abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-13 08:23:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Zhi Guan
2015-08-15 15:02:15 +08:00
parent 06df2fab54
commit 3bdc0ea895
2536 changed files with 417052 additions and 271997 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
crypto/x509/Makefile
View File

@@ -13,7 +13,7 @@ AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile README
TEST=
TEST=verify_extra_test.c
APPS=
LIB=$(TOP)/libcrypto.a
@@ -33,7 +33,7 @@ LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
SRC= $(LIBSRC)
EXHEADER= x509.h x509_vfy.h
HEADER= $(EXHEADER)
HEADER= $(EXHEADER) vpm_int.h
ALL= $(GENERAL) $(SRC) $(HEADER)
@@ -71,6 +71,8 @@ tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
@@ -312,7 +314,7 @@ x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x509_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x509_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
x509_vfy.o: ../cryptlib.h x509_vfy.c
x509_vfy.o: ../cryptlib.h vpm_int.h x509_vfy.c
x509_vpm.o: ../../e_os.h ../../include/openssl/asn1.h
x509_vpm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@@ -326,7 +328,7 @@ x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x509_vpm.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x509_vpm.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
x509_vpm.o: ../cryptlib.h x509_vpm.c
x509_vpm.o: ../cryptlib.h vpm_int.h x509_vpm.c
x509cset.o: ../../e_os.h ../../include/openssl/asn1.h
x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -393,15 +395,17 @@ x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x509type.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x509type.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509type.c
x_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
x_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
x_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
x_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
x_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_all.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
x_all.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
x_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
x_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
x_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c
x_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
x_all.o: ../cryptlib.h x_all.c

690
crypto/x509/by_dir.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -72,411 +72,365 @@
#include <openssl/lhash.h>
#include <openssl/x509.h>
typedef struct lookup_dir_hashes_st {
unsigned long hash;
int suffix;
} BY_DIR_HASH;
typedef struct lookup_dir_hashes_st
{
unsigned long hash;
int suffix;
} BY_DIR_HASH;
typedef struct lookup_dir_entry_st {
char *dir;
int dir_type;
STACK_OF(BY_DIR_HASH) *hashes;
} BY_DIR_ENTRY;
typedef struct lookup_dir_entry_st
{
char *dir;
int dir_type;
STACK_OF(BY_DIR_HASH) *hashes;
} BY_DIR_ENTRY;
typedef struct lookup_dir_st
{
BUF_MEM *buffer;
STACK_OF(BY_DIR_ENTRY) *dirs;
} BY_DIR;
typedef struct lookup_dir_st {
BUF_MEM *buffer;
STACK_OF(BY_DIR_ENTRY) *dirs;
} BY_DIR;
DECLARE_STACK_OF(BY_DIR_HASH)
DECLARE_STACK_OF(BY_DIR_ENTRY)
static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
char **ret);
char **ret);
static int new_dir(X509_LOOKUP *lu);
static void free_dir(X509_LOOKUP *lu);
static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
X509_OBJECT *ret);
X509_LOOKUP_METHOD x509_dir_lookup=
{
"Load certs from files in a directory",
new_dir, /* new */
free_dir, /* free */
NULL, /* init */
NULL, /* shutdown */
dir_ctrl, /* ctrl */
get_cert_by_subject, /* get_by_subject */
NULL, /* get_by_issuer_serial */
NULL, /* get_by_fingerprint */
NULL, /* get_by_alias */
};
static int add_cert_dir(BY_DIR *ctx, const char *dir, int type);
static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
X509_OBJECT *ret);
X509_LOOKUP_METHOD x509_dir_lookup = {
"Load certs from files in a directory",
new_dir, /* new */
free_dir, /* free */
NULL, /* init */
NULL, /* shutdown */
dir_ctrl, /* ctrl */
get_cert_by_subject, /* get_by_subject */
NULL, /* get_by_issuer_serial */
NULL, /* get_by_fingerprint */
NULL, /* get_by_alias */
};
X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
{
return(&x509_dir_lookup);
}
{
return (&x509_dir_lookup);
}
static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
char **retp)
{
int ret=0;
BY_DIR *ld;
char *dir = NULL;
char **retp)
{
int ret = 0;
BY_DIR *ld;
char *dir = NULL;
ld=(BY_DIR *)ctx->method_data;
ld = (BY_DIR *)ctx->method_data;
switch (cmd)
{
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT)
{
dir=(char *)getenv(X509_get_default_cert_dir_env());
if (dir)
ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
else
ret=add_cert_dir(ld,X509_get_default_cert_dir(),
X509_FILETYPE_PEM);
if (!ret)
{
X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
}
}
else
ret=add_cert_dir(ld,argp,(int)argl);
break;
}
return(ret);
}
switch (cmd) {
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT) {
dir = (char *)getenv(X509_get_default_cert_dir_env());
if (dir)
ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
else
ret = add_cert_dir(ld, X509_get_default_cert_dir(),
X509_FILETYPE_PEM);
if (!ret) {
X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR);
}
} else
ret = add_cert_dir(ld, argp, (int)argl);
break;
}
return (ret);
}
static int new_dir(X509_LOOKUP *lu)
{
BY_DIR *a;
{
BY_DIR *a;
if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
return(0);
if ((a->buffer=BUF_MEM_new()) == NULL)
{
OPENSSL_free(a);
return(0);
}
a->dirs=NULL;
lu->method_data=(char *)a;
return(1);
}
if ((a = (BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
return (0);
if ((a->buffer = BUF_MEM_new()) == NULL) {
OPENSSL_free(a);
return (0);
}
a->dirs = NULL;
lu->method_data = (char *)a;
return (1);
}
static void by_dir_hash_free(BY_DIR_HASH *hash)
{
OPENSSL_free(hash);
}
{
OPENSSL_free(hash);
}
static int by_dir_hash_cmp(const BY_DIR_HASH * const *a,
const BY_DIR_HASH * const *b)
{
if ((*a)->hash > (*b)->hash)
return 1;
if ((*a)->hash < (*b)->hash)
return -1;
return 0;
}
static int by_dir_hash_cmp(const BY_DIR_HASH *const *a,
const BY_DIR_HASH *const *b)
{
if ((*a)->hash > (*b)->hash)
return 1;
if ((*a)->hash < (*b)->hash)
return -1;
return 0;
}
static void by_dir_entry_free(BY_DIR_ENTRY *ent)
{
if (ent->dir)
OPENSSL_free(ent->dir);
if (ent->hashes)
sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);
OPENSSL_free(ent);
}
{
if (ent->dir)
OPENSSL_free(ent->dir);
if (ent->hashes)
sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);
OPENSSL_free(ent);
}
static void free_dir(X509_LOOKUP *lu)
{
BY_DIR *a;
{
BY_DIR *a;
a=(BY_DIR *)lu->method_data;
if (a->dirs != NULL)
sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
if (a->buffer != NULL)
BUF_MEM_free(a->buffer);
OPENSSL_free(a);
}
a = (BY_DIR *)lu->method_data;
if (a->dirs != NULL)
sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
if (a->buffer != NULL)
BUF_MEM_free(a->buffer);
OPENSSL_free(a);
}
static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
{
int j,len;
const char *s,*ss,*p;
{
int j, len;
const char *s, *ss, *p;
if (dir == NULL || !*dir)
{
X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
return 0;
}
if (dir == NULL || !*dir) {
X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY);
return 0;
}
s=dir;
p=s;
for (;;p++)
{
if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
{
BY_DIR_ENTRY *ent;
ss=s;
s=p+1;
len=(int)(p-ss);
if (len == 0) continue;
for (j=0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++)
{
ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
if (strlen(ent->dir) == (size_t)len &&
strncmp(ent->dir,ss,(unsigned int)len) == 0)
break;
}
if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
continue;
if (ctx->dirs == NULL)
{
ctx->dirs = sk_BY_DIR_ENTRY_new_null();
if (!ctx->dirs)
{
X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
return 0;
}
}
ent = OPENSSL_malloc(sizeof(BY_DIR_ENTRY));
if (!ent)
return 0;
ent->dir_type = type;
ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
ent->dir = OPENSSL_malloc((unsigned int)len+1);
if (!ent->dir || !ent->hashes)
{
by_dir_entry_free(ent);
return 0;
}
strncpy(ent->dir,ss,(unsigned int)len);
ent->dir[len] = '\0';
if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent))
{
by_dir_entry_free(ent);
return 0;
}
}
if (*p == '\0')
break;
}
return 1;
}
s = dir;
p = s;
do {
if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) {
BY_DIR_ENTRY *ent;
ss = s;
s = p + 1;
len = (int)(p - ss);
if (len == 0)
continue;
for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) {
ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
if (strlen(ent->dir) == (size_t)len &&
strncmp(ent->dir, ss, (unsigned int)len) == 0)
break;
}
if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
continue;
if (ctx->dirs == NULL) {
ctx->dirs = sk_BY_DIR_ENTRY_new_null();
if (!ctx->dirs) {
X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
return 0;
}
}
ent = OPENSSL_malloc(sizeof(BY_DIR_ENTRY));
if (!ent)
return 0;
ent->dir_type = type;
ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
ent->dir = OPENSSL_malloc((unsigned int)len + 1);
if (!ent->dir || !ent->hashes) {
by_dir_entry_free(ent);
return 0;
}
strncpy(ent->dir, ss, (unsigned int)len);
ent->dir[len] = '\0';
if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
by_dir_entry_free(ent);
return 0;
}
}
} while (*p++ != '\0');
return 1;
}
static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
X509_OBJECT *ret)
{
BY_DIR *ctx;
union {
struct {
X509 st_x509;
X509_CINF st_x509_cinf;
} x509;
struct {
X509_CRL st_crl;
X509_CRL_INFO st_crl_info;
} crl;
} data;
int ok=0;
int i,j,k;
unsigned long h;
BUF_MEM *b=NULL;
X509_OBJECT stmp,*tmp;
const char *postfix="";
X509_OBJECT *ret)
{
BY_DIR *ctx;
union {
struct {
X509 st_x509;
X509_CINF st_x509_cinf;
} x509;
struct {
X509_CRL st_crl;
X509_CRL_INFO st_crl_info;
} crl;
} data;
int ok = 0;
int i, j, k;
unsigned long h;
BUF_MEM *b = NULL;
X509_OBJECT stmp, *tmp;
const char *postfix = "";
if (name == NULL) return(0);
if (name == NULL)
return (0);
stmp.type=type;
if (type == X509_LU_X509)
{
data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
data.x509.st_x509_cinf.subject=name;
stmp.data.x509= &data.x509.st_x509;
postfix="";
}
else if (type == X509_LU_CRL)
{
data.crl.st_crl.crl= &data.crl.st_crl_info;
data.crl.st_crl_info.issuer=name;
stmp.data.crl= &data.crl.st_crl;
postfix="r";
}
else
{
X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
goto finish;
}
stmp.type = type;
if (type == X509_LU_X509) {
data.x509.st_x509.cert_info = &data.x509.st_x509_cinf;
data.x509.st_x509_cinf.subject = name;
stmp.data.x509 = &data.x509.st_x509;
postfix = "";
} else if (type == X509_LU_CRL) {
data.crl.st_crl.crl = &data.crl.st_crl_info;
data.crl.st_crl_info.issuer = name;
stmp.data.crl = &data.crl.st_crl;
postfix = "r";
} else {
X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE);
goto finish;
}
if ((b=BUF_MEM_new()) == NULL)
{
X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
goto finish;
}
ctx=(BY_DIR *)xl->method_data;
if ((b = BUF_MEM_new()) == NULL) {
X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB);
goto finish;
}
h=X509_NAME_hash(name);
for (i=0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++)
{
BY_DIR_ENTRY *ent;
int idx;
BY_DIR_HASH htmp, *hent;
ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
j=strlen(ent->dir)+1+8+6+1+1;
if (!BUF_MEM_grow(b,j))
{
X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
goto finish;
}
if (type == X509_LU_CRL && ent->hashes)
{
htmp.hash = h;
CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
if (idx >= 0)
{
hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
k = hent->suffix;
}
else
{
hent = NULL;
k=0;
}
CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
}
else
{
k = 0;
hent = NULL;
}
for (;;)
{
char c = '/';
ctx = (BY_DIR *)xl->method_data;
h = X509_NAME_hash(name);
for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) {
BY_DIR_ENTRY *ent;
int idx;
BY_DIR_HASH htmp, *hent;
ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
if (!BUF_MEM_grow(b, j)) {
X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
goto finish;
}
if (type == X509_LU_CRL && ent->hashes) {
htmp.hash = h;
CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
if (idx >= 0) {
hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
k = hent->suffix;
} else {
hent = NULL;
k = 0;
}
CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
} else {
k = 0;
hent = NULL;
}
for (;;) {
char c = '/';
#ifdef OPENSSL_SYS_VMS
c = ent->dir[strlen(ent->dir)-1];
if (c != ':' && c != '>' && c != ']')
{
/* If no separator is present, we assume the
directory specifier is a logical name, and
add a colon. We really should use better
VMS routines for merging things like this,
but this will do for now...
-- Richard Levitte */
c = ':';
}
else
{
c = '\0';
}
c = ent->dir[strlen(ent->dir) - 1];
if (c != ':' && c != '>' && c != ']') {
/*
* If no separator is present, we assume the directory
* specifier is a logical name, and add a colon. We really
* should use better VMS routines for merging things like
* this, but this will do for now... -- Richard Levitte
*/
c = ':';
} else {
c = '\0';
}
#endif
if (c == '\0')
{
/* This is special. When c == '\0', no
directory separator should be added. */
BIO_snprintf(b->data,b->max,
"%s%08lx.%s%d",ent->dir,h,
postfix,k);
}
else
{
BIO_snprintf(b->data,b->max,
"%s%c%08lx.%s%d",ent->dir,c,h,
postfix,k);
}
if (c == '\0') {
/*
* This is special. When c == '\0', no directory separator
* should be added.
*/
BIO_snprintf(b->data, b->max,
"%s%08lx.%s%d", ent->dir, h, postfix, k);
} else {
BIO_snprintf(b->data, b->max,
"%s%c%08lx.%s%d", ent->dir, c, h, postfix, k);
}
#ifndef OPENSSL_NO_POSIX_IO
#ifdef _WIN32
#define stat _stat
# ifdef _WIN32
# define stat _stat
# endif
{
struct stat st;
if (stat(b->data, &st) < 0)
break;
}
#endif
{
struct stat st;
if (stat(b->data,&st) < 0)
break;
}
#endif
/* found one. */
if (type == X509_LU_X509)
{
if ((X509_load_cert_file(xl,b->data,
ent->dir_type)) == 0)
break;
}
else if (type == X509_LU_CRL)
{
if ((X509_load_crl_file(xl,b->data,
ent->dir_type)) == 0)
break;
}
/* else case will caught higher up */
k++;
}
/* found one. */
if (type == X509_LU_X509) {
if ((X509_load_cert_file(xl, b->data, ent->dir_type)) == 0)
break;
} else if (type == X509_LU_CRL) {
if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0)
break;
}
/* else case will caught higher up */
k++;
}
/* we have added it to the cache so now pull
* it out again */
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
else tmp = NULL;
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
/*
* we have added it to the cache so now pull it out again
*/
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
if (j != -1)
tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
else
tmp = NULL;
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
/* If a CRL, update the last file suffix added for this */
/* If a CRL, update the last file suffix added for this */
if (type == X509_LU_CRL) {
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
/*
* Look for entry again in case another thread added an entry
* first.
*/
if (!hent) {
htmp.hash = h;
idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
if (idx >= 0)
hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
}
if (!hent) {
hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
hent->hash = h;
hent->suffix = k;
if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
OPENSSL_free(hent);
ok = 0;
goto finish;
}
} else if (hent->suffix < k)
hent->suffix = k;
if (type == X509_LU_CRL)
{
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
/* Look for entry again in case another thread added
* an entry first.
*/
if (!hent)
{
htmp.hash = h;
idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
if (idx >= 0)
hent =
sk_BY_DIR_HASH_value(ent->hashes, idx);
}
if (!hent)
{
hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
hent->hash = h;
hent->suffix = k;
if (!sk_BY_DIR_HASH_push(ent->hashes, hent))
{
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
OPENSSL_free(hent);
ok = 0;
goto finish;
}
}
else if (hent->suffix < k)
hent->suffix = k;
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
}
}
if (tmp != NULL)
{
ok=1;
ret->type=tmp->type;
memcpy(&ret->data,&tmp->data,sizeof(ret->data));
/* If we were going to up the reference count,
* we would need to do it on a perl 'type'
* basis */
/* CRYPTO_add(&tmp->data.x509->references,1,
CRYPTO_LOCK_X509);*/
goto finish;
}
}
finish:
if (b != NULL) BUF_MEM_free(b);
return(ok);
}
if (tmp != NULL) {
ok = 1;
ret->type = tmp->type;
memcpy(&ret->data, &tmp->data, sizeof(ret->data));
/*
* If we were going to up the reference count, we would need to
* do it on a perl 'type' basis
*/
/*- CRYPTO_add(&tmp->data.x509->references,1,
CRYPTO_LOCK_X509);*/
goto finish;
}
}
finish:
if (b != NULL)
BUF_MEM_free(b);
return (ok);
}

BIN
crypto/x509/by_dir.o
View File

Binary file not shown.

405
crypto/x509/by_file.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -69,232 +69,209 @@
#ifndef OPENSSL_NO_STDIO
static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
long argl, char **ret);
X509_LOOKUP_METHOD x509_file_lookup=
{
"Load file into cache",
NULL, /* new */
NULL, /* free */
NULL, /* init */
NULL, /* shutdown */
by_file_ctrl, /* ctrl */
NULL, /* get_by_subject */
NULL, /* get_by_issuer_serial */
NULL, /* get_by_fingerprint */
NULL, /* get_by_alias */
};
long argl, char **ret);
X509_LOOKUP_METHOD x509_file_lookup = {
"Load file into cache",
NULL, /* new */
NULL, /* free */
NULL, /* init */
NULL, /* shutdown */
by_file_ctrl, /* ctrl */
NULL, /* get_by_subject */
NULL, /* get_by_issuer_serial */
NULL, /* get_by_fingerprint */
NULL, /* get_by_alias */
};
X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
{
return(&x509_file_lookup);
}
{
return (&x509_file_lookup);
}
static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
char **ret)
{
int ok=0;
char *file;
static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
long argl, char **ret)
{
int ok = 0;
char *file;
switch (cmd)
{
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT)
{
file = (char *)getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx,file,
X509_FILETYPE_PEM) != 0);
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
file = (char *)getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);
else
ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
X509_FILETYPE_PEM) != 0);
else
ok = (X509_load_cert_crl_file
(ctx, X509_get_default_cert_file(),
X509_FILETYPE_PEM) != 0);
if (!ok)
{
X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
}
}
else
{
if(argl == X509_FILETYPE_PEM)
ok = (X509_load_cert_crl_file(ctx,argp,
X509_FILETYPE_PEM) != 0);
else
ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
}
break;
}
return(ok);
}
if (!ok) {
X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS);
}
} else {
if (argl == X509_FILETYPE_PEM)
ok = (X509_load_cert_crl_file(ctx, argp,
X509_FILETYPE_PEM) != 0);
else
ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0);
}
break;
}
return (ok);
}
int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
{
int ret=0;
BIO *in=NULL;
int i,count=0;
X509 *x=NULL;
{
int ret = 0;
BIO *in = NULL;
int i, count = 0;
X509 *x = NULL;
if (file == NULL) return(1);
in=BIO_new(BIO_s_file_internal());
if (file == NULL)
return (1);
in = BIO_new(BIO_s_file_internal());
if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
{
X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
goto err;
}
if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB);
goto err;
}
if (type == X509_FILETYPE_PEM)
{
for (;;)
{
x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
if (x == NULL)
{
if ((ERR_GET_REASON(ERR_peek_last_error()) ==
PEM_R_NO_START_LINE) && (count > 0))
{
ERR_clear_error();
break;
}
else
{
X509err(X509_F_X509_LOAD_CERT_FILE,
ERR_R_PEM_LIB);
goto err;
}
}
i=X509_STORE_add_cert(ctx->store_ctx,x);
if (!i) goto err;
count++;
X509_free(x);
x=NULL;
}
ret=count;
}
else if (type == X509_FILETYPE_ASN1)
{
x=d2i_X509_bio(in,NULL);
if (x == NULL)
{
X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
goto err;
}
i=X509_STORE_add_cert(ctx->store_ctx,x);
if (!i) goto err;
ret=i;
}
else
{
X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
goto err;
}
err:
if (x != NULL) X509_free(x);
if (in != NULL) BIO_free(in);
return(ret);
}
if (type == X509_FILETYPE_PEM) {
for (;;) {
x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
if (x == NULL) {
if ((ERR_GET_REASON(ERR_peek_last_error()) ==
PEM_R_NO_START_LINE) && (count > 0)) {
ERR_clear_error();
break;
} else {
X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_PEM_LIB);
goto err;
}
}
i = X509_STORE_add_cert(ctx->store_ctx, x);
if (!i)
goto err;
count++;
X509_free(x);
x = NULL;
}
ret = count;
} else if (type == X509_FILETYPE_ASN1) {
x = d2i_X509_bio(in, NULL);
if (x == NULL) {
X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB);
goto err;
}
i = X509_STORE_add_cert(ctx->store_ctx, x);
if (!i)
goto err;
ret = i;
} else {
X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);
goto err;
}
err:
if (x != NULL)
X509_free(x);
if (in != NULL)
BIO_free(in);
return (ret);
}
int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
{
int ret=0;
BIO *in=NULL;
int i,count=0;
X509_CRL *x=NULL;
{
int ret = 0;
BIO *in = NULL;
int i, count = 0;
X509_CRL *x = NULL;
if (file == NULL) return(1);
in=BIO_new(BIO_s_file_internal());
if (file == NULL)
return (1);
in = BIO_new(BIO_s_file_internal());
if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
{
X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
goto err;
}
if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB);
goto err;
}
if (type == X509_FILETYPE_PEM)
{
for (;;)
{
x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
if (x == NULL)
{
if ((ERR_GET_REASON(ERR_peek_last_error()) ==
PEM_R_NO_START_LINE) && (count > 0))
{
ERR_clear_error();
break;
}
else
{
X509err(X509_F_X509_LOAD_CRL_FILE,
ERR_R_PEM_LIB);
goto err;
}
}
i=X509_STORE_add_crl(ctx->store_ctx,x);
if (!i) goto err;
count++;
X509_CRL_free(x);
x=NULL;
}
ret=count;
}
else if (type == X509_FILETYPE_ASN1)
{
x=d2i_X509_CRL_bio(in,NULL);
if (x == NULL)
{
X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
goto err;
}
i=X509_STORE_add_crl(ctx->store_ctx,x);
if (!i) goto err;
ret=i;
}
else
{
X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
goto err;
}
err:
if (x != NULL) X509_CRL_free(x);
if (in != NULL) BIO_free(in);
return(ret);
}
if (type == X509_FILETYPE_PEM) {
for (;;) {
x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
if (x == NULL) {
if ((ERR_GET_REASON(ERR_peek_last_error()) ==
PEM_R_NO_START_LINE) && (count > 0)) {
ERR_clear_error();
break;
} else {
X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_PEM_LIB);
goto err;
}
}
i = X509_STORE_add_crl(ctx->store_ctx, x);
if (!i)
goto err;
count++;
X509_CRL_free(x);
x = NULL;
}
ret = count;
} else if (type == X509_FILETYPE_ASN1) {
x = d2i_X509_CRL_bio(in, NULL);
if (x == NULL) {
X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB);
goto err;
}
i = X509_STORE_add_crl(ctx->store_ctx, x);
if (!i)
goto err;
ret = i;
} else {
X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE);
goto err;
}
err:
if (x != NULL)
X509_CRL_free(x);
if (in != NULL)
BIO_free(in);
return (ret);
}
int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
{
STACK_OF(X509_INFO) *inf;
X509_INFO *itmp;
BIO *in;
int i, count = 0;
if(type != X509_FILETYPE_PEM)
return X509_load_cert_file(ctx, file, type);
in = BIO_new_file(file, "r");
if(!in) {
X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
return 0;
}
inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
BIO_free(in);
if(!inf) {
X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
return 0;
}
for(i = 0; i < sk_X509_INFO_num(inf); i++) {
itmp = sk_X509_INFO_value(inf, i);
if(itmp->x509) {
X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
count++;
}
if(itmp->crl) {
X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
count++;
}
}
sk_X509_INFO_pop_free(inf, X509_INFO_free);
return count;
STACK_OF(X509_INFO) *inf;
X509_INFO *itmp;
BIO *in;
int i, count = 0;
if (type != X509_FILETYPE_PEM)
return X509_load_cert_file(ctx, file, type);
in = BIO_new_file(file, "r");
if (!in) {
X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
return 0;
}
inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
BIO_free(in);
if (!inf) {
X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);
return 0;
}
for (i = 0; i < sk_X509_INFO_num(inf); i++) {
itmp = sk_X509_INFO_value(inf, i);
if (itmp->x509) {
X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
count++;
}
if (itmp->crl) {
X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
count++;
}
}
sk_X509_INFO_pop_free(inf, X509_INFO_free);
return count;
}
#endif /* OPENSSL_NO_STDIO */
#endif /* OPENSSL_NO_STDIO */

BIN
crypto/x509/by_file.o
View File

Binary file not shown.

0
crypto/x509/lib
View File

208
crypto/x509/verify_extra_test.c Normal file
View File

@@ -0,0 +1,208 @@
/*
* Written by Matt Caswell for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/err.h>
static STACK_OF(X509) *load_certs_from_file(const char *filename)
{
STACK_OF(X509) *certs;
BIO *bio;
X509 *x;
bio = BIO_new_file(filename, "r");
if (bio == NULL) {
return NULL;
}
certs = sk_X509_new_null();
if (certs == NULL) {
BIO_free(bio);
return NULL;
}
ERR_set_mark();
do {
x = PEM_read_bio_X509(bio, NULL, 0, NULL);
if (x != NULL && !sk_X509_push(certs, x)) {
sk_X509_pop_free(certs, X509_free);
BIO_free(bio);
return NULL;
} else if (x == NULL) {
/*
* We probably just ran out of certs, so ignore any errors
* generated
*/
ERR_pop_to_mark();
}
} while (x != NULL);
BIO_free(bio);
return certs;
}
/*
* Test for CVE-2015-1793 (Alternate Chains Certificate Forgery)
*
* Chain is as follows:
*
* rootCA (self-signed)
* |
* interCA
* |
* subinterCA subinterCA (self-signed)
* | |
* leaf ------------------
* |
* bad
*
* rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE
* leaf and bad have CA=FALSE
*
* subinterCA and subinterCA (ss) have the same subject name and keys
*
* interCA (but not rootCA) and subinterCA (ss) are in the trusted store
* (roots.pem)
* leaf and subinterCA are in the untrusted list (untrusted.pem)
* bad is the certificate being verified (bad.pem)
*
* Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has
* CA=FALSE, and will therefore incorrectly verify bad
*
*/
static int test_alt_chains_cert_forgery(void)
{
int ret = 0;
int i;
X509 *x = NULL;
STACK_OF(X509) *untrusted = NULL;
BIO *bio = NULL;
X509_STORE_CTX *sctx = NULL;
X509_STORE *store = NULL;
X509_LOOKUP *lookup = NULL;
store = X509_STORE_new();
if (store == NULL)
goto err;
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)
goto err;
if(!X509_LOOKUP_load_file(lookup, "certs/roots.pem", X509_FILETYPE_PEM))
goto err;
untrusted = load_certs_from_file("certs/untrusted.pem");
if ((bio = BIO_new_file("certs/bad.pem", "r")) == NULL)
goto err;
if((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL)
goto err;
sctx = X509_STORE_CTX_new();
if (sctx == NULL)
goto err;
if (!X509_STORE_CTX_init(sctx, store, x, untrusted))
goto err;
i = X509_verify_cert(sctx);
if(i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
/* This is the result we were expecting: Test passed */
ret = 1;
}
err:
X509_STORE_CTX_free(sctx);
X509_free(x);
BIO_free(bio);
sk_X509_pop_free(untrusted, X509_free);
X509_STORE_free(store);
if (ret != 1)
ERR_print_errors_fp(stderr);
return ret;
}
int main(void)
{
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
if (!test_alt_chains_cert_forgery()) {
fprintf(stderr, "Test alt chains cert forgery failed\n");
return 1;
}
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
ERR_free_strings();
CRYPTO_mem_leaks_fp(stderr);
printf("PASS\n");
return 0;
}

70
crypto/x509/vpm_int.h Normal file
View File

@@ -0,0 +1,70 @@
/* vpm_int.h */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2013.
*/
/* ====================================================================
* Copyright (c) 2013 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* internal only structure to hold additional X509_VERIFY_PARAM data */
struct X509_VERIFY_PARAM_ID_st {
STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
unsigned int hostflags; /* Flags to control matching features */
char *peername; /* Matching hostname in peer certificate */
char *email; /* If not NULL email address to match */
size_t emaillen;
unsigned char *ip; /* If not NULL IP address to match */
size_t iplen; /* Length of IP address */
};

1671
crypto/x509/x509.h
View File

File diff suppressed because it is too large Load Diff

463
crypto/x509/x509_att.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -67,293 +67,318 @@
int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
{
return sk_X509_ATTRIBUTE_num(x);
return sk_X509_ATTRIBUTE_num(x);
}
int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
int lastpos)
int lastpos)
{
ASN1_OBJECT *obj;
ASN1_OBJECT *obj;
obj=OBJ_nid2obj(nid);
if (obj == NULL) return(-2);
return(X509at_get_attr_by_OBJ(x,obj,lastpos));
obj = OBJ_nid2obj(nid);
if (obj == NULL)
return (-2);
return (X509at_get_attr_by_OBJ(x, obj, lastpos));
}
int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
int lastpos)
int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
ASN1_OBJECT *obj, int lastpos)
{
int n;
X509_ATTRIBUTE *ex;
int n;
X509_ATTRIBUTE *ex;
if (sk == NULL) return(-1);
lastpos++;
if (lastpos < 0)
lastpos=0;
n=sk_X509_ATTRIBUTE_num(sk);
for ( ; lastpos < n; lastpos++)
{
ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
if (OBJ_cmp(ex->object,obj) == 0)
return(lastpos);
}
return(-1);
if (sk == NULL)
return (-1);
lastpos++;
if (lastpos < 0)
lastpos = 0;
n = sk_X509_ATTRIBUTE_num(sk);
for (; lastpos < n; lastpos++) {
ex = sk_X509_ATTRIBUTE_value(sk, lastpos);
if (OBJ_cmp(ex->object, obj) == 0)
return (lastpos);
}
return (-1);
}
X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
{
if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
return NULL;
else
return sk_X509_ATTRIBUTE_value(x,loc);
if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
return NULL;
else
return sk_X509_ATTRIBUTE_value(x, loc);
}
X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
{
X509_ATTRIBUTE *ret;
X509_ATTRIBUTE *ret;
if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
return(NULL);
ret=sk_X509_ATTRIBUTE_delete(x,loc);
return(ret);
if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
return (NULL);
ret = sk_X509_ATTRIBUTE_delete(x, loc);
return (ret);
}
STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
X509_ATTRIBUTE *attr)
X509_ATTRIBUTE *attr)
{
X509_ATTRIBUTE *new_attr=NULL;
STACK_OF(X509_ATTRIBUTE) *sk=NULL;
X509_ATTRIBUTE *new_attr = NULL;
STACK_OF(X509_ATTRIBUTE) *sk = NULL;
if (x == NULL)
{
X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
goto err2;
}
if (x == NULL) {
X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
goto err2;
}
if (*x == NULL)
{
if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
goto err;
}
else
sk= *x;
if (*x == NULL) {
if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
goto err;
} else
sk = *x;
if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
goto err2;
if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
goto err;
if (*x == NULL)
*x=sk;
return(sk);
err:
X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE);
err2:
if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
return(NULL);
if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL)
goto err2;
if (!sk_X509_ATTRIBUTE_push(sk, new_attr))
goto err;
if (*x == NULL)
*x = sk;
return (sk);
err:
X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
err2:
if (new_attr != NULL)
X509_ATTRIBUTE_free(new_attr);
if (sk != NULL)
sk_X509_ATTRIBUTE_free(sk);
return (NULL);
}
STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
const ASN1_OBJECT *obj, int type,
const unsigned char *bytes, int len)
STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
**x, const ASN1_OBJECT *obj,
int type,
const unsigned char *bytes,
int len)
{
X509_ATTRIBUTE *attr;
STACK_OF(X509_ATTRIBUTE) *ret;
attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
if(!attr) return 0;
ret = X509at_add1_attr(x, attr);
X509_ATTRIBUTE_free(attr);
return ret;
X509_ATTRIBUTE *attr;
STACK_OF(X509_ATTRIBUTE) *ret;
attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
if (!attr)
return 0;
ret = X509at_add1_attr(x, attr);
X509_ATTRIBUTE_free(attr);
return ret;
}
STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
int nid, int type,
const unsigned char *bytes, int len)
STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
**x, int nid, int type,
const unsigned char *bytes,
int len)
{
X509_ATTRIBUTE *attr;
STACK_OF(X509_ATTRIBUTE) *ret;
attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
if(!attr) return 0;
ret = X509at_add1_attr(x, attr);
X509_ATTRIBUTE_free(attr);
return ret;
X509_ATTRIBUTE *attr;
STACK_OF(X509_ATTRIBUTE) *ret;
attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
if (!attr)
return 0;
ret = X509at_add1_attr(x, attr);
X509_ATTRIBUTE_free(attr);
return ret;
}
STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
const char *attrname, int type,
const unsigned char *bytes, int len)
STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
**x, const char *attrname,
int type,
const unsigned char *bytes,
int len)
{
X509_ATTRIBUTE *attr;
STACK_OF(X509_ATTRIBUTE) *ret;
attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
if(!attr) return 0;
ret = X509at_add1_attr(x, attr);
X509_ATTRIBUTE_free(attr);
return ret;
X509_ATTRIBUTE *attr;
STACK_OF(X509_ATTRIBUTE) *ret;
attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
if (!attr)
return 0;
ret = X509at_add1_attr(x, attr);
X509_ATTRIBUTE_free(attr);
return ret;
}
void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
ASN1_OBJECT *obj, int lastpos, int type)
ASN1_OBJECT *obj, int lastpos, int type)
{
int i;
X509_ATTRIBUTE *at;
i = X509at_get_attr_by_OBJ(x, obj, lastpos);
if (i == -1)
return NULL;
if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
return NULL;
at = X509at_get_attr(x, i);
if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
return NULL;
return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
int i;
X509_ATTRIBUTE *at;
i = X509at_get_attr_by_OBJ(x, obj, lastpos);
if (i == -1)
return NULL;
if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
return NULL;
at = X509at_get_attr(x, i);
if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
return NULL;
return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
}
X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
int atrtype, const void *data, int len)
int atrtype, const void *data,
int len)
{
ASN1_OBJECT *obj;
X509_ATTRIBUTE *ret;
ASN1_OBJECT *obj;
X509_ATTRIBUTE *ret;
obj=OBJ_nid2obj(nid);
if (obj == NULL)
{
X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
return(NULL);
}
ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
if (ret == NULL) ASN1_OBJECT_free(obj);
return(ret);
obj = OBJ_nid2obj(nid);
if (obj == NULL) {
X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID, X509_R_UNKNOWN_NID);
return (NULL);
}
ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
if (ret == NULL)
ASN1_OBJECT_free(obj);
return (ret);
}
X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
const ASN1_OBJECT *obj,
int atrtype, const void *data,
int len)
{
X509_ATTRIBUTE *ret;
X509_ATTRIBUTE *ret;
if ((attr == NULL) || (*attr == NULL))
{
if ((ret=X509_ATTRIBUTE_new()) == NULL)
{
X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
return(NULL);
}
}
else
ret= *attr;
if ((attr == NULL) || (*attr == NULL)) {
if ((ret = X509_ATTRIBUTE_new()) == NULL) {
X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,
ERR_R_MALLOC_FAILURE);
return (NULL);
}
} else
ret = *attr;
if (!X509_ATTRIBUTE_set1_object(ret,obj))
goto err;
if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
goto err;
if (!X509_ATTRIBUTE_set1_object(ret, obj))
goto err;
if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len))
goto err;
if ((attr != NULL) && (*attr == NULL)) *attr=ret;
return(ret);
err:
if ((attr == NULL) || (ret != *attr))
X509_ATTRIBUTE_free(ret);
return(NULL);
if ((attr != NULL) && (*attr == NULL))
*attr = ret;
return (ret);
err:
if ((attr == NULL) || (ret != *attr))
X509_ATTRIBUTE_free(ret);
return (NULL);
}
X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
const char *atrname, int type, const unsigned char *bytes, int len)
{
ASN1_OBJECT *obj;
X509_ATTRIBUTE *nattr;
const char *atrname, int type,
const unsigned char *bytes,
int len)
{
ASN1_OBJECT *obj;
X509_ATTRIBUTE *nattr;
obj=OBJ_txt2obj(atrname, 0);
if (obj == NULL)
{
X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
X509_R_INVALID_FIELD_NAME);
ERR_add_error_data(2, "name=", atrname);
return(NULL);
}
nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
ASN1_OBJECT_free(obj);
return nattr;
}
obj = OBJ_txt2obj(atrname, 0);
if (obj == NULL) {
X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
X509_R_INVALID_FIELD_NAME);
ERR_add_error_data(2, "name=", atrname);
return (NULL);
}
nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
ASN1_OBJECT_free(obj);
return nattr;
}
int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
{
if ((attr == NULL) || (obj == NULL))
return(0);
ASN1_OBJECT_free(attr->object);
attr->object=OBJ_dup(obj);
return(1);
if ((attr == NULL) || (obj == NULL))
return (0);
ASN1_OBJECT_free(attr->object);
attr->object = OBJ_dup(obj);
return (1);
}
int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
const void *data, int len)
{
ASN1_TYPE *ttmp;
ASN1_STRING *stmp = NULL;
int atype = 0;
if (!attr) return 0;
if(attrtype & MBSTRING_FLAG) {
stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
OBJ_obj2nid(attr->object));
if(!stmp) {
X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
return 0;
}
atype = stmp->type;
} else if (len != -1){
if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
if(!ASN1_STRING_set(stmp, data, len)) goto err;
atype = attrtype;
}
if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
attr->single = 0;
/* This is a bit naughty because the attribute should really have
* at least one value but some types use and zero length SET and
* require this.
*/
if (attrtype == 0)
return 1;
if(!(ttmp = ASN1_TYPE_new())) goto err;
if ((len == -1) && !(attrtype & MBSTRING_FLAG))
{
if (!ASN1_TYPE_set1(ttmp, attrtype, data))
goto err;
}
else
ASN1_TYPE_set(ttmp, atype, stmp);
if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
return 1;
err:
X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
return 0;
ASN1_TYPE *ttmp;
ASN1_STRING *stmp = NULL;
int atype = 0;
if (!attr)
return 0;
if (attrtype & MBSTRING_FLAG) {
stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
OBJ_obj2nid(attr->object));
if (!stmp) {
X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
return 0;
}
atype = stmp->type;
} else if (len != -1) {
if (!(stmp = ASN1_STRING_type_new(attrtype)))
goto err;
if (!ASN1_STRING_set(stmp, data, len))
goto err;
atype = attrtype;
}
if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
goto err;
attr->single = 0;
/*
* This is a bit naughty because the attribute should really have at
* least one value but some types use and zero length SET and require
* this.
*/
if (attrtype == 0)
return 1;
if (!(ttmp = ASN1_TYPE_new()))
goto err;
if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
if (!ASN1_TYPE_set1(ttmp, attrtype, data))
goto err;
} else
ASN1_TYPE_set(ttmp, atype, stmp);
if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
goto err;
return 1;
err:
X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
return 0;
}
int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
{
if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
if(attr->value.single) return 1;
return 0;
if (!attr->single)
return sk_ASN1_TYPE_num(attr->value.set);
if (attr->value.single)
return 1;
return 0;
}
ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
{
if (attr == NULL) return(NULL);
return(attr->object);
if (attr == NULL)
return (NULL);
return (attr->object);
}
void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
int atrtype, void *data)
int atrtype, void *data)
{
ASN1_TYPE *ttmp;
ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
if(!ttmp) return NULL;
if(atrtype != ASN1_TYPE_get(ttmp)){
X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
return NULL;
}
return ttmp->value.ptr;
ASN1_TYPE *ttmp;
ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
if (!ttmp)
return NULL;
if (atrtype != ASN1_TYPE_get(ttmp)) {
X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
return NULL;
}
return ttmp->value.ptr;
}
ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
{
if (attr == NULL) return(NULL);
if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
else return attr->value.single;
if (attr == NULL)
return (NULL);
if (idx >= X509_ATTRIBUTE_count(attr))
return NULL;
if (!attr->single)
return sk_ASN1_TYPE_value(attr->value.set, idx);
else
return attr->value.single;
}

BIN
crypto/x509/x509_att.o
View File

Binary file not shown.

629
crypto/x509/x509_cmp.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -65,267 +65,434 @@
#include <openssl/x509v3.h>
int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
{
int i;
X509_CINF *ai,*bi;
{
int i;
X509_CINF *ai, *bi;
ai=a->cert_info;
bi=b->cert_info;
i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
if (i) return(i);
return(X509_NAME_cmp(ai->issuer,bi->issuer));
}
ai = a->cert_info;
bi = b->cert_info;
i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
if (i)
return (i);
return (X509_NAME_cmp(ai->issuer, bi->issuer));
}
#ifndef OPENSSL_NO_MD5
unsigned long X509_issuer_and_serial_hash(X509 *a)
{
unsigned long ret=0;
EVP_MD_CTX ctx;
unsigned char md[16];
char *f;
EVP_MD_CTX_init(&ctx);
f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
ret=strlen(f);
EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
OPENSSL_free(f);
EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
(unsigned long)a->cert_info->serialNumber->length);
EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
)&0xffffffffL;
EVP_MD_CTX_cleanup(&ctx);
return(ret);
}
#endif
int X509_issuer_name_cmp(const X509 *a, const X509 *b)
{
return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
}
int X509_subject_name_cmp(const X509 *a, const X509 *b)
{
return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
}
int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
{
return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
}
#ifndef OPENSSL_NO_SHA
int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
{
return memcmp(a->sha1_hash, b->sha1_hash, 20);
}
#endif
X509_NAME *X509_get_issuer_name(X509 *a)
{
return(a->cert_info->issuer);
}
unsigned long X509_issuer_name_hash(X509 *x)
{
return(X509_NAME_hash(x->cert_info->issuer));
}
#ifndef OPENSSL_NO_MD5
unsigned long X509_issuer_name_hash_old(X509 *x)
{
return(X509_NAME_hash_old(x->cert_info->issuer));
}
#endif
X509_NAME *X509_get_subject_name(X509 *a)
{
return(a->cert_info->subject);
}
ASN1_INTEGER *X509_get_serialNumber(X509 *a)
{
return(a->cert_info->serialNumber);
}
unsigned long X509_subject_name_hash(X509 *x)
{
return(X509_NAME_hash(x->cert_info->subject));
}
#ifndef OPENSSL_NO_MD5
unsigned long X509_subject_name_hash_old(X509 *x)
{
return(X509_NAME_hash_old(x->cert_info->subject));
}
#endif
#ifndef OPENSSL_NO_SHA
/* Compare two certificates: they must be identical for
* this to work. NB: Although "cmp" operations are generally
* prototyped to take "const" arguments (eg. for use in
* STACKs), the way X509 handling is - these operations may
* involve ensuring the hashes are up-to-date and ensuring
* certain cert information is cached. So this is the point
* where the "depth-first" constification tree has to halt
* with an evil cast.
*/
int X509_cmp(const X509 *a, const X509 *b)
{
/* ensure hash is valid */
X509_check_purpose((X509 *)a, -1, 0);
X509_check_purpose((X509 *)b, -1, 0);
unsigned long ret = 0;
EVP_MD_CTX ctx;
unsigned char md[16];
char *f;
return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
EVP_MD_CTX_init(&ctx);
f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
goto err;
if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))
goto err;
OPENSSL_free(f);
if (!EVP_DigestUpdate
(&ctx, (unsigned char *)a->cert_info->serialNumber->data,
(unsigned long)a->cert_info->serialNumber->length))
goto err;
if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL))
goto err;
ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
) & 0xffffffffL;
err:
EVP_MD_CTX_cleanup(&ctx);
return (ret);
}
#endif
int X509_issuer_name_cmp(const X509 *a, const X509 *b)
{
return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer));
}
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
int ret;
int X509_subject_name_cmp(const X509 *a, const X509 *b)
{
return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject));
}
/* Ensure canonical encoding is present and up to date */
int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
{
return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer));
}
if (!a->canon_enc || a->modified)
{
ret = i2d_X509_NAME((X509_NAME *)a, NULL);
if (ret < 0)
return -2;
}
#ifndef OPENSSL_NO_SHA
int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
{
return memcmp(a->sha1_hash, b->sha1_hash, 20);
}
#endif
if (!b->canon_enc || b->modified)
{
ret = i2d_X509_NAME((X509_NAME *)b, NULL);
if (ret < 0)
return -2;
}
ret = a->canon_enclen - b->canon_enclen;
if (ret)
return ret;
return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
}
unsigned long X509_NAME_hash(X509_NAME *x)
{
unsigned long ret=0;
unsigned char md[SHA_DIGEST_LENGTH];
/* Make sure X509_NAME structure contains valid cached encoding */
i2d_X509_NAME(x,NULL);
EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL);
ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
)&0xffffffffL;
return(ret);
}
X509_NAME *X509_get_issuer_name(X509 *a)
{
return (a->cert_info->issuer);
}
unsigned long X509_issuer_name_hash(X509 *x)
{
return (X509_NAME_hash(x->cert_info->issuer));
}
#ifndef OPENSSL_NO_MD5
/* I now DER encode the name and hash it. Since I cache the DER encoding,
* this is reasonably efficient. */
unsigned long X509_issuer_name_hash_old(X509 *x)
{
return (X509_NAME_hash_old(x->cert_info->issuer));
}
#endif
X509_NAME *X509_get_subject_name(X509 *a)
{
return (a->cert_info->subject);
}
ASN1_INTEGER *X509_get_serialNumber(X509 *a)
{
return (a->cert_info->serialNumber);
}
unsigned long X509_subject_name_hash(X509 *x)
{
return (X509_NAME_hash(x->cert_info->subject));
}
#ifndef OPENSSL_NO_MD5
unsigned long X509_subject_name_hash_old(X509 *x)
{
return (X509_NAME_hash_old(x->cert_info->subject));
}
#endif
#ifndef OPENSSL_NO_SHA
/*
* Compare two certificates: they must be identical for this to work. NB:
* Although "cmp" operations are generally prototyped to take "const"
* arguments (eg. for use in STACKs), the way X509 handling is - these
* operations may involve ensuring the hashes are up-to-date and ensuring
* certain cert information is cached. So this is the point where the
* "depth-first" constification tree has to halt with an evil cast.
*/
int X509_cmp(const X509 *a, const X509 *b)
{
int rv;
/* ensure hash is valid */
X509_check_purpose((X509 *)a, -1, 0);
X509_check_purpose((X509 *)b, -1, 0);
rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
if (rv)
return rv;
/* Check for match against stored encoding too */
if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) {
rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len);
if (rv)
return rv;
return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc,
a->cert_info->enc.len);
}
return rv;
}
#endif
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
int ret;
/* Ensure canonical encoding is present and up to date */
if (!a->canon_enc || a->modified) {
ret = i2d_X509_NAME((X509_NAME *)a, NULL);
if (ret < 0)
return -2;
}
if (!b->canon_enc || b->modified) {
ret = i2d_X509_NAME((X509_NAME *)b, NULL);
if (ret < 0)
return -2;
}
ret = a->canon_enclen - b->canon_enclen;
if (ret)
return ret;
return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
}
unsigned long X509_NAME_hash(X509_NAME *x)
{
unsigned long ret = 0;
unsigned char md[SHA_DIGEST_LENGTH];
/* Make sure X509_NAME structure contains valid cached encoding */
i2d_X509_NAME(x, NULL);
if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(),
NULL))
return 0;
ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
) & 0xffffffffL;
return (ret);
}
#ifndef OPENSSL_NO_MD5
/*
* I now DER encode the name and hash it. Since I cache the DER encoding,
* this is reasonably efficient.
*/
unsigned long X509_NAME_hash_old(X509_NAME *x)
{
unsigned long ret=0;
unsigned char md[16];
{
EVP_MD_CTX md_ctx;
unsigned long ret = 0;
unsigned char md[16];
/* Make sure X509_NAME structure contains valid cached encoding */
i2d_X509_NAME(x,NULL);
EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
/* Make sure X509_NAME structure contains valid cached encoding */
i2d_X509_NAME(x, NULL);
EVP_MD_CTX_init(&md_ctx);
EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
&& EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
&& EVP_DigestFinal_ex(&md_ctx, md, NULL))
ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
) & 0xffffffffL;
EVP_MD_CTX_cleanup(&md_ctx);
ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
)&0xffffffffL;
return(ret);
}
return (ret);
}
#endif
/* Search a stack of X509 for a match */
X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
ASN1_INTEGER *serial)
{
int i;
X509_CINF cinf;
X509 x,*x509=NULL;
ASN1_INTEGER *serial)
{
int i;
X509_CINF cinf;
X509 x, *x509 = NULL;
if(!sk) return NULL;
if (!sk)
return NULL;
x.cert_info= &cinf;
cinf.serialNumber=serial;
cinf.issuer=name;
x.cert_info = &cinf;
cinf.serialNumber = serial;
cinf.issuer = name;
for (i=0; i<sk_X509_num(sk); i++)
{
x509=sk_X509_value(sk,i);
if (X509_issuer_and_serial_cmp(x509,&x) == 0)
return(x509);
}
return(NULL);
}
for (i = 0; i < sk_X509_num(sk); i++) {
x509 = sk_X509_value(sk, i);
if (X509_issuer_and_serial_cmp(x509, &x) == 0)
return (x509);
}
return (NULL);
}
X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
{
X509 *x509;
int i;
{
X509 *x509;
int i;
for (i=0; i<sk_X509_num(sk); i++)
{
x509=sk_X509_value(sk,i);
if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
return(x509);
}
return(NULL);
}
for (i = 0; i < sk_X509_num(sk); i++) {
x509 = sk_X509_value(sk, i);
if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0)
return (x509);
}
return (NULL);
}
EVP_PKEY *X509_get_pubkey(X509 *x)
{
if ((x == NULL) || (x->cert_info == NULL))
return(NULL);
return(X509_PUBKEY_get(x->cert_info->key));
}
{
if ((x == NULL) || (x->cert_info == NULL))
return (NULL);
return (X509_PUBKEY_get(x->cert_info->key));
}
ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
{
if(!x) return NULL;
return x->cert_info->key->public_key;
}
{
if (!x)
return NULL;
return x->cert_info->key->public_key;
}
int X509_check_private_key(X509 *x, EVP_PKEY *k)
{
EVP_PKEY *xk;
int ret;
{
EVP_PKEY *xk;
int ret;
xk=X509_get_pubkey(x);
xk = X509_get_pubkey(x);
if (xk)
ret = EVP_PKEY_cmp(xk, k);
else
ret = -2;
if (xk)
ret = EVP_PKEY_cmp(xk, k);
else
ret = -2;
switch (ret)
{
case 1:
break;
case 0:
X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
break;
case -1:
X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
break;
case -2:
X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
}
if (xk)
EVP_PKEY_free(xk);
if (ret > 0)
return 1;
return 0;
}
switch (ret) {
case 1:
break;
case 0:
X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH);
break;
case -1:
X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH);
break;
case -2:
X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
}
if (xk)
EVP_PKEY_free(xk);
if (ret > 0)
return 1;
return 0;
}
/*
* Check a suite B algorithm is permitted: pass in a public key and the NID
* of its signature (or 0 if no signature). The pflags is a pointer to a
* flags field which must contain the suite B verification flags.
*/
#ifndef OPENSSL_NO_EC
static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags)
{
const EC_GROUP *grp = NULL;
int curve_nid;
if (pkey && pkey->type == EVP_PKEY_EC)
grp = EC_KEY_get0_group(pkey->pkey.ec);
if (!grp)
return X509_V_ERR_SUITE_B_INVALID_ALGORITHM;
curve_nid = EC_GROUP_get_curve_name(grp);
/* Check curve is consistent with LOS */
if (curve_nid == NID_secp384r1) { /* P-384 */
/*
* Check signature algorithm is consistent with curve.
*/
if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA384)
return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM;
if (!(*pflags & X509_V_FLAG_SUITEB_192_LOS))
return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
/* If we encounter P-384 we cannot use P-256 later */
*pflags &= ~X509_V_FLAG_SUITEB_128_LOS_ONLY;
} else if (curve_nid == NID_X9_62_prime256v1) { /* P-256 */
if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA256)
return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM;
if (!(*pflags & X509_V_FLAG_SUITEB_128_LOS_ONLY))
return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
} else
return X509_V_ERR_SUITE_B_INVALID_CURVE;
return X509_V_OK;
}
int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
unsigned long flags)
{
int rv, i, sign_nid;
EVP_PKEY *pk = NULL;
unsigned long tflags;
if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
return X509_V_OK;
tflags = flags;
/* If no EE certificate passed in must be first in chain */
if (x == NULL) {
x = sk_X509_value(chain, 0);
i = 1;
} else
i = 0;
if (X509_get_version(x) != 2) {
rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
/* Correct error depth */
i = 0;
goto end;
}
pk = X509_get_pubkey(x);
/* Check EE key only */
rv = check_suite_b(pk, -1, &tflags);
if (rv != X509_V_OK) {
/* Correct error depth */
i = 0;
goto end;
}
for (; i < sk_X509_num(chain); i++) {
sign_nid = X509_get_signature_nid(x);
x = sk_X509_value(chain, i);
if (X509_get_version(x) != 2) {
rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
goto end;
}
EVP_PKEY_free(pk);
pk = X509_get_pubkey(x);
rv = check_suite_b(pk, sign_nid, &tflags);
if (rv != X509_V_OK)
goto end;
}
/* Final check: root CA signature */
rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags);
end:
if (pk)
EVP_PKEY_free(pk);
if (rv != X509_V_OK) {
/* Invalid signature or LOS errors are for previous cert */
if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
|| rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED) && i)
i--;
/*
* If we have LOS error and flags changed then we are signing P-384
* with P-256. Use more meaninggul error.
*/
if (rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED && flags != tflags)
rv = X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256;
if (perror_depth)
*perror_depth = i;
}
return rv;
}
int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
{
int sign_nid;
if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
return X509_V_OK;
sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm);
return check_suite_b(pk, sign_nid, &flags);
}
#else
int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
unsigned long flags)
{
return 0;
}
int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
{
return 0;
}
#endif
/*
* Not strictly speaking an "up_ref" as a STACK doesn't have a reference
* count but it has the same effect by duping the STACK and upping the ref of
* each X509 structure.
*/
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)
{
STACK_OF(X509) *ret;
int i;
ret = sk_X509_dup(chain);
for (i = 0; i < sk_X509_num(ret); i++) {
X509 *x = sk_X509_value(ret, i);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
}
return ret;
}

BIN
crypto/x509/x509_cmp.o
View File

Binary file not shown.

82
crypto/x509/x509_d2.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -63,45 +63,47 @@
#ifndef OPENSSL_NO_STDIO
int X509_STORE_set_default_paths(X509_STORE *ctx)
{
X509_LOOKUP *lookup;
{
X509_LOOKUP *lookup;
lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
if (lookup == NULL) return(0);
X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
if (lookup == NULL)
return (0);
X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
if (lookup == NULL) return(0);
X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
/* clear any errors */
ERR_clear_error();
lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
if (lookup == NULL)
return (0);
X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
return(1);
}
/* clear any errors */
ERR_clear_error();
return (1);
}
int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
const char *path)
{
X509_LOOKUP *lookup;
const char *path)
{
X509_LOOKUP *lookup;
if (file != NULL)
{
lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
if (lookup == NULL) return(0);
if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
return(0);
}
if (path != NULL)
{
lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
if (lookup == NULL) return(0);
if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
return(0);
}
if ((path == NULL) && (file == NULL))
return(0);
return(1);
}
if (file != NULL) {
lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
if (lookup == NULL)
return (0);
if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1)
return (0);
}
if (path != NULL) {
lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
if (lookup == NULL)
return (0);
if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
return (0);
}
if ((path == NULL) && (file == NULL))
return (0);
return (1);
}
#endif

BIN
crypto/x509/x509_d2.o
View File

Binary file not shown.

39
crypto/x509/x509_def.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -62,20 +62,31 @@
#include <openssl/x509.h>
const char *X509_get_default_private_dir(void)
{ return(X509_PRIVATE_DIR); }
{
return (X509_PRIVATE_DIR);
}
const char *X509_get_default_cert_area(void)
{ return(X509_CERT_AREA); }
{
return (X509_CERT_AREA);
}
const char *X509_get_default_cert_dir(void)
{ return(X509_CERT_DIR); }
{
return (X509_CERT_DIR);
}
const char *X509_get_default_cert_file(void)
{ return(X509_CERT_FILE); }
{
return (X509_CERT_FILE);
}
const char *X509_get_default_cert_dir_env(void)
{ return(X509_CERT_DIR_EVP); }
{
return (X509_CERT_DIR_EVP);
}
const char *X509_get_default_cert_file_env(void)
{ return(X509_CERT_FILE_EVP); }
{
return (X509_CERT_FILE_EVP);
}

BIN
crypto/x509/x509_def.o
View File

Binary file not shown.

204
crypto/x509/x509_err.c
View File

@@ -1,13 +1,13 @@
/* crypto/x509/x509_err.c */
/* ====================================================================
* Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2012 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,100 +66,121 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
static ERR_STRING_DATA X509_str_functs[]=
{
{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
{ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
{ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"},
{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"},
{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"},
{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"},
{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
{ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"},
{ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"},
{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"},
{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
{0,NULL}
};
static ERR_STRING_DATA X509_str_functs[] = {
{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
{ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID),
"X509_ATTRIBUTE_create_by_NID"},
{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ),
"X509_ATTRIBUTE_create_by_OBJ"},
{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT),
"X509_ATTRIBUTE_create_by_txt"},
{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
{ERR_FUNC(X509_F_X509_CRL_DIFF), "X509_CRL_diff"},
{ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID),
"X509_EXTENSION_create_by_NID"},
{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ),
"X509_EXTENSION_create_by_OBJ"},
{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),
"X509_get_pubkey_parameters"},
{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),
"X509_NAME_ENTRY_create_by_NID"},
{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),
"X509_NAME_ENTRY_create_by_txt"},
{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),
"X509_NAME_ENTRY_set_object"},
{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
{ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),
"X509_REQ_check_private_key"},
{ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),
"X509_STORE_CTX_get1_issuer"},
{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),
"X509_STORE_CTX_purpose_inherit"},
{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
{0, NULL}
};
static ERR_STRING_DATA X509_str_reasons[]=
{
{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"},
{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"},
{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"},
{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"},
{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"},
{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"},
{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"},
{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"},
{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"},
{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"},
{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"},
{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"},
{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) ,"method not supported"},
{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR),"public key decode error"},
{ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR),"public key encode error"},
{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"},
{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"},
{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"},
{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"},
{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"},
{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"},
{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"},
{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"},
{0,NULL}
};
static ERR_STRING_DATA X509_str_reasons[] = {
{ERR_REASON(X509_R_AKID_MISMATCH), "akid mismatch"},
{ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"},
{ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"},
{ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"},
{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),
"cert already in hash table"},
{ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"},
{ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"},
{ERR_REASON(X509_R_ERR_ASN1_LIB), "err asn1 lib"},
{ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"},
{ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"},
{ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"},
{ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"},
{ERR_REASON(X509_R_ISSUER_MISMATCH), "issuer mismatch"},
{ERR_REASON(X509_R_KEY_TYPE_MISMATCH), "key type mismatch"},
{ERR_REASON(X509_R_KEY_VALUES_MISMATCH), "key values mismatch"},
{ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
{ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
{ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER), "newer crl not newer"},
{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
"no cert set for us to verify"},
{ERR_REASON(X509_R_NO_CRL_NUMBER), "no crl number"},
{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"},
{ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"},
{ERR_REASON(X509_R_SHOULD_RETRY), "should retry"},
{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),
"unable to find parameters in chain"},
{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),
"unable to get certs public key"},
{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE), "unknown key type"},
{ERR_REASON(X509_R_UNKNOWN_NID), "unknown nid"},
{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID), "unknown purpose id"},
{ERR_REASON(X509_R_UNKNOWN_TRUST_ID), "unknown trust id"},
{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"},
{ERR_REASON(X509_R_WRONG_TYPE), "wrong type"},
{0, NULL}
};
#endif
void ERR_load_X509_strings(void)
{
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(X509_str_functs[0].error) == NULL)
{
ERR_load_strings(0,X509_str_functs);
ERR_load_strings(0,X509_str_reasons);
}
if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
ERR_load_strings(0, X509_str_functs);
ERR_load_strings(0, X509_str_reasons);
}
#endif
}
}

BIN
crypto/x509/x509_err.o
View File

Binary file not shown.

163
crypto/x509/x509_ext.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -65,146 +65,147 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
int X509_CRL_get_ext_count(X509_CRL *x)
{
return(X509v3_get_ext_count(x->crl->extensions));
}
{
return (X509v3_get_ext_count(x->crl->extensions));
}
int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
{
return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
}
{
return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos));
}
int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
{
return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
}
{
return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos));
}
int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
{
return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
}
{
return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos));
}
X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
{
return(X509v3_get_ext(x->crl->extensions,loc));
}
{
return (X509v3_get_ext(x->crl->extensions, loc));
}
X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
{
return(X509v3_delete_ext(x->crl->extensions,loc));
}
{
return (X509v3_delete_ext(x->crl->extensions, loc));
}
void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
{
return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
}
int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
unsigned long flags)
unsigned long flags)
{
return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
}
int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
{
return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
}
{
return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL);
}
int X509_get_ext_count(X509 *x)
{
return(X509v3_get_ext_count(x->cert_info->extensions));
}
{
return (X509v3_get_ext_count(x->cert_info->extensions));
}
int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
{
return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
}
{
return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos));
}
int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
{
return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
}
{
return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos));
}
int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
{
return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
}
{
return (X509v3_get_ext_by_critical
(x->cert_info->extensions, crit, lastpos));
}
X509_EXTENSION *X509_get_ext(X509 *x, int loc)
{
return(X509v3_get_ext(x->cert_info->extensions,loc));
}
{
return (X509v3_get_ext(x->cert_info->extensions, loc));
}
X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
{
return(X509v3_delete_ext(x->cert_info->extensions,loc));
}
{
return (X509v3_delete_ext(x->cert_info->extensions, loc));
}
int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
{
return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
}
{
return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL);
}
void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
{
return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
}
int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
unsigned long flags)
unsigned long flags)
{
return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
flags);
return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
flags);
}
int X509_REVOKED_get_ext_count(X509_REVOKED *x)
{
return(X509v3_get_ext_count(x->extensions));
}
{
return (X509v3_get_ext_count(x->extensions));
}
int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
{
return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
}
{
return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos));
}
int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
int lastpos)
{
return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
}
int lastpos)
{
return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos));
}
int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
{
return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
}
{
return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos));
}
X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
{
return(X509v3_get_ext(x->extensions,loc));
}
{
return (X509v3_get_ext(x->extensions, loc));
}
X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
{
return(X509v3_delete_ext(x->extensions,loc));
}
{
return (X509v3_delete_ext(x->extensions, loc));
}
int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
{
return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
}
{
return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
}
void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
{
return X509V3_get_d2i(x->extensions, nid, crit, idx);
return X509V3_get_d2i(x->extensions, nid, crit, idx);
}
int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
unsigned long flags)
unsigned long flags)
{
return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
}
IMPLEMENT_STACK_OF(X509_EXTENSION)
IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)

BIN
crypto/x509/x509_ext.o
View File

Binary file not shown.

1096
crypto/x509/x509_lu.c
View File

File diff suppressed because it is too large Load Diff

BIN
crypto/x509/x509_lu.o
View File

Binary file not shown.

278
crypto/x509/x509_obj.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -64,163 +64,149 @@
#include <openssl/buffer.h>
char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
{
X509_NAME_ENTRY *ne;
int i;
int n,lold,l,l1,l2,num,j,type;
const char *s;
char *p;
unsigned char *q;
BUF_MEM *b=NULL;
static const char hex[17]="0123456789ABCDEF";
int gs_doit[4];
char tmp_buf[80];
{
X509_NAME_ENTRY *ne;
int i;
int n, lold, l, l1, l2, num, j, type;
const char *s;
char *p;
unsigned char *q;
BUF_MEM *b = NULL;
static const char hex[17] = "0123456789ABCDEF";
int gs_doit[4];
char tmp_buf[80];
#ifdef CHARSET_EBCDIC
char ebcdic_buf[1024];
char ebcdic_buf[1024];
#endif
if (buf == NULL)
{
if ((b=BUF_MEM_new()) == NULL) goto err;
if (!BUF_MEM_grow(b,200)) goto err;
b->data[0]='\0';
len=200;
}
if (a == NULL)
{
if(b)
{
buf=b->data;
OPENSSL_free(b);
}
strncpy(buf,"NO X509_NAME",len);
buf[len-1]='\0';
return buf;
}
if (buf == NULL) {
if ((b = BUF_MEM_new()) == NULL)
goto err;
if (!BUF_MEM_grow(b, 200))
goto err;
b->data[0] = '\0';
len = 200;
}
if (a == NULL) {
if (b) {
buf = b->data;
OPENSSL_free(b);
}
strncpy(buf, "NO X509_NAME", len);
buf[len - 1] = '\0';
return buf;
}
len--; /* space for '\0' */
l=0;
for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
{
ne=sk_X509_NAME_ENTRY_value(a->entries,i);
n=OBJ_obj2nid(ne->object);
if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
{
i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
s=tmp_buf;
}
l1=strlen(s);
len--; /* space for '\0' */
l = 0;
for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
ne = sk_X509_NAME_ENTRY_value(a->entries, i);
n = OBJ_obj2nid(ne->object);
if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
s = tmp_buf;
}
l1 = strlen(s);
type=ne->value->type;
num=ne->value->length;
q=ne->value->data;
type = ne->value->type;
num = ne->value->length;
q = ne->value->data;
#ifdef CHARSET_EBCDIC
if (type == V_ASN1_GENERALSTRING ||
type == V_ASN1_VISIBLESTRING ||
type == V_ASN1_PRINTABLESTRING ||
type == V_ASN1_TELETEXSTRING ||
type == V_ASN1_VISIBLESTRING ||
type == V_ASN1_IA5STRING) {
ascii2ebcdic(ebcdic_buf, q,
(num > sizeof ebcdic_buf)
? sizeof ebcdic_buf : num);
q=ebcdic_buf;
}
if (type == V_ASN1_GENERALSTRING ||
type == V_ASN1_VISIBLESTRING ||
type == V_ASN1_PRINTABLESTRING ||
type == V_ASN1_TELETEXSTRING ||
type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
? sizeof ebcdic_buf : num);
q = ebcdic_buf;
}
#endif
if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
{
gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
for (j=0; j<num; j++)
if (q[j] != 0) gs_doit[j&3]=1;
if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
for (j = 0; j < num; j++)
if (q[j] != 0)
gs_doit[j & 3] = 1;
if (gs_doit[0]|gs_doit[1]|gs_doit[2])
gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
else
{
gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
gs_doit[3]=1;
}
}
else
gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
if (gs_doit[0] | gs_doit[1] | gs_doit[2])
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
else {
gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
gs_doit[3] = 1;
}
} else
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
for (l2=j=0; j<num; j++)
{
if (!gs_doit[j&3]) continue;
l2++;
for (l2 = j = 0; j < num; j++) {
if (!gs_doit[j & 3])
continue;
l2++;
#ifndef CHARSET_EBCDIC
if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
if ((q[j] < ' ') || (q[j] > '~'))
l2 += 3;
#else
if ((os_toascii[q[j]] < os_toascii[' ']) ||
(os_toascii[q[j]] > os_toascii['~'])) l2+=3;
if ((os_toascii[q[j]] < os_toascii[' ']) ||
(os_toascii[q[j]] > os_toascii['~']))
l2 += 3;
#endif
}
}
lold=l;
l+=1+l1+1+l2;
if (b != NULL)
{
if (!BUF_MEM_grow(b,l+1)) goto err;
p= &(b->data[lold]);
}
else if (l > len)
{
break;
}
else
p= &(buf[lold]);
*(p++)='/';
memcpy(p,s,(unsigned int)l1); p+=l1;
*(p++)='=';
lold = l;
l += 1 + l1 + 1 + l2;
if (b != NULL) {
if (!BUF_MEM_grow(b, l + 1))
goto err;
p = &(b->data[lold]);
} else if (l > len) {
break;
} else
p = &(buf[lold]);
*(p++) = '/';
memcpy(p, s, (unsigned int)l1);
p += l1;
*(p++) = '=';
#ifndef CHARSET_EBCDIC /* q was assigned above already. */
q=ne->value->data;
#ifndef CHARSET_EBCDIC /* q was assigned above already. */
q = ne->value->data;
#endif
for (j=0; j<num; j++)
{
if (!gs_doit[j&3]) continue;
for (j = 0; j < num; j++) {
if (!gs_doit[j & 3])
continue;
#ifndef CHARSET_EBCDIC
n=q[j];
if ((n < ' ') || (n > '~'))
{
*(p++)='\\';
*(p++)='x';
*(p++)=hex[(n>>4)&0x0f];
*(p++)=hex[n&0x0f];
}
else
*(p++)=n;
n = q[j];
if ((n < ' ') || (n > '~')) {
*(p++) = '\\';
*(p++) = 'x';
*(p++) = hex[(n >> 4) & 0x0f];
*(p++) = hex[n & 0x0f];
} else
*(p++) = n;
#else
n=os_toascii[q[j]];
if ((n < os_toascii[' ']) ||
(n > os_toascii['~']))
{
*(p++)='\\';
*(p++)='x';
*(p++)=hex[(n>>4)&0x0f];
*(p++)=hex[n&0x0f];
}
else
*(p++)=q[j];
n = os_toascii[q[j]];
if ((n < os_toascii[' ']) || (n > os_toascii['~'])) {
*(p++) = '\\';
*(p++) = 'x';
*(p++) = hex[(n >> 4) & 0x0f];
*(p++) = hex[n & 0x0f];
} else
*(p++) = q[j];
#endif
}
*p='\0';
}
if (b != NULL)
{
p=b->data;
OPENSSL_free(b);
}
else
p=buf;
if (i == 0)
*p = '\0';
return(p);
err:
X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
if (b != NULL) BUF_MEM_free(b);
return(NULL);
}
}
*p = '\0';
}
if (b != NULL) {
p = b->data;
OPENSSL_free(b);
} else
p = buf;
if (i == 0)
*p = '\0';
return (p);
err:
X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
if (b != NULL)
BUF_MEM_free(b);
return (NULL);
}

BIN
crypto/x509/x509_obj.o
View File

Binary file not shown.

89
crypto/x509/x509_r2x.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -66,49 +66,48 @@
#include <openssl/buffer.h>
X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
{
X509 *ret=NULL;
X509_CINF *xi=NULL;
X509_NAME *xn;
{
X509 *ret = NULL;
X509_CINF *xi = NULL;
X509_NAME *xn;
if ((ret=X509_new()) == NULL)
{
X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
goto err;
}
if ((ret = X509_new()) == NULL) {
X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
goto err;
}
/* duplicate the request */
xi=ret->cert_info;
/* duplicate the request */
xi = ret->cert_info;
if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
{
if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
if (!ASN1_INTEGER_set(xi->version,2)) goto err;
/* xi->extensions=ri->attributes; <- bad, should not ever be done
ri->attributes=NULL; */
}
if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {
if ((xi->version = M_ASN1_INTEGER_new()) == NULL)
goto err;
if (!ASN1_INTEGER_set(xi->version, 2))
goto err;
/*- xi->extensions=ri->attributes; <- bad, should not ever be done
ri->attributes=NULL; */
}
xn=X509_REQ_get_subject_name(r);
if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0)
goto err;
if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0)
goto err;
xn = X509_REQ_get_subject_name(r);
if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0)
goto err;
if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0)
goto err;
if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
goto err;
if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL)
goto err;
if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
goto err;
if (X509_gmtime_adj(xi->validity->notAfter, (long)60 * 60 * 24 * days) ==
NULL)
goto err;
X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
if (!X509_sign(ret,pkey,EVP_md5()))
goto err;
if (0)
{
err:
X509_free(ret);
ret=NULL;
}
return(ret);
}
X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
if (!X509_sign(ret, pkey, EVP_md5()))
goto err;
if (0) {
err:
X509_free(ret);
ret = NULL;
}
return (ret);
}

BIN
crypto/x509/x509_r2x.o
View File

Binary file not shown.

342
crypto/x509/x509_req.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -68,249 +68,261 @@
#include <openssl/pem.h>
X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
{
X509_REQ *ret;
X509_REQ_INFO *ri;
int i;
EVP_PKEY *pktmp;
{
X509_REQ *ret;
X509_REQ_INFO *ri;
int i;
EVP_PKEY *pktmp;
ret=X509_REQ_new();
if (ret == NULL)
{
X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
goto err;
}
ret = X509_REQ_new();
if (ret == NULL) {
X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE);
goto err;
}
ri=ret->req_info;
ri = ret->req_info;
ri->version->length=1;
ri->version->data=(unsigned char *)OPENSSL_malloc(1);
if (ri->version->data == NULL) goto err;
ri->version->data[0]=0; /* version == 0 */
ri->version->length = 1;
ri->version->data = (unsigned char *)OPENSSL_malloc(1);
if (ri->version->data == NULL)
goto err;
ri->version->data[0] = 0; /* version == 0 */
if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
goto err;
if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
goto err;
pktmp = X509_get_pubkey(x);
i=X509_REQ_set_pubkey(ret,pktmp);
EVP_PKEY_free(pktmp);
if (!i) goto err;
pktmp = X509_get_pubkey(x);
if (pktmp == NULL)
goto err;
i = X509_REQ_set_pubkey(ret, pktmp);
EVP_PKEY_free(pktmp);
if (!i)
goto err;
if (pkey != NULL)
{
if (!X509_REQ_sign(ret,pkey,md))
goto err;
}
return(ret);
err:
X509_REQ_free(ret);
return(NULL);
}
if (pkey != NULL) {
if (!X509_REQ_sign(ret, pkey, md))
goto err;
}
return (ret);
err:
X509_REQ_free(ret);
return (NULL);
}
EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
{
if ((req == NULL) || (req->req_info == NULL))
return(NULL);
return(X509_PUBKEY_get(req->req_info->pubkey));
}
{
if ((req == NULL) || (req->req_info == NULL))
return (NULL);
return (X509_PUBKEY_get(req->req_info->pubkey));
}
int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
{
EVP_PKEY *xk=NULL;
int ok=0;
{
EVP_PKEY *xk = NULL;
int ok = 0;
xk=X509_REQ_get_pubkey(x);
switch (EVP_PKEY_cmp(xk, k))
{
case 1:
ok=1;
break;
case 0:
X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
break;
case -1:
X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
break;
case -2:
xk = X509_REQ_get_pubkey(x);
switch (EVP_PKEY_cmp(xk, k)) {
case 1:
ok = 1;
break;
case 0:
X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
X509_R_KEY_VALUES_MISMATCH);
break;
case -1:
X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH);
break;
case -2:
#ifndef OPENSSL_NO_EC
if (k->type == EVP_PKEY_EC)
{
X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
break;
}
if (k->type == EVP_PKEY_EC) {
X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
break;
}
#endif
#ifndef OPENSSL_NO_DH
if (k->type == EVP_PKEY_DH)
{
/* No idea */
X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
break;
}
if (k->type == EVP_PKEY_DH) {
/* No idea */
X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
X509_R_CANT_CHECK_DH_KEY);
break;
}
#endif
X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
}
X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
}
EVP_PKEY_free(xk);
return(ok);
}
EVP_PKEY_free(xk);
return (ok);
}
/* It seems several organisations had the same idea of including a list of
/*
* It seems several organisations had the same idea of including a list of
* extensions in a certificate request. There are at least two OIDs that are
* used and there may be more: so the list is configurable.
*/
static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef };
static int *ext_nids = ext_nid_list;
int X509_REQ_extension_nid(int req_nid)
{
int i, nid;
for(i = 0; ; i++) {
nid = ext_nids[i];
if(nid == NID_undef) return 0;
else if (req_nid == nid) return 1;
}
int i, nid;
for (i = 0;; i++) {
nid = ext_nids[i];
if (nid == NID_undef)
return 0;
else if (req_nid == nid)
return 1;
}
}
int *X509_REQ_get_extension_nids(void)
{
return ext_nids;
return ext_nids;
}
void X509_REQ_set_extension_nids(int *nids)
{
ext_nids = nids;
ext_nids = nids;
}
STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
{
X509_ATTRIBUTE *attr;
ASN1_TYPE *ext = NULL;
int idx, *pnid;
const unsigned char *p;
{
X509_ATTRIBUTE *attr;
ASN1_TYPE *ext = NULL;
int idx, *pnid;
const unsigned char *p;
if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
return(NULL);
for (pnid = ext_nids; *pnid != NID_undef; pnid++)
{
idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
if (idx == -1)
continue;
attr = X509_REQ_get_attr(req, idx);
if(attr->single) ext = attr->value.single;
else if(sk_ASN1_TYPE_num(attr->value.set))
ext = sk_ASN1_TYPE_value(attr->value.set, 0);
break;
}
if(!ext || (ext->type != V_ASN1_SEQUENCE))
return NULL;
p = ext->value.sequence->data;
return (STACK_OF(X509_EXTENSION) *)
ASN1_item_d2i(NULL, &p, ext->value.sequence->length,
ASN1_ITEM_rptr(X509_EXTENSIONS));
if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
return (NULL);
for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
if (idx == -1)
continue;
attr = X509_REQ_get_attr(req, idx);
if (attr->single)
ext = attr->value.single;
else if (sk_ASN1_TYPE_num(attr->value.set))
ext = sk_ASN1_TYPE_value(attr->value.set, 0);
break;
}
if (!ext || (ext->type != V_ASN1_SEQUENCE))
return NULL;
p = ext->value.sequence->data;
return (STACK_OF(X509_EXTENSION) *)
ASN1_item_d2i(NULL, &p, ext->value.sequence->length,
ASN1_ITEM_rptr(X509_EXTENSIONS));
}
/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
/*
* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
* in case we want to create a non standard one.
*/
int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
int nid)
int nid)
{
ASN1_TYPE *at = NULL;
X509_ATTRIBUTE *attr = NULL;
if(!(at = ASN1_TYPE_new()) ||
!(at->value.sequence = ASN1_STRING_new())) goto err;
ASN1_TYPE *at = NULL;
X509_ATTRIBUTE *attr = NULL;
if (!(at = ASN1_TYPE_new()) || !(at->value.sequence = ASN1_STRING_new()))
goto err;
at->type = V_ASN1_SEQUENCE;
/* Generate encoding of extensions */
at->value.sequence->length =
ASN1_item_i2d((ASN1_VALUE *)exts,
&at->value.sequence->data,
ASN1_ITEM_rptr(X509_EXTENSIONS));
if(!(attr = X509_ATTRIBUTE_new())) goto err;
if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
at = NULL;
attr->single = 0;
attr->object = OBJ_nid2obj(nid);
if (!req->req_info->attributes)
{
if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
goto err;
}
if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
return 1;
err:
X509_ATTRIBUTE_free(attr);
ASN1_TYPE_free(at);
return 0;
at->type = V_ASN1_SEQUENCE;
/* Generate encoding of extensions */
at->value.sequence->length =
ASN1_item_i2d((ASN1_VALUE *)exts,
&at->value.sequence->data,
ASN1_ITEM_rptr(X509_EXTENSIONS));
if (!(attr = X509_ATTRIBUTE_new()))
goto err;
if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
goto err;
if (!sk_ASN1_TYPE_push(attr->value.set, at))
goto err;
at = NULL;
attr->single = 0;
attr->object = OBJ_nid2obj(nid);
if (!req->req_info->attributes) {
if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
goto err;
}
if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr))
goto err;
return 1;
err:
X509_ATTRIBUTE_free(attr);
ASN1_TYPE_free(at);
return 0;
}
/* This is the normal usage: use the "official" OID */
int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
{
return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
}
/* Request attribute functions */
int X509_REQ_get_attr_count(const X509_REQ *req)
{
return X509at_get_attr_count(req->req_info->attributes);
return X509at_get_attr_count(req->req_info->attributes);
}
int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
int lastpos)
int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos)
{
return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
}
int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
int lastpos)
int lastpos)
{
return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
}
X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
{
return X509at_get_attr(req->req_info->attributes, loc);
return X509at_get_attr(req->req_info->attributes, loc);
}
X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
{
return X509at_delete_attr(req->req_info->attributes, loc);
return X509at_delete_attr(req->req_info->attributes, loc);
}
int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
{
if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
return 0;
if (X509at_add1_attr(&req->req_info->attributes, attr))
return 1;
return 0;
}
int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
const ASN1_OBJECT *obj, int type,
const unsigned char *bytes, int len)
const ASN1_OBJECT *obj, int type,
const unsigned char *bytes, int len)
{
if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
type, bytes, len)) return 1;
return 0;
if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
type, bytes, len))
return 1;
return 0;
}
int X509_REQ_add1_attr_by_NID(X509_REQ *req,
int nid, int type,
const unsigned char *bytes, int len)
int nid, int type,
const unsigned char *bytes, int len)
{
if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
type, bytes, len)) return 1;
return 0;
if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
type, bytes, len))
return 1;
return 0;
}
int X509_REQ_add1_attr_by_txt(X509_REQ *req,
const char *attrname, int type,
const unsigned char *bytes, int len)
const char *attrname, int type,
const unsigned char *bytes, int len)
{
if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
type, bytes, len)) return 1;
return 0;
if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
type, bytes, len))
return 1;
return 0;
}

BIN
crypto/x509/x509_req.o
View File

Binary file not shown.

152
crypto/x509/x509_set.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -64,87 +64,89 @@
#include <openssl/x509.h>
int X509_set_version(X509 *x, long version)
{
if (x == NULL) return(0);
if (x->cert_info->version == NULL)
{
if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
return(0);
}
return(ASN1_INTEGER_set(x->cert_info->version,version));
}
{
if (x == NULL)
return (0);
if (version == 0) {
M_ASN1_INTEGER_free(x->cert_info->version);
x->cert_info->version = NULL;
return (1);
}
if (x->cert_info->version == NULL) {
if ((x->cert_info->version = M_ASN1_INTEGER_new()) == NULL)
return (0);
}
return (ASN1_INTEGER_set(x->cert_info->version, version));
}
int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
{
ASN1_INTEGER *in;
{
ASN1_INTEGER *in;
if (x == NULL) return(0);
in=x->cert_info->serialNumber;
if (in != serial)
{
in=M_ASN1_INTEGER_dup(serial);
if (in != NULL)
{
M_ASN1_INTEGER_free(x->cert_info->serialNumber);
x->cert_info->serialNumber=in;
}
}
return(in != NULL);
}
if (x == NULL)
return (0);
in = x->cert_info->serialNumber;
if (in != serial) {
in = M_ASN1_INTEGER_dup(serial);
if (in != NULL) {
M_ASN1_INTEGER_free(x->cert_info->serialNumber);
x->cert_info->serialNumber = in;
}
}
return (in != NULL);
}
int X509_set_issuer_name(X509 *x, X509_NAME *name)
{
if ((x == NULL) || (x->cert_info == NULL)) return(0);
return(X509_NAME_set(&x->cert_info->issuer,name));
}
{
if ((x == NULL) || (x->cert_info == NULL))
return (0);
return (X509_NAME_set(&x->cert_info->issuer, name));
}
int X509_set_subject_name(X509 *x, X509_NAME *name)
{
if ((x == NULL) || (x->cert_info == NULL)) return(0);
return(X509_NAME_set(&x->cert_info->subject,name));
}
{
if ((x == NULL) || (x->cert_info == NULL))
return (0);
return (X509_NAME_set(&x->cert_info->subject, name));
}
int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
{
ASN1_TIME *in;
{
ASN1_TIME *in;
if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
in=x->cert_info->validity->notBefore;
if (in != tm)
{
in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
M_ASN1_TIME_free(x->cert_info->validity->notBefore);
x->cert_info->validity->notBefore=in;
}
}
return(in != NULL);
}
if ((x == NULL) || (x->cert_info->validity == NULL))
return (0);
in = x->cert_info->validity->notBefore;
if (in != tm) {
in = M_ASN1_TIME_dup(tm);
if (in != NULL) {
M_ASN1_TIME_free(x->cert_info->validity->notBefore);
x->cert_info->validity->notBefore = in;
}
}
return (in != NULL);
}
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
{
ASN1_TIME *in;
{
ASN1_TIME *in;
if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
in=x->cert_info->validity->notAfter;
if (in != tm)
{
in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
M_ASN1_TIME_free(x->cert_info->validity->notAfter);
x->cert_info->validity->notAfter=in;
}
}
return(in != NULL);
}
if ((x == NULL) || (x->cert_info->validity == NULL))
return (0);
in = x->cert_info->validity->notAfter;
if (in != tm) {
in = M_ASN1_TIME_dup(tm);
if (in != NULL) {
M_ASN1_TIME_free(x->cert_info->validity->notAfter);
x->cert_info->validity->notAfter = in;
}
}
return (in != NULL);
}
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
{
if ((x == NULL) || (x->cert_info == NULL)) return(0);
return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
}
{
if ((x == NULL) || (x->cert_info == NULL))
return (0);
return (X509_PUBKEY_set(&(x->cert_info->key), pkey));
}

BIN
crypto/x509/x509_set.o
View File

Binary file not shown.

326
crypto/x509/x509_trs.c
View File

@@ -1,6 +1,7 @@
/* x509_trs.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -60,9 +61,7 @@
#include "cryptlib.h"
#include <openssl/x509v3.h>
static int tr_cmp(const X509_TRUST * const *a,
const X509_TRUST * const *b);
static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
static void trtable_free(X509_TRUST *p);
static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
@@ -70,219 +69,250 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
static int obj_trust(int id, X509 *x, int flags);
static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
static int (*default_trust) (int id, X509 *x, int flags) = obj_trust;
/* WARNING: the following table should be kept in order of trust
* and without any gaps so we can just subtract the minimum trust
* value to get an index into the table
/*
* WARNING: the following table should be kept in order of trust and without
* any gaps so we can just subtract the minimum trust value to get an index
* into the table
*/
static X509_TRUST trstandard[] = {
{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL},
{X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth,
NULL},
{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth,
NULL},
{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect,
NULL},
{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign,
NULL},
{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign,
NULL},
{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP,
NULL},
{X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
};
#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
IMPLEMENT_STACK_OF(X509_TRUST)
static STACK_OF(X509_TRUST) *trtable = NULL;
static int tr_cmp(const X509_TRUST * const *a,
const X509_TRUST * const *b)
static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b)
{
return (*a)->trust - (*b)->trust;
return (*a)->trust - (*b)->trust;
}
int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
{
int (*oldtrust)(int , X509 *, int);
oldtrust = default_trust;
default_trust = trust;
return oldtrust;
int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
int) {
int (*oldtrust) (int, X509 *, int);
oldtrust = default_trust;
default_trust = trust;
return oldtrust;
}
int X509_check_trust(X509 *x, int id, int flags)
{
X509_TRUST *pt;
int idx;
if(id == -1) return 1;
idx = X509_TRUST_get_by_id(id);
if(idx == -1) return default_trust(id, x, flags);
pt = X509_TRUST_get0(idx);
return pt->check_trust(pt, x, flags);
X509_TRUST *pt;
int idx;
if (id == -1)
return 1;
/* We get this as a default value */
if (id == 0) {
int rv;
rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
if (rv != X509_TRUST_UNTRUSTED)
return rv;
return trust_compat(NULL, x, 0);
}
idx = X509_TRUST_get_by_id(id);
if (idx == -1)
return default_trust(id, x, flags);
pt = X509_TRUST_get0(idx);
return pt->check_trust(pt, x, flags);
}
int X509_TRUST_get_count(void)
{
if(!trtable) return X509_TRUST_COUNT;
return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
if (!trtable)
return X509_TRUST_COUNT;
return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
}
X509_TRUST * X509_TRUST_get0(int idx)
X509_TRUST *X509_TRUST_get0(int idx)
{
if(idx < 0) return NULL;
if(idx < (int)X509_TRUST_COUNT) return trstandard + idx;
return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
if (idx < 0)
return NULL;
if (idx < (int)X509_TRUST_COUNT)
return trstandard + idx;
return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
}
int X509_TRUST_get_by_id(int id)
{
X509_TRUST tmp;
int idx;
if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
return id - X509_TRUST_MIN;
tmp.trust = id;
if(!trtable) return -1;
idx = sk_X509_TRUST_find(trtable, &tmp);
if(idx == -1) return -1;
return idx + X509_TRUST_COUNT;
X509_TRUST tmp;
int idx;
if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
return id - X509_TRUST_MIN;
tmp.trust = id;
if (!trtable)
return -1;
idx = sk_X509_TRUST_find(trtable, &tmp);
if (idx == -1)
return -1;
return idx + X509_TRUST_COUNT;
}
int X509_TRUST_set(int *t, int trust)
{
if(X509_TRUST_get_by_id(trust) == -1) {
X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
return 0;
}
*t = trust;
return 1;
if (X509_TRUST_get_by_id(trust) == -1) {
X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
return 0;
}
*t = trust;
return 1;
}
int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
char *name, int arg1, void *arg2)
int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
char *name, int arg1, void *arg2)
{
int idx;
X509_TRUST *trtmp;
/* This is set according to what we change: application can't set it */
flags &= ~X509_TRUST_DYNAMIC;
/* This will always be set for application modified trust entries */
flags |= X509_TRUST_DYNAMIC_NAME;
/* Get existing entry if any */
idx = X509_TRUST_get_by_id(id);
/* Need a new entry */
if(idx == -1) {
if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
return 0;
}
trtmp->flags = X509_TRUST_DYNAMIC;
} else trtmp = X509_TRUST_get0(idx);
int idx;
X509_TRUST *trtmp;
/*
* This is set according to what we change: application can't set it
*/
flags &= ~X509_TRUST_DYNAMIC;
/* This will always be set for application modified trust entries */
flags |= X509_TRUST_DYNAMIC_NAME;
/* Get existing entry if any */
idx = X509_TRUST_get_by_id(id);
/* Need a new entry */
if (idx == -1) {
if (!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
return 0;
}
trtmp->flags = X509_TRUST_DYNAMIC;
} else
trtmp = X509_TRUST_get0(idx);
/* OPENSSL_free existing name if dynamic */
if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
/* dup supplied name */
if(!(trtmp->name = BUF_strdup(name))) {
X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
return 0;
}
/* Keep the dynamic flag of existing entry */
trtmp->flags &= X509_TRUST_DYNAMIC;
/* Set all other flags */
trtmp->flags |= flags;
/* OPENSSL_free existing name if dynamic */
if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
OPENSSL_free(trtmp->name);
/* dup supplied name */
if (!(trtmp->name = BUF_strdup(name))) {
X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
return 0;
}
/* Keep the dynamic flag of existing entry */
trtmp->flags &= X509_TRUST_DYNAMIC;
/* Set all other flags */
trtmp->flags |= flags;
trtmp->trust = id;
trtmp->check_trust = ck;
trtmp->arg1 = arg1;
trtmp->arg2 = arg2;
trtmp->trust = id;
trtmp->check_trust = ck;
trtmp->arg1 = arg1;
trtmp->arg2 = arg2;
/* If its a new entry manage the dynamic table */
if(idx == -1) {
if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
return 0;
}
if (!sk_X509_TRUST_push(trtable, trtmp)) {
X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
return 0;
}
}
return 1;
/* If its a new entry manage the dynamic table */
if (idx == -1) {
if (!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!sk_X509_TRUST_push(trtable, trtmp)) {
X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
return 0;
}
}
return 1;
}
static void trtable_free(X509_TRUST *p)
{
if(!p) return;
if (p->flags & X509_TRUST_DYNAMIC)
{
if (p->flags & X509_TRUST_DYNAMIC_NAME)
OPENSSL_free(p->name);
OPENSSL_free(p);
}
}
{
if (!p)
return;
if (p->flags & X509_TRUST_DYNAMIC) {
if (p->flags & X509_TRUST_DYNAMIC_NAME)
OPENSSL_free(p->name);
OPENSSL_free(p);
}
}
void X509_TRUST_cleanup(void)
{
unsigned int i;
for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
sk_X509_TRUST_pop_free(trtable, trtable_free);
trtable = NULL;
unsigned int i;
for (i = 0; i < X509_TRUST_COUNT; i++)
trtable_free(trstandard + i);
sk_X509_TRUST_pop_free(trtable, trtable_free);
trtable = NULL;
}
int X509_TRUST_get_flags(X509_TRUST *xp)
{
return xp->flags;
return xp->flags;
}
char *X509_TRUST_get0_name(X509_TRUST *xp)
{
return xp->name;
return xp->name;
}
int X509_TRUST_get_trust(X509_TRUST *xp)
{
return xp->trust;
return xp->trust;
}
static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
{
if(x->aux && (x->aux->trust || x->aux->reject))
return obj_trust(trust->arg1, x, flags);
/* we don't have any trust settings: for compatibility
* we return trusted if it is self signed
*/
return trust_compat(trust, x, flags);
if (x->aux && (x->aux->trust || x->aux->reject))
return obj_trust(trust->arg1, x, flags);
/*
* we don't have any trust settings: for compatibility we return trusted
* if it is self signed
*/
return trust_compat(trust, x, flags);
}
static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
{
if(x->aux) return obj_trust(trust->arg1, x, flags);
return X509_TRUST_UNTRUSTED;
if (x->aux)
return obj_trust(trust->arg1, x, flags);
return X509_TRUST_UNTRUSTED;
}
static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
{
X509_check_purpose(x, -1, 0);
if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
else return X509_TRUST_UNTRUSTED;
X509_check_purpose(x, -1, 0);
if (x->ex_flags & EXFLAG_SS)
return X509_TRUST_TRUSTED;
else
return X509_TRUST_UNTRUSTED;
}
static int obj_trust(int id, X509 *x, int flags)
{
ASN1_OBJECT *obj;
int i;
X509_CERT_AUX *ax;
ax = x->aux;
if(!ax) return X509_TRUST_UNTRUSTED;
if(ax->reject) {
for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
obj = sk_ASN1_OBJECT_value(ax->reject, i);
if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
}
}
if(ax->trust) {
for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
obj = sk_ASN1_OBJECT_value(ax->trust, i);
if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
}
}
return X509_TRUST_UNTRUSTED;
ASN1_OBJECT *obj;
int i;
X509_CERT_AUX *ax;
ax = x->aux;
if (!ax)
return X509_TRUST_UNTRUSTED;
if (ax->reject) {
for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
obj = sk_ASN1_OBJECT_value(ax->reject, i);
if (OBJ_obj2nid(obj) == id)
return X509_TRUST_REJECTED;
}
}
if (ax->trust) {
for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
obj = sk_ASN1_OBJECT_value(ax->trust, i);
if (OBJ_obj2nid(obj) == id)
return X509_TRUST_TRUSTED;
}
}
return X509_TRUST_UNTRUSTED;
}

BIN
crypto/x509/x509_trs.o
View File

Binary file not shown.

264
crypto/x509/x509_txt.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -69,125 +69,143 @@
#include <openssl/objects.h>
const char *X509_verify_cert_error_string(long n)
{
static char buf[100];
{
static char buf[100];
switch ((int)n)
{
case X509_V_OK:
return("ok");
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
return("unable to get issuer certificate");
case X509_V_ERR_UNABLE_TO_GET_CRL:
return("unable to get certificate CRL");
case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
return("unable to decrypt certificate's signature");
case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
return("unable to decrypt CRL's signature");
case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
return("unable to decode issuer public key");
case X509_V_ERR_CERT_SIGNATURE_FAILURE:
return("certificate signature failure");
case X509_V_ERR_CRL_SIGNATURE_FAILURE:
return("CRL signature failure");
case X509_V_ERR_CERT_NOT_YET_VALID:
return("certificate is not yet valid");
case X509_V_ERR_CRL_NOT_YET_VALID:
return("CRL is not yet valid");
case X509_V_ERR_CERT_HAS_EXPIRED:
return("certificate has expired");
case X509_V_ERR_CRL_HAS_EXPIRED:
return("CRL has expired");
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
return("format error in certificate's notBefore field");
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
return("format error in certificate's notAfter field");
case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
return("format error in CRL's lastUpdate field");
case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
return("format error in CRL's nextUpdate field");
case X509_V_ERR_OUT_OF_MEM:
return("out of memory");
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
return("self signed certificate");
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
return("self signed certificate in certificate chain");
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
return("unable to get local issuer certificate");
case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
return("unable to verify the first certificate");
case X509_V_ERR_CERT_CHAIN_TOO_LONG:
return("certificate chain too long");
case X509_V_ERR_CERT_REVOKED:
return("certificate revoked");
case X509_V_ERR_INVALID_CA:
return ("invalid CA certificate");
case X509_V_ERR_INVALID_NON_CA:
return ("invalid non-CA certificate (has CA markings)");
case X509_V_ERR_PATH_LENGTH_EXCEEDED:
return ("path length constraint exceeded");
case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
return("proxy path length constraint exceeded");
case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
return("proxy certificates not allowed, please set the appropriate flag");
case X509_V_ERR_INVALID_PURPOSE:
return ("unsupported certificate purpose");
case X509_V_ERR_CERT_UNTRUSTED:
return ("certificate not trusted");
case X509_V_ERR_CERT_REJECTED:
return ("certificate rejected");
case X509_V_ERR_APPLICATION_VERIFICATION:
return("application verification failure");
case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
return("subject issuer mismatch");
case X509_V_ERR_AKID_SKID_MISMATCH:
return("authority and subject key identifier mismatch");
case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
return("authority and issuer serial number mismatch");
case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
return("key usage does not include certificate signing");
case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
return("unable to get CRL issuer certificate");
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
return("unhandled critical extension");
case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
return("key usage does not include CRL signing");
case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
return("key usage does not include digital signature");
case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
return("unhandled critical CRL extension");
case X509_V_ERR_INVALID_EXTENSION:
return("invalid or inconsistent certificate extension");
case X509_V_ERR_INVALID_POLICY_EXTENSION:
return("invalid or inconsistent certificate policy extension");
case X509_V_ERR_NO_EXPLICIT_POLICY:
return("no explicit policy");
case X509_V_ERR_DIFFERENT_CRL_SCOPE:
return("Different CRL scope");
case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE:
return("Unsupported extension feature");
case X509_V_ERR_UNNESTED_RESOURCE:
return("RFC 3779 resource not subset of parent's resources");
switch ((int)n) {
case X509_V_OK:
return ("ok");
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
return ("unable to get issuer certificate");
case X509_V_ERR_UNABLE_TO_GET_CRL:
return ("unable to get certificate CRL");
case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
return ("unable to decrypt certificate's signature");
case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
return ("unable to decrypt CRL's signature");
case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
return ("unable to decode issuer public key");
case X509_V_ERR_CERT_SIGNATURE_FAILURE:
return ("certificate signature failure");
case X509_V_ERR_CRL_SIGNATURE_FAILURE:
return ("CRL signature failure");
case X509_V_ERR_CERT_NOT_YET_VALID:
return ("certificate is not yet valid");
case X509_V_ERR_CRL_NOT_YET_VALID:
return ("CRL is not yet valid");
case X509_V_ERR_CERT_HAS_EXPIRED:
return ("certificate has expired");
case X509_V_ERR_CRL_HAS_EXPIRED:
return ("CRL has expired");
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
return ("format error in certificate's notBefore field");
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
return ("format error in certificate's notAfter field");
case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
return ("format error in CRL's lastUpdate field");
case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
return ("format error in CRL's nextUpdate field");
case X509_V_ERR_OUT_OF_MEM:
return ("out of memory");
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
return ("self signed certificate");
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
return ("self signed certificate in certificate chain");
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
return ("unable to get local issuer certificate");
case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
return ("unable to verify the first certificate");
case X509_V_ERR_CERT_CHAIN_TOO_LONG:
return ("certificate chain too long");
case X509_V_ERR_CERT_REVOKED:
return ("certificate revoked");
case X509_V_ERR_INVALID_CA:
return ("invalid CA certificate");
case X509_V_ERR_INVALID_NON_CA:
return ("invalid non-CA certificate (has CA markings)");
case X509_V_ERR_PATH_LENGTH_EXCEEDED:
return ("path length constraint exceeded");
case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
return ("proxy path length constraint exceeded");
case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
return
("proxy certificates not allowed, please set the appropriate flag");
case X509_V_ERR_INVALID_PURPOSE:
return ("unsupported certificate purpose");
case X509_V_ERR_CERT_UNTRUSTED:
return ("certificate not trusted");
case X509_V_ERR_CERT_REJECTED:
return ("certificate rejected");
case X509_V_ERR_APPLICATION_VERIFICATION:
return ("application verification failure");
case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
return ("subject issuer mismatch");
case X509_V_ERR_AKID_SKID_MISMATCH:
return ("authority and subject key identifier mismatch");
case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
return ("authority and issuer serial number mismatch");
case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
return ("key usage does not include certificate signing");
case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
return ("unable to get CRL issuer certificate");
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
return ("unhandled critical extension");
case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
return ("key usage does not include CRL signing");
case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
return ("key usage does not include digital signature");
case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
return ("unhandled critical CRL extension");
case X509_V_ERR_INVALID_EXTENSION:
return ("invalid or inconsistent certificate extension");
case X509_V_ERR_INVALID_POLICY_EXTENSION:
return ("invalid or inconsistent certificate policy extension");
case X509_V_ERR_NO_EXPLICIT_POLICY:
return ("no explicit policy");
case X509_V_ERR_DIFFERENT_CRL_SCOPE:
return ("Different CRL scope");
case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE:
return ("Unsupported extension feature");
case X509_V_ERR_UNNESTED_RESOURCE:
return ("RFC 3779 resource not subset of parent's resources");
case X509_V_ERR_PERMITTED_VIOLATION:
return("permitted subtree violation");
case X509_V_ERR_EXCLUDED_VIOLATION:
return("excluded subtree violation");
case X509_V_ERR_SUBTREE_MINMAX:
return("name constraints minimum and maximum not supported");
case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
return("unsupported name constraint type");
case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
return("unsupported or invalid name constraint syntax");
case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
return("unsupported or invalid name syntax");
case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
return("CRL path validation error");
case X509_V_ERR_PERMITTED_VIOLATION:
return ("permitted subtree violation");
case X509_V_ERR_EXCLUDED_VIOLATION:
return ("excluded subtree violation");
case X509_V_ERR_SUBTREE_MINMAX:
return ("name constraints minimum and maximum not supported");
case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
return ("unsupported name constraint type");
case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
return ("unsupported or invalid name constraint syntax");
case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
return ("unsupported or invalid name syntax");
case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
return ("CRL path validation error");
default:
BIO_snprintf(buf,sizeof buf,"error number %ld",n);
return(buf);
}
}
case X509_V_ERR_SUITE_B_INVALID_VERSION:
return ("Suite B: certificate version invalid");
case X509_V_ERR_SUITE_B_INVALID_ALGORITHM:
return ("Suite B: invalid public key algorithm");
case X509_V_ERR_SUITE_B_INVALID_CURVE:
return ("Suite B: invalid ECC curve");
case X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM:
return ("Suite B: invalid signature algorithm");
case X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED:
return ("Suite B: curve not allowed for this LOS");
case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256:
return ("Suite B: cannot sign P-384 with P-256");
case X509_V_ERR_HOSTNAME_MISMATCH:
return ("Hostname mismatch");
case X509_V_ERR_EMAIL_MISMATCH:
return ("Email address mismatch");
case X509_V_ERR_IP_ADDRESS_MISMATCH:
return ("IP address mismatch");
default:
BIO_snprintf(buf, sizeof buf, "error number %ld", n);
return (buf);
}
}

BIN
crypto/x509/x509_txt.o
View File

Binary file not shown.

356
crypto/x509/x509_v3.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -66,209 +66,219 @@
#include <openssl/x509v3.h>
int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
{
if (x == NULL) return(0);
return(sk_X509_EXTENSION_num(x));
}
{
if (x == NULL)
return (0);
return (sk_X509_EXTENSION_num(x));
}
int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
int lastpos)
{
ASN1_OBJECT *obj;
int lastpos)
{
ASN1_OBJECT *obj;
obj=OBJ_nid2obj(nid);
if (obj == NULL) return(-2);
return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
}
obj = OBJ_nid2obj(nid);
if (obj == NULL)
return (-2);
return (X509v3_get_ext_by_OBJ(x, obj, lastpos));
}
int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
int lastpos)
{
int n;
X509_EXTENSION *ex;
int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
ASN1_OBJECT *obj, int lastpos)
{
int n;
X509_EXTENSION *ex;
if (sk == NULL) return(-1);
lastpos++;
if (lastpos < 0)
lastpos=0;
n=sk_X509_EXTENSION_num(sk);
for ( ; lastpos < n; lastpos++)
{
ex=sk_X509_EXTENSION_value(sk,lastpos);
if (OBJ_cmp(ex->object,obj) == 0)
return(lastpos);
}
return(-1);
}
if (sk == NULL)
return (-1);
lastpos++;
if (lastpos < 0)
lastpos = 0;
n = sk_X509_EXTENSION_num(sk);
for (; lastpos < n; lastpos++) {
ex = sk_X509_EXTENSION_value(sk, lastpos);
if (OBJ_cmp(ex->object, obj) == 0)
return (lastpos);
}
return (-1);
}
int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
int lastpos)
{
int n;
X509_EXTENSION *ex;
int lastpos)
{
int n;
X509_EXTENSION *ex;
if (sk == NULL) return(-1);
lastpos++;
if (lastpos < 0)
lastpos=0;
n=sk_X509_EXTENSION_num(sk);
for ( ; lastpos < n; lastpos++)
{
ex=sk_X509_EXTENSION_value(sk,lastpos);
if ( ((ex->critical > 0) && crit) ||
((ex->critical <= 0) && !crit))
return(lastpos);
}
return(-1);
}
if (sk == NULL)
return (-1);
lastpos++;
if (lastpos < 0)
lastpos = 0;
n = sk_X509_EXTENSION_num(sk);
for (; lastpos < n; lastpos++) {
ex = sk_X509_EXTENSION_value(sk, lastpos);
if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit))
return (lastpos);
}
return (-1);
}
X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
{
if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
return NULL;
else
return sk_X509_EXTENSION_value(x,loc);
}
{
if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
return NULL;
else
return sk_X509_EXTENSION_value(x, loc);
}
X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
{
X509_EXTENSION *ret;
{
X509_EXTENSION *ret;
if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
return(NULL);
ret=sk_X509_EXTENSION_delete(x,loc);
return(ret);
}
if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
return (NULL);
ret = sk_X509_EXTENSION_delete(x, loc);
return (ret);
}
STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
X509_EXTENSION *ex, int loc)
{
X509_EXTENSION *new_ex=NULL;
int n;
STACK_OF(X509_EXTENSION) *sk=NULL;
X509_EXTENSION *ex, int loc)
{
X509_EXTENSION *new_ex = NULL;
int n;
STACK_OF(X509_EXTENSION) *sk = NULL;
if (x == NULL)
{
X509err(X509_F_X509V3_ADD_EXT,ERR_R_PASSED_NULL_PARAMETER);
goto err2;
}
if (x == NULL) {
X509err(X509_F_X509V3_ADD_EXT, ERR_R_PASSED_NULL_PARAMETER);
goto err2;
}
if (*x == NULL)
{
if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
goto err;
}
else
sk= *x;
if (*x == NULL) {
if ((sk = sk_X509_EXTENSION_new_null()) == NULL)
goto err;
} else
sk = *x;
n=sk_X509_EXTENSION_num(sk);
if (loc > n) loc=n;
else if (loc < 0) loc=n;
n = sk_X509_EXTENSION_num(sk);
if (loc > n)
loc = n;
else if (loc < 0)
loc = n;
if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
goto err2;
if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
goto err;
if (*x == NULL)
*x=sk;
return(sk);
err:
X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
err2:
if (new_ex != NULL) X509_EXTENSION_free(new_ex);
if (sk != NULL) sk_X509_EXTENSION_free(sk);
return(NULL);
}
if ((new_ex = X509_EXTENSION_dup(ex)) == NULL)
goto err2;
if (!sk_X509_EXTENSION_insert(sk, new_ex, loc))
goto err;
if (*x == NULL)
*x = sk;
return (sk);
err:
X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
err2:
if (new_ex != NULL)
X509_EXTENSION_free(new_ex);
if (sk != NULL)
sk_X509_EXTENSION_free(sk);
return (NULL);
}
X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
int crit, ASN1_OCTET_STRING *data)
{
ASN1_OBJECT *obj;
X509_EXTENSION *ret;
int crit,
ASN1_OCTET_STRING *data)
{
ASN1_OBJECT *obj;
X509_EXTENSION *ret;
obj=OBJ_nid2obj(nid);
if (obj == NULL)
{
X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
return(NULL);
}
ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
if (ret == NULL) ASN1_OBJECT_free(obj);
return(ret);
}
obj = OBJ_nid2obj(nid);
if (obj == NULL) {
X509err(X509_F_X509_EXTENSION_CREATE_BY_NID, X509_R_UNKNOWN_NID);
return (NULL);
}
ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data);
if (ret == NULL)
ASN1_OBJECT_free(obj);
return (ret);
}
X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
{
X509_EXTENSION *ret;
ASN1_OBJECT *obj, int crit,
ASN1_OCTET_STRING *data)
{
X509_EXTENSION *ret;
if ((ex == NULL) || (*ex == NULL))
{
if ((ret=X509_EXTENSION_new()) == NULL)
{
X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
return(NULL);
}
}
else
ret= *ex;
if ((ex == NULL) || (*ex == NULL)) {
if ((ret = X509_EXTENSION_new()) == NULL) {
X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,
ERR_R_MALLOC_FAILURE);
return (NULL);
}
} else
ret = *ex;
if (!X509_EXTENSION_set_object(ret,obj))
goto err;
if (!X509_EXTENSION_set_critical(ret,crit))
goto err;
if (!X509_EXTENSION_set_data(ret,data))
goto err;
if ((ex != NULL) && (*ex == NULL)) *ex=ret;
return(ret);
err:
if ((ex == NULL) || (ret != *ex))
X509_EXTENSION_free(ret);
return(NULL);
}
if (!X509_EXTENSION_set_object(ret, obj))
goto err;
if (!X509_EXTENSION_set_critical(ret, crit))
goto err;
if (!X509_EXTENSION_set_data(ret, data))
goto err;
if ((ex != NULL) && (*ex == NULL))
*ex = ret;
return (ret);
err:
if ((ex == NULL) || (ret != *ex))
X509_EXTENSION_free(ret);
return (NULL);
}
int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
{
if ((ex == NULL) || (obj == NULL))
return(0);
ASN1_OBJECT_free(ex->object);
ex->object=OBJ_dup(obj);
return(1);
}
{
if ((ex == NULL) || (obj == NULL))
return (0);
ASN1_OBJECT_free(ex->object);
ex->object = OBJ_dup(obj);
return (1);
}
int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
{
if (ex == NULL) return(0);
ex->critical=(crit)?0xFF:-1;
return(1);
}
{
if (ex == NULL)
return (0);
ex->critical = (crit) ? 0xFF : -1;
return (1);
}
int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
{
int i;
{
int i;
if (ex == NULL) return(0);
i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
if (!i) return(0);
return(1);
}
if (ex == NULL)
return (0);
i = M_ASN1_OCTET_STRING_set(ex->value, data->data, data->length);
if (!i)
return (0);
return (1);
}
ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
{
if (ex == NULL) return(NULL);
return(ex->object);
}
{
if (ex == NULL)
return (NULL);
return (ex->object);
}
ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
{
if (ex == NULL) return(NULL);
return(ex->value);
}
{
if (ex == NULL)
return (NULL);
return (ex->value);
}
int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
{
if (ex == NULL) return(0);
if(ex->critical > 0) return 1;
return 0;
}
{
if (ex == NULL)
return (0);
if (ex->critical > 0)
return 1;
return 0;
}

BIN
crypto/x509/x509_v3.o
View File

Binary file not shown.

3732
crypto/x509/x509_vfy.c
View File

File diff suppressed because it is too large Load Diff

746
crypto/x509/x509_vfy.h
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -57,55 +57,55 @@
*/
#ifndef HEADER_X509_H
#include <openssl/x509.h>
/* openssl/x509.h ends up #include-ing this file at about the only
* appropriate moment. */
# include <openssl/x509.h>
/*
* openssl/x509.h ends up #include-ing this file at about the only
* appropriate moment.
*/
#endif
#ifndef HEADER_X509_VFY_H
#define HEADER_X509_VFY_H
# define HEADER_X509_VFY_H
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_LHASH
#include <openssl/lhash.h>
#endif
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/symhacks.h>
# include <openssl/opensslconf.h>
# ifndef OPENSSL_NO_LHASH
# include <openssl/lhash.h>
# endif
# include <openssl/bio.h>
# include <openssl/crypto.h>
# include <openssl/symhacks.h>
#ifdef __cplusplus
extern "C" {
#endif
#if 0
# if 0
/* Outer object */
typedef struct x509_hash_dir_st
{
int num_dirs;
char **dirs;
int *dirs_type;
int num_dirs_alloced;
} X509_HASH_DIR_CTX;
#endif
typedef struct x509_hash_dir_st {
int num_dirs;
char **dirs;
int *dirs_type;
int num_dirs_alloced;
} X509_HASH_DIR_CTX;
# endif
typedef struct x509_file_st
{
int num_paths; /* number of paths to files or directories */
int num_alloced;
char **paths; /* the list of paths or directories */
int *path_type;
} X509_CERT_FILE_CTX;
typedef struct x509_file_st {
int num_paths; /* number of paths to files or directories */
int num_alloced;
char **paths; /* the list of paths or directories */
int *path_type;
} X509_CERT_FILE_CTX;
/*******************************/
/*
SSL_CTX -> X509_STORE
-> X509_LOOKUP
->X509_LOOKUP_METHOD
-> X509_LOOKUP
->X509_LOOKUP_METHOD
SSL -> X509_STORE_CTX
->X509_STORE
/*-
SSL_CTX -> X509_STORE
-> X509_LOOKUP
->X509_LOOKUP_METHOD
-> X509_LOOKUP
->X509_LOOKUP_METHOD
SSL -> X509_STORE_CTX
->X509_STORE
The X509_STORE holds the tables etc for verification stuff.
A X509_STORE_CTX is used while validating a single certificate.
@@ -114,23 +114,22 @@ The X509_STORE then calls a function to actually verify the
certificate chain.
*/
#define X509_LU_RETRY -1
#define X509_LU_FAIL 0
#define X509_LU_X509 1
#define X509_LU_CRL 2
#define X509_LU_PKEY 3
# define X509_LU_RETRY -1
# define X509_LU_FAIL 0
# define X509_LU_X509 1
# define X509_LU_CRL 2
# define X509_LU_PKEY 3
typedef struct x509_object_st
{
/* one of the above types */
int type;
union {
char *ptr;
X509 *x509;
X509_CRL *crl;
EVP_PKEY *pkey;
} data;
} X509_OBJECT;
typedef struct x509_object_st {
/* one of the above types */
int type;
union {
char *ptr;
X509 *x509;
X509_CRL *crl;
EVP_PKEY *pkey;
} data;
} X509_OBJECT;
typedef struct x509_lookup_st X509_LOOKUP;
@@ -138,289 +137,345 @@ DECLARE_STACK_OF(X509_LOOKUP)
DECLARE_STACK_OF(X509_OBJECT)
/* This is a static that defines the function interface */
typedef struct x509_lookup_method_st
{
const char *name;
int (*new_item)(X509_LOOKUP *ctx);
void (*free)(X509_LOOKUP *ctx);
int (*init)(X509_LOOKUP *ctx);
int (*shutdown)(X509_LOOKUP *ctx);
int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
char **ret);
int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
X509_OBJECT *ret);
int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
ASN1_INTEGER *serial,X509_OBJECT *ret);
int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
unsigned char *bytes,int len,
X509_OBJECT *ret);
int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
X509_OBJECT *ret);
} X509_LOOKUP_METHOD;
typedef struct x509_lookup_method_st {
const char *name;
int (*new_item) (X509_LOOKUP *ctx);
void (*free) (X509_LOOKUP *ctx);
int (*init) (X509_LOOKUP *ctx);
int (*shutdown) (X509_LOOKUP *ctx);
int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
char **ret);
int (*get_by_subject) (X509_LOOKUP *ctx, int type, X509_NAME *name,
X509_OBJECT *ret);
int (*get_by_issuer_serial) (X509_LOOKUP *ctx, int type, X509_NAME *name,
ASN1_INTEGER *serial, X509_OBJECT *ret);
int (*get_by_fingerprint) (X509_LOOKUP *ctx, int type,
unsigned char *bytes, int len,
X509_OBJECT *ret);
int (*get_by_alias) (X509_LOOKUP *ctx, int type, char *str, int len,
X509_OBJECT *ret);
} X509_LOOKUP_METHOD;
/* This structure hold all parameters associated with a verify operation
* by including an X509_VERIFY_PARAM structure in related structures the
typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
/*
* This structure hold all parameters associated with a verify operation by
* including an X509_VERIFY_PARAM structure in related structures the
* parameters used can be customized
*/
typedef struct X509_VERIFY_PARAM_st
{
char *name;
time_t check_time; /* Time to use */
unsigned long inh_flags; /* Inheritance flags */
unsigned long flags; /* Various verify flags */
int purpose; /* purpose to check untrusted certificates */
int trust; /* trust setting to check */
int depth; /* Verify depth */
STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
} X509_VERIFY_PARAM;
typedef struct X509_VERIFY_PARAM_st {
char *name;
time_t check_time; /* Time to use */
unsigned long inh_flags; /* Inheritance flags */
unsigned long flags; /* Various verify flags */
int purpose; /* purpose to check untrusted certificates */
int trust; /* trust setting to check */
int depth; /* Verify depth */
STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
X509_VERIFY_PARAM_ID *id; /* opaque ID data */
} X509_VERIFY_PARAM;
DECLARE_STACK_OF(X509_VERIFY_PARAM)
/* This is used to hold everything. It is used for all certificate
* validation. Once we have a certificate chain, the 'verify'
* function is then called to actually check the cert chain. */
struct x509_store_st
{
/* The following is a cache of trusted certs */
int cache; /* if true, stash any hits */
STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
/* These are external lookup methods */
STACK_OF(X509_LOOKUP) *get_cert_methods;
X509_VERIFY_PARAM *param;
/* Callbacks for various operations */
int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
int (*cleanup)(X509_STORE_CTX *ctx);
CRYPTO_EX_DATA ex_data;
int references;
} /* X509_STORE */;
/*
* This is used to hold everything. It is used for all certificate
* validation. Once we have a certificate chain, the 'verify' function is
* then called to actually check the cert chain.
*/
struct x509_store_st {
/* The following is a cache of trusted certs */
int cache; /* if true, stash any hits */
STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
/* These are external lookup methods */
STACK_OF(X509_LOOKUP) *get_cert_methods;
X509_VERIFY_PARAM *param;
/* Callbacks for various operations */
/* called to verify a certificate */
int (*verify) (X509_STORE_CTX *ctx);
/* error callback */
int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
/* get issuers cert from ctx */
int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
/* check issued */
int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
/* Check revocation status of chain */
int (*check_revocation) (X509_STORE_CTX *ctx);
/* retrieve CRL */
int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
/* Check CRL validity */
int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
/* Check certificate against CRL */
int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
int (*cleanup) (X509_STORE_CTX *ctx);
CRYPTO_EX_DATA ex_data;
int references;
} /* X509_STORE */ ;
int X509_STORE_set_depth(X509_STORE *store, int depth);
#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
# define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
/* This is the functions plus an instance of the local variables. */
struct x509_lookup_st
{
int init; /* have we been started */
int skip; /* don't use us. */
X509_LOOKUP_METHOD *method; /* the functions */
char *method_data; /* method data */
struct x509_lookup_st {
int init; /* have we been started */
int skip; /* don't use us. */
X509_LOOKUP_METHOD *method; /* the functions */
char *method_data; /* method data */
X509_STORE *store_ctx; /* who owns us */
} /* X509_LOOKUP */ ;
X509_STORE *store_ctx; /* who owns us */
} /* X509_LOOKUP */;
/* This is a used when verifying cert chains. Since the
* gathering of the cert chain can take some time (and have to be
* 'retried', this needs to be kept and passed around. */
struct x509_store_ctx_st /* X509_STORE_CTX */
{
X509_STORE *ctx;
int current_method; /* used when looking up certs */
/* The following are set by the caller */
X509 *cert; /* The cert to check */
STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */
X509_VERIFY_PARAM *param;
void *other_ctx; /* Other info for use with get_issuer() */
/* Callbacks for various operations */
int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
int (*check_policy)(X509_STORE_CTX *ctx);
STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
int (*cleanup)(X509_STORE_CTX *ctx);
/* The following is built up */
int valid; /* if 0, rebuild chain */
int last_untrusted; /* index of last untrusted cert */
STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
X509_POLICY_TREE *tree; /* Valid policy tree */
int explicit_policy; /* Require explicit policy value */
/* When something goes wrong, this is why */
int error_depth;
int error;
X509 *current_cert;
X509 *current_issuer; /* cert currently being tested as valid issuer */
X509_CRL *current_crl; /* current CRL */
int current_crl_score; /* score of current CRL */
unsigned int current_reasons; /* Reason mask */
X509_STORE_CTX *parent; /* For CRL path validation: parent context */
CRYPTO_EX_DATA ex_data;
} /* X509_STORE_CTX */;
/*
* This is a used when verifying cert chains. Since the gathering of the
* cert chain can take some time (and have to be 'retried', this needs to be
* kept and passed around.
*/
struct x509_store_ctx_st { /* X509_STORE_CTX */
X509_STORE *ctx;
/* used when looking up certs */
int current_method;
/* The following are set by the caller */
/* The cert to check */
X509 *cert;
/* chain of X509s - untrusted - passed in */
STACK_OF(X509) *untrusted;
/* set of CRLs passed in */
STACK_OF(X509_CRL) *crls;
X509_VERIFY_PARAM *param;
/* Other info for use with get_issuer() */
void *other_ctx;
/* Callbacks for various operations */
/* called to verify a certificate */
int (*verify) (X509_STORE_CTX *ctx);
/* error callback */
int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
/* get issuers cert from ctx */
int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
/* check issued */
int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
/* Check revocation status of chain */
int (*check_revocation) (X509_STORE_CTX *ctx);
/* retrieve CRL */
int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
/* Check CRL validity */
int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
/* Check certificate against CRL */
int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
int (*check_policy) (X509_STORE_CTX *ctx);
STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
int (*cleanup) (X509_STORE_CTX *ctx);
/* The following is built up */
/* if 0, rebuild chain */
int valid;
/* index of last untrusted cert */
int last_untrusted;
/* chain of X509s - built up and trusted */
STACK_OF(X509) *chain;
/* Valid policy tree */
X509_POLICY_TREE *tree;
/* Require explicit policy value */
int explicit_policy;
/* When something goes wrong, this is why */
int error_depth;
int error;
X509 *current_cert;
/* cert currently being tested as valid issuer */
X509 *current_issuer;
/* current CRL */
X509_CRL *current_crl;
/* score of current CRL */
int current_crl_score;
/* Reason mask */
unsigned int current_reasons;
/* For CRL path validation: parent context */
X509_STORE_CTX *parent;
CRYPTO_EX_DATA ex_data;
} /* X509_STORE_CTX */ ;
void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
#define X509_STORE_CTX_set_app_data(ctx,data) \
X509_STORE_CTX_set_ex_data(ctx,0,data)
#define X509_STORE_CTX_get_app_data(ctx) \
X509_STORE_CTX_get_ex_data(ctx,0)
# define X509_STORE_CTX_set_app_data(ctx,data) \
X509_STORE_CTX_set_ex_data(ctx,0,data)
# define X509_STORE_CTX_get_app_data(ctx) \
X509_STORE_CTX_get_ex_data(ctx,0)
#define X509_L_FILE_LOAD 1
#define X509_L_ADD_DIR 2
# define X509_L_FILE_LOAD 1
# define X509_L_ADD_DIR 2
#define X509_LOOKUP_load_file(x,name,type) \
X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
# define X509_LOOKUP_load_file(x,name,type) \
X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
#define X509_LOOKUP_add_dir(x,name,type) \
X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
# define X509_LOOKUP_add_dir(x,name,type) \
X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
#define X509_V_OK 0
# define X509_V_OK 0
/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
#define X509_V_ERR_UNABLE_TO_GET_CRL 3
#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
#define X509_V_ERR_CERT_NOT_YET_VALID 9
#define X509_V_ERR_CERT_HAS_EXPIRED 10
#define X509_V_ERR_CRL_NOT_YET_VALID 11
#define X509_V_ERR_CRL_HAS_EXPIRED 12
#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
#define X509_V_ERR_OUT_OF_MEM 17
#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
#define X509_V_ERR_CERT_REVOKED 23
#define X509_V_ERR_INVALID_CA 24
#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
#define X509_V_ERR_INVALID_PURPOSE 26
#define X509_V_ERR_CERT_UNTRUSTED 27
#define X509_V_ERR_CERT_REJECTED 28
# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
# define X509_V_ERR_UNABLE_TO_GET_CRL 3
# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
# define X509_V_ERR_CERT_NOT_YET_VALID 9
# define X509_V_ERR_CERT_HAS_EXPIRED 10
# define X509_V_ERR_CRL_NOT_YET_VALID 11
# define X509_V_ERR_CRL_HAS_EXPIRED 12
# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
# define X509_V_ERR_OUT_OF_MEM 17
# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
# define X509_V_ERR_CERT_REVOKED 23
# define X509_V_ERR_INVALID_CA 24
# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
# define X509_V_ERR_INVALID_PURPOSE 26
# define X509_V_ERR_CERT_UNTRUSTED 27
# define X509_V_ERR_CERT_REJECTED 28
/* These are 'informational' when looking for issuer cert */
#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
#define X509_V_ERR_AKID_SKID_MISMATCH 30
#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
# define X509_V_ERR_AKID_SKID_MISMATCH 30
# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
#define X509_V_ERR_INVALID_NON_CA 37
#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
# define X509_V_ERR_INVALID_NON_CA 37
# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
#define X509_V_ERR_INVALID_EXTENSION 41
#define X509_V_ERR_INVALID_POLICY_EXTENSION 42
#define X509_V_ERR_NO_EXPLICIT_POLICY 43
#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
# define X509_V_ERR_INVALID_EXTENSION 41
# define X509_V_ERR_INVALID_POLICY_EXTENSION 42
# define X509_V_ERR_NO_EXPLICIT_POLICY 43
# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
#define X509_V_ERR_UNNESTED_RESOURCE 46
# define X509_V_ERR_UNNESTED_RESOURCE 46
#define X509_V_ERR_PERMITTED_VIOLATION 47
#define X509_V_ERR_EXCLUDED_VIOLATION 48
#define X509_V_ERR_SUBTREE_MINMAX 49
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
# define X509_V_ERR_PERMITTED_VIOLATION 47
# define X509_V_ERR_EXCLUDED_VIOLATION 48
# define X509_V_ERR_SUBTREE_MINMAX 49
# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
/* Suite B mode algorithm violation */
# define X509_V_ERR_SUITE_B_INVALID_VERSION 56
# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
# define X509_V_ERR_SUITE_B_INVALID_CURVE 58
# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
/* Host, email and IP check errors */
# define X509_V_ERR_HOSTNAME_MISMATCH 62
# define X509_V_ERR_EMAIL_MISMATCH 63
# define X509_V_ERR_IP_ADDRESS_MISMATCH 64
/* The application is not happy */
#define X509_V_ERR_APPLICATION_VERIFICATION 50
# define X509_V_ERR_APPLICATION_VERIFICATION 50
/* Certificate verify flags */
/* Send issuer+subject checks to verify_cb */
#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
# define X509_V_FLAG_CB_ISSUER_CHECK 0x1
/* Use check time instead of current time */
#define X509_V_FLAG_USE_CHECK_TIME 0x2
# define X509_V_FLAG_USE_CHECK_TIME 0x2
/* Lookup CRLs */
#define X509_V_FLAG_CRL_CHECK 0x4
# define X509_V_FLAG_CRL_CHECK 0x4
/* Lookup CRLs for whole chain */
#define X509_V_FLAG_CRL_CHECK_ALL 0x8
# define X509_V_FLAG_CRL_CHECK_ALL 0x8
/* Ignore unhandled critical extensions */
#define X509_V_FLAG_IGNORE_CRITICAL 0x10
# define X509_V_FLAG_IGNORE_CRITICAL 0x10
/* Disable workarounds for broken certificates */
#define X509_V_FLAG_X509_STRICT 0x20
# define X509_V_FLAG_X509_STRICT 0x20
/* Enable proxy certificate validation */
#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40
# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40
/* Enable policy checking */
#define X509_V_FLAG_POLICY_CHECK 0x80
# define X509_V_FLAG_POLICY_CHECK 0x80
/* Policy variable require-explicit-policy */
#define X509_V_FLAG_EXPLICIT_POLICY 0x100
# define X509_V_FLAG_EXPLICIT_POLICY 0x100
/* Policy variable inhibit-any-policy */
#define X509_V_FLAG_INHIBIT_ANY 0x200
# define X509_V_FLAG_INHIBIT_ANY 0x200
/* Policy variable inhibit-policy-mapping */
#define X509_V_FLAG_INHIBIT_MAP 0x400
# define X509_V_FLAG_INHIBIT_MAP 0x400
/* Notify callback that policy is OK */
#define X509_V_FLAG_NOTIFY_POLICY 0x800
# define X509_V_FLAG_NOTIFY_POLICY 0x800
/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
#define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000
# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000
/* Delta CRL support */
#define X509_V_FLAG_USE_DELTAS 0x2000
# define X509_V_FLAG_USE_DELTAS 0x2000
/* Check selfsigned CA signature */
#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
/* Use trusted store first */
# define X509_V_FLAG_TRUSTED_FIRST 0x8000
/* Suite B 128 bit only mode: not normally used */
# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000
/* Suite B 192 bit only mode */
# define X509_V_FLAG_SUITEB_192_LOS 0x20000
/* Suite B 128 bit mode allowing 192 bit algorithms */
# define X509_V_FLAG_SUITEB_128_LOS 0x30000
/* Allow partial chains if at least one certificate is in trusted store */
# define X509_V_FLAG_PARTIAL_CHAIN 0x80000
/*
* If the initial chain is not trusted, do not attempt to build an alternative
* chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag
* will force the behaviour to match that of previous versions.
*/
# define X509_V_FLAG_NO_ALT_CHAINS 0x100000
#define X509_VP_FLAG_DEFAULT 0x1
#define X509_VP_FLAG_OVERWRITE 0x2
#define X509_VP_FLAG_RESET_FLAGS 0x4
#define X509_VP_FLAG_LOCKED 0x8
#define X509_VP_FLAG_ONCE 0x10
# define X509_VP_FLAG_DEFAULT 0x1
# define X509_VP_FLAG_OVERWRITE 0x2
# define X509_VP_FLAG_RESET_FLAGS 0x4
# define X509_VP_FLAG_LOCKED 0x8
# define X509_VP_FLAG_ONCE 0x10
/* Internal use: mask of policy related options */
#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
| X509_V_FLAG_EXPLICIT_POLICY \
| X509_V_FLAG_INHIBIT_ANY \
| X509_V_FLAG_INHIBIT_MAP)
# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
| X509_V_FLAG_EXPLICIT_POLICY \
| X509_V_FLAG_INHIBIT_ANY \
| X509_V_FLAG_INHIBIT_MAP)
int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
X509_NAME *name);
X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
X509_NAME *name);
X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
int type, X509_NAME *name);
X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
X509_OBJECT *x);
void X509_OBJECT_up_ref_count(X509_OBJECT *a);
void X509_OBJECT_free_contents(X509_OBJECT *a);
X509_STORE *X509_STORE_new(void );
X509_STORE *X509_STORE_new(void);
void X509_STORE_free(X509_STORE *v);
STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
int X509_STORE_set_trust(X509_STORE *ctx, int trust);
int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
void X509_STORE_set_verify_cb(X509_STORE *ctx,
int (*verify_cb)(int, X509_STORE_CTX *));
int (*verify_cb) (int, X509_STORE_CTX *));
void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
*ctx,
X509_NAME *nm));
X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -428,10 +483,12 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
X509 *x509, STACK_OF(X509) *chain);
X509 *x509, STACK_OF(X509) *chain);
void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
@@ -440,64 +497,66 @@ X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
X509_OBJECT *ret);
int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
X509_OBJECT *ret);
int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
long argl, char **ret);
long argl, char **ret);
#ifndef OPENSSL_NO_STDIO
# ifndef OPENSSL_NO_STDIO
int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
#endif
# endif
X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
void X509_LOOKUP_free(X509_LOOKUP *ctx);
int X509_LOOKUP_init(X509_LOOKUP *ctx);
int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
X509_OBJECT *ret);
X509_OBJECT *ret);
int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
ASN1_INTEGER *serial, X509_OBJECT *ret);
ASN1_INTEGER *serial, X509_OBJECT *ret);
int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
unsigned char *bytes, int len, X509_OBJECT *ret);
int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
int len, X509_OBJECT *ret);
unsigned char *bytes, int len,
X509_OBJECT *ret);
int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
X509_OBJECT *ret);
int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
#ifndef OPENSSL_NO_STDIO
int X509_STORE_load_locations (X509_STORE *ctx,
const char *file, const char *dir);
int X509_STORE_set_default_paths(X509_STORE *ctx);
#endif
# ifndef OPENSSL_NO_STDIO
int X509_STORE_load_locations(X509_STORE *ctx,
const char *file, const char *dir);
int X509_STORE_set_default_paths(X509_STORE *ctx);
# endif
int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data);
void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk);
void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
void X509_STORE_CTX_set_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk);
int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
int purpose, int trust);
int purpose, int trust);
void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
time_t t);
time_t t);
void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
int (*verify_cb)(int, X509_STORE_CTX *));
int (*verify_cb) (int, X509_STORE_CTX *));
X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
@@ -510,58 +569,79 @@ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
const X509_VERIFY_PARAM *from);
int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
const X509_VERIFY_PARAM *from);
const X509_VERIFY_PARAM *from);
int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
const X509_VERIFY_PARAM *from);
int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
unsigned long flags);
int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
unsigned long flags);
unsigned long flags);
unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
ASN1_OBJECT *policy);
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
STACK_OF(ASN1_OBJECT) *policies);
ASN1_OBJECT *policy);
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
STACK_OF(ASN1_OBJECT) *policies);
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const char *name, size_t namelen);
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
const char *name, size_t namelen);
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned int flags);
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
const char *email, size_t emaillen);
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
const unsigned char *ip, size_t iplen);
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
const char *ipasc);
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_get_count(void);
const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id);
const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
void X509_VERIFY_PARAM_table_cleanup(void);
int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
STACK_OF(X509) *certs,
STACK_OF(ASN1_OBJECT) *policy_oids,
unsigned int flags);
STACK_OF(X509) *certs,
STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags);
void X509_policy_tree_free(X509_POLICY_TREE *tree);
int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
X509_POLICY_LEVEL *
X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i);
X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
int i);
STACK_OF(X509_POLICY_NODE) *
X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);
STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const
X509_POLICY_TREE
*tree);
STACK_OF(X509_POLICY_NODE) *
X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);
STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const
X509_POLICY_TREE
*tree);
int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i);
X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level,
int i);
const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
STACK_OF(POLICYQUALINFO) *
X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);
const X509_POLICY_NODE *
X509_policy_node_get0_parent(const X509_POLICY_NODE *node);
STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
X509_POLICY_NODE
*node);
const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE
*node);
#ifdef __cplusplus
}
#endif
#endif

BIN
crypto/x509/x509_vfy.o
View File

Binary file not shown.

769
crypto/x509/x509_vpm.c
View File

@@ -1,6 +1,7 @@
/* x509_vpm.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2004.
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2004.
*/
/* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -65,42 +66,139 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "vpm_int.h"
/* X509_VERIFY_PARAM functions */
#define SET_HOST 0
#define ADD_HOST 1
static char *str_copy(const char *s)
{
return OPENSSL_strdup(s);
}
static void str_free(char *s)
{
OPENSSL_free(s);
}
#define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free)
static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
const char *name, size_t namelen)
{
char *copy;
/*
* Refuse names with embedded NUL bytes, except perhaps as final byte.
* XXX: Do we need to push an error onto the error stack?
*/
if (namelen == 0)
namelen = name ? strlen(name) : 0;
else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
return 0;
if (name && name[namelen - 1] == '\0')
--namelen;
if (mode == SET_HOST && id->hosts) {
string_stack_free(id->hosts);
id->hosts = NULL;
}
if (name == NULL || namelen == 0)
return 1;
copy = BUF_strndup(name, namelen);
if (copy == NULL)
return 0;
if (id->hosts == NULL &&
(id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
OPENSSL_free(copy);
return 0;
}
if (!sk_OPENSSL_STRING_push(id->hosts, copy)) {
OPENSSL_free(copy);
if (sk_OPENSSL_STRING_num(id->hosts) == 0) {
sk_OPENSSL_STRING_free(id->hosts);
id->hosts = NULL;
}
return 0;
}
return 1;
}
static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
{
if (!param)
return;
param->name = NULL;
param->purpose = 0;
param->trust = 0;
/*param->inh_flags = X509_VP_FLAG_DEFAULT;*/
param->inh_flags = 0;
param->flags = 0;
param->depth = -1;
if (param->policies)
{
sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
param->policies = NULL;
}
}
{
X509_VERIFY_PARAM_ID *paramid;
if (!param)
return;
param->name = NULL;
param->purpose = 0;
param->trust = 0;
/*
* param->inh_flags = X509_VP_FLAG_DEFAULT;
*/
param->inh_flags = 0;
param->flags = 0;
param->depth = -1;
if (param->policies) {
sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
param->policies = NULL;
}
paramid = param->id;
if (paramid->hosts) {
string_stack_free(paramid->hosts);
paramid->hosts = NULL;
}
if (paramid->peername)
OPENSSL_free(paramid->peername);
if (paramid->email) {
OPENSSL_free(paramid->email);
paramid->email = NULL;
paramid->emaillen = 0;
}
if (paramid->ip) {
OPENSSL_free(paramid->ip);
paramid->ip = NULL;
paramid->iplen = 0;
}
}
X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
{
X509_VERIFY_PARAM *param;
param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
memset(param, 0, sizeof(X509_VERIFY_PARAM));
x509_verify_param_zero(param);
return param;
}
{
X509_VERIFY_PARAM *param;
X509_VERIFY_PARAM_ID *paramid;
param = OPENSSL_malloc(sizeof *param);
if (!param)
return NULL;
paramid = OPENSSL_malloc(sizeof *paramid);
if (!paramid) {
OPENSSL_free(param);
return NULL;
}
memset(param, 0, sizeof *param);
memset(paramid, 0, sizeof *paramid);
param->id = paramid;
x509_verify_param_zero(param);
return param;
}
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
{
x509_verify_param_zero(param);
OPENSSL_free(param);
}
{
if (param == NULL)
return;
x509_verify_param_zero(param);
OPENSSL_free(param->id);
OPENSSL_free(param);
}
/* This function determines how parameters are "inherited" from one structure
/*-
* This function determines how parameters are "inherited" from one structure
* to another. There are several different ways this can happen.
*
* 1. If a child structure needs to have its values initialized from a parent
@@ -110,7 +208,7 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
* for SSL servers or clients but only if the application has not set new
* ones.
*
* The "inh_flags" field determines how this function behaves.
* The "inh_flags" field determines how this function behaves.
*
* Normally any values which are set in the default are not copied from the
* destination and verify flags are ORed together.
@@ -134,305 +232,424 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
/* Macro to test if a field should be copied from src to dest */
#define test_x509_verify_param_copy(field, def) \
(to_overwrite || \
((src->field != def) && (to_default || (dest->field == def))))
(to_overwrite || \
((src->field != def) && (to_default || (dest->field == def))))
/* As above but for ID fields */
#define test_x509_verify_param_copy_id(idf, def) \
test_x509_verify_param_copy(id->idf, def)
/* Macro to test and copy a field if necessary */
#define x509_verify_param_copy(field, def) \
if (test_x509_verify_param_copy(field, def)) \
dest->field = src->field
if (test_x509_verify_param_copy(field, def)) \
dest->field = src->field
int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
const X509_VERIFY_PARAM *src)
{
unsigned long inh_flags;
int to_default, to_overwrite;
if (!src)
return 1;
inh_flags = dest->inh_flags | src->inh_flags;
const X509_VERIFY_PARAM *src)
{
unsigned long inh_flags;
int to_default, to_overwrite;
X509_VERIFY_PARAM_ID *id;
if (!src)
return 1;
id = src->id;
inh_flags = dest->inh_flags | src->inh_flags;
if (inh_flags & X509_VP_FLAG_ONCE)
dest->inh_flags = 0;
if (inh_flags & X509_VP_FLAG_ONCE)
dest->inh_flags = 0;
if (inh_flags & X509_VP_FLAG_LOCKED)
return 1;
if (inh_flags & X509_VP_FLAG_LOCKED)
return 1;
if (inh_flags & X509_VP_FLAG_DEFAULT)
to_default = 1;
else
to_default = 0;
if (inh_flags & X509_VP_FLAG_DEFAULT)
to_default = 1;
else
to_default = 0;
if (inh_flags & X509_VP_FLAG_OVERWRITE)
to_overwrite = 1;
else
to_overwrite = 0;
if (inh_flags & X509_VP_FLAG_OVERWRITE)
to_overwrite = 1;
else
to_overwrite = 0;
x509_verify_param_copy(purpose, 0);
x509_verify_param_copy(trust, 0);
x509_verify_param_copy(depth, -1);
x509_verify_param_copy(purpose, 0);
x509_verify_param_copy(trust, 0);
x509_verify_param_copy(depth, -1);
/* If overwrite or check time not set, copy across */
/* If overwrite or check time not set, copy across */
if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME))
{
dest->check_time = src->check_time;
dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
/* Don't need to copy flag: that is done below */
}
if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
dest->check_time = src->check_time;
dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
/* Don't need to copy flag: that is done below */
}
if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
dest->flags = 0;
if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
dest->flags = 0;
dest->flags |= src->flags;
dest->flags |= src->flags;
if (test_x509_verify_param_copy(policies, NULL))
{
if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
return 0;
}
if (test_x509_verify_param_copy(policies, NULL)) {
if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
return 0;
}
return 1;
}
/* Copy the host flags if and only if we're copying the host list */
if (test_x509_verify_param_copy_id(hosts, NULL)) {
if (dest->id->hosts) {
string_stack_free(dest->id->hosts);
dest->id->hosts = NULL;
}
if (id->hosts) {
dest->id->hosts =
sk_OPENSSL_STRING_deep_copy(id->hosts, str_copy, str_free);
if (dest->id->hosts == NULL)
return 0;
dest->id->hostflags = id->hostflags;
}
}
if (test_x509_verify_param_copy_id(email, NULL)) {
if (!X509_VERIFY_PARAM_set1_email(dest, id->email, id->emaillen))
return 0;
}
if (test_x509_verify_param_copy_id(ip, NULL)) {
if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen))
return 0;
}
return 1;
}
int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
const X509_VERIFY_PARAM *from)
{
unsigned long save_flags = to->inh_flags;
int ret;
to->inh_flags |= X509_VP_FLAG_DEFAULT;
ret = X509_VERIFY_PARAM_inherit(to, from);
to->inh_flags = save_flags;
return ret;
}
const X509_VERIFY_PARAM *from)
{
unsigned long save_flags = to->inh_flags;
int ret;
to->inh_flags |= X509_VP_FLAG_DEFAULT;
ret = X509_VERIFY_PARAM_inherit(to, from);
to->inh_flags = save_flags;
return ret;
}
static int int_x509_param_set1(char **pdest, size_t *pdestlen,
const char *src, size_t srclen)
{
void *tmp;
if (src) {
if (srclen == 0) {
tmp = BUF_strdup(src);
srclen = strlen(src);
} else
tmp = BUF_memdup(src, srclen);
if (!tmp)
return 0;
} else {
tmp = NULL;
srclen = 0;
}
if (*pdest)
OPENSSL_free(*pdest);
*pdest = tmp;
if (pdestlen)
*pdestlen = srclen;
return 1;
}
int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
{
if (param->name)
OPENSSL_free(param->name);
param->name = BUF_strdup(name);
if (param->name)
return 1;
return 0;
}
{
if (param->name)
OPENSSL_free(param->name);
param->name = BUF_strdup(name);
if (param->name)
return 1;
return 0;
}
int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
{
param->flags |= flags;
if (flags & X509_V_FLAG_POLICY_MASK)
param->flags |= X509_V_FLAG_POLICY_CHECK;
return 1;
}
{
param->flags |= flags;
if (flags & X509_V_FLAG_POLICY_MASK)
param->flags |= X509_V_FLAG_POLICY_CHECK;
return 1;
}
int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags)
{
param->flags &= ~flags;
return 1;
}
int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
unsigned long flags)
{
param->flags &= ~flags;
return 1;
}
unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
{
return param->flags;
}
{
return param->flags;
}
int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
{
return X509_PURPOSE_set(&param->purpose, purpose);
}
{
return X509_PURPOSE_set(&param->purpose, purpose);
}
int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
{
return X509_TRUST_set(&param->trust, trust);
}
{
return X509_TRUST_set(&param->trust, trust);
}
void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
{
param->depth = depth;
}
{
param->depth = depth;
}
void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
{
param->check_time = t;
param->flags |= X509_V_FLAG_USE_CHECK_TIME;
}
{
param->check_time = t;
param->flags |= X509_V_FLAG_USE_CHECK_TIME;
}
int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy)
{
if (!param->policies)
{
param->policies = sk_ASN1_OBJECT_new_null();
if (!param->policies)
return 0;
}
if (!sk_ASN1_OBJECT_push(param->policies, policy))
return 0;
return 1;
}
int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
ASN1_OBJECT *policy)
{
if (!param->policies) {
param->policies = sk_ASN1_OBJECT_new_null();
if (!param->policies)
return 0;
}
if (!sk_ASN1_OBJECT_push(param->policies, policy))
return 0;
return 1;
}
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
STACK_OF(ASN1_OBJECT) *policies)
{
int i;
ASN1_OBJECT *oid, *doid;
if (!param)
return 0;
if (param->policies)
sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
STACK_OF(ASN1_OBJECT) *policies)
{
int i;
ASN1_OBJECT *oid, *doid;
if (!param)
return 0;
if (param->policies)
sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
if (!policies)
{
param->policies = NULL;
return 1;
}
if (!policies) {
param->policies = NULL;
return 1;
}
param->policies = sk_ASN1_OBJECT_new_null();
if (!param->policies)
return 0;
param->policies = sk_ASN1_OBJECT_new_null();
if (!param->policies)
return 0;
for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++)
{
oid = sk_ASN1_OBJECT_value(policies, i);
doid = OBJ_dup(oid);
if (!doid)
return 0;
if (!sk_ASN1_OBJECT_push(param->policies, doid))
{
ASN1_OBJECT_free(doid);
return 0;
}
}
param->flags |= X509_V_FLAG_POLICY_CHECK;
return 1;
}
for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
oid = sk_ASN1_OBJECT_value(policies, i);
doid = OBJ_dup(oid);
if (!doid)
return 0;
if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
ASN1_OBJECT_free(doid);
return 0;
}
}
param->flags |= X509_V_FLAG_POLICY_CHECK;
return 1;
}
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const char *name, size_t namelen)
{
return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen);
}
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
const char *name, size_t namelen)
{
return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen);
}
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned int flags)
{
param->id->hostflags = flags;
}
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
{
return param->id->peername;
}
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
const char *email, size_t emaillen)
{
return int_x509_param_set1(&param->id->email, &param->id->emaillen,
email, emaillen);
}
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
const unsigned char *ip, size_t iplen)
{
if (iplen != 0 && iplen != 4 && iplen != 16)
return 0;
return int_x509_param_set1((char **)&param->id->ip, &param->id->iplen,
(char *)ip, iplen);
}
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
{
unsigned char ipout[16];
size_t iplen;
iplen = (size_t)a2i_ipadd(ipout, ipasc);
if (iplen == 0)
return 0;
return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
}
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
{
return param->depth;
}
{
return param->depth;
}
/* Default verify parameters: these are used for various
* applications and can be overridden by the user specified table.
* NB: the 'name' field *must* be in alphabetical order because it
* will be searched using OBJ_search.
const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
{
return param->name;
}
static X509_VERIFY_PARAM_ID _empty_id = { NULL, 0U, NULL, NULL, 0, NULL, 0 };
#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id
/*
* Default verify parameters: these are used for various applications and can
* be overridden by the user specified table. NB: the 'name' field *must* be
* in alphabetical order because it will be searched using OBJ_search.
*/
static const X509_VERIFY_PARAM default_table[] = {
{
"default", /* X509 default parameters */
0, /* Check time */
0, /* internal flags */
0, /* flags */
0, /* purpose */
0, /* trust */
100, /* depth */
NULL /* policies */
},
{
"pkcs7", /* S/MIME sign parameters */
0, /* Check time */
0, /* internal flags */
0, /* flags */
X509_PURPOSE_SMIME_SIGN, /* purpose */
X509_TRUST_EMAIL, /* trust */
-1, /* depth */
NULL /* policies */
},
{
"smime_sign", /* S/MIME sign parameters */
0, /* Check time */
0, /* internal flags */
0, /* flags */
X509_PURPOSE_SMIME_SIGN, /* purpose */
X509_TRUST_EMAIL, /* trust */
-1, /* depth */
NULL /* policies */
},
{
"ssl_client", /* SSL/TLS client parameters */
0, /* Check time */
0, /* internal flags */
0, /* flags */
X509_PURPOSE_SSL_CLIENT, /* purpose */
X509_TRUST_SSL_CLIENT, /* trust */
-1, /* depth */
NULL /* policies */
},
{
"ssl_server", /* SSL/TLS server parameters */
0, /* Check time */
0, /* internal flags */
0, /* flags */
X509_PURPOSE_SSL_SERVER, /* purpose */
X509_TRUST_SSL_SERVER, /* trust */
-1, /* depth */
NULL /* policies */
}};
{
"default", /* X509 default parameters */
0, /* Check time */
0, /* internal flags */
0, /* flags */
0, /* purpose */
0, /* trust */
100, /* depth */
NULL, /* policies */
vpm_empty_id},
{
"pkcs7", /* S/MIME sign parameters */
0, /* Check time */
0, /* internal flags */
0, /* flags */
X509_PURPOSE_SMIME_SIGN, /* purpose */
X509_TRUST_EMAIL, /* trust */
-1, /* depth */
NULL, /* policies */
vpm_empty_id},
{
"smime_sign", /* S/MIME sign parameters */
0, /* Check time */
0, /* internal flags */
0, /* flags */
X509_PURPOSE_SMIME_SIGN, /* purpose */
X509_TRUST_EMAIL, /* trust */
-1, /* depth */
NULL, /* policies */
vpm_empty_id},
{
"ssl_client", /* SSL/TLS client parameters */
0, /* Check time */
0, /* internal flags */
0, /* flags */
X509_PURPOSE_SSL_CLIENT, /* purpose */
X509_TRUST_SSL_CLIENT, /* trust */
-1, /* depth */
NULL, /* policies */
vpm_empty_id},
{
"ssl_server", /* SSL/TLS server parameters */
0, /* Check time */
0, /* internal flags */
0, /* flags */
X509_PURPOSE_SSL_SERVER, /* purpose */
X509_TRUST_SSL_SERVER, /* trust */
-1, /* depth */
NULL, /* policies */
vpm_empty_id}
};
static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
{
return strcmp(a->name, b->name);
}
{
return strcmp(a->name, b->name);
}
DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM,
table);
IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM,
table);
static int param_cmp(const X509_VERIFY_PARAM * const *a,
const X509_VERIFY_PARAM * const *b)
{
return strcmp((*a)->name, (*b)->name);
}
static int param_cmp(const X509_VERIFY_PARAM *const *a,
const X509_VERIFY_PARAM *const *b)
{
return strcmp((*a)->name, (*b)->name);
}
int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
{
int idx;
X509_VERIFY_PARAM *ptmp;
if (!param_table)
{
param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
if (!param_table)
return 0;
}
else
{
idx = sk_X509_VERIFY_PARAM_find(param_table, param);
if (idx != -1)
{
ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
X509_VERIFY_PARAM_free(ptmp);
(void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
}
}
if (!sk_X509_VERIFY_PARAM_push(param_table, param))
return 0;
return 1;
}
{
int idx;
X509_VERIFY_PARAM *ptmp;
if (!param_table) {
param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
if (!param_table)
return 0;
} else {
idx = sk_X509_VERIFY_PARAM_find(param_table, param);
if (idx != -1) {
ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
X509_VERIFY_PARAM_free(ptmp);
(void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
}
}
if (!sk_X509_VERIFY_PARAM_push(param_table, param))
return 0;
return 1;
}
int X509_VERIFY_PARAM_get_count(void)
{
int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
if (param_table)
num += sk_X509_VERIFY_PARAM_num(param_table);
return num;
}
const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
{
int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
if (id < num)
return default_table + id;
return sk_X509_VERIFY_PARAM_value(param_table, id - num);
}
const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
{
int idx;
X509_VERIFY_PARAM pm;
{
int idx;
X509_VERIFY_PARAM pm;
pm.name = (char *)name;
if (param_table)
{
idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
if (idx != -1)
return sk_X509_VERIFY_PARAM_value(param_table, idx);
}
return OBJ_bsearch_table(&pm, default_table,
sizeof(default_table)/sizeof(X509_VERIFY_PARAM));
}
pm.name = (char *)name;
if (param_table) {
idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
if (idx != -1)
return sk_X509_VERIFY_PARAM_value(param_table, idx);
}
return OBJ_bsearch_table(&pm, default_table,
sizeof(default_table) /
sizeof(X509_VERIFY_PARAM));
}
void X509_VERIFY_PARAM_table_cleanup(void)
{
if (param_table)
sk_X509_VERIFY_PARAM_pop_free(param_table,
X509_VERIFY_PARAM_free);
param_table = NULL;
}
{
if (param_table)
sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
param_table = NULL;
}

BIN
crypto/x509/x509_vpm.o
View File

Binary file not shown.

179
crypto/x509/x509cset.c
View File

@@ -1,6 +1,7 @@
/* crypto/x509/x509cset.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2001.
*/
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -64,107 +65,103 @@
#include <openssl/x509.h>
int X509_CRL_set_version(X509_CRL *x, long version)
{
if (x == NULL) return(0);
if (x->crl->version == NULL)
{
if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
return(0);
}
return(ASN1_INTEGER_set(x->crl->version,version));
}
{
if (x == NULL)
return (0);
if (x->crl->version == NULL) {
if ((x->crl->version = M_ASN1_INTEGER_new()) == NULL)
return (0);
}
return (ASN1_INTEGER_set(x->crl->version, version));
}
int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
{
if ((x == NULL) || (x->crl == NULL)) return(0);
return(X509_NAME_set(&x->crl->issuer,name));
}
{
if ((x == NULL) || (x->crl == NULL))
return (0);
return (X509_NAME_set(&x->crl->issuer, name));
}
int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
{
ASN1_TIME *in;
{
ASN1_TIME *in;
if (x == NULL) return(0);
in=x->crl->lastUpdate;
if (in != tm)
{
in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
M_ASN1_TIME_free(x->crl->lastUpdate);
x->crl->lastUpdate=in;
}
}
return(in != NULL);
}
if (x == NULL)
return (0);
in = x->crl->lastUpdate;
if (in != tm) {
in = M_ASN1_TIME_dup(tm);
if (in != NULL) {
M_ASN1_TIME_free(x->crl->lastUpdate);
x->crl->lastUpdate = in;
}
}
return (in != NULL);
}
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
{
ASN1_TIME *in;
{
ASN1_TIME *in;
if (x == NULL) return(0);
in=x->crl->nextUpdate;
if (in != tm)
{
in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
M_ASN1_TIME_free(x->crl->nextUpdate);
x->crl->nextUpdate=in;
}
}
return(in != NULL);
}
if (x == NULL)
return (0);
in = x->crl->nextUpdate;
if (in != tm) {
in = M_ASN1_TIME_dup(tm);
if (in != NULL) {
M_ASN1_TIME_free(x->crl->nextUpdate);
x->crl->nextUpdate = in;
}
}
return (in != NULL);
}
int X509_CRL_sort(X509_CRL *c)
{
int i;
X509_REVOKED *r;
/* sort the data so it will be written in serial
* number order */
sk_X509_REVOKED_sort(c->crl->revoked);
for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
{
r=sk_X509_REVOKED_value(c->crl->revoked,i);
r->sequence=i;
}
c->crl->enc.modified = 1;
return 1;
}
{
int i;
X509_REVOKED *r;
/*
* sort the data so it will be written in serial number order
*/
sk_X509_REVOKED_sort(c->crl->revoked);
for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) {
r = sk_X509_REVOKED_value(c->crl->revoked, i);
r->sequence = i;
}
c->crl->enc.modified = 1;
return 1;
}
int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
{
ASN1_TIME *in;
{
ASN1_TIME *in;
if (x == NULL) return(0);
in=x->revocationDate;
if (in != tm)
{
in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
M_ASN1_TIME_free(x->revocationDate);
x->revocationDate=in;
}
}
return(in != NULL);
}
if (x == NULL)
return (0);
in = x->revocationDate;
if (in != tm) {
in = M_ASN1_TIME_dup(tm);
if (in != NULL) {
M_ASN1_TIME_free(x->revocationDate);
x->revocationDate = in;
}
}
return (in != NULL);
}
int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
{
ASN1_INTEGER *in;
{
ASN1_INTEGER *in;
if (x == NULL) return(0);
in=x->serialNumber;
if (in != serial)
{
in=M_ASN1_INTEGER_dup(serial);
if (in != NULL)
{
M_ASN1_INTEGER_free(x->serialNumber);
x->serialNumber=in;
}
}
return(in != NULL);
}
if (x == NULL)
return (0);
in = x->serialNumber;
if (in != serial) {
in = M_ASN1_INTEGER_dup(serial);
if (in != NULL) {
M_ASN1_INTEGER_free(x->serialNumber);
x->serialNumber = in;
}
}
return (in != NULL);
}

BIN
crypto/x509/x509cset.o
View File

Binary file not shown.

544
crypto/x509/x509name.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -65,319 +65,333 @@
#include <openssl/x509.h>
int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
{
ASN1_OBJECT *obj;
{
ASN1_OBJECT *obj;
obj=OBJ_nid2obj(nid);
if (obj == NULL) return(-1);
return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
}
obj = OBJ_nid2obj(nid);
if (obj == NULL)
return (-1);
return (X509_NAME_get_text_by_OBJ(name, obj, buf, len));
}
int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
int len)
{
int i;
ASN1_STRING *data;
int len)
{
int i;
ASN1_STRING *data;
i=X509_NAME_get_index_by_OBJ(name,obj,-1);
if (i < 0) return(-1);
data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
i=(data->length > (len-1))?(len-1):data->length;
if (buf == NULL) return(data->length);
memcpy(buf,data->data,i);
buf[i]='\0';
return(i);
}
i = X509_NAME_get_index_by_OBJ(name, obj, -1);
if (i < 0)
return (-1);
data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
i = (data->length > (len - 1)) ? (len - 1) : data->length;
if (buf == NULL)
return (data->length);
memcpy(buf, data->data, i);
buf[i] = '\0';
return (i);
}
int X509_NAME_entry_count(X509_NAME *name)
{
if (name == NULL) return(0);
return(sk_X509_NAME_ENTRY_num(name->entries));
}
{
if (name == NULL)
return (0);
return (sk_X509_NAME_ENTRY_num(name->entries));
}
int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
{
ASN1_OBJECT *obj;
{
ASN1_OBJECT *obj;
obj=OBJ_nid2obj(nid);
if (obj == NULL) return(-2);
return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
}
obj = OBJ_nid2obj(nid);
if (obj == NULL)
return (-2);
return (X509_NAME_get_index_by_OBJ(name, obj, lastpos));
}
/* NOTE: you should be passsing -1, not 0 as lastpos */
int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
int lastpos)
{
int n;
X509_NAME_ENTRY *ne;
STACK_OF(X509_NAME_ENTRY) *sk;
int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos)
{
int n;
X509_NAME_ENTRY *ne;
STACK_OF(X509_NAME_ENTRY) *sk;
if (name == NULL) return(-1);
if (lastpos < 0)
lastpos= -1;
sk=name->entries;
n=sk_X509_NAME_ENTRY_num(sk);
for (lastpos++; lastpos < n; lastpos++)
{
ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
if (OBJ_cmp(ne->object,obj) == 0)
return(lastpos);
}
return(-1);
}
if (name == NULL)
return (-1);
if (lastpos < 0)
lastpos = -1;
sk = name->entries;
n = sk_X509_NAME_ENTRY_num(sk);
for (lastpos++; lastpos < n; lastpos++) {
ne = sk_X509_NAME_ENTRY_value(sk, lastpos);
if (OBJ_cmp(ne->object, obj) == 0)
return (lastpos);
}
return (-1);
}
X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
{
if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
|| loc < 0)
return(NULL);
else
return(sk_X509_NAME_ENTRY_value(name->entries,loc));
}
{
if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
|| loc < 0)
return (NULL);
else
return (sk_X509_NAME_ENTRY_value(name->entries, loc));
}
X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
{
X509_NAME_ENTRY *ret;
int i,n,set_prev,set_next;
STACK_OF(X509_NAME_ENTRY) *sk;
{
X509_NAME_ENTRY *ret;
int i, n, set_prev, set_next;
STACK_OF(X509_NAME_ENTRY) *sk;
if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
|| loc < 0)
return(NULL);
sk=name->entries;
ret=sk_X509_NAME_ENTRY_delete(sk,loc);
n=sk_X509_NAME_ENTRY_num(sk);
name->modified=1;
if (loc == n) return(ret);
if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
|| loc < 0)
return (NULL);
sk = name->entries;
ret = sk_X509_NAME_ENTRY_delete(sk, loc);
n = sk_X509_NAME_ENTRY_num(sk);
name->modified = 1;
if (loc == n)
return (ret);
/* else we need to fixup the set field */
if (loc != 0)
set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
else
set_prev=ret->set-1;
set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
/* else we need to fixup the set field */
if (loc != 0)
set_prev = (sk_X509_NAME_ENTRY_value(sk, loc - 1))->set;
else
set_prev = ret->set - 1;
set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set;
/* set_prev is the previous set
* set is the current set
* set_next is the following
* prev 1 1 1 1 1 1 1 1
* set 1 1 2 2
* next 1 1 2 2 2 2 3 2
* so basically only if prev and next differ by 2, then
* re-number down by 1 */
if (set_prev+1 < set_next)
for (i=loc; i<n; i++)
sk_X509_NAME_ENTRY_value(sk,i)->set--;
return(ret);
}
/*-
* set_prev is the previous set
* set is the current set
* set_next is the following
* prev 1 1 1 1 1 1 1 1
* set 1 1 2 2
* next 1 1 2 2 2 2 3 2
* so basically only if prev and next differ by 2, then
* re-number down by 1
*/
if (set_prev + 1 < set_next)
for (i = loc; i < n; i++)
sk_X509_NAME_ENTRY_value(sk, i)->set--;
return (ret);
}
int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
unsigned char *bytes, int len, int loc, int set)
unsigned char *bytes, int len, int loc,
int set)
{
X509_NAME_ENTRY *ne;
int ret;
ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
if(!ne) return 0;
ret = X509_NAME_add_entry(name, ne, loc, set);
X509_NAME_ENTRY_free(ne);
return ret;
X509_NAME_ENTRY *ne;
int ret;
ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
if (!ne)
return 0;
ret = X509_NAME_add_entry(name, ne, loc, set);
X509_NAME_ENTRY_free(ne);
return ret;
}
int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
unsigned char *bytes, int len, int loc, int set)
unsigned char *bytes, int len, int loc,
int set)
{
X509_NAME_ENTRY *ne;
int ret;
ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
if(!ne) return 0;
ret = X509_NAME_add_entry(name, ne, loc, set);
X509_NAME_ENTRY_free(ne);
return ret;
X509_NAME_ENTRY *ne;
int ret;
ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
if (!ne)
return 0;
ret = X509_NAME_add_entry(name, ne, loc, set);
X509_NAME_ENTRY_free(ne);
return ret;
}
int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
const unsigned char *bytes, int len, int loc, int set)
const unsigned char *bytes, int len, int loc,
int set)
{
X509_NAME_ENTRY *ne;
int ret;
ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
if(!ne) return 0;
ret = X509_NAME_add_entry(name, ne, loc, set);
X509_NAME_ENTRY_free(ne);
return ret;
X509_NAME_ENTRY *ne;
int ret;
ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
if (!ne)
return 0;
ret = X509_NAME_add_entry(name, ne, loc, set);
X509_NAME_ENTRY_free(ne);
return ret;
}
/* if set is -1, append to previous set, 0 'a new one', and 1,
* prepend to the guy we are about to stomp on. */
/*
* if set is -1, append to previous set, 0 'a new one', and 1, prepend to the
* guy we are about to stomp on.
*/
int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
int set)
{
X509_NAME_ENTRY *new_name=NULL;
int n,i,inc;
STACK_OF(X509_NAME_ENTRY) *sk;
int set)
{
X509_NAME_ENTRY *new_name = NULL;
int n, i, inc;
STACK_OF(X509_NAME_ENTRY) *sk;
if (name == NULL) return(0);
sk=name->entries;
n=sk_X509_NAME_ENTRY_num(sk);
if (loc > n) loc=n;
else if (loc < 0) loc=n;
if (name == NULL)
return (0);
sk = name->entries;
n = sk_X509_NAME_ENTRY_num(sk);
if (loc > n)
loc = n;
else if (loc < 0)
loc = n;
name->modified=1;
name->modified = 1;
if (set == -1)
{
if (loc == 0)
{
set=0;
inc=1;
}
else
{
set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
inc=0;
}
}
else /* if (set >= 0) */
{
if (loc >= n)
{
if (loc != 0)
set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
else
set=0;
}
else
set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
inc=(set == 0)?1:0;
}
if (set == -1) {
if (loc == 0) {
set = 0;
inc = 1;
} else {
set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set;
inc = 0;
}
} else { /* if (set >= 0) */
if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
goto err;
new_name->set=set;
if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
{
X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
goto err;
}
if (inc)
{
n=sk_X509_NAME_ENTRY_num(sk);
for (i=loc+1; i<n; i++)
sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
}
return(1);
err:
if (new_name != NULL)
X509_NAME_ENTRY_free(new_name);
return(0);
}
if (loc >= n) {
if (loc != 0)
set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1;
else
set = 0;
} else
set = sk_X509_NAME_ENTRY_value(sk, loc)->set;
inc = (set == 0) ? 1 : 0;
}
if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL)
goto err;
new_name->set = set;
if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
X509err(X509_F_X509_NAME_ADD_ENTRY, ERR_R_MALLOC_FAILURE);
goto err;
}
if (inc) {
n = sk_X509_NAME_ENTRY_num(sk);
for (i = loc + 1; i < n; i++)
sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1;
}
return (1);
err:
if (new_name != NULL)
X509_NAME_ENTRY_free(new_name);
return (0);
}
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
const char *field, int type, const unsigned char *bytes, int len)
{
ASN1_OBJECT *obj;
X509_NAME_ENTRY *nentry;
const char *field, int type,
const unsigned char *bytes,
int len)
{
ASN1_OBJECT *obj;
X509_NAME_ENTRY *nentry;
obj=OBJ_txt2obj(field, 0);
if (obj == NULL)
{
X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
X509_R_INVALID_FIELD_NAME);
ERR_add_error_data(2, "name=", field);
return(NULL);
}
nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
ASN1_OBJECT_free(obj);
return nentry;
}
obj = OBJ_txt2obj(field, 0);
if (obj == NULL) {
X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
X509_R_INVALID_FIELD_NAME);
ERR_add_error_data(2, "name=", field);
return (NULL);
}
nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
ASN1_OBJECT_free(obj);
return nentry;
}
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
int type, unsigned char *bytes, int len)
{
ASN1_OBJECT *obj;
X509_NAME_ENTRY *nentry;
int type, unsigned char *bytes,
int len)
{
ASN1_OBJECT *obj;
X509_NAME_ENTRY *nentry;
obj=OBJ_nid2obj(nid);
if (obj == NULL)
{
X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
return(NULL);
}
nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
ASN1_OBJECT_free(obj);
return nentry;
}
obj = OBJ_nid2obj(nid);
if (obj == NULL) {
X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID, X509_R_UNKNOWN_NID);
return (NULL);
}
nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
ASN1_OBJECT_free(obj);
return nentry;
}
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len)
{
X509_NAME_ENTRY *ret;
ASN1_OBJECT *obj, int type,
const unsigned char *bytes,
int len)
{
X509_NAME_ENTRY *ret;
if ((ne == NULL) || (*ne == NULL))
{
if ((ret=X509_NAME_ENTRY_new()) == NULL)
return(NULL);
}
else
ret= *ne;
if ((ne == NULL) || (*ne == NULL)) {
if ((ret = X509_NAME_ENTRY_new()) == NULL)
return (NULL);
} else
ret = *ne;
if (!X509_NAME_ENTRY_set_object(ret,obj))
goto err;
if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
goto err;
if (!X509_NAME_ENTRY_set_object(ret, obj))
goto err;
if (!X509_NAME_ENTRY_set_data(ret, type, bytes, len))
goto err;
if ((ne != NULL) && (*ne == NULL)) *ne=ret;
return(ret);
err:
if ((ne == NULL) || (ret != *ne))
X509_NAME_ENTRY_free(ret);
return(NULL);
}
if ((ne != NULL) && (*ne == NULL))
*ne = ret;
return (ret);
err:
if ((ne == NULL) || (ret != *ne))
X509_NAME_ENTRY_free(ret);
return (NULL);
}
int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
{
if ((ne == NULL) || (obj == NULL))
{
X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
return(0);
}
ASN1_OBJECT_free(ne->object);
ne->object=OBJ_dup(obj);
return((ne->object == NULL)?0:1);
}
{
if ((ne == NULL) || (obj == NULL)) {
X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,
ERR_R_PASSED_NULL_PARAMETER);
return (0);
}
ASN1_OBJECT_free(ne->object);
ne->object = OBJ_dup(obj);
return ((ne->object == NULL) ? 0 : 1);
}
int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
const unsigned char *bytes, int len)
{
int i;
const unsigned char *bytes, int len)
{
int i;
if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
if((type > 0) && (type & MBSTRING_FLAG))
return ASN1_STRING_set_by_NID(&ne->value, bytes,
len, type,
OBJ_obj2nid(ne->object)) ? 1 : 0;
if (len < 0) len=strlen((const char *)bytes);
i=ASN1_STRING_set(ne->value,bytes,len);
if (!i) return(0);
if (type != V_ASN1_UNDEF)
{
if (type == V_ASN1_APP_CHOOSE)
ne->value->type=ASN1_PRINTABLE_type(bytes,len);
else
ne->value->type=type;
}
return(1);
}
if ((ne == NULL) || ((bytes == NULL) && (len != 0)))
return (0);
if ((type > 0) && (type & MBSTRING_FLAG))
return ASN1_STRING_set_by_NID(&ne->value, bytes,
len, type,
OBJ_obj2nid(ne->object)) ? 1 : 0;
if (len < 0)
len = strlen((const char *)bytes);
i = ASN1_STRING_set(ne->value, bytes, len);
if (!i)
return (0);
if (type != V_ASN1_UNDEF) {
if (type == V_ASN1_APP_CHOOSE)
ne->value->type = ASN1_PRINTABLE_type(bytes, len);
else
ne->value->type = type;
}
return (1);
}
ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
{
if (ne == NULL) return(NULL);
return(ne->object);
}
{
if (ne == NULL)
return (NULL);
return (ne->object);
}
ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
{
if (ne == NULL) return(NULL);
return(ne->value);
}
{
if (ne == NULL)
return (NULL);
return (ne->value);
}

BIN
crypto/x509/x509name.o
View File

Binary file not shown.

40
crypto/x509/x509rset.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -64,20 +64,22 @@
#include <openssl/x509.h>
int X509_REQ_set_version(X509_REQ *x, long version)
{
if (x == NULL) return(0);
return(ASN1_INTEGER_set(x->req_info->version,version));
}
{
if (x == NULL)
return (0);
return (ASN1_INTEGER_set(x->req_info->version, version));
}
int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
{
if ((x == NULL) || (x->req_info == NULL)) return(0);
return(X509_NAME_set(&x->req_info->subject,name));
}
{
if ((x == NULL) || (x->req_info == NULL))
return (0);
return (X509_NAME_set(&x->req_info->subject, name));
}
int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
{
if ((x == NULL) || (x->req_info == NULL)) return(0);
return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
}
{
if ((x == NULL) || (x->req_info == NULL))
return (0);
return (X509_PUBKEY_set(&x->req_info->pubkey, pkey));
}

BIN
crypto/x509/x509rset.o
View File

Binary file not shown.

92
crypto/x509/x509spki.c
View File

@@ -1,6 +1,7 @@
/* x509spki.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -62,60 +63,61 @@
int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
{
if ((x == NULL) || (x->spkac == NULL)) return(0);
return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
if ((x == NULL) || (x->spkac == NULL))
return (0);
return (X509_PUBKEY_set(&(x->spkac->pubkey), pkey));
}
EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
{
if ((x == NULL) || (x->spkac == NULL))
return(NULL);
return(X509_PUBKEY_get(x->spkac->pubkey));
if ((x == NULL) || (x->spkac == NULL))
return (NULL);
return (X509_PUBKEY_get(x->spkac->pubkey));
}
/* Load a Netscape SPKI from a base64 encoded string */
NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len)
{
unsigned char *spki_der;
const unsigned char *p;
int spki_len;
NETSCAPE_SPKI *spki;
if(len <= 0) len = strlen(str);
if (!(spki_der = OPENSSL_malloc(len + 1))) {
X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
return NULL;
}
spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
if(spki_len < 0) {
X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
X509_R_BASE64_DECODE_ERROR);
OPENSSL_free(spki_der);
return NULL;
}
p = spki_der;
spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
OPENSSL_free(spki_der);
return spki;
unsigned char *spki_der;
const unsigned char *p;
int spki_len;
NETSCAPE_SPKI *spki;
if (len <= 0)
len = strlen(str);
if (!(spki_der = OPENSSL_malloc(len + 1))) {
X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
return NULL;
}
spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
if (spki_len < 0) {
X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, X509_R_BASE64_DECODE_ERROR);
OPENSSL_free(spki_der);
return NULL;
}
p = spki_der;
spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
OPENSSL_free(spki_der);
return spki;
}
/* Generate a base64 encoded string from an SPKI */
char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
{
unsigned char *der_spki, *p;
char *b64_str;
int der_len;
der_len = i2d_NETSCAPE_SPKI(spki, NULL);
der_spki = OPENSSL_malloc(der_len);
b64_str = OPENSSL_malloc(der_len * 2);
if(!der_spki || !b64_str) {
X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
return NULL;
}
p = der_spki;
i2d_NETSCAPE_SPKI(spki, &p);
EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
OPENSSL_free(der_spki);
return b64_str;
unsigned char *der_spki, *p;
char *b64_str;
int der_len;
der_len = i2d_NETSCAPE_SPKI(spki, NULL);
der_spki = OPENSSL_malloc(der_len);
b64_str = OPENSSL_malloc(der_len * 2);
if (!der_spki || !b64_str) {
X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
return NULL;
}
p = der_spki;
i2d_NETSCAPE_SPKI(spki, &p);
EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
OPENSSL_free(der_spki);
return b64_str;
}

BIN
crypto/x509/x509spki.o
View File

Binary file not shown.

120
crypto/x509/x509type.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -63,63 +63,65 @@
#include <openssl/x509.h>
int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
{
EVP_PKEY *pk;
int ret=0,i;
{
EVP_PKEY *pk;
int ret = 0, i;
if (x == NULL) return(0);
if (x == NULL)
return (0);
if (pkey == NULL)
pk=X509_get_pubkey(x);
else
pk=pkey;
if (pkey == NULL)
pk = X509_get_pubkey(x);
else
pk = pkey;
if (pk == NULL) return(0);
if (pk == NULL)
return (0);
switch (pk->type)
{
case EVP_PKEY_RSA:
ret=EVP_PK_RSA|EVP_PKT_SIGN;
/* if (!sign only extension) */
ret|=EVP_PKT_ENC;
break;
case EVP_PKEY_DSA:
ret=EVP_PK_DSA|EVP_PKT_SIGN;
break;
case EVP_PKEY_EC:
ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH;
break;
case EVP_PKEY_DH:
ret=EVP_PK_DH|EVP_PKT_EXCH;
break;
case NID_id_GostR3410_94:
case NID_id_GostR3410_2001:
ret=EVP_PKT_EXCH|EVP_PKT_SIGN;
break;
default:
break;
}
switch (pk->type) {
case EVP_PKEY_RSA:
ret = EVP_PK_RSA | EVP_PKT_SIGN;
/* if (!sign only extension) */
ret |= EVP_PKT_ENC;
break;
case EVP_PKEY_DSA:
ret = EVP_PK_DSA | EVP_PKT_SIGN;
break;
case EVP_PKEY_EC:
ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
break;
case EVP_PKEY_DH:
ret = EVP_PK_DH | EVP_PKT_EXCH;
break;
case NID_id_GostR3410_94:
case NID_id_GostR3410_2001:
ret = EVP_PKT_EXCH | EVP_PKT_SIGN;
break;
default:
break;
}
i=X509_get_signature_type(x);
switch (i)
{
case EVP_PKEY_RSA:
ret|=EVP_PKS_RSA;
break;
case EVP_PKEY_DSA:
ret|=EVP_PKS_DSA;
break;
case EVP_PKEY_EC:
ret|=EVP_PKS_EC;
break;
default:
break;
}
i = OBJ_obj2nid(x->sig_alg->algorithm);
if (i && OBJ_find_sigid_algs(i, NULL, &i)) {
if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
for, not bytes */
ret|=EVP_PKT_EXP;
if(pkey==NULL) EVP_PKEY_free(pk);
return(ret);
}
switch (i) {
case NID_rsaEncryption:
case NID_rsa:
ret |= EVP_PKS_RSA;
break;
case NID_dsa:
case NID_dsa_2:
ret |= EVP_PKS_DSA;
break;
case NID_X9_62_id_ecPublicKey:
ret |= EVP_PKS_EC;
break;
default:
break;
}
}
if (pkey == NULL)
EVP_PKEY_free(pk);
return (ret);
}

BIN
crypto/x509/x509type.o
View File

Binary file not shown.

618
crypto/x509/x_all.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -63,454 +63,496 @@
#include <openssl/asn1.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/ocsp.h>
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
# include <openssl/dsa.h>
#endif
int X509_verify(X509 *a, EVP_PKEY *r)
{
return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
a->signature,a->cert_info,r));
}
{
if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
return 0;
return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg,
a->signature, a->cert_info, r));
}
int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
{
return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
a->sig_alg,a->signature,a->req_info,r));
}
{
return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
a->sig_alg, a->signature, a->req_info, r));
}
int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
{
return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
a->sig_algor,a->signature,a->spkac,r));
}
{
return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
a->sig_algor, a->signature, a->spkac, r));
}
int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
{
x->cert_info->enc.modified = 1;
return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
x->sig_alg, x->signature, x->cert_info,pkey,md));
}
{
x->cert_info->enc.modified = 1;
return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
x->sig_alg, x->signature, x->cert_info, pkey, md));
}
int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
{
x->cert_info->enc.modified = 1;
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
x->cert_info->signature,
x->sig_alg, x->signature, x->cert_info, ctx);
}
int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
{
return OCSP_REQ_CTX_nbio_d2i(rctx,
(ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509));
}
int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
{
return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
x->signature, x->req_info,pkey,md));
}
{
return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL,
x->signature, x->req_info, pkey, md));
}
int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
{
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
x->sig_alg, NULL, x->signature, x->req_info,
ctx);
}
int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
{
x->crl->enc.modified = 1;
return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
x->sig_alg, x->signature, x->crl,pkey,md));
}
{
x->crl->enc.modified = 1;
return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg,
x->sig_alg, x->signature, x->crl, pkey, md));
}
int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
{
x->crl->enc.modified = 1;
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
x->crl->sig_alg, x->sig_alg, x->signature,
x->crl, ctx);
}
int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl)
{
return OCSP_REQ_CTX_nbio_d2i(rctx,
(ASN1_VALUE **)pcrl,
ASN1_ITEM_rptr(X509_CRL));
}
int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
{
return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
x->signature, x->spkac,pkey,md));
}
{
return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL,
x->signature, x->spkac, pkey, md));
}
#ifndef OPENSSL_NO_FP_API
X509 *d2i_X509_fp(FILE *fp, X509 **x509)
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
}
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
}
int i2d_X509_fp(FILE *fp, X509 *x509)
{
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
}
{
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
}
#endif
X509 *d2i_X509_bio(BIO *bp, X509 **x509)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
}
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
}
int i2d_X509_bio(BIO *bp, X509 *x509)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
}
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
}
#ifndef OPENSSL_NO_FP_API
X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
}
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
}
int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
{
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
}
{
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
}
#endif
X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
}
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
}
int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
}
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
}
#ifndef OPENSSL_NO_FP_API
PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
}
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
}
int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
{
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
}
{
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
}
#endif
PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
}
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
}
int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
}
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
}
#ifndef OPENSSL_NO_FP_API
X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
}
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
}
int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
{
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
}
{
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
}
#endif
X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
}
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
}
int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
}
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
}
#ifndef OPENSSL_NO_RSA
#ifndef OPENSSL_NO_FP_API
# ifndef OPENSSL_NO_FP_API
RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
}
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
}
int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
{
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
}
{
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
}
RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
}
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
}
RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
{
return ASN1_d2i_fp((void *(*)(void))
RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp,
(void **)rsa);
}
{
return ASN1_d2i_fp((void *(*)(void))
RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp,
(void **)rsa);
}
int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
{
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
}
{
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
}
int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
{
return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa);
}
#endif
{
return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
}
# endif
RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
}
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
}
int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
}
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
}
RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
}
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
}
RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
{
return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa);
}
{
return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
}
int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
}
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
}
int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
{
return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa);
}
{
return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
}
#endif
#ifndef OPENSSL_NO_DSA
#ifndef OPENSSL_NO_FP_API
# ifndef OPENSSL_NO_FP_API
DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
{
return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa);
}
{
return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
}
int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
{
return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa);
}
{
return ASN1_i2d_fp_of_const(DSA, i2d_DSAPrivateKey, fp, dsa);
}
DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
{
return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa);
}
{
return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
}
int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
{
return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa);
}
#endif
{
return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
}
# endif
DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
{
return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa
);
}
{
return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
}
int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
{
return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa);
}
{
return ASN1_i2d_bio_of_const(DSA, i2d_DSAPrivateKey, bp, dsa);
}
DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
{
return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa);
}
{
return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
}
int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
{
return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa);
}
{
return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
}
#endif
#ifndef OPENSSL_NO_EC
#ifndef OPENSSL_NO_FP_API
# ifndef OPENSSL_NO_FP_API
EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
{
return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey);
}
{
return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
}
int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
{
return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey);
}
{
return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
}
EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
{
return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey);
}
{
return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
}
int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
{
return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey);
}
#endif
{
return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
}
# endif
EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
{
return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey);
}
{
return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
}
int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
{
return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa);
}
{
return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
}
EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
{
return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey);
}
{
return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
}
int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
{
return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey);
}
{
return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
}
#endif
int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
ASN1_BIT_STRING *key;
key = X509_get0_pubkey_bitstr(data);
if(!key) return 0;
return EVP_Digest(key->data, key->length, md, len, type, NULL);
}
int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
unsigned char *md, unsigned int *len)
{
ASN1_BIT_STRING *key;
key = X509_get0_pubkey_bitstr(data);
if (!key)
return 0;
return EVP_Digest(key->data, key->length, md, len, type, NULL);
}
int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
}
unsigned int *len)
{
return (ASN1_item_digest
(ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
}
int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
}
int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
unsigned char *md, unsigned int *len)
{
return (ASN1_item_digest
(ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
}
int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
}
int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
unsigned char *md, unsigned int *len)
{
return (ASN1_item_digest
(ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len));
}
int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
}
int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
unsigned char *md, unsigned int *len)
{
return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
(char *)data,md,len));
}
int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
unsigned char *md, unsigned int *len)
{
return (ASN1_item_digest
(ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len));
}
int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
(char *)data, md, len));
}
#ifndef OPENSSL_NO_FP_API
X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
{
return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8);
}
{
return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
}
int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
{
return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8);
}
{
return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
}
#endif
X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
{
return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8);
}
{
return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
}
int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
{
return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8);
}
{
return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
}
#ifndef OPENSSL_NO_FP_API
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
PKCS8_PRIV_KEY_INFO **p8inf)
{
return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf);
}
PKCS8_PRIV_KEY_INFO **p8inf)
{
return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
}
int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
{
return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp,
p8inf);
}
{
return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp,
p8inf);
}
int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
{
PKCS8_PRIV_KEY_INFO *p8inf;
int ret;
p8inf = EVP_PKEY2PKCS8(key);
if(!p8inf) return 0;
ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
PKCS8_PRIV_KEY_INFO_free(p8inf);
return ret;
}
{
PKCS8_PRIV_KEY_INFO *p8inf;
int ret;
p8inf = EVP_PKEY2PKCS8(key);
if (!p8inf)
return 0;
ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
PKCS8_PRIV_KEY_INFO_free(p8inf);
return ret;
}
int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
{
return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey);
}
{
return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
}
EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
{
return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a);
return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
}
int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
{
return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey);
}
{
return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
}
EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
{
return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a);
return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
}
#endif
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
PKCS8_PRIV_KEY_INFO **p8inf)
{
return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf);
}
PKCS8_PRIV_KEY_INFO **p8inf)
{
return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
}
int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
{
return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp,
p8inf);
}
{
return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp,
p8inf);
}
int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
{
PKCS8_PRIV_KEY_INFO *p8inf;
int ret;
p8inf = EVP_PKEY2PKCS8(key);
if(!p8inf) return 0;
ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
PKCS8_PRIV_KEY_INFO_free(p8inf);
return ret;
}
{
PKCS8_PRIV_KEY_INFO *p8inf;
int ret;
p8inf = EVP_PKEY2PKCS8(key);
if (!p8inf)
return 0;
ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
PKCS8_PRIV_KEY_INFO_free(p8inf);
return ret;
}
int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
{
return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey);
}
{
return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
}
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
{
return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a);
}
{
return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
}
int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
{
return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey);
}
{
return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
}
EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
{
return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a);
}
{
return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
}

BIN
crypto/x509/x_all.o
View File

Binary file not shown.