summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509')
-rw-r--r--src/lib/libcrypto/x509/Makefile.ssl96
-rw-r--r--src/lib/libcrypto/x509/by_dir.c359
-rw-r--r--src/lib/libcrypto/x509/by_file.c282
-rw-r--r--src/lib/libcrypto/x509/x509.h1152
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c257
-rw-r--r--src/lib/libcrypto/x509/x509_d2.c110
-rw-r--r--src/lib/libcrypto/x509/x509_def.c83
-rw-r--r--src/lib/libcrypto/x509/x509_err.c130
-rw-r--r--src/lib/libcrypto/x509/x509_ext.c222
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c446
-rw-r--r--src/lib/libcrypto/x509/x509_obj.c179
-rw-r--r--src/lib/libcrypto/x509/x509_r2x.c122
-rw-r--r--src/lib/libcrypto/x509/x509_req.c116
-rw-r--r--src/lib/libcrypto/x509/x509_set.c164
-rw-r--r--src/lib/libcrypto/x509/x509_txt.c132
-rw-r--r--src/lib/libcrypto/x509/x509_v3.c409
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c704
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h378
-rw-r--r--src/lib/libcrypto/x509/x509name.c358
-rw-r--r--src/lib/libcrypto/x509/x509rset.c89
-rw-r--r--src/lib/libcrypto/x509/x509type.c115
-rw-r--r--src/lib/libcrypto/x509/x_all.c465
22 files changed, 6368 insertions, 0 deletions
diff --git a/src/lib/libcrypto/x509/Makefile.ssl b/src/lib/libcrypto/x509/Makefile.ssl
new file mode 100644
index 0000000000..1c1ca2ffa0
--- /dev/null
+++ b/src/lib/libcrypto/x509/Makefile.ssl
@@ -0,0 +1,96 @@
1#
2# SSLeay/crypto/x509/Makefile
3#
4
5DIR= x509
6TOP= ../..
7CC= cc
8INCLUDES= -I.. -I../../include
9CFLAG=-g
10INSTALLTOP=/usr/local/ssl
11MAKE= make -f Makefile.ssl
12MAKEDEPEND= makedepend -f Makefile.ssl
13MAKEFILE= Makefile.ssl
14AR= ar r
15
16CFLAGS= $(INCLUDES) $(CFLAG)
17
18ERR=x509
19ERRC=x509_err
20GENERAL=Makefile README
21TEST=
22APPS=
23
24LIB=$(TOP)/libcrypto.a
25LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
26 x509_obj.c x509_req.c x509_vfy.c \
27 x509_set.c x509rset.c $(ERRC).c \
28 x509name.c x509_v3.c x509_ext.c x509pack.c \
29 x509type.c x509_lu.c x_all.c x509_txt.c \
30 by_file.c by_dir.c \
31 v3_net.c v3_x509.c
32LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
33 x509_obj.o x509_req.o x509_vfy.o \
34 x509_set.o x509rset.o $(ERRC).o \
35 x509name.o x509_v3.o x509_ext.o x509pack.o \
36 x509type.o x509_lu.o x_all.o x509_txt.o \
37 by_file.o by_dir.o \
38 v3_net.o v3_x509.o
39
40SRC= $(LIBSRC)
41
42EXHEADER= x509.h x509_vfy.h
43HEADER= $(EXHEADER)
44
45ALL= $(GENERAL) $(SRC) $(HEADER)
46
47top:
48 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
49
50all: lib
51
52lib: $(LIBOBJ)
53 $(AR) $(LIB) $(LIBOBJ)
54 sh $(TOP)/util/ranlib.sh $(LIB)
55 @touch lib
56
57files:
58 perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
59
60links:
61 /bin/rm -f Makefile
62 $(TOP)/util/point.sh Makefile.ssl Makefile ;
63 $(TOP)/util/mklink.sh ../../include $(EXHEADER)
64 $(TOP)/util/mklink.sh ../../test $(TEST)
65 $(TOP)/util/mklink.sh ../../apps $(APPS)
66
67install:
68 @for i in $(EXHEADER) ; \
69 do \
70 (cp $$i $(INSTALLTOP)/include/$$i; \
71 chmod 644 $(INSTALLTOP)/include/$$i ); \
72 done;
73
74tags:
75 ctags $(SRC)
76
77tests:
78
79lint:
80 lint -DLINT $(INCLUDES) $(SRC)>fluff
81
82depend:
83 $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
84
85dclean:
86 perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
87 mv -f Makefile.new $(MAKEFILE)
88
89clean:
90 /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
91
92errors:
93 perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
94 perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
95
96# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
new file mode 100644
index 0000000000..11725ec94c
--- /dev/null
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -0,0 +1,359 @@
1/* crypto/x509/by_dir.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64
65#include "cryptlib.h"
66#include "lhash.h"
67#include "x509.h"
68#include "pem.h"
69
70typedef struct lookup_dir_st
71 {
72 BUF_MEM *buffer;
73 int num_dirs;
74 char **dirs;
75 int *dirs_type;
76 int num_dirs_alloced;
77 } BY_DIR;
78
79#ifndef NOPROTO
80static int dir_ctrl(X509_LOOKUP *ctx,int cmd,char *argp,long argl,char **ret);
81static int new_dir(X509_LOOKUP *lu);
82static void free_dir(X509_LOOKUP *lu);
83static int add_cert_dir(BY_DIR *ctx,char *dir,int type);
84static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
85 X509_OBJECT *ret);
86#else
87static int dir_ctrl();
88static int new_dir();
89static void free_dir();
90static int add_cert_dir();
91static int get_cert_by_subject();
92#endif
93
94X509_LOOKUP_METHOD x509_dir_lookup=
95 {
96 "Load certs from files in a directory",
97 new_dir, /* new */
98 free_dir, /* free */
99 NULL, /* init */
100 NULL, /* shutdown */
101 dir_ctrl, /* ctrl */
102 get_cert_by_subject, /* get_by_subject */
103 NULL, /* get_by_issuer_serial */
104 NULL, /* get_by_fingerprint */
105 NULL, /* get_by_alias */
106 };
107
108X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir()
109 {
110 return(&x509_dir_lookup);
111 }
112
113static int dir_ctrl(ctx,cmd,argp,argl,retp)
114X509_LOOKUP *ctx;
115int cmd;
116long argl;
117char *argp;
118char **retp;
119 {
120 int ret=0;
121 BY_DIR *ld;
122 char *dir;
123
124 ld=(BY_DIR *)ctx->method_data;
125
126 switch (cmd)
127 {
128 case X509_L_ADD_DIR:
129 if (argl == X509_FILETYPE_DEFAULT)
130 {
131 ret=add_cert_dir(ld,X509_get_default_cert_dir(),
132 X509_FILETYPE_PEM);
133 if (!ret)
134 {
135 X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
136 }
137 else
138 {
139 dir=(char *)Getenv(X509_get_default_cert_dir_env());
140 ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
141 }
142 }
143 else
144 ret=add_cert_dir(ld,argp,(int)argl);
145 break;
146 }
147 return(ret);
148 }
149
150static int new_dir(lu)
151X509_LOOKUP *lu;
152 {
153 BY_DIR *a;
154
155 if ((a=(BY_DIR *)Malloc(sizeof(BY_DIR))) == NULL)
156 return(0);
157 if ((a->buffer=BUF_MEM_new()) == NULL)
158 {
159 Free(a);
160 return(0);
161 }
162 a->num_dirs=0;
163 a->dirs=NULL;
164 a->dirs_type=NULL;
165 a->num_dirs_alloced=0;
166 lu->method_data=(char *)a;
167 return(1);
168 }
169
170static void free_dir(lu)
171X509_LOOKUP *lu;
172 {
173 BY_DIR *a;
174 int i;
175
176 a=(BY_DIR *)lu->method_data;
177 for (i=0; i<a->num_dirs; i++)
178 if (a->dirs[i] != NULL) Free(a->dirs[i]);
179 if (a->dirs != NULL) Free(a->dirs);
180 if (a->dirs_type != NULL) Free(a->dirs_type);
181 if (a->buffer != NULL) BUF_MEM_free(a->buffer);
182 Free(a);
183 }
184
185static int add_cert_dir(ctx,dir, type)
186BY_DIR *ctx;
187char *dir;
188int type;
189 {
190 int j,len;
191 int *ip;
192 char *s,*ss,*p;
193 char **pp;
194
195 if (dir == NULL) return(0);
196
197 s=dir;
198 p=s;
199 for (;;)
200 {
201 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
202 {
203 ss=s;
204 s=p+1;
205 len=(int)(p-ss);
206 if (len == 0) continue;
207 for (j=0; j<ctx->num_dirs; j++)
208 if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
209 continue;
210 if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
211 {
212 ctx->num_dirs_alloced+=10;
213 pp=(char **)Malloc(ctx->num_dirs_alloced*
214 sizeof(char *));
215 ip=(int *)Malloc(ctx->num_dirs_alloced*
216 sizeof(int));
217 if ((pp == NULL) || (ip == NULL))
218 {
219 X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
220 return(0);
221 }
222 memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
223 sizeof(char *));
224 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
225 sizeof(int));
226 if (ctx->dirs != NULL)
227 Free((char *)ctx->dirs);
228 if (ctx->dirs_type != NULL)
229 Free((char *)ctx->dirs_type);
230 ctx->dirs=pp;
231 ctx->dirs_type=ip;
232 }
233 ctx->dirs_type[ctx->num_dirs]=type;
234 ctx->dirs[ctx->num_dirs]=(char *)Malloc((unsigned int)len+1);
235 if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
236 strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
237 ctx->dirs[ctx->num_dirs][len]='\0';
238 ctx->num_dirs++;
239 }
240 if (*p == '\0') break;
241 p++;
242 }
243 return(1);
244 }
245
246static int get_cert_by_subject(xl,type,name,ret)
247X509_LOOKUP *xl;
248int type;
249X509_NAME *name;
250X509_OBJECT *ret;
251 {
252 BY_DIR *ctx;
253 union {
254 struct {
255 X509 st_x509;
256 X509_CINF st_x509_cinf;
257 } x509;
258 struct {
259 X509_CRL st_crl;
260 X509_CRL_INFO st_crl_info;
261 } crl;
262 } data;
263 int ok=0;
264 int i,j,k;
265 unsigned long h;
266 BUF_MEM *b=NULL;
267 struct stat st;
268 X509_OBJECT stmp,*tmp;
269 char *postfix="";
270
271 if (name == NULL) return(0);
272
273 stmp.type=type;
274 if (type == X509_LU_X509)
275 {
276 data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
277 data.x509.st_x509_cinf.subject=name;
278 stmp.data.x509= &data.x509.st_x509;
279 postfix="";
280 }
281 else if (type == X509_LU_CRL)
282 {
283 data.crl.st_crl.crl= &data.crl.st_crl_info;
284 data.crl.st_crl_info.issuer=name;
285 stmp.data.crl= &data.crl.st_crl;
286 postfix="r";
287 }
288 else
289 {
290 X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
291 goto finish;
292 }
293
294 if ((b=BUF_MEM_new()) == NULL)
295 {
296 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
297 goto finish;
298 }
299
300 ctx=(BY_DIR *)xl->method_data;
301
302 h=X509_NAME_hash(name);
303 for (i=0; i<ctx->num_dirs; i++)
304 {
305 j=strlen(ctx->dirs[i])+1+8+6+1+1;
306 if (!BUF_MEM_grow(b,j))
307 {
308 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
309 goto finish;
310 }
311 k=0;
312 for (;;)
313 {
314 sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h,
315 postfix,k);
316 k++;
317 if (stat(b->data,&st) < 0)
318 break;
319 /* found one. */
320 if (type == X509_LU_X509)
321 {
322 if ((X509_load_cert_file(xl,b->data,
323 ctx->dirs_type[i])) == 0)
324 break;
325 }
326 else if (type == X509_LU_CRL)
327 {
328 if ((X509_load_crl_file(xl,b->data,
329 ctx->dirs_type[i])) == 0)
330 break;
331 }
332 /* else case will caught higher up */
333 }
334
335 /* we have added it to the cache so now pull
336 * it out again */
337 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
338 tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,
339 (char *)&stmp);
340 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
341
342 if (tmp != NULL)
343 {
344 ok=1;
345 ret->type=tmp->type;
346 memcpy(&ret->data,&tmp->data,sizeof(ret->data));
347 /* If we were going to up the reference count,
348 * we would need to do it on a perl 'type'
349 * basis */
350 /* CRYPTO_add(&tmp->data.x509->references,1,
351 CRYPTO_LOCK_X509);*/
352 goto finish;
353 }
354 }
355finish:
356 if (b != NULL) BUF_MEM_free(b);
357 return(ok);
358 }
359
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
new file mode 100644
index 0000000000..09ebb9bf08
--- /dev/null
+++ b/src/lib/libcrypto/x509/by_file.c
@@ -0,0 +1,282 @@
1/* crypto/x509/by_file.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64
65#include "cryptlib.h"
66#include "lhash.h"
67#include "buffer.h"
68#include "x509.h"
69#include "pem.h"
70
71#ifndef NO_STDIO
72
73#ifndef NOPROTO
74static int by_file_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,
75 long argl,char **ret);
76#else
77static int by_file_ctrl();
78#endif
79
80X509_LOOKUP_METHOD x509_file_lookup=
81 {
82 "Load file into cache",
83 NULL, /* new */
84 NULL, /* free */
85 NULL, /* init */
86 NULL, /* shutdown */
87 by_file_ctrl, /* ctrl */
88 NULL, /* get_by_subject */
89 NULL, /* get_by_issuer_serial */
90 NULL, /* get_by_fingerprint */
91 NULL, /* get_by_alias */
92 };
93
94X509_LOOKUP_METHOD *X509_LOOKUP_file()
95 {
96 return(&x509_file_lookup);
97 }
98
99static int by_file_ctrl(ctx,cmd,argp,argl,ret)
100X509_LOOKUP *ctx;
101int cmd;
102char *argp;
103long argl;
104char **ret;
105 {
106 int ok=0,ok2=0;
107 char *file;
108
109 switch (cmd)
110 {
111 case X509_L_FILE_LOAD:
112 if (argl == X509_FILETYPE_DEFAULT)
113 {
114 ok=X509_load_cert_file(ctx,X509_get_default_cert_file(),
115 X509_FILETYPE_PEM);
116 ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(),
117 X509_FILETYPE_PEM);
118 if (!ok || !ok2)
119 {
120 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
121 }
122 else
123 {
124 file=(char *)Getenv(X509_get_default_cert_file_env());
125 ok=X509_load_cert_file(ctx,file,
126 X509_FILETYPE_PEM);
127 ok2=X509_load_crl_file(ctx,file,
128 X509_FILETYPE_PEM);
129 }
130 }
131 else
132 {
133 ok=X509_load_cert_file(ctx,argp,(int)argl);
134 ok2=X509_load_crl_file(ctx,argp,(int)argl);
135 }
136 break;
137 }
138 return((ok && ok2)?ok:0);
139 }
140
141int X509_load_cert_file(ctx,file,type)
142X509_LOOKUP *ctx;
143char *file;
144int type;
145 {
146 int ret=0;
147 BIO *in=NULL;
148 int i,count=0;
149 X509 *x=NULL;
150
151 if (file == NULL) return(1);
152 in=BIO_new(BIO_s_file_internal());
153
154 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
155 {
156 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
157 goto err;
158 }
159
160 if (type == X509_FILETYPE_PEM)
161 {
162 for (;;)
163 {
164 x=PEM_read_bio_X509(in,NULL,NULL);
165 if (x == NULL)
166 {
167 if ((ERR_GET_REASON(ERR_peek_error()) ==
168 PEM_R_NO_START_LINE) && (count > 0))
169 {
170 ERR_clear_error();
171 break;
172 }
173 else
174 {
175 X509err(X509_F_X509_LOAD_CERT_FILE,
176 ERR_R_PEM_LIB);
177 goto err;
178 }
179 }
180 i=X509_STORE_add_cert(ctx->store_ctx,x);
181 if (!i) goto err;
182 count++;
183 X509_free(x);
184 x=NULL;
185 }
186 ret=count;
187 }
188 else if (type == X509_FILETYPE_ASN1)
189 {
190 x=d2i_X509_bio(in,NULL);
191 if (x == NULL)
192 {
193 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
194 goto err;
195 }
196 i=X509_STORE_add_cert(ctx->store_ctx,x);
197 if (!i) goto err;
198 ret=i;
199 }
200 else
201 {
202 X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
203 goto err;
204 }
205err:
206 if (x != NULL) X509_free(x);
207 if (in != NULL) BIO_free(in);
208 return(ret);
209 }
210
211int X509_load_crl_file(ctx,file,type)
212X509_LOOKUP *ctx;
213char *file;
214int type;
215 {
216 int ret=0;
217 BIO *in=NULL;
218 int i,count=0;
219 X509_CRL *x=NULL;
220
221 if (file == NULL) return(1);
222 in=BIO_new(BIO_s_file_internal());
223
224 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
225 {
226 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
227 goto err;
228 }
229
230 if (type == X509_FILETYPE_PEM)
231 {
232 for (;;)
233 {
234 x=PEM_read_bio_X509_CRL(in,NULL,NULL);
235 if (x == NULL)
236 {
237 if ((ERR_GET_REASON(ERR_peek_error()) ==
238 PEM_R_NO_START_LINE) && (count > 0))
239 {
240 ERR_clear_error();
241 break;
242 }
243 else
244 {
245 X509err(X509_F_X509_LOAD_CRL_FILE,
246 ERR_R_PEM_LIB);
247 goto err;
248 }
249 }
250 i=X509_STORE_add_crl(ctx->store_ctx,x);
251 if (!i) goto err;
252 count++;
253 X509_CRL_free(x);
254 x=NULL;
255 }
256 ret=count;
257 }
258 else if (type == X509_FILETYPE_ASN1)
259 {
260 x=d2i_X509_CRL_bio(in,NULL);
261 if (x == NULL)
262 {
263 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
264 goto err;
265 }
266 i=X509_STORE_add_crl(ctx->store_ctx,x);
267 if (!i) goto err;
268 ret=i;
269 }
270 else
271 {
272 X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
273 goto err;
274 }
275err:
276 if (x != NULL) X509_CRL_free(x);
277 if (in != NULL) BIO_free(in);
278 return(ret);
279 }
280
281#endif /* NO_STDIO */
282
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
new file mode 100644
index 0000000000..95114f7c43
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509.h
@@ -0,0 +1,1152 @@
1/* crypto/x509/x509.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_H
60#define HEADER_X509_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66#include "stack.h"
67#include "asn1.h"
68
69#ifndef NO_RSA
70#include "rsa.h"
71#else
72#define RSA long
73#endif
74
75#ifndef NO_DSA
76#include "dsa.h"
77#else
78#define DSA long
79#endif
80
81#ifndef NO_DH
82#include "dh.h"
83#else
84#define DH long
85#endif
86
87#include "evp.h"
88
89#define X509_FILETYPE_PEM 1
90#define X509_FILETYPE_ASN1 2
91#define X509_FILETYPE_DEFAULT 3
92
93#define X509v3_KU_DIGITAL_SIGNATURE 0x0080
94#define X509v3_KU_NON_REPUDIATION 0x0040
95#define X509v3_KU_KEY_ENCIPHERMENT 0x0020
96#define X509v3_KU_DATA_ENCIPHERMENT 0x0010
97#define X509v3_KU_KEY_AGREEMENT 0x0008
98#define X509v3_KU_KEY_CERT_SIGN 0x0004
99#define X509v3_KU_CRL_SIGN 0x0002
100#define X509v3_KU_ENCIPHER_ONLY 0x0001
101#define X509v3_KU_DECIPHER_ONLY 0x8000
102#define X509v3_KU_UNDEF 0xffff
103
104typedef struct X509_objects_st
105 {
106 int nid;
107 int (*a2i)();
108 int (*i2a)();
109 } X509_OBJECTS;
110
111typedef struct X509_algor_st
112 {
113 ASN1_OBJECT *algorithm;
114 ASN1_TYPE *parameter;
115 } X509_ALGOR;
116
117typedef struct X509_val_st
118 {
119 ASN1_UTCTIME *notBefore;
120 ASN1_UTCTIME *notAfter;
121 } X509_VAL;
122
123typedef struct X509_pubkey_st
124 {
125 X509_ALGOR *algor;
126 ASN1_BIT_STRING *public_key;
127 struct evp_pkey_st /* EVP_PKEY*/ *pkey;
128 } X509_PUBKEY;
129
130typedef struct X509_sig_st
131 {
132 X509_ALGOR *algor;
133 ASN1_OCTET_STRING *digest;
134 } X509_SIG;
135
136typedef struct X509_name_entry_st
137 {
138 ASN1_OBJECT *object;
139 ASN1_STRING *value;
140 int set;
141 int size; /* temp variable */
142 } X509_NAME_ENTRY;
143
144/* we always keep X509_NAMEs in 2 forms. */
145typedef struct X509_name_st
146 {
147 STACK *entries; /* of X509_NAME_ENTRY */
148 int modified; /* true if 'bytes' needs to be built */
149#ifdef HEADER_BUFFER_H
150 BUF_MEM *bytes;
151#else
152 char *bytes;
153#endif
154 unsigned long hash; /* Keep the hash around for lookups */
155 } X509_NAME;
156
157#define X509_EX_V_NETSCAPE_HACK 0x8000
158#define X509_EX_V_INIT 0x0001
159typedef struct X509_extension_st
160 {
161 ASN1_OBJECT *object;
162 short critical;
163 short netscape_hack;
164 ASN1_OCTET_STRING *value;
165 long argl; /* used when decoding */
166 char *argp; /* used when decoding */
167 void (*ex_free)(); /* clear argp stuff */
168 } X509_EXTENSION;
169
170/* #if 1 */
171typedef struct x509_extension_method_st
172 {
173 int nid;
174 int data_type;
175 int pack_type;
176 void (*ex_clear)();
177 int (*ex_get_bool)();
178 int (*ex_set_bool)();
179 int (*ex_get_str)();
180 int (*ex_set_str)();
181 char *(*ex_get_struct)();
182 int (*ex_set_struct)();
183 int (*a2i)();
184 int (*i2a)();
185 } X509_EXTENSION_METHOD;
186/* #endif */
187
188typedef struct X509_req_info_st
189 {
190 ASN1_INTEGER *version;
191 X509_NAME *subject;
192 X509_PUBKEY *pubkey;
193 /* d=2 hl=2 l= 0 cons: cont: 00 */
194 STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */
195 int req_kludge;
196 } X509_REQ_INFO;
197
198typedef struct X509_req_st
199 {
200 X509_REQ_INFO *req_info;
201 X509_ALGOR *sig_alg;
202 ASN1_BIT_STRING *signature;
203 int references;
204 } X509_REQ;
205
206typedef struct x509_cinf_st
207 {
208 ASN1_INTEGER *version; /* [ 0 ] default of v1 */
209 ASN1_INTEGER *serialNumber;
210 X509_ALGOR *signature;
211 X509_NAME *issuer;
212 X509_VAL *validity;
213 X509_NAME *subject;
214 X509_PUBKEY *key;
215 ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
216 ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
217 STACK /* X509_EXTENSION */ *extensions; /* [ 3 ] optional in v3 */
218 } X509_CINF;
219
220typedef struct x509_st
221 {
222 X509_CINF *cert_info;
223 X509_ALGOR *sig_alg;
224 ASN1_BIT_STRING *signature;
225 int valid;
226 int references;
227 char *name;
228 } X509;
229
230typedef struct X509_revoked_st
231 {
232 ASN1_INTEGER *serialNumber;
233 ASN1_UTCTIME *revocationDate;
234 STACK /* optional X509_EXTENSION */ *extensions;
235 int sequence; /* load sequence */
236 } X509_REVOKED;
237
238typedef struct X509_crl_info_st
239 {
240 ASN1_INTEGER *version;
241 X509_ALGOR *sig_alg;
242 X509_NAME *issuer;
243 ASN1_UTCTIME *lastUpdate;
244 ASN1_UTCTIME *nextUpdate;
245 STACK /* X509_REVOKED */ *revoked;
246 STACK /* [0] X509_EXTENSION */ *extensions;
247 } X509_CRL_INFO;
248
249typedef struct X509_crl_st
250 {
251 /* actual signature */
252 X509_CRL_INFO *crl;
253 X509_ALGOR *sig_alg;
254 ASN1_BIT_STRING *signature;
255 int references;
256 } X509_CRL;
257
258/* a sequence of these are used */
259typedef struct x509_attributes_st
260 {
261 ASN1_OBJECT *object;
262 int set; /* 1 for a set, 0 for a single item (which is wrong) */
263 union {
264 char *ptr;
265/* 1 */ STACK /* ASN1_TYPE */ *set;
266/* 0 */ ASN1_TYPE *single;
267 } value;
268 } X509_ATTRIBUTE;
269
270typedef struct private_key_st
271 {
272 int version;
273 /* The PKCS#8 data types */
274 X509_ALGOR *enc_algor;
275 ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
276
277 /* When decrypted, the following will not be NULL */
278 EVP_PKEY *dec_pkey;
279
280 /* used to encrypt and decrypt */
281 int key_length;
282 char *key_data;
283 int key_free; /* true if we should auto free key_data */
284
285 /* expanded version of 'enc_algor' */
286 EVP_CIPHER_INFO cipher;
287
288 int references;
289 } X509_PKEY;
290
291#ifdef HEADER_ENVELOPE_H
292typedef struct X509_info_st
293 {
294 X509 *x509;
295 X509_CRL *crl;
296 X509_PKEY *x_pkey;
297
298 EVP_CIPHER_INFO enc_cipher;
299 int enc_len;
300 char *enc_data;
301
302 int references;
303 } X509_INFO;
304#endif
305
306/* The next 2 structures and their 8 routines were sent to me by
307 * Pat Richard <patr@x509.com> and are used to manipulate
308 * Netscapes spki strucutres - usefull if you are writing a CA web page
309 */
310typedef struct Netscape_spkac_st
311 {
312 X509_PUBKEY *pubkey;
313 ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
314 } NETSCAPE_SPKAC;
315
316typedef struct Netscape_spki_st
317 {
318 NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
319 X509_ALGOR *sig_algor;
320 ASN1_BIT_STRING *signature;
321 } NETSCAPE_SPKI;
322
323#ifndef HEADER_BN_H
324#define BIGNUM char
325#endif
326
327typedef struct CBCParameter_st
328 {
329 unsigned char iv[8];
330 } CBC_PARAM;
331
332#include "x509_vfy.h"
333#include "pkcs7.h"
334
335#ifdef SSLEAY_MACROS
336#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
337 a->signature,(char *)a->cert_info,r)
338#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
339 a->sig_alg,a->signature,(char *)a->req_info,r)
340#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
341 a->sig_alg, a->signature,(char *)a->crl,r)
342
343#define X509_sign(x,pkey,md) \
344 ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
345 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
346#define X509_REQ_sign(x,pkey,md) \
347 ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
348 x->signature, (char *)x->req_info,pkey,md)
349#define X509_CRL_sign(x,pkey,md) \
350 ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
351 x->signature, (char *)x->crl,pkey,md)
352#define NETSCAPE_SPKI_sign(x,pkey,md) \
353 ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
354 x->signature, (char *)x->spkac,pkey,md)
355
356#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
357 (char *(*)())d2i_X509,(char *)x509)
358#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
359 (int (*)())i2d_X509_EXTENSION, \
360 (char *(*)())d2i_X509_EXTENSION,(char *)ex)
361#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
362 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
363#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
364#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
365 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
366#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
367
368#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
369 (char *(*)())d2i_X509_CRL,(char *)crl)
370#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
371 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
372 (unsigned char **)(crl))
373#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
374 (unsigned char *)crl)
375#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
376 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
377 (unsigned char **)(crl))
378#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
379 (unsigned char *)crl)
380
381#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
382 (char *(*)())d2i_PKCS7,(char *)p7)
383#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
384 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
385 (unsigned char **)(p7))
386#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
387 (unsigned char *)p7)
388#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
389 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
390 (unsigned char **)(p7))
391#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
392 (unsigned char *)p7)
393
394#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
395 (char *(*)())d2i_X509_REQ,(char *)req)
396#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
397 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
398 (unsigned char **)(req))
399#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
400 (unsigned char *)req)
401#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
402 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
403 (unsigned char **)(req))
404#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
405 (unsigned char *)req)
406
407#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
408 (char *(*)())d2i_RSAPublicKey,(char *)rsa)
409#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
410 (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
411
412#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
413 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
414 (unsigned char **)(rsa))
415#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
416 (unsigned char *)rsa)
417#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
418 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
419 (unsigned char **)(rsa))
420#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
421 (unsigned char *)rsa)
422
423#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
424 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
425 (unsigned char **)(rsa))
426#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
427 (unsigned char *)rsa)
428#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
429 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
430 (unsigned char **)(rsa))
431#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
432 (unsigned char *)rsa)
433
434#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
435 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
436 (unsigned char **)(dsa))
437#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
438 (unsigned char *)dsa)
439#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
440 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
441 (unsigned char **)(dsa))
442#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
443 (unsigned char *)dsa)
444
445#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
446 (char *(*)())d2i_X509_NAME,(char *)xn)
447#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
448 (int (*)())i2d_X509_NAME_ENTRY, \
449 (char *(*)())d2i_X509_NAME_ENTRY,\
450 (char *)ne)
451
452#define X509_digest(data,type,md,len) \
453 ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
454#define X509_NAME_digest(data,type,md,len) \
455 ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
456#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
457 ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
458 (char *)data,md,len)
459#endif
460
461#define X509_EXT_PACK_UNKNOWN 1
462#define X509_EXT_PACK_STRING 2
463
464#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
465/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
466#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
467#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
468#define X509_extract_key(x) X509_get_pubkey(x) /*****/
469#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
470#define X509_REQ_get_subject_name(x) ((x)->req_info->subject)
471#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
472#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
473#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
474
475/* This one is only used so that a binary form can output, as in
476 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
477#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
478
479#ifndef NOPROTO
480
481#ifndef SSLEAY_MACROS
482#ifdef HEADER_ENVELOPE_H
483int X509_verify(X509 *a, EVP_PKEY *r);
484char *X509_verify_cert_error_string(long n);
485
486int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
487int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
488int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
489
490int X509_sign(X509 *x, EVP_PKEY *pkey, EVP_MD *md);
491int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, EVP_MD *md);
492int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, EVP_MD *md);
493int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, EVP_MD *md);
494
495int X509_digest(X509 *data,EVP_MD *type,unsigned char *md,unsigned int *len);
496int X509_NAME_digest(X509_NAME *data,EVP_MD *type,
497 unsigned char *md,unsigned int *len);
498#endif
499
500#ifndef NO_FP_API
501X509 *d2i_X509_fp(FILE *fp, X509 *x509);
502int i2d_X509_fp(FILE *fp,X509 *x509);
503X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL *crl);
504int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
505X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ *req);
506int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
507RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
508int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
509DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
510int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
511RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA *rsa);
512int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
513#endif
514
515#ifdef HEADER_BIO_H
516X509 *d2i_X509_bio(BIO *bp,X509 *x509);
517int i2d_X509_bio(BIO *bp,X509 *x509);
518X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL *crl);
519int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
520X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ *req);
521int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
522RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
523int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
524DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
525int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
526RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA *rsa);
527int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
528#endif
529
530X509 *X509_dup(X509 *x509);
531X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
532X509_CRL *X509_CRL_dup(X509_CRL *crl);
533X509_REQ *X509_REQ_dup(X509_REQ *req);
534X509_NAME *X509_NAME_dup(X509_NAME *xn);
535X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
536RSA *RSAPublicKey_dup(RSA *rsa);
537RSA *RSAPrivateKey_dup(RSA *rsa);
538
539#endif /* !SSLEAY_MACROS */
540
541int X509_cmp_current_time(ASN1_UTCTIME *s);
542ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
543
544char * X509_get_default_cert_area(void );
545char * X509_get_default_cert_dir(void );
546char * X509_get_default_cert_file(void );
547char * X509_get_default_cert_dir_env(void );
548char * X509_get_default_cert_file_env(void );
549char * X509_get_default_private_dir(void );
550
551X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md);
552X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
553void ERR_load_X509_strings(void );
554
555X509_ALGOR * X509_ALGOR_new(void );
556void X509_ALGOR_free(X509_ALGOR *a);
557int i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp);
558X509_ALGOR * d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp,
559 long length);
560
561X509_VAL * X509_VAL_new(void );
562void X509_VAL_free(X509_VAL *a);
563int i2d_X509_VAL(X509_VAL *a,unsigned char **pp);
564X509_VAL * d2i_X509_VAL(X509_VAL **a,unsigned char **pp,
565 long length);
566
567X509_PUBKEY * X509_PUBKEY_new(void );
568void X509_PUBKEY_free(X509_PUBKEY *a);
569int i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp);
570X509_PUBKEY * d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp,
571 long length);
572int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
573EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
574int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK *chain);
575
576
577X509_SIG * X509_SIG_new(void );
578void X509_SIG_free(X509_SIG *a);
579int i2d_X509_SIG(X509_SIG *a,unsigned char **pp);
580X509_SIG * d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length);
581
582X509_REQ_INFO *X509_REQ_INFO_new(void);
583void X509_REQ_INFO_free(X509_REQ_INFO *a);
584int i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp);
585X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp,
586 long length);
587
588X509_REQ * X509_REQ_new(void);
589void X509_REQ_free(X509_REQ *a);
590int i2d_X509_REQ(X509_REQ *a,unsigned char **pp);
591X509_REQ * d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length);
592
593X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
594void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
595int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
596X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
597 long length);
598
599X509_EXTENSION *X509_EXTENSION_new(void );
600void X509_EXTENSION_free(X509_EXTENSION *a);
601int i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp);
602X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp,
603 long length);
604
605X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
606void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a);
607int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp);
608X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp,
609 long length);
610
611X509_NAME * X509_NAME_new(void);
612void X509_NAME_free(X509_NAME *a);
613int i2d_X509_NAME(X509_NAME *a,unsigned char **pp);
614X509_NAME * d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length);
615int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
616
617
618X509_CINF * X509_CINF_new(void);
619void X509_CINF_free(X509_CINF *a);
620int i2d_X509_CINF(X509_CINF *a,unsigned char **pp);
621X509_CINF * d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length);
622
623X509 * X509_new(void);
624void X509_free(X509 *a);
625int i2d_X509(X509 *a,unsigned char **pp);
626X509 * d2i_X509(X509 **a,unsigned char **pp,long length);
627
628X509_REVOKED * X509_REVOKED_new(void);
629void X509_REVOKED_free(X509_REVOKED *a);
630int i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp);
631X509_REVOKED * d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length);
632
633X509_CRL_INFO *X509_CRL_INFO_new(void);
634void X509_CRL_INFO_free(X509_CRL_INFO *a);
635int i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp);
636X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp,
637 long length);
638
639X509_CRL * X509_CRL_new(void);
640void X509_CRL_free(X509_CRL *a);
641int i2d_X509_CRL(X509_CRL *a,unsigned char **pp);
642X509_CRL * d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length);
643
644X509_PKEY * X509_PKEY_new(void );
645void X509_PKEY_free(X509_PKEY *a);
646int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
647X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
648
649NETSCAPE_SPKI * NETSCAPE_SPKI_new(void );
650void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a);
651int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp);
652NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp,
653 long length);
654
655NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void );
656void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a);
657int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp);
658NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp,
659 long length);
660
661#ifdef HEADER_ENVELOPE_H
662X509_INFO * X509_INFO_new(void);
663void X509_INFO_free(X509_INFO *a);
664char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
665
666int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
667 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
668
669int ASN1_digest(int (*i2d)(),EVP_MD *type,char *data,
670 unsigned char *md,unsigned int *len);
671
672int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
673 ASN1_BIT_STRING *signature,
674 char *data,EVP_PKEY *pkey, EVP_MD *type);
675#endif
676
677int X509_set_version(X509 *x,long version);
678int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
679ASN1_INTEGER * X509_get_serialNumber(X509 *x);
680int X509_set_issuer_name(X509 *x, X509_NAME *name);
681X509_NAME * X509_get_issuer_name(X509 *a);
682int X509_set_subject_name(X509 *x, X509_NAME *name);
683X509_NAME * X509_get_subject_name(X509 *a);
684int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
685int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
686int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
687EVP_PKEY * X509_get_pubkey(X509 *x);
688int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
689
690int X509_REQ_set_version(X509_REQ *x,long version);
691int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
692int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
693EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
694
695int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
696
697int X509_issuer_and_serial_cmp(X509 *a, X509 *b);
698unsigned long X509_issuer_and_serial_hash(X509 *a);
699
700int X509_issuer_name_cmp(X509 *a, X509 *b);
701unsigned long X509_issuer_name_hash(X509 *a);
702
703int X509_subject_name_cmp(X509 *a,X509 *b);
704unsigned long X509_subject_name_hash(X509 *x);
705
706int X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
707unsigned long X509_NAME_hash(X509_NAME *x);
708
709int X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
710#ifndef NO_FP_API
711int X509_print_fp(FILE *bp,X509 *x);
712int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
713#endif
714
715#ifdef HEADER_BIO_H
716int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
717int X509_print(BIO *bp,X509 *x);
718int X509_REQ_print(BIO *bp,X509_REQ *req);
719#endif
720
721int X509_NAME_entry_count(X509_NAME *name);
722int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
723 char *buf,int len);
724int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
725 char *buf,int len);
726
727/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
728 * lastpos, seach after that position on. */
729int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
730int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
731 int lastpos);
732X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
733X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
734int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
735 int loc, int set);
736X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
737 int type,unsigned char *bytes, int len);
738X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
739 ASN1_OBJECT *obj, int type,unsigned char *bytes,
740 int len);
741int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
742 ASN1_OBJECT *obj);
743int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
744 unsigned char *bytes, int len);
745ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
746ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
747
748int X509v3_get_ext_count(STACK *x);
749int X509v3_get_ext_by_NID(STACK *x, int nid, int lastpos);
750int X509v3_get_ext_by_OBJ(STACK *x,ASN1_OBJECT *obj,int lastpos);
751int X509v3_get_ext_by_critical(STACK *x, int crit, int lastpos);
752X509_EXTENSION *X509v3_get_ext(STACK *x, int loc);
753X509_EXTENSION *X509v3_delete_ext(STACK *x, int loc);
754STACK * X509v3_add_ext(STACK **x, X509_EXTENSION *ex, int loc);
755
756int X509v3_data_type_by_OBJ(ASN1_OBJECT *obj);
757int X509v3_data_type_by_NID(int nid);
758int X509v3_pack_type_by_OBJ(ASN1_OBJECT *obj);
759int X509v3_pack_type_by_NID(int nid);
760
761int X509_get_ext_count(X509 *x);
762int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
763int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
764int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
765X509_EXTENSION *X509_get_ext(X509 *x, int loc);
766X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
767int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
768
769int X509_CRL_get_ext_count(X509_CRL *x);
770int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
771int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
772int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
773X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
774X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
775int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
776
777int X509_REVOKED_get_ext_count(X509_REVOKED *x);
778int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
779int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
780int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
781X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
782X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
783int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
784
785X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
786 int nid, int crit, ASN1_OCTET_STRING *data);
787X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
788 ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
789int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
790int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
791int X509_EXTENSION_set_data(X509_EXTENSION *ex,
792 ASN1_OCTET_STRING *data);
793ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
794ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
795int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
796ASN1_OCTET_STRING *X509v3_pack_string(ASN1_OCTET_STRING **ex,int type,
797 unsigned char *bytes, int len);
798ASN1_STRING * X509v3_unpack_string(ASN1_STRING **ex,int type,
799 ASN1_OCTET_STRING *os);
800
801int X509_verify_cert(X509_STORE_CTX *ctx);
802
803/* lookup a cert from a X509 STACK */
804X509 *X509_find_by_issuer_and_serial(STACK *sk,X509_NAME *name,
805 ASN1_INTEGER *serial);
806X509 *X509_find_by_subject(STACK *sk,X509_NAME *name);
807
808#else
809
810#ifndef SSLEAY_MACROS
811#ifdef HEADER_ENVELOPE_H
812int X509_verify();
813int X509_REQ_verify();
814int X509_CRL_verify();
815int NETSCAPE_SPKI_verify();
816
817int X509_sign();
818int X509_REQ_sign();
819int X509_CRL_sign();
820int NETSCAPE_SPKI_sign();
821
822int X509_digest();
823int X509_NAME_digest();
824#endif
825
826#ifndef NO_FP_API
827X509 *d2i_X509_fp();
828int i2d_X509_fp();
829X509_CRL *d2i_X509_CRL_fp();
830int i2d_X509_CRL_fp();
831X509_REQ *d2i_X509_REQ_fp();
832int i2d_X509_REQ_fp();
833RSA *d2i_RSAPrivateKey_fp();
834int i2d_RSAPrivateKey_fp();
835DSA *d2i_DSAPrivateKey_fp();
836int i2d_DSAPrivateKey_fp();
837RSA *d2i_RSAPublicKey_fp();
838int i2d_RSAPublicKey_fp();
839#endif
840
841X509 *d2i_X509_bio();
842int i2d_X509_bio();
843X509_CRL *d2i_X509_CRL_bio();
844int i2d_X509_CRL_bio();
845X509_REQ *d2i_X509_REQ_bio();
846int i2d_X509_REQ_bio();
847RSA *d2i_RSAPrivateKey_bio();
848int i2d_RSAPrivateKey_bio();
849DSA *d2i_DSAPrivateKey_bio();
850int i2d_DSAPrivateKey_bio();
851RSA *d2i_RSAPublicKey_bio();
852int i2d_RSAPublicKey_bio();
853
854X509 *X509_dup();
855X509_EXTENSION *X509_EXTENSION_dup();
856X509_CRL *X509_CRL_dup();
857X509_REQ *X509_REQ_dup();
858X509_NAME *X509_NAME_dup();
859X509_NAME_ENTRY *X509_NAME_ENTRY_dup();
860RSA *RSAPublicKey_dup();
861RSA *RSAPrivateKey_dup();
862
863#endif /* !SSLEAY_MACROS */
864
865int X509_cmp_current_time();
866ASN1_UTCTIME * X509_gmtime_adj();
867
868char * X509_get_default_cert_area();
869char * X509_get_default_cert_dir();
870char * X509_get_default_cert_file();
871char * X509_get_default_cert_dir_env();
872char * X509_get_default_cert_file_env();
873char * X509_get_default_private_dir();
874
875X509_REQ * X509_to_X509_REQ();
876X509 * X509_REQ_to_X509();
877void ERR_load_X509_strings();
878
879X509_ALGOR * X509_ALGOR_new();
880void X509_ALGOR_free();
881int i2d_X509_ALGOR();
882X509_ALGOR * d2i_X509_ALGOR();
883
884X509_VAL * X509_VAL_new();
885void X509_VAL_free();
886int i2d_X509_VAL();
887X509_VAL * d2i_X509_VAL();
888
889X509_PUBKEY * X509_PUBKEY_new();
890void X509_PUBKEY_free();
891int i2d_X509_PUBKEY();
892X509_PUBKEY * d2i_X509_PUBKEY();
893int X509_PUBKEY_set();
894EVP_PKEY * X509_PUBKEY_get();
895int X509_get_pubkey_parameters();
896
897X509_SIG * X509_SIG_new();
898void X509_SIG_free();
899int i2d_X509_SIG();
900X509_SIG * d2i_X509_SIG();
901
902X509_REQ_INFO *X509_REQ_INFO_new();
903void X509_REQ_INFO_free();
904int i2d_X509_REQ_INFO();
905X509_REQ_INFO *d2i_X509_REQ_INFO();
906
907X509_REQ * X509_REQ_new();
908void X509_REQ_free();
909int i2d_X509_REQ();
910X509_REQ * d2i_X509_REQ();
911
912X509_ATTRIBUTE *X509_ATTRIBUTE_new();
913void X509_ATTRIBUTE_free();
914int i2d_X509_ATTRIBUTE();
915X509_ATTRIBUTE *d2i_X509_ATTRIBUTE();
916
917X509_EXTENSION *X509_EXTENSION_new();
918void X509_EXTENSION_free();
919int i2d_X509_EXTENSION();
920X509_EXTENSION *d2i_X509_EXTENSION();
921
922X509_NAME_ENTRY *X509_NAME_ENTRY_new();
923void X509_NAME_ENTRY_free();
924int i2d_X509_NAME_ENTRY();
925X509_NAME_ENTRY *d2i_X509_NAME_ENTRY();
926
927X509_NAME * X509_NAME_new();
928void X509_NAME_free();
929int i2d_X509_NAME();
930X509_NAME * d2i_X509_NAME();
931int X509_NAME_set();
932
933
934X509_CINF * X509_CINF_new();
935void X509_CINF_free();
936int i2d_X509_CINF();
937X509_CINF * d2i_X509_CINF();
938
939X509 * X509_new();
940void X509_free();
941int i2d_X509();
942X509 * d2i_X509();
943
944X509_REVOKED * X509_REVOKED_new();
945void X509_REVOKED_free();
946int i2d_X509_REVOKED();
947X509_REVOKED * d2i_X509_REVOKED();
948
949X509_CRL_INFO *X509_CRL_INFO_new();
950void X509_CRL_INFO_free();
951int i2d_X509_CRL_INFO();
952X509_CRL_INFO *d2i_X509_CRL_INFO();
953
954X509_CRL * X509_CRL_new();
955void X509_CRL_free();
956int i2d_X509_CRL();
957X509_CRL * d2i_X509_CRL();
958
959X509_PKEY * X509_PKEY_new();
960void X509_PKEY_free();
961int i2d_X509_PKEY();
962X509_PKEY * d2i_X509_PKEY();
963
964NETSCAPE_SPKI * NETSCAPE_SPKI_new();
965void NETSCAPE_SPKI_free();
966int i2d_NETSCAPE_SPKI();
967NETSCAPE_SPKI * d2i_NETSCAPE_SPKI();
968
969NETSCAPE_SPKAC *NETSCAPE_SPKAC_new();
970void NETSCAPE_SPKAC_free();
971int i2d_NETSCAPE_SPKAC();
972NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC();
973
974#ifdef HEADER_ENVELOPE_H
975X509_INFO * X509_INFO_new();
976void X509_INFO_free();
977#endif
978
979char * X509_NAME_oneline();
980
981int ASN1_verify();
982int ASN1_digest();
983int ASN1_sign();
984
985int X509_set_version();
986int X509_set_serialNumber();
987ASN1_INTEGER * X509_get_serialNumber();
988int X509_set_issuer_name();
989X509_NAME * X509_get_issuer_name();
990int X509_set_subject_name();
991X509_NAME * X509_get_subject_name();
992int X509_set_notBefore();
993int X509_set_notAfter();
994int X509_set_pubkey();
995EVP_PKEY * X509_get_pubkey();
996int X509_certificate_type();
997
998int X509_REQ_set_version();
999int X509_REQ_set_subject_name();
1000int X509_REQ_set_pubkey();
1001EVP_PKEY * X509_REQ_get_pubkey();
1002
1003int X509_check_private_key();
1004
1005int X509_issuer_and_serial_cmp();
1006unsigned long X509_issuer_and_serial_hash();
1007
1008int X509_issuer_name_cmp();
1009unsigned long X509_issuer_name_hash();
1010
1011int X509_subject_name_cmp();
1012unsigned long X509_subject_name_hash();
1013
1014int X509_NAME_cmp ();
1015unsigned long X509_NAME_hash();
1016
1017int X509_CRL_cmp();
1018#ifndef NO_FP_API
1019int X509_print_fp();
1020int X509_REQ_print_fp();
1021#endif
1022
1023int X509_NAME_print();
1024int X509_print();
1025int X509_REQ_print();
1026
1027int X509_NAME_entry_count();
1028int X509_NAME_get_text_by_NID();
1029int X509_NAME_get_text_by_OBJ();
1030
1031int X509_NAME_get_index_by_NID();
1032int X509_NAME_get_index_by_OBJ();
1033X509_NAME_ENTRY *X509_NAME_get_entry();
1034X509_NAME_ENTRY *X509_NAME_delete_entry();
1035int X509_NAME_add_entry();
1036X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID();
1037X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ();
1038int X509_NAME_ENTRY_set_object();
1039int X509_NAME_ENTRY_set_data();
1040ASN1_OBJECT * X509_NAME_ENTRY_get_object();
1041ASN1_STRING * X509_NAME_ENTRY_get_data();
1042
1043int X509v3_get_ext_count();
1044int X509v3_get_ext_by_NID();
1045int X509v3_get_ext_by_OBJ();
1046int X509v3_get_ext_by_critical();
1047X509_EXTENSION *X509v3_get_ext();
1048X509_EXTENSION *X509v3_delete_ext();
1049STACK * X509v3_add_ext();
1050
1051int X509v3_data_type_by_OBJ();
1052int X509v3_data_type_by_NID();
1053int X509v3_pack_type_by_OBJ();
1054int X509v3_pack_type_by_NID();
1055
1056int X509_get_ext_count();
1057int X509_get_ext_by_NID();
1058int X509_get_ext_by_OBJ();
1059int X509_get_ext_by_critical();
1060X509_EXTENSION *X509_get_ext();
1061X509_EXTENSION *X509_delete_ext();
1062int X509_add_ext();
1063
1064int X509_CRL_get_ext_count();
1065int X509_CRL_get_ext_by_NID();
1066int X509_CRL_get_ext_by_OBJ();
1067int X509_CRL_get_ext_by_critical();
1068X509_EXTENSION *X509_CRL_get_ext();
1069X509_EXTENSION *X509_CRL_delete_ext();
1070int X509_CRL_add_ext();
1071
1072int X509_REVOKED_get_ext_count();
1073int X509_REVOKED_get_ext_by_NID();
1074int X509_REVOKED_get_ext_by_OBJ();
1075int X509_REVOKED_get_ext_by_critical();
1076X509_EXTENSION *X509_REVOKED_get_ext();
1077X509_EXTENSION *X509_REVOKED_delete_ext();
1078int X509_REVOKED_add_ext();
1079
1080X509_EXTENSION *X509_EXTENSION_create_by_NID();
1081X509_EXTENSION *X509_EXTENSION_create_by_OBJ();
1082int X509_EXTENSION_set_object();
1083int X509_EXTENSION_set_critical();
1084int X509_EXTENSION_set_data();
1085ASN1_OBJECT * X509_EXTENSION_get_object();
1086ASN1_OCTET_STRING *X509_EXTENSION_get_data();
1087int X509_EXTENSION_get_critical();
1088ASN1_OCTET_STRING *X509v3_pack_string();
1089ASN1_STRING * X509v3_unpack_string();
1090
1091int X509_verify_cert();
1092char * X509_verify_cert_error_string();
1093
1094/* lookup a cert from a X509 STACK */
1095X509 *X509_find_by_issuer_and_serial();
1096X509 *X509_find_by_subject();
1097
1098#endif
1099
1100/* BEGIN ERROR CODES */
1101/* Error codes for the X509 functions. */
1102
1103/* Function codes. */
1104#define X509_F_ADD_CERT_DIR 100
1105#define X509_F_BY_FILE_CTRL 101
1106#define X509_F_DIR_CTRL 102
1107#define X509_F_GET_CERT_BY_SUBJECT 103
1108#define X509_F_X509V3_ADD_EXT 104
1109#define X509_F_X509V3_ADD_EXTENSION 105
1110#define X509_F_X509V3_PACK_STRING 106
1111#define X509_F_X509V3_UNPACK_STRING 107
1112#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
1113#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
1114#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
1115#define X509_F_X509_LOAD_CERT_FILE 111
1116#define X509_F_X509_LOAD_CRL_FILE 112
1117#define X509_F_X509_NAME_ADD_ENTRY 113
1118#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
1119#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
1120#define X509_F_X509_NAME_ONELINE 116
1121#define X509_F_X509_NAME_PRINT 117
1122#define X509_F_X509_PRINT_FP 118
1123#define X509_F_X509_PUBKEY_GET 119
1124#define X509_F_X509_PUBKEY_SET 120
1125#define X509_F_X509_REQ_PRINT 121
1126#define X509_F_X509_REQ_PRINT_FP 122
1127#define X509_F_X509_REQ_TO_X509 123
1128#define X509_F_X509_STORE_ADD_CERT 124
1129#define X509_F_X509_STORE_ADD_CRL 125
1130#define X509_F_X509_TO_X509_REQ 126
1131#define X509_F_X509_VERIFY_CERT 127
1132
1133/* Reason codes. */
1134#define X509_R_BAD_X509_FILETYPE 100
1135#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
1136#define X509_R_ERR_ASN1_LIB 102
1137#define X509_R_LOADING_CERT_DIR 103
1138#define X509_R_LOADING_DEFAULTS 104
1139#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
1140#define X509_R_SHOULD_RETRY 106
1141#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
1142#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
1143#define X509_R_UNKNOWN_NID 109
1144#define X509_R_UNKNOWN_STRING_TYPE 110
1145#define X509_R_UNSUPPORTED_ALGORITHM 111
1146#define X509_R_WRONG_LOOKUP_TYPE 112
1147
1148#ifdef __cplusplus
1149}
1150#endif
1151#endif
1152
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
new file mode 100644
index 0000000000..f9d9510ac5
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -0,0 +1,257 @@
1/* crypto/x509/x509_cmp.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h"
63#include "asn1.h"
64#include "objects.h"
65#include "x509.h"
66
67int X509_issuer_and_serial_cmp(a,b)
68X509 *a;
69X509 *b;
70 {
71 int i;
72 X509_CINF *ai,*bi;
73
74 ai=a->cert_info;
75 bi=b->cert_info;
76 i=ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
77 if (i) return(i);
78 return(X509_NAME_cmp(ai->issuer,bi->issuer));
79 }
80
81#ifndef NO_MD5
82unsigned long X509_issuer_and_serial_hash(a)
83X509 *a;
84 {
85 unsigned long ret=0;
86 MD5_CTX ctx;
87 unsigned char md[16];
88 char str[256];
89
90 X509_NAME_oneline(a->cert_info->issuer,str,256);
91 ret=strlen(str);
92 MD5_Init(&ctx);
93 MD5_Update(&ctx,(unsigned char *)str,ret);
94 MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
95 (unsigned long)a->cert_info->serialNumber->length);
96 MD5_Final(&(md[0]),&ctx);
97 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
98 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
99 )&0xffffffffL;
100 return(ret);
101 }
102#endif
103
104int X509_issuer_name_cmp(a, b)
105X509 *a;
106X509 *b;
107 {
108 return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
109 }
110
111int X509_subject_name_cmp(a, b)
112X509 *a;
113X509 *b;
114 {
115 return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
116 }
117
118int X509_CRL_cmp(a, b)
119X509_CRL *a;
120X509_CRL *b;
121 {
122 return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
123 }
124
125X509_NAME *X509_get_issuer_name(a)
126X509 *a;
127 {
128 return(a->cert_info->issuer);
129 }
130
131unsigned long X509_issuer_name_hash(x)
132X509 *x;
133 {
134 return(X509_NAME_hash(x->cert_info->issuer));
135 }
136
137X509_NAME *X509_get_subject_name(a)
138X509 *a;
139 {
140 return(a->cert_info->subject);
141 }
142
143ASN1_INTEGER *X509_get_serialNumber(a)
144X509 *a;
145 {
146 return(a->cert_info->serialNumber);
147 }
148
149unsigned long X509_subject_name_hash(x)
150X509 *x;
151 {
152 return(X509_NAME_hash(x->cert_info->subject));
153 }
154
155int X509_NAME_cmp(a, b)
156X509_NAME *a;
157X509_NAME *b;
158 {
159 int i,j;
160 X509_NAME_ENTRY *na,*nb;
161
162 if (sk_num(a->entries) != sk_num(b->entries))
163 return(sk_num(a->entries)-sk_num(b->entries));
164 for (i=sk_num(a->entries)-1; i>=0; i--)
165 {
166 na=(X509_NAME_ENTRY *)sk_value(a->entries,i);
167 nb=(X509_NAME_ENTRY *)sk_value(b->entries,i);
168 j=na->value->length-nb->value->length;
169 if (j) return(j);
170 j=memcmp(na->value->data,nb->value->data,
171 na->value->length);
172 if (j) return(j);
173 j=na->set-nb->set;
174 if (j) return(j);
175 }
176
177 /* We will check the object types after checking the values
178 * since the values will more often be different than the object
179 * types. */
180 for (i=sk_num(a->entries)-1; i>=0; i--)
181 {
182 na=(X509_NAME_ENTRY *)sk_value(a->entries,i);
183 nb=(X509_NAME_ENTRY *)sk_value(b->entries,i);
184 j=OBJ_cmp(na->object,nb->object);
185 if (j) return(j);
186 }
187 return(0);
188 }
189
190#ifndef NO_MD5
191/* I now DER encode the name and hash it. Since I cache the DER encoding,
192 * this is reasonably effiecent. */
193unsigned long X509_NAME_hash(x)
194X509_NAME *x;
195 {
196 unsigned long ret=0;
197 unsigned char md[16];
198 unsigned char str[256],*p,*pp;
199 int i;
200
201 i=i2d_X509_NAME(x,NULL);
202 if (i > sizeof(str))
203 p=Malloc(i);
204 else
205 p=str;
206
207 pp=p;
208 i2d_X509_NAME(x,&pp);
209 MD5((unsigned char *)p,i,&(md[0]));
210 if (p != str) Free(p);
211
212 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
213 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
214 )&0xffffffffL;
215 return(ret);
216 }
217#endif
218
219/* Search a stack of X509 for a match */
220X509 *X509_find_by_issuer_and_serial(sk,name,serial)
221STACK *sk;
222X509_NAME *name;
223ASN1_INTEGER *serial;
224 {
225 int i;
226 X509_CINF cinf;
227 X509 x,*x509=NULL;
228
229 x.cert_info= &cinf;
230 cinf.serialNumber=serial;
231 cinf.issuer=name;
232
233 for (i=0; i<sk_num(sk); i++)
234 {
235 x509=(X509 *)sk_value(sk,i);
236 if (X509_issuer_and_serial_cmp(x509,&x) == 0)
237 return(x509);
238 }
239 return(NULL);
240 }
241
242X509 *X509_find_by_subject(sk,name)
243STACK *sk;
244X509_NAME *name;
245 {
246 X509 *x509;
247 int i;
248
249 for (i=0; i<sk_num(sk); i++)
250 {
251 x509=(X509 *)sk_value(sk,i);
252 if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
253 return(x509);
254 }
255 return(NULL);
256 }
257
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
new file mode 100644
index 0000000000..01e22f4cb4
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_d2.c
@@ -0,0 +1,110 @@
1/* crypto/x509/x509_d2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h"
63#include "crypto.h"
64#include "x509.h"
65
66#ifndef NO_STDIO
67int X509_STORE_set_default_paths(ctx)
68X509_STORE *ctx;
69 {
70 X509_LOOKUP *lookup;
71
72 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
73 if (lookup == NULL) return(0);
74 X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
75
76 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
77 if (lookup == NULL) return(0);
78 X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
79
80 /* clear any errors */
81 ERR_clear_error();
82
83 return(1);
84 }
85
86int X509_STORE_load_locations(ctx,file,path)
87X509_STORE *ctx;
88char *file;
89char *path;
90 {
91 X509_LOOKUP *lookup;
92
93 if (file != NULL)
94 {
95 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
96 if (lookup == NULL) return(0);
97 X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM);
98 }
99 if (path != NULL)
100 {
101 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
102 if (lookup == NULL) return(0);
103 X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM);
104 }
105 if ((path == NULL) && (file == NULL))
106 return(0);
107 return(1);
108 }
109
110#endif
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
new file mode 100644
index 0000000000..d9ab39b15a
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_def.c
@@ -0,0 +1,83 @@
1/* crypto/x509/x509_def.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <sys/types.h>
61#include <sys/stat.h>
62#include "cryptlib.h"
63#include "crypto.h"
64#include "x509.h"
65
66char *X509_get_default_private_dir()
67 { return(X509_PRIVATE_DIR); }
68
69char *X509_get_default_cert_area()
70 { return(X509_CERT_AREA); }
71
72char *X509_get_default_cert_dir()
73 { return(X509_CERT_DIR); }
74
75char *X509_get_default_cert_file()
76 { return(X509_CERT_FILE); }
77
78char *X509_get_default_cert_dir_env()
79 { return(X509_CERT_DIR_EVP); }
80
81char *X509_get_default_cert_file_env()
82 { return(X509_CERT_FILE_EVP); }
83
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
new file mode 100644
index 0000000000..9304721612
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -0,0 +1,130 @@
1/* lib/x509/x509_err.c */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58#include <stdio.h>
59#include "err.h"
60#include "x509.h"
61
62/* BEGIN ERROR CODES */
63#ifndef NO_ERR
64static ERR_STRING_DATA X509_str_functs[]=
65 {
66{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"},
67{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"},
68{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"},
69{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"},
70{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"},
71{ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0), "X509V3_ADD_EXTENSION"},
72{ERR_PACK(0,X509_F_X509V3_PACK_STRING,0), "X509v3_pack_string"},
73{ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0), "X509v3_unpack_string"},
74{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
75{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
76{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
77{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_LOAD_CERT_FILE"},
78{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_LOAD_CRL_FILE"},
79{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"},
80{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"},
81{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"},
82{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"},
83{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"},
84{ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"},
85{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"},
86{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"},
87{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"},
88{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"},
89{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
90{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_ADD_CERT"},
91{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_ADD_CRL"},
92{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
93{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
94{0,NULL},
95 };
96
97static ERR_STRING_DATA X509_str_reasons[]=
98 {
99{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
100{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
101{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
102{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
103{X509_R_LOADING_DEFAULTS ,"loading defaults"},
104{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"},
105{X509_R_SHOULD_RETRY ,"should retry"},
106{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
107{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
108{X509_R_UNKNOWN_NID ,"unknown nid"},
109{X509_R_UNKNOWN_STRING_TYPE ,"unknown string type"},
110{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},
111{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"},
112{0,NULL},
113 };
114
115#endif
116
117void ERR_load_X509_strings()
118 {
119 static int init=1;
120
121 if (init);
122 {;
123 init=0;
124#ifndef NO_ERR
125 ERR_load_strings(ERR_LIB_X509,X509_str_functs);
126 ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
127#endif
128
129 }
130 }
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
new file mode 100644
index 0000000000..1d76ecfcfd
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_ext.c
@@ -0,0 +1,222 @@
1/* crypto/x509/x509_ext.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "stack.h"
61#include "cryptlib.h"
62#include "asn1.h"
63#include "objects.h"
64#include "evp.h"
65#include "x509.h"
66
67int X509_CRL_get_ext_count(x)
68X509_CRL *x;
69 {
70 return(X509v3_get_ext_count(x->crl->extensions));
71 }
72
73int X509_CRL_get_ext_by_NID(x,nid,lastpos)
74X509_CRL *x;
75int nid;
76int lastpos;
77 {
78 return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
79 }
80
81int X509_CRL_get_ext_by_OBJ(x,obj,lastpos)
82X509_CRL *x;
83ASN1_OBJECT *obj;
84int lastpos;
85 {
86 return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
87 }
88
89int X509_CRL_get_ext_by_critical(x,crit,lastpos)
90X509_CRL *x;
91int crit;
92int lastpos;
93 {
94 return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
95 }
96
97X509_EXTENSION *X509_CRL_get_ext(x,loc)
98X509_CRL *x;
99int loc;
100 {
101 return(X509v3_get_ext(x->crl->extensions,loc));
102 }
103
104X509_EXTENSION *X509_CRL_delete_ext(x,loc)
105X509_CRL *x;
106int loc;
107 {
108 return(X509v3_delete_ext(x->crl->extensions,loc));
109 }
110
111int X509_CRL_add_ext(x,ex,loc)
112X509_CRL *x;
113X509_EXTENSION *ex;
114int loc;
115 {
116 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
117 }
118
119int X509_get_ext_count(x)
120X509 *x;
121 {
122 return(X509v3_get_ext_count(x->cert_info->extensions));
123 }
124
125int X509_get_ext_by_NID(x,nid,lastpos)
126X509 *x;
127int nid;
128int lastpos;
129 {
130 return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
131 }
132
133int X509_get_ext_by_OBJ(x,obj,lastpos)
134X509 *x;
135ASN1_OBJECT *obj;
136int lastpos;
137 {
138 return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
139 }
140
141int X509_get_ext_by_critical(x,crit,lastpos)
142X509 *x;
143int crit;
144int lastpos;
145 {
146 return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
147 }
148
149X509_EXTENSION *X509_get_ext(x,loc)
150X509 *x;
151int loc;
152 {
153 return(X509v3_get_ext(x->cert_info->extensions,loc));
154 }
155
156X509_EXTENSION *X509_delete_ext(x,loc)
157X509 *x;
158int loc;
159 {
160 return(X509v3_delete_ext(x->cert_info->extensions,loc));
161 }
162
163int X509_add_ext(x,ex,loc)
164X509 *x;
165X509_EXTENSION *ex;
166int loc;
167 {
168 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
169 }
170
171int X509_REVOKED_get_ext_count(x)
172X509_REVOKED *x;
173 {
174 return(X509v3_get_ext_count(x->extensions));
175 }
176
177int X509_REVOKED_get_ext_by_NID(x,nid,lastpos)
178X509_REVOKED *x;
179int nid;
180int lastpos;
181 {
182 return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
183 }
184
185int X509_REVOKED_get_ext_by_OBJ(x,obj,lastpos)
186X509_REVOKED *x;
187ASN1_OBJECT *obj;
188int lastpos;
189 {
190 return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
191 }
192
193int X509_REVOKED_get_ext_by_critical(x,crit,lastpos)
194X509_REVOKED *x;
195int crit;
196int lastpos;
197 {
198 return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
199 }
200
201X509_EXTENSION *X509_REVOKED_get_ext(x,loc)
202X509_REVOKED *x;
203int loc;
204 {
205 return(X509v3_get_ext(x->extensions,loc));
206 }
207
208X509_EXTENSION *X509_REVOKED_delete_ext(x,loc)
209X509_REVOKED *x;
210int loc;
211 {
212 return(X509v3_delete_ext(x->extensions,loc));
213 }
214
215int X509_REVOKED_add_ext(x,ex,loc)
216X509_REVOKED *x;
217X509_EXTENSION *ex;
218int loc;
219 {
220 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
221 }
222
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
new file mode 100644
index 0000000000..2c7e10a46e
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -0,0 +1,446 @@
1/* crypto/x509/x509_lu.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "lhash.h"
62#include "x509.h"
63
64static STACK *x509_store_meth=NULL;
65static STACK *x509_store_ctx_meth=NULL;
66
67X509_LOOKUP *X509_LOOKUP_new(method)
68X509_LOOKUP_METHOD *method;
69 {
70 X509_LOOKUP *ret;
71
72 ret=(X509_LOOKUP *)Malloc(sizeof(X509_LOOKUP));
73 if (ret == NULL) return(NULL);
74
75 ret->init=0;
76 ret->skip=0;
77 ret->method=method;
78 ret->method_data=NULL;
79 ret->store_ctx=NULL;
80 if ((method->new_item != NULL) && !method->new_item(ret))
81 {
82 Free(ret);
83 return(NULL);
84 }
85 return(ret);
86 }
87
88void X509_LOOKUP_free(ctx)
89X509_LOOKUP *ctx;
90 {
91 if (ctx == NULL) return;
92 if ( (ctx->method != NULL) &&
93 (ctx->method->free != NULL))
94 ctx->method->free(ctx);
95 Free(ctx);
96 }
97
98int X509_LOOKUP_init(ctx)
99X509_LOOKUP *ctx;
100 {
101 if (ctx->method == NULL) return(0);
102 if (ctx->method->init != NULL)
103 return(ctx->method->init(ctx));
104 else
105 return(1);
106 }
107
108int X509_LOOKUP_shutdown(ctx)
109X509_LOOKUP *ctx;
110 {
111 if (ctx->method == NULL) return(0);
112 if (ctx->method->init != NULL)
113 return(ctx->method->shutdown(ctx));
114 else
115 return(1);
116 }
117
118int X509_LOOKUP_ctrl(ctx,cmd,argc,argl,ret)
119X509_LOOKUP *ctx;
120int cmd;
121char *argc;
122long argl;
123char **ret;
124 {
125 if (ctx->method == NULL) return(-1);
126 if (ctx->method->ctrl != NULL)
127 return(ctx->method->ctrl(ctx,cmd,argc,argl,ret));
128 else
129 return(1);
130 }
131
132int X509_LOOKUP_by_subject(ctx,type,name,ret)
133X509_LOOKUP *ctx;
134int type;
135X509_NAME *name;
136X509_OBJECT *ret;
137 {
138 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
139 return(X509_LU_FAIL);
140 if (ctx->skip) return(0);
141 return(ctx->method->get_by_subject(ctx,type,name,ret));
142 }
143
144int X509_LOOKUP_by_issuer_serial(ctx,type,name,serial,ret)
145X509_LOOKUP *ctx;
146int type;
147X509_NAME *name;
148ASN1_INTEGER *serial;
149X509_OBJECT *ret;
150 {
151 if ((ctx->method == NULL) ||
152 (ctx->method->get_by_issuer_serial == NULL))
153 return(X509_LU_FAIL);
154 return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret));
155 }
156
157int X509_LOOKUP_by_fingerprint(ctx,type,bytes,len,ret)
158X509_LOOKUP *ctx;
159int type;
160unsigned char *bytes;
161int len;
162X509_OBJECT *ret;
163 {
164 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
165 return(X509_LU_FAIL);
166 return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret));
167 }
168
169int X509_LOOKUP_by_alias(ctx,type,str,len,ret)
170X509_LOOKUP *ctx;
171int type;
172char *str;
173int len;
174X509_OBJECT *ret;
175 {
176 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
177 return(X509_LU_FAIL);
178 return(ctx->method->get_by_alias(ctx,str,len,ret));
179 }
180
181static unsigned long x509_object_hash(a)
182X509_OBJECT *a;
183 {
184 unsigned long h;
185
186 switch (a->type)
187 {
188 case X509_LU_X509:
189 h=X509_NAME_hash(a->data.x509->cert_info->subject);
190 break;
191 case X509_LU_CRL:
192 h=X509_NAME_hash(a->data.crl->crl->issuer);
193 break;
194 default:
195 abort();
196 }
197 return(h);
198 }
199
200static int x509_object_cmp(a,b)
201X509_OBJECT *a,*b;
202 {
203 int ret;
204
205 ret=(a->type - b->type);
206 if (ret) return(ret);
207 switch (a->type)
208 {
209 case X509_LU_X509:
210 ret=X509_subject_name_cmp(a->data.x509,b->data.x509);
211 break;
212 case X509_LU_CRL:
213 ret=X509_CRL_cmp(a->data.crl,b->data.crl);
214 break;
215 default:
216 abort();
217 }
218 return(ret);
219 }
220
221X509_STORE *X509_STORE_new()
222 {
223 X509_STORE *ret;
224
225 if ((ret=(X509_STORE *)Malloc(sizeof(X509_STORE))) == NULL)
226 return(NULL);
227 ret->certs=lh_new(x509_object_hash,x509_object_cmp);
228 ret->cache=1;
229 ret->get_cert_methods=sk_new_null();
230 ret->verify=NULL;
231 ret->verify_cb=NULL;
232 memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
233 ret->references=1;
234 return(ret);
235 }
236
237static void cleanup(a)
238X509_OBJECT *a;
239 {
240 if (a->type == X509_LU_X509)
241 {
242 X509_free(a->data.x509);
243 }
244 else if (a->type == X509_LU_CRL)
245 {
246 X509_CRL_free(a->data.crl);
247 }
248 else
249 abort();
250
251 Free(a);
252 }
253
254void X509_STORE_free(vfy)
255X509_STORE *vfy;
256 {
257 int i;
258 STACK *sk;
259 X509_LOOKUP *lu;
260
261 sk=vfy->get_cert_methods;
262 for (i=0; i<sk_num(sk); i++)
263 {
264 lu=(X509_LOOKUP *)sk_value(sk,i);
265 X509_LOOKUP_shutdown(lu);
266 X509_LOOKUP_free(lu);
267 }
268 sk_free(sk);
269
270 CRYPTO_free_ex_data(x509_store_meth,(char *)vfy,&vfy->ex_data);
271 lh_doall(vfy->certs,cleanup);
272 lh_free(vfy->certs);
273 Free(vfy);
274 }
275
276X509_LOOKUP *X509_STORE_add_lookup(v,m)
277X509_STORE *v;
278X509_LOOKUP_METHOD *m;
279 {
280 int i;
281 STACK *sk;
282 X509_LOOKUP *lu;
283
284 sk=v->get_cert_methods;
285 for (i=0; i<sk_num(sk); i++)
286 {
287 lu=(X509_LOOKUP *)sk_value(sk,i);
288 if (m == lu->method)
289 {
290 return(lu);
291 }
292 }
293 /* a new one */
294 lu=X509_LOOKUP_new(m);
295 if (lu == NULL)
296 return(NULL);
297 else
298 {
299 lu->store_ctx=v;
300 if (sk_push(v->get_cert_methods,(char *)lu))
301 return(lu);
302 else
303 {
304 X509_LOOKUP_free(lu);
305 return(NULL);
306 }
307 }
308 }
309
310int X509_STORE_get_by_subject(vs,type,name,ret)
311X509_STORE_CTX *vs;
312int type;
313X509_NAME *name;
314X509_OBJECT *ret;
315 {
316 X509_STORE *ctx=vs->ctx;
317 X509_LOOKUP *lu;
318 X509_OBJECT stmp,*tmp;
319 int i,j;
320
321 tmp=X509_OBJECT_retrive_by_subject(ctx->certs,type,name);
322
323 if (tmp == NULL)
324 {
325 for (i=vs->current_method; i<sk_num(ctx->get_cert_methods); i++)
326 {
327 lu=(X509_LOOKUP *)sk_value(ctx->get_cert_methods,i);
328 j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
329 if (j < 0)
330 {
331 vs->current_method=j;
332 return(j);
333 }
334 else if (j)
335 {
336 tmp= &stmp;
337 break;
338 }
339 }
340 vs->current_method=0;
341 if (tmp == NULL)
342 return(0);
343 }
344
345/* if (ret->data.ptr != NULL)
346 X509_OBJECT_free_contents(ret); */
347
348 ret->type=tmp->type;
349 ret->data.ptr=tmp->data.ptr;
350
351 X509_OBJECT_up_ref_count(ret);
352
353 return(1);
354 }
355
356void X509_OBJECT_up_ref_count(a)
357X509_OBJECT *a;
358 {
359 switch (a->type)
360 {
361 case X509_LU_X509:
362 CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
363 break;
364 case X509_LU_CRL:
365 CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
366 break;
367 }
368 }
369
370void X509_OBJECT_free_contents(a)
371X509_OBJECT *a;
372 {
373 switch (a->type)
374 {
375 case X509_LU_X509:
376 X509_free(a->data.x509);
377 break;
378 case X509_LU_CRL:
379 X509_CRL_free(a->data.crl);
380 break;
381 }
382 }
383
384X509_OBJECT *X509_OBJECT_retrive_by_subject(h,type,name)
385LHASH *h;
386int type;
387X509_NAME *name;
388 {
389 X509_OBJECT stmp,*tmp;
390 X509 x509_s;
391 X509_CINF cinf_s;
392 X509_CRL crl_s;
393 X509_CRL_INFO crl_info_s;
394
395 stmp.type=type;
396 switch (type)
397 {
398 case X509_LU_X509:
399 stmp.data.x509= &x509_s;
400 x509_s.cert_info= &cinf_s;
401 cinf_s.subject=name;
402 break;
403 case X509_LU_CRL:
404 stmp.data.crl= &crl_s;
405 crl_s.crl= &crl_info_s;
406 crl_info_s.issuer=name;
407 break;
408 default:
409 abort();
410 }
411
412 tmp=(X509_OBJECT *)lh_retrieve(h,(char *)&stmp);
413 return(tmp);
414 }
415
416void X509_STORE_CTX_init(ctx,store,x509,chain)
417X509_STORE_CTX *ctx;
418X509_STORE *store;
419X509 *x509;
420STACK *chain;
421 {
422 ctx->ctx=store;
423 ctx->current_method=0;
424 ctx->cert=x509;
425 ctx->untrusted=chain;
426 ctx->last_untrusted=0;
427 ctx->valid=0;
428 ctx->chain=NULL;
429 ctx->depth=10;
430 ctx->error=0;
431 ctx->current_cert=NULL;
432 memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
433 }
434
435void X509_STORE_CTX_cleanup(ctx)
436X509_STORE_CTX *ctx;
437 {
438 if (ctx->chain != NULL)
439 {
440 sk_pop_free(ctx->chain,X509_free);
441 ctx->chain=NULL;
442 }
443 CRYPTO_free_ex_data(x509_store_ctx_meth,(char *)ctx,&(ctx->ex_data));
444 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
445 }
446
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
new file mode 100644
index 0000000000..c0576fd6f6
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_obj.c
@@ -0,0 +1,179 @@
1/* crypto/x509/x509_obj.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "lhash.h"
62#include "objects.h"
63#include "x509.h"
64#include "buffer.h"
65
66char *X509_NAME_oneline(a,buf,len)
67X509_NAME *a;
68char *buf;
69int len;
70 {
71 X509_NAME_ENTRY *ne;
72 unsigned int i;
73 int n,lold,l,l1,l2,num,j,type;
74 char *s,*p;
75 unsigned char *q;
76 BUF_MEM *b=NULL;
77 static char hex[17]="0123456789ABCDEF";
78 int gs_doit[4];
79 char tmp_buf[80];
80
81 if (a == NULL) return("NO X509_NAME");
82 if (buf == NULL)
83 {
84 if ((b=BUF_MEM_new()) == NULL) goto err;
85 if (!BUF_MEM_grow(b,200)) goto err;
86 b->data[0]='\0';
87 len=200;
88 }
89
90 len--; /* space for '\0' */
91 l=0;
92 for (i=0; (int)i<sk_num(a->entries); i++)
93 {
94 ne=(X509_NAME_ENTRY *)sk_value(a->entries,i);
95 n=OBJ_obj2nid(ne->object);
96 if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
97 {
98 i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
99 s=tmp_buf;
100 }
101 l1=strlen(s);
102
103 type=ne->value->type;
104 num=ne->value->length;
105 q=ne->value->data;
106
107 if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
108 {
109 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
110 for (j=0; j<num; j++)
111 if (q[j] != 0) gs_doit[j&3]=1;
112
113 if (gs_doit[0]|gs_doit[1]|gs_doit[2])
114 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
115 else
116 {
117 gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
118 gs_doit[3]=1;
119 }
120 }
121 else
122 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
123
124 for (l2=j=0; j<num; j++)
125 {
126 if (!gs_doit[j&3]) continue;
127 l2++;
128 if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
129 }
130
131 lold=l;
132 l+=1+l1+1+l2;
133 if (b != NULL)
134 {
135 if (!BUF_MEM_grow(b,l+1)) goto err;
136 p= &(b->data[lold]);
137 }
138 else if (l > len)
139 {
140 break;
141 }
142 else
143 p= &(buf[lold]);
144 *(p++)='/';
145 memcpy(p,s,(unsigned int)l1); p+=l1;
146 *(p++)='=';
147
148 q=ne->value->data;
149
150 for (j=0; j<num; j++)
151 {
152 if (!gs_doit[j&3]) continue;
153 n=q[j];
154 if ((n < ' ') || (n > '~'))
155 {
156 *(p++)='\\';
157 *(p++)='x';
158 *(p++)=hex[(n>>4)&0x0f];
159 *(p++)=hex[n&0x0f];
160 }
161 else
162 *(p++)=n;
163 }
164 *p='\0';
165 }
166 if (b != NULL)
167 {
168 p=b->data;
169 Free((char *)b);
170 }
171 else
172 p=buf;
173 return(p);
174err:
175 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
176 if (b != NULL) BUF_MEM_free(b);
177 return(NULL);
178 }
179
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
new file mode 100644
index 0000000000..6aec2427f7
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_r2x.c
@@ -0,0 +1,122 @@
1/* crypto/x509/x509_r2x.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "bn.h"
62#include "evp.h"
63#include "asn1.h"
64#include "x509.h"
65#include "objects.h"
66#include "buffer.h"
67#include "pem.h"
68
69X509 *X509_REQ_to_X509(r,days,pkey)
70X509_REQ *r;
71int days;
72EVP_PKEY *pkey;
73 {
74 X509 *ret=NULL;
75 int er=1;
76 X509_REQ_INFO *ri=NULL;
77 X509_CINF *xi=NULL;
78 X509_NAME *xn;
79
80 if ((ret=X509_new()) == NULL)
81 {
82 X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
83 goto err;
84 }
85
86 /* duplicate the request */
87 ri=(X509_REQ_INFO *)ASN1_dup(i2d_X509_REQ_INFO,
88 (char *(*)())d2i_X509_REQ_INFO,(char *)r->req_info);
89 if (ri == NULL) goto err;
90
91 xi=ret->cert_info;
92
93 if (sk_num(ri->attributes) != 0)
94 {
95 if ((xi->version=ASN1_INTEGER_new()) == NULL) goto err;
96 if (!ASN1_INTEGER_set(xi->version,2)) goto err;
97/* xi->extensions=ri->attributes; <- bad, should not ever be done
98 ri->attributes=NULL; */
99 }
100
101 xn=X509_REQ_get_subject_name(r);
102 X509_set_subject_name(ret,X509_NAME_dup(xn));
103 X509_set_issuer_name(ret,X509_NAME_dup(xn));
104
105 X509_gmtime_adj(xi->validity->notBefore,0);
106 X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days);
107
108 X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
109
110 if (!X509_sign(ret,pkey,EVP_md5()))
111 goto err;
112 er=0;
113err:
114 if (er)
115 {
116 X509_free(ret);
117 X509_REQ_INFO_free(ri);
118 return(NULL);
119 }
120 return(ret);
121 }
122
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
new file mode 100644
index 0000000000..5004365bad
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -0,0 +1,116 @@
1/* crypto/x509/x509_req.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "bn.h"
62#include "evp.h"
63#include "asn1.h"
64#include "x509.h"
65#include "objects.h"
66#include "buffer.h"
67#include "pem.h"
68
69X509_REQ *X509_to_X509_REQ(x,pkey,md)
70X509 *x;
71EVP_PKEY *pkey;
72EVP_MD *md;
73 {
74 X509_REQ *ret;
75 X509_REQ_INFO *ri;
76 int i;
77
78 ret=X509_REQ_new();
79 if (ret == NULL)
80 {
81 X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
82 goto err;
83 }
84
85 ri=ret->req_info;
86
87 ri->version->length=1;
88 ri->version->data=(unsigned char *)Malloc(1);
89 if (ri->version->data == NULL) goto err;
90 ri->version->data[0]=0; /* version == 0 */
91
92 if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
93 goto err;
94
95 i=X509_REQ_set_pubkey(ret,X509_get_pubkey(x));
96 if (!i) goto err;
97
98 if (pkey != NULL)
99 {
100 if (!X509_REQ_sign(ret,pkey,md))
101 goto err;
102 }
103 return(ret);
104err:
105 X509_REQ_free(ret);
106 return(NULL);
107 }
108
109EVP_PKEY *X509_REQ_get_pubkey(req)
110X509_REQ *req;
111 {
112 if ((req == NULL) || (req->req_info == NULL))
113 return(NULL);
114 return(X509_PUBKEY_get(req->req_info->pubkey));
115 }
116
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
new file mode 100644
index 0000000000..5d0a3a0c0e
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_set.c
@@ -0,0 +1,164 @@
1/* crypto/x509/x509_set.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "asn1.h"
62#include "objects.h"
63#include "evp.h"
64#include "x509.h"
65
66int X509_set_version(x,version)
67X509 *x;
68long version;
69 {
70 if (x == NULL) return(0);
71 if (x->cert_info->version == NULL)
72 {
73 if ((x->cert_info->version=ASN1_INTEGER_new()) == NULL)
74 return(0);
75 }
76 return(ASN1_INTEGER_set(x->cert_info->version,version));
77 }
78
79int X509_set_serialNumber(x,serial)
80X509 *x;
81ASN1_INTEGER *serial;
82 {
83 ASN1_INTEGER *in;
84
85 if (x == NULL) return(0);
86 in=x->cert_info->serialNumber;
87 if (in != serial)
88 {
89 in=ASN1_INTEGER_dup(serial);
90 if (in != NULL)
91 {
92 ASN1_INTEGER_free(x->cert_info->serialNumber);
93 x->cert_info->serialNumber=in;
94 }
95 }
96 return(in != NULL);
97 }
98
99int X509_set_issuer_name(x,name)
100X509 *x;
101X509_NAME *name;
102 {
103 if ((x == NULL) || (x->cert_info == NULL)) return(0);
104 return(X509_NAME_set(&x->cert_info->issuer,name));
105 }
106
107int X509_set_subject_name(x,name)
108X509 *x;
109X509_NAME *name;
110 {
111 if ((x == NULL) || (x->cert_info == NULL)) return(0);
112 return(X509_NAME_set(&x->cert_info->subject,name));
113 }
114
115int X509_set_notBefore(x,tm)
116X509 *x;
117ASN1_UTCTIME *tm;
118 {
119 ASN1_UTCTIME *in;
120
121 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
122 in=x->cert_info->validity->notBefore;
123 if (in != tm)
124 {
125 in=ASN1_UTCTIME_dup(tm);
126 if (in != NULL)
127 {
128 ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
129 x->cert_info->validity->notBefore=in;
130 }
131 }
132 return(in != NULL);
133 }
134
135int X509_set_notAfter(x,tm)
136X509 *x;
137ASN1_UTCTIME *tm;
138 {
139 ASN1_UTCTIME *in;
140
141 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
142 in=x->cert_info->validity->notAfter;
143 if (in != tm)
144 {
145 in=ASN1_UTCTIME_dup(tm);
146 if (in != NULL)
147 {
148 ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
149 x->cert_info->validity->notAfter=in;
150 }
151 }
152 return(in != NULL);
153 }
154
155int X509_set_pubkey(x,pkey)
156X509 *x;
157EVP_PKEY *pkey;
158 {
159 if ((x == NULL) || (x->cert_info == NULL)) return(0);
160 return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
161 }
162
163
164
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
new file mode 100644
index 0000000000..408d1c277c
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_txt.c
@@ -0,0 +1,132 @@
1/* crypto/x509/x509_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62#include <sys/types.h>
63
64#include "cryptlib.h"
65#include "lhash.h"
66#include "buffer.h"
67#include "evp.h"
68#include "asn1.h"
69#include "x509.h"
70#include "objects.h"
71#include "pem.h"
72
73char *X509_verify_cert_error_string(n)
74long n;
75 {
76 static char buf[100];
77
78 switch ((int)n)
79 {
80 case X509_V_OK:
81 return("ok");
82 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
83 return("unable to get issuer certificate");
84 case X509_V_ERR_UNABLE_TO_GET_CRL:
85 return("unable to get certificate CRL");
86 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
87 return("unable to decrypt certificate's signature");
88 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
89 return("unable to decrypt CRL's's signature");
90 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
91 return("unable to decode issuer public key");
92 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
93 return("certificate signature failure");
94 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
95 return("CRL signature failure");
96 case X509_V_ERR_CERT_NOT_YET_VALID:
97 return("certificate is not yet valid");
98 case X509_V_ERR_CRL_NOT_YET_VALID:
99 return("CRL is not yet valid");
100 case X509_V_ERR_CERT_HAS_EXPIRED:
101 return("Certificate has expired");
102 case X509_V_ERR_CRL_HAS_EXPIRED:
103 return("CRL has expired");
104 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
105 return("format error in certificate's notBefore field");
106 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
107 return("format error in certificate's notAfter field");
108 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
109 return("format error in CRL's lastUpdate field");
110 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
111 return("format error in CRL's nextUpdate field");
112 case X509_V_ERR_OUT_OF_MEM:
113 return("out of memory");
114 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
115 return("self signed certificate");
116 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
117 return("self signed certificate in certificate chain");
118 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
119 return("unable to get local issuer certificate");
120 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
121 return("unable to verify the first certificate");
122 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
123 return("certificate chain too long");
124 case X509_V_ERR_APPLICATION_VERIFICATION:
125 return("application verification failure");
126 default:
127 sprintf(buf,"error number %ld",n);
128 return(buf);
129 }
130 }
131
132
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
new file mode 100644
index 0000000000..1c03602f0b
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -0,0 +1,409 @@
1/* crypto/x509/x509_v3.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "stack.h"
61#include "cryptlib.h"
62#include "asn1.h"
63#include "objects.h"
64#include "evp.h"
65#include "x509.h"
66
67#ifndef NOPROTO
68static X509_EXTENSION_METHOD *find_by_nid(int nid);
69static int xem_cmp(X509_EXTENSION_METHOD **a, X509_EXTENSION_METHOD **b);
70#else
71static X509_EXTENSION_METHOD *find_by_nid();
72static int xem_cmp();
73#endif
74
75static STACK *extensions=NULL;
76
77int X509v3_get_ext_count(x)
78STACK *x;
79 {
80 if (x == NULL) return(0);
81 return(sk_num(x));
82 }
83
84int X509v3_get_ext_by_NID(x,nid,lastpos)
85STACK *x;
86int nid;
87int lastpos;
88 {
89 ASN1_OBJECT *obj;
90
91 obj=OBJ_nid2obj(nid);
92 if (obj == NULL) return(-2);
93 return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
94 }
95
96int X509v3_get_ext_by_OBJ(sk,obj,lastpos)
97STACK *sk;
98ASN1_OBJECT *obj;
99int lastpos;
100 {
101 int n;
102 X509_EXTENSION *ex;
103
104 if (sk == NULL) return(-1);
105 lastpos++;
106 if (lastpos < 0)
107 lastpos=0;
108 n=sk_num(sk);
109 for ( ; lastpos < n; lastpos++)
110 {
111 ex=(X509_EXTENSION *)sk_value(sk,lastpos);
112 if (OBJ_cmp(ex->object,obj) == 0)
113 return(lastpos);
114 }
115 return(-1);
116 }
117
118int X509v3_get_ext_by_critical(sk,crit,lastpos)
119STACK *sk;
120int crit;
121int lastpos;
122 {
123 int n;
124 X509_EXTENSION *ex;
125
126 if (sk == NULL) return(-1);
127 lastpos++;
128 if (lastpos < 0)
129 lastpos=0;
130 n=sk_num(sk);
131 for ( ; lastpos < n; lastpos++)
132 {
133 ex=(X509_EXTENSION *)sk_value(sk,lastpos);
134 if ( (ex->critical && crit) ||
135 (!ex->critical && !crit))
136 return(lastpos);
137 }
138 return(-1);
139 }
140
141X509_EXTENSION *X509v3_get_ext(x,loc)
142STACK *x;
143int loc;
144 {
145 if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0))
146 return(NULL);
147 else
148 return((X509_EXTENSION *)sk_value(x,loc));
149 }
150
151X509_EXTENSION *X509v3_delete_ext(x,loc)
152STACK *x;
153int loc;
154 {
155 X509_EXTENSION *ret;
156
157 if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0))
158 return(NULL);
159 ret=(X509_EXTENSION *)sk_delete(x,loc);
160 return(ret);
161 }
162
163STACK *X509v3_add_ext(x,ex,loc)
164STACK **x;
165X509_EXTENSION *ex;
166int loc;
167 {
168 X509_EXTENSION *new_ex=NULL;
169 int n;
170 STACK *sk=NULL;
171
172 if ((x != NULL) && (*x == NULL))
173 {
174 if ((sk=sk_new_null()) == NULL)
175 goto err;
176 }
177 else
178 sk= *x;
179
180 n=sk_num(sk);
181 if (loc > n) loc=n;
182 else if (loc < 0) loc=n;
183
184 if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
185 goto err2;
186 if (!sk_insert(sk,(char *)new_ex,loc))
187 goto err;
188 if ((x != NULL) && (*x == NULL))
189 *x=sk;
190 return(sk);
191err:
192 X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
193err2:
194 if (new_ex != NULL) X509_EXTENSION_free(new_ex);
195 if (sk != NULL) sk_free(sk);
196 return(NULL);
197 }
198
199X509_EXTENSION *X509_EXTENSION_create_by_NID(ex,nid,crit,data)
200X509_EXTENSION **ex;
201int nid;
202int crit;
203ASN1_OCTET_STRING *data;
204 {
205 ASN1_OBJECT *obj;
206 X509_EXTENSION *ret;
207
208 obj=OBJ_nid2obj(nid);
209 if (obj == NULL)
210 {
211 X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
212 return(NULL);
213 }
214 ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
215 if (ret == NULL) ASN1_OBJECT_free(obj);
216 return(ret);
217 }
218
219X509_EXTENSION *X509_EXTENSION_create_by_OBJ(ex,obj,crit,data)
220X509_EXTENSION **ex;
221ASN1_OBJECT *obj;
222int crit;
223ASN1_OCTET_STRING *data;
224 {
225 X509_EXTENSION *ret;
226
227 if ((ex == NULL) || (*ex == NULL))
228 {
229 if ((ret=X509_EXTENSION_new()) == NULL)
230 {
231 X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
232 return(NULL);
233 }
234 }
235 else
236 ret= *ex;
237
238 if (!X509_EXTENSION_set_object(ret,obj))
239 goto err;
240 if (!X509_EXTENSION_set_critical(ret,crit))
241 goto err;
242 if (!X509_EXTENSION_set_data(ret,data))
243 goto err;
244
245 if ((ex != NULL) && (*ex == NULL)) *ex=ret;
246 return(ret);
247err:
248 if ((ex == NULL) || (ret != *ex))
249 X509_EXTENSION_free(ret);
250 return(NULL);
251 }
252
253int X509_EXTENSION_set_object(ex,obj)
254X509_EXTENSION *ex;
255ASN1_OBJECT *obj;
256 {
257 if ((ex == NULL) || (obj == NULL))
258 return(0);
259 ASN1_OBJECT_free(ex->object);
260 ex->object=OBJ_dup(obj);
261 return(1);
262 }
263
264int X509_EXTENSION_set_critical(ex,crit)
265X509_EXTENSION *ex;
266int crit;
267 {
268 if (ex == NULL) return(0);
269 ex->critical=(crit)?0xFF:0;
270 return(1);
271 }
272
273int X509_EXTENSION_set_data(ex,data)
274X509_EXTENSION *ex;
275ASN1_OCTET_STRING *data;
276 {
277 int i;
278
279 if (ex == NULL) return(0);
280 i=ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
281 if (!i) return(0);
282 return(1);
283 }
284
285ASN1_OBJECT *X509_EXTENSION_get_object(ex)
286X509_EXTENSION *ex;
287 {
288 if (ex == NULL) return(NULL);
289 return(ex->object);
290 }
291
292ASN1_OCTET_STRING *X509_EXTENSION_get_data(ex)
293X509_EXTENSION *ex;
294 {
295 if (ex == NULL) return(NULL);
296 return(ex->value);
297 }
298
299int X509_EXTENSION_get_critical(ex)
300X509_EXTENSION *ex;
301 {
302 if (ex == NULL) return(0);
303 return(ex->critical);
304 }
305
306int X509v3_data_type_by_OBJ(obj)
307ASN1_OBJECT *obj;
308 {
309 int nid;
310
311 nid=OBJ_obj2nid(obj);
312 if (nid == V_ASN1_UNDEF) return(V_ASN1_UNDEF);
313 return(X509v3_data_type_by_NID(nid));
314 }
315
316int X509v3_data_type_by_NID(nid)
317int nid;
318 {
319 X509_EXTENSION_METHOD *x;
320
321 x=find_by_nid(nid);
322 if (x == NULL)
323 return(V_ASN1_UNDEF);
324 else
325 return(x->data_type);
326 }
327
328int X509v3_pack_type_by_OBJ(obj)
329ASN1_OBJECT *obj;
330 {
331 int nid;
332
333 nid=OBJ_obj2nid(obj);
334 if (nid == NID_undef) return(X509_EXT_PACK_UNKNOWN);
335 return(X509v3_pack_type_by_NID(nid));
336 }
337
338int X509v3_pack_type_by_NID(nid)
339int nid;
340 {
341 X509_EXTENSION_METHOD *x;
342
343 x=find_by_nid(nid);
344 if (x == NULL)
345 return(X509_EXT_PACK_UNKNOWN);
346 else
347 return(x->pack_type);
348 }
349
350static X509_EXTENSION_METHOD *find_by_nid(nid)
351int nid;
352 {
353 X509_EXTENSION_METHOD x;
354 int i;
355
356 x.nid=nid;
357 if (extensions == NULL) return(NULL);
358 i=sk_find(extensions,(char *)&x);
359 if (i < 0)
360 return(NULL);
361 else
362 return((X509_EXTENSION_METHOD *)sk_value(extensions,i));
363 }
364
365static int xem_cmp(a,b)
366X509_EXTENSION_METHOD **a,**b;
367 {
368 return((*a)->nid-(*b)->nid);
369 }
370
371void X509v3_cleanup_extensions()
372 {
373 int i;
374
375 if (extensions != NULL)
376 {
377 for (i=0; i<sk_num(extensions); i++)
378 Free(sk_value(extensions,i));
379 sk_free(extensions);
380 extensions=NULL;
381 }
382 }
383
384int X509v3_add_extension(x)
385X509_EXTENSION_METHOD *x;
386 {
387 X509_EXTENSION_METHOD *newx;
388
389 if (extensions == NULL)
390 {
391 extensions=sk_new(xem_cmp);
392 if (extensions == NULL) goto err;
393 }
394 newx=(X509_EXTENSION_METHOD *)Malloc(sizeof(X509_EXTENSION_METHOD));
395 if (newx == NULL) goto err;
396 newx->nid=x->nid;
397 newx->data_type=x->data_type;
398 newx->pack_type=x->pack_type;
399 if (!sk_push(extensions,(char *)newx))
400 {
401 Free(newx);
402 goto err;
403 }
404 return(1);
405err:
406 X509err(X509_F_X509V3_ADD_EXTENSION,ERR_R_MALLOC_FAILURE);
407 return(0);
408 }
409
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
new file mode 100644
index 0000000000..c1be91edba
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -0,0 +1,704 @@
1/* crypto/x509/x509_vfy.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64
65#include "crypto.h"
66#include "cryptlib.h"
67#include "lhash.h"
68#include "buffer.h"
69#include "evp.h"
70#include "asn1.h"
71#include "x509.h"
72#include "objects.h"
73#include "pem.h"
74
75#ifndef NOPROTO
76static int null_callback(int ok,X509_STORE_CTX *e);
77static int internal_verify(X509_STORE_CTX *ctx);
78#else
79static int null_callback();
80static int internal_verify();
81#endif
82
83char *X509_version="X509 part of SSLeay 0.9.0b 29-Jun-1998";
84static STACK *x509_store_ctx_method=NULL;
85static int x509_store_ctx_num=0;
86#if 0
87static int x509_store_num=1;
88static STACK *x509_store_method=NULL;
89#endif
90
91static int null_callback(ok,e)
92int ok;
93X509_STORE_CTX *e;
94 {
95 return(ok);
96 }
97
98#if 0
99static int x509_subject_cmp(a,b)
100X509 **a,**b;
101 {
102 return(X509_subject_name_cmp(*a,*b));
103 }
104#endif
105
106int X509_verify_cert(ctx)
107X509_STORE_CTX *ctx;
108 {
109 X509 *x,*xtmp,*chain_ss=NULL;
110 X509_NAME *xn;
111 X509_OBJECT obj;
112 int depth,i,ok=0;
113 int num;
114 int (*cb)();
115 STACK *sktmp=NULL;
116
117 if (ctx->cert == NULL)
118 {
119 X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
120 return(-1);
121 }
122
123 cb=ctx->ctx->verify_cb;
124 if (cb == NULL) cb=null_callback;
125
126 /* first we make sure the chain we are going to build is
127 * present and that the first entry is in place */
128 if (ctx->chain == NULL)
129 {
130 if ( ((ctx->chain=sk_new_null()) == NULL) ||
131 (!sk_push(ctx->chain,(char *)ctx->cert)))
132 {
133 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
134 goto end;
135 }
136 CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
137 ctx->last_untrusted=1;
138 }
139
140 /* We use a temporary so we can chop and hack at it */
141 if ((ctx->untrusted != NULL) && (sktmp=sk_dup(ctx->untrusted)) == NULL)
142 {
143 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
144 goto end;
145 }
146
147 num=sk_num(ctx->chain);
148 x=(X509 *)sk_value(ctx->chain,num-1);
149 depth=ctx->depth;
150
151
152 for (;;)
153 {
154 /* If we have enough, we break */
155 if (depth <= num) break;
156
157 /* If we are self signed, we break */
158 xn=X509_get_issuer_name(x);
159 if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
160 break;
161
162 /* If we were passed a cert chain, use it first */
163 if (ctx->untrusted != NULL)
164 {
165 xtmp=X509_find_by_subject(sktmp,xn);
166 if (xtmp != NULL)
167 {
168 if (!sk_push(ctx->chain,(char *)xtmp))
169 {
170 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
171 goto end;
172 }
173 CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
174 sk_delete_ptr(sktmp,(char *)xtmp);
175 ctx->last_untrusted++;
176 x=xtmp;
177 num++;
178 /* reparse the full chain for
179 * the next one */
180 continue;
181 }
182 }
183 break;
184 }
185
186 /* at this point, chain should contain a list of untrusted
187 * certificates. We now need to add at least one trusted one,
188 * if possible, otherwise we complain. */
189
190 i=sk_num(ctx->chain);
191 x=(X509 *)sk_value(ctx->chain,i-1);
192 if (X509_NAME_cmp(X509_get_subject_name(x),X509_get_issuer_name(x))
193 == 0)
194 {
195 /* we have a self signed certificate */
196 if (sk_num(ctx->chain) == 1)
197 {
198 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
199 ctx->current_cert=x;
200 ctx->error_depth=i-1;
201 ok=cb(0,ctx);
202 if (!ok) goto end;
203 }
204 else
205 {
206 /* worry more about this one elsewhere */
207 chain_ss=(X509 *)sk_pop(ctx->chain);
208 ctx->last_untrusted--;
209 num--;
210 x=(X509 *)sk_value(ctx->chain,num-1);
211 }
212 }
213
214 /* We now lookup certs from the certificate store */
215 for (;;)
216 {
217 /* If we have enough, we break */
218 if (depth <= num) break;
219
220 /* If we are self signed, we break */
221 xn=X509_get_issuer_name(x);
222 if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
223 break;
224
225 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
226 if (ok != X509_LU_X509)
227 {
228 if (ok == X509_LU_RETRY)
229 {
230 X509_OBJECT_free_contents(&obj);
231 X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
232 return(ok);
233 }
234 else if (ok != X509_LU_FAIL)
235 {
236 X509_OBJECT_free_contents(&obj);
237 /* not good :-(, break anyway */
238 return(ok);
239 }
240 break;
241 }
242 x=obj.data.x509;
243 if (!sk_push(ctx->chain,(char *)obj.data.x509))
244 {
245 X509_OBJECT_free_contents(&obj);
246 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
247 return(0);
248 }
249 num++;
250 }
251
252 /* we now have our chain, lets check it... */
253 xn=X509_get_issuer_name(x);
254 if (X509_NAME_cmp(X509_get_subject_name(x),xn) != 0)
255 {
256 if ((chain_ss == NULL) || (X509_NAME_cmp(X509_get_subject_name(chain_ss),xn) != 0))
257 {
258 if (ctx->last_untrusted >= num)
259 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
260 else
261 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
262 ctx->current_cert=x;
263 }
264 else
265 {
266
267 sk_push(ctx->chain,(char *)chain_ss);
268 num++;
269 ctx->last_untrusted=num;
270 ctx->current_cert=chain_ss;
271 ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
272 chain_ss=NULL;
273 }
274
275 ctx->error_depth=num-1;
276 ok=cb(0,ctx);
277 if (!ok) goto end;
278 }
279
280 /* We may as well copy down any DSA parameters that are required */
281 X509_get_pubkey_parameters(NULL,ctx->chain);
282
283 /* At this point, we have a chain and just need to verify it */
284 if (ctx->ctx->verify != NULL)
285 ok=ctx->ctx->verify(ctx);
286 else
287 ok=internal_verify(ctx);
288end:
289 if (sktmp != NULL) sk_free(sktmp);
290 if (chain_ss != NULL) X509_free(chain_ss);
291 return(ok);
292 }
293
294static int internal_verify(ctx)
295X509_STORE_CTX *ctx;
296 {
297 int i,ok=0,n;
298 X509 *xs,*xi;
299 EVP_PKEY *pkey=NULL;
300 int (*cb)();
301
302 cb=ctx->ctx->verify_cb;
303 if (cb == NULL) cb=null_callback;
304
305 n=sk_num(ctx->chain);
306 ctx->error_depth=n-1;
307 n--;
308 xi=(X509 *)sk_value(ctx->chain,n);
309 if (X509_NAME_cmp(X509_get_subject_name(xi),
310 X509_get_issuer_name(xi)) == 0)
311 xs=xi;
312 else
313 {
314 if (n <= 0)
315 {
316 ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
317 ctx->current_cert=xi;
318 ok=cb(0,ctx);
319 goto end;
320 }
321 else
322 {
323 n--;
324 ctx->error_depth=n;
325 xs=(X509 *)sk_value(ctx->chain,n);
326 }
327 }
328
329/* ctx->error=0; not needed */
330 while (n >= 0)
331 {
332 ctx->error_depth=n;
333 if (!xs->valid)
334 {
335 if ((pkey=X509_get_pubkey(xi)) == NULL)
336 {
337 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
338 ctx->current_cert=xi;
339 ok=(*cb)(0,ctx);
340 if (!ok) goto end;
341 }
342 if (X509_verify(xs,pkey) <= 0)
343 {
344 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
345 ctx->current_cert=xs;
346 ok=(*cb)(0,ctx);
347 if (!ok) goto end;
348 }
349 pkey=NULL;
350
351 i=X509_cmp_current_time(X509_get_notBefore(xs));
352 if (i == 0)
353 {
354 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
355 ctx->current_cert=xs;
356 ok=(*cb)(0,ctx);
357 if (!ok) goto end;
358 }
359 if (i > 0)
360 {
361 ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
362 ctx->current_cert=xs;
363 ok=(*cb)(0,ctx);
364 if (!ok) goto end;
365 }
366 xs->valid=1;
367 }
368
369 i=X509_cmp_current_time(X509_get_notAfter(xs));
370 if (i == 0)
371 {
372 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
373 ctx->current_cert=xs;
374 ok=(*cb)(0,ctx);
375 if (!ok) goto end;
376 }
377
378 if (i < 0)
379 {
380 ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
381 ctx->current_cert=xs;
382 ok=(*cb)(0,ctx);
383 if (!ok) goto end;
384 }
385
386 /* CRL CHECK */
387
388 /* The last error (if any) is still in the error value */
389 ctx->current_cert=xs;
390 ok=(*cb)(1,ctx);
391 if (!ok) goto end;
392
393 n--;
394 if (n >= 0)
395 {
396 xi=xs;
397 xs=(X509 *)sk_value(ctx->chain,n);
398 }
399 }
400 ok=1;
401end:
402 return(ok);
403 }
404
405int X509_cmp_current_time(ctm)
406ASN1_UTCTIME *ctm;
407 {
408 char *str;
409 ASN1_UTCTIME atm;
410 time_t offset;
411 char buff1[24],buff2[24],*p;
412 int i,j;
413
414 p=buff1;
415 i=ctm->length;
416 str=(char *)ctm->data;
417 if ((i < 11) || (i > 17)) return(0);
418 memcpy(p,str,10);
419 p+=10;
420 str+=10;
421
422 if ((*str == 'Z') || (*str == '-') || (*str == '+'))
423 { *(p++)='0'; *(p++)='0'; }
424 else { *(p++)= *(str++); *(p++)= *(str++); }
425 *(p++)='Z';
426 *(p++)='\0';
427
428 if (*str == 'Z')
429 offset=0;
430 else
431 {
432 if ((*str != '+') && (str[5] != '-'))
433 return(0);
434 offset=((str[1]-'0')*10+(str[2]-'0'))*60;
435 offset+=(str[3]-'0')*10+(str[4]-'0');
436 if (*str == '-')
437 offset=-offset;
438 }
439 atm.type=V_ASN1_UTCTIME;
440 atm.length=sizeof(buff2);
441 atm.data=(unsigned char *)buff2;
442
443 X509_gmtime_adj(&atm,-offset);
444
445 i=(buff1[0]-'0')*10+(buff1[1]-'0');
446 if (i < 70) i+=100;
447 j=(buff2[0]-'0')*10+(buff2[1]-'0');
448 if (j < 70) j+=100;
449
450 if (i < j) return (-1);
451 if (i > j) return (1);
452 i=strcmp(buff1,buff2);
453 if (i == 0) /* wait a second then return younger :-) */
454 return(-1);
455 else
456 return(i);
457 }
458
459ASN1_UTCTIME *X509_gmtime_adj(s, adj)
460ASN1_UTCTIME *s;
461long adj;
462 {
463 time_t t;
464
465 time(&t);
466 t+=adj;
467 return(ASN1_UTCTIME_set(s,t));
468 }
469
470int X509_get_pubkey_parameters(pkey,chain)
471EVP_PKEY *pkey;
472STACK *chain;
473 {
474 EVP_PKEY *ktmp=NULL,*ktmp2;
475 int i,j;
476
477 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1);
478
479 for (i=0; i<sk_num(chain); i++)
480 {
481 ktmp=X509_get_pubkey((X509 *)sk_value(chain,i));
482 if (ktmp == NULL)
483 {
484 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
485 return(0);
486 }
487 if (!EVP_PKEY_missing_parameters(ktmp))
488 break;
489 else
490 {
491 ktmp=NULL;
492 }
493 }
494 if (ktmp == NULL)
495 {
496 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
497 return(0);
498 }
499
500 /* first, populate the other certs */
501 for (j=i-1; j >= 0; j--)
502 {
503 ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j));
504 EVP_PKEY_copy_parameters(ktmp2,ktmp);
505 }
506
507 if (pkey != NULL)
508 EVP_PKEY_copy_parameters(pkey,ktmp);
509 return(1);
510 }
511
512EVP_PKEY *X509_get_pubkey(x)
513X509 *x;
514 {
515 if ((x == NULL) || (x->cert_info == NULL))
516 return(NULL);
517 return(X509_PUBKEY_get(x->cert_info->key));
518 }
519
520int X509_check_private_key(x,k)
521X509 *x;
522EVP_PKEY *k;
523 {
524 EVP_PKEY *xk=NULL;
525 int ok=0;
526
527 xk=X509_get_pubkey(x);
528 if (xk->type != k->type) goto err;
529 switch (k->type)
530 {
531#ifndef NO_RSA
532 case EVP_PKEY_RSA:
533 if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err;
534 if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err;
535 break;
536#endif
537#ifndef NO_DSA
538 case EVP_PKEY_DSA:
539 if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
540 goto err;
541 break;
542#endif
543#ifndef NO_DH
544 case EVP_PKEY_DH:
545 /* No idea */
546 goto err;
547#endif
548 default:
549 goto err;
550 }
551
552 ok=1;
553err:
554 return(ok);
555 }
556
557int X509_STORE_add_cert(ctx,x)
558X509_STORE *ctx;
559X509 *x;
560 {
561 X509_OBJECT *obj,*r;
562 int ret=1;
563
564 if (x == NULL) return(0);
565 obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
566 if (obj == NULL)
567 {
568 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
569 return(0);
570 }
571 obj->type=X509_LU_X509;
572 obj->data.x509=x;
573
574 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
575
576 X509_OBJECT_up_ref_count(obj);
577
578 r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
579 if (r != NULL)
580 { /* oops, put it back */
581 lh_delete(ctx->certs,(char *)obj);
582 X509_OBJECT_free_contents(obj);
583 Free(obj);
584 lh_insert(ctx->certs,(char *)r);
585 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
586 ret=0;
587 }
588
589 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
590
591 return(ret);
592 }
593
594int X509_STORE_add_crl(ctx,x)
595X509_STORE *ctx;
596X509_CRL *x;
597 {
598 X509_OBJECT *obj,*r;
599 int ret=1;
600
601 if (x == NULL) return(0);
602 obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
603 if (obj == NULL)
604 {
605 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
606 return(0);
607 }
608 obj->type=X509_LU_CRL;
609 obj->data.crl=x;
610
611 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
612
613 X509_OBJECT_up_ref_count(obj);
614
615 r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
616 if (r != NULL)
617 { /* oops, put it back */
618 lh_delete(ctx->certs,(char *)obj);
619 X509_OBJECT_free_contents(obj);
620 Free(obj);
621 lh_insert(ctx->certs,(char *)r);
622 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
623 ret=0;
624 }
625
626 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
627
628 return(ret);
629 }
630
631int X509_STORE_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
632long argl;
633char *argp;
634int (*new_func)();
635int (*dup_func)();
636void (*free_func)();
637 {
638 x509_store_ctx_num++;
639 return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
640 &x509_store_ctx_method,
641 argl,argp,new_func,dup_func,free_func));
642 }
643
644int X509_STORE_CTX_set_ex_data(ctx,idx,data)
645X509_STORE_CTX *ctx;
646int idx;
647char *data;
648 {
649 return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
650 }
651
652char *X509_STORE_CTX_get_ex_data(ctx,idx)
653X509_STORE_CTX *ctx;
654int idx;
655 {
656 return(CRYPTO_get_ex_data(&ctx->ex_data,idx));
657 }
658
659int X509_STORE_CTX_get_error(ctx)
660X509_STORE_CTX *ctx;
661 {
662 return(ctx->error);
663 }
664
665void X509_STORE_CTX_set_error(ctx,err)
666X509_STORE_CTX *ctx;
667int err;
668 {
669 ctx->error=err;
670 }
671
672int X509_STORE_CTX_get_error_depth(ctx)
673X509_STORE_CTX *ctx;
674 {
675 return(ctx->error_depth);
676 }
677
678X509 *X509_STORE_CTX_get_current_cert(ctx)
679X509_STORE_CTX *ctx;
680 {
681 return(ctx->current_cert);
682 }
683
684STACK *X509_STORE_CTX_get_chain(ctx)
685X509_STORE_CTX *ctx;
686 {
687 return(ctx->chain);
688 }
689
690void X509_STORE_CTX_set_cert(ctx,x)
691X509_STORE_CTX *ctx;
692X509 *x;
693 {
694 ctx->cert=x;
695 }
696
697void X509_STORE_CTX_set_chain(ctx,sk)
698X509_STORE_CTX *ctx;
699STACK *sk;
700 {
701 ctx->untrusted=sk;
702 }
703
704
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
new file mode 100644
index 0000000000..dfc060f899
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -0,0 +1,378 @@
1/* crypto/x509/x509_vfy.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_VFY_H
60#define HEADER_X509_VFY_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66#include "bio.h"
67#include "crypto.h"
68
69/* Outer object */
70typedef struct x509_hash_dir_st
71 {
72 int num_dirs;
73 char **dirs;
74 int *dirs_type;
75 int num_dirs_alloced;
76 } X509_HASH_DIR_CTX;
77
78typedef struct x509_file_st
79 {
80 int num_paths; /* number of paths to files or directories */
81 int num_alloced;
82 char **paths; /* the list of paths or directories */
83 int *path_type;
84 } X509_CERT_FILE_CTX;
85
86/*******************************/
87/*
88SSL_CTX -> X509_STORE
89 -> X509_LOOKUP
90 ->X509_LOOKUP_METHOD
91 -> X509_LOOKUP
92 ->X509_LOOKUP_METHOD
93
94SSL -> X509_STORE_CTX
95 ->X509_STORE
96
97The X509_STORE holds the tables etc for verification stuff.
98A X509_STORE_CTX is used while validating a single certificate.
99The X509_STORE has X509_LOOKUPs for looking up certs.
100The X509_STORE then calls a function to actually verify the
101certificate chain.
102*/
103
104#define X509_LU_RETRY -1
105#define X509_LU_FAIL 0
106#define X509_LU_X509 1
107#define X509_LU_CRL 2
108#define X509_LU_PKEY 3
109
110typedef struct x509_object_st
111 {
112 /* one of the above types */
113 int type;
114 union {
115 char *ptr;
116 X509 *x509;
117 X509_CRL *crl;
118 EVP_PKEY *pkey;
119 } data;
120 } X509_OBJECT;
121
122/* This is a static that defines the function interface */
123typedef struct x509_lookup_method_st
124 {
125 char *name;
126 int (*new_item)();
127 void (*free)();
128 int (*init)(/* meth, char ** */);
129 int (*shutdown)( /* meth, char ** */);
130 int (*ctrl)( /* meth, char **, int cmd, char *argp, int argi */);
131 int (*get_by_subject)(/* meth, char **, XNAME *, X509 **ret */);
132 int (*get_by_issuer_serial)();
133 int (*get_by_fingerprint)();
134 int (*get_by_alias)();
135 } X509_LOOKUP_METHOD;
136
137/* This is used to hold everything. It is used for all certificate
138 * validation. Once we have a certificate chain, the 'verify'
139 * function is then called to actually check the cert chain. */
140typedef struct x509_store_st
141 {
142 /* The following is a cache of trusted certs */
143 int cache; /* if true, stash any hits */
144#ifdef HEADER_LHASH_H
145 LHASH *certs; /* cached certs; */
146#else
147 char *certs;
148#endif
149
150 /* These are external lookup methods */
151 STACK *get_cert_methods;/* X509_LOOKUP */
152 int (*verify)(); /* called to verify a certificate */
153 int (*verify_cb)(); /* error callback */
154
155 CRYPTO_EX_DATA ex_data;
156 int references;
157 int depth; /* how deep to look */
158 } X509_STORE;
159
160#define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d))
161
162#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
163#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
164
165/* This is the functions plus an instance of the local variables. */
166typedef struct x509_lookup_st
167 {
168 int init; /* have we been started */
169 int skip; /* don't use us. */
170 X509_LOOKUP_METHOD *method; /* the functions */
171 char *method_data; /* method data */
172
173 X509_STORE *store_ctx; /* who owns us */
174 } X509_LOOKUP;
175
176/* This is a temporary used when processing cert chains. Since the
177 * gathering of the cert chain can take some time (and have to be
178 * 'retried', this needs to be kept and passed around. */
179typedef struct x509_store_state_st
180 {
181 X509_STORE *ctx;
182 int current_method; /* used when looking up certs */
183
184 /* The following are set by the caller */
185 X509 *cert; /* The cert to check */
186 STACK *untrusted; /* chain of X509s - untrusted - passed in */
187
188 /* The following is built up */
189 int depth; /* how far to go looking up certs */
190 int valid; /* if 0, rebuild chain */
191 int last_untrusted; /* index of last untrusted cert */
192 STACK *chain; /* chain of X509s - built up and trusted */
193
194 /* When something goes wrong, this is why */
195 int error_depth;
196 int error;
197 X509 *current_cert;
198
199 CRYPTO_EX_DATA ex_data;
200 } X509_STORE_CTX;
201
202#define X509_STORE_CTX_set_app_data(ctx,data) \
203 X509_STORE_CTX_set_ex_data(ctx,0,data)
204#define X509_STORE_CTX_get_app_data(ctx) \
205 X509_STORE_CTX_get_ex_data(ctx,0)
206
207#define X509_L_FILE_LOAD 1
208#define X509_L_ADD_DIR 2
209
210X509_LOOKUP_METHOD *X509_LOOKUP_file();
211#define X509_LOOKUP_load_file(x,name,type) \
212 X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
213
214X509_LOOKUP_METHOD *X509_LOOKUP_dir();
215#define X509_LOOKUP_add_dir(x,name,type) \
216 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
217
218#define X509_V_OK 0
219
220#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
221#define X509_V_ERR_UNABLE_TO_GET_CRL 3
222#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
223#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
224#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
225#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
226#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
227#define X509_V_ERR_CERT_NOT_YET_VALID 9
228#define X509_V_ERR_CERT_HAS_EXPIRED 10
229#define X509_V_ERR_CRL_NOT_YET_VALID 11
230#define X509_V_ERR_CRL_HAS_EXPIRED 12
231#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
232#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
233#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
234#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
235#define X509_V_ERR_OUT_OF_MEM 17
236#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
237#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
238#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
239#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
240#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
241#define X509_V_ERR_CERT_REVOKED 23
242
243/* The application is not happy */
244#define X509_V_ERR_APPLICATION_VERIFICATION 50
245
246#ifndef NOPROTO
247#ifdef HEADER_LHASH_H
248X509_OBJECT *X509_OBJECT_retrive_by_subject(LHASH *h,int type,X509_NAME *name);
249#endif
250void X509_OBJECT_up_ref_count(X509_OBJECT *a);
251void X509_OBJECT_free_contents(X509_OBJECT *a);
252X509_STORE *X509_STORE_new(void );
253void X509_STORE_free(X509_STORE *v);
254
255void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
256 X509 *x509, STACK *chain);
257void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
258
259X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
260
261X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
262X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
263
264int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
265int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
266
267int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
268 X509_OBJECT *ret);
269
270int X509_LOOKUP_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,long argl,char **ret);
271
272#ifndef NO_STDIO
273int X509_load_cert_file(X509_LOOKUP *ctx, char *file, int type);
274int X509_load_crl_file(X509_LOOKUP *ctx, char *file, int type);
275#endif
276
277void X509v3_cleanup_extensions(void );
278int X509v3_add_extension(X509_EXTENSION_METHOD *x);
279int X509v3_add_netscape_extensions(void );
280int X509v3_add_standard_extensions(void );
281
282X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
283void X509_LOOKUP_free(X509_LOOKUP *ctx);
284int X509_LOOKUP_init(X509_LOOKUP *ctx);
285int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
286 X509_OBJECT *ret);
287int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
288 ASN1_INTEGER *serial, X509_OBJECT *ret);
289int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
290 unsigned char *bytes, int len, X509_OBJECT *ret);
291int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
292 int len, X509_OBJECT *ret);
293int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
294
295#ifndef NO_STDIO
296int X509_STORE_load_locations (X509_STORE *ctx,
297 char *file, char *dir);
298int X509_STORE_set_default_paths(X509_STORE *ctx);
299#endif
300
301int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
302 int (*dup_func)(), void (*free_func)());
303int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,char *data);
304char * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
305int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
306void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
307int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
308X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
309STACK * X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
310void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
311void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK /* X509 */ *sk);
312
313#else
314
315#ifdef HEADER_LHASH_H
316X509_OBJECT *X509_OBJECT_retrive_by_subject();
317#endif
318void X509_OBJECT_up_ref_count();
319void X509_OBJECT_free_contents();
320X509_STORE *X509_STORE_new();
321void X509_STORE_free();
322
323void X509_STORE_CTX_init();
324void X509_STORE_CTX_cleanup();
325
326X509_LOOKUP *X509_STORE_add_lookup();
327
328X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir();
329X509_LOOKUP_METHOD *X509_LOOKUP_file();
330
331int X509_STORE_add_cert();
332int X509_STORE_add_crl();
333
334int X509_STORE_get_by_subject();
335
336int X509_LOOKUP_ctrl();
337
338#ifndef NO_STDIO
339int X509_load_cert_file();
340int X509_load_crl_file();
341#endif
342
343void X509v3_cleanup_extensions();
344int X509v3_add_extension();
345int X509v3_add_netscape_extensions();
346int X509v3_add_standard_extensions();
347
348X509_LOOKUP *X509_LOOKUP_new();
349void X509_LOOKUP_free();
350int X509_LOOKUP_init();
351int X509_LOOKUP_by_subject();
352int X509_LOOKUP_by_issuer_serial();
353int X509_LOOKUP_by_fingerprint();
354int X509_LOOKUP_by_alias();
355int X509_LOOKUP_shutdown();
356
357#ifndef NO_STDIO
358int X509_STORE_load_locations ();
359int X509_STORE_set_default_paths();
360#endif
361
362int X509_STORE_CTX_set_ex_data();
363char * X509_STORE_CTX_get_ex_data();
364int X509_STORE_CTX_get_error();
365void X509_STORE_CTX_set_error();
366int X509_STORE_CTX_get_error_depth();
367X509 * X509_STORE_CTX_get_current_cert();
368STACK * X509_STORE_CTX_get_chain();
369void X509_STORE_CTX_set_cert();
370void X509_STORE_CTX_set_chain();
371
372#endif
373
374#ifdef __cplusplus
375}
376#endif
377#endif
378
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
new file mode 100644
index 0000000000..650e71b1b5
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509name.c
@@ -0,0 +1,358 @@
1/* crypto/x509/x509name.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "stack.h"
61#include "cryptlib.h"
62#include "asn1.h"
63#include "objects.h"
64#include "evp.h"
65#include "x509.h"
66
67int X509_NAME_get_text_by_NID(name,nid,buf,len)
68X509_NAME *name;
69int nid;
70char *buf;
71int len;
72 {
73 ASN1_OBJECT *obj;
74
75 obj=OBJ_nid2obj(nid);
76 if (obj == NULL) return(-1);
77 return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
78 }
79
80int X509_NAME_get_text_by_OBJ(name,obj,buf,len)
81X509_NAME *name;
82ASN1_OBJECT *obj;
83char *buf;
84int len;
85 {
86 int i;
87 ASN1_STRING *data;
88
89 i=X509_NAME_get_index_by_OBJ(name,obj,-1);
90 if (i < 0) return(-1);
91 data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
92 i=(data->length > (len-1))?(len-1):data->length;
93 if (buf == NULL) return(data->length);
94 memcpy(buf,data->data,i);
95 buf[i]='\0';
96 return(i);
97 }
98
99int X509_NAME_entry_count(name)
100X509_NAME *name;
101 {
102 if (name == NULL) return(0);
103 return(sk_num(name->entries));
104 }
105
106int X509_NAME_get_index_by_NID(name,nid,lastpos)
107X509_NAME *name;
108int nid;
109int lastpos;
110 {
111 ASN1_OBJECT *obj;
112
113 obj=OBJ_nid2obj(nid);
114 if (obj == NULL) return(-2);
115 return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
116 }
117
118/* NOTE: you should be passsing -1, not 0 as lastpos */
119int X509_NAME_get_index_by_OBJ(name,obj,lastpos)
120X509_NAME *name;
121ASN1_OBJECT *obj;
122int lastpos;
123 {
124 int n;
125 X509_NAME_ENTRY *ne;
126 STACK *sk;
127
128 if (name == NULL) return(-1);
129 if (lastpos < 0)
130 lastpos= -1;
131 sk=name->entries;
132 n=sk_num(sk);
133 for (lastpos++; lastpos < n; lastpos++)
134 {
135 ne=(X509_NAME_ENTRY *)sk_value(sk,lastpos);
136 if (OBJ_cmp(ne->object,obj) == 0)
137 return(lastpos);
138 }
139 return(-1);
140 }
141
142X509_NAME_ENTRY *X509_NAME_get_entry(name,loc)
143X509_NAME *name;
144int loc;
145 {
146 if ( (name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
147 return(NULL);
148 else
149 return((X509_NAME_ENTRY *)sk_value(name->entries,loc));
150 }
151
152X509_NAME_ENTRY *X509_NAME_delete_entry(name,loc)
153X509_NAME *name;
154int loc;
155 {
156 X509_NAME_ENTRY *ret;
157 int i,j,n,set_prev,set_next;
158 STACK *sk;
159
160 if ((name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
161 return(NULL);
162 sk=name->entries;
163 ret=(X509_NAME_ENTRY *)sk_delete(sk,loc);
164 n=sk_num(sk);
165 name->modified=1;
166 if (loc == n) return(ret);
167
168 /* else we need to fixup the set field */
169 if (loc != 0)
170 set_prev=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set;
171 else
172 set_prev=ret->set-1;
173 set_next=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
174
175 /* set_prev is the previous set
176 * set is the current set
177 * set_next is the following
178 * prev 1 1 1 1 1 1 1 1
179 * set 1 1 2 2
180 * next 1 1 2 2 2 2 3 2
181 * so basically only if prev and next differ by 2, then
182 * re-number down by 1 */
183 if (set_prev+1 < set_next)
184 {
185 j=set_next-set_prev-1;
186 for (i=loc; i<n; i++)
187 ((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set-=j;
188 }
189 return(ret);
190 }
191
192/* if set is -1, append to previous set, 0 'a new one', and 1,
193 * prepend to the guy we are about to stomp on. */
194int X509_NAME_add_entry(name,ne,loc,set)
195X509_NAME *name;
196X509_NAME_ENTRY *ne;
197int loc;
198int set;
199 {
200 X509_NAME_ENTRY *new_name=NULL;
201 int n,i,inc;
202 STACK *sk;
203
204 if (name == NULL) return(0);
205 sk=name->entries;
206 n=sk_num(sk);
207 if (loc > n) loc=n;
208 else if (loc < 0) loc=n;
209
210 name->modified=1;
211
212 if (set == -1)
213 {
214 if (loc == 0)
215 {
216 set=0;
217 inc=1;
218 }
219 else
220 {
221 set=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set;
222 inc=0;
223 }
224 }
225 else /* if (set >= 0) */
226 {
227 if (loc >= n)
228 {
229 if (loc != 0)
230 set=((X509_NAME_ENTRY *)
231 sk_value(sk,loc-1))->set+1;
232 else
233 set=0;
234 }
235 else
236 set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
237 inc=(set == 0)?1:0;
238 }
239
240 if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
241 goto err;
242 new_name->set=set;
243 if (!sk_insert(sk,(char *)new_name,loc))
244 {
245 X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
246 goto err;
247 }
248 if (inc)
249 {
250 n=sk_num(sk);
251 for (i=loc+1; i<n; i++)
252 ((X509_NAME_ENTRY *)sk_value(sk,i-1))->set+=1;
253 }
254 return(1);
255err:
256 if (new_name != NULL)
257 X509_NAME_ENTRY_free(ne);
258 return(0);
259 }
260
261X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(ne,nid,type,bytes,len)
262X509_NAME_ENTRY **ne;
263int nid;
264int type;
265unsigned char *bytes;
266int len;
267 {
268 ASN1_OBJECT *obj;
269
270 obj=OBJ_nid2obj(nid);
271 if (obj == NULL)
272 {
273 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
274 return(NULL);
275 }
276 return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len));
277 }
278
279X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len)
280X509_NAME_ENTRY **ne;
281ASN1_OBJECT *obj;
282int type;
283unsigned char *bytes;
284int len;
285 {
286 X509_NAME_ENTRY *ret;
287
288 if ((ne == NULL) || (*ne == NULL))
289 {
290 if ((ret=X509_NAME_ENTRY_new()) == NULL)
291 return(NULL);
292 }
293 else
294 ret= *ne;
295
296 if (!X509_NAME_ENTRY_set_object(ret,obj))
297 goto err;
298 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
299 goto err;
300
301 if ((ne != NULL) && (*ne == NULL)) *ne=ret;
302 return(ret);
303err:
304 if ((ne == NULL) || (ret != *ne))
305 X509_NAME_ENTRY_free(ret);
306 return(NULL);
307 }
308
309int X509_NAME_ENTRY_set_object(ne,obj)
310X509_NAME_ENTRY *ne;
311ASN1_OBJECT *obj;
312 {
313 if ((ne == NULL) || (obj == NULL))
314 {
315 X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
316 return(0);
317 }
318 ASN1_OBJECT_free(ne->object);
319 ne->object=OBJ_dup(obj);
320 return((ne->object == NULL)?0:1);
321 }
322
323int X509_NAME_ENTRY_set_data(ne,type,bytes,len)
324X509_NAME_ENTRY *ne;
325int type;
326unsigned char *bytes;
327int len;
328 {
329 int i;
330
331 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
332 if (len < 0) len=strlen((char *)bytes);
333 i=ASN1_STRING_set(ne->value,bytes,len);
334 if (!i) return(0);
335 if (type != V_ASN1_UNDEF)
336 {
337 if (type == V_ASN1_APP_CHOOSE)
338 ne->value->type=ASN1_PRINTABLE_type(bytes,len);
339 else
340 ne->value->type=type;
341 }
342 return(1);
343 }
344
345ASN1_OBJECT *X509_NAME_ENTRY_get_object(ne)
346X509_NAME_ENTRY *ne;
347 {
348 if (ne == NULL) return(NULL);
349 return(ne->object);
350 }
351
352ASN1_STRING *X509_NAME_ENTRY_get_data(ne)
353X509_NAME_ENTRY *ne;
354 {
355 if (ne == NULL) return(NULL);
356 return(ne->value);
357 }
358
diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c
new file mode 100644
index 0000000000..323b25470a
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509rset.c
@@ -0,0 +1,89 @@
1/* crypto/x509/x509rset.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "asn1.h"
62#include "objects.h"
63#include "evp.h"
64#include "x509.h"
65
66int X509_REQ_set_version(x,version)
67X509_REQ *x;
68long version;
69 {
70 if (x == NULL) return(0);
71 return(ASN1_INTEGER_set(x->req_info->version,version));
72 }
73
74int X509_REQ_set_subject_name(x,name)
75X509_REQ *x;
76X509_NAME *name;
77 {
78 if ((x == NULL) || (x->req_info == NULL)) return(0);
79 return(X509_NAME_set(&x->req_info->subject,name));
80 }
81
82int X509_REQ_set_pubkey(x,pkey)
83X509_REQ *x;
84EVP_PKEY *pkey;
85 {
86 if ((x == NULL) || (x->req_info == NULL)) return(0);
87 return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
88 }
89
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
new file mode 100644
index 0000000000..42c23bcfca
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509type.c
@@ -0,0 +1,115 @@
1/* crypto/x509/x509type.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "evp.h"
62#include "objects.h"
63#include "x509.h"
64
65int X509_certificate_type(x,pkey)
66X509 *x;
67EVP_PKEY *pkey;
68 {
69 EVP_PKEY *pk;
70 int ret=0,i;
71
72 if (x == NULL) return(0);
73
74 if (pkey == NULL)
75 pk=X509_get_pubkey(x);
76 else
77 pk=pkey;
78
79 if (pk == NULL) return(0);
80
81 switch (pk->type)
82 {
83 case EVP_PKEY_RSA:
84 ret=EVP_PK_RSA|EVP_PKT_SIGN;
85/* if (!sign only extension) */
86 ret|=EVP_PKT_ENC;
87 break;
88 case EVP_PKEY_DSA:
89 ret=EVP_PK_DSA|EVP_PKT_SIGN;
90 break;
91 case EVP_PKEY_DH:
92 ret=EVP_PK_DH|EVP_PKT_EXCH;
93 break;
94 default:
95 break;
96 }
97
98 i=X509_get_signature_type(x);
99 switch (i)
100 {
101 case EVP_PKEY_RSA:
102 ret|=EVP_PKS_RSA;
103 break;
104 case EVP_PKS_DSA:
105 ret|=EVP_PKS_DSA;
106 break;
107 default:
108 break;
109 }
110
111 if (EVP_PKEY_size(pkey) <= 512)
112 ret|=EVP_PKT_EXP;
113 return(ret);
114 }
115
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
new file mode 100644
index 0000000000..b7dde23e9a
--- /dev/null
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -0,0 +1,465 @@
1/* crypto/x509/x_all.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#undef SSLEAY_MACROS
61#include "stack.h"
62#include "cryptlib.h"
63#include "buffer.h"
64#include "asn1.h"
65#include "evp.h"
66#include "x509.h"
67
68int X509_verify(a,r)
69X509 *a;
70EVP_PKEY *r;
71 {
72 return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,
73 a->signature,(char *)a->cert_info,r));
74 }
75
76int X509_REQ_verify(a,r)
77X509_REQ *a;
78EVP_PKEY *r;
79 {
80 return( ASN1_verify((int (*)())i2d_X509_REQ_INFO,
81 a->sig_alg,a->signature,(char *)a->req_info,r));
82 }
83
84int X509_CRL_verify(a,r)
85X509_CRL *a;
86EVP_PKEY *r;
87 {
88 return(ASN1_verify((int (*)())i2d_X509_CRL_INFO,
89 a->sig_alg, a->signature,(char *)a->crl,r));
90 }
91
92int NETSCAPE_SPKI_verify(a,r)
93NETSCAPE_SPKI *a;
94EVP_PKEY *r;
95 {
96 return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC,
97 a->sig_algor,a->signature, (char *)a->spkac,r));
98 }
99
100int X509_sign(x,pkey,md)
101X509 *x;
102EVP_PKEY *pkey;
103EVP_MD *md;
104 {
105 return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature,
106 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md));
107 }
108
109int X509_REQ_sign(x,pkey,md)
110X509_REQ *x;
111EVP_PKEY *pkey;
112EVP_MD *md;
113 {
114 return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL,
115 x->signature, (char *)x->req_info,pkey,md));
116 }
117
118int X509_CRL_sign(x,pkey,md)
119X509_CRL *x;
120EVP_PKEY *pkey;
121EVP_MD *md;
122 {
123 return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,
124 x->sig_alg, x->signature, (char *)x->crl,pkey,md));
125 }
126
127int NETSCAPE_SPKI_sign(x,pkey,md)
128NETSCAPE_SPKI *x;
129EVP_PKEY *pkey;
130EVP_MD *md;
131 {
132 return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL,
133 x->signature, (char *)x->spkac,pkey,md));
134 }
135
136X509 *X509_dup(x509)
137X509 *x509;
138 {
139 return((X509 *)ASN1_dup((int (*)())i2d_X509,
140 (char *(*)())d2i_X509,(char *)x509));
141 }
142
143X509_EXTENSION *X509_EXTENSION_dup(ex)
144X509_EXTENSION *ex;
145 {
146 return((X509_EXTENSION *)ASN1_dup(
147 (int (*)())i2d_X509_EXTENSION,
148 (char *(*)())d2i_X509_EXTENSION,(char *)ex));
149 }
150
151#ifndef NO_FP_API
152X509 *d2i_X509_fp(fp,x509)
153FILE *fp;
154X509 *x509;
155 {
156 return((X509 *)ASN1_d2i_fp((char *(*)())X509_new,
157 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)));
158 }
159
160int i2d_X509_fp(fp,x509)
161FILE *fp;
162X509 *x509;
163 {
164 return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509));
165 }
166#endif
167
168X509 *d2i_X509_bio(bp,x509)
169BIO *bp;
170X509 *x509;
171 {
172 return((X509 *)ASN1_d2i_bio((char *(*)())X509_new,
173 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)));
174 }
175
176int i2d_X509_bio(bp,x509)
177BIO *bp;
178X509 *x509;
179 {
180 return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509));
181 }
182
183X509_CRL *X509_CRL_dup(crl)
184X509_CRL *crl;
185 {
186 return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL,
187 (char *(*)())d2i_X509_CRL,(char *)crl));
188 }
189
190#ifndef NO_FP_API
191X509_CRL *d2i_X509_CRL_fp(fp,crl)
192FILE *fp;
193X509_CRL *crl;
194 {
195 return((X509_CRL *)ASN1_d2i_fp((char *(*)())
196 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),
197 (unsigned char **)(crl)));
198 }
199
200int i2d_X509_CRL_fp(fp,crl)
201FILE *fp;
202X509_CRL *crl;
203 {
204 return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl));
205 }
206#endif
207
208X509_CRL *d2i_X509_CRL_bio(bp,crl)
209BIO *bp;
210X509_CRL *crl;
211 {
212 return((X509_CRL *)ASN1_d2i_bio((char *(*)())
213 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),
214 (unsigned char **)(crl)));
215 }
216
217int i2d_X509_CRL_bio(bp,crl)
218BIO *bp;
219X509_CRL *crl;
220 {
221 return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl));
222 }
223
224PKCS7 *PKCS7_dup(p7)
225PKCS7 *p7;
226 {
227 return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7,
228 (char *(*)())d2i_PKCS7,(char *)p7));
229 }
230
231#ifndef NO_FP_API
232PKCS7 *d2i_PKCS7_fp(fp,p7)
233FILE *fp;
234PKCS7 *p7;
235 {
236 return((PKCS7 *)ASN1_d2i_fp((char *(*)())
237 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),
238 (unsigned char **)(p7)));
239 }
240
241int i2d_PKCS7_fp(fp,p7)
242FILE *fp;
243PKCS7 *p7;
244 {
245 return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7));
246 }
247#endif
248
249PKCS7 *d2i_PKCS7_bio(bp,p7)
250BIO *bp;
251PKCS7 *p7;
252 {
253 return((PKCS7 *)ASN1_d2i_bio((char *(*)())
254 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),
255 (unsigned char **)(p7)));
256 }
257
258int i2d_PKCS7_bio(bp,p7)
259BIO *bp;
260PKCS7 *p7;
261 {
262 return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7));
263 }
264
265X509_REQ *X509_REQ_dup(req)
266X509_REQ *req;
267 {
268 return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ,
269 (char *(*)())d2i_X509_REQ,(char *)req));
270 }
271
272#ifndef NO_FP_API
273X509_REQ *d2i_X509_REQ_fp(fp,req)
274FILE *fp;
275X509_REQ *req;
276 {
277 return((X509_REQ *)ASN1_d2i_fp((char *(*)())
278 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),
279 (unsigned char **)(req)));
280 }
281
282int i2d_X509_REQ_fp(fp,req)
283FILE *fp;
284X509_REQ *req;
285 {
286 return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req));
287 }
288#endif
289
290X509_REQ *d2i_X509_REQ_bio(bp,req)
291BIO *bp;
292X509_REQ *req;
293 {
294 return((X509_REQ *)ASN1_d2i_bio((char *(*)())
295 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),
296 (unsigned char **)(req)));
297 }
298
299int i2d_X509_REQ_bio(bp,req)
300BIO *bp;
301X509_REQ *req;
302 {
303 return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req));
304 }
305
306#ifndef NO_RSA
307RSA *RSAPublicKey_dup(rsa)
308RSA *rsa;
309 {
310 return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey,
311 (char *(*)())d2i_RSAPublicKey,(char *)rsa));
312 }
313
314RSA *RSAPrivateKey_dup(rsa)
315RSA *rsa;
316 {
317 return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey,
318 (char *(*)())d2i_RSAPrivateKey,(char *)rsa));
319 }
320
321#ifndef NO_FP_API
322RSA *d2i_RSAPrivateKey_fp(fp,rsa)
323FILE *fp;
324RSA *rsa;
325 {
326 return((RSA *)ASN1_d2i_fp((char *(*)())
327 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp),
328 (unsigned char **)(rsa)));
329 }
330
331int i2d_RSAPrivateKey_fp(fp,rsa)
332FILE *fp;
333RSA *rsa;
334 {
335 return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa));
336 }
337
338RSA *d2i_RSAPublicKey_fp(fp,rsa)
339FILE *fp;
340RSA *rsa;
341 {
342 return((RSA *)ASN1_d2i_fp((char *(*)())
343 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp),
344 (unsigned char **)(rsa)));
345 }
346
347int i2d_RSAPublicKey_fp(fp,rsa)
348FILE *fp;
349RSA *rsa;
350 {
351 return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
352 }
353#endif
354
355RSA *d2i_RSAPrivateKey_bio(bp,rsa)
356BIO *bp;
357RSA *rsa;
358 {
359 return((RSA *)ASN1_d2i_bio((char *(*)())
360 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp),
361 (unsigned char **)(rsa)));
362 }
363
364int i2d_RSAPrivateKey_bio(bp,rsa)
365BIO *bp;
366RSA *rsa;
367 {
368 return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa));
369 }
370
371RSA *d2i_RSAPublicKey_bio(bp,rsa)
372BIO *bp;
373RSA *rsa;
374 {
375 return((RSA *)ASN1_d2i_bio((char *(*)())
376 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp),
377 (unsigned char **)(rsa)));
378 }
379
380int i2d_RSAPublicKey_bio(bp,rsa)
381BIO *bp;
382RSA *rsa;
383 {
384 return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
385 }
386#endif
387
388#ifndef NO_DSA
389#ifndef NO_FP_API
390DSA *d2i_DSAPrivateKey_fp(fp,dsa)
391FILE *fp;
392DSA *dsa;
393 {
394 return((DSA *)ASN1_d2i_fp((char *(*)())
395 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
396 (unsigned char **)(dsa)));
397 }
398
399int i2d_DSAPrivateKey_fp(fp,dsa)
400FILE *fp;
401DSA *dsa;
402 {
403 return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
404 }
405#endif
406
407DSA *d2i_DSAPrivateKey_bio(bp,dsa)
408BIO *bp;
409DSA *dsa;
410 {
411 return((DSA *)ASN1_d2i_bio((char *(*)())
412 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
413 (unsigned char **)(dsa)));
414 }
415
416int i2d_DSAPrivateKey_bio(bp,dsa)
417BIO *bp;
418DSA *dsa;
419 {
420 return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
421 }
422#endif
423
424X509_NAME *X509_NAME_dup(xn)
425X509_NAME *xn;
426 {
427 return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME,
428 (char *(*)())d2i_X509_NAME,(char *)xn));
429 }
430
431X509_NAME_ENTRY *X509_NAME_ENTRY_dup(ne)
432X509_NAME_ENTRY *ne;
433 {
434 return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY,
435 (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
436 }
437
438int X509_digest(data,type,md,len)
439X509 *data;
440EVP_MD *type;
441unsigned char *md;
442unsigned int *len;
443 {
444 return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
445 }
446
447int X509_NAME_digest(data,type,md,len)
448X509_NAME *data;
449EVP_MD *type;
450unsigned char *md;
451unsigned int *len;
452 {
453 return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
454 }
455
456int PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len)
457PKCS7_ISSUER_AND_SERIAL *data;
458EVP_MD *type;
459unsigned char *md;
460unsigned int *len;
461 {
462 return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
463 (char *)data,md,len));
464 }
465
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 13:06:27 +0000