Transparent support for PKCS#8 private keys in RSA/DSA.

New universal public key format. Fix CRL+cert load problem in by_file.c Make verify report errors when loading files or dirs
author: Dr. Stephen Henson <steve@openssl.org> 1999-11-21 22:28:31 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 1999-11-21 22:28:31 +0000
commit: 52664f5081939c96c5867fd02278f7575f1cab2d (patch)
tree: f2a5a01dcf50d2f54aa8114adf8ed59867754ed6 /crypto/x509
parent: a716d727347d6cd81534327901b509c6f5763f83 (diff)
download: openssl-52664f5081939c96c5867fd02278f7575f1cab2d.tar.gz
5 files changed, 95 insertions, 24 deletions
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 0457f01c34..78b4c47751 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -92,7 +92,7 @@ X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
 	     char **ret)
 	{
-	int ok=0,ok2=0;
+	int ok=0;
 	char *file;
 
 	switch (cmd)
@@ -100,31 +100,29 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
 	case X509_L_FILE_LOAD:
 		if (argl == X509_FILETYPE_DEFAULT)
 			{
-			ok=X509_load_cert_file(ctx,X509_get_default_cert_file(),
+			ok=X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
 				X509_FILETYPE_PEM);
-			ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(),
-				X509_FILETYPE_PEM);
-			if (!ok || !ok2)
+			if (!ok)
 				{
 				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
 				}
 			else
 				{
 				file=(char *)Getenv(X509_get_default_cert_file_env());
-				ok=X509_load_cert_file(ctx,file,
-					X509_FILETYPE_PEM);
-				ok2=X509_load_crl_file(ctx,file,
+				ok=X509_load_cert_crl_file(ctx,file,
 					X509_FILETYPE_PEM);
 				}
 			}
 		else
 			{
-			ok=X509_load_cert_file(ctx,argp,(int)argl);
-			ok2=X509_load_crl_file(ctx,argp,(int)argl);
+			if(argl == X509_FILETYPE_PEM)
+				ok=X509_load_cert_crl_file(ctx,argp,
+					X509_FILETYPE_PEM);
+			else ok=X509_load_cert_file(ctx,argp,(int)argl);
 			}
 		break;
 		}
-	return((ok && ok2)?ok:0);
+	return(ok);
 	}
 
 int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
@@ -261,5 +259,39 @@ err:
 	return(ret);
 	}
 
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+	STACK_OF(X509_INFO) *inf;
+	X509_INFO *itmp;
+	BIO *in;
+	int i, count = 0;
+	if(type != X509_FILETYPE_PEM)
+		return X509_load_cert_file(ctx, file, type);
+	in = BIO_new_file(file, "r");
+	if(!in) {
+		X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
+		return 0;
+	}
+	inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+	BIO_free(in);
+	if(!inf) {
+		X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
+		return 0;
+	}
+	for(i = 0; i < sk_X509_INFO_num(inf); i++) {
+		itmp = sk_X509_INFO_value(inf, i);
+		if(itmp->x509) {
+			X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
+			count++;
+		} else if(itmp->crl) {
+			X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
+			count++;
+		}
+	}
+	sk_X509_INFO_pop_free(inf, X509_INFO_free);
+	return count;
+}
+
+
 #endif /* NO_STDIO */
 
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index d3d8030086..f35a61476f 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -613,10 +613,12 @@ RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
 int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
 RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
 int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
+int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
 #endif
 #ifndef NO_DSA
-DSA *d2i_DSAPublicKey_fp(FILE *fp, DSA **dsa);
-int i2d_DSAPublicKey_fp(FILE *fp, DSA *dsa);
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
 int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
 X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
@@ -639,10 +641,12 @@ RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
 int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
 RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
 int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
+int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
 #endif
 #ifndef NO_DSA
-DSA *d2i_DSAPublicKey_bio(BIO *bp, DSA **dsa);
-int i2d_DSAPublicKey_bio(BIO *bp, DSA *dsa);
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
 int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
 #endif
@@ -703,7 +707,15 @@ int		X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
 EVP_PKEY *	X509_PUBKEY_get(X509_PUBKEY *key);
 int		X509_get_pubkey_parameters(EVP_PKEY *pkey,
 					   STACK_OF(X509) *chain);
-
+int		i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
+EVP_PKEY *	d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
+			long length);
+int		i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
+RSA *		d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
+			long length);
+int		i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
+DSA *		d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
+			long length);
 
 X509_SIG *	X509_SIG_new(void );
 void		X509_SIG_free(X509_SIG *a);
@@ -1028,6 +1040,7 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
 #define X509_F_X509_EXTENSION_CREATE_BY_NID		 108
 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109
 #define X509_F_X509_GET_PUBKEY_PARAMETERS		 110
+#define X509_F_X509_LOAD_CERT_CRL_FILE			 132
 #define X509_F_X509_LOAD_CERT_FILE			 111
 #define X509_F_X509_LOAD_CRL_FILE			 112
 #define X509_F_X509_NAME_ADD_ENTRY			 113
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index 0a0b704043..58e13c6c6b 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -76,6 +76,7 @@ static ERR_STRING_DATA X509_str_functs[]=
 {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0),	"X509_EXTENSION_create_by_NID"},
 {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0),	"X509_EXTENSION_create_by_OBJ"},
 {ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0),	"X509_get_pubkey_parameters"},
+{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0),	"X509_load_cert_crl_file"},
 {ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0),	"X509_load_cert_file"},
 {ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0),	"X509_load_crl_file"},
 {ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0),	"X509_NAME_add_entry"},
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index 39fa056c1a..9891a6944d 100644
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -306,6 +306,7 @@ int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
 #ifndef NO_STDIO
 int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
 int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 #endif
 
 
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 354d4c3f3c..4973c18eae 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -285,10 +285,22 @@ RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
 		(unsigned char **)(rsa)));
 	}
 
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
+	{
+	return((RSA *)ASN1_d2i_fp((char *(*)())
+		RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp),
+		(unsigned char **)(rsa)));
+	}
+
 int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
 	{
 	return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
 	}
+
+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
+	{
+	return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa));
+	}
 #endif
 
 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
@@ -310,10 +322,22 @@ RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
 		(unsigned char **)(rsa)));
 	}
 
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
+	{
+	return((RSA *)ASN1_d2i_bio((char *(*)())
+		RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp),
+		(unsigned char **)(rsa)));
+	}
+
 int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
 	{
 	return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
 	}
+
+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
+	{
+	return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa));
+	}
 #endif
 
 #ifndef NO_DSA
@@ -330,16 +354,16 @@ int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
 	return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
 	}
 
-DSA *d2i_DSAPublicKey_fp(FILE *fp, DSA **dsa)
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
 	{
 	return((DSA *)ASN1_d2i_fp((char *(*)())
-		DSA_new,(char *(*)())d2i_DSAPublicKey, (fp),
+		DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp),
 		(unsigned char **)(dsa)));
 	}
 
-int i2d_DSAPublicKey_fp(FILE *fp, DSA *dsa)
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
 	{
-	return(ASN1_i2d_fp(i2d_DSAPublicKey,fp,(unsigned char *)dsa));
+	return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa));
 	}
 #endif
 
@@ -355,16 +379,16 @@ int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
 	return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
 	}
 
-DSA *d2i_DSAPublicKey_bio(BIO *bp, DSA **dsa)
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
 	{
 	return((DSA *)ASN1_d2i_bio((char *(*)())
-		DSA_new,(char *(*)())d2i_DSAPublicKey, (bp),
+		DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp),
 		(unsigned char **)(dsa)));
 	}
 
-int i2d_DSAPublicKey_bio(BIO *bp, DSA *dsa)
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
 	{
-	return(ASN1_i2d_bio(i2d_DSAPublicKey,bp,(unsigned char *)dsa));
+	return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa));
 	}
 
 #endif
author	Dr. Stephen Henson <steve@openssl.org>	1999-11-21 22:28:31 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	1999-11-21 22:28:31 +0000
commit	52664f5081939c96c5867fd02278f7575f1cab2d (patch)
tree	f2a5a01dcf50d2f54aa8114adf8ed59867754ed6 /crypto/x509
parent	a716d727347d6cd81534327901b509c6f5763f83 (diff)
download	openssl-52664f5081939c96c5867fd02278f7575f1cab2d.tar.gz