From dd4134101fb41261b20fe47fdf9068c84e923102 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 2 Dec 1999 02:33:56 +0000 Subject: Change the trust and purpose code so it doesn't need init either and has a static and dynamic mix. --- CHANGES | 12 ++ apps/req.c | 1 - apps/s_client.c | 1 - apps/s_server.c | 1 - apps/verify.c | 2 - apps/x509.c | 2 - crypto/asn1/a_strnid.c | 54 +++--- crypto/asn1/asn1.h | 4 +- crypto/asn1/asn1_err.c | 1 - crypto/x509/x509.h | 19 +- crypto/x509/x509_trs.c | 109 +++++++---- crypto/x509/x509_v3.c | 21 -- crypto/x509v3/Makefile.ssl | 2 +- crypto/x509v3/ext_dat.h | 4 +- crypto/x509v3/v3_purp.c | 91 ++++++--- crypto/x509v3/x509v3.h | 7 +- ssl/ssl_lib.c | 6 - util/libeay.num | 466 ++++++++++++++++++++++----------------------- 18 files changed, 419 insertions(+), 384 deletions(-) diff --git a/CHANGES b/CHANGES index bb47022107..d7970a37ba 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,18 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and + dynamic mix. In both cases the ids can be used as an index into the + table. Also modified the X509_TRUST_add() and X509_PURPOSE_add() + functions so they accept a list of the field values and the + application doesn't need to directly manipulate the X509_TRUST + structure. + [Steve Henson] + + *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't + need initialising. + [Steve Henson] + *) Modify the way the V3 extension code looks up extensions. This now works in a similar way to the object code: we have some "standard" extensions in a static table which is searched with OBJ_bsearch() diff --git a/apps/req.c b/apps/req.c index 1c063ee3af..eb58a1c6b8 100644 --- a/apps/req.c +++ b/apps/req.c @@ -843,7 +843,6 @@ end: X509_REQ_free(req); X509_free(x509ss); OBJ_cleanup(); - ASN1_STRING_TABLE_cleanup(); #ifndef NO_DSA if (dsa_params != NULL) DSA_free(dsa_params); #endif diff --git a/apps/s_client.c b/apps/s_client.c index 0afd7907a1..60a8728c9b 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -740,7 +740,6 @@ end: if (ctx != NULL) SSL_CTX_free(ctx); if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); } if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); } - X509_cleanup(); if (bio_c_out != NULL) { BIO_free(bio_c_out); diff --git a/apps/s_server.c b/apps/s_server.c index 7a3a028b6e..a33e0ff147 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -718,7 +718,6 @@ bad: ret=0; end: if (ctx != NULL) SSL_CTX_free(ctx); - X509_cleanup(); if (bio_s_out != NULL) { BIO_free(bio_s_out); diff --git a/apps/verify.c b/apps/verify.c index f9281a65cf..e580acee85 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -84,7 +84,6 @@ int MAIN(int argc, char **argv) X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; - X509_init(); cert_ctx=X509_STORE_new(); if (cert_ctx == NULL) goto end; X509_STORE_set_verify_cb_func(cert_ctx,cb); @@ -196,7 +195,6 @@ end: } if (cert_ctx != NULL) X509_STORE_free(cert_ctx); sk_X509_pop_free(untrusted, X509_free); - X509_cleanup(); EXIT(ret); } diff --git a/apps/x509.c b/apps/x509.c index caf5946287..0ed5ef1d03 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -384,7 +384,6 @@ bad: app_RAND_load_file(NULL, bio_err, 0); ERR_load_crypto_strings(); - X509_init(); if (!X509_STORE_set_default_paths(ctx)) { @@ -870,7 +869,6 @@ end: EVP_PKEY_free(Upkey); EVP_PKEY_free(CApkey); X509_REQ_free(rq); - X509_cleanup(); EXIT(ret); } diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index e2e100e2eb..2f9c09b705 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -66,6 +66,7 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; static void st_free(ASN1_STRING_TABLE *tbl); static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b); +static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b); /* The following function generates an ASN1_STRING based on limits in a table. * Frequently the types and length of an ASN1_STRING are restricted by a @@ -79,7 +80,6 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, ASN1_STRING *str = NULL; int ret; if(!out) out = &str; - if(!stable) ASN1_STRING_TABLE_add_standard(); tbl = ASN1_STRING_TABLE_get(nid); if(tbl) ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask, tbl->minsize, tbl->maxsize); @@ -102,53 +102,45 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, #define ub_title 64 #define ub_email_address 128 +/* This table must be kept in NID order */ + static ASN1_STRING_TABLE tbl_standard[] = { -{NID_name, 1, ub_name, 0, 0}, -{NID_surname, 1, ub_name, 0, 0}, -{NID_givenName, 1, ub_name, 0, 0}, -{NID_initials, 1, ub_name, 0, 0}, {NID_commonName, 1, ub_common_name, 0, 0}, +{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, 0}, {NID_localityName, 1, ub_locality_name, 0, 0}, {NID_stateOrProvinceName, 1, ub_state_name, 0, 0}, {NID_organizationName, 1, ub_organization_name, 0, 0}, {NID_organizationalUnitName, 1, ub_organization_unit_name, 0, 0}, -{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, 0}, -{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, 0}, {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, 0}, -{NID_undef, 0, 0, 0, 0} +{NID_givenName, 1, ub_name, 0, 0}, +{NID_surname, 1, ub_name, 0, 0}, +{NID_initials, 1, ub_name, 0, 0}, +{NID_name, 1, ub_name, 0, 0}, +{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, 0}, }; -int ASN1_STRING_TABLE_add_standard(void) +static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b) { - static int done = 0; - ASN1_STRING_TABLE *tmp; - if(done) return 1; - if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); - if(!stable) { - ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD, - ERR_R_MALLOC_FAILURE); - return 0; - } - for(tmp = tbl_standard; tmp->nid != NID_undef; tmp++) { - if(!sk_ASN1_STRING_TABLE_push(stable, tmp)) { - ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD, - ERR_R_MALLOC_FAILURE); - return 0; - } - } - return 1; + return (*a)->nid - (*b)->nid; } -static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b) +static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b) { - return (*a)->nid - (*b)->nid; + return a->nid - b->nid; } ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) { int idx; + ASN1_STRING_TABLE *ttmp; ASN1_STRING_TABLE fnd; fnd.nid = nid; + ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd, + (char *)tbl_standard, + sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), + sizeof(ASN1_STRING_TABLE), (int(*)())table_cmp); + if(ttmp) return ttmp; + if(!stable) return NULL; idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); if(idx < 0) return NULL; return sk_ASN1_STRING_TABLE_value(stable, idx); @@ -160,6 +152,7 @@ int ASN1_STRING_TABLE_add(int nid, { ASN1_STRING_TABLE *tmp; char new_nid = 0; + flags &= ~STABLE_FLAGS_MALLOC; if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); if(!stable) { ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); @@ -172,14 +165,13 @@ int ASN1_STRING_TABLE_add(int nid, ERR_R_MALLOC_FAILURE); return 0; } - tmp->flags = STABLE_FLAGS_MALLOC; + tmp->flags = flags | STABLE_FLAGS_MALLOC; tmp->nid = nid; new_nid = 1; - } + } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; if(minsize != -1) tmp->minsize = minsize; if(maxsize != -1) tmp->maxsize = maxsize; tmp->mask = mask; - tmp->flags = flags & ~STABLE_FLAGS_MALLOC; if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp); return 1; } diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index d36e868e90..e54a61f6db 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -773,7 +773,6 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen, int inform, int nid); -int ASN1_STRING_TABLE_add_standard(void); ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); void ASN1_STRING_TABLE_cleanup(void); @@ -812,7 +811,6 @@ void ASN1_STRING_TABLE_cleanup(void); #define ASN1_F_ASN1_SIGN 114 #define ASN1_F_ASN1_STRING_NEW 115 #define ASN1_F_ASN1_STRING_TABLE_ADD 283 -#define ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD 284 #define ASN1_F_ASN1_STRING_TYPE_NEW 116 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 117 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 118 @@ -824,7 +822,7 @@ void ASN1_STRING_TABLE_cleanup(void); #define ASN1_F_BASIC_CONSTRAINTS_NEW 226 #define ASN1_F_BN_TO_ASN1_ENUMERATED 234 #define ASN1_F_BN_TO_ASN1_INTEGER 122 -#define ASN1_F_D2I_ACCESS_DESCRIPTION 292 +#define ASN1_F_D2I_ACCESS_DESCRIPTION 284 #define ASN1_F_D2I_ASN1_BIT_STRING 123 #define ASN1_F_D2I_ASN1_BMPSTRING 124 #define ASN1_F_D2I_ASN1_BOOLEAN 125 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index c322d643ef..063750607d 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -92,7 +92,6 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"}, {ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0), "ASN1_STRING_new"}, {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_ADD"}, -{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD,0), "ASN1_STRING_TABLE_add_standard"}, {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index ed95058a74..5e4da0f7c4 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -280,10 +280,10 @@ DECLARE_ASN1_SET_OF(X509) /* This is used for a table of trust checking functions */ typedef struct x509_trust_st { - int trust_id; - int trust_flags; + int trust; + int flags; int (*check_trust)(struct x509_trust_st *, X509 *, int); - char *trust_name; + char *name; int arg1; void *arg2; } X509_TRUST; @@ -298,6 +298,11 @@ DECLARE_STACK_OF(X509_TRUST) #define X509_TRUST_EMAIL 4 #define X509_TRUST_OBJECT_SIGN 5 +/* Keep these up to date! */ +#define X509_TRUST_MIN 1 +#define X509_TRUST_MAX 5 + + /* trust_flags values */ #define X509_TRUST_DYNAMIC 1 #define X509_TRUST_DYNAMIC_NAME 2 @@ -1015,8 +1020,6 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); int X509_EXTENSION_get_critical(X509_EXTENSION *ex); -void X509_init(void); -void X509_cleanup(void); int X509_verify_cert(X509_STORE_CTX *ctx); @@ -1059,10 +1062,10 @@ int X509_check_trust(X509 *x, int id, int flags); int X509_TRUST_get_count(void); X509_TRUST * X509_TRUST_iget(int idx); int X509_TRUST_get_by_id(int id); -int X509_TRUST_add(X509_TRUST *xp); +int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), + char *name, int arg1, void *arg2); void X509_TRUST_cleanup(void); -void X509_TRUST_add_standard(void); -int X509_TRUST_get_id(X509_TRUST *xp); +int X509_TRUST_get_flags(X509_TRUST *xp); char *X509_TRUST_iget_name(X509_TRUST *xp); int X509_TRUST_get_trust(X509_TRUST *xp); diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 94c64a1bcf..f96f5f9b26 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -67,72 +67,110 @@ static void trtable_free(X509_TRUST *p); static int trust_1bit(X509_TRUST *trust, X509 *x, int flags); static int trust_any(X509_TRUST *trust, X509 *x, int flags); +/* WARNING: the following table should be kept in order of trust + * and without any gaps so we can just subtract the minimum trust + * value to get an index into the table + */ + static X509_TRUST trstandard[] = { {X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL}, {X509_TRUST_SSL_CLIENT, 0, trust_1bit, "SSL Client", X509_TRUST_BIT_SSL_CLIENT, NULL}, {X509_TRUST_SSL_SERVER, 0, trust_1bit, "SSL Client", X509_TRUST_BIT_SSL_SERVER, NULL}, {X509_TRUST_EMAIL, 0, trust_1bit, "S/MIME email", X509_TRUST_BIT_EMAIL, NULL}, {X509_TRUST_OBJECT_SIGN, 0, trust_1bit, "Object Signing", X509_TRUST_BIT_OBJECT_SIGN, NULL}, -{0, 0, NULL, NULL, 0, NULL} }; +#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) + IMPLEMENT_STACK_OF(X509_TRUST) static STACK_OF(X509_TRUST) *trtable = NULL; static int tr_cmp(X509_TRUST **a, X509_TRUST **b) { - return (*a)->trust_id - (*b)->trust_id; + return (*a)->trust - (*b)->trust; } int X509_check_trust(X509 *x, int id, int flags) { - int idx; X509_TRUST *pt; + int idx; if(id == -1) return 1; - idx = X509_TRUST_get_by_id(id); - if(idx == -1) return -1; - pt = sk_X509_TRUST_value(trtable, idx); + if(!(idx = X509_TRUST_get_by_id(id))) return 0; + pt = X509_TRUST_iget(idx); return pt->check_trust(pt, x, flags); } int X509_TRUST_get_count(void) { - return sk_X509_TRUST_num(trtable); + if(!trtable) return X509_TRUST_COUNT; + return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT; } X509_TRUST * X509_TRUST_iget(int idx) { - return sk_X509_TRUST_value(trtable, idx); + if(idx < 0) return NULL; + if(idx < X509_TRUST_COUNT) return trstandard + idx; + return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); } int X509_TRUST_get_by_id(int id) { X509_TRUST tmp; - tmp.trust_id = id; + int idx; + if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) + return id - X509_TRUST_MIN; + tmp.trust = id; if(!trtable) return -1; - return sk_X509_TRUST_find(trtable, &tmp); + idx = sk_X509_TRUST_find(trtable, &tmp); + if(idx == -1) return -1; + return idx + X509_TRUST_COUNT; } -int X509_TRUST_add(X509_TRUST *xp) +int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), + char *name, int arg1, void *arg2) { int idx; - if(!trtable) - { - trtable = sk_X509_TRUST_new(tr_cmp); - if (!trtable) - { + X509_TRUST *trtmp; + /* This is set according to what we change: application can't set it */ + flags &= ~X509_TRUST_DYNAMIC; + /* This will always be set for application modified trust entries */ + flags |= X509_TRUST_DYNAMIC_NAME; + /* Get existing entry if any */ + idx = X509_TRUST_get_by_id(id); + /* Need a new entry */ + if(idx == -1) { + if(!(trtmp = Malloc(sizeof(X509_TRUST)))) { X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); return 0; - } } - - idx = X509_TRUST_get_by_id(xp->trust_id); - if(idx != -1) { - trtable_free(sk_X509_TRUST_value(trtable, idx)); - sk_X509_TRUST_set(trtable, idx, xp); - } else { - if (!sk_X509_TRUST_push(trtable, xp)) { + trtmp->flags = X509_TRUST_DYNAMIC; + } else trtmp = X509_TRUST_iget(idx); + + /* Free existing name if dynamic */ + if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name); + /* dup supplied name */ + if(!(trtmp->name = BUF_strdup(name))) { + X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + /* Keep the dynamic flag of existing entry */ + trtmp->flags &= X509_TRUST_DYNAMIC; + /* Set all other flags */ + trtmp->flags |= flags; + + trtmp->trust = id; + trtmp->check_trust = ck; + trtmp->arg1 = arg1; + trtmp->arg2 = arg2; + + /* If its a new entry manage the dynamic table */ + if(idx == -1) { + if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { + X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + if (!sk_X509_TRUST_push(trtable, trtmp)) { X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); return 0; } @@ -143,40 +181,35 @@ int X509_TRUST_add(X509_TRUST *xp) static void trtable_free(X509_TRUST *p) { if(!p) return; - if (p->trust_flags & X509_TRUST_DYNAMIC) + if (p->flags & X509_TRUST_DYNAMIC) { - if (p->trust_flags & X509_TRUST_DYNAMIC_NAME) - Free(p->trust_name); + if (p->flags & X509_TRUST_DYNAMIC_NAME) + Free(p->name); Free(p); } } void X509_TRUST_cleanup(void) { + int i; + for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i); sk_X509_TRUST_pop_free(trtable, trtable_free); trtable = NULL; } -void X509_TRUST_add_standard(void) -{ - X509_TRUST *xp; - for(xp = trstandard; xp->trust_name; xp++) - X509_TRUST_add(xp); -} - -int X509_TRUST_get_id(X509_TRUST *xp) +int X509_TRUST_get_flags(X509_TRUST *xp) { - return xp->trust_id; + return xp->flags; } char *X509_TRUST_iget_name(X509_TRUST *xp) { - return xp->trust_name; + return xp->name; } int X509_TRUST_get_trust(X509_TRUST *xp) { - return xp->trust_id; + return xp->trust; } static int trust_1bit(X509_TRUST *trust, X509 *x, int flags) diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index 100b08773c..52887986fe 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -265,24 +265,3 @@ int X509_EXTENSION_get_critical(X509_EXTENSION *ex) if (ex == NULL) return(0); return(ex->critical); } - -/* Initialisation routine: used to initialise the X509 and X509v3 tables */ - -static int init_done = 0; - -void X509_init(void) -{ - if(init_done) return; - X509V3_add_standard_extensions(); - X509_PURPOSE_add_standard(); - X509_TRUST_add_standard(); - init_done = 1; -} - -void X509_cleanup(void) -{ - X509V3_EXT_cleanup(); - X509_PURPOSE_cleanup(); - X509_TRUST_cleanup(); - init_done = 0; -} diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 83bd70e313..8cf90be132 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -339,7 +339,7 @@ v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index c81f9a18b0..801a585a52 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -91,7 +91,7 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_info, }; -/* Number of standard extensions: keep up to date */ +/* Number of standard extensions */ -#define STANDARD_EXTENSION_COUNT 22 +#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index e350c8158b..5e7b4c3ab9 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -82,9 +82,10 @@ static X509_PURPOSE xstandard[] = { {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL}, {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, {X509_PURPOSE_CRL_SIGN, X509_TRUST_ANY, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, - {-1, 0, 0, NULL, NULL, NULL, NULL} }; +#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) + IMPLEMENT_STACK_OF(X509_PURPOSE) static STACK_OF(X509_PURPOSE) *xptable = NULL; @@ -100,7 +101,6 @@ int X509_check_purpose(X509 *x, int id, int ca) X509_PURPOSE *pt; if(!(x->ex_flags & EXFLAG_SET)) { CRYPTO_w_lock(CRYPTO_LOCK_X509); - X509_init(); x509v3_cache_extensions(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); } @@ -108,25 +108,28 @@ int X509_check_purpose(X509 *x, int id, int ca) idx = X509_PURPOSE_get_by_id(id); if(idx == -1) return -1; pt = sk_X509_PURPOSE_value(xptable, idx); - return pt->check_purpose(pt, x,ca); + return pt->check_purpose(pt, x, ca); } int X509_PURPOSE_get_count(void) { - return sk_X509_PURPOSE_num(xptable); + if(!xptable) return X509_PURPOSE_COUNT; + return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; } X509_PURPOSE * X509_PURPOSE_iget(int idx) { - return sk_X509_PURPOSE_value(xptable, idx); + if(idx < 0) return NULL; + if(idx < X509_PURPOSE_COUNT) return xstandard + idx; + return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); } int X509_PURPOSE_get_by_sname(char *sname) { int i; X509_PURPOSE *xptmp; - for(i = 0; i < sk_X509_PURPOSE_num(xptable); i++) { - xptmp = sk_X509_PURPOSE_value(xptable, i); + for(i = 0; i < X509_PURPOSE_get_count(); i++) { + xptmp = X509_PURPOSE_iget(i); if(!strcmp(xptmp->sname, sname)) return i; } return -1; @@ -136,30 +139,66 @@ int X509_PURPOSE_get_by_sname(char *sname) int X509_PURPOSE_get_by_id(int purpose) { X509_PURPOSE tmp; + int idx; + if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) + return purpose - X509_PURPOSE_MIN; tmp.purpose = purpose; if(!xptable) return -1; - return sk_X509_PURPOSE_find(xptable, &tmp); + idx = sk_X509_PURPOSE_find(xptable, &tmp); + if(idx == -1) return -1; + return idx + X509_PURPOSE_COUNT; } -int X509_PURPOSE_add(X509_PURPOSE *xp) +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck)(X509_PURPOSE *, X509 *, int), + char *name, char *sname, void *arg) { int idx; - if(!xptable) - { - xptable = sk_X509_PURPOSE_new(xp_cmp); - if (!xptable) - { + X509_PURPOSE *ptmp; + /* This is set according to what we change: application can't set it */ + flags &= ~X509_PURPOSE_DYNAMIC; + /* This will always be set for application modified trust entries */ + flags |= X509_PURPOSE_DYNAMIC_NAME; + /* Get existing entry if any */ + idx = X509_PURPOSE_get_by_id(id); + /* Need a new entry */ + if(idx == -1) { + if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) { X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); return 0; - } } - - idx = X509_PURPOSE_get_by_id(xp->purpose); - if(idx != -1) { - xptable_free(sk_X509_PURPOSE_value(xptable, idx)); - sk_X509_PURPOSE_set(xptable, idx, xp); - } else { - if (!sk_X509_PURPOSE_push(xptable, xp)) { + ptmp->flags = X509_PURPOSE_DYNAMIC; + } else ptmp = X509_PURPOSE_iget(idx); + + /* Free existing name if dynamic */ + if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { + Free(ptmp->name); + Free(ptmp->sname); + } + /* dup supplied name */ + ptmp->name = BUF_strdup(name); + ptmp->sname = BUF_strdup(sname); + if(!ptmp->name || !ptmp->sname) { + X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + /* Keep the dynamic flag of existing entry */ + ptmp->flags &= X509_PURPOSE_DYNAMIC; + /* Set all other flags */ + ptmp->flags |= flags; + + ptmp->purpose = id; + ptmp->trust = trust; + ptmp->check_purpose = ck; + ptmp->usr_data = arg; + + /* If its a new entry manage the dynamic table */ + if(idx == -1) { + if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { + X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + if (!sk_X509_PURPOSE_push(xptable, ptmp)) { X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); return 0; } @@ -182,16 +221,12 @@ static void xptable_free(X509_PURPOSE *p) void X509_PURPOSE_cleanup(void) { + int i; sk_X509_PURPOSE_pop_free(xptable, xptable_free); + for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); xptable = NULL; } -void X509_PURPOSE_add_standard(void) -{ - X509_PURPOSE *xp; - for(xp = xstandard; xp->name; xp++) X509_PURPOSE_add(xp); -} - int X509_PURPOSE_get_id(X509_PURPOSE *xp) { return xp->purpose; diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index bee56ab2d2..5e988a98b8 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -345,6 +345,9 @@ typedef struct x509_purpose_st { #define X509_PURPOSE_SMIME_ENCRYPT 5 #define X509_PURPOSE_CRL_SIGN 6 +#define X509_PURPOSE_MIN 1 +#define X509_PURPOSE_MAX 6 + DECLARE_STACK_OF(X509_PURPOSE) void ERR_load_X509V3_strings(void); @@ -532,7 +535,9 @@ int X509_PURPOSE_get_count(void); X509_PURPOSE * X509_PURPOSE_iget(int idx); int X509_PURPOSE_get_by_sname(char *sname); int X509_PURPOSE_get_by_id(int id); -int X509_PURPOSE_add(X509_PURPOSE *xp); +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck)(X509_PURPOSE *, X509 *, int), + char *name, char *sname, void *arg); char *X509_PURPOSE_iget_name(X509_PURPOSE *xp); char *X509_PURPOSE_iget_sname(X509_PURPOSE *xp); int X509_PURPOSE_get_trust(X509_PURPOSE *xp); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3bd8d158c9..10d080df8f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1120,12 +1120,6 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) ret->extra_certs=NULL; ret->comp_methods=SSL_COMP_get_compression_methods(); - /* Initialise X509 tables: otherwise some certificate operations - * wont work. This is a non op if called more than once. - */ - - X509_init(); - return(ret); err: SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); diff --git a/util/libeay.num b/util/libeay.num index a14719d529..bf3d063636 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1883,241 +1883,233 @@ DISPLAYTEXT_new 1907 ASN1_GENERALIZEDTIME_free 1908 X509V3_REVOKED_get_d2i 1909 X509_set_ex_data 1910 -X509_PURPOSE_add_standard 1911 -sk_X509_PURPOSE_value 1912 -sk_X509_PURPOSE_zero 1913 -ASN1_VISIBLESTRING_new 1914 -ASN1_PRINTABLESTRING_free 1915 -ASN1_BMPSTRING_new 1916 -ASN1_UTF8STRING_new 1917 -sk_X509_PURPOSE_pop 1918 -DSA_get_default_method 1919 -sk_X509_PURPOSE_push 1920 -sk_X509_PURPOSE_delete 1921 -sk_X509_PURPOSE_num 1922 -PEM_read_DSA_PUBKEY 1923 -ASN1_T61STRING_free 1924 -d2i_DSA_PUBKEY_fp 1925 -DSA_set_method 1926 -X509_get_ex_data 1927 -ASN1_STRING_type 1928 -sk_X509_PURPOSE_find 1929 -ASN1_TIME_free 1930 -ASN1_OCTET_STRING_cmp 1931 -ASN1_BIT_STRING_new 1932 -X509V3_X509_get_d2i 1933 -ASN1_INTEGER_cmp 1934 -ASN1_TIME_new 1935 -d2i_DSA_PUBKEY_bio 1936 -sk_X509_PURPOSE_new_null 1937 -ASN1_UTCTIME_free 1938 -DSA_set_default_method 1939 -sk_X509_PURPOSE_set_cmp_func 1940 -PEM_write_bio_DSA_PUBKEY 1941 -X509_PURPOSE_get_by_id 1942 -DISPLAYTEXT_free 1943 -X509V3_CRL_get_d2i 1944 -ASN1_OCTET_STRING_free 1945 -X509_get_ex_new_index 1946 -ASN1_STRING_length 1947 -ASN1_PRINTABLESTRING_new 1948 -X509V3_get_d2i 1949 -ASN1_ENUMERATED_free 1950 -sk_X509_PURPOSE_unshift 1951 -sk_X509_PURPOSE_set 1952 -sk_X509_PURPOSE_sort 1953 -DIRECTORYSTRING_free 1954 -ASN1_OCTET_STRING_set 1955 -ASN1_IA5STRING_new 1956 -X509_check_purpose 1957 -ASN1_ENUMERATED_new 1958 -PEM_write_DSA_PUBKEY 1959 -ASN1_BMPSTRING_free 1960 -ASN1_T61STRING_new 1961 -ASN1_UTCTIME_new 1962 -ASN1_IA5STRING_free 1963 -ASN1_STRING_data 1964 -X509_PURPOSE_iget_name 1965 -sk_X509_PURPOSE_delete_ptr 1966 -ASN1_BIT_STRING_free 1967 -X509_PURPOSE_add 1968 -ASN1_UTF8STRING_free 1969 -X509_PURPOSE_get 1970 -sk_X509_PURPOSE_pop_free 1971 -i2d_DSA_PUBKEY_fp 1972 -sk_X509_PURPOSE_free 1973 -sk_X509_PURPOSE_dup 1974 -ASN1_OCTET_STRING_dup 1975 -ASN1_BIT_STRING_set 1976 -ASN1_INTEGER_free 1977 -ASN1_INTEGER_dup 1978 -ASN1_VISIBLESTRING_free 1979 -sk_X509_PURPOSE_shift 1980 -sk_X509_PURPOSE_new 1981 -sk_X509_PURPOSE_insert 1982 -ASN1_GENERALIZEDTIME_new 1983 -PEM_read_bio_DSA_PUBKEY 1984 -ASN1_OCTET_STRING_new 1985 -ASN1_INTEGER_new 1986 -i2d_DSA_PUBKEY_bio 1987 -ASN1_STRING_length_set 1988 -DIRECTORYSTRING_new 1989 -ASN1_mbstring_copy 1990 -sk_ASN1_STRING_TABLE_value 1991 -sk_ASN1_STRING_TABLE_pop 1992 -sk_ASN1_STRING_TABLE_num 1993 -sk_ASN1_STRING_TABLE_delete_ptr 1994 -sk_ASN1_STRING_TABLE_sort 1995 +X509_reject_set_bit_asc 1911 +X509_NAME_add_entry_by_txt 1912 +sk_X509_TRUST_pop 1913 +X509_NAME_add_entry_by_NID 1914 +X509_PURPOSE_iget 1915 +sk_ACCESS_DESCRIPTION_shift 1916 +PEM_read_X509_AUX 1917 +d2i_AUTHORITY_INFO_ACCESS 1918 +sk_X509_TRUST_set_cmp_func 1919 +sk_X509_TRUST_free 1920 +PEM_write_PUBKEY 1921 +sk_X509_TRUST_num 1922 +sk_ACCESS_DESCRIPTION_delete 1923 +sk_ASN1_STRING_TABLE_value 1924 +ACCESS_DESCRIPTION_new 1925 +X509_CERT_AUX_free 1926 +d2i_ACCESS_DESCRIPTION 1927 +X509_PURPOSE_add_standard 1928 +sk_X509_PURPOSE_value 1929 +sk_X509_PURPOSE_zero 1930 +X509_TRUST_add 1931 +ASN1_VISIBLESTRING_new 1932 +X509_alias_set 1933 +ASN1_PRINTABLESTRING_free 1934 +EVP_PKEY_rget_DSA 1935 +ASN1_BMPSTRING_new 1936 +ASN1_mbstring_copy 1937 +ASN1_UTF8STRING_new 1938 +sk_ACCESS_DESCRIPTION_set 1939 +sk_X509_PURPOSE_pop 1940 +DSA_get_default_method 1941 +sk_X509_PURPOSE_push 1942 +sk_X509_PURPOSE_delete 1943 +sk_X509_PURPOSE_num 1944 +i2d_ASN1_SET_OF_ACCESS_DESCRIPTION 1945 +ASN1_T61STRING_free 1946 +sk_ACCESS_DESCRIPTION_free 1947 +sk_ASN1_STRING_TABLE_pop 1948 +DSA_set_method 1949 +X509_get_ex_data 1950 +ASN1_STRING_type 1951 +X509_PURPOSE_get_by_sname 1952 +sk_X509_PURPOSE_find 1953 +ASN1_TIME_free 1954 +ASN1_OCTET_STRING_cmp 1955 +sk_ACCESS_DESCRIPTION_value 1956 +ASN1_BIT_STRING_new 1957 +X509V3_X509_get_d2i 1958 +PEM_read_bio_X509_AUX 1959 +ASN1_STRING_set_default_mask_asc 1960 +PEM_write_bio_RSA_PUBKEY 1961 +sk_ASN1_STRING_TABLE_num 1962 +ASN1_INTEGER_cmp 1963 +d2i_RSA_PUBKEY_fp 1964 +sk_ACCESS_DESCRIPTION_unshift 1965 +sk_ASN1_STRING_TABLE_delete_ptr 1966 +X509_trust_set_bit_asc 1967 +PEM_write_bio_DSA_PUBKEY 1968 +X509_STORE_CTX_free 1969 +EVP_PKEY_rset_DSA 1970 +i2d_DSA_PUBKEY_fp 1971 +X509_load_cert_crl_file 1972 +ASN1_TIME_new 1973 +i2d_RSA_PUBKEY 1974 +sk_X509_TRUST_pop_free 1975 +X509_STORE_CTX_purpose_inherit 1976 +PEM_read_RSA_PUBKEY 1977 +sk_X509_TRUST_zero 1978 +sk_ACCESS_DESCRIPTION_pop_free 1979 +d2i_X509_AUX 1980 +i2d_DSA_PUBKEY 1981 +X509_CERT_AUX_print 1982 +sk_X509_PURPOSE_new_null 1983 +PEM_read_DSA_PUBKEY 1984 +i2d_RSA_PUBKEY_bio 1985 +ASN1_BIT_STRING_num_asc 1986 +i2d_PUBKEY 1987 +ASN1_UTCTIME_free 1988 +DSA_set_default_method 1989 +X509_PURPOSE_get_by_id 1990 +sk_X509_TRUST_push 1991 +sk_ASN1_STRING_TABLE_sort 1992 +sk_X509_PURPOSE_set_cmp_func 1993 +ACCESS_DESCRIPTION_free 1994 +PEM_read_bio_PUBKEY 1995 ASN1_STRING_set_by_NID 1996 -sk_ASN1_STRING_TABLE_pop_free 1997 -sk_ASN1_STRING_TABLE_unshift 1998 -ASN1_STRING_TABLE_cleanup 1999 -ASN1_STRING_set_default_mask 2000 -sk_ASN1_STRING_TABLE_insert 2001 -sk_ASN1_STRING_TABLE_free 2002 -sk_ASN1_STRING_TABLE_set 2003 -ASN1_STRING_TABLE_add_standard 2004 -sk_ASN1_STRING_TABLE_set_cmp_func 2005 -ASN1_STRING_get_default_mask 2006 -ASN1_STRING_TABLE_get 2007 -sk_ASN1_STRING_TABLE_delete 2008 -sk_ASN1_STRING_TABLE_zero 2009 -sk_ASN1_STRING_TABLE_shift 2010 -sk_ASN1_STRING_TABLE_new_null 2011 -sk_ASN1_STRING_TABLE_push 2012 -sk_ASN1_STRING_TABLE_dup 2013 -ASN1_mbstring_ncopy 2014 -sk_ASN1_STRING_TABLE_find 2015 -sk_ASN1_STRING_TABLE_new 2016 -EVP_PKEY_rget_RSA 2017 -EVP_PKEY_rget_DH 2018 -EVP_PKEY_rget_DSA 2019 -X509_PURPOSE_cleanup 2020 -ASN1_STRING_set_default_mask_asc 2021 -X509_NAME_add_entry_by_txt 2022 -X509_NAME_add_entry_by_NID 2023 -X509_NAME_add_entry_by_OBJ 2024 -X509_NAME_ENTRY_create_by_txt 2025 -PEM_read_X509_AUX 2026 -X509_CERT_AUX_free 2027 -X509_alias_set 2028 -PEM_read_bio_X509_AUX 2029 -X509_trust_set_bit_asc 2030 -d2i_X509_AUX 2031 -X509_CERT_AUX_print 2032 -ASN1_BIT_STRING_num_asc 2033 -X509_CERT_AUX_new 2034 -ASN1_BIT_STRING_set_asc 2035 -i2d_X509_CERT_AUX 2036 -PEM_write_X509_AUX 2037 -X509_notrust_set_bit 2038 -X509_add_notrust_object 2039 -PEM_write_bio_X509_AUX 2040 -X509_alias_get 2041 -X509_trust_set_bit 2042 -d2i_X509_CERT_AUX 2043 -X509_notrust_set_bit_asc 2044 -i2d_X509_AUX 2045 -ASN1_BIT_STRING_name_print 2046 -X509_add_trust_object 2047 -OTHERNAME_new 2048 -i2d_OTHERNAME 2049 -CRYPTO_add_info 2050 -d2i_OTHERNAME 2051 -OTHERNAME_free 2052 -X509_cmp 2053 -PEM_write_PUBKEY 2054 -PEM_write_bio_RSA_PUBKEY 2055 -d2i_RSA_PUBKEY_fp 2056 -EVP_PKEY_rset_DSA 2057 -X509_load_cert_crl_file 2058 -i2d_RSA_PUBKEY 2059 -PEM_read_RSA_PUBKEY 2060 -i2d_DSA_PUBKEY 2061 -i2d_RSA_PUBKEY_bio 2062 -i2d_PUBKEY 2063 -PEM_read_bio_PUBKEY 2064 -PEM_read_PUBKEY 2065 -d2i_RSA_PUBKEY 2066 -d2i_DSA_PUBKEY 2067 -d2i_RSA_PUBKEY_bio 2068 -d2i_PUBKEY 2069 -EVP_PKEY_rset_RSA 2070 -PEM_read_bio_RSA_PUBKEY 2071 -PEM_write_RSA_PUBKEY 2072 -EVP_PKEY_rset_DH 2073 -i2d_RSA_PUBKEY_fp 2074 -PEM_write_bio_PUBKEY 2075 -sk_ACCESS_DESCRIPTION_shift 2076 -d2i_AUTHORITY_INFO_ACCESS 2077 -sk_ACCESS_DESCRIPTION_delete 2078 -ACCESS_DESCRIPTION_new 2079 -d2i_ACCESS_DESCRIPTION 2080 -sk_ACCESS_DESCRIPTION_set 2081 -i2d_ASN1_SET_OF_ACCESS_DESCRIPTION 2082 -sk_ACCESS_DESCRIPTION_free 2083 -sk_ACCESS_DESCRIPTION_value 2084 -sk_ACCESS_DESCRIPTION_unshift 2085 -sk_ACCESS_DESCRIPTION_pop_free 2086 -ACCESS_DESCRIPTION_free 2087 -sk_ACCESS_DESCRIPTION_dup 2088 -sk_ACCESS_DESCRIPTION_zero 2089 -sk_ACCESS_DESCRIPTION_new 2090 -sk_ACCESS_DESCRIPTION_push 2091 -d2i_ASN1_SET_OF_ACCESS_DESCRIPTION 2092 -sk_ACCESS_DESCRIPTION_find 2093 -AUTHORITY_INFO_ACCESS_free 2094 -sk_ACCESS_DESCRIPTION_pop 2095 -i2d_AUTHORITY_INFO_ACCESS 2096 -sk_ACCESS_DESCRIPTION_num 2097 -i2d_ACCESS_DESCRIPTION 2098 -sk_ACCESS_DESCRIPTION_new_null 2099 -sk_ACCESS_DESCRIPTION_delete_ptr 2100 -sk_ACCESS_DESCRIPTION_insert 2101 -sk_ACCESS_DESCRIPTION_sort 2102 -sk_ACCESS_DESCRIPTION_set_cmp_func 2103 -sk_X509_TRUST_pop 2104 -X509_cleanup 2105 -sk_X509_TRUST_set_cmp_func 2106 -X509_PURPOSE_get_by_sname 2107 -X509_STORE_CTX_free 2108 -sk_X509_TRUST_pop_free 2109 -X509_STORE_CTX_purpose_inherit 2110 -sk_X509_TRUST_push 2111 -X509_PURPOSE_get_id 2112 -sk_X509_TRUST_find 2113 -X509_TRUST_get_id 2114 -X509_TRUST_iget_name 2115 -X509_TRUST_iget 2116 -sk_X509_TRUST_unshift 2117 -X509_PURPOSE_get_count 2118 -X509_add_reject_object 2119 -sk_X509_TRUST_new_null 2120 -sk_X509_TRUST_new 2121 -sk_X509_TRUST_delete_ptr 2122 -X509_PURPOSE_iget_sname 2123 -X509_TRUST_get_count 2124 -X509_reject_set_bit_asc 2125 -X509_PURPOSE_iget 2126 -sk_X509_TRUST_free 2127 -sk_X509_TRUST_num 2128 -X509_init 2129 -X509_TRUST_add 2130 -X509_TRUST_add_standard 2131 -sk_X509_TRUST_zero 2132 -sk_X509_TRUST_shift 2133 -X509_TRUST_cleanup 2134 -sk_X509_TRUST_set 2135 -X509_TRUST_get_by_id 2136 -X509_PURPOSE_get_trust 2137 -X509_STORE_CTX_set_trust 2138 -X509_STORE_CTX_new 2139 -sk_X509_TRUST_value 2140 -X509_TRUST_get_trust 2141 -X509_STORE_CTX_set_purpose 2142 -sk_X509_TRUST_dup 2143 -sk_X509_TRUST_insert 2144 -X509_check_trust 2145 -sk_X509_TRUST_sort 2146 -X509_reject_set_bit 2147 -sk_X509_TRUST_delete 2148 +X509_PURPOSE_get_id 1997 +DISPLAYTEXT_free 1998 +OTHERNAME_new 1999 +sk_X509_TRUST_find 2000 +X509_CERT_AUX_new 2001 +sk_ACCESS_DESCRIPTION_dup 2002 +sk_ASN1_STRING_TABLE_pop_free 2003 +sk_ASN1_STRING_TABLE_unshift 2004 +sk_X509_TRUST_shift 2005 +sk_ACCESS_DESCRIPTION_zero 2006 +X509_TRUST_cleanup 2007 +X509_NAME_add_entry_by_OBJ 2008 +X509V3_CRL_get_d2i 2009 +sk_X509_TRUST_set 2010 +X509_PURPOSE_iget_name 2011 +PEM_read_PUBKEY 2012 +sk_ACCESS_DESCRIPTION_new 2013 +i2d_DSA_PUBKEY_bio 2014 +i2d_OTHERNAME 2015 +ASN1_OCTET_STRING_free 2016 +ASN1_BIT_STRING_set_asc 2017 +sk_ACCESS_DESCRIPTION_push 2018 +X509_get_ex_new_index 2019 +ASN1_STRING_TABLE_cleanup 2020 +X509_TRUST_get_by_id 2021 +X509_PURPOSE_get_trust 2022 +ASN1_STRING_length 2023 +d2i_ASN1_SET_OF_ACCESS_DESCRIPTION 2024 +ASN1_PRINTABLESTRING_new 2025 +X509V3_get_d2i 2026 +ASN1_ENUMERATED_free 2027 +i2d_X509_CERT_AUX 2028 +sk_ACCESS_DESCRIPTION_find 2029 +X509_STORE_CTX_set_trust 2030 +sk_X509_PURPOSE_unshift 2031 +ASN1_STRING_set_default_mask 2032 +X509_STORE_CTX_new 2033 +EVP_PKEY_rget_RSA 2034 +sk_X509_PURPOSE_set 2035 +sk_ASN1_STRING_TABLE_insert 2036 +sk_X509_PURPOSE_sort 2037 +DIRECTORYSTRING_free 2038 +PEM_write_X509_AUX 2039 +ASN1_OCTET_STRING_set 2040 +d2i_DSA_PUBKEY_fp 2041 +sk_ASN1_STRING_TABLE_free 2042 +sk_X509_TRUST_value 2043 +d2i_RSA_PUBKEY 2044 +sk_ASN1_STRING_TABLE_set 2045 +X509_TRUST_iget_name 2046 +X509_TRUST_iget 2047 +AUTHORITY_INFO_ACCESS_free 2048 +ASN1_IA5STRING_new 2049 +d2i_DSA_PUBKEY 2050 +X509_check_purpose 2051 +ASN1_ENUMERATED_new 2052 +d2i_RSA_PUBKEY_bio 2053 +d2i_PUBKEY 2054 +X509_TRUST_get_trust 2055 +X509_TRUST_get_flags 2056 +ASN1_BMPSTRING_free 2057 +ASN1_T61STRING_new 2058 +sk_X509_TRUST_unshift 2059 +ASN1_UTCTIME_new 2060 +sk_ACCESS_DESCRIPTION_pop 2061 +i2d_AUTHORITY_INFO_ACCESS 2062 +EVP_PKEY_rset_RSA 2063 +X509_STORE_CTX_set_purpose 2064 +ASN1_IA5STRING_free 2065 +PEM_write_bio_X509_AUX 2066 +X509_PURPOSE_get_count 2067 +CRYPTO_add_info 2068 +sk_ACCESS_DESCRIPTION_num 2069 +sk_ASN1_STRING_TABLE_set_cmp_func 2070 +X509_NAME_ENTRY_create_by_txt 2071 +ASN1_STRING_get_default_mask 2072 +sk_X509_TRUST_dup 2073 +X509_alias_get 2074 +ASN1_STRING_data 2075 +sk_X509_TRUST_insert 2076 +i2d_ACCESS_DESCRIPTION 2077 +X509_trust_set_bit 2078 +sk_X509_PURPOSE_delete_ptr 2079 +ASN1_BIT_STRING_free 2080 +PEM_read_bio_RSA_PUBKEY 2081 +X509_add_reject_object 2082 +X509_check_trust 2083 +sk_X509_TRUST_new_null 2084 +sk_ACCESS_DESCRIPTION_new_null 2085 +sk_ACCESS_DESCRIPTION_delete_ptr 2086 +sk_X509_TRUST_sort 2087 +PEM_read_bio_DSA_PUBKEY 2088 +sk_X509_TRUST_new 2089 +X509_PURPOSE_add 2090 +ASN1_STRING_TABLE_get 2091 +ASN1_UTF8STRING_free 2092 +d2i_DSA_PUBKEY_bio 2093 +sk_ASN1_STRING_TABLE_delete 2094 +PEM_write_RSA_PUBKEY 2095 +d2i_OTHERNAME 2096 +sk_ACCESS_DESCRIPTION_insert 2097 +X509_reject_set_bit 2098 +sk_X509_TRUST_delete_ptr 2099 +sk_X509_PURPOSE_pop_free 2100 +PEM_write_DSA_PUBKEY 2101 +sk_X509_PURPOSE_free 2102 +sk_X509_PURPOSE_dup 2103 +sk_ASN1_STRING_TABLE_zero 2104 +X509_PURPOSE_iget_sname 2105 +sk_ASN1_STRING_TABLE_shift 2106 +EVP_PKEY_rset_DH 2107 +ASN1_OCTET_STRING_dup 2108 +ASN1_BIT_STRING_set 2109 +X509_TRUST_get_count 2110 +ASN1_INTEGER_free 2111 +OTHERNAME_free 2112 +i2d_RSA_PUBKEY_fp 2113 +ASN1_INTEGER_dup 2114 +d2i_X509_CERT_AUX 2115 +sk_ASN1_STRING_TABLE_new_null 2116 +PEM_write_bio_PUBKEY 2117 +ASN1_VISIBLESTRING_free 2118 +X509_PURPOSE_cleanup 2119 +sk_ASN1_STRING_TABLE_push 2120 +sk_ASN1_STRING_TABLE_dup 2121 +sk_X509_PURPOSE_shift 2122 +ASN1_mbstring_ncopy 2123 +sk_X509_PURPOSE_new 2124 +sk_X509_PURPOSE_insert 2125 +ASN1_GENERALIZEDTIME_new 2126 +sk_ACCESS_DESCRIPTION_sort 2127 +EVP_PKEY_rget_DH 2128 +sk_ACCESS_DESCRIPTION_set_cmp_func 2129 +ASN1_OCTET_STRING_new 2130 +ASN1_INTEGER_new 2131 +i2d_X509_AUX 2132 +sk_ASN1_STRING_TABLE_find 2133 +ASN1_BIT_STRING_name_print 2134 +X509_cmp 2135 +ASN1_STRING_length_set 2136 +DIRECTORYSTRING_new 2137 +sk_ASN1_STRING_TABLE_new 2138 +sk_X509_TRUST_delete 2139 +X509_add_trust_object 2140 -- cgit v1.2.3