ssl_cert.c (59191) | ssl_cert.c (68651) |
---|---|
1/*! \file ssl/ssl_cert.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 129 unchanged lines hidden (view full) --- 138 } 139 return(ssl_x509_store_ctx_idx); 140 } 141 142CERT *ssl_cert_new(void) 143 { 144 CERT *ret; 145 | 1/*! \file ssl/ssl_cert.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 129 unchanged lines hidden (view full) --- 138 } 139 return(ssl_x509_store_ctx_idx); 140 } 141 142CERT *ssl_cert_new(void) 143 { 144 CERT *ret; 145 |
146 ret=(CERT *)Malloc(sizeof(CERT)); | 146 ret=(CERT *)OPENSSL_malloc(sizeof(CERT)); |
147 if (ret == NULL) 148 { 149 SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); 150 return(NULL); 151 } 152 memset(ret,0,sizeof(CERT)); 153 154 ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); 155 ret->references=1; 156 157 return(ret); 158 } 159 160CERT *ssl_cert_dup(CERT *cert) 161 { 162 CERT *ret; 163 int i; 164 | 147 if (ret == NULL) 148 { 149 SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); 150 return(NULL); 151 } 152 memset(ret,0,sizeof(CERT)); 153 154 ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); 155 ret->references=1; 156 157 return(ret); 158 } 159 160CERT *ssl_cert_dup(CERT *cert) 161 { 162 CERT *ret; 163 int i; 164 |
165 ret = (CERT *)Malloc(sizeof(CERT)); | 165 ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); |
166 if (ret == NULL) 167 { 168 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); 169 return(NULL); 170 } 171 172 memset(ret, 0, sizeof(CERT)); 173 --- 152 unchanged lines hidden (view full) --- 326 X509_free(c->pkeys[i].x509); 327 if (c->pkeys[i].privatekey != NULL) 328 EVP_PKEY_free(c->pkeys[i].privatekey); 329#if 0 330 if (c->pkeys[i].publickey != NULL) 331 EVP_PKEY_free(c->pkeys[i].publickey); 332#endif 333 } | 166 if (ret == NULL) 167 { 168 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); 169 return(NULL); 170 } 171 172 memset(ret, 0, sizeof(CERT)); 173 --- 152 unchanged lines hidden (view full) --- 326 X509_free(c->pkeys[i].x509); 327 if (c->pkeys[i].privatekey != NULL) 328 EVP_PKEY_free(c->pkeys[i].privatekey); 329#if 0 330 if (c->pkeys[i].publickey != NULL) 331 EVP_PKEY_free(c->pkeys[i].publickey); 332#endif 333 } |
334 Free(c); | 334 OPENSSL_free(c); |
335 } 336 337int ssl_cert_inst(CERT **o) 338 { 339 /* Create a CERT if there isn't already one 340 * (which cannot really happen, as it is initially created in 341 * SSL_CTX_new; but the earlier code usually allows for that one 342 * being non-existant, so we follow that behaviour, as it might --- 19 unchanged lines hidden (view full) --- 362 return(1); 363 } 364 365 366SESS_CERT *ssl_sess_cert_new(void) 367 { 368 SESS_CERT *ret; 369 | 335 } 336 337int ssl_cert_inst(CERT **o) 338 { 339 /* Create a CERT if there isn't already one 340 * (which cannot really happen, as it is initially created in 341 * SSL_CTX_new; but the earlier code usually allows for that one 342 * being non-existant, so we follow that behaviour, as it might --- 19 unchanged lines hidden (view full) --- 362 return(1); 363 } 364 365 366SESS_CERT *ssl_sess_cert_new(void) 367 { 368 SESS_CERT *ret; 369 |
370 ret = Malloc(sizeof *ret); | 370 ret = OPENSSL_malloc(sizeof *ret); |
371 if (ret == NULL) 372 { 373 SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); 374 return NULL; 375 } 376 377 memset(ret, 0 ,sizeof *ret); 378 ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); --- 42 unchanged lines hidden (view full) --- 421 if (sc->peer_rsa_tmp != NULL) 422 RSA_free(sc->peer_rsa_tmp); 423#endif 424#ifndef NO_DH 425 if (sc->peer_dh_tmp != NULL) 426 DH_free(sc->peer_dh_tmp); 427#endif 428 | 371 if (ret == NULL) 372 { 373 SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); 374 return NULL; 375 } 376 377 memset(ret, 0 ,sizeof *ret); 378 ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); --- 42 unchanged lines hidden (view full) --- 421 if (sc->peer_rsa_tmp != NULL) 422 RSA_free(sc->peer_rsa_tmp); 423#endif 424#ifndef NO_DH 425 if (sc->peer_dh_tmp != NULL) 426 DH_free(sc->peer_dh_tmp); 427#endif 428 |
429 Free(sc); | 429 OPENSSL_free(sc); |
430 } 431 432int ssl_set_peer_cert_type(SESS_CERT *sc,int type) 433 { 434 sc->peer_cert_type = type; 435 return(1); 436 } 437 --- 125 unchanged lines hidden (view full) --- 563 return(add_client_CA(&(ssl->client_CA),x)); 564 } 565 566int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) 567 { 568 return(add_client_CA(&(ctx->client_CA),x)); 569 } 570 | 430 } 431 432int ssl_set_peer_cert_type(SESS_CERT *sc,int type) 433 { 434 sc->peer_cert_type = type; 435 return(1); 436 } 437 --- 125 unchanged lines hidden (view full) --- 563 return(add_client_CA(&(ssl->client_CA),x)); 564 } 565 566int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) 567 { 568 return(add_client_CA(&(ctx->client_CA),x)); 569 } 570 |
571static int xname_cmp(X509_NAME **a,X509_NAME **b) | 571static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) |
572 { 573 return(X509_NAME_cmp(*a,*b)); 574 } 575 576#ifndef NO_STDIO 577/*! 578 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; 579 * it doesn't really have anything to do with clients (except that a common use --- 4 unchanged lines hidden (view full) --- 584 */ 585STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) 586 { 587 BIO *in; 588 X509 *x=NULL; 589 X509_NAME *xn=NULL; 590 STACK_OF(X509_NAME) *ret,*sk; 591 | 572 { 573 return(X509_NAME_cmp(*a,*b)); 574 } 575 576#ifndef NO_STDIO 577/*! 578 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; 579 * it doesn't really have anything to do with clients (except that a common use --- 4 unchanged lines hidden (view full) --- 584 */ 585STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) 586 { 587 BIO *in; 588 X509 *x=NULL; 589 X509_NAME *xn=NULL; 590 STACK_OF(X509_NAME) *ret,*sk; 591 |
592 ret=sk_X509_NAME_new(NULL); | 592 ret=sk_X509_NAME_new_null(); |
593 sk=sk_X509_NAME_new(xname_cmp); 594 595 in=BIO_new(BIO_s_file_internal()); 596 597 if ((ret == NULL) || (sk == NULL) || (in == NULL)) 598 { 599 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); 600 goto err; --- 38 unchanged lines hidden (view full) --- 639 * \param file the file to add from. All certs in this file that are not 640 * already in the stack will be added. 641 * \return 1 for success, 0 for failure. Note that in the case of failure some 642 * certs may have been added to \c stack. 643 */ 644 645int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, 646 const char *file) | 593 sk=sk_X509_NAME_new(xname_cmp); 594 595 in=BIO_new(BIO_s_file_internal()); 596 597 if ((ret == NULL) || (sk == NULL) || (in == NULL)) 598 { 599 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); 600 goto err; --- 38 unchanged lines hidden (view full) --- 639 * \param file the file to add from. All certs in this file that are not 640 * already in the stack will be added. 641 * \return 1 for success, 0 for failure. Note that in the case of failure some 642 * certs may have been added to \c stack. 643 */ 644 645int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, 646 const char *file) |
647 { 648 BIO *in; 649 X509 *x=NULL; 650 X509_NAME *xn=NULL; 651 int ret=1; 652 int (*oldcmp)(X509_NAME **a, X509_NAME **b); 653 654 oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); 655 656 in=BIO_new(BIO_s_file_internal()); 657 658 if (in == NULL) | |
659 { | 647 { |
660 SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE); 661 goto err; 662 } | 648 BIO *in; 649 X509 *x=NULL; 650 X509_NAME *xn=NULL; 651 int ret=1; 652 int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); |
663 | 653 |
664 if (!BIO_read_filename(in,file)) 665 goto err; | 654 oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); 655 656 in=BIO_new(BIO_s_file_internal()); 657 658 if (in == NULL) 659 { 660 SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE); 661 goto err; 662 } 663 664 if (!BIO_read_filename(in,file)) 665 goto err; 666 667 for (;;) 668 { 669 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) 670 break; 671 if ((xn=X509_get_subject_name(x)) == NULL) goto err; 672 xn=X509_NAME_dup(xn); 673 if (xn == NULL) goto err; 674 if (sk_X509_NAME_find(stack,xn) >= 0) 675 X509_NAME_free(xn); 676 else 677 sk_X509_NAME_push(stack,xn); 678 } |
666 | 679 |
667 for (;;) 668 { 669 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) 670 break; 671 if ((xn=X509_get_subject_name(x)) == NULL) goto err; 672 xn=X509_NAME_dup(xn); 673 if (xn == NULL) goto err; 674 if (sk_X509_NAME_find(stack,xn) >= 0) 675 X509_NAME_free(xn); 676 else 677 sk_X509_NAME_push(stack,xn); 678 } 679 680 if (0) 681 { | 680 if (0) 681 { |
682err: | 682err: |
683 ret=0; | 683 ret=0; 684 } 685 if(in != NULL) 686 BIO_free(in); 687 if(x != NULL) 688 X509_free(x); 689 690 sk_X509_NAME_set_cmp_func(stack,oldcmp); 691 692 return ret; |
684 } | 693 } |
685 if(in != NULL) 686 BIO_free(in); 687 if(x != NULL) 688 X509_free(x); | |
689 | 694 |
690 sk_X509_NAME_set_cmp_func(stack,oldcmp); 691 692 return ret; 693 } 694 | |
695/*! 696 * Add a directory of certs to a stack. 697 * \param stack the stack to append to. 698 * \param dir the directory to append from. All files in this directory will be 699 * examined as potential certs. Any that are acceptable to 700 * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be 701 * included. 702 * \return 1 for success, 0 for failure. Note that in the case of failure some 703 * certs may have been added to \c stack. 704 */ 705 706#ifndef WIN32 707#ifndef VMS /* XXXX This may be fixed in the future */ 708#ifndef MAC_OS_pre_X 709 710int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, 711 const char *dir) | 695/*! 696 * Add a directory of certs to a stack. 697 * \param stack the stack to append to. 698 * \param dir the directory to append from. All files in this directory will be 699 * examined as potential certs. Any that are acceptable to 700 * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be 701 * included. 702 * \return 1 for success, 0 for failure. Note that in the case of failure some 703 * certs may have been added to \c stack. 704 */ 705 706#ifndef WIN32 707#ifndef VMS /* XXXX This may be fixed in the future */ 708#ifndef MAC_OS_pre_X 709 710int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, 711 const char *dir) |
712 { 713 DIR *d; 714 struct dirent *dstruct; 715 int ret = 0; 716 717 CRYPTO_w_lock(CRYPTO_LOCK_READDIR); 718 d = opendir(dir); 719 720 /* Note that a side effect is that the CAs will be sorted by name */ 721 if(!d) | |
722 { | 712 { |
723 SYSerr(SYS_F_OPENDIR, get_last_sys_error()); 724 ERR_add_error_data(3, "opendir('", dir, "')"); 725 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); 726 goto err; 727 } | 713 DIR *d; 714 struct dirent *dstruct; 715 int ret = 0; |
728 | 716 |
729 while((dstruct=readdir(d))) 730 { 731 char buf[1024]; | 717 CRYPTO_w_lock(CRYPTO_LOCK_READDIR); 718 d = opendir(dir); |
732 | 719 |
733 if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf) 734 { 735 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); 736 goto err; 737 } | 720 /* Note that a side effect is that the CAs will be sorted by name */ 721 if(!d) 722 { 723 SYSerr(SYS_F_OPENDIR, get_last_sys_error()); 724 ERR_add_error_data(3, "opendir('", dir, "')"); 725 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); 726 goto err; 727 } |
738 | 728 |
739 sprintf(buf,"%s/%s",dir,dstruct->d_name); 740 if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) 741 goto err; 742 } 743 ret = 1; | 729 while((dstruct=readdir(d))) 730 { 731 char buf[1024]; 732 int r; 733 734 if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf) 735 { 736 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); 737 goto err; 738 } 739 740 r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name); 741 if (r <= 0 || r >= sizeof buf) 742 goto err; 743 if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) 744 goto err; 745 } 746 ret = 1; |
744 745err: | 747 748err: |
746 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); 747 return ret; 748 } | 749 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); 750 return ret; 751 } |
749 750#endif 751#endif 752#endif | 752 753#endif 754#endif 755#endif |