1 files changed, 329 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
new file mode 100644
index 0000000000..c1cb86e1b7
--- /dev/null
+++ b/src/lib/libssl/ssl_cert.c
@@ -0,0 +1,329 @@
+/* ssl/ssl_cert.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "objects.h"
+#include "bio.h"
+#include "pem.h"
+#include "ssl_locl.h"
+CERT *ssl_cert_new()
+        {
+        CERT *ret;
+        ret=(CERT *)Malloc(sizeof(CERT));
+        if (ret == NULL)
+                {
+                SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        memset(ret,0,sizeof(CERT));
+/*
+        ret->valid=0;
+        ret->mask=0;
+        ret->export_mask=0;
+        ret->cert_type=0;
+        ret->key->x509=NULL;
+        ret->key->publickey=NULL;
+        ret->key->privatekey=NULL; */
+        ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
+        ret->references=1;
+        return(ret);
+        }
+void ssl_cert_free(c)
+CERT *c;
+        {
+        int i;
+        i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
+#ifdef REF_PRINT
+        REF_PRINT("CERT",c);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"ssl_cert_free, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+#ifndef NO_RSA
+        if (c->rsa_tmp) RSA_free(c->rsa_tmp);
+#endif
+#ifndef NO_DH
+        if (c->dh_tmp) DH_free(c->dh_tmp);
+#endif
+        for (i=0; i<SSL_PKEY_NUM; i++)
+                {
+                if (c->pkeys[i].x509 != NULL)
+                        X509_free(c->pkeys[i].x509);
+                if (c->pkeys[i].privatekey != NULL)
+                        EVP_PKEY_free(c->pkeys[i].privatekey);
+#if 0
+                if (c->pkeys[i].publickey != NULL)
+                        EVP_PKEY_free(c->pkeys[i].publickey);
+#endif
+                }
+        if (c->cert_chain != NULL)
+                sk_pop_free(c->cert_chain,X509_free);
+        Free(c);
+        }
+int ssl_set_cert_type(c, type)
+CERT *c;
+int type;
+        {
+        c->cert_type=type;
+        return(1);
+        }
+int ssl_verify_cert_chain(s,sk)
+SSL *s;
+STACK *sk;
+        {
+        X509 *x;
+        int i;
+        X509_STORE_CTX ctx;
+        if ((sk == NULL) || (sk_num(sk) == 0))
+                return(0);
+        x=(X509 *)sk_value(sk,0);
+        X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
+        X509_STORE_CTX_set_app_data(&ctx,(char *)s);
+        if (s->ctx->app_verify_callback != NULL)
+                i=s->ctx->app_verify_callback(&ctx);
+        else
+                i=X509_verify_cert(&ctx);
+        X509_STORE_CTX_cleanup(&ctx);
+        s->verify_result=ctx.error;
+        return(i);
+        }
+static void set_client_CA_list(ca_list,list)
+STACK **ca_list;
+STACK *list;
+        {
+        if (*ca_list != NULL)
+                sk_pop_free(*ca_list,X509_NAME_free);
+        *ca_list=list;
+        }
+STACK *SSL_dup_CA_list(sk)
+STACK *sk;
+        {
+        int i;
+        STACK *ret;
+        X509_NAME *name;
+        ret=sk_new_null();
+        for (i=0; i<sk_num(sk); i++)
+                {
+                name=X509_NAME_dup((X509_NAME *)sk_value(sk,i));
+                if ((name == NULL) || !sk_push(ret,(char *)name))
+                        {
+                        sk_pop_free(ret,X509_NAME_free);
+                        return(NULL);
+                        }
+                }
+        return(ret);
+        }
+void SSL_set_client_CA_list(s,list)
+SSL *s;
+STACK *list;
+        {
+        set_client_CA_list(&(s->client_CA),list);
+        }
+void SSL_CTX_set_client_CA_list(ctx,list)
+SSL_CTX *ctx;
+STACK *list;
+        {
+        set_client_CA_list(&(ctx->client_CA),list);
+        }
+STACK *SSL_CTX_get_client_CA_list(ctx)
+SSL_CTX *ctx;
+        {
+        return(ctx->client_CA);
+        }
+STACK *SSL_get_client_CA_list(s)
+SSL *s;
+        {
+        if (s->type == SSL_ST_CONNECT)
+                { /* we are in the client */
+                if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
+                        (s->s3 != NULL))
+                        return(s->s3->tmp.ca_names);
+                else
+                        return(NULL);
+                }
+        else
+                {
+                if (s->client_CA != NULL)
+                        return(s->client_CA);
+                else
+                        return(s->ctx->client_CA);
+                }
+        }
+static int add_client_CA(sk,x)
+STACK **sk;
+X509 *x;
+        {
+        X509_NAME *name;
+        if (x == NULL) return(0);
+        if ((*sk == NULL) && ((*sk=sk_new_null()) == NULL))
+                return(0);
+                
+        if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
+                return(0);
+        if (!sk_push(*sk,(char *)name))
+                {
+                X509_NAME_free(name);
+                return(0);
+                }
+        return(1);
+        }
+int SSL_add_client_CA(ssl,x)
+SSL *ssl;
+X509 *x;
+        {
+        return(add_client_CA(&(ssl->client_CA),x));
+        }
+int SSL_CTX_add_client_CA(ctx,x)
+SSL_CTX *ctx;
+X509 *x;
+        {
+        return(add_client_CA(&(ctx->client_CA),x));
+        }
+static int name_cmp(a,b)
+X509_NAME **a,**b;
+        {
+        return(X509_NAME_cmp(*a,*b));
+        }
+#ifndef NO_STDIO
+STACK *SSL_load_client_CA_file(file)
+char *file;
+        {
+        BIO *in;
+        X509 *x=NULL;
+        X509_NAME *xn=NULL;
+        STACK *ret,*sk;
+        ret=sk_new(NULL);
+        sk=sk_new(name_cmp);
+        in=BIO_new(BIO_s_file_internal());
+        if ((ret == NULL) || (sk == NULL) || (in == NULL))
+                {
+                SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        
+        if (!BIO_read_filename(in,file))
+                goto err;
+        for (;;)
+                {
+                if (PEM_read_bio_X509(in,&x,NULL) == NULL)
+                        break;
+                if ((xn=X509_get_subject_name(x)) == NULL) goto err;
+                /* check for duplicates */
+                xn=X509_NAME_dup(xn);
+                if (xn == NULL) goto err;
+                if (sk_find(sk,(char *)xn) >= 0)
+                        X509_NAME_free(xn);
+                else
+                        {
+                        sk_push(sk,(char *)xn);
+                        sk_push(ret,(char *)xn);
+                        }
+                }
+        if (0)
+                {
+err:
+                if (ret != NULL) sk_pop_free(ret,X509_NAME_free);
+                ret=NULL;
+                }
+        if (sk != NULL) sk_free(sk);
+        if (in != NULL) BIO_free(in);
+        if (x != NULL) X509_free(x);
+        return(ret);
+        }
+#endif

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c new file mode 100644 index 0000000000..c1cb86e1b7 --- /dev/null +++ b/src/lib/libssl/ssl_cert.c
@@ -0,0 +1,329 @@
	1	/* ssl/ssl_cert.c */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include "objects.h"
	61	#include "bio.h"
	62	#include "pem.h"
	63	#include "ssl_locl.h"
	64
	65	CERT *ssl_cert_new()
	66	{
	67	CERT *ret;
	68
	69	ret=(CERT *)Malloc(sizeof(CERT));
	70	if (ret == NULL)
	71	{
	72	SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
	73	return(NULL);
	74	}
	75	memset(ret,0,sizeof(CERT));
	76	/*
	77	ret->valid=0;
	78	ret->mask=0;
	79	ret->export_mask=0;
	80	ret->cert_type=0;
	81	ret->key->x509=NULL;
	82	ret->key->publickey=NULL;
	83	ret->key->privatekey=NULL; */
	84
	85	ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
	86	ret->references=1;
	87
	88	return(ret);
	89	}
	90
	91	void ssl_cert_free(c)
	92	CERT *c;
	93	{
	94	int i;
	95
	96	i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
	97	#ifdef REF_PRINT
	98	REF_PRINT("CERT",c);
	99	#endif
	100	if (i > 0) return;
	101	#ifdef REF_CHECK
	102	if (i < 0)
	103	{
	104	fprintf(stderr,"ssl_cert_free, bad reference count\n");
	105	abort(); /* ok */
	106	}
	107	#endif
	108
	109	#ifndef NO_RSA
	110	if (c->rsa_tmp) RSA_free(c->rsa_tmp);
	111	#endif
	112	#ifndef NO_DH
	113	if (c->dh_tmp) DH_free(c->dh_tmp);
	114	#endif
	115
	116	for (i=0; i<SSL_PKEY_NUM; i++)
	117	{
	118	if (c->pkeys[i].x509 != NULL)
	119	X509_free(c->pkeys[i].x509);
	120	if (c->pkeys[i].privatekey != NULL)
	121	EVP_PKEY_free(c->pkeys[i].privatekey);
	122	#if 0
	123	if (c->pkeys[i].publickey != NULL)
	124	EVP_PKEY_free(c->pkeys[i].publickey);
	125	#endif
	126	}
	127	if (c->cert_chain != NULL)
	128	sk_pop_free(c->cert_chain,X509_free);
	129	Free(c);
	130	}
	131
	132	int ssl_set_cert_type(c, type)
	133	CERT *c;
	134	int type;
	135	{
	136	c->cert_type=type;
	137	return(1);
	138	}
	139
	140	int ssl_verify_cert_chain(s,sk)
	141	SSL *s;
	142	STACK *sk;
	143	{
	144	X509 *x;
	145	int i;
	146	X509_STORE_CTX ctx;
	147
	148	if ((sk == NULL) \|\| (sk_num(sk) == 0))
	149	return(0);
	150
	151	x=(X509 *)sk_value(sk,0);
	152	X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
	153	X509_STORE_CTX_set_app_data(&ctx,(char *)s);
	154
	155	if (s->ctx->app_verify_callback != NULL)
	156	i=s->ctx->app_verify_callback(&ctx);
	157	else
	158	i=X509_verify_cert(&ctx);
	159
	160	X509_STORE_CTX_cleanup(&ctx);
	161	s->verify_result=ctx.error;
	162
	163	return(i);
	164	}
	165
	166	static void set_client_CA_list(ca_list,list)
	167	STACK **ca_list;
	168	STACK *list;
	169	{
	170	if (*ca_list != NULL)
	171	sk_pop_free(*ca_list,X509_NAME_free);
	172
	173	*ca_list=list;
	174	}
	175
	176	STACK *SSL_dup_CA_list(sk)
	177	STACK *sk;
	178	{
	179	int i;
	180	STACK *ret;
	181	X509_NAME *name;
	182
	183	ret=sk_new_null();
	184	for (i=0; i<sk_num(sk); i++)
	185	{
	186	name=X509_NAME_dup((X509_NAME *)sk_value(sk,i));
	187	if ((name == NULL) \|\| !sk_push(ret,(char *)name))
	188	{
	189	sk_pop_free(ret,X509_NAME_free);
	190	return(NULL);
	191	}
	192	}
	193	return(ret);
	194	}
	195
	196	void SSL_set_client_CA_list(s,list)
	197	SSL *s;
	198	STACK *list;
	199	{
	200	set_client_CA_list(&(s->client_CA),list);
	201	}
	202
	203	void SSL_CTX_set_client_CA_list(ctx,list)
	204	SSL_CTX *ctx;
	205	STACK *list;
	206	{
	207	set_client_CA_list(&(ctx->client_CA),list);
	208	}
	209
	210	STACK *SSL_CTX_get_client_CA_list(ctx)
	211	SSL_CTX *ctx;
	212	{
	213	return(ctx->client_CA);
	214	}
	215
	216	STACK *SSL_get_client_CA_list(s)
	217	SSL *s;
	218	{
	219	if (s->type == SSL_ST_CONNECT)
	220	{ /* we are in the client */
	221	if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
	222	(s->s3 != NULL))
	223	return(s->s3->tmp.ca_names);
	224	else
	225	return(NULL);
	226	}
	227	else
	228	{
	229	if (s->client_CA != NULL)
	230	return(s->client_CA);
	231	else
	232	return(s->ctx->client_CA);
	233	}
	234	}
	235
	236	static int add_client_CA(sk,x)
	237	STACK **sk;
	238	X509 *x;
	239	{
	240	X509_NAME *name;
	241
	242	if (x == NULL) return(0);
	243	if ((sk == NULL) && ((sk=sk_new_null()) == NULL))
	244	return(0);
	245
	246	if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
	247	return(0);
	248
	249	if (!sk_push(sk,(char )name))
	250	{
	251	X509_NAME_free(name);
	252	return(0);
	253	}
	254	return(1);
	255	}
	256
	257	int SSL_add_client_CA(ssl,x)
	258	SSL *ssl;
	259	X509 *x;
	260	{
	261	return(add_client_CA(&(ssl->client_CA),x));
	262	}
	263
	264	int SSL_CTX_add_client_CA(ctx,x)
	265	SSL_CTX *ctx;
	266	X509 *x;
	267	{
	268	return(add_client_CA(&(ctx->client_CA),x));
	269	}
	270
	271	static int name_cmp(a,b)
	272	X509_NAME a,b;
	273	{
	274	return(X509_NAME_cmp(a,b));
	275	}
	276
	277	#ifndef NO_STDIO
	278	STACK *SSL_load_client_CA_file(file)
	279	char *file;
	280	{
	281	BIO *in;
	282	X509 *x=NULL;
	283	X509_NAME *xn=NULL;
	284	STACK ret,sk;
	285
	286	ret=sk_new(NULL);
	287	sk=sk_new(name_cmp);
	288
	289	in=BIO_new(BIO_s_file_internal());
	290
	291	if ((ret == NULL) \|\| (sk == NULL) \|\| (in == NULL))
	292	{
	293	SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
	294	goto err;
	295	}
	296
	297	if (!BIO_read_filename(in,file))
	298	goto err;
	299
	300	for (;;)
	301	{
	302	if (PEM_read_bio_X509(in,&x,NULL) == NULL)
	303	break;
	304	if ((xn=X509_get_subject_name(x)) == NULL) goto err;
	305	/* check for duplicates */
	306	xn=X509_NAME_dup(xn);
	307	if (xn == NULL) goto err;
	308	if (sk_find(sk,(char *)xn) >= 0)
	309	X509_NAME_free(xn);
	310	else
	311	{
	312	sk_push(sk,(char *)xn);
	313	sk_push(ret,(char *)xn);
	314	}
	315	}
	316
	317	if (0)
	318	{
	319	err:
	320	if (ret != NULL) sk_pop_free(ret,X509_NAME_free);
	321	ret=NULL;
	322	}
	323	if (sk != NULL) sk_free(sk);
	324	if (in != NULL) BIO_free(in);
	325	if (x != NULL) X509_free(x);
	326	return(ret);
	327	}
	328	#endif
	329