diff options
Diffstat (limited to 'lib/libcrypto/x509')
-rw-r--r-- | lib/libcrypto/x509/Makefile.ssl | 273 | ||||
-rw-r--r-- | lib/libcrypto/x509/by_dir.c | 26 | ||||
-rw-r--r-- | lib/libcrypto/x509/x509.h | 152 | ||||
-rw-r--r-- | lib/libcrypto/x509/x509_cmp.c | 28 | ||||
-rw-r--r-- | lib/libcrypto/x509/x509_lu.c | 332 | ||||
-rw-r--r-- | lib/libcrypto/x509/x509_obj.c | 4 | ||||
-rw-r--r-- | lib/libcrypto/x509/x509_req.c | 6 | ||||
-rw-r--r-- | lib/libcrypto/x509/x509_set.c | 16 | ||||
-rw-r--r-- | lib/libcrypto/x509/x509_trs.c | 16 | ||||
-rw-r--r-- | lib/libcrypto/x509/x509_txt.c | 9 | ||||
-rw-r--r-- | lib/libcrypto/x509/x509_vfy.c | 491 | ||||
-rw-r--r-- | lib/libcrypto/x509/x509_vfy.h | 56 | ||||
-rw-r--r-- | lib/libcrypto/x509/x509spki.c | 12 | ||||
-rw-r--r-- | lib/libcrypto/x509/x_all.c | 38 |
14 files changed, 942 insertions, 517 deletions
diff --git a/lib/libcrypto/x509/Makefile.ssl b/lib/libcrypto/x509/Makefile.ssl index 48937b43af5..46196937334 100644 --- a/lib/libcrypto/x509/Makefile.ssl +++ b/lib/libcrypto/x509/Makefile.ssl @@ -96,15 +96,17 @@ by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h by_dir.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h by_dir.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -by_dir.o: ../../include/openssl/md2.h ../../include/openssl/md5.h -by_dir.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +by_dir.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +by_dir.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -by_dir.o: ../../include/openssl/stack.h ../../include/openssl/x509.h -by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +by_dir.o: ../cryptlib.h by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -113,52 +115,60 @@ by_file.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h by_file.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h by_file.o: ../../include/openssl/err.h ../../include/openssl/evp.h by_file.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -by_file.o: ../../include/openssl/md2.h ../../include/openssl/md5.h -by_file.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +by_file.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +by_file.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h by_file.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h by_file.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -by_file.o: ../../include/openssl/stack.h ../../include/openssl/x509.h -by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +by_file.o: ../cryptlib.h x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_att.o: ../../include/openssl/des.h ../../include/openssl/dh.h x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h -x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +x509_att.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_att.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509_att.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509_att.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_att.o: ../../include/openssl/opensslconf.h x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_att.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509_att.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509_att.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h +x509_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_att.o: ../cryptlib.h x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/dh.h x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h -x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +x509_cmp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_cmp.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509_cmp.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_cmp.o: ../../include/openssl/opensslconf.h x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_cmp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h +x509_cmp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_cmp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_cmp.o: ../cryptlib.h x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -166,14 +176,16 @@ x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h x509_d2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h x509_d2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h x509_d2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h +x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509_d2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509_d2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h -x509_d2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_d2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +x509_d2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +x509_d2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h x509_d2.o: ../cryptlib.h x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h @@ -183,49 +195,57 @@ x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h x509_def.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h x509_def.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h x509_def.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_def.o: ../../include/openssl/idea.h ../../include/openssl/md2.h +x509_def.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509_def.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509_def.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_def.o: ../../include/openssl/opensslconf.h x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_def.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509_def.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509_def.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_def.o: ../cryptlib.h +x509_def.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_def.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -x509_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -x509_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h -x509_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h -x509_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +x509_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +x509_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +x509_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +x509_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h +x509_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x509_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_err.o: ../../include/openssl/x509_vfy.h x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_ext.o: ../../include/openssl/des.h ../../include/openssl/dh.h x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h -x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +x509_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_ext.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509_ext.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_ext.o: ../../include/openssl/opensslconf.h x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h +x509_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_ext.o: ../cryptlib.h x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -234,15 +254,17 @@ x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h x509_lu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h x509_lu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509_lu.o: ../../include/openssl/md2.h ../../include/openssl/md5.h -x509_lu.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +x509_lu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +x509_lu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/x509.h -x509_lu.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x509_lu.o: ../cryptlib.h x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -251,16 +273,17 @@ x509_obj.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h x509_obj.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h x509_obj.o: ../../include/openssl/err.h ../../include/openssl/evp.h x509_obj.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md5.h -x509_obj.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +x509_obj.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_obj.o: ../../include/openssl/opensslconf.h x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_obj.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509_obj.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509_obj.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_obj.o: ../cryptlib.h +x509_obj.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_obj.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -268,16 +291,18 @@ x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h x509_r2x.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h x509_r2x.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/md2.h +x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509_r2x.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509_r2x.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_r2x.o: ../../include/openssl/opensslconf.h x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_r2x.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509_r2x.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509_r2x.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_r2x.o: ../cryptlib.h +x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -285,17 +310,19 @@ x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h x509_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h x509_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_req.o: ../../include/openssl/idea.h ../../include/openssl/md2.h +x509_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_req.o: ../../include/openssl/opensslconf.h x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h x509_req.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h x509_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_req.o: ../cryptlib.h +x509_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -303,34 +330,39 @@ x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h x509_set.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h x509_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h x509_set.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_set.o: ../../include/openssl/idea.h ../../include/openssl/md2.h +x509_set.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509_set.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509_set.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_set.o: ../../include/openssl/opensslconf.h x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_set.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509_set.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509_set.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_set.o: ../cryptlib.h +x509_set.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_set.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_trs.o: ../../include/openssl/des.h ../../include/openssl/dh.h x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h -x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +x509_trs.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_trs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509_trs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509_trs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_trs.o: ../../include/openssl/opensslconf.h x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_trs.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509_trs.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509_trs.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h +x509_trs.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_trs.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_trs.o: ../cryptlib.h x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -339,32 +371,35 @@ x509_txt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h x509_txt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h x509_txt.o: ../../include/openssl/err.h ../../include/openssl/evp.h x509_txt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md5.h -x509_txt.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +x509_txt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_txt.o: ../../include/openssl/opensslconf.h x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_txt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509_txt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509_txt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_txt.o: ../cryptlib.h +x509_txt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_txt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_v3.o: ../../include/openssl/des.h ../../include/openssl/dh.h x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h -x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +x509_v3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_v3.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509_v3.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h -x509_v3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x509_v3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +x509_v3.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +x509_v3.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h @@ -373,18 +408,21 @@ x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/dh.h x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h -x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +x509_vfy.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h +x509_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_vfy.o: ../../include/openssl/opensslconf.h x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h +x509_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_vfy.o: ../cryptlib.h x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -392,16 +430,18 @@ x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h x509name.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h x509name.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h x509name.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509name.o: ../../include/openssl/idea.h ../../include/openssl/md2.h +x509name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509name.o: ../../include/openssl/opensslconf.h x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509name.o: ../cryptlib.h +x509name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -409,16 +449,18 @@ x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h x509rset.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h x509rset.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h x509rset.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509rset.o: ../../include/openssl/idea.h ../../include/openssl/md2.h +x509rset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509rset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509rset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509rset.o: ../../include/openssl/opensslconf.h x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509rset.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509rset.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509rset.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509rset.o: ../cryptlib.h +x509rset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509rset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h x509spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h x509spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -427,16 +469,17 @@ x509spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h x509spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h x509spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -x509spki.o: ../../include/openssl/md2.h ../../include/openssl/md5.h -x509spki.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h -x509spki.o: ../../include/openssl/opensslconf.h +x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +x509spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h +x509spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509spki.o: ../cryptlib.h +x509spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -444,16 +487,18 @@ x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h x509type.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h x509type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h x509type.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509type.o: ../../include/openssl/idea.h ../../include/openssl/md2.h +x509type.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x509type.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x509type.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509type.o: ../../include/openssl/opensslconf.h x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h x509type.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h x509type.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h x509type.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509type.o: ../cryptlib.h +x509type.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509type.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h x_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -461,13 +506,15 @@ x_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h x_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h x_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h +x_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +x_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h x_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h -x_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -x_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +x_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +x_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h x_all.o: ../cryptlib.h diff --git a/lib/libcrypto/x509/by_dir.c b/lib/libcrypto/x509/by_dir.c index 14d12c56bd7..cac64a6f404 100644 --- a/lib/libcrypto/x509/by_dir.c +++ b/lib/libcrypto/x509/by_dir.c @@ -146,11 +146,11 @@ static int new_dir(X509_LOOKUP *lu) { BY_DIR *a; - if ((a=(BY_DIR *)Malloc(sizeof(BY_DIR))) == NULL) + if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL) return(0); if ((a->buffer=BUF_MEM_new()) == NULL) { - Free(a); + OPENSSL_free(a); return(0); } a->num_dirs=0; @@ -168,11 +168,11 @@ static void free_dir(X509_LOOKUP *lu) a=(BY_DIR *)lu->method_data; for (i=0; i<a->num_dirs; i++) - if (a->dirs[i] != NULL) Free(a->dirs[i]); - if (a->dirs != NULL) Free(a->dirs); - if (a->dirs_type != NULL) Free(a->dirs_type); + if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]); + if (a->dirs != NULL) OPENSSL_free(a->dirs); + if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type); if (a->buffer != NULL) BUF_MEM_free(a->buffer); - Free(a); + OPENSSL_free(a); } static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) @@ -204,9 +204,9 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) if (ctx->num_dirs_alloced < (ctx->num_dirs+1)) { ctx->num_dirs_alloced+=10; - pp=(char **)Malloc(ctx->num_dirs_alloced* + pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced* sizeof(char *)); - ip=(int *)Malloc(ctx->num_dirs_alloced* + ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced* sizeof(int)); if ((pp == NULL) || (ip == NULL)) { @@ -218,14 +218,14 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)* sizeof(int)); if (ctx->dirs != NULL) - Free(ctx->dirs); + OPENSSL_free(ctx->dirs); if (ctx->dirs_type != NULL) - Free(ctx->dirs_type); + OPENSSL_free(ctx->dirs_type); ctx->dirs=pp; ctx->dirs_type=ip; } ctx->dirs_type[ctx->num_dirs]=type; - ctx->dirs[ctx->num_dirs]=(char *)Malloc((unsigned int)len+1); + ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1); if (ctx->dirs[ctx->num_dirs] == NULL) return(0); strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len); ctx->dirs[ctx->num_dirs][len]='\0'; @@ -326,7 +326,9 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, /* we have added it to the cache so now pull * it out again */ CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); - tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,&stmp); + j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp); + if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,i); + else tmp = NULL; CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); if (tmp != NULL) diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h index 0192272e7c1..813c8adffd7 100644 --- a/lib/libcrypto/x509/x509.h +++ b/lib/libcrypto/x509/x509.h @@ -59,15 +59,16 @@ #ifndef HEADER_X509_H #define HEADER_X509_H -#ifdef __cplusplus -extern "C" { +#include <openssl/symhacks.h> +#ifndef NO_BUFFER +#include <openssl/buffer.h> #endif - -#ifdef VMS -#undef X509_REVOKED_get_ext_by_critical -#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic +#ifndef NO_EVP +#include <openssl/evp.h> +#endif +#ifndef NO_BIO +#include <openssl/bio.h> #endif - #include <openssl/stack.h> #include <openssl/asn1.h> #include <openssl/safestack.h> @@ -87,11 +88,19 @@ extern "C" { #include <openssl/evp.h> +#ifdef __cplusplus +extern "C" { +#endif + #ifdef WIN32 /* Under Win32 this is defined in wincrypt.h */ #undef X509_NAME #endif + /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ +#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */ +#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */ + #define X509_FILETYPE_PEM 1 #define X509_FILETYPE_ASN1 2 #define X509_FILETYPE_DEFAULT 3 @@ -125,8 +134,8 @@ DECLARE_ASN1_SET_OF(X509_ALGOR) typedef struct X509_val_st { - ASN1_UTCTIME *notBefore; - ASN1_UTCTIME *notAfter; + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; } X509_VAL; typedef struct X509_pubkey_st @@ -158,7 +167,7 @@ typedef struct X509_name_st { STACK_OF(X509_NAME_ENTRY) *entries; int modified; /* true if 'bytes' needs to be built */ -#ifdef HEADER_BUFFER_H +#ifndef NO_BUFFER BUF_MEM *bytes; #else char *bytes; @@ -200,6 +209,8 @@ DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) typedef struct X509_req_info_st { + unsigned char *asn1; + int length; ASN1_INTEGER *version; X509_NAME *subject; X509_PUBKEY *pubkey; @@ -260,6 +271,8 @@ typedef struct x509_st unsigned long ex_kusage; unsigned long ex_xkusage; unsigned long ex_nscert; + ASN1_OCTET_STRING *skid; + struct AUTHORITY_KEYID_st *akid; #ifndef NO_SHA unsigned char sha1_hash[SHA_DIGEST_LENGTH]; #endif @@ -307,10 +320,65 @@ DECLARE_STACK_OF(X509_TRUST) #define X509_TRUST_REJECTED 2 #define X509_TRUST_UNTRUSTED 3 +/* Flags specific to X509_NAME_print_ex() */ + +/* The field separator information */ + +#define XN_FLAG_SEP_MASK (0xf << 16) + +#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */ +#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */ +#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */ +#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */ +#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */ + +#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */ + +/* How the field name is shown */ + +#define XN_FLAG_FN_MASK (0x3 << 21) + +#define XN_FLAG_FN_SN 0 /* Object short name */ +#define XN_FLAG_FN_LN (1 << 21) /* Object long name */ +#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */ +#define XN_FLAG_FN_NONE (3 << 21) /* No field names */ + +#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */ + +/* This determines if we dump fields we don't recognise: + * RFC2253 requires this. + */ + +#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) + +/* Complete set of RFC2253 flags */ + +#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ + XN_FLAG_SEP_COMMA_PLUS | \ + XN_FLAG_DN_REV | \ + XN_FLAG_FN_SN | \ + XN_FLAG_DUMP_UNKNOWN_FIELDS) + +/* readable oneline form */ + +#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + XN_FLAG_SEP_CPLUS_SPC | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_SN) + +/* readable multiline form */ + +#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + XN_FLAG_SEP_MULTILINE | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_LN) + typedef struct X509_revoked_st { ASN1_INTEGER *serialNumber; - ASN1_UTCTIME *revocationDate; + ASN1_TIME *revocationDate; STACK_OF(X509_EXTENSION) /* optional */ *extensions; int sequence; /* load sequence */ } X509_REVOKED; @@ -323,8 +391,8 @@ typedef struct X509_crl_info_st ASN1_INTEGER *version; X509_ALGOR *sig_alg; X509_NAME *issuer; - ASN1_UTCTIME *lastUpdate; - ASN1_UTCTIME *nextUpdate; + ASN1_TIME *lastUpdate; + ASN1_TIME *nextUpdate; STACK_OF(X509_REVOKED) *revoked; STACK_OF(X509_EXTENSION) /* [0] */ *extensions; } X509_CRL_INFO; @@ -362,7 +430,7 @@ typedef struct private_key_st int references; } X509_PKEY; -#ifdef HEADER_ENVELOPE_H +#ifndef NO_EVP typedef struct X509_info_st { X509 *x509; @@ -445,9 +513,17 @@ typedef struct pkcs8_priv_key_info_st STACK_OF(X509_ATTRIBUTE) *attributes; } PKCS8_PRIV_KEY_INFO; +#ifdef __cplusplus +} +#endif + #include <openssl/x509_vfy.h> #include <openssl/pkcs7.h> +#ifdef __cplusplus +extern "C" { +#endif + #ifdef SSLEAY_MACROS #define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ a->signature,(char *)a->cert_info,r) @@ -610,7 +686,7 @@ typedef struct pkcs8_priv_key_info_st const char *X509_verify_cert_error_string(long n); #ifndef SSLEAY_MACROS -#ifdef HEADER_ENVELOPE_H +#ifndef NO_EVP int X509_verify(X509 *a, EVP_PKEY *r); int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); @@ -629,9 +705,14 @@ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); -int X509_digest(X509 *data,const EVP_MD *type,unsigned char *md,unsigned int *len); -int X509_NAME_digest(X509_NAME *data,const EVP_MD *type, - unsigned char *md,unsigned int *len); +int X509_digest(const X509 *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); #endif #ifndef NO_FP_API @@ -663,9 +744,11 @@ int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf); int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); #endif -#ifdef HEADER_BIO_H +#ifndef NO_BIO X509 *d2i_X509_bio(BIO *bp,X509 **x509); int i2d_X509_bio(BIO *bp,X509 *x509); X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl); @@ -694,6 +777,8 @@ int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf); int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); #endif X509 *X509_dup(X509 *x509); @@ -711,8 +796,10 @@ RSA *RSAPrivateKey_dup(RSA *rsa); #endif /* !SSLEAY_MACROS */ -int X509_cmp_current_time(ASN1_UTCTIME *s); -ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj); +int X509_cmp_time(ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(ASN1_TIME *s); +ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj); const char * X509_get_default_cert_area(void ); const char * X509_get_default_cert_dir(void ); @@ -825,6 +912,7 @@ int i2d_X509_CERT_AUX(X509_CERT_AUX *a,unsigned char **pp); X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp, long length); int X509_alias_set1(X509 *x, unsigned char *name, int len); +int X509_keyid_set1(X509 *x, unsigned char *id, int len); unsigned char * X509_alias_get0(X509 *x, int *len); int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); @@ -871,7 +959,7 @@ NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void); NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, unsigned char **pp, long length); void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a); -#ifdef HEADER_ENVELOPE_H +#ifndef NO_EVP X509_INFO * X509_INFO_new(void); void X509_INFO_free(X509_INFO *a); char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); @@ -894,8 +982,8 @@ int X509_set_issuer_name(X509 *x, X509_NAME *name); X509_NAME * X509_get_issuer_name(X509 *a); int X509_set_subject_name(X509 *x, X509_NAME *name); X509_NAME * X509_get_subject_name(X509 *a); -int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm); -int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm); +int X509_set_notBefore(X509 *x, ASN1_TIME *tm); +int X509_set_notAfter(X509 *x, ASN1_TIME *tm); int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); EVP_PKEY * X509_get_pubkey(X509 *x); int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); @@ -931,28 +1019,30 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); -int X509_issuer_and_serial_cmp(X509 *a, X509 *b); +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); unsigned long X509_issuer_and_serial_hash(X509 *a); -int X509_issuer_name_cmp(X509 *a, X509 *b); +int X509_issuer_name_cmp(const X509 *a, const X509 *b); unsigned long X509_issuer_name_hash(X509 *a); -int X509_subject_name_cmp(X509 *a,X509 *b); +int X509_subject_name_cmp(const X509 *a, const X509 *b); unsigned long X509_subject_name_hash(X509 *x); -int X509_cmp (X509 *a, X509 *b); -int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); unsigned long X509_NAME_hash(X509_NAME *x); -int X509_CRL_cmp(X509_CRL *a,X509_CRL *b); +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); #ifndef NO_FP_API int X509_print_fp(FILE *bp,X509 *x); int X509_CRL_print_fp(FILE *bp,X509_CRL *x); int X509_REQ_print_fp(FILE *bp,X509_REQ *req); +int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); #endif -#ifdef HEADER_BIO_H +#ifndef NO_BIO int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); +int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); int X509_print(BIO *bp,X509 *x); int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); int X509_CRL_print(BIO *bp,X509_CRL *x); diff --git a/lib/libcrypto/x509/x509_cmp.c b/lib/libcrypto/x509/x509_cmp.c index a8a5ca8b03e..b147d573d2f 100644 --- a/lib/libcrypto/x509/x509_cmp.c +++ b/lib/libcrypto/x509/x509_cmp.c @@ -63,7 +63,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> -int X509_issuer_and_serial_cmp(X509 *a, X509 *b) +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) { int i; X509_CINF *ai,*bi; @@ -97,17 +97,17 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) } #endif -int X509_issuer_name_cmp(X509 *a, X509 *b) +int X509_issuer_name_cmp(const X509 *a, const X509 *b) { return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); } -int X509_subject_name_cmp(X509 *a, X509 *b) +int X509_subject_name_cmp(const X509 *a, const X509 *b) { return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); } -int X509_CRL_cmp(X509_CRL *a, X509_CRL *b) +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) { return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); } @@ -139,19 +139,25 @@ unsigned long X509_subject_name_hash(X509 *x) #ifndef NO_SHA /* Compare two certificates: they must be identical for - * this to work. + * this to work. NB: Although "cmp" operations are generally + * prototyped to take "const" arguments (eg. for use in + * STACKs), the way X509 handling is - these operations may + * involve ensuring the hashes are up-to-date and ensuring + * certain cert information is cached. So this is the point + * where the "depth-first" constification tree has to halt + * with an evil cast. */ -int X509_cmp(X509 *a, X509 *b) +int X509_cmp(const X509 *a, const X509 *b) { /* ensure hash is valid */ - X509_check_purpose(a, -1, 0); - X509_check_purpose(b, -1, 0); + X509_check_purpose((X509 *)a, -1, 0); + X509_check_purpose((X509 *)b, -1, 0); return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); } #endif -int X509_NAME_cmp(X509_NAME *a, X509_NAME *b) +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) { int i,j; X509_NAME_ENTRY *na,*nb; @@ -198,14 +204,14 @@ unsigned long X509_NAME_hash(X509_NAME *x) i=i2d_X509_NAME(x,NULL); if (i > sizeof(str)) - p=Malloc(i); + p=OPENSSL_malloc(i); else p=str; pp=p; i2d_X509_NAME(x,&pp); MD5((unsigned char *)p,i,&(md[0])); - if (p != str) Free(p); + if (p != str) OPENSSL_free(p); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) diff --git a/lib/libcrypto/x509/x509_lu.c b/lib/libcrypto/x509/x509_lu.c index a20006d67e2..863c738cad8 100644 --- a/lib/libcrypto/x509/x509_lu.c +++ b/lib/libcrypto/x509/x509_lu.c @@ -62,14 +62,13 @@ #include <openssl/x509.h> static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_meth=NULL; X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { X509_LOOKUP *ret; - ret=(X509_LOOKUP *)Malloc(sizeof(X509_LOOKUP)); - if (ret == NULL) return(NULL); + ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP)); + if (ret == NULL) return NULL; ret->init=0; ret->skip=0; @@ -78,10 +77,10 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) ret->store_ctx=NULL; if ((method->new_item != NULL) && !method->new_item(ret)) { - Free(ret); - return(NULL); + OPENSSL_free(ret); + return NULL; } - return(ret); + return ret; } void X509_LOOKUP_free(X509_LOOKUP *ctx) @@ -90,44 +89,44 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx) if ( (ctx->method != NULL) && (ctx->method->free != NULL)) ctx->method->free(ctx); - Free(ctx); + OPENSSL_free(ctx); } int X509_LOOKUP_init(X509_LOOKUP *ctx) { - if (ctx->method == NULL) return(0); + if (ctx->method == NULL) return 0; if (ctx->method->init != NULL) - return(ctx->method->init(ctx)); + return ctx->method->init(ctx); else - return(1); + return 1; } int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) { - if (ctx->method == NULL) return(0); + if (ctx->method == NULL) return 0; if (ctx->method->shutdown != NULL) - return(ctx->method->shutdown(ctx)); + return ctx->method->shutdown(ctx); else - return(1); + return 1; } int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret) { - if (ctx->method == NULL) return(-1); + if (ctx->method == NULL) return -1; if (ctx->method->ctrl != NULL) - return(ctx->method->ctrl(ctx,cmd,argc,argl,ret)); + return ctx->method->ctrl(ctx,cmd,argc,argl,ret); else - return(1); + return 1; } int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) - return(X509_LU_FAIL); - if (ctx->skip) return(0); - return(ctx->method->get_by_subject(ctx,type,name,ret)); + return X509_LU_FAIL; + if (ctx->skip) return 0; + return ctx->method->get_by_subject(ctx,type,name,ret); } int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, @@ -135,71 +134,55 @@ int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, { if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL)) - return(X509_LU_FAIL); - return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret)); + return X509_LU_FAIL; + return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret); } int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, unsigned char *bytes, int len, X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) - return(X509_LU_FAIL); - return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret)); + return X509_LU_FAIL; + return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret); } int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) - return(X509_LU_FAIL); - return(ctx->method->get_by_alias(ctx,type,str,len,ret)); + return X509_LU_FAIL; + return ctx->method->get_by_alias(ctx,type,str,len,ret); } -static unsigned long x509_object_hash(X509_OBJECT *a) - { - unsigned long h; - - switch (a->type) - { - case X509_LU_X509: - h=X509_NAME_hash(a->data.x509->cert_info->subject); - break; - case X509_LU_CRL: - h=X509_NAME_hash(a->data.crl->crl->issuer); - break; - default: - abort(); - } - return(h); - } - -static int x509_object_cmp(X509_OBJECT *a, X509_OBJECT *b) - { - int ret; - - ret=(a->type - b->type); - if (ret) return(ret); - switch (a->type) - { - case X509_LU_X509: - ret=X509_subject_name_cmp(a->data.x509,b->data.x509); - break; - case X509_LU_CRL: - ret=X509_CRL_cmp(a->data.crl,b->data.crl); - break; + +static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) + { + int ret; + + ret=((*a)->type - (*b)->type); + if (ret) return ret; + switch ((*a)->type) + { + case X509_LU_X509: + ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); + break; + case X509_LU_CRL: + ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl); + break; default: - abort(); + /* abort(); */ + return 0; } - return(ret); + return ret; } X509_STORE *X509_STORE_new(void) { X509_STORE *ret; - if ((ret=(X509_STORE *)Malloc(sizeof(X509_STORE))) == NULL) - return(NULL); - ret->certs=lh_new(x509_object_hash,x509_object_cmp); + if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) + return NULL; + ret->objs = sk_X509_OBJECT_new(x509_object_cmp); ret->cache=1; ret->get_cert_methods=sk_X509_LOOKUP_new_null(); ret->verify=NULL; @@ -207,7 +190,7 @@ X509_STORE *X509_STORE_new(void) memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA)); ret->references=1; ret->depth=0; - return(ret); + return ret; } static void cleanup(X509_OBJECT *a) @@ -221,9 +204,11 @@ static void cleanup(X509_OBJECT *a) X509_CRL_free(a->data.crl); } else - abort(); + { + /* abort(); */ + } - Free(a); + OPENSSL_free(a); } void X509_STORE_free(X509_STORE *vfy) @@ -232,7 +217,7 @@ void X509_STORE_free(X509_STORE *vfy) STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; - if(vfy == NULL) + if (vfy == NULL) return; sk=vfy->get_cert_methods; @@ -243,11 +228,10 @@ void X509_STORE_free(X509_STORE *vfy) X509_LOOKUP_free(lu); } sk_X509_LOOKUP_free(sk); + sk_X509_OBJECT_pop_free(vfy->objs, cleanup); CRYPTO_free_ex_data(x509_store_meth,vfy,&vfy->ex_data); - lh_doall(vfy->certs,cleanup); - lh_free(vfy->certs); - Free(vfy); + OPENSSL_free(vfy); } X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) @@ -262,22 +246,22 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) lu=sk_X509_LOOKUP_value(sk,i); if (m == lu->method) { - return(lu); + return lu; } } /* a new one */ lu=X509_LOOKUP_new(m); if (lu == NULL) - return(NULL); + return NULL; else { lu->store_ctx=v; if (sk_X509_LOOKUP_push(v->get_cert_methods,lu)) - return(lu); + return lu; else { X509_LOOKUP_free(lu); - return(NULL); + return NULL; } } } @@ -290,7 +274,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, X509_OBJECT stmp,*tmp; int i,j; - tmp=X509_OBJECT_retrieve_by_subject(ctx->certs,type,name); + tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); if (tmp == NULL) { @@ -301,7 +285,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, if (j < 0) { vs->current_method=j; - return(j); + return j; } else if (j) { @@ -311,7 +295,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, } vs->current_method=0; if (tmp == NULL) - return(0); + return 0; } /* if (ret->data.ptr != NULL) @@ -322,7 +306,74 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, X509_OBJECT_up_ref_count(ret); - return(1); + return 1; + } + +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) + { + X509_OBJECT *obj; + int ret=1; + + if (x == NULL) return 0; + obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); + if (obj == NULL) + { + X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); + return 0; + } + obj->type=X509_LU_X509; + obj->data.x509=x; + + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + + X509_OBJECT_up_ref_count(obj); + + + if (X509_OBJECT_retrieve_match(ctx->objs, obj)) + { + X509_OBJECT_free_contents(obj); + OPENSSL_free(obj); + X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); + ret=0; + } + else sk_X509_OBJECT_push(ctx->objs, obj); + + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + + return ret; + } + +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) + { + X509_OBJECT *obj; + int ret=1; + + if (x == NULL) return 0; + obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); + if (obj == NULL) + { + X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); + return 0; + } + obj->type=X509_LU_CRL; + obj->data.crl=x; + + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + + X509_OBJECT_up_ref_count(obj); + + if (X509_OBJECT_retrieve_match(ctx->objs, obj)) + { + X509_OBJECT_free_contents(obj); + OPENSSL_free(obj); + X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); + ret=0; + } + else sk_X509_OBJECT_push(ctx->objs, obj); + + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + + return ret; } void X509_OBJECT_up_ref_count(X509_OBJECT *a) @@ -351,10 +402,10 @@ void X509_OBJECT_free_contents(X509_OBJECT *a) } } -X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h, int type, +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name) { - X509_OBJECT stmp,*tmp; + X509_OBJECT stmp; X509 x509_s; X509_CINF cinf_s; X509_CRL crl_s; @@ -374,54 +425,105 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h, int type, crl_info_s.issuer=name; break; default: - abort(); + /* abort(); */ + return -1; } - tmp=(X509_OBJECT *)lh_retrieve(h,&stmp); - return(tmp); + return sk_X509_OBJECT_find(h,&stmp); } -X509_STORE_CTX *X509_STORE_CTX_new(void) +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, + X509_NAME *name) { - X509_STORE_CTX *ctx; - ctx = (X509_STORE_CTX *)Malloc(sizeof(X509_STORE_CTX)); - if(ctx) memset(ctx, 0, sizeof(X509_STORE_CTX)); - return ctx; + int idx; + idx = X509_OBJECT_idx_by_subject(h, type, name); + if (idx==-1) return NULL; + return sk_X509_OBJECT_value(h, idx); } -void X509_STORE_CTX_free(X509_STORE_CTX *ctx) +X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) { - X509_STORE_CTX_cleanup(ctx); - Free(ctx); + int idx, i; + X509_OBJECT *obj; + idx = sk_X509_OBJECT_find(h, x); + if (idx == -1) return NULL; + if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx); + for (i = idx; i < sk_X509_OBJECT_num(h); i++) + { + obj = sk_X509_OBJECT_value(h, i); + if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) + return NULL; + if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509)) + return obj; + } + return NULL; } -void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, - STACK_OF(X509) *chain) - { - ctx->ctx=store; - ctx->current_method=0; - ctx->cert=x509; - ctx->untrusted=chain; - ctx->last_untrusted=0; - ctx->purpose=0; - ctx->trust=0; - ctx->valid=0; - ctx->chain=NULL; - ctx->depth=9; - ctx->error=0; - ctx->current_cert=NULL; - memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); - } -void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) - { - if (ctx->chain != NULL) +/* Try to get issuer certificate from store. Due to limitations + * of the API this can only retrieve a single certificate matching + * a given subject name. However it will fill the cache with all + * matching certificates, so we can examine the cache for all + * matches. + * + * Return values are: + * 1 lookup successful. + * 0 certificate not found. + * -1 some other error. + */ + + +int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) +{ + X509_NAME *xn; + X509_OBJECT obj, *pobj; + int i, ok, idx; + xn=X509_get_issuer_name(x); + ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); + if (ok != X509_LU_X509) + { + if (ok == X509_LU_RETRY) + { + X509_OBJECT_free_contents(&obj); + X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY); + return -1; + } + else if (ok != X509_LU_FAIL) + { + X509_OBJECT_free_contents(&obj); + /* not good :-(, break anyway */ + return -1; + } + return 0; + } + /* If certificate matches all OK */ + if (ctx->check_issued(ctx, x, obj.data.x509)) { - sk_X509_pop_free(ctx->chain,X509_free); - ctx->chain=NULL; + *issuer = obj.data.x509; + return 1; } - CRYPTO_free_ex_data(x509_store_ctx_meth,ctx,&(ctx->ex_data)); - memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); - } + X509_OBJECT_free_contents(&obj); + /* Else find index of first matching cert */ + idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); + /* This shouldn't normally happen since we already have one match */ + if (idx == -1) return 0; + + /* Look through all matching certificates for a suitable issuer */ + for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) + { + pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); + /* See if we've ran out of matches */ + if (pobj->type != X509_LU_X509) return 0; + if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0; + if (ctx->check_issued(ctx, x, pobj->data.x509)) + { + *issuer = pobj->data.x509; + X509_OBJECT_up_ref_count(pobj); + return 1; + } + } + return 0; +} IMPLEMENT_STACK_OF(X509_LOOKUP) +IMPLEMENT_STACK_OF(X509_OBJECT) diff --git a/lib/libcrypto/x509/x509_obj.c b/lib/libcrypto/x509/x509_obj.c index 691b71f0315..6a3ba8eb154 100644 --- a/lib/libcrypto/x509/x509_obj.c +++ b/lib/libcrypto/x509/x509_obj.c @@ -91,7 +91,7 @@ int i; if(b) { buf=b->data; - Free(b); + OPENSSL_free(b); } strncpy(buf,"NO X509_NAME",len); return buf; @@ -210,7 +210,7 @@ int i; if (b != NULL) { p=b->data; - Free(b); + OPENSSL_free(b); } else p=buf; diff --git a/lib/libcrypto/x509/x509_req.c b/lib/libcrypto/x509/x509_req.c index baef8790eb9..7eca1bd57a3 100644 --- a/lib/libcrypto/x509/x509_req.c +++ b/lib/libcrypto/x509/x509_req.c @@ -83,7 +83,7 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) ri=ret->req_info; ri->version->length=1; - ri->version->data=(unsigned char *)Malloc(1); + ri->version->data=(unsigned char *)OPENSSL_malloc(1); if (ri->version->data == NULL) goto err; ri->version->data[0]=0; /* version == 0 */ @@ -188,7 +188,7 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, /* Generate encoding of extensions */ len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); - if(!(p = Malloc(len))) goto err; + if(!(p = OPENSSL_malloc(len))) goto err; q = p; i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); @@ -204,7 +204,7 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; return 1; err: - if(p) Free(p); + if(p) OPENSSL_free(p); X509_ATTRIBUTE_free(attr); ASN1_TYPE_free(at); return 0; diff --git a/lib/libcrypto/x509/x509_set.c b/lib/libcrypto/x509/x509_set.c index add842d17a9..aaf61ca062b 100644 --- a/lib/libcrypto/x509/x509_set.c +++ b/lib/libcrypto/x509/x509_set.c @@ -104,36 +104,36 @@ int X509_set_subject_name(X509 *x, X509_NAME *name) return(X509_NAME_set(&x->cert_info->subject,name)); } -int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm) +int X509_set_notBefore(X509 *x, ASN1_TIME *tm) { - ASN1_UTCTIME *in; + ASN1_TIME *in; if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); in=x->cert_info->validity->notBefore; if (in != tm) { - in=M_ASN1_UTCTIME_dup(tm); + in=M_ASN1_TIME_dup(tm); if (in != NULL) { - M_ASN1_UTCTIME_free(x->cert_info->validity->notBefore); + M_ASN1_TIME_free(x->cert_info->validity->notBefore); x->cert_info->validity->notBefore=in; } } return(in != NULL); } -int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm) +int X509_set_notAfter(X509 *x, ASN1_TIME *tm) { - ASN1_UTCTIME *in; + ASN1_TIME *in; if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); in=x->cert_info->validity->notAfter; if (in != tm) { - in=M_ASN1_UTCTIME_dup(tm); + in=M_ASN1_TIME_dup(tm); if (in != NULL) { - M_ASN1_UTCTIME_free(x->cert_info->validity->notAfter); + M_ASN1_TIME_free(x->cert_info->validity->notAfter); x->cert_info->validity->notAfter=in; } } diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c index c779aaf94d6..a7b1543461b 100644 --- a/lib/libcrypto/x509/x509_trs.c +++ b/lib/libcrypto/x509/x509_trs.c @@ -61,7 +61,8 @@ #include <openssl/x509v3.h> -static int tr_cmp(X509_TRUST **a, X509_TRUST **b); +static int tr_cmp(const X509_TRUST * const *a, + const X509_TRUST * const *b); static void trtable_free(X509_TRUST *p); static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); @@ -88,7 +89,8 @@ IMPLEMENT_STACK_OF(X509_TRUST) static STACK_OF(X509_TRUST) *trtable = NULL; -static int tr_cmp(X509_TRUST **a, X509_TRUST **b) +static int tr_cmp(const X509_TRUST * const *a, + const X509_TRUST * const *b) { return (*a)->trust - (*b)->trust; } @@ -152,15 +154,15 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), idx = X509_TRUST_get_by_id(id); /* Need a new entry */ if(idx == -1) { - if(!(trtmp = Malloc(sizeof(X509_TRUST)))) { + if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) { X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); return 0; } trtmp->flags = X509_TRUST_DYNAMIC; } else trtmp = X509_TRUST_get0(idx); - /* Free existing name if dynamic */ - if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name); + /* OPENSSL_free existing name if dynamic */ + if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name); /* dup supplied name */ if(!(trtmp->name = BUF_strdup(name))) { X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); @@ -196,8 +198,8 @@ static void trtable_free(X509_TRUST *p) if (p->flags & X509_TRUST_DYNAMIC) { if (p->flags & X509_TRUST_DYNAMIC_NAME) - Free(p->name); - Free(p); + OPENSSL_free(p->name); + OPENSSL_free(p); } } diff --git a/lib/libcrypto/x509/x509_txt.c b/lib/libcrypto/x509/x509_txt.c index 209cf531913..cfb478d4bc5 100644 --- a/lib/libcrypto/x509/x509_txt.c +++ b/lib/libcrypto/x509/x509_txt.c @@ -132,6 +132,15 @@ const char *X509_verify_cert_error_string(long n) return ("certificate rejected"); case X509_V_ERR_APPLICATION_VERIFICATION: return("application verification failure"); + case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: + return("subject issuer mismatch"); + case X509_V_ERR_AKID_SKID_MISMATCH: + return("authority and subject key identifier mismatch"); + case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: + return("authority and issuer serial number mismatch"); + case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: + return("key usage does not include certificate signing"); + default: sprintf(buf,"error number %ld",n); return(buf); diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index 3ddb2303d38..0f4110cc64b 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -71,6 +71,8 @@ #include <openssl/objects.h> static int null_callback(int ok,X509_STORE_CTX *e); +static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); +static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); static int check_chain_purpose(X509_STORE_CTX *ctx); static int check_trust(X509_STORE_CTX *ctx); static int internal_verify(X509_STORE_CTX *ctx); @@ -85,13 +87,13 @@ static STACK *x509_store_method=NULL; static int null_callback(int ok, X509_STORE_CTX *e) { - return(ok); + return ok; } #if 0 static int x509_subject_cmp(X509 **a, X509 **b) { - return(X509_subject_name_cmp(*a,*b)); + return X509_subject_name_cmp(*a,*b); } #endif @@ -99,7 +101,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) { X509 *x,*xtmp,*chain_ss=NULL; X509_NAME *xn; - X509_OBJECT obj; int depth,i,ok=0; int num; int (*cb)(); @@ -108,10 +109,10 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (ctx->cert == NULL) { X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); - return(-1); + return -1; } - cb=ctx->ctx->verify_cb; + cb=ctx->verify_cb; if (cb == NULL) cb=null_callback; /* first we make sure the chain we are going to build is @@ -152,13 +153,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx) /* If we are self signed, we break */ xn=X509_get_issuer_name(x); - if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0) - break; + if (ctx->check_issued(ctx, x,x)) break; /* If we were passed a cert chain, use it first */ if (ctx->untrusted != NULL) { - xtmp=X509_find_by_subject(sktmp,xn); + xtmp=find_issuer(ctx, sktmp,x); if (xtmp != NULL) { if (!sk_X509_push(ctx->chain,xtmp)) @@ -183,11 +183,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx) * certificates. We now need to add at least one trusted one, * if possible, otherwise we complain. */ + /* Examine last certificate in chain and see if it + * is self signed. + */ + i=sk_X509_num(ctx->chain); x=sk_X509_value(ctx->chain,i-1); xn = X509_get_subject_name(x); - if (X509_NAME_cmp(xn,X509_get_issuer_name(x)) - == 0) + if (ctx->check_issued(ctx, x, x)) { /* we have a self signed certificate */ if (sk_X509_num(ctx->chain) == 1) @@ -196,13 +199,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx) * we can find it in the store. We must have an exact * match to avoid possible impersonation. */ - ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); - if ((ok != X509_LU_X509) || X509_cmp(x, obj.data.x509)) + ok = ctx->get_issuer(&xtmp, ctx, x); + if ((ok <= 0) || X509_cmp(x, xtmp)) { ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; ctx->current_cert=x; ctx->error_depth=i-1; - if(ok == X509_LU_X509) X509_OBJECT_free_contents(&obj); + if (ok == 1) X509_free(xtmp); ok=cb(0,ctx); if (!ok) goto end; } @@ -212,14 +215,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx) * so we get any trust settings. */ X509_free(x); - x = obj.data.x509; + x = xtmp; sk_X509_set(ctx->chain, i - 1, x); ctx->last_untrusted=0; } } else { - /* worry more about this one elsewhere */ + /* extract and save self signed certificate for later use */ chain_ss=sk_X509_pop(ctx->chain); ctx->last_untrusted--; num--; @@ -235,41 +238,30 @@ int X509_verify_cert(X509_STORE_CTX *ctx) /* If we are self signed, we break */ xn=X509_get_issuer_name(x); - if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0) - break; + if (ctx->check_issued(ctx,x,x)) break; - ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); - if (ok != X509_LU_X509) - { - if (ok == X509_LU_RETRY) - { - X509_OBJECT_free_contents(&obj); - X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY); - return(ok); - } - else if (ok != X509_LU_FAIL) - { - X509_OBJECT_free_contents(&obj); - /* not good :-(, break anyway */ - return(ok); - } - break; - } - x=obj.data.x509; - if (!sk_X509_push(ctx->chain,obj.data.x509)) + ok = ctx->get_issuer(&xtmp, ctx, x); + + if (ok < 0) return ok; + if (ok == 0) break; + + x = xtmp; + if (!sk_X509_push(ctx->chain,x)) { - X509_OBJECT_free_contents(&obj); + X509_free(xtmp); X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); - return(0); + return 0; } num++; } /* we now have our chain, lets check it... */ xn=X509_get_issuer_name(x); - if (X509_NAME_cmp(X509_get_subject_name(x),xn) != 0) + + /* Is last certificate looked up self signed? */ + if (!ctx->check_issued(ctx,x,x)) { - if ((chain_ss == NULL) || (X509_NAME_cmp(X509_get_subject_name(chain_ss),xn) != 0)) + if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { if (ctx->last_untrusted >= num) ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; @@ -294,22 +286,22 @@ int X509_verify_cert(X509_STORE_CTX *ctx) } /* We have the chain complete: now we need to check its purpose */ - if(ctx->purpose > 0) ok = check_chain_purpose(ctx); + if (ctx->purpose > 0) ok = check_chain_purpose(ctx); - if(!ok) goto end; + if (!ok) goto end; /* The chain extensions are OK: check trust */ - if(ctx->trust > 0) ok = check_trust(ctx); + if (ctx->trust > 0) ok = check_trust(ctx); - if(!ok) goto end; + if (!ok) goto end; /* We may as well copy down any DSA parameters that are required */ X509_get_pubkey_parameters(NULL,ctx->chain); /* At this point, we have a chain and just need to verify it */ - if (ctx->ctx->verify != NULL) - ok=ctx->ctx->verify(ctx); + if (ctx->verify != NULL) + ok=ctx->verify(ctx); else ok=internal_verify(ctx); if (0) @@ -319,9 +311,61 @@ end: } if (sktmp != NULL) sk_X509_free(sktmp); if (chain_ss != NULL) X509_free(chain_ss); - return(ok); + return ok; } + +/* Given a STACK_OF(X509) find the issuer of cert (if any) + */ + +static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) +{ + int i; + X509 *issuer; + for (i = 0; i < sk_X509_num(sk); i++) + { + issuer = sk_X509_value(sk, i); + if (ctx->check_issued(ctx, x, issuer)) + return issuer; + } + return NULL; +} + +/* Given a possible certificate and issuer check them */ + +static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) +{ + int ret; + ret = X509_check_issued(issuer, x); + if (ret == X509_V_OK) + return 1; + /* If we haven't asked for issuer errors don't set ctx */ + if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK)) + return 0; + + ctx->error = ret; + ctx->current_cert = x; + ctx->current_issuer = issuer; + if (ctx->verify_cb) + return ctx->verify_cb(0, ctx); + return 0; +} + +/* Alternative lookup method: look from a STACK stored in other_ctx */ + +static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) +{ + *issuer = find_issuer(ctx, ctx->other_ctx, x); + if (*issuer) + { + CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509); + return 1; + } + else + return 0; +} + + /* Check a certificate chains extensions for consistency * with the supplied purpose */ @@ -334,32 +378,37 @@ static int check_chain_purpose(X509_STORE_CTX *ctx) int i, ok=0; X509 *x; int (*cb)(); - cb=ctx->ctx->verify_cb; + cb=ctx->verify_cb; if (cb == NULL) cb=null_callback; /* Check all untrusted certificates */ - for(i = 0; i < ctx->last_untrusted; i++) { + for (i = 0; i < ctx->last_untrusted; i++) + { x = sk_X509_value(ctx->chain, i); - if(!X509_check_purpose(x, ctx->purpose, i)) { - if(i) ctx->error = X509_V_ERR_INVALID_CA; - else ctx->error = X509_V_ERR_INVALID_PURPOSE; + if (!X509_check_purpose(x, ctx->purpose, i)) + { + if (i) + ctx->error = X509_V_ERR_INVALID_CA; + else + ctx->error = X509_V_ERR_INVALID_PURPOSE; ctx->error_depth = i; ctx->current_cert = x; ok=cb(0,ctx); - if(!ok) goto end; - } + if (!ok) goto end; + } /* Check pathlen */ - if((i > 1) && (x->ex_pathlen != -1) - && (i > (x->ex_pathlen + 1))) { + if ((i > 1) && (x->ex_pathlen != -1) + && (i > (x->ex_pathlen + 1))) + { ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; ctx->error_depth = i; ctx->current_cert = x; ok=cb(0,ctx); - if(!ok) goto end; + if (!ok) goto end; + } } - } ok = 1; - end: - return(ok); + end: + return ok; #endif } @@ -371,19 +420,22 @@ static int check_trust(X509_STORE_CTX *ctx) int i, ok; X509 *x; int (*cb)(); - cb=ctx->ctx->verify_cb; + cb=ctx->verify_cb; if (cb == NULL) cb=null_callback; /* For now just check the last certificate in the chain */ i = sk_X509_num(ctx->chain) - 1; x = sk_X509_value(ctx->chain, i); ok = X509_check_trust(x, ctx->trust, 0); - if(ok == X509_TRUST_TRUSTED) return 1; + if (ok == X509_TRUST_TRUSTED) + return 1; ctx->error_depth = sk_X509_num(ctx->chain) - 1; ctx->current_cert = x; - if(ok == X509_TRUST_REJECTED) ctx->error = X509_V_ERR_CERT_REJECTED; - else ctx->error = X509_V_ERR_CERT_UNTRUSTED; + if (ok == X509_TRUST_REJECTED) + ctx->error = X509_V_ERR_CERT_REJECTED; + else + ctx->error = X509_V_ERR_CERT_UNTRUSTED; ok = cb(0, ctx); - return(ok); + return ok; #endif } @@ -392,17 +444,21 @@ static int internal_verify(X509_STORE_CTX *ctx) int i,ok=0,n; X509 *xs,*xi; EVP_PKEY *pkey=NULL; + time_t *ptime; int (*cb)(); - cb=ctx->ctx->verify_cb; + cb=ctx->verify_cb; if (cb == NULL) cb=null_callback; n=sk_X509_num(ctx->chain); ctx->error_depth=n-1; n--; xi=sk_X509_value(ctx->chain,n); - if (X509_NAME_cmp(X509_get_subject_name(xi), - X509_get_issuer_name(xi)) == 0) + if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME) + ptime = &ctx->check_time; + else + ptime = NULL; + if (ctx->check_issued(ctx, xi, xi)) xs=xi; else { @@ -448,7 +504,7 @@ static int internal_verify(X509_STORE_CTX *ctx) EVP_PKEY_free(pkey); pkey=NULL; - i=X509_cmp_current_time(X509_get_notBefore(xs)); + i=X509_cmp_time(X509_get_notBefore(xs), ptime); if (i == 0) { ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; @@ -466,7 +522,7 @@ static int internal_verify(X509_STORE_CTX *ctx) xs->valid=1; } - i=X509_cmp_current_time(X509_get_notAfter(xs)); + i=X509_cmp_time(X509_get_notAfter(xs), ptime); if (i == 0) { ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; @@ -499,13 +555,18 @@ static int internal_verify(X509_STORE_CTX *ctx) } ok=1; end: - return(ok); + return ok; } -int X509_cmp_current_time(ASN1_UTCTIME *ctm) +int X509_cmp_current_time(ASN1_TIME *ctm) +{ + return X509_cmp_time(ctm, NULL); +} + +int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) { char *str; - ASN1_UTCTIME atm; + ASN1_TIME atm; time_t offset; char buff1[24],buff2[24],*p; int i,j; @@ -513,14 +574,35 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm) p=buff1; i=ctm->length; str=(char *)ctm->data; - if ((i < 11) || (i > 17)) return(0); - memcpy(p,str,10); - p+=10; - str+=10; + if (ctm->type == V_ASN1_UTCTIME) + { + if ((i < 11) || (i > 17)) return 0; + memcpy(p,str,10); + p+=10; + str+=10; + } + else + { + if (i < 13) return 0; + memcpy(p,str,12); + p+=12; + str+=12; + } if ((*str == 'Z') || (*str == '-') || (*str == '+')) { *(p++)='0'; *(p++)='0'; } - else { *(p++)= *(str++); *(p++)= *(str++); } + else + { + *(p++)= *(str++); + *(p++)= *(str++); + /* Skip any fractional seconds... */ + if (*str == '.') + { + str++; + while ((*str >= '0') && (*str <= '9')) str++; + } + + } *(p++)='Z'; *(p++)='\0'; @@ -529,39 +611,51 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm) else { if ((*str != '+') && (str[5] != '-')) - return(0); + return 0; offset=((str[1]-'0')*10+(str[2]-'0'))*60; offset+=(str[3]-'0')*10+(str[4]-'0'); if (*str == '-') offset= -offset; } - atm.type=V_ASN1_UTCTIME; + atm.type=ctm->type; atm.length=sizeof(buff2); atm.data=(unsigned char *)buff2; - X509_gmtime_adj(&atm,-offset*60); + X509_time_adj(&atm,-offset*60, cmp_time); - i=(buff1[0]-'0')*10+(buff1[1]-'0'); - if (i < 50) i+=100; /* cf. RFC 2459 */ - j=(buff2[0]-'0')*10+(buff2[1]-'0'); - if (j < 50) j+=100; + if (ctm->type == V_ASN1_UTCTIME) + { + i=(buff1[0]-'0')*10+(buff1[1]-'0'); + if (i < 50) i+=100; /* cf. RFC 2459 */ + j=(buff2[0]-'0')*10+(buff2[1]-'0'); + if (j < 50) j+=100; - if (i < j) return (-1); - if (i > j) return (1); + if (i < j) return -1; + if (i > j) return 1; + } i=strcmp(buff1,buff2); if (i == 0) /* wait a second then return younger :-) */ - return(-1); + return -1; else - return(i); + return i; } -ASN1_UTCTIME *X509_gmtime_adj(ASN1_UTCTIME *s, long adj) +ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) +{ + return X509_time_adj(s, adj, NULL); +} + +ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm) { time_t t; - time(&t); + if (in_tm) t = *in_tm; + else time(&t); + t+=adj; - return(ASN1_UTCTIME_set(s,t)); + if (!s) return ASN1_TIME_set(s, t); + if (s->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t); + return ASN1_GENERALIZEDTIME_set(s, t); } int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) @@ -569,7 +663,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) EVP_PKEY *ktmp=NULL,*ktmp2; int i,j; - if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1); + if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1; for (i=0; i<sk_X509_num(chain); i++) { @@ -577,7 +671,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) if (ktmp == NULL) { X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); - return(0); + return 0; } if (!EVP_PKEY_missing_parameters(ktmp)) break; @@ -590,7 +684,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) if (ktmp == NULL) { X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); - return(0); + return 0; } /* first, populate the other certs */ @@ -603,101 +697,31 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp); EVP_PKEY_free(ktmp); - return(1); - } - -int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) - { - X509_OBJECT *obj,*r; - int ret=1; - - if (x == NULL) return(0); - obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT)); - if (obj == NULL) - { - X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); - return(0); - } - obj->type=X509_LU_X509; - obj->data.x509=x; - - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - - X509_OBJECT_up_ref_count(obj); - - r=(X509_OBJECT *)lh_insert(ctx->certs,obj); - if (r != NULL) - { /* oops, put it back */ - lh_delete(ctx->certs,obj); - X509_OBJECT_free_contents(obj); - Free(obj); - lh_insert(ctx->certs,r); - X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - - return(ret); - } - -int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) - { - X509_OBJECT *obj,*r; - int ret=1; - - if (x == NULL) return(0); - obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT)); - if (obj == NULL) - { - X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); - return(0); - } - obj->type=X509_LU_CRL; - obj->data.crl=x; - - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - - X509_OBJECT_up_ref_count(obj); - - r=(X509_OBJECT *)lh_insert(ctx->certs,obj); - if (r != NULL) - { /* oops, put it back */ - lh_delete(ctx->certs,obj); - X509_OBJECT_free_contents(obj); - Free(obj); - lh_insert(ctx->certs,r); - X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - - return(ret); + return 1; } int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { x509_store_ctx_num++; - return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1, + return CRYPTO_get_ex_new_index(x509_store_ctx_num-1, &x509_store_ctx_method, - argl,argp,new_func,dup_func,free_func)); + argl,argp,new_func,dup_func,free_func); } int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) { - return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data)); + return CRYPTO_set_ex_data(&ctx->ex_data,idx,data); } void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) { - return(CRYPTO_get_ex_data(&ctx->ex_data,idx)); + return CRYPTO_get_ex_data(&ctx->ex_data,idx); } int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) { - return(ctx->error); + return ctx->error; } void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) @@ -707,17 +731,17 @@ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) { - return(ctx->error_depth); + return ctx->error_depth; } X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) { - return(ctx->current_cert); + return ctx->current_cert; } STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) { - return(ctx->chain); + return ctx->chain; } STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) @@ -725,12 +749,13 @@ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) int i; X509 *x; STACK_OF(X509) *chain; - if(!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL; - for(i = 0; i < sk_X509_num(chain); i++) { + if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL; + for (i = 0; i < sk_X509_num(chain); i++) + { x = sk_X509_value(chain, i); CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - } - return(chain); + } + return chain; } void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) @@ -768,43 +793,123 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, { int idx; /* If purpose not set use default */ - if(!purpose) purpose = def_purpose; + if (!purpose) purpose = def_purpose; /* If we have a purpose then check it is valid */ - if(purpose) { + if (purpose) + { X509_PURPOSE *ptmp; idx = X509_PURPOSE_get_by_id(purpose); - if(idx == -1) { + if (idx == -1) + { X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, X509_R_UNKNOWN_PURPOSE_ID); return 0; - } + } ptmp = X509_PURPOSE_get0(idx); - if(ptmp->trust == X509_TRUST_DEFAULT) { + if (ptmp->trust == X509_TRUST_DEFAULT) + { idx = X509_PURPOSE_get_by_id(def_purpose); - if(idx == -1) { + if (idx == -1) + { X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, X509_R_UNKNOWN_PURPOSE_ID); return 0; - } + } ptmp = X509_PURPOSE_get0(idx); - } + } /* If trust not set then get from purpose default */ - if(!trust) trust = ptmp->trust; - } - if(trust) { + if (!trust) trust = ptmp->trust; + } + if (trust) + { idx = X509_TRUST_get_by_id(trust); - if(idx == -1) { + if (idx == -1) + { X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, X509_R_UNKNOWN_TRUST_ID); return 0; + } } - } - if(purpose) ctx->purpose = purpose; - if(trust) ctx->trust = trust; + if (purpose) ctx->purpose = purpose; + if (trust) ctx->trust = trust; return 1; } +X509_STORE_CTX *X509_STORE_CTX_new(void) +{ + X509_STORE_CTX *ctx; + ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); + if (ctx) memset(ctx, 0, sizeof(X509_STORE_CTX)); + return ctx; +} + +void X509_STORE_CTX_free(X509_STORE_CTX *ctx) +{ + X509_STORE_CTX_cleanup(ctx); + OPENSSL_free(ctx); +} + +void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, + STACK_OF(X509) *chain) + { + ctx->ctx=store; + ctx->current_method=0; + ctx->cert=x509; + ctx->untrusted=chain; + ctx->last_untrusted=0; + ctx->purpose=0; + ctx->trust=0; + ctx->check_time=0; + ctx->flags=0; + ctx->other_ctx=NULL; + ctx->valid=0; + ctx->chain=NULL; + ctx->depth=9; + ctx->error=0; + ctx->error_depth=0; + ctx->current_cert=NULL; + ctx->current_issuer=NULL; + ctx->check_issued = check_issued; + ctx->get_issuer = X509_STORE_CTX_get1_issuer; + ctx->verify_cb = store->verify_cb; + ctx->verify = store->verify; + ctx->cleanup = 0; + memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); + } + +/* Set alternative lookup method: just a STACK of trusted certificates. + * This avoids X509_STORE nastiness where it isn't needed. + */ + +void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) +{ + ctx->other_ctx = sk; + ctx->get_issuer = get_issuer_sk; +} + +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) + { + if (ctx->cleanup) ctx->cleanup(ctx); + if (ctx->chain != NULL) + { + sk_X509_pop_free(ctx->chain,X509_free); + ctx->chain=NULL; + } + CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data)); + memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); + } + +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags) + { + ctx->flags |= flags; + } + +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t) + { + ctx->check_time = t; + ctx->flags |= X509_V_FLAG_USE_CHECK_TIME; + } IMPLEMENT_STACK_OF(X509) IMPLEMENT_ASN1_SET_OF(X509) diff --git a/lib/libcrypto/x509/x509_vfy.h b/lib/libcrypto/x509/x509_vfy.h index 4637aecedf5..e289d5309a4 100644 --- a/lib/libcrypto/x509/x509_vfy.h +++ b/lib/libcrypto/x509/x509_vfy.h @@ -65,13 +65,16 @@ #ifndef HEADER_X509_VFY_H #define HEADER_X509_VFY_H -#ifdef __cplusplus -extern "C" { +#ifndef NO_LHASH +#include <openssl/lhash.h> #endif - #include <openssl/bio.h> #include <openssl/crypto.h> +#ifdef __cplusplus +extern "C" { +#endif + /* Outer object */ typedef struct x509_hash_dir_st { @@ -128,6 +131,7 @@ typedef struct x509_object_st typedef struct x509_lookup_st X509_LOOKUP; DECLARE_STACK_OF(X509_LOOKUP) +DECLARE_STACK_OF(X509_OBJECT) /* This is a static that defines the function interface */ typedef struct x509_lookup_method_st @@ -150,7 +154,7 @@ typedef struct x509_lookup_method_st X509_OBJECT *ret); } X509_LOOKUP_METHOD; -typedef struct x509_store_state_st X509_STORE_CTX; +typedef struct x509_store_ctx_st X509_STORE_CTX; /* This is used to hold everything. It is used for all certificate * validation. Once we have a certificate chain, the 'verify' @@ -159,11 +163,7 @@ typedef struct x509_store_st { /* The following is a cache of trusted certs */ int cache; /* if true, stash any hits */ -#ifdef HEADER_LHASH_H - LHASH *certs; /* cached certs; */ -#else - char *certs; -#endif + STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ /* These are external lookup methods */ STACK_OF(X509_LOOKUP) *get_cert_methods; @@ -191,10 +191,10 @@ struct x509_lookup_st X509_STORE *store_ctx; /* who owns us */ }; -/* This is a temporary used when processing cert chains. Since the +/* This is a used when verifying cert chains. Since the * gathering of the cert chain can take some time (and have to be * 'retried', this needs to be kept and passed around. */ -struct x509_store_state_st /* X509_STORE_CTX */ +struct x509_store_ctx_st /* X509_STORE_CTX */ { X509_STORE *ctx; int current_method; /* used when looking up certs */ @@ -204,6 +204,16 @@ struct x509_store_state_st /* X509_STORE_CTX */ STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ int purpose; /* purpose to check untrusted certificates */ int trust; /* trust setting to check */ + time_t check_time; /* time to make verify at */ + unsigned long flags; /* Various verify flags */ + void *other_ctx; /* Other info for use with get_issuer() */ + + /* Callbacks for various operations */ + int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ + int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ + int (*cleanup)(X509_STORE_CTX *ctx); /* The following is built up */ int depth; /* how far to go looking up certs */ @@ -215,6 +225,7 @@ struct x509_store_state_st /* X509_STORE_CTX */ int error_depth; int error; X509 *current_cert; + X509 *current_issuer; /* cert currently being tested as valid issuer */ CRYPTO_EX_DATA ex_data; }; @@ -265,10 +276,20 @@ struct x509_store_state_st /* X509_STORE_CTX */ #define X509_V_ERR_INVALID_PURPOSE 26 #define X509_V_ERR_CERT_UNTRUSTED 27 #define X509_V_ERR_CERT_REJECTED 28 +/* These are 'informational' when looking for issuer cert */ +#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +#define X509_V_ERR_AKID_SKID_MISMATCH 30 +#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 /* The application is not happy */ #define X509_V_ERR_APPLICATION_VERIFICATION 50 +/* Certificate verify flags */ + +#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */ +#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */ + /* These functions are being redefined in another directory, and clash when the linker is case-insensitive, so let's hide them a little, by giving them an extra 'o' at the @@ -284,18 +305,23 @@ struct x509_store_state_st /* X509_STORE_CTX */ #define X509v3_add_standard_extensions oX509v3_add_standard_extensions #endif -#ifdef HEADER_LHASH_H -X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h,int type,X509_NAME *name); -#endif +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); void X509_OBJECT_up_ref_count(X509_OBJECT *a); void X509_OBJECT_free_contents(X509_OBJECT *a); X509_STORE *X509_STORE_new(void ); void X509_STORE_free(X509_STORE *v); X509_STORE_CTX *X509_STORE_CTX_new(void); + +int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + void X509_STORE_CTX_free(X509_STORE_CTX *ctx); void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain); +void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); @@ -354,6 +380,8 @@ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, int purpose, int trust); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); #ifdef __cplusplus } diff --git a/lib/libcrypto/x509/x509spki.c b/lib/libcrypto/x509/x509spki.c index b35c3f92e7f..fd0a534d88e 100644 --- a/lib/libcrypto/x509/x509spki.c +++ b/lib/libcrypto/x509/x509spki.c @@ -82,7 +82,7 @@ NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) int spki_len; NETSCAPE_SPKI *spki; if(len <= 0) len = strlen(str); - if (!(spki_der = Malloc(len + 1))) { + if (!(spki_der = OPENSSL_malloc(len + 1))) { X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); return NULL; } @@ -90,12 +90,12 @@ NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) if(spki_len < 0) { X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, X509_R_BASE64_DECODE_ERROR); - Free(spki_der); + OPENSSL_free(spki_der); return NULL; } p = spki_der; spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len); - Free(spki_der); + OPENSSL_free(spki_der); return spki; } @@ -107,8 +107,8 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) char *b64_str; int der_len; der_len = i2d_NETSCAPE_SPKI(spki, NULL); - der_spki = Malloc(der_len); - b64_str = Malloc(der_len * 2); + der_spki = OPENSSL_malloc(der_len); + b64_str = OPENSSL_malloc(der_len * 2); if(!der_spki || !b64_str) { X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); return NULL; @@ -116,6 +116,6 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) p = der_spki; i2d_NETSCAPE_SPKI(spki, &p); EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len); - Free(der_spki); + OPENSSL_free(der_spki); return b64_str; } diff --git a/lib/libcrypto/x509/x_all.c b/lib/libcrypto/x509/x_all.c index d2bf3c8e1c6..9bd6e2a39bd 100644 --- a/lib/libcrypto/x509/x_all.c +++ b/lib/libcrypto/x509/x_all.c @@ -411,13 +411,25 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne) (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne)); } -int X509_digest(X509 *data, const EVP_MD *type, unsigned char *md, +int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)); } -int X509_NAME_digest(X509_NAME *data, const EVP_MD *type, unsigned char *md, +int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, + unsigned int *len) + { + return(ASN1_digest((int (*)())i2d_X509_CRL,type,(char *)data,md,len)); + } + +int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, + unsigned int *len) + { + return(ASN1_digest((int (*)())i2d_X509_REQ,type,(char *)data,md,len)); + } + +int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)); @@ -492,6 +504,17 @@ EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a))); } +int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) + { + return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey)); + } + +EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) +{ + return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new, + (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a))); +} + #endif PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, @@ -529,3 +552,14 @@ EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new, (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a))); } + +int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) + { + return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey)); + } + +EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) + { + return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new, + (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a))); + } |