summaryrefslogtreecommitdiff
path: root/lib/libcrypto/x509
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libcrypto/x509')
-rw-r--r--lib/libcrypto/x509/Makefile.ssl273
-rw-r--r--lib/libcrypto/x509/by_dir.c26
-rw-r--r--lib/libcrypto/x509/x509.h152
-rw-r--r--lib/libcrypto/x509/x509_cmp.c28
-rw-r--r--lib/libcrypto/x509/x509_lu.c332
-rw-r--r--lib/libcrypto/x509/x509_obj.c4
-rw-r--r--lib/libcrypto/x509/x509_req.c6
-rw-r--r--lib/libcrypto/x509/x509_set.c16
-rw-r--r--lib/libcrypto/x509/x509_trs.c16
-rw-r--r--lib/libcrypto/x509/x509_txt.c9
-rw-r--r--lib/libcrypto/x509/x509_vfy.c491
-rw-r--r--lib/libcrypto/x509/x509_vfy.h56
-rw-r--r--lib/libcrypto/x509/x509spki.c12
-rw-r--r--lib/libcrypto/x509/x_all.c38
14 files changed, 942 insertions, 517 deletions
diff --git a/lib/libcrypto/x509/Makefile.ssl b/lib/libcrypto/x509/Makefile.ssl
index 48937b43af5..46196937334 100644
--- a/lib/libcrypto/x509/Makefile.ssl
+++ b/lib/libcrypto/x509/Makefile.ssl
@@ -96,15 +96,17 @@ by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
by_dir.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
by_dir.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-by_dir.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-by_dir.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+by_dir.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+by_dir.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-by_dir.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_dir.o: ../cryptlib.h
by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -113,52 +115,60 @@ by_file.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
by_file.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
by_file.o: ../../include/openssl/err.h ../../include/openssl/evp.h
by_file.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-by_file.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-by_file.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+by_file.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+by_file.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
by_file.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
by_file.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-by_file.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_file.o: ../cryptlib.h
x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
x509_att.o: ../../include/openssl/des.h ../../include/openssl/dh.h
x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_att.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_att.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_att.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509_att.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_att.o: ../../include/openssl/opensslconf.h
x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509_att.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509_att.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509_att.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x509_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_att.o: ../cryptlib.h
x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_cmp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_cmp.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_cmp.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_cmp.o: ../../include/openssl/opensslconf.h
x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509_cmp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x509_cmp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_cmp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_cmp.o: ../cryptlib.h
x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -166,14 +176,16 @@ x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
x509_d2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
x509_d2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
x509_d2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_d2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509_d2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_d2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_d2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_d2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_d2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x509_d2.o: ../cryptlib.h
x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -183,49 +195,57 @@ x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
x509_def.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
x509_def.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
x509_def.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_def.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_def.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_def.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509_def.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_def.o: ../../include/openssl/opensslconf.h
x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509_def.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509_def.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509_def.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_def.o: ../cryptlib.h
+x509_def.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_def.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-x509_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-x509_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-x509_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-x509_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_err.o: ../../include/openssl/x509_vfy.h
x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
x509_ext.o: ../../include/openssl/des.h ../../include/openssl/dh.h
x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_ext.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_ext.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_ext.o: ../../include/openssl/opensslconf.h
x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x509_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_ext.o: ../cryptlib.h
x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -234,15 +254,17 @@ x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
x509_lu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x509_lu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_lu.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x509_lu.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_lu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_lu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-x509_lu.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_lu.o: ../cryptlib.h
x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -251,16 +273,17 @@ x509_obj.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
x509_obj.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
x509_obj.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x509_obj.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x509_obj.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_obj.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x509_obj.o: ../../include/openssl/opensslconf.h
x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509_obj.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509_obj.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509_obj.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_obj.o: ../cryptlib.h
+x509_obj.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_obj.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -268,16 +291,18 @@ x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
x509_r2x.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
x509_r2x.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_r2x.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509_r2x.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_r2x.o: ../../include/openssl/opensslconf.h
x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509_r2x.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509_r2x.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509_r2x.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_r2x.o: ../cryptlib.h
+x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -285,17 +310,19 @@ x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
x509_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
x509_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_req.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_req.o: ../../include/openssl/opensslconf.h
x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
x509_req.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
x509_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_req.o: ../cryptlib.h
+x509_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -303,34 +330,39 @@ x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
x509_set.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
x509_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
x509_set.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_set.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_set.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_set.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509_set.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_set.o: ../../include/openssl/opensslconf.h
x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509_set.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509_set.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509_set.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_set.o: ../cryptlib.h
+x509_set.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_set.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
x509_trs.o: ../../include/openssl/des.h ../../include/openssl/dh.h
x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_trs.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_trs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_trs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509_trs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_trs.o: ../../include/openssl/opensslconf.h
x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509_trs.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509_trs.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509_trs.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x509_trs.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_trs.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_trs.o: ../cryptlib.h
x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -339,32 +371,35 @@ x509_txt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
x509_txt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
x509_txt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x509_txt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x509_txt.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_txt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x509_txt.o: ../../include/openssl/opensslconf.h
x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509_txt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509_txt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509_txt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_txt.o: ../cryptlib.h
+x509_txt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_txt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
x509_v3.o: ../../include/openssl/des.h ../../include/openssl/dh.h
x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_v3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_v3.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_v3.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x509_v3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x509_v3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_v3.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_v3.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h
x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -373,18 +408,21 @@ x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/dh.h
x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_vfy.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_vfy.o: ../../include/openssl/opensslconf.h
x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x509_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_vfy.o: ../cryptlib.h
x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -392,16 +430,18 @@ x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
x509name.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
x509name.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
x509name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509name.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509name.o: ../../include/openssl/opensslconf.h
x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509name.o: ../cryptlib.h
+x509name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -409,16 +449,18 @@ x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
x509rset.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
x509rset.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
x509rset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509rset.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509rset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509rset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509rset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509rset.o: ../../include/openssl/opensslconf.h
x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509rset.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509rset.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509rset.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509rset.o: ../cryptlib.h
+x509rset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509rset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
x509spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
x509spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -427,16 +469,17 @@ x509spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
x509spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
x509spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-x509spki.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-x509spki.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-x509spki.o: ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509spki.o: ../cryptlib.h
+x509spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -444,16 +487,18 @@ x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
x509type.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
x509type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
x509type.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509type.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509type.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509type.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x509type.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509type.o: ../../include/openssl/opensslconf.h
x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x509type.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x509type.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x509type.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509type.o: ../cryptlib.h
+x509type.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509type.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
x_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
x_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
x_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -461,13 +506,15 @@ x_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
x_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
x_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-x_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_all.o: ../cryptlib.h
diff --git a/lib/libcrypto/x509/by_dir.c b/lib/libcrypto/x509/by_dir.c
index 14d12c56bd7..cac64a6f404 100644
--- a/lib/libcrypto/x509/by_dir.c
+++ b/lib/libcrypto/x509/by_dir.c
@@ -146,11 +146,11 @@ static int new_dir(X509_LOOKUP *lu)
{
BY_DIR *a;
- if ((a=(BY_DIR *)Malloc(sizeof(BY_DIR))) == NULL)
+ if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
return(0);
if ((a->buffer=BUF_MEM_new()) == NULL)
{
- Free(a);
+ OPENSSL_free(a);
return(0);
}
a->num_dirs=0;
@@ -168,11 +168,11 @@ static void free_dir(X509_LOOKUP *lu)
a=(BY_DIR *)lu->method_data;
for (i=0; i<a->num_dirs; i++)
- if (a->dirs[i] != NULL) Free(a->dirs[i]);
- if (a->dirs != NULL) Free(a->dirs);
- if (a->dirs_type != NULL) Free(a->dirs_type);
+ if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
+ if (a->dirs != NULL) OPENSSL_free(a->dirs);
+ if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
if (a->buffer != NULL) BUF_MEM_free(a->buffer);
- Free(a);
+ OPENSSL_free(a);
}
static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
@@ -204,9 +204,9 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
{
ctx->num_dirs_alloced+=10;
- pp=(char **)Malloc(ctx->num_dirs_alloced*
+ pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
sizeof(char *));
- ip=(int *)Malloc(ctx->num_dirs_alloced*
+ ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
sizeof(int));
if ((pp == NULL) || (ip == NULL))
{
@@ -218,14 +218,14 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
sizeof(int));
if (ctx->dirs != NULL)
- Free(ctx->dirs);
+ OPENSSL_free(ctx->dirs);
if (ctx->dirs_type != NULL)
- Free(ctx->dirs_type);
+ OPENSSL_free(ctx->dirs_type);
ctx->dirs=pp;
ctx->dirs_type=ip;
}
ctx->dirs_type[ctx->num_dirs]=type;
- ctx->dirs[ctx->num_dirs]=(char *)Malloc((unsigned int)len+1);
+ ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
ctx->dirs[ctx->num_dirs][len]='\0';
@@ -326,7 +326,9 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
/* we have added it to the cache so now pull
* it out again */
CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
- tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,&stmp);
+ j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
+ if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,i);
+ else tmp = NULL;
CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
if (tmp != NULL)
diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h
index 0192272e7c1..813c8adffd7 100644
--- a/lib/libcrypto/x509/x509.h
+++ b/lib/libcrypto/x509/x509.h
@@ -59,15 +59,16 @@
#ifndef HEADER_X509_H
#define HEADER_X509_H
-#ifdef __cplusplus
-extern "C" {
+#include <openssl/symhacks.h>
+#ifndef NO_BUFFER
+#include <openssl/buffer.h>
#endif
-
-#ifdef VMS
-#undef X509_REVOKED_get_ext_by_critical
-#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic
+#ifndef NO_EVP
+#include <openssl/evp.h>
+#endif
+#ifndef NO_BIO
+#include <openssl/bio.h>
#endif
-
#include <openssl/stack.h>
#include <openssl/asn1.h>
#include <openssl/safestack.h>
@@ -87,11 +88,19 @@ extern "C" {
#include <openssl/evp.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
#ifdef WIN32
/* Under Win32 this is defined in wincrypt.h */
#undef X509_NAME
#endif
+ /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
+#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
+#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
+
#define X509_FILETYPE_PEM 1
#define X509_FILETYPE_ASN1 2
#define X509_FILETYPE_DEFAULT 3
@@ -125,8 +134,8 @@ DECLARE_ASN1_SET_OF(X509_ALGOR)
typedef struct X509_val_st
{
- ASN1_UTCTIME *notBefore;
- ASN1_UTCTIME *notAfter;
+ ASN1_TIME *notBefore;
+ ASN1_TIME *notAfter;
} X509_VAL;
typedef struct X509_pubkey_st
@@ -158,7 +167,7 @@ typedef struct X509_name_st
{
STACK_OF(X509_NAME_ENTRY) *entries;
int modified; /* true if 'bytes' needs to be built */
-#ifdef HEADER_BUFFER_H
+#ifndef NO_BUFFER
BUF_MEM *bytes;
#else
char *bytes;
@@ -200,6 +209,8 @@ DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
typedef struct X509_req_info_st
{
+ unsigned char *asn1;
+ int length;
ASN1_INTEGER *version;
X509_NAME *subject;
X509_PUBKEY *pubkey;
@@ -260,6 +271,8 @@ typedef struct x509_st
unsigned long ex_kusage;
unsigned long ex_xkusage;
unsigned long ex_nscert;
+ ASN1_OCTET_STRING *skid;
+ struct AUTHORITY_KEYID_st *akid;
#ifndef NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
#endif
@@ -307,10 +320,65 @@ DECLARE_STACK_OF(X509_TRUST)
#define X509_TRUST_REJECTED 2
#define X509_TRUST_UNTRUSTED 3
+/* Flags specific to X509_NAME_print_ex() */
+
+/* The field separator information */
+
+#define XN_FLAG_SEP_MASK (0xf << 16)
+
+#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */
+#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */
+#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */
+#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */
+#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */
+
+#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */
+
+/* How the field name is shown */
+
+#define XN_FLAG_FN_MASK (0x3 << 21)
+
+#define XN_FLAG_FN_SN 0 /* Object short name */
+#define XN_FLAG_FN_LN (1 << 21) /* Object long name */
+#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */
+#define XN_FLAG_FN_NONE (3 << 21) /* No field names */
+
+#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */
+
+/* This determines if we dump fields we don't recognise:
+ * RFC2253 requires this.
+ */
+
+#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+
+/* Complete set of RFC2253 flags */
+
+#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
+ XN_FLAG_SEP_COMMA_PLUS | \
+ XN_FLAG_DN_REV | \
+ XN_FLAG_FN_SN | \
+ XN_FLAG_DUMP_UNKNOWN_FIELDS)
+
+/* readable oneline form */
+
+#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
+ ASN1_STRFLGS_ESC_QUOTE | \
+ XN_FLAG_SEP_CPLUS_SPC | \
+ XN_FLAG_SPC_EQ | \
+ XN_FLAG_FN_SN)
+
+/* readable multiline form */
+
+#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
+ ASN1_STRFLGS_ESC_MSB | \
+ XN_FLAG_SEP_MULTILINE | \
+ XN_FLAG_SPC_EQ | \
+ XN_FLAG_FN_LN)
+
typedef struct X509_revoked_st
{
ASN1_INTEGER *serialNumber;
- ASN1_UTCTIME *revocationDate;
+ ASN1_TIME *revocationDate;
STACK_OF(X509_EXTENSION) /* optional */ *extensions;
int sequence; /* load sequence */
} X509_REVOKED;
@@ -323,8 +391,8 @@ typedef struct X509_crl_info_st
ASN1_INTEGER *version;
X509_ALGOR *sig_alg;
X509_NAME *issuer;
- ASN1_UTCTIME *lastUpdate;
- ASN1_UTCTIME *nextUpdate;
+ ASN1_TIME *lastUpdate;
+ ASN1_TIME *nextUpdate;
STACK_OF(X509_REVOKED) *revoked;
STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
} X509_CRL_INFO;
@@ -362,7 +430,7 @@ typedef struct private_key_st
int references;
} X509_PKEY;
-#ifdef HEADER_ENVELOPE_H
+#ifndef NO_EVP
typedef struct X509_info_st
{
X509 *x509;
@@ -445,9 +513,17 @@ typedef struct pkcs8_priv_key_info_st
STACK_OF(X509_ATTRIBUTE) *attributes;
} PKCS8_PRIV_KEY_INFO;
+#ifdef __cplusplus
+}
+#endif
+
#include <openssl/x509_vfy.h>
#include <openssl/pkcs7.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
#ifdef SSLEAY_MACROS
#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
a->signature,(char *)a->cert_info,r)
@@ -610,7 +686,7 @@ typedef struct pkcs8_priv_key_info_st
const char *X509_verify_cert_error_string(long n);
#ifndef SSLEAY_MACROS
-#ifdef HEADER_ENVELOPE_H
+#ifndef NO_EVP
int X509_verify(X509 *a, EVP_PKEY *r);
int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
@@ -629,9 +705,14 @@ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_digest(X509 *data,const EVP_MD *type,unsigned char *md,unsigned int *len);
-int X509_NAME_digest(X509_NAME *data,const EVP_MD *type,
- unsigned char *md,unsigned int *len);
+int X509_digest(const X509 *data,const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
+int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
+int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
+int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
#endif
#ifndef NO_FP_API
@@ -663,9 +744,11 @@ int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
#endif
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
X509 *d2i_X509_bio(BIO *bp,X509 **x509);
int i2d_X509_bio(BIO *bp,X509 *x509);
X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
@@ -694,6 +777,8 @@ int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
#endif
X509 *X509_dup(X509 *x509);
@@ -711,8 +796,10 @@ RSA *RSAPrivateKey_dup(RSA *rsa);
#endif /* !SSLEAY_MACROS */
-int X509_cmp_current_time(ASN1_UTCTIME *s);
-ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
+int X509_cmp_time(ASN1_TIME *s, time_t *t);
+int X509_cmp_current_time(ASN1_TIME *s);
+ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj);
const char * X509_get_default_cert_area(void );
const char * X509_get_default_cert_dir(void );
@@ -825,6 +912,7 @@ int i2d_X509_CERT_AUX(X509_CERT_AUX *a,unsigned char **pp);
X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp,
long length);
int X509_alias_set1(X509 *x, unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, unsigned char *id, int len);
unsigned char * X509_alias_get0(X509 *x, int *len);
int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
@@ -871,7 +959,7 @@ NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void);
NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, unsigned char **pp, long length);
void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a);
-#ifdef HEADER_ENVELOPE_H
+#ifndef NO_EVP
X509_INFO * X509_INFO_new(void);
void X509_INFO_free(X509_INFO *a);
char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
@@ -894,8 +982,8 @@ int X509_set_issuer_name(X509 *x, X509_NAME *name);
X509_NAME * X509_get_issuer_name(X509 *a);
int X509_set_subject_name(X509 *x, X509_NAME *name);
X509_NAME * X509_get_subject_name(X509 *a);
-int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
-int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
+int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
+int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
EVP_PKEY * X509_get_pubkey(X509 *x);
int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
@@ -931,28 +1019,30 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
-int X509_issuer_and_serial_cmp(X509 *a, X509 *b);
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
unsigned long X509_issuer_and_serial_hash(X509 *a);
-int X509_issuer_name_cmp(X509 *a, X509 *b);
+int X509_issuer_name_cmp(const X509 *a, const X509 *b);
unsigned long X509_issuer_name_hash(X509 *a);
-int X509_subject_name_cmp(X509 *a,X509 *b);
+int X509_subject_name_cmp(const X509 *a, const X509 *b);
unsigned long X509_subject_name_hash(X509 *x);
-int X509_cmp (X509 *a, X509 *b);
-int X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
+int X509_cmp(const X509 *a, const X509 *b);
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
unsigned long X509_NAME_hash(X509_NAME *x);
-int X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
#ifndef NO_FP_API
int X509_print_fp(FILE *bp,X509 *x);
int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
#endif
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
int X509_print(BIO *bp,X509 *x);
int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
int X509_CRL_print(BIO *bp,X509_CRL *x);
diff --git a/lib/libcrypto/x509/x509_cmp.c b/lib/libcrypto/x509/x509_cmp.c
index a8a5ca8b03e..b147d573d2f 100644
--- a/lib/libcrypto/x509/x509_cmp.c
+++ b/lib/libcrypto/x509/x509_cmp.c
@@ -63,7 +63,7 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
-int X509_issuer_and_serial_cmp(X509 *a, X509 *b)
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
{
int i;
X509_CINF *ai,*bi;
@@ -97,17 +97,17 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
}
#endif
-int X509_issuer_name_cmp(X509 *a, X509 *b)
+int X509_issuer_name_cmp(const X509 *a, const X509 *b)
{
return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
}
-int X509_subject_name_cmp(X509 *a, X509 *b)
+int X509_subject_name_cmp(const X509 *a, const X509 *b)
{
return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
}
-int X509_CRL_cmp(X509_CRL *a, X509_CRL *b)
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
{
return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
}
@@ -139,19 +139,25 @@ unsigned long X509_subject_name_hash(X509 *x)
#ifndef NO_SHA
/* Compare two certificates: they must be identical for
- * this to work.
+ * this to work. NB: Although "cmp" operations are generally
+ * prototyped to take "const" arguments (eg. for use in
+ * STACKs), the way X509 handling is - these operations may
+ * involve ensuring the hashes are up-to-date and ensuring
+ * certain cert information is cached. So this is the point
+ * where the "depth-first" constification tree has to halt
+ * with an evil cast.
*/
-int X509_cmp(X509 *a, X509 *b)
+int X509_cmp(const X509 *a, const X509 *b)
{
/* ensure hash is valid */
- X509_check_purpose(a, -1, 0);
- X509_check_purpose(b, -1, 0);
+ X509_check_purpose((X509 *)a, -1, 0);
+ X509_check_purpose((X509 *)b, -1, 0);
return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
}
#endif
-int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
int i,j;
X509_NAME_ENTRY *na,*nb;
@@ -198,14 +204,14 @@ unsigned long X509_NAME_hash(X509_NAME *x)
i=i2d_X509_NAME(x,NULL);
if (i > sizeof(str))
- p=Malloc(i);
+ p=OPENSSL_malloc(i);
else
p=str;
pp=p;
i2d_X509_NAME(x,&pp);
MD5((unsigned char *)p,i,&(md[0]));
- if (p != str) Free(p);
+ if (p != str) OPENSSL_free(p);
ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
diff --git a/lib/libcrypto/x509/x509_lu.c b/lib/libcrypto/x509/x509_lu.c
index a20006d67e2..863c738cad8 100644
--- a/lib/libcrypto/x509/x509_lu.c
+++ b/lib/libcrypto/x509/x509_lu.c
@@ -62,14 +62,13 @@
#include <openssl/x509.h>
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_meth=NULL;
X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
{
X509_LOOKUP *ret;
- ret=(X509_LOOKUP *)Malloc(sizeof(X509_LOOKUP));
- if (ret == NULL) return(NULL);
+ ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
+ if (ret == NULL) return NULL;
ret->init=0;
ret->skip=0;
@@ -78,10 +77,10 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
ret->store_ctx=NULL;
if ((method->new_item != NULL) && !method->new_item(ret))
{
- Free(ret);
- return(NULL);
+ OPENSSL_free(ret);
+ return NULL;
}
- return(ret);
+ return ret;
}
void X509_LOOKUP_free(X509_LOOKUP *ctx)
@@ -90,44 +89,44 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
if ( (ctx->method != NULL) &&
(ctx->method->free != NULL))
ctx->method->free(ctx);
- Free(ctx);
+ OPENSSL_free(ctx);
}
int X509_LOOKUP_init(X509_LOOKUP *ctx)
{
- if (ctx->method == NULL) return(0);
+ if (ctx->method == NULL) return 0;
if (ctx->method->init != NULL)
- return(ctx->method->init(ctx));
+ return ctx->method->init(ctx);
else
- return(1);
+ return 1;
}
int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
{
- if (ctx->method == NULL) return(0);
+ if (ctx->method == NULL) return 0;
if (ctx->method->shutdown != NULL)
- return(ctx->method->shutdown(ctx));
+ return ctx->method->shutdown(ctx);
else
- return(1);
+ return 1;
}
int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
char **ret)
{
- if (ctx->method == NULL) return(-1);
+ if (ctx->method == NULL) return -1;
if (ctx->method->ctrl != NULL)
- return(ctx->method->ctrl(ctx,cmd,argc,argl,ret));
+ return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
else
- return(1);
+ return 1;
}
int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
- return(X509_LU_FAIL);
- if (ctx->skip) return(0);
- return(ctx->method->get_by_subject(ctx,type,name,ret));
+ return X509_LU_FAIL;
+ if (ctx->skip) return 0;
+ return ctx->method->get_by_subject(ctx,type,name,ret);
}
int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
@@ -135,71 +134,55 @@ int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
{
if ((ctx->method == NULL) ||
(ctx->method->get_by_issuer_serial == NULL))
- return(X509_LU_FAIL);
- return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret));
+ return X509_LU_FAIL;
+ return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
}
int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
unsigned char *bytes, int len, X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
- return(X509_LU_FAIL);
- return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret));
+ return X509_LU_FAIL;
+ return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
}
int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
- return(X509_LU_FAIL);
- return(ctx->method->get_by_alias(ctx,type,str,len,ret));
+ return X509_LU_FAIL;
+ return ctx->method->get_by_alias(ctx,type,str,len,ret);
}
-static unsigned long x509_object_hash(X509_OBJECT *a)
- {
- unsigned long h;
-
- switch (a->type)
- {
- case X509_LU_X509:
- h=X509_NAME_hash(a->data.x509->cert_info->subject);
- break;
- case X509_LU_CRL:
- h=X509_NAME_hash(a->data.crl->crl->issuer);
- break;
- default:
- abort();
- }
- return(h);
- }
-
-static int x509_object_cmp(X509_OBJECT *a, X509_OBJECT *b)
- {
- int ret;
-
- ret=(a->type - b->type);
- if (ret) return(ret);
- switch (a->type)
- {
- case X509_LU_X509:
- ret=X509_subject_name_cmp(a->data.x509,b->data.x509);
- break;
- case X509_LU_CRL:
- ret=X509_CRL_cmp(a->data.crl,b->data.crl);
- break;
+
+static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
+ {
+ int ret;
+
+ ret=((*a)->type - (*b)->type);
+ if (ret) return ret;
+ switch ((*a)->type)
+ {
+ case X509_LU_X509:
+ ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
+ break;
+ case X509_LU_CRL:
+ ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
+ break;
default:
- abort();
+ /* abort(); */
+ return 0;
}
- return(ret);
+ return ret;
}
X509_STORE *X509_STORE_new(void)
{
X509_STORE *ret;
- if ((ret=(X509_STORE *)Malloc(sizeof(X509_STORE))) == NULL)
- return(NULL);
- ret->certs=lh_new(x509_object_hash,x509_object_cmp);
+ if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
+ return NULL;
+ ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
ret->cache=1;
ret->get_cert_methods=sk_X509_LOOKUP_new_null();
ret->verify=NULL;
@@ -207,7 +190,7 @@ X509_STORE *X509_STORE_new(void)
memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
ret->references=1;
ret->depth=0;
- return(ret);
+ return ret;
}
static void cleanup(X509_OBJECT *a)
@@ -221,9 +204,11 @@ static void cleanup(X509_OBJECT *a)
X509_CRL_free(a->data.crl);
}
else
- abort();
+ {
+ /* abort(); */
+ }
- Free(a);
+ OPENSSL_free(a);
}
void X509_STORE_free(X509_STORE *vfy)
@@ -232,7 +217,7 @@ void X509_STORE_free(X509_STORE *vfy)
STACK_OF(X509_LOOKUP) *sk;
X509_LOOKUP *lu;
- if(vfy == NULL)
+ if (vfy == NULL)
return;
sk=vfy->get_cert_methods;
@@ -243,11 +228,10 @@ void X509_STORE_free(X509_STORE *vfy)
X509_LOOKUP_free(lu);
}
sk_X509_LOOKUP_free(sk);
+ sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
CRYPTO_free_ex_data(x509_store_meth,vfy,&vfy->ex_data);
- lh_doall(vfy->certs,cleanup);
- lh_free(vfy->certs);
- Free(vfy);
+ OPENSSL_free(vfy);
}
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
@@ -262,22 +246,22 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
lu=sk_X509_LOOKUP_value(sk,i);
if (m == lu->method)
{
- return(lu);
+ return lu;
}
}
/* a new one */
lu=X509_LOOKUP_new(m);
if (lu == NULL)
- return(NULL);
+ return NULL;
else
{
lu->store_ctx=v;
if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
- return(lu);
+ return lu;
else
{
X509_LOOKUP_free(lu);
- return(NULL);
+ return NULL;
}
}
}
@@ -290,7 +274,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
X509_OBJECT stmp,*tmp;
int i,j;
- tmp=X509_OBJECT_retrieve_by_subject(ctx->certs,type,name);
+ tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
if (tmp == NULL)
{
@@ -301,7 +285,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
if (j < 0)
{
vs->current_method=j;
- return(j);
+ return j;
}
else if (j)
{
@@ -311,7 +295,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
}
vs->current_method=0;
if (tmp == NULL)
- return(0);
+ return 0;
}
/* if (ret->data.ptr != NULL)
@@ -322,7 +306,74 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
X509_OBJECT_up_ref_count(ret);
- return(1);
+ return 1;
+ }
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
+ {
+ X509_OBJECT *obj;
+ int ret=1;
+
+ if (x == NULL) return 0;
+ obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
+ if (obj == NULL)
+ {
+ X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ obj->type=X509_LU_X509;
+ obj->data.x509=x;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+ X509_OBJECT_up_ref_count(obj);
+
+
+ if (X509_OBJECT_retrieve_match(ctx->objs, obj))
+ {
+ X509_OBJECT_free_contents(obj);
+ OPENSSL_free(obj);
+ X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
+ ret=0;
+ }
+ else sk_X509_OBJECT_push(ctx->objs, obj);
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+ return ret;
+ }
+
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+ {
+ X509_OBJECT *obj;
+ int ret=1;
+
+ if (x == NULL) return 0;
+ obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
+ if (obj == NULL)
+ {
+ X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ obj->type=X509_LU_CRL;
+ obj->data.crl=x;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+ X509_OBJECT_up_ref_count(obj);
+
+ if (X509_OBJECT_retrieve_match(ctx->objs, obj))
+ {
+ X509_OBJECT_free_contents(obj);
+ OPENSSL_free(obj);
+ X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
+ ret=0;
+ }
+ else sk_X509_OBJECT_push(ctx->objs, obj);
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+ return ret;
}
void X509_OBJECT_up_ref_count(X509_OBJECT *a)
@@ -351,10 +402,10 @@ void X509_OBJECT_free_contents(X509_OBJECT *a)
}
}
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h, int type,
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
X509_NAME *name)
{
- X509_OBJECT stmp,*tmp;
+ X509_OBJECT stmp;
X509 x509_s;
X509_CINF cinf_s;
X509_CRL crl_s;
@@ -374,54 +425,105 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h, int type,
crl_info_s.issuer=name;
break;
default:
- abort();
+ /* abort(); */
+ return -1;
}
- tmp=(X509_OBJECT *)lh_retrieve(h,&stmp);
- return(tmp);
+ return sk_X509_OBJECT_find(h,&stmp);
}
-X509_STORE_CTX *X509_STORE_CTX_new(void)
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+ X509_NAME *name)
{
- X509_STORE_CTX *ctx;
- ctx = (X509_STORE_CTX *)Malloc(sizeof(X509_STORE_CTX));
- if(ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
- return ctx;
+ int idx;
+ idx = X509_OBJECT_idx_by_subject(h, type, name);
+ if (idx==-1) return NULL;
+ return sk_X509_OBJECT_value(h, idx);
}
-void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
{
- X509_STORE_CTX_cleanup(ctx);
- Free(ctx);
+ int idx, i;
+ X509_OBJECT *obj;
+ idx = sk_X509_OBJECT_find(h, x);
+ if (idx == -1) return NULL;
+ if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
+ for (i = idx; i < sk_X509_OBJECT_num(h); i++)
+ {
+ obj = sk_X509_OBJECT_value(h, i);
+ if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+ return NULL;
+ if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
+ return obj;
+ }
+ return NULL;
}
-void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
- STACK_OF(X509) *chain)
- {
- ctx->ctx=store;
- ctx->current_method=0;
- ctx->cert=x509;
- ctx->untrusted=chain;
- ctx->last_untrusted=0;
- ctx->purpose=0;
- ctx->trust=0;
- ctx->valid=0;
- ctx->chain=NULL;
- ctx->depth=9;
- ctx->error=0;
- ctx->current_cert=NULL;
- memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
- }
-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
- {
- if (ctx->chain != NULL)
+/* Try to get issuer certificate from store. Due to limitations
+ * of the API this can only retrieve a single certificate matching
+ * a given subject name. However it will fill the cache with all
+ * matching certificates, so we can examine the cache for all
+ * matches.
+ *
+ * Return values are:
+ * 1 lookup successful.
+ * 0 certificate not found.
+ * -1 some other error.
+ */
+
+
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+ X509_NAME *xn;
+ X509_OBJECT obj, *pobj;
+ int i, ok, idx;
+ xn=X509_get_issuer_name(x);
+ ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
+ if (ok != X509_LU_X509)
+ {
+ if (ok == X509_LU_RETRY)
+ {
+ X509_OBJECT_free_contents(&obj);
+ X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
+ return -1;
+ }
+ else if (ok != X509_LU_FAIL)
+ {
+ X509_OBJECT_free_contents(&obj);
+ /* not good :-(, break anyway */
+ return -1;
+ }
+ return 0;
+ }
+ /* If certificate matches all OK */
+ if (ctx->check_issued(ctx, x, obj.data.x509))
{
- sk_X509_pop_free(ctx->chain,X509_free);
- ctx->chain=NULL;
+ *issuer = obj.data.x509;
+ return 1;
}
- CRYPTO_free_ex_data(x509_store_ctx_meth,ctx,&(ctx->ex_data));
- memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
- }
+ X509_OBJECT_free_contents(&obj);
+ /* Else find index of first matching cert */
+ idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
+ /* This shouldn't normally happen since we already have one match */
+ if (idx == -1) return 0;
+
+ /* Look through all matching certificates for a suitable issuer */
+ for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
+ {
+ pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
+ /* See if we've ran out of matches */
+ if (pobj->type != X509_LU_X509) return 0;
+ if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
+ if (ctx->check_issued(ctx, x, pobj->data.x509))
+ {
+ *issuer = pobj->data.x509;
+ X509_OBJECT_up_ref_count(pobj);
+ return 1;
+ }
+ }
+ return 0;
+}
IMPLEMENT_STACK_OF(X509_LOOKUP)
+IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/lib/libcrypto/x509/x509_obj.c b/lib/libcrypto/x509/x509_obj.c
index 691b71f0315..6a3ba8eb154 100644
--- a/lib/libcrypto/x509/x509_obj.c
+++ b/lib/libcrypto/x509/x509_obj.c
@@ -91,7 +91,7 @@ int i;
if(b)
{
buf=b->data;
- Free(b);
+ OPENSSL_free(b);
}
strncpy(buf,"NO X509_NAME",len);
return buf;
@@ -210,7 +210,7 @@ int i;
if (b != NULL)
{
p=b->data;
- Free(b);
+ OPENSSL_free(b);
}
else
p=buf;
diff --git a/lib/libcrypto/x509/x509_req.c b/lib/libcrypto/x509/x509_req.c
index baef8790eb9..7eca1bd57a3 100644
--- a/lib/libcrypto/x509/x509_req.c
+++ b/lib/libcrypto/x509/x509_req.c
@@ -83,7 +83,7 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
ri=ret->req_info;
ri->version->length=1;
- ri->version->data=(unsigned char *)Malloc(1);
+ ri->version->data=(unsigned char *)OPENSSL_malloc(1);
if (ri->version->data == NULL) goto err;
ri->version->data[0]=0; /* version == 0 */
@@ -188,7 +188,7 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
/* Generate encoding of extensions */
len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
- if(!(p = Malloc(len))) goto err;
+ if(!(p = OPENSSL_malloc(len))) goto err;
q = p;
i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
@@ -204,7 +204,7 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
return 1;
err:
- if(p) Free(p);
+ if(p) OPENSSL_free(p);
X509_ATTRIBUTE_free(attr);
ASN1_TYPE_free(at);
return 0;
diff --git a/lib/libcrypto/x509/x509_set.c b/lib/libcrypto/x509/x509_set.c
index add842d17a9..aaf61ca062b 100644
--- a/lib/libcrypto/x509/x509_set.c
+++ b/lib/libcrypto/x509/x509_set.c
@@ -104,36 +104,36 @@ int X509_set_subject_name(X509 *x, X509_NAME *name)
return(X509_NAME_set(&x->cert_info->subject,name));
}
-int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm)
+int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
{
- ASN1_UTCTIME *in;
+ ASN1_TIME *in;
if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
in=x->cert_info->validity->notBefore;
if (in != tm)
{
- in=M_ASN1_UTCTIME_dup(tm);
+ in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
- M_ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
+ M_ASN1_TIME_free(x->cert_info->validity->notBefore);
x->cert_info->validity->notBefore=in;
}
}
return(in != NULL);
}
-int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm)
+int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
{
- ASN1_UTCTIME *in;
+ ASN1_TIME *in;
if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
in=x->cert_info->validity->notAfter;
if (in != tm)
{
- in=M_ASN1_UTCTIME_dup(tm);
+ in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
- M_ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
+ M_ASN1_TIME_free(x->cert_info->validity->notAfter);
x->cert_info->validity->notAfter=in;
}
}
diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c
index c779aaf94d6..a7b1543461b 100644
--- a/lib/libcrypto/x509/x509_trs.c
+++ b/lib/libcrypto/x509/x509_trs.c
@@ -61,7 +61,8 @@
#include <openssl/x509v3.h>
-static int tr_cmp(X509_TRUST **a, X509_TRUST **b);
+static int tr_cmp(const X509_TRUST * const *a,
+ const X509_TRUST * const *b);
static void trtable_free(X509_TRUST *p);
static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
@@ -88,7 +89,8 @@ IMPLEMENT_STACK_OF(X509_TRUST)
static STACK_OF(X509_TRUST) *trtable = NULL;
-static int tr_cmp(X509_TRUST **a, X509_TRUST **b)
+static int tr_cmp(const X509_TRUST * const *a,
+ const X509_TRUST * const *b)
{
return (*a)->trust - (*b)->trust;
}
@@ -152,15 +154,15 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
idx = X509_TRUST_get_by_id(id);
/* Need a new entry */
if(idx == -1) {
- if(!(trtmp = Malloc(sizeof(X509_TRUST)))) {
+ if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
return 0;
}
trtmp->flags = X509_TRUST_DYNAMIC;
} else trtmp = X509_TRUST_get0(idx);
- /* Free existing name if dynamic */
- if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name);
+ /* OPENSSL_free existing name if dynamic */
+ if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
/* dup supplied name */
if(!(trtmp->name = BUF_strdup(name))) {
X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
@@ -196,8 +198,8 @@ static void trtable_free(X509_TRUST *p)
if (p->flags & X509_TRUST_DYNAMIC)
{
if (p->flags & X509_TRUST_DYNAMIC_NAME)
- Free(p->name);
- Free(p);
+ OPENSSL_free(p->name);
+ OPENSSL_free(p);
}
}
diff --git a/lib/libcrypto/x509/x509_txt.c b/lib/libcrypto/x509/x509_txt.c
index 209cf531913..cfb478d4bc5 100644
--- a/lib/libcrypto/x509/x509_txt.c
+++ b/lib/libcrypto/x509/x509_txt.c
@@ -132,6 +132,15 @@ const char *X509_verify_cert_error_string(long n)
return ("certificate rejected");
case X509_V_ERR_APPLICATION_VERIFICATION:
return("application verification failure");
+ case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+ return("subject issuer mismatch");
+ case X509_V_ERR_AKID_SKID_MISMATCH:
+ return("authority and subject key identifier mismatch");
+ case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
+ return("authority and issuer serial number mismatch");
+ case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
+ return("key usage does not include certificate signing");
+
default:
sprintf(buf,"error number %ld",n);
return(buf);
diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c
index 3ddb2303d38..0f4110cc64b 100644
--- a/lib/libcrypto/x509/x509_vfy.c
+++ b/lib/libcrypto/x509/x509_vfy.c
@@ -71,6 +71,8 @@
#include <openssl/objects.h>
static int null_callback(int ok,X509_STORE_CTX *e);
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
static int check_chain_purpose(X509_STORE_CTX *ctx);
static int check_trust(X509_STORE_CTX *ctx);
static int internal_verify(X509_STORE_CTX *ctx);
@@ -85,13 +87,13 @@ static STACK *x509_store_method=NULL;
static int null_callback(int ok, X509_STORE_CTX *e)
{
- return(ok);
+ return ok;
}
#if 0
static int x509_subject_cmp(X509 **a, X509 **b)
{
- return(X509_subject_name_cmp(*a,*b));
+ return X509_subject_name_cmp(*a,*b);
}
#endif
@@ -99,7 +101,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
{
X509 *x,*xtmp,*chain_ss=NULL;
X509_NAME *xn;
- X509_OBJECT obj;
int depth,i,ok=0;
int num;
int (*cb)();
@@ -108,10 +109,10 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (ctx->cert == NULL)
{
X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
- return(-1);
+ return -1;
}
- cb=ctx->ctx->verify_cb;
+ cb=ctx->verify_cb;
if (cb == NULL) cb=null_callback;
/* first we make sure the chain we are going to build is
@@ -152,13 +153,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
/* If we are self signed, we break */
xn=X509_get_issuer_name(x);
- if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
- break;
+ if (ctx->check_issued(ctx, x,x)) break;
/* If we were passed a cert chain, use it first */
if (ctx->untrusted != NULL)
{
- xtmp=X509_find_by_subject(sktmp,xn);
+ xtmp=find_issuer(ctx, sktmp,x);
if (xtmp != NULL)
{
if (!sk_X509_push(ctx->chain,xtmp))
@@ -183,11 +183,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
* certificates. We now need to add at least one trusted one,
* if possible, otherwise we complain. */
+ /* Examine last certificate in chain and see if it
+ * is self signed.
+ */
+
i=sk_X509_num(ctx->chain);
x=sk_X509_value(ctx->chain,i-1);
xn = X509_get_subject_name(x);
- if (X509_NAME_cmp(xn,X509_get_issuer_name(x))
- == 0)
+ if (ctx->check_issued(ctx, x, x))
{
/* we have a self signed certificate */
if (sk_X509_num(ctx->chain) == 1)
@@ -196,13 +199,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
* we can find it in the store. We must have an exact
* match to avoid possible impersonation.
*/
- ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
- if ((ok != X509_LU_X509) || X509_cmp(x, obj.data.x509))
+ ok = ctx->get_issuer(&xtmp, ctx, x);
+ if ((ok <= 0) || X509_cmp(x, xtmp))
{
ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
ctx->current_cert=x;
ctx->error_depth=i-1;
- if(ok == X509_LU_X509) X509_OBJECT_free_contents(&obj);
+ if (ok == 1) X509_free(xtmp);
ok=cb(0,ctx);
if (!ok) goto end;
}
@@ -212,14 +215,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
* so we get any trust settings.
*/
X509_free(x);
- x = obj.data.x509;
+ x = xtmp;
sk_X509_set(ctx->chain, i - 1, x);
ctx->last_untrusted=0;
}
}
else
{
- /* worry more about this one elsewhere */
+ /* extract and save self signed certificate for later use */
chain_ss=sk_X509_pop(ctx->chain);
ctx->last_untrusted--;
num--;
@@ -235,41 +238,30 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
/* If we are self signed, we break */
xn=X509_get_issuer_name(x);
- if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
- break;
+ if (ctx->check_issued(ctx,x,x)) break;
- ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
- if (ok != X509_LU_X509)
- {
- if (ok == X509_LU_RETRY)
- {
- X509_OBJECT_free_contents(&obj);
- X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
- return(ok);
- }
- else if (ok != X509_LU_FAIL)
- {
- X509_OBJECT_free_contents(&obj);
- /* not good :-(, break anyway */
- return(ok);
- }
- break;
- }
- x=obj.data.x509;
- if (!sk_X509_push(ctx->chain,obj.data.x509))
+ ok = ctx->get_issuer(&xtmp, ctx, x);
+
+ if (ok < 0) return ok;
+ if (ok == 0) break;
+
+ x = xtmp;
+ if (!sk_X509_push(ctx->chain,x))
{
- X509_OBJECT_free_contents(&obj);
+ X509_free(xtmp);
X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
- return(0);
+ return 0;
}
num++;
}
/* we now have our chain, lets check it... */
xn=X509_get_issuer_name(x);
- if (X509_NAME_cmp(X509_get_subject_name(x),xn) != 0)
+
+ /* Is last certificate looked up self signed? */
+ if (!ctx->check_issued(ctx,x,x))
{
- if ((chain_ss == NULL) || (X509_NAME_cmp(X509_get_subject_name(chain_ss),xn) != 0))
+ if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
{
if (ctx->last_untrusted >= num)
ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
@@ -294,22 +286,22 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
}
/* We have the chain complete: now we need to check its purpose */
- if(ctx->purpose > 0) ok = check_chain_purpose(ctx);
+ if (ctx->purpose > 0) ok = check_chain_purpose(ctx);
- if(!ok) goto end;
+ if (!ok) goto end;
/* The chain extensions are OK: check trust */
- if(ctx->trust > 0) ok = check_trust(ctx);
+ if (ctx->trust > 0) ok = check_trust(ctx);
- if(!ok) goto end;
+ if (!ok) goto end;
/* We may as well copy down any DSA parameters that are required */
X509_get_pubkey_parameters(NULL,ctx->chain);
/* At this point, we have a chain and just need to verify it */
- if (ctx->ctx->verify != NULL)
- ok=ctx->ctx->verify(ctx);
+ if (ctx->verify != NULL)
+ ok=ctx->verify(ctx);
else
ok=internal_verify(ctx);
if (0)
@@ -319,9 +311,61 @@ end:
}
if (sktmp != NULL) sk_X509_free(sktmp);
if (chain_ss != NULL) X509_free(chain_ss);
- return(ok);
+ return ok;
}
+
+/* Given a STACK_OF(X509) find the issuer of cert (if any)
+ */
+
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
+{
+ int i;
+ X509 *issuer;
+ for (i = 0; i < sk_X509_num(sk); i++)
+ {
+ issuer = sk_X509_value(sk, i);
+ if (ctx->check_issued(ctx, x, issuer))
+ return issuer;
+ }
+ return NULL;
+}
+
+/* Given a possible certificate and issuer check them */
+
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
+{
+ int ret;
+ ret = X509_check_issued(issuer, x);
+ if (ret == X509_V_OK)
+ return 1;
+ /* If we haven't asked for issuer errors don't set ctx */
+ if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+ return 0;
+
+ ctx->error = ret;
+ ctx->current_cert = x;
+ ctx->current_issuer = issuer;
+ if (ctx->verify_cb)
+ return ctx->verify_cb(0, ctx);
+ return 0;
+}
+
+/* Alternative lookup method: look from a STACK stored in other_ctx */
+
+static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+ *issuer = find_issuer(ctx, ctx->other_ctx, x);
+ if (*issuer)
+ {
+ CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
+ return 1;
+ }
+ else
+ return 0;
+}
+
+
/* Check a certificate chains extensions for consistency
* with the supplied purpose
*/
@@ -334,32 +378,37 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
int i, ok=0;
X509 *x;
int (*cb)();
- cb=ctx->ctx->verify_cb;
+ cb=ctx->verify_cb;
if (cb == NULL) cb=null_callback;
/* Check all untrusted certificates */
- for(i = 0; i < ctx->last_untrusted; i++) {
+ for (i = 0; i < ctx->last_untrusted; i++)
+ {
x = sk_X509_value(ctx->chain, i);
- if(!X509_check_purpose(x, ctx->purpose, i)) {
- if(i) ctx->error = X509_V_ERR_INVALID_CA;
- else ctx->error = X509_V_ERR_INVALID_PURPOSE;
+ if (!X509_check_purpose(x, ctx->purpose, i))
+ {
+ if (i)
+ ctx->error = X509_V_ERR_INVALID_CA;
+ else
+ ctx->error = X509_V_ERR_INVALID_PURPOSE;
ctx->error_depth = i;
ctx->current_cert = x;
ok=cb(0,ctx);
- if(!ok) goto end;
- }
+ if (!ok) goto end;
+ }
/* Check pathlen */
- if((i > 1) && (x->ex_pathlen != -1)
- && (i > (x->ex_pathlen + 1))) {
+ if ((i > 1) && (x->ex_pathlen != -1)
+ && (i > (x->ex_pathlen + 1)))
+ {
ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
ctx->error_depth = i;
ctx->current_cert = x;
ok=cb(0,ctx);
- if(!ok) goto end;
+ if (!ok) goto end;
+ }
}
- }
ok = 1;
- end:
- return(ok);
+ end:
+ return ok;
#endif
}
@@ -371,19 +420,22 @@ static int check_trust(X509_STORE_CTX *ctx)
int i, ok;
X509 *x;
int (*cb)();
- cb=ctx->ctx->verify_cb;
+ cb=ctx->verify_cb;
if (cb == NULL) cb=null_callback;
/* For now just check the last certificate in the chain */
i = sk_X509_num(ctx->chain) - 1;
x = sk_X509_value(ctx->chain, i);
ok = X509_check_trust(x, ctx->trust, 0);
- if(ok == X509_TRUST_TRUSTED) return 1;
+ if (ok == X509_TRUST_TRUSTED)
+ return 1;
ctx->error_depth = sk_X509_num(ctx->chain) - 1;
ctx->current_cert = x;
- if(ok == X509_TRUST_REJECTED) ctx->error = X509_V_ERR_CERT_REJECTED;
- else ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+ if (ok == X509_TRUST_REJECTED)
+ ctx->error = X509_V_ERR_CERT_REJECTED;
+ else
+ ctx->error = X509_V_ERR_CERT_UNTRUSTED;
ok = cb(0, ctx);
- return(ok);
+ return ok;
#endif
}
@@ -392,17 +444,21 @@ static int internal_verify(X509_STORE_CTX *ctx)
int i,ok=0,n;
X509 *xs,*xi;
EVP_PKEY *pkey=NULL;
+ time_t *ptime;
int (*cb)();
- cb=ctx->ctx->verify_cb;
+ cb=ctx->verify_cb;
if (cb == NULL) cb=null_callback;
n=sk_X509_num(ctx->chain);
ctx->error_depth=n-1;
n--;
xi=sk_X509_value(ctx->chain,n);
- if (X509_NAME_cmp(X509_get_subject_name(xi),
- X509_get_issuer_name(xi)) == 0)
+ if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
+ ptime = &ctx->check_time;
+ else
+ ptime = NULL;
+ if (ctx->check_issued(ctx, xi, xi))
xs=xi;
else
{
@@ -448,7 +504,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
EVP_PKEY_free(pkey);
pkey=NULL;
- i=X509_cmp_current_time(X509_get_notBefore(xs));
+ i=X509_cmp_time(X509_get_notBefore(xs), ptime);
if (i == 0)
{
ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
@@ -466,7 +522,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
xs->valid=1;
}
- i=X509_cmp_current_time(X509_get_notAfter(xs));
+ i=X509_cmp_time(X509_get_notAfter(xs), ptime);
if (i == 0)
{
ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
@@ -499,13 +555,18 @@ static int internal_verify(X509_STORE_CTX *ctx)
}
ok=1;
end:
- return(ok);
+ return ok;
}
-int X509_cmp_current_time(ASN1_UTCTIME *ctm)
+int X509_cmp_current_time(ASN1_TIME *ctm)
+{
+ return X509_cmp_time(ctm, NULL);
+}
+
+int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
{
char *str;
- ASN1_UTCTIME atm;
+ ASN1_TIME atm;
time_t offset;
char buff1[24],buff2[24],*p;
int i,j;
@@ -513,14 +574,35 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
p=buff1;
i=ctm->length;
str=(char *)ctm->data;
- if ((i < 11) || (i > 17)) return(0);
- memcpy(p,str,10);
- p+=10;
- str+=10;
+ if (ctm->type == V_ASN1_UTCTIME)
+ {
+ if ((i < 11) || (i > 17)) return 0;
+ memcpy(p,str,10);
+ p+=10;
+ str+=10;
+ }
+ else
+ {
+ if (i < 13) return 0;
+ memcpy(p,str,12);
+ p+=12;
+ str+=12;
+ }
if ((*str == 'Z') || (*str == '-') || (*str == '+'))
{ *(p++)='0'; *(p++)='0'; }
- else { *(p++)= *(str++); *(p++)= *(str++); }
+ else
+ {
+ *(p++)= *(str++);
+ *(p++)= *(str++);
+ /* Skip any fractional seconds... */
+ if (*str == '.')
+ {
+ str++;
+ while ((*str >= '0') && (*str <= '9')) str++;
+ }
+
+ }
*(p++)='Z';
*(p++)='\0';
@@ -529,39 +611,51 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
else
{
if ((*str != '+') && (str[5] != '-'))
- return(0);
+ return 0;
offset=((str[1]-'0')*10+(str[2]-'0'))*60;
offset+=(str[3]-'0')*10+(str[4]-'0');
if (*str == '-')
offset= -offset;
}
- atm.type=V_ASN1_UTCTIME;
+ atm.type=ctm->type;
atm.length=sizeof(buff2);
atm.data=(unsigned char *)buff2;
- X509_gmtime_adj(&atm,-offset*60);
+ X509_time_adj(&atm,-offset*60, cmp_time);
- i=(buff1[0]-'0')*10+(buff1[1]-'0');
- if (i < 50) i+=100; /* cf. RFC 2459 */
- j=(buff2[0]-'0')*10+(buff2[1]-'0');
- if (j < 50) j+=100;
+ if (ctm->type == V_ASN1_UTCTIME)
+ {
+ i=(buff1[0]-'0')*10+(buff1[1]-'0');
+ if (i < 50) i+=100; /* cf. RFC 2459 */
+ j=(buff2[0]-'0')*10+(buff2[1]-'0');
+ if (j < 50) j+=100;
- if (i < j) return (-1);
- if (i > j) return (1);
+ if (i < j) return -1;
+ if (i > j) return 1;
+ }
i=strcmp(buff1,buff2);
if (i == 0) /* wait a second then return younger :-) */
- return(-1);
+ return -1;
else
- return(i);
+ return i;
}
-ASN1_UTCTIME *X509_gmtime_adj(ASN1_UTCTIME *s, long adj)
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
+{
+ return X509_time_adj(s, adj, NULL);
+}
+
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
{
time_t t;
- time(&t);
+ if (in_tm) t = *in_tm;
+ else time(&t);
+
t+=adj;
- return(ASN1_UTCTIME_set(s,t));
+ if (!s) return ASN1_TIME_set(s, t);
+ if (s->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
+ return ASN1_GENERALIZEDTIME_set(s, t);
}
int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
@@ -569,7 +663,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
EVP_PKEY *ktmp=NULL,*ktmp2;
int i,j;
- if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1);
+ if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
for (i=0; i<sk_X509_num(chain); i++)
{
@@ -577,7 +671,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
if (ktmp == NULL)
{
X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
- return(0);
+ return 0;
}
if (!EVP_PKEY_missing_parameters(ktmp))
break;
@@ -590,7 +684,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
if (ktmp == NULL)
{
X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
- return(0);
+ return 0;
}
/* first, populate the other certs */
@@ -603,101 +697,31 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
EVP_PKEY_free(ktmp);
- return(1);
- }
-
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
- {
- X509_OBJECT *obj,*r;
- int ret=1;
-
- if (x == NULL) return(0);
- obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
- if (obj == NULL)
- {
- X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- obj->type=X509_LU_X509;
- obj->data.x509=x;
-
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
- X509_OBJECT_up_ref_count(obj);
-
- r=(X509_OBJECT *)lh_insert(ctx->certs,obj);
- if (r != NULL)
- { /* oops, put it back */
- lh_delete(ctx->certs,obj);
- X509_OBJECT_free_contents(obj);
- Free(obj);
- lh_insert(ctx->certs,r);
- X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
- ret=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
- return(ret);
- }
-
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
- {
- X509_OBJECT *obj,*r;
- int ret=1;
-
- if (x == NULL) return(0);
- obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
- if (obj == NULL)
- {
- X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- obj->type=X509_LU_CRL;
- obj->data.crl=x;
-
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
- X509_OBJECT_up_ref_count(obj);
-
- r=(X509_OBJECT *)lh_insert(ctx->certs,obj);
- if (r != NULL)
- { /* oops, put it back */
- lh_delete(ctx->certs,obj);
- X509_OBJECT_free_contents(obj);
- Free(obj);
- lh_insert(ctx->certs,r);
- X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
- ret=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
- return(ret);
+ return 1;
}
int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
x509_store_ctx_num++;
- return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
+ return CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
&x509_store_ctx_method,
- argl,argp,new_func,dup_func,free_func));
+ argl,argp,new_func,dup_func,free_func);
}
int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
{
- return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
+ return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
}
void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
{
- return(CRYPTO_get_ex_data(&ctx->ex_data,idx));
+ return CRYPTO_get_ex_data(&ctx->ex_data,idx);
}
int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
{
- return(ctx->error);
+ return ctx->error;
}
void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
@@ -707,17 +731,17 @@ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
{
- return(ctx->error_depth);
+ return ctx->error_depth;
}
X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
{
- return(ctx->current_cert);
+ return ctx->current_cert;
}
STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
{
- return(ctx->chain);
+ return ctx->chain;
}
STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
@@ -725,12 +749,13 @@ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
int i;
X509 *x;
STACK_OF(X509) *chain;
- if(!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
- for(i = 0; i < sk_X509_num(chain); i++) {
+ if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
+ for (i = 0; i < sk_X509_num(chain); i++)
+ {
x = sk_X509_value(chain, i);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
- }
- return(chain);
+ }
+ return chain;
}
void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
@@ -768,43 +793,123 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
{
int idx;
/* If purpose not set use default */
- if(!purpose) purpose = def_purpose;
+ if (!purpose) purpose = def_purpose;
/* If we have a purpose then check it is valid */
- if(purpose) {
+ if (purpose)
+ {
X509_PURPOSE *ptmp;
idx = X509_PURPOSE_get_by_id(purpose);
- if(idx == -1) {
+ if (idx == -1)
+ {
X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
X509_R_UNKNOWN_PURPOSE_ID);
return 0;
- }
+ }
ptmp = X509_PURPOSE_get0(idx);
- if(ptmp->trust == X509_TRUST_DEFAULT) {
+ if (ptmp->trust == X509_TRUST_DEFAULT)
+ {
idx = X509_PURPOSE_get_by_id(def_purpose);
- if(idx == -1) {
+ if (idx == -1)
+ {
X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
X509_R_UNKNOWN_PURPOSE_ID);
return 0;
- }
+ }
ptmp = X509_PURPOSE_get0(idx);
- }
+ }
/* If trust not set then get from purpose default */
- if(!trust) trust = ptmp->trust;
- }
- if(trust) {
+ if (!trust) trust = ptmp->trust;
+ }
+ if (trust)
+ {
idx = X509_TRUST_get_by_id(trust);
- if(idx == -1) {
+ if (idx == -1)
+ {
X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
X509_R_UNKNOWN_TRUST_ID);
return 0;
+ }
}
- }
- if(purpose) ctx->purpose = purpose;
- if(trust) ctx->trust = trust;
+ if (purpose) ctx->purpose = purpose;
+ if (trust) ctx->trust = trust;
return 1;
}
+X509_STORE_CTX *X509_STORE_CTX_new(void)
+{
+ X509_STORE_CTX *ctx;
+ ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
+ if (ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
+ return ctx;
+}
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
+{
+ X509_STORE_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+}
+
+void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+ STACK_OF(X509) *chain)
+ {
+ ctx->ctx=store;
+ ctx->current_method=0;
+ ctx->cert=x509;
+ ctx->untrusted=chain;
+ ctx->last_untrusted=0;
+ ctx->purpose=0;
+ ctx->trust=0;
+ ctx->check_time=0;
+ ctx->flags=0;
+ ctx->other_ctx=NULL;
+ ctx->valid=0;
+ ctx->chain=NULL;
+ ctx->depth=9;
+ ctx->error=0;
+ ctx->error_depth=0;
+ ctx->current_cert=NULL;
+ ctx->current_issuer=NULL;
+ ctx->check_issued = check_issued;
+ ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+ ctx->verify_cb = store->verify_cb;
+ ctx->verify = store->verify;
+ ctx->cleanup = 0;
+ memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
+ }
+
+/* Set alternative lookup method: just a STACK of trusted certificates.
+ * This avoids X509_STORE nastiness where it isn't needed.
+ */
+
+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+ ctx->other_ctx = sk;
+ ctx->get_issuer = get_issuer_sk;
+}
+
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
+ {
+ if (ctx->cleanup) ctx->cleanup(ctx);
+ if (ctx->chain != NULL)
+ {
+ sk_X509_pop_free(ctx->chain,X509_free);
+ ctx->chain=NULL;
+ }
+ CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data));
+ memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
+ }
+
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
+ {
+ ctx->flags |= flags;
+ }
+
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
+ {
+ ctx->check_time = t;
+ ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
+ }
IMPLEMENT_STACK_OF(X509)
IMPLEMENT_ASN1_SET_OF(X509)
diff --git a/lib/libcrypto/x509/x509_vfy.h b/lib/libcrypto/x509/x509_vfy.h
index 4637aecedf5..e289d5309a4 100644
--- a/lib/libcrypto/x509/x509_vfy.h
+++ b/lib/libcrypto/x509/x509_vfy.h
@@ -65,13 +65,16 @@
#ifndef HEADER_X509_VFY_H
#define HEADER_X509_VFY_H
-#ifdef __cplusplus
-extern "C" {
+#ifndef NO_LHASH
+#include <openssl/lhash.h>
#endif
-
#include <openssl/bio.h>
#include <openssl/crypto.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* Outer object */
typedef struct x509_hash_dir_st
{
@@ -128,6 +131,7 @@ typedef struct x509_object_st
typedef struct x509_lookup_st X509_LOOKUP;
DECLARE_STACK_OF(X509_LOOKUP)
+DECLARE_STACK_OF(X509_OBJECT)
/* This is a static that defines the function interface */
typedef struct x509_lookup_method_st
@@ -150,7 +154,7 @@ typedef struct x509_lookup_method_st
X509_OBJECT *ret);
} X509_LOOKUP_METHOD;
-typedef struct x509_store_state_st X509_STORE_CTX;
+typedef struct x509_store_ctx_st X509_STORE_CTX;
/* This is used to hold everything. It is used for all certificate
* validation. Once we have a certificate chain, the 'verify'
@@ -159,11 +163,7 @@ typedef struct x509_store_st
{
/* The following is a cache of trusted certs */
int cache; /* if true, stash any hits */
-#ifdef HEADER_LHASH_H
- LHASH *certs; /* cached certs; */
-#else
- char *certs;
-#endif
+ STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
/* These are external lookup methods */
STACK_OF(X509_LOOKUP) *get_cert_methods;
@@ -191,10 +191,10 @@ struct x509_lookup_st
X509_STORE *store_ctx; /* who owns us */
};
-/* This is a temporary used when processing cert chains. Since the
+/* This is a used when verifying cert chains. Since the
* gathering of the cert chain can take some time (and have to be
* 'retried', this needs to be kept and passed around. */
-struct x509_store_state_st /* X509_STORE_CTX */
+struct x509_store_ctx_st /* X509_STORE_CTX */
{
X509_STORE *ctx;
int current_method; /* used when looking up certs */
@@ -204,6 +204,16 @@ struct x509_store_state_st /* X509_STORE_CTX */
STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
int purpose; /* purpose to check untrusted certificates */
int trust; /* trust setting to check */
+ time_t check_time; /* time to make verify at */
+ unsigned long flags; /* Various verify flags */
+ void *other_ctx; /* Other info for use with get_issuer() */
+
+ /* Callbacks for various operations */
+ int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
+ int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
+ int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
+ int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
+ int (*cleanup)(X509_STORE_CTX *ctx);
/* The following is built up */
int depth; /* how far to go looking up certs */
@@ -215,6 +225,7 @@ struct x509_store_state_st /* X509_STORE_CTX */
int error_depth;
int error;
X509 *current_cert;
+ X509 *current_issuer; /* cert currently being tested as valid issuer */
CRYPTO_EX_DATA ex_data;
};
@@ -265,10 +276,20 @@ struct x509_store_state_st /* X509_STORE_CTX */
#define X509_V_ERR_INVALID_PURPOSE 26
#define X509_V_ERR_CERT_UNTRUSTED 27
#define X509_V_ERR_CERT_REJECTED 28
+/* These are 'informational' when looking for issuer cert */
+#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
+#define X509_V_ERR_AKID_SKID_MISMATCH 30
+#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
+#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
/* The application is not happy */
#define X509_V_ERR_APPLICATION_VERIFICATION 50
+/* Certificate verify flags */
+
+#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */
+#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */
+
/* These functions are being redefined in another directory,
and clash when the linker is case-insensitive, so let's
hide them a little, by giving them an extra 'o' at the
@@ -284,18 +305,23 @@ struct x509_store_state_st /* X509_STORE_CTX */
#define X509v3_add_standard_extensions oX509v3_add_standard_extensions
#endif
-#ifdef HEADER_LHASH_H
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h,int type,X509_NAME *name);
-#endif
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+ X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
void X509_OBJECT_up_ref_count(X509_OBJECT *a);
void X509_OBJECT_free_contents(X509_OBJECT *a);
X509_STORE *X509_STORE_new(void );
void X509_STORE_free(X509_STORE *v);
X509_STORE_CTX *X509_STORE_CTX_new(void);
+
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+
void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
X509 *x509, STACK_OF(X509) *chain);
+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
@@ -354,6 +380,8 @@ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
int purpose, int trust);
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
#ifdef __cplusplus
}
diff --git a/lib/libcrypto/x509/x509spki.c b/lib/libcrypto/x509/x509spki.c
index b35c3f92e7f..fd0a534d88e 100644
--- a/lib/libcrypto/x509/x509spki.c
+++ b/lib/libcrypto/x509/x509spki.c
@@ -82,7 +82,7 @@ NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
int spki_len;
NETSCAPE_SPKI *spki;
if(len <= 0) len = strlen(str);
- if (!(spki_der = Malloc(len + 1))) {
+ if (!(spki_der = OPENSSL_malloc(len + 1))) {
X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -90,12 +90,12 @@ NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
if(spki_len < 0) {
X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
X509_R_BASE64_DECODE_ERROR);
- Free(spki_der);
+ OPENSSL_free(spki_der);
return NULL;
}
p = spki_der;
spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
- Free(spki_der);
+ OPENSSL_free(spki_der);
return spki;
}
@@ -107,8 +107,8 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
char *b64_str;
int der_len;
der_len = i2d_NETSCAPE_SPKI(spki, NULL);
- der_spki = Malloc(der_len);
- b64_str = Malloc(der_len * 2);
+ der_spki = OPENSSL_malloc(der_len);
+ b64_str = OPENSSL_malloc(der_len * 2);
if(!der_spki || !b64_str) {
X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
return NULL;
@@ -116,6 +116,6 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
p = der_spki;
i2d_NETSCAPE_SPKI(spki, &p);
EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
- Free(der_spki);
+ OPENSSL_free(der_spki);
return b64_str;
}
diff --git a/lib/libcrypto/x509/x_all.c b/lib/libcrypto/x509/x_all.c
index d2bf3c8e1c6..9bd6e2a39bd 100644
--- a/lib/libcrypto/x509/x_all.c
+++ b/lib/libcrypto/x509/x_all.c
@@ -411,13 +411,25 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
(char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
}
-int X509_digest(X509 *data, const EVP_MD *type, unsigned char *md,
+int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
}
-int X509_NAME_digest(X509_NAME *data, const EVP_MD *type, unsigned char *md,
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
+ unsigned int *len)
+ {
+ return(ASN1_digest((int (*)())i2d_X509_CRL,type,(char *)data,md,len));
+ }
+
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
+ unsigned int *len)
+ {
+ return(ASN1_digest((int (*)())i2d_X509_REQ,type,(char *)data,md,len));
+ }
+
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
@@ -492,6 +504,17 @@ EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
(char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
}
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
+ {
+ return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey));
+ }
+
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
+{
+ return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
+ (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a)));
+}
+
#endif
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
@@ -529,3 +552,14 @@ EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
(char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
}
+
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
+ {
+ return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey));
+ }
+
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
+ {
+ return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
+ (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a)));
+ }