diff options
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/Makefile.ssl | 2 | ||||
-rw-r--r-- | crypto/x509/by_dir.c | 61 | ||||
-rw-r--r-- | crypto/x509/by_file.c | 95 | ||||
-rw-r--r-- | crypto/x509/v3_net.c | 8 | ||||
-rw-r--r-- | crypto/x509/v3_x509.c | 189 | ||||
-rw-r--r-- | crypto/x509/x509.err | 31 | ||||
-rw-r--r-- | crypto/x509/x509.h | 121 | ||||
-rw-r--r-- | crypto/x509/x509_cmp.c | 24 | ||||
-rw-r--r-- | crypto/x509/x509_d2.c | 6 | ||||
-rw-r--r-- | crypto/x509/x509_def.c | 2 | ||||
-rw-r--r-- | crypto/x509/x509_err.c | 13 | ||||
-rw-r--r-- | crypto/x509/x509_ext.c | 56 | ||||
-rw-r--r-- | crypto/x509/x509_lu.c | 13 | ||||
-rw-r--r-- | crypto/x509/x509_obj.c | 11 | ||||
-rw-r--r-- | crypto/x509/x509_r2x.c | 2 | ||||
-rw-r--r-- | crypto/x509/x509_req.c | 15 | ||||
-rw-r--r-- | crypto/x509/x509_set.c | 2 | ||||
-rw-r--r-- | crypto/x509/x509_txt.c | 14 | ||||
-rw-r--r-- | crypto/x509/x509_v3.c | 40 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.c | 127 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.h | 69 | ||||
-rw-r--r-- | crypto/x509/x509name.c | 23 | ||||
-rw-r--r-- | crypto/x509/x509pack.c | 4 | ||||
-rw-r--r-- | crypto/x509/x509rset.c | 2 | ||||
-rw-r--r-- | crypto/x509/x509type.c | 2 | ||||
-rw-r--r-- | crypto/x509/x509v3.doc | 24 | ||||
-rw-r--r-- | crypto/x509/x_all.c | 14 |
27 files changed, 755 insertions, 215 deletions
diff --git a/crypto/x509/Makefile.ssl b/crypto/x509/Makefile.ssl index e54a74d1e8..1c1ca2ffa0 100644 --- a/crypto/x509/Makefile.ssl +++ b/crypto/x509/Makefile.ssl @@ -91,6 +91,6 @@ clean: errors: perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h - perl ../err/err_genc.pl $(ERR).h $(ERRC).c + perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 6676a2e404..11725ec94c 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -1,5 +1,5 @@ /* crypto/x509/by_dir.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -250,21 +250,46 @@ X509_NAME *name; X509_OBJECT *ret; { BY_DIR *ctx; - X509 st_x509; - X509_CINF st_x509_cinf; + union { + struct { + X509 st_x509; + X509_CINF st_x509_cinf; + } x509; + struct { + X509_CRL st_crl; + X509_CRL_INFO st_crl_info; + } crl; + } data; int ok=0; int i,j,k; unsigned long h; BUF_MEM *b=NULL; struct stat st; X509_OBJECT stmp,*tmp; + char *postfix=""; if (name == NULL) return(0); - st_x509.cert_info= &st_x509_cinf; - st_x509_cinf.subject=name; - stmp.data.x509= &st_x509; stmp.type=type; + if (type == X509_LU_X509) + { + data.x509.st_x509.cert_info= &data.x509.st_x509_cinf; + data.x509.st_x509_cinf.subject=name; + stmp.data.x509= &data.x509.st_x509; + postfix=""; + } + else if (type == X509_LU_CRL) + { + data.crl.st_crl.crl= &data.crl.st_crl_info; + data.crl.st_crl_info.issuer=name; + stmp.data.crl= &data.crl.st_crl; + postfix="r"; + } + else + { + X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE); + goto finish; + } if ((b=BUF_MEM_new()) == NULL) { @@ -277,7 +302,7 @@ X509_OBJECT *ret; h=X509_NAME_hash(name); for (i=0; i<ctx->num_dirs; i++) { - j=strlen(ctx->dirs[i])+1+8+6+1; + j=strlen(ctx->dirs[i])+1+8+6+1+1; if (!BUF_MEM_grow(b,j)) { X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE); @@ -286,14 +311,25 @@ X509_OBJECT *ret; k=0; for (;;) { - sprintf(b->data,"%s/%08lx.%d",ctx->dirs[i],h,k); + sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h, + postfix,k); k++; if (stat(b->data,&st) < 0) break; /* found one. */ - if ((X509_load_cert_file(xl,b->data, - ctx->dirs_type[i])) == 0) + if (type == X509_LU_X509) + { + if ((X509_load_cert_file(xl,b->data, + ctx->dirs_type[i])) == 0) + break; + } + else if (type == X509_LU_CRL) + { + if ((X509_load_crl_file(xl,b->data, + ctx->dirs_type[i])) == 0) break; + } + /* else case will caught higher up */ } /* we have added it to the cache so now pull @@ -307,7 +343,10 @@ X509_OBJECT *ret; { ok=1; ret->type=tmp->type; - ret->data.x509=tmp->data.x509; + memcpy(&ret->data,&tmp->data,sizeof(ret->data)); + /* If we were going to up the reference count, + * we would need to do it on a perl 'type' + * basis */ /* CRYPTO_add(&tmp->data.x509->references,1, CRYPTO_LOCK_X509);*/ goto finish; diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 2dac28f542..09ebb9bf08 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -1,5 +1,5 @@ /* crypto/x509/by_file.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -68,6 +68,8 @@ #include "x509.h" #include "pem.h" +#ifndef NO_STDIO + #ifndef NOPROTO static int by_file_ctrl(X509_LOOKUP *ctx,int cmd,char *argc, long argl,char **ret); @@ -101,7 +103,7 @@ char *argp; long argl; char **ret; { - int ok=0; + int ok=0,ok2=0; char *file; switch (cmd) @@ -111,7 +113,9 @@ char **ret; { ok=X509_load_cert_file(ctx,X509_get_default_cert_file(), X509_FILETYPE_PEM); - if (!ok) + ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(), + X509_FILETYPE_PEM); + if (!ok || !ok2) { X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); } @@ -120,13 +124,18 @@ char **ret; file=(char *)Getenv(X509_get_default_cert_file_env()); ok=X509_load_cert_file(ctx,file, X509_FILETYPE_PEM); + ok2=X509_load_crl_file(ctx,file, + X509_FILETYPE_PEM); } } else + { ok=X509_load_cert_file(ctx,argp,(int)argl); + ok2=X509_load_crl_file(ctx,argp,(int)argl); + } break; } - return(ok); + return((ok && ok2)?ok:0); } int X509_load_cert_file(ctx,file,type) @@ -140,11 +149,7 @@ int type; X509 *x=NULL; if (file == NULL) return(1); -#ifndef WIN16 - in=BIO_new(BIO_s_file()); -#else - in=BIO_new(BIO_s_file_internal_w16()); -#endif + in=BIO_new(BIO_s_file_internal()); if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) { @@ -203,3 +208,75 @@ err: return(ret); } +int X509_load_crl_file(ctx,file,type) +X509_LOOKUP *ctx; +char *file; +int type; + { + int ret=0; + BIO *in=NULL; + int i,count=0; + X509_CRL *x=NULL; + + if (file == NULL) return(1); + in=BIO_new(BIO_s_file_internal()); + + if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) + { + X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB); + goto err; + } + + if (type == X509_FILETYPE_PEM) + { + for (;;) + { + x=PEM_read_bio_X509_CRL(in,NULL,NULL); + if (x == NULL) + { + if ((ERR_GET_REASON(ERR_peek_error()) == + PEM_R_NO_START_LINE) && (count > 0)) + { + ERR_clear_error(); + break; + } + else + { + X509err(X509_F_X509_LOAD_CRL_FILE, + ERR_R_PEM_LIB); + goto err; + } + } + i=X509_STORE_add_crl(ctx->store_ctx,x); + if (!i) goto err; + count++; + X509_CRL_free(x); + x=NULL; + } + ret=count; + } + else if (type == X509_FILETYPE_ASN1) + { + x=d2i_X509_CRL_bio(in,NULL); + if (x == NULL) + { + X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB); + goto err; + } + i=X509_STORE_add_crl(ctx->store_ctx,x); + if (!i) goto err; + ret=i; + } + else + { + X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE); + goto err; + } +err: + if (x != NULL) X509_CRL_free(x); + if (in != NULL) BIO_free(in); + return(ret); + } + +#endif /* NO_STDIO */ + diff --git a/crypto/x509/v3_net.c b/crypto/x509/v3_net.c index 5e79a57f03..0c2d276d13 100644 --- a/crypto/x509/v3_net.c +++ b/crypto/x509/v3_net.c @@ -1,5 +1,5 @@ /* crypto/x509/v3_net.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -66,9 +66,9 @@ #define NETSCAPE_X509_EXT_NUM 8 static X509_EXTENSION_METHOD netscape_x509_ext[NETSCAPE_X509_EXT_NUM]={ -{NID_netscape_ca_policy_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, -{NID_netscape_ssl_server_name,V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, -{NID_netscape_revocation_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_netscape_ca_policy_url, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_netscape_ssl_server_name, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +{NID_netscape_revocation_url, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, {NID_netscape_base_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, {NID_netscape_cert_type,V_ASN1_BIT_STRING,X509_EXT_PACK_STRING}, {NID_netscape_ca_revocation_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, diff --git a/crypto/x509/v3_x509.c b/crypto/x509/v3_x509.c index 57a7b17df1..f685aa4c71 100644 --- a/crypto/x509/v3_x509.c +++ b/crypto/x509/v3_x509.c @@ -1,5 +1,5 @@ /* crypto/x509/v3_x509.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -57,32 +57,197 @@ */ #include <stdio.h> +#include <ctype.h> #include "stack.h" #include "cryptlib.h" +#include "bio.h" #include "asn1.h" #include "objects.h" #include "x509.h" +#if 0 +static int i2a_key_usage(BIO *bp, X509 *x); +static int a2i_key_usage(X509 *x, char *str, int len); +#endif + +int X509v3_get_key_usage(X509 *x); +int X509v3_set_key_usage(X509 *x,unsigned int use); +int i2a_X509v3_key_usage(BIO *bp, unsigned int use); +unsigned int a2i_X509v3_key_usage(char *p); + #define STD_X509_EXT_NUM 9 -static X509_EXTENSION_METHOD std_x509_ext[STD_X509_EXT_NUM]={ -{NID_subject_key_identifier, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, -{NID_key_usage, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, -{NID_private_key_usage_period, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, -{NID_subject_alt_name, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, -{NID_issuer_alt_name, V_ASN1_BIT_STRING,X509_EXT_PACK_STRING}, -{NID_basic_constraints, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, -{NID_crl_number, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, -{NID_certificate_policies, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, -{NID_authority_key_identifier, V_ASN1_IA5STRING,X509_EXT_PACK_STRING}, +#if 0 +static X509_OBJECTS std_x509_ext[STD_X509_EXT_NUM]={ +{NID_subject_key_identifier, NULL,NULL}, +{NID_key_usage, a2i_key_usage,i2a_key_usage}, /**/ +{NID_private_key_usage_period, NULL,NULL}, +{NID_subject_alt_name, NULL,NULL}, +{NID_issuer_alt_name, NULL,NULL}, +{NID_basic_constraints, NULL,NULL}, +{NID_crl_number, NULL,NULL}, +{NID_certificate_policies, NULL,NULL}, +{NID_authority_key_identifier, NULL,NULL}, }; +#endif int X509v3_add_standard_extensions() { - int i; +#if 0 for (i=0; i<STD_X509_EXT_NUM; i++) if (!X509v3_add_extension(&(std_x509_ext[i]))) return(0); +#endif + return(1); + } + +int X509v3_get_key_usage(x) +X509 *x; + { + X509_EXTENSION *ext; + ASN1_STRING *st; + char *p; + int i; + + i=X509_get_ext_by_NID(x,NID_key_usage,-1); + if (i < 0) return(X509v3_KU_UNDEF); + ext=X509_get_ext(x,i); + st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING, + X509_EXTENSION_get_data(X509_get_ext(x,i))); + + p=(char *)ASN1_STRING_data(st); + if (ASN1_STRING_length(st) == 1) + i=p[0]; + else if (ASN1_STRING_length(st) == 2) + i=p[0]|(p[1]<<8); + else + i=0; + return(i); + } + +static struct + { + char *name; + unsigned int value; + } key_usage_data[] ={ + {"digitalSignature", X509v3_KU_DIGITAL_SIGNATURE}, + {"nonRepudiation", X509v3_KU_NON_REPUDIATION}, + {"keyEncipherment", X509v3_KU_KEY_ENCIPHERMENT}, + {"dataEncipherment", X509v3_KU_DATA_ENCIPHERMENT}, + {"keyAgreement", X509v3_KU_KEY_AGREEMENT}, + {"keyCertSign", X509v3_KU_KEY_CERT_SIGN}, + {"cRLSign", X509v3_KU_CRL_SIGN}, + {"encipherOnly", X509v3_KU_ENCIPHER_ONLY}, + {"decipherOnly", X509v3_KU_DECIPHER_ONLY}, + {NULL,0}, + }; + +#if 0 +static int a2i_key_usage(x,str,len) +X509 *x; +char *str; +int len; + { + return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str))); + } + +static int i2a_key_usage(bp,x) +BIO *bp; +X509 *x; + { + return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x))); + } +#endif + +int i2a_X509v3_key_usage(bp,use) +BIO *bp; +unsigned int use; + { + int i=0,first=1; + + for (;;) + { + if (use | key_usage_data[i].value) + { + BIO_printf(bp,"%s%s",((first)?"":" "), + key_usage_data[i].name); + first=0; + } + } return(1); } + +unsigned int a2i_X509v3_key_usage(p) +char *p; + { + unsigned int ret=0; + char *q,*s; + int i,n; + + q=p; + for (;;) + { + while ((*q != '\0') && isalnum(*q)) + q++; + if (*q == '\0') break; + s=q++; + while (isalnum(*q)) + q++; + n=q-s; + i=0; + for (;;) + { + if (strncmp(key_usage_data[i].name,s,n) == 0) + { + ret|=key_usage_data[i].value; + break; + } + i++; + if (key_usage_data[i].name == NULL) + return(X509v3_KU_UNDEF); + } + } + return(ret); + } + +int X509v3_set_key_usage(x,use) +X509 *x; +unsigned int use; + { + ASN1_OCTET_STRING *os; + X509_EXTENSION *ext; + int i; + unsigned char data[4]; + + i=X509_get_ext_by_NID(x,NID_key_usage,-1); + if (i < 0) + { + i=X509_get_ext_count(x)+1; + if ((ext=X509_EXTENSION_new()) == NULL) return(0); + if (!X509_add_ext(x,ext,i)) + { + X509_EXTENSION_free(ext); + return(0); + } + } + else + ext=X509_get_ext(x,i); + + /* fill in 'ext' */ + os=X509_EXTENSION_get_data(ext); + + i=0; + if (use > 0) + { + i=1; + data[0]=use&0xff; + } + if (use > 0xff) + { + i=2; + data[1]=(use>>8)&0xff; + } + return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1); + } + diff --git a/crypto/x509/x509.err b/crypto/x509/x509.err index 7f8b33ed89..8d0862d7d1 100644 --- a/crypto/x509/x509.err +++ b/crypto/x509/x509.err @@ -13,20 +13,22 @@ #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 #define X509_F_X509_GET_PUBKEY_PARAMETERS 110 #define X509_F_X509_LOAD_CERT_FILE 111 -#define X509_F_X509_NAME_ADD_ENTRY 112 -#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 113 -#define X509_F_X509_NAME_ENTRY_SET_OBJECT 114 -#define X509_F_X509_NAME_ONELINE 115 -#define X509_F_X509_NAME_PRINT 116 -#define X509_F_X509_PRINT_FP 117 -#define X509_F_X509_PUBKEY_GET 118 -#define X509_F_X509_PUBKEY_SET 119 -#define X509_F_X509_REQ_PRINT 120 -#define X509_F_X509_REQ_PRINT_FP 121 -#define X509_F_X509_REQ_TO_X509 122 -#define X509_F_X509_STORE_ADD_CERT 123 -#define X509_F_X509_TO_X509_REQ 124 -#define X509_F_X509_VERIFY_CERT 125 +#define X509_F_X509_LOAD_CRL_FILE 112 +#define X509_F_X509_NAME_ADD_ENTRY 113 +#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 +#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 +#define X509_F_X509_NAME_ONELINE 116 +#define X509_F_X509_NAME_PRINT 117 +#define X509_F_X509_PRINT_FP 118 +#define X509_F_X509_PUBKEY_GET 119 +#define X509_F_X509_PUBKEY_SET 120 +#define X509_F_X509_REQ_PRINT 121 +#define X509_F_X509_REQ_PRINT_FP 122 +#define X509_F_X509_REQ_TO_X509 123 +#define X509_F_X509_STORE_ADD_CERT 124 +#define X509_F_X509_STORE_ADD_CRL 125 +#define X509_F_X509_TO_X509_REQ 126 +#define X509_F_X509_VERIFY_CERT 127 /* Reason codes. */ #define X509_R_BAD_X509_FILETYPE 100 @@ -41,3 +43,4 @@ #define X509_R_UNKNOWN_NID 109 #define X509_R_UNKNOWN_STRING_TYPE 110 #define X509_R_UNSUPPORTED_ALGORITHM 111 +#define X509_R_WRONG_LOOKUP_TYPE 112 diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index a1f7556818..95114f7c43 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -1,5 +1,5 @@ /* crypto/x509/x509.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -90,6 +90,24 @@ extern "C" { #define X509_FILETYPE_ASN1 2 #define X509_FILETYPE_DEFAULT 3 +#define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +#define X509v3_KU_NON_REPUDIATION 0x0040 +#define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +#define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +#define X509v3_KU_KEY_AGREEMENT 0x0008 +#define X509v3_KU_KEY_CERT_SIGN 0x0004 +#define X509v3_KU_CRL_SIGN 0x0002 +#define X509v3_KU_ENCIPHER_ONLY 0x0001 +#define X509v3_KU_DECIPHER_ONLY 0x8000 +#define X509v3_KU_UNDEF 0xffff + +typedef struct X509_objects_st + { + int nid; + int (*a2i)(); + int (*i2a)(); + } X509_OBJECTS; + typedef struct X509_algor_st { ASN1_OBJECT *algorithm; @@ -133,25 +151,39 @@ typedef struct X509_name_st #else char *bytes; #endif + unsigned long hash; /* Keep the hash around for lookups */ } X509_NAME; +#define X509_EX_V_NETSCAPE_HACK 0x8000 +#define X509_EX_V_INIT 0x0001 typedef struct X509_extension_st { ASN1_OBJECT *object; short critical; short netscape_hack; ASN1_OCTET_STRING *value; + long argl; /* used when decoding */ + char *argp; /* used when decoding */ + void (*ex_free)(); /* clear argp stuff */ } X509_EXTENSION; -#define X509_EXT_PACK_UNKNOWN 0 -#define X509_EXT_PACK_STRING 1 /* X509v3_pack_string() */ - +/* #if 1 */ typedef struct x509_extension_method_st { int nid; int data_type; int pack_type; + void (*ex_clear)(); + int (*ex_get_bool)(); + int (*ex_set_bool)(); + int (*ex_get_str)(); + int (*ex_set_str)(); + char *(*ex_get_struct)(); + int (*ex_set_struct)(); + int (*a2i)(); + int (*i2a)(); } X509_EXTENSION_METHOD; +/* #endif */ typedef struct X509_req_info_st { @@ -307,8 +339,6 @@ typedef struct CBCParameter_st a->sig_alg,a->signature,(char *)a->req_info,r) #define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \ a->sig_alg, a->signature,(char *)a->crl,r) -#define NETSCAPE_SPKI_verify(a,r) ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC, \ - a->sig_algor,a->signature, (char *)a->spkac,r) #define X509_sign(x,pkey,md) \ ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \ @@ -428,6 +458,9 @@ typedef struct CBCParameter_st (char *)data,md,len) #endif +#define X509_EXT_PACK_UNKNOWN 1 +#define X509_EXT_PACK_STRING 2 + #define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) /* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ #define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) @@ -448,7 +481,7 @@ typedef struct CBCParameter_st #ifndef SSLEAY_MACROS #ifdef HEADER_ENVELOPE_H int X509_verify(X509 *a, EVP_PKEY *r); -char *X509_verify_cert_error_string(int n); +char *X509_verify_cert_error_string(long n); int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); @@ -464,7 +497,7 @@ int X509_NAME_digest(X509_NAME *data,EVP_MD *type, unsigned char *md,unsigned int *len); #endif -#ifndef WIN16 +#ifndef NO_FP_API X509 *d2i_X509_fp(FILE *fp, X509 *x509); int i2d_X509_fp(FILE *fp,X509 *x509); X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL *crl); @@ -515,7 +548,7 @@ char * X509_get_default_cert_dir_env(void ); char * X509_get_default_cert_file_env(void ); char * X509_get_default_private_dir(void ); -X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey); +X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md); X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); void ERR_load_X509_strings(void ); @@ -674,7 +707,7 @@ int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); unsigned long X509_NAME_hash(X509_NAME *x); int X509_CRL_cmp(X509_CRL *a,X509_CRL *b); -#ifndef WIN16 +#ifndef NO_FP_API int X509_print_fp(FILE *bp,X509 *x); int X509_REQ_print_fp(FILE *bp,X509_REQ *req); #endif @@ -691,9 +724,11 @@ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len); -int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int oldpos); +/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use + * lastpos, seach after that position on. */ +int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, - int oldpos); + int lastpos); X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, @@ -711,37 +746,38 @@ ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); int X509v3_get_ext_count(STACK *x); -int X509v3_get_ext_by_NID(STACK *x, int nid, int oldpos); -int X509v3_get_ext_by_OBJ(STACK *x,ASN1_OBJECT *obj,int oldpos); -int X509v3_get_ext_by_critical(STACK *x, int crit, int oldpos); +int X509v3_get_ext_by_NID(STACK *x, int nid, int lastpos); +int X509v3_get_ext_by_OBJ(STACK *x,ASN1_OBJECT *obj,int lastpos); +int X509v3_get_ext_by_critical(STACK *x, int crit, int lastpos); X509_EXTENSION *X509v3_get_ext(STACK *x, int loc); X509_EXTENSION *X509v3_delete_ext(STACK *x, int loc); STACK * X509v3_add_ext(STACK **x, X509_EXTENSION *ex, int loc); + int X509v3_data_type_by_OBJ(ASN1_OBJECT *obj); int X509v3_data_type_by_NID(int nid); int X509v3_pack_type_by_OBJ(ASN1_OBJECT *obj); int X509v3_pack_type_by_NID(int nid); int X509_get_ext_count(X509 *x); -int X509_get_ext_by_NID(X509 *x, int nid, int oldpos); -int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int oldpos); -int X509_get_ext_by_critical(X509 *x, int crit, int oldpos); +int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos); +int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); X509_EXTENSION *X509_get_ext(X509 *x, int loc); X509_EXTENSION *X509_delete_ext(X509 *x, int loc); int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); int X509_CRL_get_ext_count(X509_CRL *x); -int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int oldpos); -int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int oldpos); -int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int oldpos); +int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); +int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos); +int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); int X509_REVOKED_get_ext_count(X509_REVOKED *x); -int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int oldpos); -int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int oldpos); -int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int oldpos); +int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); +int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos); +int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); @@ -787,7 +823,7 @@ int X509_digest(); int X509_NAME_digest(); #endif -#ifndef WIN16 +#ifndef NO_FP_API X509 *d2i_X509_fp(); int i2d_X509_fp(); X509_CRL *d2i_X509_CRL_fp(); @@ -979,7 +1015,7 @@ int X509_NAME_cmp (); unsigned long X509_NAME_hash(); int X509_CRL_cmp(); -#ifndef WIN16 +#ifndef NO_FP_API int X509_print_fp(); int X509_REQ_print_fp(); #endif @@ -1011,12 +1047,12 @@ int X509v3_get_ext_by_critical(); X509_EXTENSION *X509v3_get_ext(); X509_EXTENSION *X509v3_delete_ext(); STACK * X509v3_add_ext(); + int X509v3_data_type_by_OBJ(); int X509v3_data_type_by_NID(); int X509v3_pack_type_by_OBJ(); int X509v3_pack_type_by_NID(); - int X509_get_ext_count(); int X509_get_ext_by_NID(); int X509_get_ext_by_OBJ(); @@ -1077,20 +1113,22 @@ X509 *X509_find_by_subject(); #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 #define X509_F_X509_GET_PUBKEY_PARAMETERS 110 #define X509_F_X509_LOAD_CERT_FILE 111 -#define X509_F_X509_NAME_ADD_ENTRY 112 -#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 113 -#define X509_F_X509_NAME_ENTRY_SET_OBJECT 114 -#define X509_F_X509_NAME_ONELINE 115 -#define X509_F_X509_NAME_PRINT 116 -#define X509_F_X509_PRINT_FP 117 -#define X509_F_X509_PUBKEY_GET 118 -#define X509_F_X509_PUBKEY_SET 119 -#define X509_F_X509_REQ_PRINT 120 -#define X509_F_X509_REQ_PRINT_FP 121 -#define X509_F_X509_REQ_TO_X509 122 -#define X509_F_X509_STORE_ADD_CERT 123 -#define X509_F_X509_TO_X509_REQ 124 -#define X509_F_X509_VERIFY_CERT 125 +#define X509_F_X509_LOAD_CRL_FILE 112 +#define X509_F_X509_NAME_ADD_ENTRY 113 +#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 +#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 +#define X509_F_X509_NAME_ONELINE 116 +#define X509_F_X509_NAME_PRINT 117 +#define X509_F_X509_PRINT_FP 118 +#define X509_F_X509_PUBKEY_GET 119 +#define X509_F_X509_PUBKEY_SET 120 +#define X509_F_X509_REQ_PRINT 121 +#define X509_F_X509_REQ_PRINT_FP 122 +#define X509_F_X509_REQ_TO_X509 123 +#define X509_F_X509_STORE_ADD_CERT 124 +#define X509_F_X509_STORE_ADD_CRL 125 +#define X509_F_X509_TO_X509_REQ 126 +#define X509_F_X509_VERIFY_CERT 127 /* Reason codes. */ #define X509_R_BAD_X509_FILETYPE 100 @@ -1105,6 +1143,7 @@ X509 *X509_find_by_subject(); #define X509_R_UNKNOWN_NID 109 #define X509_R_UNKNOWN_STRING_TYPE 110 #define X509_R_UNSUPPORTED_ALGORITHM 111 +#define X509_R_WRONG_LOOKUP_TYPE 112 #ifdef __cplusplus } diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 14eebbfcb8..f9d9510ac5 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* crypto/x509/x509_cmp.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -188,17 +188,27 @@ X509_NAME *b; } #ifndef NO_MD5 -/* I should do a DER encoding of the name and then hash it. */ +/* I now DER encode the name and hash it. Since I cache the DER encoding, + * this is reasonably effiecent. */ unsigned long X509_NAME_hash(x) X509_NAME *x; { unsigned long ret=0; unsigned char md[16]; - char str[256]; + unsigned char str[256],*p,*pp; + int i; + + i=i2d_X509_NAME(x,NULL); + if (i > sizeof(str)) + p=Malloc(i); + else + p=str; + + pp=p; + i2d_X509_NAME(x,&pp); + MD5((unsigned char *)p,i,&(md[0])); + if (p != str) Free(p); - X509_NAME_oneline(x,str,256); - ret=strlen(str); - MD5((unsigned char *)str,ret,&(md[0])); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) )&0xffffffffL; @@ -226,7 +236,7 @@ ASN1_INTEGER *serial; if (X509_issuer_and_serial_cmp(x509,&x) == 0) return(x509); } - return(x509); + return(NULL); } X509 *X509_find_by_subject(sk,name) diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c index 235d70f8d7..01e22f4cb4 100644 --- a/crypto/x509/x509_d2.c +++ b/crypto/x509/x509_d2.c @@ -1,5 +1,5 @@ /* crypto/x509/x509_d2.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -63,6 +63,7 @@ #include "crypto.h" #include "x509.h" +#ifndef NO_STDIO int X509_STORE_set_default_paths(ctx) X509_STORE *ctx; { @@ -101,6 +102,9 @@ char *path; if (lookup == NULL) return(0); X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM); } + if ((path == NULL) && (file == NULL)) + return(0); return(1); } +#endif diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c index 497923828c..d9ab39b15a 100644 --- a/crypto/x509/x509_def.c +++ b/crypto/x509/x509_def.c @@ -1,5 +1,5 @@ /* crypto/x509/x509_def.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index bfcc47fe03..9304721612 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -60,6 +60,7 @@ #include "x509.h" /* BEGIN ERROR CODES */ +#ifndef NO_ERR static ERR_STRING_DATA X509_str_functs[]= { {ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"}, @@ -74,6 +75,7 @@ static ERR_STRING_DATA X509_str_functs[]= {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"}, {ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"}, {ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_LOAD_CERT_FILE"}, +{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_LOAD_CRL_FILE"}, {ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"}, {ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"}, {ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"}, @@ -86,6 +88,7 @@ static ERR_STRING_DATA X509_str_functs[]= {ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"}, {ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, {ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_ADD_CERT"}, +{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_ADD_CRL"}, {ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"}, {ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"}, {0,NULL}, @@ -105,17 +108,23 @@ static ERR_STRING_DATA X509_str_reasons[]= {X509_R_UNKNOWN_NID ,"unknown nid"}, {X509_R_UNKNOWN_STRING_TYPE ,"unknown string type"}, {X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"}, +{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"}, {0,NULL}, }; +#endif + void ERR_load_X509_strings() { static int init=1; - if (init) - { + if (init); + {; init=0; +#ifndef NO_ERR ERR_load_strings(ERR_LIB_X509,X509_str_functs); ERR_load_strings(ERR_LIB_X509,X509_str_reasons); +#endif + } } diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c index 7495183e88..1d76ecfcfd 100644 --- a/crypto/x509/x509_ext.c +++ b/crypto/x509/x509_ext.c @@ -1,5 +1,5 @@ /* crypto/x509/x509_ext.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -70,28 +70,28 @@ X509_CRL *x; return(X509v3_get_ext_count(x->crl->extensions)); } -int X509_CRL_get_ext_by_NID(x,nid,oldpos) +int X509_CRL_get_ext_by_NID(x,nid,lastpos) X509_CRL *x; int nid; -int oldpos; +int lastpos; { - return(X509v3_get_ext_by_NID(x->crl->extensions,nid,oldpos)); + return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos)); } -int X509_CRL_get_ext_by_OBJ(x,obj,oldpos) +int X509_CRL_get_ext_by_OBJ(x,obj,lastpos) X509_CRL *x; ASN1_OBJECT *obj; -int oldpos; +int lastpos; { - return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,oldpos)); + return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos)); } -int X509_CRL_get_ext_by_critical(x,crit,oldpos) +int X509_CRL_get_ext_by_critical(x,crit,lastpos) X509_CRL *x; int crit; -int oldpos; +int lastpos; { - return(X509v3_get_ext_by_critical(x->crl->extensions,crit,oldpos)); + return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos)); } X509_EXTENSION *X509_CRL_get_ext(x,loc) @@ -122,28 +122,28 @@ X509 *x; return(X509v3_get_ext_count(x->cert_info->extensions)); } -int X509_get_ext_by_NID(x,nid,oldpos) +int X509_get_ext_by_NID(x,nid,lastpos) X509 *x; int nid; -int oldpos; +int lastpos; { - return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,oldpos)); + return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos)); } -int X509_get_ext_by_OBJ(x,obj,oldpos) +int X509_get_ext_by_OBJ(x,obj,lastpos) X509 *x; ASN1_OBJECT *obj; -int oldpos; +int lastpos; { - return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,oldpos)); + return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos)); } -int X509_get_ext_by_critical(x,crit,oldpos) +int X509_get_ext_by_critical(x,crit,lastpos) X509 *x; int crit; -int oldpos; +int lastpos; { - return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,oldpos)); + return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos)); } X509_EXTENSION *X509_get_ext(x,loc) @@ -174,28 +174,28 @@ X509_REVOKED *x; return(X509v3_get_ext_count(x->extensions)); } -int X509_REVOKED_get_ext_by_NID(x,nid,oldpos) +int X509_REVOKED_get_ext_by_NID(x,nid,lastpos) X509_REVOKED *x; int nid; -int oldpos; +int lastpos; { - return(X509v3_get_ext_by_NID(x->extensions,nid,oldpos)); + return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos)); } -int X509_REVOKED_get_ext_by_OBJ(x,obj,oldpos) +int X509_REVOKED_get_ext_by_OBJ(x,obj,lastpos) X509_REVOKED *x; ASN1_OBJECT *obj; -int oldpos; +int lastpos; { - return(X509v3_get_ext_by_OBJ(x->extensions,obj,oldpos)); + return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos)); } -int X509_REVOKED_get_ext_by_critical(x,crit,oldpos) +int X509_REVOKED_get_ext_by_critical(x,crit,lastpos) X509_REVOKED *x; int crit; -int oldpos; +int lastpos; { - return(X509v3_get_ext_by_critical(x->extensions,crit,oldpos)); + return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos)); } X509_EXTENSION *X509_REVOKED_get_ext(x,loc) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 455ad5af45..2c7e10a46e 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -1,5 +1,5 @@ /* crypto/x509/x509_lu.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -61,6 +61,9 @@ #include "lhash.h" #include "x509.h" +static STACK *x509_store_meth=NULL; +static STACK *x509_store_ctx_meth=NULL; + X509_LOOKUP *X509_LOOKUP_new(method) X509_LOOKUP_METHOD *method; { @@ -170,7 +173,7 @@ char *str; int len; X509_OBJECT *ret; { - if ((ctx->method == NULL) || (ctx->method->get_by_alias)) + if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) return(X509_LU_FAIL); return(ctx->method->get_by_alias(ctx,str,len,ret)); } @@ -226,7 +229,7 @@ X509_STORE *X509_STORE_new() ret->get_cert_methods=sk_new_null(); ret->verify=NULL; ret->verify_cb=NULL; - ret->app_data=NULL; + memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA)); ret->references=1; return(ret); } @@ -264,6 +267,7 @@ X509_STORE *vfy; } sk_free(sk); + CRYPTO_free_ex_data(x509_store_meth,(char *)vfy,&vfy->ex_data); lh_doall(vfy->certs,cleanup); lh_free(vfy->certs); Free(vfy); @@ -425,6 +429,7 @@ STACK *chain; ctx->depth=10; ctx->error=0; ctx->current_cert=NULL; + memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); } void X509_STORE_CTX_cleanup(ctx) @@ -435,5 +440,7 @@ X509_STORE_CTX *ctx; sk_pop_free(ctx->chain,X509_free); ctx->chain=NULL; } + CRYPTO_free_ex_data(x509_store_ctx_meth,(char *)ctx,&(ctx->ex_data)); + memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); } diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index 2b53af1e61..c0576fd6f6 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -1,5 +1,5 @@ /* crypto/x509/x509_obj.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -76,6 +76,7 @@ int len; BUF_MEM *b=NULL; static char hex[17]="0123456789ABCDEF"; int gs_doit[4]; + char tmp_buf[80]; if (a == NULL) return("NO X509_NAME"); if (buf == NULL) @@ -92,12 +93,10 @@ int len; { ne=(X509_NAME_ENTRY *)sk_value(a->entries,i); n=OBJ_obj2nid(ne->object); - if (n == NID_undef) - s="UNKNOWN"; - else + if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) { - s=OBJ_nid2sn(n); - if (s == NULL) s="UNKNOWN2"; + i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object); + s=tmp_buf; } l1=strlen(s); diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index 7e79959c8a..6aec2427f7 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -1,5 +1,5 @@ /* crypto/x509/x509_r2x.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index c1f10c2428..5004365bad 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -1,5 +1,5 @@ /* crypto/x509/x509_req.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -66,9 +66,10 @@ #include "buffer.h" #include "pem.h" -X509_REQ *X509_to_X509_REQ(x,pkey) +X509_REQ *X509_to_X509_REQ(x,pkey,md) X509 *x; EVP_PKEY *pkey; +EVP_MD *md; { X509_REQ *ret; X509_REQ_INFO *ri; @@ -94,9 +95,11 @@ EVP_PKEY *pkey; i=X509_REQ_set_pubkey(ret,X509_get_pubkey(x)); if (!i) goto err; -/* NEEDS FIXING EAY EAY EAY */ - if (!X509_REQ_sign(ret,pkey,EVP_md5())) - goto err; + if (pkey != NULL) + { + if (!X509_REQ_sign(ret,pkey,md)) + goto err; + } return(ret); err: X509_REQ_free(ret); @@ -106,6 +109,8 @@ err: EVP_PKEY *X509_REQ_get_pubkey(req) X509_REQ *req; { + if ((req == NULL) || (req->req_info == NULL)) + return(NULL); return(X509_PUBKEY_get(req->req_info->pubkey)); } diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index f65ae91f53..5d0a3a0c0e 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -1,5 +1,5 @@ /* crypto/x509/x509_set.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index d5fc5839a1..408d1c277c 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -1,5 +1,5 @@ /* crypto/x509/x509_txt.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -71,11 +71,11 @@ #include "pem.h" char *X509_verify_cert_error_string(n) -int n; +long n; { static char buf[100]; - switch (n) + switch ((int)n) { case X509_V_OK: return("ok"); @@ -105,9 +105,9 @@ int n; return("format error in certificate's notBefore field"); case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: return("format error in certificate's notAfter field"); - case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FILED: + case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: return("format error in CRL's lastUpdate field"); - case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FILED: + case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: return("format error in CRL's nextUpdate field"); case X509_V_ERR_OUT_OF_MEM: return("out of memory"); @@ -121,8 +121,10 @@ int n; return("unable to verify the first certificate"); case X509_V_ERR_CERT_CHAIN_TOO_LONG: return("certificate chain too long"); + case X509_V_ERR_APPLICATION_VERIFICATION: + return("application verification failure"); default: - sprintf(buf,"error number %d",n); + sprintf(buf,"error number %ld",n); return(buf); } } diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index 388130b1d7..1c03602f0b 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -1,5 +1,5 @@ /* crypto/x509/x509_v3.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -81,59 +81,59 @@ STACK *x; return(sk_num(x)); } -int X509v3_get_ext_by_NID(x,nid,oldpos) +int X509v3_get_ext_by_NID(x,nid,lastpos) STACK *x; int nid; -int oldpos; +int lastpos; { ASN1_OBJECT *obj; obj=OBJ_nid2obj(nid); if (obj == NULL) return(-2); - return(X509v3_get_ext_by_OBJ(x,obj,oldpos)); + return(X509v3_get_ext_by_OBJ(x,obj,lastpos)); } -int X509v3_get_ext_by_OBJ(sk,obj,oldpos) +int X509v3_get_ext_by_OBJ(sk,obj,lastpos) STACK *sk; ASN1_OBJECT *obj; -int oldpos; +int lastpos; { int n; X509_EXTENSION *ex; if (sk == NULL) return(-1); - oldpos++; - if (oldpos < 0) - oldpos=0; + lastpos++; + if (lastpos < 0) + lastpos=0; n=sk_num(sk); - for ( ; oldpos < n; oldpos++) + for ( ; lastpos < n; lastpos++) { - ex=(X509_EXTENSION *)sk_value(sk,oldpos); + ex=(X509_EXTENSION *)sk_value(sk,lastpos); if (OBJ_cmp(ex->object,obj) == 0) - return(oldpos); + return(lastpos); } return(-1); } -int X509v3_get_ext_by_critical(sk,crit,oldpos) +int X509v3_get_ext_by_critical(sk,crit,lastpos) STACK *sk; int crit; -int oldpos; +int lastpos; { int n; X509_EXTENSION *ex; if (sk == NULL) return(-1); - oldpos++; - if (oldpos < 0) - oldpos=0; + lastpos++; + if (lastpos < 0) + lastpos=0; n=sk_num(sk); - for ( ; oldpos < n; oldpos++) + for ( ; lastpos < n; lastpos++) { - ex=(X509_EXTENSION *)sk_value(sk,oldpos); + ex=(X509_EXTENSION *)sk_value(sk,lastpos); if ( (ex->critical && crit) || (!ex->critical && !crit)) - return(oldpos); + return(lastpos); } return(-1); } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index f6dba6f9ef..c1be91edba 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1,5 +1,5 @@ /* crypto/x509/x509_vfy.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -62,6 +62,7 @@ #include <sys/types.h> #include <sys/stat.h> +#include "crypto.h" #include "cryptlib.h" #include "lhash.h" #include "buffer.h" @@ -79,7 +80,13 @@ static int null_callback(); static int internal_verify(); #endif -char *X509_version="X509 part of SSLeay 0.8.1b 29-Jun-1998"; +char *X509_version="X509 part of SSLeay 0.9.0b 29-Jun-1998"; +static STACK *x509_store_ctx_method=NULL; +static int x509_store_ctx_num=0; +#if 0 +static int x509_store_num=1; +static STACK *x509_store_method=NULL; +#endif static int null_callback(ok,e) int ok; @@ -427,13 +434,13 @@ ASN1_UTCTIME *ctm; offset=((str[1]-'0')*10+(str[2]-'0'))*60; offset+=(str[3]-'0')*10+(str[4]-'0'); if (*str == '-') - offset-=offset; + offset=-offset; } atm.type=V_ASN1_UTCTIME; atm.length=sizeof(buff2); atm.data=(unsigned char *)buff2; - X509_gmtime_adj(&atm,offset); + X509_gmtime_adj(&atm,-offset); i=(buff1[0]-'0')*10+(buff1[1]-'0'); if (i < 70) i+=100; @@ -505,6 +512,8 @@ STACK *chain; EVP_PKEY *X509_get_pubkey(x) X509 *x; { + if ((x == NULL) || (x->cert_info == NULL)) + return(NULL); return(X509_PUBKEY_get(x->cert_info->key)); } @@ -582,4 +591,114 @@ X509 *x; return(ret); } +int X509_STORE_add_crl(ctx,x) +X509_STORE *ctx; +X509_CRL *x; + { + X509_OBJECT *obj,*r; + int ret=1; + + if (x == NULL) return(0); + obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT)); + if (obj == NULL) + { + X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); + return(0); + } + obj->type=X509_LU_CRL; + obj->data.crl=x; + + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + + X509_OBJECT_up_ref_count(obj); + + r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj); + if (r != NULL) + { /* oops, put it back */ + lh_delete(ctx->certs,(char *)obj); + X509_OBJECT_free_contents(obj); + Free(obj); + lh_insert(ctx->certs,(char *)r); + X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); + ret=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + + return(ret); + } + +int X509_STORE_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func) +long argl; +char *argp; +int (*new_func)(); +int (*dup_func)(); +void (*free_func)(); + { + x509_store_ctx_num++; + return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1, + &x509_store_ctx_method, + argl,argp,new_func,dup_func,free_func)); + } + +int X509_STORE_CTX_set_ex_data(ctx,idx,data) +X509_STORE_CTX *ctx; +int idx; +char *data; + { + return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data)); + } + +char *X509_STORE_CTX_get_ex_data(ctx,idx) +X509_STORE_CTX *ctx; +int idx; + { + return(CRYPTO_get_ex_data(&ctx->ex_data,idx)); + } + +int X509_STORE_CTX_get_error(ctx) +X509_STORE_CTX *ctx; + { + return(ctx->error); + } + +void X509_STORE_CTX_set_error(ctx,err) +X509_STORE_CTX *ctx; +int err; + { + ctx->error=err; + } + +int X509_STORE_CTX_get_error_depth(ctx) +X509_STORE_CTX *ctx; + { + return(ctx->error_depth); + } + +X509 *X509_STORE_CTX_get_current_cert(ctx) +X509_STORE_CTX *ctx; + { + return(ctx->current_cert); + } + +STACK *X509_STORE_CTX_get_chain(ctx) +X509_STORE_CTX *ctx; + { + return(ctx->chain); + } + +void X509_STORE_CTX_set_cert(ctx,x) +X509_STORE_CTX *ctx; +X509 *x; + { + ctx->cert=x; + } + +void X509_STORE_CTX_set_chain(ctx,sk) +X509_STORE_CTX *ctx; +STACK *sk; + { + ctx->untrusted=sk; + } + diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index b92e1ba432..dfc060f899 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -1,5 +1,5 @@ /* crypto/x509/x509_vfy.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -63,6 +63,9 @@ extern "C" { #endif +#include "bio.h" +#include "crypto.h" + /* Outer object */ typedef struct x509_hash_dir_st { @@ -149,12 +152,12 @@ typedef struct x509_store_st int (*verify)(); /* called to verify a certificate */ int (*verify_cb)(); /* error callback */ - char *app_data; + CRYPTO_EX_DATA ex_data; int references; int depth; /* how deep to look */ } X509_STORE; -#define X509_STORE_set_depth(ctx,depth) ((ctx)->depth=(depth)) +#define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d)) #define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) #define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) @@ -193,19 +196,13 @@ typedef struct x509_store_state_st int error; X509 *current_cert; - char *app_data; + CRYPTO_EX_DATA ex_data; } X509_STORE_CTX; -#define X509_STORE_CTX_set_app_data(ctx,data) ((ctx)->app_data=(data)) -#define X509_STORE_CTX_get_app_data(ctx) ((ctx)->app_data) -#define X509_STORE_CTX_get_error(ctx) ((ctx)->error) -#define X509_STORE_CTX_set_error(ctx,s) ((ctx)->error=(s)) -#define X509_STORE_CTX_get_error_depth(ctx) ((ctx)->error_depth) -#define X509_STORE_CTX_get_current_cert(ctx) ((ctx)->current_cert) -#define X509_STORE_CTX_get_chain(ctx) ((ctx)->chain) - -#define X509_STORE_CTX_set_cert(c,ch) ((c)->cert=(ch)) -#define X509_STORE_CTX_set_chain(c,ch) ((c)->untrusted=(ch)) +#define X509_STORE_CTX_set_app_data(ctx,data) \ + X509_STORE_CTX_set_ex_data(ctx,0,data) +#define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx,0) #define X509_L_FILE_LOAD 1 #define X509_L_ADD_DIR 2 @@ -233,14 +230,18 @@ X509_LOOKUP_METHOD *X509_LOOKUP_dir(); #define X509_V_ERR_CRL_HAS_EXPIRED 12 #define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 #define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 -#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FILED 15 -#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FILED 16 +#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 #define X509_V_ERR_OUT_OF_MEM 17 #define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 #define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 #define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 #define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +#define X509_V_ERR_CERT_REVOKED 23 + +/* The application is not happy */ +#define X509_V_ERR_APPLICATION_VERIFICATION 50 #ifndef NOPROTO #ifdef HEADER_LHASH_H @@ -261,12 +262,17 @@ X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name, X509_OBJECT *ret); int X509_LOOKUP_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,long argl,char **ret); + +#ifndef NO_STDIO int X509_load_cert_file(X509_LOOKUP *ctx, char *file, int type); +int X509_load_crl_file(X509_LOOKUP *ctx, char *file, int type); +#endif void X509v3_cleanup_extensions(void ); int X509v3_add_extension(X509_EXTENSION_METHOD *x); @@ -286,9 +292,23 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, X509_OBJECT *ret); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); +#ifndef NO_STDIO int X509_STORE_load_locations (X509_STORE *ctx, char *file, char *dir); int X509_STORE_set_default_paths(X509_STORE *ctx); +#endif + +int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), + int (*dup_func)(), void (*free_func)()); +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,char *data); +char * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +STACK * X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); +void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK /* X509 */ *sk); #else @@ -309,11 +329,16 @@ X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(); X509_LOOKUP_METHOD *X509_LOOKUP_file(); int X509_STORE_add_cert(); +int X509_STORE_add_crl(); int X509_STORE_get_by_subject(); int X509_LOOKUP_ctrl(); + +#ifndef NO_STDIO int X509_load_cert_file(); +int X509_load_crl_file(); +#endif void X509v3_cleanup_extensions(); int X509v3_add_extension(); @@ -329,8 +354,20 @@ int X509_LOOKUP_by_fingerprint(); int X509_LOOKUP_by_alias(); int X509_LOOKUP_shutdown(); +#ifndef NO_STDIO int X509_STORE_load_locations (); int X509_STORE_set_default_paths(); +#endif + +int X509_STORE_CTX_set_ex_data(); +char * X509_STORE_CTX_get_ex_data(); +int X509_STORE_CTX_get_error(); +void X509_STORE_CTX_set_error(); +int X509_STORE_CTX_get_error_depth(); +X509 * X509_STORE_CTX_get_current_cert(); +STACK * X509_STORE_CTX_get_chain(); +void X509_STORE_CTX_set_cert(); +void X509_STORE_CTX_set_chain(); #endif diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index 8223ec069d..650e71b1b5 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -1,5 +1,5 @@ /* crypto/x509/x509name.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -103,37 +103,38 @@ X509_NAME *name; return(sk_num(name->entries)); } -int X509_NAME_get_index_by_NID(name,nid,oldpos) +int X509_NAME_get_index_by_NID(name,nid,lastpos) X509_NAME *name; int nid; -int oldpos; +int lastpos; { ASN1_OBJECT *obj; obj=OBJ_nid2obj(nid); if (obj == NULL) return(-2); - return(X509_NAME_get_index_by_OBJ(name,obj,oldpos)); + return(X509_NAME_get_index_by_OBJ(name,obj,lastpos)); } -int X509_NAME_get_index_by_OBJ(name,obj,oldpos) +/* NOTE: you should be passsing -1, not 0 as lastpos */ +int X509_NAME_get_index_by_OBJ(name,obj,lastpos) X509_NAME *name; ASN1_OBJECT *obj; -int oldpos; +int lastpos; { int n; X509_NAME_ENTRY *ne; STACK *sk; if (name == NULL) return(-1); - if (oldpos < 0) - oldpos= -1; + if (lastpos < 0) + lastpos= -1; sk=name->entries; n=sk_num(sk); - for (oldpos++; oldpos < n; oldpos++) + for (lastpos++; lastpos < n; lastpos++) { - ne=(X509_NAME_ENTRY *)sk_value(sk,oldpos); + ne=(X509_NAME_ENTRY *)sk_value(sk,lastpos); if (OBJ_cmp(ne->object,obj) == 0) - return(oldpos); + return(lastpos); } return(-1); } diff --git a/crypto/x509/x509pack.c b/crypto/x509/x509pack.c index 949943fca5..846f125859 100644 --- a/crypto/x509/x509pack.c +++ b/crypto/x509/x509pack.c @@ -1,5 +1,5 @@ /* crypto/x509/x509pack.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -141,7 +141,7 @@ ASN1_OCTET_STRING *os; (ASN1_BIT_STRING **)ex,&p,os->length); break; case V_ASN1_OCTET_STRING: - ret=(ASN1_STRING *)d2i_ASN1_BIT_STRING( + ret=(ASN1_STRING *)d2i_ASN1_OCTET_STRING( (ASN1_BIT_STRING **)ex,&p,os->length); break; case V_ASN1_IA5STRING: diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c index 2ff456f2ee..323b25470a 100644 --- a/crypto/x509/x509rset.c +++ b/crypto/x509/x509rset.c @@ -1,5 +1,5 @@ /* crypto/x509/x509rset.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 05d6919d6a..42c23bcfca 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -1,5 +1,5 @@ /* crypto/x509/x509type.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written diff --git a/crypto/x509/x509v3.doc b/crypto/x509/x509v3.doc new file mode 100644 index 0000000000..1e760a9469 --- /dev/null +++ b/crypto/x509/x509v3.doc @@ -0,0 +1,24 @@ +The 'new' system. + +The X509_EXTENSION_METHOD includes extensions and attributes and/or names. +Basically everthing that can be added to an X509 with an OID identifying it. + +It operates via 2 methods per object id. +int a2i_XXX(X509 *x,char *str,int len); +int i2a_XXX(BIO *bp,X509 *x); + +The a2i_XXX function will add the object with a value converted from the +string into the X509. Len can be -1 in which case the length is calculated +via strlen(str). Applications can always use direct knowledge to load and +unload the relevent objects themselves. + +i2a_XXX will print to the passed BIO, a text representation of the +relevet object. Use a memory BIO if you want it printed to a buffer :-). + +X509_add_by_NID(X509 *x,int nid,char *str,int len); +X509_add_by_OBJ(X509 *x,ASN1_OBJECT *obj,char *str,int len); + +X509_print_by_name(BIO *bp,X509 *x); +X509_print_by_NID(BIO *bp,X509 *x); +X509_print_by_OBJ(BIO *bp,X509 *x); + diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 2f554f597b..b7dde23e9a 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -1,5 +1,5 @@ /* crypto/x509/x_all.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -148,7 +148,7 @@ X509_EXTENSION *ex; (char *(*)())d2i_X509_EXTENSION,(char *)ex)); } -#ifndef WIN16 +#ifndef NO_FP_API X509 *d2i_X509_fp(fp,x509) FILE *fp; X509 *x509; @@ -187,7 +187,7 @@ X509_CRL *crl; (char *(*)())d2i_X509_CRL,(char *)crl)); } -#ifndef WIN16 +#ifndef NO_FP_API X509_CRL *d2i_X509_CRL_fp(fp,crl) FILE *fp; X509_CRL *crl; @@ -228,7 +228,7 @@ PKCS7 *p7; (char *(*)())d2i_PKCS7,(char *)p7)); } -#ifndef WIN16 +#ifndef NO_FP_API PKCS7 *d2i_PKCS7_fp(fp,p7) FILE *fp; PKCS7 *p7; @@ -269,7 +269,7 @@ X509_REQ *req; (char *(*)())d2i_X509_REQ,(char *)req)); } -#ifndef WIN16 +#ifndef NO_FP_API X509_REQ *d2i_X509_REQ_fp(fp,req) FILE *fp; X509_REQ *req; @@ -318,7 +318,7 @@ RSA *rsa; (char *(*)())d2i_RSAPrivateKey,(char *)rsa)); } -#ifndef WIN16 +#ifndef NO_FP_API RSA *d2i_RSAPrivateKey_fp(fp,rsa) FILE *fp; RSA *rsa; @@ -386,7 +386,7 @@ RSA *rsa; #endif #ifndef NO_DSA -#ifndef WIN16 +#ifndef NO_FP_API DSA *d2i_DSAPrivateKey_fp(fp,dsa) FILE *fp; DSA *dsa; |