 x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
153 if (x == NULL) 150 if (x == NULL)
154 { 151 {
155 if ((ERR_GET_REASON(ERR_peek_error()) == 152 if ((ERR_GET_REASON(ERR_peek_error()) ==
@@ -263,5 +260,39 @@ err:
263 return(ret); 260 return(ret);
264 } 261 }
265 262
263int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
264{
265 STACK_OF(X509_INFO) *inf;
266 X509_INFO *itmp;
267 BIO *in;
268 int i, count = 0;
269 if(type != X509_FILETYPE_PEM)
270 return X509_load_cert_file(ctx, file, type);
271 in = BIO_new_file(file, "r");
272 if(!in) {
273 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
274 return 0;
275 }
276 inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
277 BIO_free(in);
278 if(!inf) {
279 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
280 return 0;
281 }
282 for(i = 0; i < sk_X509_INFO_num(inf); i++) {
283 itmp = sk_X509_INFO_value(inf, i);
284 if(itmp->x509) {
285 X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
286 count++;
287 } else if(itmp->crl) {
288 X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
289 count++;
290 }
291 }
292 sk_X509_INFO_pop_free(inf, X509_INFO_free);
293 return count;
294}
295
296
266#endif /* NO_STDIO */ 297#endif /* NO_STDIO */
267 298
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 35f9484f8b..d3336d9ceb 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -176,9 +176,8 @@ typedef struct X509_extension_st
176 short critical; 176 short critical;
177 short netscape_hack; 177 short netscape_hack;
178 ASN1_OCTET_STRING *value; 178 ASN1_OCTET_STRING *value;
179 long argl; /* used when decoding */ 179 struct v3_ext_method *method; /* V3 method to use */
180 char *argp; /* used when decoding */ 180 void *ext_val; /* extension value */
181 void (*ex_free)(); /* clear argp stuff */
182 } X509_EXTENSION; 181 } X509_EXTENSION;
183 182
184DECLARE_STACK_OF(X509_EXTENSION) 183DECLARE_STACK_OF(X509_EXTENSION)
@@ -231,6 +230,21 @@ typedef struct x509_cinf_st
231 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ 230 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
232 } X509_CINF; 231 } X509_CINF;
233 232
233/* This stuff is certificate "auxiliary info"
234 * it contains details which are useful in certificate
235 * stores and databases. When used this is tagged onto
236 * the end of the certificate itself
237 */
238
239typedef struct x509_cert_aux_st
240 {
241 STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
242 STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
243 ASN1_UTF8STRING *alias; /* "friendly name" */
244 ASN1_OCTET_STRING *keyid; /* key id of private key */
245 STACK_OF(X509_ALGOR) *other; /* other unspecified info */
246 } X509_CERT_AUX;
247
234typedef struct x509_st 248typedef struct x509_st
235 { 249 {
236 X509_CINF *cert_info; 250 X509_CINF *cert_info;
@@ -239,11 +253,58 @@ typedef struct x509_st
239 int valid; 253 int valid;
240 int references; 254 int references;
241 char *name; 255 char *name;
256 CRYPTO_EX_DATA ex_data;
257 /* These contain copies of various extension values */
258 long ex_pathlen;
259 unsigned long ex_flags;
260 unsigned long ex_kusage;
261 unsigned long ex_xkusage;
262 unsigned long ex_nscert;
263#ifndef NO_SHA
264 unsigned char sha1_hash[SHA_DIGEST_LENGTH];
265#endif
266 X509_CERT_AUX *aux;
242 } X509; 267 } X509;
243 268
244DECLARE_STACK_OF(X509) 269DECLARE_STACK_OF(X509)
245DECLARE_ASN1_SET_OF(X509) 270DECLARE_ASN1_SET_OF(X509)
246 271
272/* This is used for a table of trust checking functions */
273
274typedef struct x509_trust_st {
275 int trust;
276 int flags;
277 int (*check_trust)(struct x509_trust_st *, X509 *, int);
278 char *name;
279 int arg1;
280 void *arg2;
281} X509_TRUST;
282
283DECLARE_STACK_OF(X509_TRUST)
284
285/* standard trust ids */
286
287#define X509_TRUST_ANY 1
288#define X509_TRUST_SSL_CLIENT 2
289#define X509_TRUST_SSL_SERVER 3
290#define X509_TRUST_EMAIL 4
291#define X509_TRUST_OBJECT_SIGN 5
292
293/* Keep these up to date! */
294#define X509_TRUST_MIN 1
295#define X509_TRUST_MAX 5
296
297
298/* trust_flags values */
299#define X509_TRUST_DYNAMIC 1
300#define X509_TRUST_DYNAMIC_NAME 2
301
302/* check_trust return codes */
303
304#define X509_TRUST_TRUSTED 1
305#define X509_TRUST_REJECTED 2
306#define X509_TRUST_UNTRUSTED 3
307
247typedef struct X509_revoked_st 308typedef struct X509_revoked_st
248 { 309 {
249 ASN1_INTEGER *serialNumber; 310 ASN1_INTEGER *serialNumber;
@@ -318,7 +379,7 @@ DECLARE_STACK_OF(X509_INFO)
318 379
319/* The next 2 structures and their 8 routines were sent to me by 380/* The next 2 structures and their 8 routines were sent to me by
320 * Pat Richard <patr@x509.com> and are used to manipulate 381 * Pat Richard <patr@x509.com> and are used to manipulate
321 * Netscapes spki strucutres - usefull if you are writing a CA web page 382 * Netscapes spki structures - useful if you are writing a CA web page
322 */ 383 */
323typedef struct Netscape_spkac_st 384typedef struct Netscape_spkac_st
324 { 385 {
@@ -372,8 +433,10 @@ X509_ALGOR *prf;
372typedef struct pkcs8_priv_key_info_st 433typedef struct pkcs8_priv_key_info_st
373 { 434 {
374 int broken; /* Flag for various broken formats */ 435 int broken; /* Flag for various broken formats */
375#define PKCS8_OK 0 436#define PKCS8_OK 0
376#define PKCS8_NO_OCTET 1 437#define PKCS8_NO_OCTET 1
438#define PKCS8_EMBEDDED_PARAM 2
439#define PKCS8_NS_DB 3
377 ASN1_INTEGER *version; 440 ASN1_INTEGER *version;
378 X509_ALGOR *pkeyalg; 441 X509_ALGOR *pkeyalg;
379 ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ 442 ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
@@ -552,13 +615,20 @@ int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
552int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); 615int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
553int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); 616int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
554 617
618NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
619char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
620EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
621int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
622
623int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
624
555int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); 625int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
556int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); 626int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
557int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); 627int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
558int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); 628int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
559 629
560int X509_digest(X509 *data,EVP_MD *type,unsigned char *md,unsigned int *len); 630int X509_digest(X509 *data,const EVP_MD *type,unsigned char *md,unsigned int *len);
561int X509_NAME_digest(X509_NAME *data,EVP_MD *type, 631int X509_NAME_digest(X509_NAME *data,const EVP_MD *type,
562 unsigned char *md,unsigned int *len); 632 unsigned char *md,unsigned int *len);
563#endif 633#endif
564 634
@@ -574,16 +644,23 @@ RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
574int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); 644int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
575RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa); 645RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
576int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); 646int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
647RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
648int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
577#endif 649#endif
578#ifndef NO_DSA 650#ifndef NO_DSA
651DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
652int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
579DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); 653DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
580int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); 654int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
655#endif
581X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); 656X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
582int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); 657int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
583PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, 658PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
584 PKCS8_PRIV_KEY_INFO **p8inf); 659 PKCS8_PRIV_KEY_INFO **p8inf);
585int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf); 660int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
586#endif 661int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
662int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
663EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
587#endif 664#endif
588 665
589#ifdef HEADER_BIO_H 666#ifdef HEADER_BIO_H
@@ -598,8 +675,12 @@ RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
598int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); 675int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
599RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa); 676RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
600int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); 677int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
678RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
679int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
601#endif 680#endif
602#ifndef NO_DSA 681#ifndef NO_DSA
682DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
683int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
603DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); 684DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
604int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); 685int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
605#endif 686#endif
@@ -608,6 +689,9 @@ int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
608PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, 689PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
609 PKCS8_PRIV_KEY_INFO **p8inf); 690 PKCS8_PRIV_KEY_INFO **p8inf);
610int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf); 691int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
692int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
693int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
694EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
611#endif 695#endif
612 696
613X509 *X509_dup(X509 *x509); 697X509 *X509_dup(X509 *x509);
@@ -635,7 +719,7 @@ const char * X509_get_default_cert_dir_env(void );
635const char * X509_get_default_cert_file_env(void ); 719const char * X509_get_default_cert_file_env(void );
636const char * X509_get_default_private_dir(void ); 720const char * X509_get_default_private_dir(void );
637 721
638X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md); 722X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
639X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); 723X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
640void ERR_load_X509_strings(void ); 724void ERR_load_X509_strings(void );
641 725
@@ -660,7 +744,19 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
660EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); 744EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
661int X509_get_pubkey_parameters(EVP_PKEY *pkey, 745int X509_get_pubkey_parameters(EVP_PKEY *pkey,
662 STACK_OF(X509) *chain); 746 STACK_OF(X509) *chain);
663 747int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
748EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
749 long length);
750#ifndef NO_RSA
751int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
752RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
753 long length);
754#endif
755#ifndef NO_DSA
756int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
757DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
758 long length);
759#endif
664 760
665X509_SIG * X509_SIG_new(void ); 761X509_SIG * X509_SIG_new(void );
666void X509_SIG_free(X509_SIG *a); 762void X509_SIG_free(X509_SIG *a);
@@ -714,6 +810,25 @@ X509 * X509_new(void);
714void X509_free(X509 *a); 810void X509_free(X509 *a);
715int i2d_X509(X509 *a,unsigned char **pp); 811int i2d_X509(X509 *a,unsigned char **pp);
716X509 * d2i_X509(X509 **a,unsigned char **pp,long length); 812X509 * d2i_X509(X509 **a,unsigned char **pp,long length);
813int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
814 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
815int X509_set_ex_data(X509 *r, int idx, void *arg);
816void *X509_get_ex_data(X509 *r, int idx);
817int i2d_X509_AUX(X509 *a,unsigned char **pp);
818X509 * d2i_X509_AUX(X509 **a,unsigned char **pp,long length);
819
820X509_CERT_AUX * X509_CERT_AUX_new(void);
821void X509_CERT_AUX_free(X509_CERT_AUX *a);
822int i2d_X509_CERT_AUX(X509_CERT_AUX *a,unsigned char **pp);
823X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp,
824 long length);
825int X509_alias_set1(X509 *x, unsigned char *name, int len);
826unsigned char * X509_alias_get0(X509 *x, int *len);
827int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
828int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
829int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
830void X509_trust_clear(X509 *x);
831void X509_reject_clear(X509 *x);
717 832
718X509_REVOKED * X509_REVOKED_new(void); 833X509_REVOKED * X509_REVOKED_new(void);
719void X509_REVOKED_free(X509_REVOKED *a); 834void X509_REVOKED_free(X509_REVOKED *a);
@@ -762,7 +877,7 @@ char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
762int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1, 877int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
763 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); 878 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
764 879
765int ASN1_digest(int (*i2d)(),EVP_MD *type,char *data, 880int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data,
766 unsigned char *md,unsigned int *len); 881 unsigned char *md,unsigned int *len);
767 882
768int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, 883int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
@@ -787,6 +902,30 @@ int X509_REQ_set_version(X509_REQ *x,long version);
787int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); 902int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
788int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); 903int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
789EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); 904EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
905int X509_REQ_extension_nid(int nid);
906int * X509_REQ_get_extension_nids(void);
907void X509_REQ_set_extension_nids(int *nids);
908STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
909int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
910 int nid);
911int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
912int X509_REQ_get_attr_count(const X509_REQ *req);
913int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
914 int lastpos);
915int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
916 int lastpos);
917X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
918X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
919int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
920int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
921 ASN1_OBJECT *obj, int type,
922 unsigned char *bytes, int len);
923int X509_REQ_add1_attr_by_NID(X509_REQ *req,
924 int nid, int type,
925 unsigned char *bytes, int len);
926int X509_REQ_add1_attr_by_txt(X509_REQ *req,
927 char *attrname, int type,
928 unsigned char *bytes, int len);
790 929
791int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); 930int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
792 931
@@ -799,6 +938,7 @@ unsigned long X509_issuer_name_hash(X509 *a);
799int X509_subject_name_cmp(X509 *a,X509 *b); 938int X509_subject_name_cmp(X509 *a,X509 *b);
800unsigned long X509_subject_name_hash(X509 *x); 939unsigned long X509_subject_name_hash(X509 *x);
801 940
941int X509_cmp (X509 *a, X509 *b);
802int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); 942int X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
803unsigned long X509_NAME_hash(X509_NAME *x); 943unsigned long X509_NAME_hash(X509_NAME *x);
804 944
@@ -812,6 +952,7 @@ int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
812#ifdef HEADER_BIO_H 952#ifdef HEADER_BIO_H
813int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); 953int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
814int X509_print(BIO *bp,X509 *x); 954int X509_print(BIO *bp,X509 *x);
955int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
815int X509_CRL_print(BIO *bp,X509_CRL *x); 956int X509_CRL_print(BIO *bp,X509_CRL *x);
816int X509_REQ_print(BIO *bp,X509_REQ *req); 957int X509_REQ_print(BIO *bp,X509_REQ *req);
817#endif 958#endif
@@ -823,7 +964,7 @@ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
823 char *buf,int len); 964 char *buf,int len);
824 965
825/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use 966/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
826 * lastpos, seach after that position on. */ 967 * lastpos, search after that position on. */
827int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); 968int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
828int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, 969int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
829 int lastpos); 970 int lastpos);
@@ -831,8 +972,16 @@ X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
831X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); 972X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
832int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, 973int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
833 int loc, int set); 974 int loc, int set);
975int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
976 unsigned char *bytes, int len, int loc, int set);
977int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
978 unsigned char *bytes, int len, int loc, int set);
979X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
980 char *field, int type, unsigned char *bytes, int len);
834X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, 981X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
835 int type,unsigned char *bytes, int len); 982 int type,unsigned char *bytes, int len);
983int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
984 unsigned char *bytes, int len, int loc, int set);
836X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, 985X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
837 ASN1_OBJECT *obj, int type,unsigned char *bytes, 986 ASN1_OBJECT *obj, int type,unsigned char *bytes,
838 int len); 987 int len);
@@ -862,6 +1011,7 @@ int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
862X509_EXTENSION *X509_get_ext(X509 *x, int loc); 1011X509_EXTENSION *X509_get_ext(X509 *x, int loc);
863X509_EXTENSION *X509_delete_ext(X509 *x, int loc); 1012X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
864int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); 1013int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
1014void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
865 1015
866int X509_CRL_get_ext_count(X509_CRL *x); 1016int X509_CRL_get_ext_count(X509_CRL *x);
867int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); 1017int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
@@ -870,6 +1020,7 @@ int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
870X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); 1020X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
871X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); 1021X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
872int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); 1022int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
1023void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
873 1024
874int X509_REVOKED_get_ext_count(X509_REVOKED *x); 1025int X509_REVOKED_get_ext_count(X509_REVOKED *x);
875int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); 1026int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
@@ -878,6 +1029,7 @@ int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
878X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); 1029X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
879X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); 1030X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
880int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); 1031int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
1032void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
881 1033
882X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, 1034X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
883 int nid, int crit, ASN1_OCTET_STRING *data); 1035 int nid, int crit, ASN1_OCTET_STRING *data);
@@ -891,6 +1043,38 @@ ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
891ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); 1043ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
892int X509_EXTENSION_get_critical(X509_EXTENSION *ex); 1044int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
893 1045
1046int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
1047int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
1048 int lastpos);
1049int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
1050 int lastpos);
1051X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
1052X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
1053STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
1054 X509_ATTRIBUTE *attr);
1055STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
1056 ASN1_OBJECT *obj, int type,
1057 unsigned char *bytes, int len);
1058STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
1059 int nid, int type,
1060 unsigned char *bytes, int len);
1061STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
1062 char *attrname, int type,
1063 unsigned char *bytes, int len);
1064X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
1065 int atrtype, void *data, int len);
1066X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
1067 ASN1_OBJECT *obj, int atrtype, void *data, int len);
1068X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
1069 char *atrname, int type, unsigned char *bytes, int len);
1070int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj);
1071int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len);
1072void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
1073 int atrtype, void *data);
1074int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
1075ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
1076ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
1077
894int X509_verify_cert(X509_STORE_CTX *ctx); 1078int X509_verify_cert(X509_STORE_CTX *ctx);
895 1079
896/* lookup a cert from a X509 STACK */ 1080/* lookup a cert from a X509 STACK */
@@ -926,8 +1110,20 @@ void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a);
926 1110
927EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); 1111EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
928PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); 1112PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
1113PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
929PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); 1114PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
930 1115
1116int X509_check_trust(X509 *x, int id, int flags);
1117int X509_TRUST_get_count(void);
1118X509_TRUST * X509_TRUST_get0(int idx);
1119int X509_TRUST_get_by_id(int id);
1120int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
1121 char *name, int arg1, void *arg2);
1122void X509_TRUST_cleanup(void);
1123int X509_TRUST_get_flags(X509_TRUST *xp);
1124char *X509_TRUST_get0_name(X509_TRUST *xp);
1125int X509_TRUST_get_trust(X509_TRUST *xp);
1126
931/* BEGIN ERROR CODES */ 1127/* BEGIN ERROR CODES */
932/* The following lines are auto generated by the script mkerr.pl. Any changes 1128/* The following lines are auto generated by the script mkerr.pl. Any changes
933 * made after this point may be overwritten when the script is next run. 1129 * made after this point may be overwritten when the script is next run.
@@ -940,15 +1136,25 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
940#define X509_F_BY_FILE_CTRL 101 1136#define X509_F_BY_FILE_CTRL 101
941#define X509_F_DIR_CTRL 102 1137#define X509_F_DIR_CTRL 102
942#define X509_F_GET_CERT_BY_SUBJECT 103 1138#define X509_F_GET_CERT_BY_SUBJECT 103
1139#define X509_F_NETSCAPE_SPKI_B64_DECODE 129
1140#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130
943#define X509_F_X509V3_ADD_EXT 104 1141#define X509_F_X509V3_ADD_EXT 104
1142#define X509_F_X509_ADD_ATTR 135
1143#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136
1144#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137
1145#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140
1146#define X509_F_X509_ATTRIBUTE_GET0_DATA 139
1147#define X509_F_X509_ATTRIBUTE_SET1_DATA 138
944#define X509_F_X509_CHECK_PRIVATE_KEY 128 1148#define X509_F_X509_CHECK_PRIVATE_KEY 128
945#define X509_F_X509_EXTENSION_CREATE_BY_NID 108 1149#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
946#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 1150#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
947#define X509_F_X509_GET_PUBKEY_PARAMETERS 110 1151#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
1152#define X509_F_X509_LOAD_CERT_CRL_FILE 132
948#define X509_F_X509_LOAD_CERT_FILE 111 1153#define X509_F_X509_LOAD_CERT_FILE 111
949#define X509_F_X509_LOAD_CRL_FILE 112 1154#define X509_F_X509_LOAD_CRL_FILE 112
950#define X509_F_X509_NAME_ADD_ENTRY 113 1155#define X509_F_X509_NAME_ADD_ENTRY 113
951#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 1156#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
1157#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131
952#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 1158#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
953#define X509_F_X509_NAME_ONELINE 116 1159#define X509_F_X509_NAME_ONELINE 116
954#define X509_F_X509_NAME_PRINT 117 1160#define X509_F_X509_NAME_PRINT 117
@@ -960,15 +1166,19 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
960#define X509_F_X509_REQ_TO_X509 123 1166#define X509_F_X509_REQ_TO_X509 123
961#define X509_F_X509_STORE_ADD_CERT 124 1167#define X509_F_X509_STORE_ADD_CERT 124
962#define X509_F_X509_STORE_ADD_CRL 125 1168#define X509_F_X509_STORE_ADD_CRL 125
1169#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
963#define X509_F_X509_TO_X509_REQ 126 1170#define X509_F_X509_TO_X509_REQ 126
1171#define X509_F_X509_TRUST_ADD 133
964#define X509_F_X509_VERIFY_CERT 127 1172#define X509_F_X509_VERIFY_CERT 127
965 1173
966/* Reason codes. */ 1174/* Reason codes. */
967#define X509_R_BAD_X509_FILETYPE 100 1175#define X509_R_BAD_X509_FILETYPE 100
1176#define X509_R_BASE64_DECODE_ERROR 118
968#define X509_R_CANT_CHECK_DH_KEY 114 1177#define X509_R_CANT_CHECK_DH_KEY 114
969#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 1178#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
970#define X509_R_ERR_ASN1_LIB 102 1179#define X509_R_ERR_ASN1_LIB 102
971#define X509_R_INVALID_DIRECTORY 113 1180#define X509_R_INVALID_DIRECTORY 113
1181#define X509_R_INVALID_FIELD_NAME 119
972#define X509_R_KEY_TYPE_MISMATCH 115 1182#define X509_R_KEY_TYPE_MISMATCH 115
973#define X509_R_KEY_VALUES_MISMATCH 116 1183#define X509_R_KEY_VALUES_MISMATCH 116
974#define X509_R_LOADING_CERT_DIR 103 1184#define X509_R_LOADING_CERT_DIR 103
@@ -979,8 +1189,11 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
979#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 1189#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
980#define X509_R_UNKNOWN_KEY_TYPE 117 1190#define X509_R_UNKNOWN_KEY_TYPE 117
981#define X509_R_UNKNOWN_NID 109 1191#define X509_R_UNKNOWN_NID 109
1192#define X509_R_UNKNOWN_PURPOSE_ID 121
1193#define X509_R_UNKNOWN_TRUST_ID 120
982#define X509_R_UNSUPPORTED_ALGORITHM 111 1194#define X509_R_UNSUPPORTED_ALGORITHM 111
983#define X509_R_WRONG_LOOKUP_TYPE 112 1195#define X509_R_WRONG_LOOKUP_TYPE 112
1196#define X509_R_WRONG_TYPE 122
984 1197
985#ifdef __cplusplus 1198#ifdef __cplusplus
986} 1199}
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
new file mode 100644
index 0000000000..caafde658f
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_att.c
@@ -0,0 +1,326 @@
1/* crypto/x509/x509_att.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
69{
70 if (!x) return 0;
71 return(sk_X509_ATTRIBUTE_num(x));
72}
73
74int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
75 int lastpos)
76{
77 ASN1_OBJECT *obj;
78
79 obj=OBJ_nid2obj(nid);
80 if (obj == NULL) return(-2);
81 return(X509at_get_attr_by_OBJ(x,obj,lastpos));
82}
83
84int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
85 int lastpos)
86{
87 int n;
88 X509_ATTRIBUTE *ex;
89
90 if (sk == NULL) return(-1);
91 lastpos++;
92 if (lastpos < 0)
93 lastpos=0;
94 n=sk_X509_ATTRIBUTE_num(sk);
95 for ( ; lastpos < n; lastpos++)
96 {
97 ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
98 if (OBJ_cmp(ex->object,obj) == 0)
99 return(lastpos);
100 }
101 return(-1);
102}
103
104X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
105{
106 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
107 return NULL;
108 else
109 return sk_X509_ATTRIBUTE_value(x,loc);
110}
111
112X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
113{
114 X509_ATTRIBUTE *ret;
115
116 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
117 return(NULL);
118 ret=sk_X509_ATTRIBUTE_delete(x,loc);
119 return(ret);
120}
121
122STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
123 X509_ATTRIBUTE *attr)
124{
125 X509_ATTRIBUTE *new_attr=NULL;
126 STACK_OF(X509_ATTRIBUTE) *sk=NULL;
127
128 if ((x != NULL) && (*x == NULL))
129 {
130 if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
131 goto err;
132 }
133 else
134 sk= *x;
135
136 if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
137 goto err2;
138 if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
139 goto err;
140 if ((x != NULL) && (*x == NULL))
141 *x=sk;
142 return(sk);
143err:
144 X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE);
145err2:
146 if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
147 if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
148 return(NULL);
149}
150
151STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
152 ASN1_OBJECT *obj, int type,
153 unsigned char *bytes, int len)
154{
155 X509_ATTRIBUTE *attr;
156 STACK_OF(X509_ATTRIBUTE) *ret;
157 attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
158 if(!attr) return 0;
159 ret = X509at_add1_attr(x, attr);
160 X509_ATTRIBUTE_free(attr);
161 return ret;
162}
163
164STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
165 int nid, int type,
166 unsigned char *bytes, int len)
167{
168 X509_ATTRIBUTE *attr;
169 STACK_OF(X509_ATTRIBUTE) *ret;
170 attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
171 if(!attr) return 0;
172 ret = X509at_add1_attr(x, attr);
173 X509_ATTRIBUTE_free(attr);
174 return ret;
175}
176
177STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
178 char *attrname, int type,
179 unsigned char *bytes, int len)
180{
181 X509_ATTRIBUTE *attr;
182 STACK_OF(X509_ATTRIBUTE) *ret;
183 attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
184 if(!attr) return 0;
185 ret = X509at_add1_attr(x, attr);
186 X509_ATTRIBUTE_free(attr);
187 return ret;
188}
189
190X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
191 int atrtype, void *data, int len)
192{
193 ASN1_OBJECT *obj;
194 X509_ATTRIBUTE *ret;
195
196 obj=OBJ_nid2obj(nid);
197 if (obj == NULL)
198 {
199 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
200 return(NULL);
201 }
202 ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
203 if (ret == NULL) ASN1_OBJECT_free(obj);
204 return(ret);
205}
206
207X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
208 ASN1_OBJECT *obj, int atrtype, void *data, int len)
209{
210 X509_ATTRIBUTE *ret;
211
212 if ((attr == NULL) || (*attr == NULL))
213 {
214 if ((ret=X509_ATTRIBUTE_new()) == NULL)
215 {
216 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
217 return(NULL);
218 }
219 }
220 else
221 ret= *attr;
222
223 if (!X509_ATTRIBUTE_set1_object(ret,obj))
224 goto err;
225 if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
226 goto err;
227
228 if ((attr != NULL) && (*attr == NULL)) *attr=ret;
229 return(ret);
230err:
231 if ((attr == NULL) || (ret != *attr))
232 X509_ATTRIBUTE_free(ret);
233 return(NULL);
234}
235
236X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
237 char *atrname, int type, unsigned char *bytes, int len)
238 {
239 ASN1_OBJECT *obj;
240 X509_ATTRIBUTE *nattr;
241
242 obj=OBJ_txt2obj(atrname, 0);
243 if (obj == NULL)
244 {
245 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
246 X509_R_INVALID_FIELD_NAME);
247 ERR_add_error_data(2, "name=", atrname);
248 return(NULL);
249 }
250 nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
251 ASN1_OBJECT_free(obj);
252 return nattr;
253 }
254
255int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj)
256{
257 if ((attr == NULL) || (obj == NULL))
258 return(0);
259 ASN1_OBJECT_free(attr->object);
260 attr->object=OBJ_dup(obj);
261 return(1);
262}
263
264int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len)
265{
266 ASN1_TYPE *ttmp;
267 ASN1_STRING *stmp;
268 int atype;
269 if (!attr) return 0;
270 if(attrtype & MBSTRING_FLAG) {
271 stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
272 OBJ_obj2nid(attr->object));
273 if(!stmp) {
274 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
275 return 0;
276 }
277 atype = stmp->type;
278 } else {
279 if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
280 if(!ASN1_STRING_set(stmp, data, len)) goto err;
281 atype = attrtype;
282 }
283 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
284 if(!(ttmp = ASN1_TYPE_new())) goto err;
285 if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
286 attr->set = 1;
287 ASN1_TYPE_set(ttmp, atype, stmp);
288 return 1;
289 err:
290 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
291 return 0;
292}
293
294int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
295{
296 if(attr->set) return sk_ASN1_TYPE_num(attr->value.set);
297 if(attr->value.single) return 1;
298 return 0;
299}
300
301ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
302{
303 if (attr == NULL) return(NULL);
304 return(attr->object);
305}
306
307void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
308 int atrtype, void *data)
309{
310 ASN1_TYPE *ttmp;
311 ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
312 if(!ttmp) return NULL;
313 if(atrtype != ASN1_TYPE_get(ttmp)){
314 X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
315 return NULL;
316 }
317 return ttmp->value.ptr;
318}
319
320ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
321{
322 if (attr == NULL) return(NULL);
323 if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
324 if(attr->set) return sk_ASN1_TYPE_value(attr->value.set, idx);
325 else return attr->value.single;
326}
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 9a93bae3ff..a8a5ca8b03 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -57,12 +57,11 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
63#include <openssl/asn1.h> 61#include <openssl/asn1.h>
64#include <openssl/objects.h> 62#include <openssl/objects.h>
65#include <openssl/x509.h> 63#include <openssl/x509.h>
64#include <openssl/x509v3.h>
66 65
67int X509_issuer_and_serial_cmp(X509 *a, X509 *b) 66int X509_issuer_and_serial_cmp(X509 *a, X509 *b)
68 { 67 {
@@ -71,7 +70,7 @@ int X509_issuer_and_serial_cmp(X509 *a, X509 *b)
71 70
72 ai=a->cert_info; 71 ai=a->cert_info;
73 bi=b->cert_info; 72 bi=b->cert_info;
74 i=ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber); 73 i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
75 if (i) return(i); 74 if (i) return(i);
76 return(X509_NAME_cmp(ai->issuer,bi->issuer)); 75 return(X509_NAME_cmp(ai->issuer,bi->issuer));
77 } 76 }
@@ -138,6 +137,20 @@ unsigned long X509_subject_name_hash(X509 *x)
138 return(X509_NAME_hash(x->cert_info->subject)); 137 return(X509_NAME_hash(x->cert_info->subject));
139 } 138 }
140 139
140#ifndef NO_SHA
141/* Compare two certificates: they must be identical for
142 * this to work.
143 */
144int X509_cmp(X509 *a, X509 *b)
145{
146 /* ensure hash is valid */
147 X509_check_purpose(a, -1, 0);
148 X509_check_purpose(b, -1, 0);
149
150 return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
151}
152#endif
153
141int X509_NAME_cmp(X509_NAME *a, X509_NAME *b) 154int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
142 { 155 {
143 int i,j; 156 int i,j;
@@ -175,7 +188,7 @@ int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
175 188
176#ifndef NO_MD5 189#ifndef NO_MD5
177/* I now DER encode the name and hash it. Since I cache the DER encoding, 190/* I now DER encode the name and hash it. Since I cache the DER encoding,
178 * this is reasonably effiecent. */ 191 * this is reasonably efficient. */
179unsigned long X509_NAME_hash(X509_NAME *x) 192unsigned long X509_NAME_hash(X509_NAME *x)
180 { 193 {
181 unsigned long ret=0; 194 unsigned long ret=0;
@@ -209,6 +222,8 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
209 X509_CINF cinf; 222 X509_CINF cinf;
210 X509 x,*x509=NULL; 223 X509 x,*x509=NULL;
211 224
225 if(!sk) return NULL;
226
212 x.cert_info= &cinf; 227 x.cert_info= &cinf;
213 cinf.serialNumber=serial; 228 cinf.serialNumber=serial;
214 cinf.issuer=name; 229 cinf.issuer=name;
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
index 3e7ec5b432..753d53eb43 100644
--- a/src/lib/libcrypto/x509/x509_d2.c
+++ b/src/lib/libcrypto/x509/x509_d2.c
@@ -57,8 +57,6 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
63#include <openssl/crypto.h> 61#include <openssl/crypto.h>
64#include <openssl/x509.h> 62#include <openssl/x509.h>
@@ -91,13 +89,15 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
91 { 89 {
92 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); 90 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
93 if (lookup == NULL) return(0); 91 if (lookup == NULL) return(0);
94 X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM); 92 if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
93 return(0);
95 } 94 }
96 if (path != NULL) 95 if (path != NULL)
97 { 96 {
98 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); 97 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
99 if (lookup == NULL) return(0); 98 if (lookup == NULL) return(0);
100 X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM); 99 if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
100 return(0);
101 } 101 }
102 if ((path == NULL) && (file == NULL)) 102 if ((path == NULL) && (file == NULL))
103 return(0); 103 return(0);
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
index c4bee71569..e0ac151a76 100644
--- a/src/lib/libcrypto/x509/x509_def.c
+++ b/src/lib/libcrypto/x509/x509_def.c
@@ -57,8 +57,6 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
63#include <openssl/crypto.h> 61#include <openssl/crypto.h>
64#include <openssl/x509.h> 62#include <openssl/x509.h>
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
index 9afd4ccde5..fdedbdac34 100644
--- a/src/lib/libcrypto/x509/x509_err.c
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -69,15 +69,25 @@ static ERR_STRING_DATA X509_str_functs[]=
69{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"}, 69{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"},
70{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"}, 70{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"},
71{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"}, 71{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"},
72{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"},
73{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"},
72{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"}, 74{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"},
75{ERR_PACK(0,X509_F_X509_ADD_ATTR,0), "X509_ADD_ATTR"},
76{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"},
77{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"},
78{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0), "X509_ATTRIBUTE_create_by_txt"},
79{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"},
80{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"},
73{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"}, 81{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"},
74{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"}, 82{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
75{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"}, 83{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
76{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"}, 84{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
85{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"},
77{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"}, 86{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"},
78{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"}, 87{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"},
79{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"}, 88{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"},
80{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"}, 89{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"},
90{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0), "X509_NAME_ENTRY_create_by_txt"},
81{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"}, 91{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"},
82{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"}, 92{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"},
83{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"}, 93{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"},
@@ -89,7 +99,9 @@ static ERR_STRING_DATA X509_str_functs[]=
89{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, 99{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
90{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"}, 100{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"},
91{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"}, 101{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"},
102{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"},
92{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"}, 103{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
104{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"},
93{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"}, 105{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
94{0,NULL} 106{0,NULL}
95 }; 107 };
@@ -97,10 +109,12 @@ static ERR_STRING_DATA X509_str_functs[]=
97static ERR_STRING_DATA X509_str_reasons[]= 109static ERR_STRING_DATA X509_str_reasons[]=
98 { 110 {
99{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"}, 111{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
112{X509_R_BASE64_DECODE_ERROR ,"base64 decode error"},
100{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"}, 113{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"},
101{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"}, 114{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
102{X509_R_ERR_ASN1_LIB ,"err asn1 lib"}, 115{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
103{X509_R_INVALID_DIRECTORY ,"invalid directory"}, 116{X509_R_INVALID_DIRECTORY ,"invalid directory"},
117{X509_R_INVALID_FIELD_NAME ,"invalid field name"},
104{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"}, 118{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"},
105{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"}, 119{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"},
106{X509_R_LOADING_CERT_DIR ,"loading cert dir"}, 120{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
@@ -111,8 +125,11 @@ static ERR_STRING_DATA X509_str_reasons[]=
111{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"}, 125{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
112{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"}, 126{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"},
113{X509_R_UNKNOWN_NID ,"unknown nid"}, 127{X509_R_UNKNOWN_NID ,"unknown nid"},
128{X509_R_UNKNOWN_PURPOSE_ID ,"unknown purpose id"},
129{X509_R_UNKNOWN_TRUST_ID ,"unknown trust id"},
114{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"}, 130{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},
115{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"}, 131{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"},
132{X509_R_WRONG_TYPE ,"wrong type"},
116{0,NULL} 133{0,NULL}
117 }; 134 };
118 135
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
index f8565a60b2..2955989807 100644
--- a/src/lib/libcrypto/x509/x509_ext.c
+++ b/src/lib/libcrypto/x509/x509_ext.c
@@ -63,6 +63,8 @@
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include <openssl/evp.h> 64#include <openssl/evp.h>
65#include <openssl/x509.h> 65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
66 68
67int X509_CRL_get_ext_count(X509_CRL *x) 69int X509_CRL_get_ext_count(X509_CRL *x)
68 { 70 {
@@ -94,6 +96,11 @@ X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
94 return(X509v3_delete_ext(x->crl->extensions,loc)); 96 return(X509v3_delete_ext(x->crl->extensions,loc));
95 } 97 }
96 98
99void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
100{
101 return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
102}
103
97int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) 104int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
98 { 105 {
99 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); 106 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
@@ -134,6 +141,11 @@ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
134 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); 141 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
135 } 142 }
136 143
144void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
145{
146 return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
147}
148
137int X509_REVOKED_get_ext_count(X509_REVOKED *x) 149int X509_REVOKED_get_ext_count(X509_REVOKED *x)
138 { 150 {
139 return(X509v3_get_ext_count(x->extensions)); 151 return(X509v3_get_ext_count(x->extensions));
@@ -170,5 +182,10 @@ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
170 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); 182 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
171 } 183 }
172 184
185void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
186{
187 return X509V3_get_d2i(x->extensions, nid, crit, idx);
188}
189
173IMPLEMENT_STACK_OF(X509_EXTENSION) 190IMPLEMENT_STACK_OF(X509_EXTENSION)
174IMPLEMENT_ASN1_SET_OF(X509_EXTENSION) 191IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index 18bfecb11e..a20006d67e 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -61,8 +61,8 @@
61#include <openssl/lhash.h> 61#include <openssl/lhash.h>
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63 63
64static STACK *x509_store_meth=NULL; 64static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL;
65static STACK *x509_store_ctx_meth=NULL; 65static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_meth=NULL;
66 66
67X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) 67X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
68 { 68 {
@@ -244,7 +244,7 @@ void X509_STORE_free(X509_STORE *vfy)
244 } 244 }
245 sk_X509_LOOKUP_free(sk); 245 sk_X509_LOOKUP_free(sk);
246 246
247 CRYPTO_free_ex_data(x509_store_meth,(char *)vfy,&vfy->ex_data); 247 CRYPTO_free_ex_data(x509_store_meth,vfy,&vfy->ex_data);
248 lh_doall(vfy->certs,cleanup); 248 lh_doall(vfy->certs,cleanup);
249 lh_free(vfy->certs); 249 lh_free(vfy->certs);
250 Free(vfy); 250 Free(vfy);
@@ -377,10 +377,24 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h, int type,
377 abort(); 377 abort();
378 } 378 }
379 379
380 tmp=(X509_OBJECT *)lh_retrieve(h,(char *)&stmp); 380 tmp=(X509_OBJECT *)lh_retrieve(h,&stmp);
381 return(tmp); 381 return(tmp);
382 } 382 }
383 383
384X509_STORE_CTX *X509_STORE_CTX_new(void)
385{
386 X509_STORE_CTX *ctx;
387 ctx = (X509_STORE_CTX *)Malloc(sizeof(X509_STORE_CTX));
388 if(ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
389 return ctx;
390}
391
392void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
393{
394 X509_STORE_CTX_cleanup(ctx);
395 Free(ctx);
396}
397
384void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, 398void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
385 STACK_OF(X509) *chain) 399 STACK_OF(X509) *chain)
386 { 400 {
@@ -389,6 +403,8 @@ void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
389 ctx->cert=x509; 403 ctx->cert=x509;
390 ctx->untrusted=chain; 404 ctx->untrusted=chain;
391 ctx->last_untrusted=0; 405 ctx->last_untrusted=0;
406 ctx->purpose=0;
407 ctx->trust=0;
392 ctx->valid=0; 408 ctx->valid=0;
393 ctx->chain=NULL; 409 ctx->chain=NULL;
394 ctx->depth=9; 410 ctx->depth=9;
@@ -404,7 +420,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
404 sk_X509_pop_free(ctx->chain,X509_free); 420 sk_X509_pop_free(ctx->chain,X509_free);
405 ctx->chain=NULL; 421 ctx->chain=NULL;
406 } 422 }
407 CRYPTO_free_ex_data(x509_store_ctx_meth,(char *)ctx,&(ctx->ex_data)); 423 CRYPTO_free_ex_data(x509_store_ctx_meth,ctx,&(ctx->ex_data));
408 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); 424 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
409 } 425 }
410 426
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
index bb4697ae60..db051033d9 100644
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ b/src/lib/libcrypto/x509/x509_r2x.c
@@ -82,7 +82,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
82 82
83 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) 83 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
84 { 84 {
85 if ((xi->version=ASN1_INTEGER_new()) == NULL) goto err; 85 if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
86 if (!ASN1_INTEGER_set(xi->version,2)) goto err; 86 if (!ASN1_INTEGER_set(xi->version,2)) goto err;
87/* xi->extensions=ri->attributes; <- bad, should not ever be done 87/* xi->extensions=ri->attributes; <- bad, should not ever be done
88 ri->attributes=NULL; */ 88 ri->attributes=NULL; */
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 2ef94decd1..baef8790eb 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -66,7 +66,7 @@
66#include <openssl/buffer.h> 66#include <openssl/buffer.h>
67#include <openssl/pem.h> 67#include <openssl/pem.h>
68 68
69X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md) 69X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
70 { 70 {
71 X509_REQ *ret; 71 X509_REQ *ret;
72 X509_REQ_INFO *ri; 72 X509_REQ_INFO *ri;
@@ -113,3 +113,166 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
113 return(X509_PUBKEY_get(req->req_info->pubkey)); 113 return(X509_PUBKEY_get(req->req_info->pubkey));
114 } 114 }
115 115
116/* It seems several organisations had the same idea of including a list of
117 * extensions in a certificate request. There are at least two OIDs that are
118 * used and there may be more: so the list is configurable.
119 */
120
121static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};
122
123static int *ext_nids = ext_nid_list;
124
125int X509_REQ_extension_nid(int req_nid)
126{
127 int i, nid;
128 for(i = 0; ; i++) {
129 nid = ext_nids[i];
130 if(nid == NID_undef) return 0;
131 else if (req_nid == nid) return 1;
132 }
133}
134
135int *X509_REQ_get_extension_nids(void)
136{
137 return ext_nids;
138}
139
140void X509_REQ_set_extension_nids(int *nids)
141{
142 ext_nids = nids;
143}
144
145STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
146{
147 X509_ATTRIBUTE *attr;
148 STACK_OF(X509_ATTRIBUTE) *sk;
149 ASN1_TYPE *ext = NULL;
150 int i;
151 unsigned char *p;
152 if ((req == NULL) || (req->req_info == NULL))
153 return(NULL);
154 sk=req->req_info->attributes;
155 if (!sk) return NULL;
156 for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
157 attr = sk_X509_ATTRIBUTE_value(sk, i);
158 if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {
159 if(attr->set && sk_ASN1_TYPE_num(attr->value.set))
160 ext = sk_ASN1_TYPE_value(attr->value.set, 0);
161 else ext = attr->value.single;
162 break;
163 }
164 }
165 if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL;
166 p = ext->value.sequence->data;
167 return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
168 ext->value.sequence->length,
169 d2i_X509_EXTENSION, X509_EXTENSION_free,
170 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
171}
172
173/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
174 * in case we want to create a non standard one.
175 */
176
177int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
178 int nid)
179{
180 unsigned char *p = NULL, *q;
181 long len;
182 ASN1_TYPE *at = NULL;
183 X509_ATTRIBUTE *attr = NULL;
184 if(!(at = ASN1_TYPE_new()) ||
185 !(at->value.sequence = ASN1_STRING_new())) goto err;
186
187 at->type = V_ASN1_SEQUENCE;
188 /* Generate encoding of extensions */
189 len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
190 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
191 if(!(p = Malloc(len))) goto err;
192 q = p;
193 i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
194 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
195 at->value.sequence->data = p;
196 p = NULL;
197 at->value.sequence->length = len;
198 if(!(attr = X509_ATTRIBUTE_new())) goto err;
199 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
200 if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
201 at = NULL;
202 attr->set = 1;
203 attr->object = OBJ_nid2obj(nid);
204 if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
205 return 1;
206 err:
207 if(p) Free(p);
208 X509_ATTRIBUTE_free(attr);
209 ASN1_TYPE_free(at);
210 return 0;
211}
212/* This is the normal usage: use the "official" OID */
213int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
214{
215 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
216}
217
218/* Request attribute functions */
219
220int X509_REQ_get_attr_count(const X509_REQ *req)
221{
222 return X509at_get_attr_count(req->req_info->attributes);
223}
224
225int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
226 int lastpos)
227{
228 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
229}
230
231int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
232 int lastpos)
233{
234 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
235}
236
237X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
238{
239 return X509at_get_attr(req->req_info->attributes, loc);
240}
241
242X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
243{
244 return X509at_delete_attr(req->req_info->attributes, loc);
245}
246
247int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
248{
249 if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
250 return 0;
251}
252
253int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
254 ASN1_OBJECT *obj, int type,
255 unsigned char *bytes, int len)
256{
257 if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
258 type, bytes, len)) return 1;
259 return 0;
260}
261
262int X509_REQ_add1_attr_by_NID(X509_REQ *req,
263 int nid, int type,
264 unsigned char *bytes, int len)
265{
266 if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
267 type, bytes, len)) return 1;
268 return 0;
269}
270
271int X509_REQ_add1_attr_by_txt(X509_REQ *req,
272 char *attrname, int type,
273 unsigned char *bytes, int len)
274{
275 if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
276 type, bytes, len)) return 1;
277 return 0;
278}
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
index 5a6f7b414f..add842d17a 100644
--- a/src/lib/libcrypto/x509/x509_set.c
+++ b/src/lib/libcrypto/x509/x509_set.c
@@ -68,7 +68,7 @@ int X509_set_version(X509 *x, long version)
68 if (x == NULL) return(0); 68 if (x == NULL) return(0);
69 if (x->cert_info->version == NULL) 69 if (x->cert_info->version == NULL)
70 { 70 {
71 if ((x->cert_info->version=ASN1_INTEGER_new()) == NULL) 71 if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
72 return(0); 72 return(0);
73 } 73 }
74 return(ASN1_INTEGER_set(x->cert_info->version,version)); 74 return(ASN1_INTEGER_set(x->cert_info->version,version));
@@ -82,10 +82,10 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
82 in=x->cert_info->serialNumber; 82 in=x->cert_info->serialNumber;
83 if (in != serial) 83 if (in != serial)
84 { 84 {
85 in=ASN1_INTEGER_dup(serial); 85 in=M_ASN1_INTEGER_dup(serial);
86 if (in != NULL) 86 if (in != NULL)
87 { 87 {
88 ASN1_INTEGER_free(x->cert_info->serialNumber); 88 M_ASN1_INTEGER_free(x->cert_info->serialNumber);
89 x->cert_info->serialNumber=in; 89 x->cert_info->serialNumber=in;
90 } 90 }
91 } 91 }
@@ -112,10 +112,10 @@ int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm)
112 in=x->cert_info->validity->notBefore; 112 in=x->cert_info->validity->notBefore;
113 if (in != tm) 113 if (in != tm)
114 { 114 {
115 in=ASN1_UTCTIME_dup(tm); 115 in=M_ASN1_UTCTIME_dup(tm);
116 if (in != NULL) 116 if (in != NULL)
117 { 117 {
118 ASN1_UTCTIME_free(x->cert_info->validity->notBefore); 118 M_ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
119 x->cert_info->validity->notBefore=in; 119 x->cert_info->validity->notBefore=in;
120 } 120 }
121 } 121 }
@@ -130,10 +130,10 @@ int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm)
130 in=x->cert_info->validity->notAfter; 130 in=x->cert_info->validity->notAfter;
131 if (in != tm) 131 if (in != tm)
132 { 132 {
133 in=ASN1_UTCTIME_dup(tm); 133 in=M_ASN1_UTCTIME_dup(tm);
134 if (in != NULL) 134 if (in != NULL)
135 { 135 {
136 ASN1_UTCTIME_free(x->cert_info->validity->notAfter); 136 M_ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
137 x->cert_info->validity->notAfter=in; 137 x->cert_info->validity->notAfter=in;
138 } 138 }
139 } 139 }
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
new file mode 100644
index 0000000000..9f7d67952d
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -0,0 +1,263 @@
1/* x509_trs.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63
64static int tr_cmp(X509_TRUST **a, X509_TRUST **b);
65static void trtable_free(X509_TRUST *p);
66
67static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
68static int trust_any(X509_TRUST *trust, X509 *x, int flags);
69
70static int obj_trust(int id, X509 *x, int flags);
71static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
72
73/* WARNING: the following table should be kept in order of trust
74 * and without any gaps so we can just subtract the minimum trust
75 * value to get an index into the table
76 */
77
78static X509_TRUST trstandard[] = {
79{X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL},
80{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
81{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL},
82{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
83};
84
85#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
86
87IMPLEMENT_STACK_OF(X509_TRUST)
88
89static STACK_OF(X509_TRUST) *trtable = NULL;
90
91static int tr_cmp(X509_TRUST **a, X509_TRUST **b)
92{
93 return (*a)->trust - (*b)->trust;
94}
95
96int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
97{
98int (*oldtrust)(int , X509 *, int);
99oldtrust = default_trust;
100default_trust = trust;
101return oldtrust;
102}
103
104
105int X509_check_trust(X509 *x, int id, int flags)
106{
107 X509_TRUST *pt;
108 int idx;
109 if(id == -1) return 1;
110 if(!(idx = X509_TRUST_get_by_id(id)))
111 return default_trust(id, x, flags);
112 pt = X509_TRUST_get0(idx);
113 return pt->check_trust(pt, x, flags);
114}
115
116int X509_TRUST_get_count(void)
117{
118 if(!trtable) return X509_TRUST_COUNT;
119 return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
120}
121
122X509_TRUST * X509_TRUST_get0(int idx)
123{
124 if(idx < 0) return NULL;
125 if(idx < X509_TRUST_COUNT) return trstandard + idx;
126 return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
127}
128
129int X509_TRUST_get_by_id(int id)
130{
131 X509_TRUST tmp;
132 int idx;
133 if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
134 return id - X509_TRUST_MIN;
135 tmp.trust = id;
136 if(!trtable) return -1;
137 idx = sk_X509_TRUST_find(trtable, &tmp);
138 if(idx == -1) return -1;
139 return idx + X509_TRUST_COUNT;
140}
141
142int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
143 char *name, int arg1, void *arg2)
144{
145 int idx;
146 X509_TRUST *trtmp;
147 /* This is set according to what we change: application can't set it */
148 flags &= ~X509_TRUST_DYNAMIC;
149 /* This will always be set for application modified trust entries */
150 flags |= X509_TRUST_DYNAMIC_NAME;
151 /* Get existing entry if any */
152 idx = X509_TRUST_get_by_id(id);
153 /* Need a new entry */
154 if(idx == -1) {
155 if(!(trtmp = Malloc(sizeof(X509_TRUST)))) {
156 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
157 return 0;
158 }
159 trtmp->flags = X509_TRUST_DYNAMIC;
160 } else trtmp = X509_TRUST_get0(idx);
161
162 /* Free existing name if dynamic */
163 if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name);
164 /* dup supplied name */
165 if(!(trtmp->name = BUF_strdup(name))) {
166 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
167 return 0;
168 }
169 /* Keep the dynamic flag of existing entry */
170 trtmp->flags &= X509_TRUST_DYNAMIC;
171 /* Set all other flags */
172 trtmp->flags |= flags;
173
174 trtmp->trust = id;
175 trtmp->check_trust = ck;
176 trtmp->arg1 = arg1;
177 trtmp->arg2 = arg2;
178
179 /* If its a new entry manage the dynamic table */
180 if(idx == -1) {
181 if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
182 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
183 return 0;
184 }
185 if (!sk_X509_TRUST_push(trtable, trtmp)) {
186 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
187 return 0;
188 }
189 }
190 return 1;
191}
192
193static void trtable_free(X509_TRUST *p)
194 {
195 if(!p) return;
196 if (p->flags & X509_TRUST_DYNAMIC)
197 {
198 if (p->flags & X509_TRUST_DYNAMIC_NAME)
199 Free(p->name);
200 Free(p);
201 }
202 }
203
204void X509_TRUST_cleanup(void)
205{
206 int i;
207 for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
208 sk_X509_TRUST_pop_free(trtable, trtable_free);
209 trtable = NULL;
210}
211
212int X509_TRUST_get_flags(X509_TRUST *xp)
213{
214 return xp->flags;
215}
216
217char *X509_TRUST_get0_name(X509_TRUST *xp)
218{
219 return xp->name;
220}
221
222int X509_TRUST_get_trust(X509_TRUST *xp)
223{
224 return xp->trust;
225}
226
227static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
228{
229 if(x->aux) return obj_trust(trust->arg1, x, flags);
230 /* we don't have any trust settings: for compatibility
231 * we return trusted if it is self signed
232 */
233 X509_check_purpose(x, -1, 0);
234 if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
235 else return X509_TRUST_UNTRUSTED;
236}
237
238static int obj_trust(int id, X509 *x, int flags)
239{
240 ASN1_OBJECT *obj;
241 int i;
242 X509_CERT_AUX *ax;
243 ax = x->aux;
244 if(!ax) return X509_TRUST_UNTRUSTED;
245 if(ax->reject) {
246 for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
247 obj = sk_ASN1_OBJECT_value(ax->reject, i);
248 if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
249 }
250 }
251 if(ax->trust) {
252 for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
253 obj = sk_ASN1_OBJECT_value(ax->trust, i);
254 if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
255 }
256 }
257 return X509_TRUST_UNTRUSTED;
258}
259
260static int trust_any(X509_TRUST *trust, X509 *x, int flags)
261{
262 return X509_TRUST_TRUSTED;
263}
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
index 11a3d2012f..209cf53191 100644
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ b/src/lib/libcrypto/x509/x509_txt.c
@@ -59,7 +59,6 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include <errno.h> 61#include <errno.h>
62#include <sys/types.h>
63 62
64#include "cryptlib.h" 63#include "cryptlib.h"
65#include <openssl/lhash.h> 64#include <openssl/lhash.h>
@@ -121,6 +120,16 @@ const char *X509_verify_cert_error_string(long n)
121 return("certificate chain too long"); 120 return("certificate chain too long");
122 case X509_V_ERR_CERT_REVOKED: 121 case X509_V_ERR_CERT_REVOKED:
123 return("certificate revoked"); 122 return("certificate revoked");
123 case X509_V_ERR_INVALID_CA:
124 return ("invalid CA certificate");
125 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
126 return ("path length constraint exceeded");
127 case X509_V_ERR_INVALID_PURPOSE:
128 return ("unsupported certificate purpose");
129 case X509_V_ERR_CERT_UNTRUSTED:
130 return ("certificate not trusted");
131 case X509_V_ERR_CERT_REJECTED:
132 return ("certificate rejected");
124 case X509_V_ERR_APPLICATION_VERIFICATION: 133 case X509_V_ERR_APPLICATION_VERIFICATION:
125 return("application verification failure"); 134 return("application verification failure");
126 default: 135 default:
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
index dd2f9f1b17..52887986fe 100644
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -63,6 +63,7 @@
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include <openssl/evp.h> 64#include <openssl/evp.h>
65#include <openssl/x509.h> 65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
66 67
67int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) 68int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
68 { 69 {
@@ -242,7 +243,7 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
242 int i; 243 int i;
243 244
244 if (ex == NULL) return(0); 245 if (ex == NULL) return(0);
245 i=ASN1_OCTET_STRING_set(ex->value,data->data,data->length); 246 i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
246 if (!i) return(0); 247 if (!i) return(0);
247 return(1); 248 return(1);
248 } 249 }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index c72ee4a385..4fdff54124 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -59,23 +59,24 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include <errno.h> 61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64 62
65#include <openssl/crypto.h>
66#include "cryptlib.h" 63#include "cryptlib.h"
64#include <openssl/crypto.h>
67#include <openssl/lhash.h> 65#include <openssl/lhash.h>
68#include <openssl/buffer.h> 66#include <openssl/buffer.h>
69#include <openssl/evp.h> 67#include <openssl/evp.h>
70#include <openssl/asn1.h> 68#include <openssl/asn1.h>
71#include <openssl/x509.h> 69#include <openssl/x509.h>
70#include <openssl/x509v3.h>
72#include <openssl/objects.h> 71#include <openssl/objects.h>
73 72
74static int null_callback(int ok,X509_STORE_CTX *e); 73static int null_callback(int ok,X509_STORE_CTX *e);
74static int check_chain_purpose(X509_STORE_CTX *ctx);
75static int check_trust(X509_STORE_CTX *ctx);
75static int internal_verify(X509_STORE_CTX *ctx); 76static int internal_verify(X509_STORE_CTX *ctx);
76const char *X509_version="X.509" OPENSSL_VERSION_PTEXT; 77const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
77 78
78static STACK *x509_store_ctx_method=NULL; 79static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
79static int x509_store_ctx_num=0; 80static int x509_store_ctx_num=0;
80#if 0 81#if 0
81static int x509_store_num=1; 82static int x509_store_num=1;
@@ -127,7 +128,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
127 ctx->last_untrusted=1; 128 ctx->last_untrusted=1;
128 } 129 }
129 130
130 /* We use a temporary so we can chop and hack at it */ 131 /* We use a temporary STACK so we can chop and hack at it */
131 if (ctx->untrusted != NULL 132 if (ctx->untrusted != NULL
132 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL) 133 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
133 { 134 {
@@ -184,17 +185,37 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
184 185
185 i=sk_X509_num(ctx->chain); 186 i=sk_X509_num(ctx->chain);
186 x=sk_X509_value(ctx->chain,i-1); 187 x=sk_X509_value(ctx->chain,i-1);
187 if (X509_NAME_cmp(X509_get_subject_name(x),X509_get_issuer_name(x)) 188 xn = X509_get_subject_name(x);
189 if (X509_NAME_cmp(xn,X509_get_issuer_name(x))
188 == 0) 190 == 0)
189 { 191 {
190 /* we have a self signed certificate */ 192 /* we have a self signed certificate */
191 if (sk_X509_num(ctx->chain) == 1) 193 if (sk_X509_num(ctx->chain) == 1)
192 { 194 {
193 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; 195 /* We have a single self signed certificate: see if
194 ctx->current_cert=x; 196 * we can find it in the store. We must have an exact
195 ctx->error_depth=i-1; 197 * match to avoid possible impersonation.
196 ok=cb(0,ctx); 198 */
197 if (!ok) goto end; 199 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
200 if ((ok != X509_LU_X509) || X509_cmp(x, obj.data.x509))
201 {
202 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
203 ctx->current_cert=x;
204 ctx->error_depth=i-1;
205 if(ok == X509_LU_X509) X509_OBJECT_free_contents(&obj);
206 ok=cb(0,ctx);
207 if (!ok) goto end;
208 }
209 else
210 {
211 /* We have a match: replace certificate with store version
212 * so we get any trust settings.
213 */
214 X509_free(x);
215 x = obj.data.x509;
216 sk_X509_set(ctx->chain, i - 1, x);
217 ctx->last_untrusted=0;
218 }
198 } 219 }
199 else 220 else
200 { 221 {
@@ -272,6 +293,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
272 if (!ok) goto end; 293 if (!ok) goto end;
273 } 294 }
274 295
296 /* We have the chain complete: now we need to check its purpose */
297 if(ctx->purpose > 0) ok = check_chain_purpose(ctx);
298
299 if(!ok) goto end;
300
301 /* The chain extensions are OK: check trust */
302
303 if(ctx->trust > 0) ok = check_trust(ctx);
304
305 if(!ok) goto end;
306
275 /* We may as well copy down any DSA parameters that are required */ 307 /* We may as well copy down any DSA parameters that are required */
276 X509_get_pubkey_parameters(NULL,ctx->chain); 308 X509_get_pubkey_parameters(NULL,ctx->chain);
277 309
@@ -290,6 +322,71 @@ end:
290 return(ok); 322 return(ok);
291 } 323 }
292 324
325/* Check a certificate chains extensions for consistency
326 * with the supplied purpose
327 */
328
329static int check_chain_purpose(X509_STORE_CTX *ctx)
330{
331#ifdef NO_CHAIN_VERIFY
332 return 1;
333#else
334 int i, ok=0;
335 X509 *x;
336 int (*cb)();
337 cb=ctx->ctx->verify_cb;
338 if (cb == NULL) cb=null_callback;
339 /* Check all untrusted certificates */
340 for(i = 0; i < ctx->last_untrusted; i++) {
341 x = sk_X509_value(ctx->chain, i);
342 if(!X509_check_purpose(x, ctx->purpose, i)) {
343 if(i) ctx->error = X509_V_ERR_INVALID_CA;
344 else ctx->error = X509_V_ERR_INVALID_PURPOSE;
345 ctx->error_depth = i;
346 ctx->current_cert = x;
347 ok=cb(0,ctx);
348 if(!ok) goto end;
349 }
350 /* Check pathlen */
351 if((i > 1) && (x->ex_pathlen != -1)
352 && (i > (x->ex_pathlen + 1))) {
353 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
354 ctx->error_depth = i;
355 ctx->current_cert = x;
356 ok=cb(0,ctx);
357 if(!ok) goto end;
358 }
359 }
360 ok = 1;
361 end:
362 return(ok);
363#endif
364}
365
366static int check_trust(X509_STORE_CTX *ctx)
367{
368#ifdef NO_CHAIN_VERIFY
369 return 1;
370#else
371 int i, ok;
372 X509 *x;
373 int (*cb)();
374 cb=ctx->ctx->verify_cb;
375 if (cb == NULL) cb=null_callback;
376/* For now just check the last certificate in the chain */
377 i = sk_X509_num(ctx->chain) - 1;
378 x = sk_X509_value(ctx->chain, i);
379 ok = X509_check_trust(x, ctx->trust, 0);
380 if(ok == X509_TRUST_TRUSTED) return 1;
381 ctx->error_depth = sk_X509_num(ctx->chain) - 1;
382 ctx->current_cert = x;
383 if(ok == X509_TRUST_REJECTED) ctx->error = X509_V_ERR_CERT_REJECTED;
384 else ctx->error = X509_V_ERR_CERT_UNTRUSTED;
385 ok = cb(0, ctx);
386 return(ok);
387#endif
388}
389
293static int internal_verify(X509_STORE_CTX *ctx) 390static int internal_verify(X509_STORE_CTX *ctx)
294 { 391 {
295 int i,ok=0,n; 392 int i,ok=0,n;
@@ -439,7 +536,7 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
439 atm.length=sizeof(buff2); 536 atm.length=sizeof(buff2);
440 atm.data=(unsigned char *)buff2; 537 atm.data=(unsigned char *)buff2;
441 538
442 X509_gmtime_adj(&atm,-offset); 539 X509_gmtime_adj(&atm,-offset*60);
443 540
444 i=(buff1[0]-'0')*10+(buff1[1]-'0'); 541 i=(buff1[0]-'0')*10+(buff1[1]-'0');
445 if (i < 50) i+=100; /* cf. RFC 2459 */ 542 if (i < 50) i+=100; /* cf. RFC 2459 */
@@ -525,13 +622,13 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
525 622
526 X509_OBJECT_up_ref_count(obj); 623 X509_OBJECT_up_ref_count(obj);
527 624
528 r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj); 625 r=(X509_OBJECT *)lh_insert(ctx->certs,obj);
529 if (r != NULL) 626 if (r != NULL)
530 { /* oops, put it back */ 627 { /* oops, put it back */
531 lh_delete(ctx->certs,(char *)obj); 628 lh_delete(ctx->certs,obj);
532 X509_OBJECT_free_contents(obj); 629 X509_OBJECT_free_contents(obj);
533 Free(obj); 630 Free(obj);
534 lh_insert(ctx->certs,(char *)r); 631 lh_insert(ctx->certs,r);
535 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); 632 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
536 ret=0; 633 ret=0;
537 } 634 }
@@ -560,13 +657,13 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
560 657
561 X509_OBJECT_up_ref_count(obj); 658 X509_OBJECT_up_ref_count(obj);
562 659
563 r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj); 660 r=(X509_OBJECT *)lh_insert(ctx->certs,obj);
564 if (r != NULL) 661 if (r != NULL)
565 { /* oops, put it back */ 662 { /* oops, put it back */
566 lh_delete(ctx->certs,(char *)obj); 663 lh_delete(ctx->certs,obj);
567 X509_OBJECT_free_contents(obj); 664 X509_OBJECT_free_contents(obj);
568 Free(obj); 665 Free(obj);
569 lh_insert(ctx->certs,(char *)r); 666 lh_insert(ctx->certs,r);
570 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); 667 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
571 ret=0; 668 ret=0;
572 } 669 }
@@ -576,8 +673,8 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
576 return(ret); 673 return(ret);
577 } 674 }
578 675
579int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), 676int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
580 int (*dup_func)(), void (*free_func)()) 677 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
581 { 678 {
582 x509_store_ctx_num++; 679 x509_store_ctx_num++;
583 return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1, 680 return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
@@ -620,6 +717,19 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
620 return(ctx->chain); 717 return(ctx->chain);
621 } 718 }
622 719
720STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
721 {
722 int i;
723 X509 *x;
724 STACK_OF(X509) *chain;
725 if(!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
726 for(i = 0; i < sk_X509_num(chain); i++) {
727 x = sk_X509_value(chain, i);
728 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
729 }
730 return(chain);
731 }
732
623void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) 733void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
624 { 734 {
625 ctx->cert=x; 735 ctx->cert=x;
@@ -630,6 +740,62 @@ void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
630 ctx->untrusted=sk; 740 ctx->untrusted=sk;
631 } 741 }
632 742
743int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
744 {
745 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
746 }
747
748int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
749 {
750 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
751 }
752
753/* This function is used to set the X509_STORE_CTX purpose and trust
754 * values. This is intended to be used when another structure has its
755 * own trust and purpose values which (if set) will be inherited by
756 * the ctx. If they aren't set then we will usually have a default
757 * purpose in mind which should then be used to set the trust value.
758 * An example of this is SSL use: an SSL structure will have its own
759 * purpose and trust settings which the application can set: if they
760 * aren't set then we use the default of SSL client/server.
761 */
762
763int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
764 int purpose, int trust)
765{
766 int idx;
767 /* If purpose not set use default */
768 if(!purpose) purpose = def_purpose;
769 /* If we have a purpose then check it is valid */
770 if(purpose) {
771 idx = X509_PURPOSE_get_by_id(purpose);
772 if(idx == -1) {
773 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
774 X509_R_UNKNOWN_PURPOSE_ID);
775 return 0;
776 }
777 /* If trust not set then get from purpose default */
778 if(!trust) {
779 X509_PURPOSE *ptmp;
780 ptmp = X509_PURPOSE_get0(idx);
781 trust = ptmp->trust;
782 }
783 }
784 if(trust) {
785 idx = X509_TRUST_get_by_id(trust);
786 if(idx == -1) {
787 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
788 X509_R_UNKNOWN_TRUST_ID);
789 return 0;
790 }
791 }
792
793 if(purpose) ctx->purpose = purpose;
794 if(trust) ctx->trust = trust;
795 return 1;
796}
797
798
633IMPLEMENT_STACK_OF(X509) 799IMPLEMENT_STACK_OF(X509)
634IMPLEMENT_ASN1_SET_OF(X509) 800IMPLEMENT_ASN1_SET_OF(X509)
635 801
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index ecfd4cf9ed..4637aecedf 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -202,6 +202,8 @@ struct x509_store_state_st /* X509_STORE_CTX */
202 /* The following are set by the caller */ 202 /* The following are set by the caller */
203 X509 *cert; /* The cert to check */ 203 X509 *cert; /* The cert to check */
204 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ 204 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
205 int purpose; /* purpose to check untrusted certificates */
206 int trust; /* trust setting to check */
205 207
206 /* The following is built up */ 208 /* The following is built up */
207 int depth; /* how far to go looking up certs */ 209 int depth; /* how far to go looking up certs */
@@ -234,6 +236,7 @@ struct x509_store_state_st /* X509_STORE_CTX */
234 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) 236 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
235 237
236#define X509_V_OK 0 238#define X509_V_OK 0
239/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
237 240
238#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 241#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
239#define X509_V_ERR_UNABLE_TO_GET_CRL 3 242#define X509_V_ERR_UNABLE_TO_GET_CRL 3
@@ -257,6 +260,11 @@ struct x509_store_state_st /* X509_STORE_CTX */
257#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 260#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
258#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 261#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
259#define X509_V_ERR_CERT_REVOKED 23 262#define X509_V_ERR_CERT_REVOKED 23
263#define X509_V_ERR_INVALID_CA 24
264#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
265#define X509_V_ERR_INVALID_PURPOSE 26
266#define X509_V_ERR_CERT_UNTRUSTED 27
267#define X509_V_ERR_CERT_REJECTED 28
260 268
261/* The application is not happy */ 269/* The application is not happy */
262#define X509_V_ERR_APPLICATION_VERIFICATION 50 270#define X509_V_ERR_APPLICATION_VERIFICATION 50
@@ -284,6 +292,8 @@ void X509_OBJECT_free_contents(X509_OBJECT *a);
284X509_STORE *X509_STORE_new(void ); 292X509_STORE *X509_STORE_new(void );
285void X509_STORE_free(X509_STORE *v); 293void X509_STORE_free(X509_STORE *v);
286 294
295X509_STORE_CTX *X509_STORE_CTX_new(void);
296void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
287void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, 297void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
288 X509 *x509, STACK_OF(X509) *chain); 298 X509 *x509, STACK_OF(X509) *chain);
289void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); 299void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
@@ -305,6 +315,7 @@ int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
305#ifndef NO_STDIO 315#ifndef NO_STDIO
306int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); 316int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
307int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); 317int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
318int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
308#endif 319#endif
309 320
310 321
@@ -327,8 +338,8 @@ int X509_STORE_load_locations (X509_STORE *ctx,
327int X509_STORE_set_default_paths(X509_STORE *ctx); 338int X509_STORE_set_default_paths(X509_STORE *ctx);
328#endif 339#endif
329 340
330int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), 341int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
331 int (*dup_func)(), void (*free_func)()); 342 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
332int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data); 343int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
333void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); 344void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
334int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); 345int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
@@ -336,8 +347,13 @@ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
336int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); 347int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
337X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); 348X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
338STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); 349STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
350STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
339void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); 351void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
340void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); 352void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
353int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
354int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
355int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
356 int purpose, int trust);
341 357
342#ifdef __cplusplus 358#ifdef __cplusplus
343} 359}
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
index 2a422be350..cf2382d42c 100644
--- a/src/lib/libcrypto/x509/x509name.c
+++ b/src/lib/libcrypto/x509/x509name.c
@@ -171,6 +171,42 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
171 return(ret); 171 return(ret);
172 } 172 }
173 173
174int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
175 unsigned char *bytes, int len, int loc, int set)
176{
177 X509_NAME_ENTRY *ne;
178 int ret;
179 ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
180 if(!ne) return 0;
181 ret = X509_NAME_add_entry(name, ne, loc, set);
182 X509_NAME_ENTRY_free(ne);
183 return ret;
184}
185
186int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
187 unsigned char *bytes, int len, int loc, int set)
188{
189 X509_NAME_ENTRY *ne;
190 int ret;
191 ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
192 if(!ne) return 0;
193 ret = X509_NAME_add_entry(name, ne, loc, set);
194 X509_NAME_ENTRY_free(ne);
195 return ret;
196}
197
198int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
199 unsigned char *bytes, int len, int loc, int set)
200{
201 X509_NAME_ENTRY *ne;
202 int ret;
203 ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
204 if(!ne) return 0;
205 ret = X509_NAME_add_entry(name, ne, loc, set);
206 X509_NAME_ENTRY_free(ne);
207 return ret;
208}
209
174/* if set is -1, append to previous set, 0 'a new one', and 1, 210/* if set is -1, append to previous set, 0 'a new one', and 1,
175 * prepend to the guy we are about to stomp on. */ 211 * prepend to the guy we are about to stomp on. */
176int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, 212int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
@@ -236,10 +272,30 @@ err:
236 return(0); 272 return(0);
237 } 273 }
238 274
275X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
276 char *field, int type, unsigned char *bytes, int len)
277 {
278 ASN1_OBJECT *obj;
279 X509_NAME_ENTRY *nentry;
280
281 obj=OBJ_txt2obj(field, 0);
282 if (obj == NULL)
283 {
284 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
285 X509_R_INVALID_FIELD_NAME);
286 ERR_add_error_data(2, "name=", field);
287 return(NULL);
288 }
289 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
290 ASN1_OBJECT_free(obj);
291 return nentry;
292 }
293
239X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, 294X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
240 int type, unsigned char *bytes, int len) 295 int type, unsigned char *bytes, int len)
241 { 296 {
242 ASN1_OBJECT *obj; 297 ASN1_OBJECT *obj;
298 X509_NAME_ENTRY *nentry;
243 299
244 obj=OBJ_nid2obj(nid); 300 obj=OBJ_nid2obj(nid);
245 if (obj == NULL) 301 if (obj == NULL)
@@ -247,7 +303,9 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
247 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID); 303 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
248 return(NULL); 304 return(NULL);
249 } 305 }
250 return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len)); 306 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
307 ASN1_OBJECT_free(obj);
308 return nentry;
251 } 309 }
252 310
253X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, 311X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
@@ -267,7 +325,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
267 goto err; 325 goto err;
268 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len)) 326 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
269 goto err; 327 goto err;
270 328
271 if ((ne != NULL) && (*ne == NULL)) *ne=ret; 329 if ((ne != NULL) && (*ne == NULL)) *ne=ret;
272 return(ret); 330 return(ret);
273err: 331err:
@@ -294,6 +352,10 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
294 int i; 352 int i;
295 353
296 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0); 354 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
355 if(type & MBSTRING_FLAG)
356 return ASN1_STRING_set_by_NID(&ne->value, bytes,
357 len, type,
358 OBJ_obj2nid(ne->object)) ? 1 : 0;
297 if (len < 0) len=strlen((char *)bytes); 359 if (len < 0) len=strlen((char *)bytes);
298 i=ASN1_STRING_set(ne->value,bytes,len); 360 i=ASN1_STRING_set(ne->value,bytes,len);
299 if (!i) return(0); 361 if (!i) return(0);
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
new file mode 100644
index 0000000000..b35c3f92e7
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509spki.c
@@ -0,0 +1,121 @@
1/* x509spki.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509.h>
62#include <openssl/asn1_mac.h>
63
64int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
65{
66 if ((x == NULL) || (x->spkac == NULL)) return(0);
67 return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
68}
69
70EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
71{
72 if ((x == NULL) || (x->spkac == NULL))
73 return(NULL);
74 return(X509_PUBKEY_get(x->spkac->pubkey));
75}
76
77/* Load a Netscape SPKI from a base64 encoded string */
78
79NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
80{
81 unsigned char *spki_der, *p;
82 int spki_len;
83 NETSCAPE_SPKI *spki;
84 if(len <= 0) len = strlen(str);
85 if (!(spki_der = Malloc(len + 1))) {
86 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89 spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
90 if(spki_len < 0) {
91 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
92 X509_R_BASE64_DECODE_ERROR);
93 Free(spki_der);
94 return NULL;
95 }
96 p = spki_der;
97 spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
98 Free(spki_der);
99 return spki;
100}
101
102/* Generate a base64 encoded string from an SPKI */
103
104char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
105{
106 unsigned char *der_spki, *p;
107 char *b64_str;
108 int der_len;
109 der_len = i2d_NETSCAPE_SPKI(spki, NULL);
110 der_spki = Malloc(der_len);
111 b64_str = Malloc(der_len * 2);
112 if(!der_spki || !b64_str) {
113 X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
114 return NULL;
115 }
116 p = der_spki;
117 i2d_NETSCAPE_SPKI(spki, &p);
118 EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
119 Free(der_spki);
120 return b64_str;
121}
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
index f2af895df0..d2bf3c8e1c 100644
--- a/src/lib/libcrypto/x509/x_all.c
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -285,10 +285,22 @@ RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
285 (unsigned char **)(rsa))); 285 (unsigned char **)(rsa)));
286 } 286 }
287 287
288RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
289 {
290 return((RSA *)ASN1_d2i_fp((char *(*)())
291 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp),
292 (unsigned char **)(rsa)));
293 }
294
288int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) 295int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
289 { 296 {
290 return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa)); 297 return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
291 } 298 }
299
300int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
301 {
302 return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa));
303 }
292#endif 304#endif
293 305
294RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) 306RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
@@ -310,10 +322,22 @@ RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
310 (unsigned char **)(rsa))); 322 (unsigned char **)(rsa)));
311 } 323 }
312 324
325RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
326 {
327 return((RSA *)ASN1_d2i_bio((char *(*)())
328 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp),
329 (unsigned char **)(rsa)));
330 }
331
313int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) 332int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
314 { 333 {
315 return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa)); 334 return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
316 } 335 }
336
337int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
338 {
339 return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa));
340 }
317#endif 341#endif
318 342
319#ifndef NO_DSA 343#ifndef NO_DSA
@@ -329,6 +353,18 @@ int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
329 { 353 {
330 return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa)); 354 return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
331 } 355 }
356
357DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
358 {
359 return((DSA *)ASN1_d2i_fp((char *(*)())
360 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp),
361 (unsigned char **)(dsa)));
362 }
363
364int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
365 {
366 return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa));
367 }
332#endif 368#endif
333 369
334DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) 370DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
@@ -342,6 +378,19 @@ int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
342 { 378 {
343 return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa)); 379 return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
344 } 380 }
381
382DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
383 {
384 return((DSA *)ASN1_d2i_bio((char *(*)())
385 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp),
386 (unsigned char **)(dsa)));
387 }
388
389int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
390 {
391 return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa));
392 }
393
345#endif 394#endif
346 395
347X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn) 396X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn)
@@ -362,19 +411,19 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
362 (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne)); 411 (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
363 } 412 }
364 413
365int X509_digest(X509 *data, EVP_MD *type, unsigned char *md, 414int X509_digest(X509 *data, const EVP_MD *type, unsigned char *md,
366 unsigned int *len) 415 unsigned int *len)
367 { 416 {
368 return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)); 417 return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
369 } 418 }
370 419
371int X509_NAME_digest(X509_NAME *data, EVP_MD *type, unsigned char *md, 420int X509_NAME_digest(X509_NAME *data, const EVP_MD *type, unsigned char *md,
372 unsigned int *len) 421 unsigned int *len)
373 { 422 {
374 return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)); 423 return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
375 } 424 }
376 425
377int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, EVP_MD *type, 426int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
378 unsigned char *md, unsigned int *len) 427 unsigned char *md, unsigned int *len)
379 { 428 {
380 return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type, 429 return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
@@ -420,6 +469,29 @@ int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
420 { 469 {
421 return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf)); 470 return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
422 } 471 }
472
473int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
474 {
475 PKCS8_PRIV_KEY_INFO *p8inf;
476 int ret;
477 p8inf = EVP_PKEY2PKCS8(key);
478 if(!p8inf) return 0;
479 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
480 PKCS8_PRIV_KEY_INFO_free(p8inf);
481 return ret;
482 }
483
484int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
485 {
486 return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey));
487 }
488
489EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
490{
491 return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
492 (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
493}
494
423#endif 495#endif
424 496
425PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, 497PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
@@ -435,3 +507,25 @@ int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
435 { 507 {
436 return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf)); 508 return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
437 } 509 }
510
511int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
512 {
513 PKCS8_PRIV_KEY_INFO *p8inf;
514 int ret;
515 p8inf = EVP_PKEY2PKCS8(key);
516 if(!p8inf) return 0;
517 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
518 PKCS8_PRIV_KEY_INFO_free(p8inf);
519 return ret;
520 }
521
522int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
523 {
524 return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey));
525 }
526
527EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
528 {
529 return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
530 (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
531 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 22:13:47 +0000