diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-11-21 22:28:31 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-11-21 22:28:31 +0000 |
commit | 52664f5081939c96c5867fd02278f7575f1cab2d (patch) | |
tree | f2a5a01dcf50d2f54aa8114adf8ed59867754ed6 /crypto/x509 | |
parent | a716d727347d6cd81534327901b509c6f5763f83 (diff) | |
download | openssl-52664f5081939c96c5867fd02278f7575f1cab2d.tar.gz |
Transparent support for PKCS#8 private keys in RSA/DSA.
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/by_file.c | 54 | ||||
-rw-r--r-- | crypto/x509/x509.h | 23 | ||||
-rw-r--r-- | crypto/x509/x509_err.c | 1 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.h | 1 | ||||
-rw-r--r-- | crypto/x509/x_all.c | 40 |
5 files changed, 95 insertions, 24 deletions
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 0457f01c34..78b4c47751 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -92,7 +92,7 @@ X509_LOOKUP_METHOD *X509_LOOKUP_file(void) static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, char **ret) { - int ok=0,ok2=0; + int ok=0; char *file; switch (cmd) @@ -100,31 +100,29 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { - ok=X509_load_cert_file(ctx,X509_get_default_cert_file(), + ok=X509_load_cert_crl_file(ctx,X509_get_default_cert_file(), X509_FILETYPE_PEM); - ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(), - X509_FILETYPE_PEM); - if (!ok || !ok2) + if (!ok) { X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); } else { file=(char *)Getenv(X509_get_default_cert_file_env()); - ok=X509_load_cert_file(ctx,file, - X509_FILETYPE_PEM); - ok2=X509_load_crl_file(ctx,file, + ok=X509_load_cert_crl_file(ctx,file, X509_FILETYPE_PEM); } } else { - ok=X509_load_cert_file(ctx,argp,(int)argl); - ok2=X509_load_crl_file(ctx,argp,(int)argl); + if(argl == X509_FILETYPE_PEM) + ok=X509_load_cert_crl_file(ctx,argp, + X509_FILETYPE_PEM); + else ok=X509_load_cert_file(ctx,argp,(int)argl); } break; } - return((ok && ok2)?ok:0); + return(ok); } int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) @@ -261,5 +259,39 @@ err: return(ret); } +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) +{ + STACK_OF(X509_INFO) *inf; + X509_INFO *itmp; + BIO *in; + int i, count = 0; + if(type != X509_FILETYPE_PEM) + return X509_load_cert_file(ctx, file, type); + in = BIO_new_file(file, "r"); + if(!in) { + X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB); + return 0; + } + inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); + BIO_free(in); + if(!inf) { + X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB); + return 0; + } + for(i = 0; i < sk_X509_INFO_num(inf); i++) { + itmp = sk_X509_INFO_value(inf, i); + if(itmp->x509) { + X509_STORE_add_cert(ctx->store_ctx, itmp->x509); + count++; + } else if(itmp->crl) { + X509_STORE_add_crl(ctx->store_ctx, itmp->crl); + count++; + } + } + sk_X509_INFO_pop_free(inf, X509_INFO_free); + return count; +} + + #endif /* NO_STDIO */ diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index d3d8030086..f35a61476f 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -613,10 +613,12 @@ RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa); int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa); int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); +RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa); +int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa); #endif #ifndef NO_DSA -DSA *d2i_DSAPublicKey_fp(FILE *fp, DSA **dsa); -int i2d_DSAPublicKey_fp(FILE *fp, DSA *dsa); +DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); +int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); @@ -639,10 +641,12 @@ RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa); int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa); int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); +RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa); +int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa); #endif #ifndef NO_DSA -DSA *d2i_DSAPublicKey_bio(BIO *bp, DSA **dsa); -int i2d_DSAPublicKey_bio(BIO *bp, DSA *dsa); +DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); +int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); #endif @@ -703,7 +707,15 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); - +int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp); +EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp, + long length); +int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp); +RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp, + long length); +int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp); +DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp, + long length); X509_SIG * X509_SIG_new(void ); void X509_SIG_free(X509_SIG *a); @@ -1028,6 +1040,7 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); #define X509_F_X509_EXTENSION_CREATE_BY_NID 108 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 #define X509_F_X509_GET_PUBKEY_PARAMETERS 110 +#define X509_F_X509_LOAD_CERT_CRL_FILE 132 #define X509_F_X509_LOAD_CERT_FILE 111 #define X509_F_X509_LOAD_CRL_FILE 112 #define X509_F_X509_NAME_ADD_ENTRY 113 diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index 0a0b704043..58e13c6c6b 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -76,6 +76,7 @@ static ERR_STRING_DATA X509_str_functs[]= {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"}, {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"}, {ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"}, +{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"}, {ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"}, {ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"}, {ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"}, diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index 39fa056c1a..9891a6944d 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -306,6 +306,7 @@ int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, #ifndef NO_STDIO int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); #endif diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 354d4c3f3c..4973c18eae 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -285,10 +285,22 @@ RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) (unsigned char **)(rsa))); } +RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) + { + return((RSA *)ASN1_d2i_fp((char *(*)()) + RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp), + (unsigned char **)(rsa))); + } + int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) { return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa)); } + +int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) + { + return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa)); + } #endif RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) @@ -310,10 +322,22 @@ RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) (unsigned char **)(rsa))); } +RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) + { + return((RSA *)ASN1_d2i_bio((char *(*)()) + RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp), + (unsigned char **)(rsa))); + } + int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) { return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa)); } + +int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) + { + return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa)); + } #endif #ifndef NO_DSA @@ -330,16 +354,16 @@ int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa)); } -DSA *d2i_DSAPublicKey_fp(FILE *fp, DSA **dsa) +DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) { return((DSA *)ASN1_d2i_fp((char *(*)()) - DSA_new,(char *(*)())d2i_DSAPublicKey, (fp), + DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp), (unsigned char **)(dsa))); } -int i2d_DSAPublicKey_fp(FILE *fp, DSA *dsa) +int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) { - return(ASN1_i2d_fp(i2d_DSAPublicKey,fp,(unsigned char *)dsa)); + return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa)); } #endif @@ -355,16 +379,16 @@ int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa)); } -DSA *d2i_DSAPublicKey_bio(BIO *bp, DSA **dsa) +DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) { return((DSA *)ASN1_d2i_bio((char *(*)()) - DSA_new,(char *(*)())d2i_DSAPublicKey, (bp), + DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp), (unsigned char **)(dsa))); } -int i2d_DSAPublicKey_bio(BIO *bp, DSA *dsa) +int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) { - return(ASN1_i2d_bio(i2d_DSAPublicKey,bp,(unsigned char *)dsa)); + return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa)); } #endif |