src - OpenBSD base system

diff options


context:
space:
mode:

author	Niklas Hallqvist <niklas@cvs.openbsd.org>	2000-10-07 06:57:09 +0000
committer	Niklas Hallqvist <niklas@cvs.openbsd.org>	2000-10-07 06:57:09 +0000
commit	540c94f107f9c9ab19e440a2816e6ef2121cae3d (patch)
tree	d94c3a54e8050ce77e1956055283787bfb3de90c
parent	817bd17bb8b18c0ceafede999b1b8455c8bd748d (diff)

cert.c: Merge with EOM 1.18

cert.h: Merge with EOM 1.8 libcrypto.c: Merge with EOM 1.14 policy.h: Merge with EOM 1.12 x509.h: Merge with EOM 1.11 author: niklas Multiple subject name matching, makes certificate interop with PGPnet at least partly working. Added some error checking.

Diffstat

-rw-r--r--

sbin/isakmpd/cert.c

-rw-r--r--

sbin/isakmpd/cert.h

-rw-r--r--

sbin/isakmpd/libcrypto.c

-rw-r--r--

sbin/isakmpd/policy.h

-rw-r--r--

sbin/isakmpd/x509.h

5 files changed, 45 insertions, 30 deletions

diff --git a/sbin/isakmpd/cert.c b/sbin/isakmpd/cert.c
index 6b3d3a1dc1c..cb5ab144b8f 100644
--- a/sbin/isakmpd/cert.c
+++ b/sbin/isakmpd/cert.c

@@ -1,5 +1,5 @@

-/* $OpenBSD: cert.c,v 1.15 2000/06/08 20:51:55 niklas Exp $ */

-/* $EOM: cert.c,v 1.17 2000/05/17 16:46:35 angelos Exp $ */

+/* $OpenBSD: cert.c,v 1.16 2000/10/07 06:57:08 niklas Exp $ */

+/* $EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $ */

@@ -66,7 +66,7 @@ struct cert_handler cert_handler[] = {

x509_cert_init, x509_cert_get, x509_cert_validate,

x509_cert_insert, x509_cert_free,

x509_certreq_validate, x509_certreq_decode, x509_free_aca,

- x509_cert_obtain, x509_cert_get_key, x509_cert_get_subject

+ x509_cert_obtain, x509_cert_get_key, x509_cert_get_subjects

#endif

#ifdef USE_KEYNOTE

@@ -75,7 +75,7 @@ struct cert_handler cert_handler[] = {

keynote_cert_init, keynote_cert_get, keynote_cert_validate,

keynote_cert_insert, keynote_cert_free,

keynote_certreq_validate, keynote_certreq_decode, keynote_free_aca,

- keynote_cert_obtain, keynote_cert_get_key, keynote_cert_get_subject

+ keynote_cert_obtain, keynote_cert_get_key, keynote_cert_get_subjects

#endif

};

@@ -140,3 +140,14 @@ certreq_decode (u_int16_t type, u_int8_t *data, u_int32_t datalen)

return ret;

}

+void

+cert_free_subjects (int n, u_int8_t **id, u_int32_t *len)

+ int i;

+ for (i = 0; i < n; i++)

+ free (id[i]);

+ free (id);

+ free (len);

diff --git a/sbin/isakmpd/cert.h b/sbin/isakmpd/cert.h
index a3243bfbe96..798d08c284b 100644
--- a/sbin/isakmpd/cert.h
+++ b/sbin/isakmpd/cert.h

@@ -1,8 +1,9 @@

-/* $OpenBSD: cert.h,v 1.5 2000/06/08 20:49:44 niklas Exp $ */

-/* $EOM: cert.h,v 1.7 2000/05/19 05:47:52 angelos Exp $ */

+/* $OpenBSD: cert.h,v 1.6 2000/10/07 06:57:08 niklas Exp $ */

+/* $EOM: cert.h,v 1.8 2000/09/28 12:53:27 niklas Exp $ */

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

@@ -63,7 +64,7 @@ struct cert_handler {

void (*free_aca) (void *);

int (*cert_obtain) (u_int8_t *, size_t, void *, u_int8_t **, u_int32_t *);

int (*cert_get_key) (void *, void *);

- int (*cert_get_subject) (void *, u_int8_t **, u_int32_t *);

+ int (*cert_get_subjects) (void *, int *, u_int8_t ***, u_int32_t **);

};

/* the acceptable authority of cert request */

@@ -76,8 +77,9 @@ struct certreq_aca {

void *data; /* if NULL everything is acceptable */

};

-struct cert_handler *cert_get (u_int16_t);

struct certreq_aca *certreq_decode (u_int16_t, u_int8_t *, u_int32_t);

+void cert_free_subjects (int, u_int8_t **, u_int32_t *);

+struct cert_handler *cert_get (u_int16_t);

int cert_init (void);

#endif /* _CERT_H_ */

diff --git a/sbin/isakmpd/libcrypto.c b/sbin/isakmpd/libcrypto.c
index f543f2d83c7..41a97e26d50 100644
--- a/sbin/isakmpd/libcrypto.c
+++ b/sbin/isakmpd/libcrypto.c

@@ -1,8 +1,8 @@

-/* $OpenBSD: libcrypto.c,v 1.6 2000/04/07 22:06:20 niklas Exp $ */

-/* $EOM: libcrypto.c,v 1.13 2000/03/31 15:29:03 ho Exp $ */

+/* $OpenBSD: libcrypto.c,v 1.7 2000/10/07 06:57:08 niklas Exp $ */

+/* $EOM: libcrypto.c,v 1.14 2000/09/28 12:53:27 niklas Exp $ */

* Redistribution and use in source and binary forms, with or without

@@ -107,6 +107,7 @@ char *(*lc_X509_NAME_oneline) (X509_NAME *, char *, int);

int (*lc_i2d_RSAPublicKey) (RSA *, unsigned char **);

int (*lc_i2d_RSAPrivateKey) (RSA *, unsigned char **);

int (*lc_i2d_X509) (X509 *, unsigned char **);

+int (*lc_i2d_X509_NAME) (X509_NAME *, unsigned char **);

#if SSLEAY_VERSION_NUMBER >= 0x00904100L

void (*lc_sk_X509_free) (STACK_OF (X509) *);

STACK_OF (X509) *(*lc_sk_X509_new_null) ();

@@ -175,6 +176,7 @@ static struct dynload_script libcrypto_script[] = {

SYMENTRY (i2d_RSAPublicKey),

SYMENTRY (i2d_RSAPrivateKey),

SYMENTRY (i2d_X509),

+ SYMENTRY (i2d_X509_NAME),

#if SSLEAY_VERSION_NUMBER >= 0x00904100L

SYMENTRY (sk_X509_free),

SYMENTRY (sk_X509_new_null),

diff --git a/sbin/isakmpd/policy.h b/sbin/isakmpd/policy.h
index 3bff3d1a7d9..ad7ec86ee92 100644
--- a/sbin/isakmpd/policy.h
+++ b/sbin/isakmpd/policy.h

@@ -1,8 +1,9 @@

-/* $OpenBSD: policy.h,v 1.6 2000/06/08 20:50:52 niklas Exp $ */

-/* $EOM: policy.h,v 1.11 2000/05/21 04:24:54 angelos Exp $ */

+/* $OpenBSD: policy.h,v 1.7 2000/10/07 06:57:08 niklas Exp $ */

+/* $EOM: policy.h,v 1.12 2000/09/28 12:53:27 niklas Exp $ */

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

@@ -100,6 +101,7 @@ extern void *keynote_certreq_decode (u_int8_t *, u_int32_t);

extern void keynote_free_aca (void *);

extern int keynote_cert_obtain (u_int8_t *, size_t, void *,

u_int8_t **, u_int32_t *);

-extern int keynote_cert_get_subject (void *, u_int8_t **, u_int32_t *);

+extern int keynote_cert_get_subjects (void *, int *, u_int8_t ***,

+ u_int32_t **);

extern int keynote_cert_get_key (void *, void *);

#endif /* _POLICY_H_ */

diff --git a/sbin/isakmpd/x509.h b/sbin/isakmpd/x509.h
index 5991cd51dd3..bc21e500c5d 100644
--- a/sbin/isakmpd/x509.h
+++ b/sbin/isakmpd/x509.h

@@ -1,9 +1,10 @@

-/* $OpenBSD: x509.h,v 1.7 2000/06/08 20:49:44 niklas Exp $ */

-/* $EOM: x509.h,v 1.10 2000/05/19 05:47:53 angelos Exp $ */

+/* $OpenBSD: x509.h,v 1.8 2000/10/07 06:57:08 niklas Exp $ */

+/* $EOM: x509.h,v 1.11 2000/09/28 12:53:27 niklas Exp $ */

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

@@ -42,8 +43,7 @@

#define X509v3_RFC_NAME 1

#define X509v3_DNS_NAME 2

-#define X509v3_IPV4_ADDR 7

+#define X509v3_IP_ADDR 7

struct x509_attribval {

char *type;

@@ -55,7 +55,6 @@ struct x509_attribval {

* XXX We only support two names at the moment, as of ASN this can

* be dynamic but we don't care for now.

struct x509_aca {

struct x509_attribval name1;

struct x509_attribval name2;

@@ -65,25 +64,24 @@ struct X509;

/* Functions provided by cert handler. */

-int x509_cert_init (void);

-void *x509_cert_get (u_int8_t *, u_int32_t);

-int x509_cert_validate (void *);

-void x509_cert_free (void *);

int x509_certreq_validate (u_int8_t *, u_int32_t);

void *x509_certreq_decode (u_int8_t *, u_int32_t);

-void x509_free_aca (void *);

-int x509_cert_obtain (u_int8_t *, size_t, void *, u_int8_t **, u_int32_t *);

+void x509_cert_free (void *);

+void *x509_cert_get (u_int8_t *, u_int32_t);

int x509_cert_get_key (void *, void *);

-int x509_cert_get_subject (void *, u_int8_t **, u_int32_t *);

+int x509_cert_get_subjects (void *, int *, u_int8_t ***, u_int32_t **);

+int x509_cert_init (void);

+int x509_cert_obtain (u_int8_t *, size_t, void *, u_int8_t **, u_int32_t *);

+int x509_cert_validate (void *);

+void x509_free_aca (void *);

/* Misc. X509 certificate functions. */

int x509_cert_insert (int, void *);

-int x509_read_from_dir (X509_STORE *, char *, int);

int x509_cert_subjectaltname (X509 *cert, u_char **, u_int *);

int x509_check_subjectaltname (u_char *, u_int, X509 *);

X509 *x509_from_asn (u_char *, u_int);

int x509_generate_kn(X509 *);

+int x509_read_from_dir (X509_STORE *, char *, int);

#endif /* _X509_H_ */