diff --git a/lib/dns/sec/openssl/Makefile.in b/lib/dns/sec/openssl/Makefile.in index 94187be597..2a12898a81 100644 --- a/lib/dns/sec/openssl/Makefile.in +++ b/lib/dns/sec/openssl/Makefile.in @@ -13,7 +13,7 @@ # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.16 2000/08/01 01:28:02 tale Exp $ +# $Id: Makefile.in,v 1.17 2000/09/16 01:13:53 bwelling Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -27,7 +27,11 @@ CWARNINGS = @IRIX_DNSSEC_WARNINGS_HACK@ LIBS = @LIBS@ # Alphabetically -OBJS = bn_add.@O@ bn_asm.@O@ bn_ctx.@O@ bn_div.@O@ \ +OBJS = a_bytes.@O@ a_bitstr.@O@ a_enum.@O@ a_gentm.@O@ \ + a_int.@O@ a_object.@O@ a_octet.@O@ a_print.@O@ \ + a_set.@O@ a_type.@O@ a_utctm.@O@ a_utf8.@O@ a_vis.@O@ \ + asn1_lib.@O@ \ + bn_add.@O@ bn_asm.@O@ bn_blind.@O@ bn_ctx.@O@ bn_div.@O@ \ bn_err.@O@ bn_exp.@O@ bn_exp2.@O@ bn_gcd.@O@ \ bn_lib.@O@ bn_mont.@O@ bn_mul.@O@ \ bn_prime.@O@ bn_print.@O@ bn_rand.@O@ bn_recp.@O@ \ @@ -36,10 +40,18 @@ OBJS = bn_add.@O@ bn_asm.@O@ bn_ctx.@O@ bn_div.@O@ \ dh_lib.@O@ dsa_asn1.@O@ dsa_err.@O@ dsa_gen.@O@ \ dsa_key.@O@ dsa_lib.@O@ dsa_ossl.@O@ dsa_sign.@O@ \ dsa_vrf.@O@ err.@O@ ex_data.@O@ lhash.@O@ \ - mem.@O@ mem_dbg.@O@ rand_lib.@O@ sha1_one.@O@ sha1dgst.@O@ \ - stack.@O@ th-lock.@O@ + mem.@O@ mem_dbg.@O@ obj_dat.@O@ obj_lib.@O@ rand_lib.@O@ \ + rsa_chk.@O@ rsa_eay.@O@ rsa_gen.@O@ \ + rsa_lib.@O@ rsa_none.@O@ rsa_oaep.@O@ rsa_pk1.@O@ \ + rsa_sign.@O@ rsa_ssl.@O@ \ + sha1_one.@O@ sha1dgst.@O@ \ + stack.@O@ th-lock.@O@ x_algor.@O@ x_sig.@O@ -SRCS = bn_add.c bn_asm.c bn_ctx.c bn_div.c \ +SRCS = a_bitstr.c a_bytes.c a_enum.c a_gentm.c \ + a_int.c a_object.c a_octet.c a_print.c \ + a_set.c a_type.c a_utctm.c a_utf8.c a_vis.c \ + asn1_lib.c \ + bn_add.c bn_asm.c bn_blind.c bn_ctx.c bn_div.c \ bn_err.c bn_exp.c bn_exp2.c bn_gcd.c \ bn_lib.c bn_mont.c bn_mul.c \ bn_prime.c bn_print.c bn_rand.c bn_recp.c \ @@ -48,8 +60,12 @@ SRCS = bn_add.c bn_asm.c bn_ctx.c bn_div.c \ dh_lib.c dsa_asn1.c dsa_err.c dsa_gen.c \ dsa_key.c dsa_lib.c dsa_ossl.c dsa_sign.c \ dsa_vrf.c err.c ex_data.c lhash.c \ - mem.c mem_dbg.c rand_lib.c sha1_one.c sha1dgst.c \ - stack.c th-lock.c + mem.c mem_dbg.c obj_dat.c obj_lib.c rand_lib.c \ + rsa_chk.c rsa_eay.c rsa_gen.c \ + rsa_lib.c rsa_none.c rsa_oaep.c rsa_pk1.c \ + rsa_sign.c rsa_ssl.c \ + sha1_one.c sha1dgst.c \ + stack.c th-lock.c x_sig.c x_algor.c SUBDIRS = include TARGETS = ${OBJS} diff --git a/lib/dns/sec/openssl/a_bitstr.c b/lib/dns/sec/openssl/a_bitstr.c new file mode 100644 index 0000000000..a0ec870ac3 --- /dev/null +++ b/lib/dns/sec/openssl/a_bitstr.c @@ -0,0 +1,234 @@ +/* crypto/asn1/a_bitstr.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include + +ASN1_BIT_STRING *ASN1_BIT_STRING_new(void) +{ return M_ASN1_BIT_STRING_new(); } + +void ASN1_BIT_STRING_free(ASN1_BIT_STRING *x) +{ M_ASN1_BIT_STRING_free(x); } + +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) +{ return M_ASN1_BIT_STRING_set(x, d, len); } + +int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) + { + int ret,j,r,bits,len; + unsigned char *p,*d; + + if (a == NULL) return(0); + + len=a->length; + + if (len > 0) + { + if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) + { + bits=(int)a->flags&0x07; + } + else + { + for ( ; len > 0; len--) + { + if (a->data[len-1]) break; + } + j=a->data[len-1]; + if (j & 0x01) bits=0; + else if (j & 0x02) bits=1; + else if (j & 0x04) bits=2; + else if (j & 0x08) bits=3; + else if (j & 0x10) bits=4; + else if (j & 0x20) bits=5; + else if (j & 0x40) bits=6; + else if (j & 0x80) bits=7; + else bits=0; /* should not happen */ + } + } + else + bits=0; + ret=1+len; + r=ASN1_object_size(0,ret,V_ASN1_BIT_STRING); + if (pp == NULL) return(r); + p= *pp; + + ASN1_put_object(&p,0,ret,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL); + *(p++)=(unsigned char)bits; + d=a->data; + memcpy(p,d,len); + p+=len; + if (len > 0) p[-1]&=(0xff<flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ + ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */ + + if (len-- > 1) /* using one because of the bits left byte */ + { + s=(unsigned char *)Malloc((int)len); + if (s == NULL) + { + i=ERR_R_MALLOC_FAILURE; + goto err; + } + memcpy(s,p,(int)len); + s[len-1]&=(0xff<length=(int)len; + if (ret->data != NULL) Free(ret->data); + ret->data=s; + ret->type=V_ASN1_BIT_STRING; + if (a != NULL) (*a)=ret; + *pp=p; + return(ret); +err: + ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i); + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + M_ASN1_BIT_STRING_free(ret); + return(NULL); + } + +/* These next 2 functions from Goetz Babin-Ebell + */ +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) + { + int w,v,iv; + unsigned char *c; + + w=n/8; + v=1<<(7-(n&0x07)); + iv= ~v; + + a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */ + + if (a == NULL) return(0); + if ((a->length < (w+1)) || (a->data == NULL)) + { + if (!value) return(1); /* Don't need to set */ + if (a->data == NULL) + c=(unsigned char *)Malloc(w+1); + else + c=(unsigned char *)Realloc(a->data,w+1); + if (c == NULL) return(0); + a->data=c; + a->length=w+1; + c[w]=0; + } + a->data[w]=((a->data[w])&iv)|v; + while ((a->length > 0) && (a->data[a->length-1] == 0)) + a->length--; + return(1); + } + +int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) + { + int w,v; + + w=n/8; + v=1<<(7-(n&0x07)); + if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL)) + return(0); + return((a->data[w]&v) != 0); + } + diff --git a/lib/dns/sec/openssl/a_bytes.c b/lib/dns/sec/openssl/a_bytes.c new file mode 100644 index 0000000000..6492db5e40 --- /dev/null +++ b/lib/dns/sec/openssl/a_bytes.c @@ -0,0 +1,326 @@ +/* crypto/asn1/a_bytes.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include + +static unsigned long tag2bit[32]={ +0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */ +B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */ +B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */ +B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */ +0, 0, B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, +B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0, +0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, +B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, + }; + +static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c); +/* type is a 'bitmap' of acceptable string types. + */ +ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp, + long length, int type) + { + ASN1_STRING *ret=NULL; + unsigned char *p,*s; + long len; + int inf,tag,xclass; + int i=0; + + p= *pp; + inf=ASN1_get_object(&p,&len,&tag,&xclass,length); + if (inf & 0x80) goto err; + + if (tag >= 32) + { + i=ASN1_R_TAG_VALUE_TOO_HIGH;; + goto err; + } + if (!(tag2bit[tag] & type)) + { + i=ASN1_R_WRONG_TYPE; + goto err; + } + + /* If a bit-string, exit early */ + if (tag == V_ASN1_BIT_STRING) + return(d2i_ASN1_BIT_STRING(a,pp,length)); + + if ((a == NULL) || ((*a) == NULL)) + { + if ((ret=ASN1_STRING_new()) == NULL) return(NULL); + } + else + ret=(*a); + + if (len != 0) + { + s=(unsigned char *)Malloc((int)len+1); + if (s == NULL) + { + i=ERR_R_MALLOC_FAILURE; + goto err; + } + memcpy(s,p,(int)len); + s[len]='\0'; + p+=len; + } + else + s=NULL; + + if (ret->data != NULL) Free(ret->data); + ret->length=(int)len; + ret->data=s; + ret->type=tag; + if (a != NULL) (*a)=ret; + *pp=p; + return(ret); +err: + ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i); + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + ASN1_STRING_free(ret); + return(NULL); + } + +int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass) + { + int ret,r,constructed; + unsigned char *p; + + if (a == NULL) return(0); + + if (tag == V_ASN1_BIT_STRING) + return(i2d_ASN1_BIT_STRING(a,pp)); + + ret=a->length; + r=ASN1_object_size(0,ret,tag); + if (pp == NULL) return(r); + p= *pp; + + if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET)) + constructed=1; + else + constructed=0; + ASN1_put_object(&p,constructed,ret,tag,xclass); + memcpy(p,a->data,a->length); + p+=a->length; + *pp= p; + return(r); + } + +ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length, + int Ptag, int Pclass) + { + ASN1_STRING *ret=NULL; + unsigned char *p,*s; + long len; + int inf,tag,xclass; + int i=0; + + if ((a == NULL) || ((*a) == NULL)) + { + if ((ret=ASN1_STRING_new()) == NULL) return(NULL); + } + else + ret=(*a); + + p= *pp; + inf=ASN1_get_object(&p,&len,&tag,&xclass,length); + if (inf & 0x80) + { + i=ASN1_R_BAD_OBJECT_HEADER; + goto err; + } + + if (tag != Ptag) + { + i=ASN1_R_WRONG_TAG; + goto err; + } + + if (inf & V_ASN1_CONSTRUCTED) + { + ASN1_CTX c; + + c.pp=pp; + c.p=p; + c.inf=inf; + c.slen=len; + c.tag=Ptag; + c.xclass=Pclass; + c.max=(length == 0)?0:(p+length); + if (!asn1_collate_primitive(ret,&c)) + goto err; + else + { + p=c.p; + } + } + else + { + if (len != 0) + { + if ((ret->length < len) || (ret->data == NULL)) + { + if (ret->data != NULL) Free(ret->data); + s=(unsigned char *)Malloc((int)len + 1); + if (s == NULL) + { + i=ERR_R_MALLOC_FAILURE; + goto err; + } + } + else + s=ret->data; + memcpy(s,p,(int)len); + s[len] = '\0'; + p+=len; + } + else + { + s=NULL; + if (ret->data != NULL) Free(ret->data); + } + + ret->length=(int)len; + ret->data=s; + ret->type=Ptag; + } + + if (a != NULL) (*a)=ret; + *pp=p; + return(ret); +err: + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + ASN1_STRING_free(ret); + ASN1err(ASN1_F_D2I_ASN1_BYTES,i); + return(NULL); + } + + +/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse + * them into the one structure that is then returned */ +/* There have been a few bug fixes for this function from + * Paul Keogh , many thanks to him */ +static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) + { + ASN1_STRING *os=NULL; + BUF_MEM b; + int num; + + b.length=0; + b.max=0; + b.data=NULL; + + if (a == NULL) + { + c->error=ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + num=0; + for (;;) + { + if (c->inf & 1) + { + c->eos=ASN1_check_infinite_end(&c->p, + (long)(c->max-c->p)); + if (c->eos) break; + } + else + { + if (c->slen <= 0) break; + } + + c->q=c->p; + if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass) + == NULL) + { + c->error=ERR_R_ASN1_LIB; + goto err; + } + + if (!BUF_MEM_grow(&b,num+os->length)) + { + c->error=ERR_R_BUF_LIB; + goto err; + } + memcpy(&(b.data[num]),os->data,os->length); + if (!(c->inf & 1)) + c->slen-=(c->p-c->q); + num+=os->length; + } + + if (!asn1_Finish(c)) goto err; + + a->length=num; + if (a->data != NULL) Free(a->data); + a->data=(unsigned char *)b.data; + if (os != NULL) ASN1_STRING_free(os); + return(1); +err: + ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error); + if (os != NULL) ASN1_STRING_free(os); + if (b.data != NULL) Free(b.data); + return(0); + } + diff --git a/lib/dns/sec/openssl/a_enum.c b/lib/dns/sec/openssl/a_enum.c new file mode 100644 index 0000000000..830b10833d --- /dev/null +++ b/lib/dns/sec/openssl/a_enum.c @@ -0,0 +1,340 @@ +/* crypto/asn1/a_enum.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include + +/* + * Code for ENUMERATED type: identical to INTEGER apart from a different tag. + * for comments on encoding see a_int.c + */ + +ASN1_ENUMERATED *ASN1_ENUMERATED_new(void) +{ return M_ASN1_ENUMERATED_new(); } + +void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x) +{ M_ASN1_ENUMERATED_free(x); } + +int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp) + { + int pad=0,ret,r,i,t; + unsigned char *p,*n,pb=0; + + if ((a == NULL) || (a->data == NULL)) return(0); + t=a->type; + if (a->length == 0) + ret=1; + else + { + ret=a->length; + i=a->data[0]; + if ((t == V_ASN1_ENUMERATED) && (i > 127)) { + pad=1; + pb=0; + } else if(t == V_ASN1_NEG_ENUMERATED) { + if(i>128) { + pad=1; + pb=0xFF; + } else if(i == 128) { + for(i = 1; i < a->length; i++) if(a->data[i]) { + pad=1; + pb=0xFF; + break; + } + } + } + ret+=pad; + } + r=ASN1_object_size(0,ret,V_ASN1_ENUMERATED); + if (pp == NULL) return(r); + p= *pp; + + ASN1_put_object(&p,0,ret,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL); + if (pad) *(p++)=pb; + if (a->length == 0) + *(p++)=0; + else if (t == V_ASN1_ENUMERATED) + { + memcpy(p,a->data,(unsigned int)a->length); + p+=a->length; + } + else { + /* Begin at the end of the encoding */ + n=a->data + a->length - 1; + p += a->length - 1; + i = a->length; + /* Copy zeros to destination as long as source is zero */ + while(!*n) { + *(p--) = 0; + n--; + i--; + } + /* Complement and increment next octet */ + *(p--) = ((*(n--)) ^ 0xff) + 1; + i--; + /* Complement any octets left */ + for(;i > 0; i--) *(p--) = *(n--) ^ 0xff; + p += a->length; + } + + *pp=p; + return(r); + } + +ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp, + long length) + { + ASN1_ENUMERATED *ret=NULL; + unsigned char *p,*to,*s; + long len; + int inf,tag,xclass; + int i; + + if ((a == NULL) || ((*a) == NULL)) + { + if ((ret=M_ASN1_ENUMERATED_new()) == NULL) return(NULL); + ret->type=V_ASN1_ENUMERATED; + } + else + ret=(*a); + + p= *pp; + inf=ASN1_get_object(&p,&len,&tag,&xclass,length); + if (inf & 0x80) + { + i=ASN1_R_BAD_OBJECT_HEADER; + goto err; + } + + if (tag != V_ASN1_ENUMERATED) + { + i=ASN1_R_EXPECTING_AN_ENUMERATED; + goto err; + } + + /* We must Malloc stuff, even for 0 bytes otherwise it + * signifies a missing NULL parameter. */ + s=(unsigned char *)Malloc((int)len+1); + if (s == NULL) + { + i=ERR_R_MALLOC_FAILURE; + goto err; + } + to=s; + if(!len) { + /* Strictly speaking this is an illegal ENUMERATED but we + * tolerate it. + */ + ret->type=V_ASN1_ENUMERATED; + } else if (*p & 0x80) /* a negative number */ + { + ret->type=V_ASN1_NEG_ENUMERATED; + if ((*p == 0xff) && (len != 1)) { + p++; + len--; + } + i = len; + p += i - 1; + to += i - 1; + while((!*p) && i) { + *(to--) = 0; + i--; + p--; + } + if(!i) { + *s = 1; + s[len] = 0; + p += len; + len++; + } else { + *(to--) = (*(p--) ^ 0xff) + 1; + i--; + for(;i > 0; i--) *(to--) = *(p--) ^ 0xff; + p += len; + } + } else { + ret->type=V_ASN1_ENUMERATED; + if ((*p == 0) && (len != 1)) + { + p++; + len--; + } + memcpy(s,p,(int)len); + p+=len; + } + + if (ret->data != NULL) Free(ret->data); + ret->data=s; + ret->length=(int)len; + if (a != NULL) (*a)=ret; + *pp=p; + return(ret); +err: + ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i); + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + M_ASN1_ENUMERATED_free(ret); + return(NULL); + } + +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) + { + int i,j,k; + unsigned char buf[sizeof(long)+1]; + long d; + + a->type=V_ASN1_ENUMERATED; + if (a->length < (sizeof(long)+1)) + { + if (a->data != NULL) + Free(a->data); + if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL) + memset((char *)a->data,0,sizeof(long)+1); + } + if (a->data == NULL) + { + ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE); + return(0); + } + d=v; + if (d < 0) + { + d= -d; + a->type=V_ASN1_NEG_ENUMERATED; + } + + for (i=0; i>=8; + } + j=0; + for (k=i-1; k >=0; k--) + a->data[j++]=buf[k]; + a->length=j; + return(1); + } + +long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) + { + int neg=0,i; + long r=0; + + if (a == NULL) return(0L); + i=a->type; + if (i == V_ASN1_NEG_ENUMERATED) + neg=1; + else if (i != V_ASN1_ENUMERATED) + return(0); + + if (a->length > sizeof(long)) + { + /* hmm... a bit ugly */ + return(0xffffffffL); + } + if (a->data == NULL) + return(0); + + for (i=0; ilength; i++) + { + r<<=8; + r|=(unsigned char)a->data[i]; + } + if (neg) r= -r; + return(r); + } + +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) + { + ASN1_ENUMERATED *ret; + int len,j; + + if (ai == NULL) + ret=M_ASN1_ENUMERATED_new(); + else + ret=ai; + if (ret == NULL) + { + ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR); + goto err; + } + if(bn->neg) ret->type = V_ASN1_NEG_ENUMERATED; + else ret->type=V_ASN1_ENUMERATED; + j=BN_num_bits(bn); + len=((j == 0)?0:((j/8)+1)); + ret->data=(unsigned char *)Malloc(len+4); + ret->length=BN_bn2bin(bn,ret->data); + return(ret); +err: + if (ret != ai) M_ASN1_ENUMERATED_free(ret); + return(NULL); + } + +BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) + { + BIGNUM *ret; + + if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) + ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB); + if(ai->type == V_ASN1_NEG_ENUMERATED) bn->neg = 1; + return(ret); + } diff --git a/lib/dns/sec/openssl/a_gentm.c b/lib/dns/sec/openssl/a_gentm.c new file mode 100644 index 0000000000..16c833f2ec --- /dev/null +++ b/lib/dns/sec/openssl/a_gentm.c @@ -0,0 +1,233 @@ +/* crypto/asn1/a_gentm.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */ + +#include +#include "../rename.h" + +#include +#include +#include "cryptlib.h" +#include + +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void) +{ return M_ASN1_GENERALIZEDTIME_new(); } + +void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *x) +{ M_ASN1_GENERALIZEDTIME_free(x); } + +int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp) + { +#ifdef CHARSET_EBCDIC + /* KLUDGE! We convert to ascii before writing DER */ + int len; + char tmp[24]; + ASN1_STRING tmpstr = *(ASN1_STRING *)a; + + len = tmpstr.length; + ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); + tmpstr.data = tmp; + + a = (ASN1_GENERALIZEDTIME *) &tmpstr; +#endif + return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, + V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL)); + } + + +ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, + unsigned char **pp, long length) + { + ASN1_GENERALIZEDTIME *ret=NULL; + + ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length, + V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL); + if (ret == NULL) + { + ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR); + return(NULL); + } +#ifdef CHARSET_EBCDIC + ascii2ebcdic(ret->data, ret->data, ret->length); +#endif + if (!ASN1_GENERALIZEDTIME_check(ret)) + { + ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT); + goto err; + } + + return(ret); +err: + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + M_ASN1_GENERALIZEDTIME_free(ret); + return(NULL); + } + +int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) + { + static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0}; + static int max[9]={99, 99,12,31,23,59,59,12,59}; + char *a; + int n,i,l,o; + + if (d->type != V_ASN1_GENERALIZEDTIME) return(0); + l=d->length; + a=(char *)d->data; + o=0; + /* GENERALIZEDTIME is similar to UTCTIME except the year is + * represented as YYYY. This stuff treats everything as a two digit + * field so make first two fields 00 to 99 + */ + if (l < 13) goto err; + for (i=0; i<7; i++) + { + if ((i == 6) && ((a[o] == 'Z') || + (a[o] == '+') || (a[o] == '-'))) + { i++; break; } + if ((a[o] < '0') || (a[o] > '9')) goto err; + n= a[o]-'0'; + if (++o > l) goto err; + + if ((a[o] < '0') || (a[o] > '9')) goto err; + n=(n*10)+ a[o]-'0'; + if (++o > l) goto err; + + if ((n < min[i]) || (n > max[i])) goto err; + } + if (a[o] == 'Z') + o++; + else if ((a[o] == '+') || (a[o] == '-')) + { + o++; + if (o+4 > l) goto err; + for (i=7; i<9; i++) + { + if ((a[o] < '0') || (a[o] > '9')) goto err; + n= a[o]-'0'; + o++; + if ((a[o] < '0') || (a[o] > '9')) goto err; + n=(n*10)+ a[o]-'0'; + if ((n < min[i]) || (n > max[i])) goto err; + o++; + } + } + return(o == l); +err: + return(0); + } + +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str) + { + ASN1_GENERALIZEDTIME t; + + t.type=V_ASN1_GENERALIZEDTIME; + t.length=strlen(str); + t.data=(unsigned char *)str; + if (ASN1_GENERALIZEDTIME_check(&t)) + { + if (s != NULL) + { + ASN1_STRING_set((ASN1_STRING *)s, + (unsigned char *)str,t.length); + } + return(1); + } + else + return(0); + } + +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t) + { + char *p; + struct tm *ts; +#if defined(THREADS) && !defined(WIN32) + struct tm data; +#endif + + if (s == NULL) + s=M_ASN1_GENERALIZEDTIME_new(); + if (s == NULL) + return(NULL); + +#if defined(THREADS) && !defined(WIN32) + gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */ + ts=&data; +#else + ts=gmtime(&t); +#endif + p=(char *)s->data; + if ((p == NULL) || (s->length < 16)) + { + p=Malloc(20); + if (p == NULL) return(NULL); + if (s->data != NULL) + Free(s->data); + s->data=(unsigned char *)p; + } + + sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, + ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); + s->length=strlen(p); + s->type=V_ASN1_GENERALIZEDTIME; +#ifdef CHARSET_EBCDIC_not + ebcdic2ascii(s->data, s->data, s->length); +#endif + return(s); + } diff --git a/lib/dns/sec/openssl/a_int.c b/lib/dns/sec/openssl/a_int.c new file mode 100644 index 0000000000..d762410406 --- /dev/null +++ b/lib/dns/sec/openssl/a_int.c @@ -0,0 +1,438 @@ +/* crypto/asn1/a_int.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include + +ASN1_INTEGER *ASN1_INTEGER_new(void) +{ return M_ASN1_INTEGER_new();} + +void ASN1_INTEGER_free(ASN1_INTEGER *x) +{ M_ASN1_INTEGER_free(x);} + +ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) +{ return M_ASN1_INTEGER_dup(x);} + +int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) +{ return M_ASN1_INTEGER_cmp(x,y);} + +/* + * This converts an ASN1 INTEGER into its DER encoding. + * The internal representation is an ASN1_STRING whose data is a big endian + * representation of the value, ignoring the sign. The sign is determined by + * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. + * + * Positive integers are no problem: they are almost the same as the DER + * encoding, except if the first byte is >= 0x80 we need to add a zero pad. + * + * Negative integers are a bit trickier... + * The DER representation of negative integers is in 2s complement form. + * The internal form is converted by complementing each octet and finally + * adding one to the result. This can be done less messily with a little trick. + * If the internal form has trailing zeroes then they will become FF by the + * complement and 0 by the add one (due to carry) so just copy as many trailing + * zeros to the destination as there are in the source. The carry will add one + * to the last none zero octet: so complement this octet and add one and finally + * complement any left over until you get to the start of the string. + * + * Padding is a little trickier too. If the first bytes is > 0x80 then we pad + * with 0xff. However if the first byte is 0x80 and one of the following bytes + * is non-zero we pad with 0xff. The reason for this distinction is that 0x80 + * followed by optional zeros isn't padded. + */ + +int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) + { + int pad=0,ret,r,i,t; + unsigned char *p,*n,pb=0; + + if ((a == NULL) || (a->data == NULL)) return(0); + t=a->type; + if (a->length == 0) + ret=1; + else + { + ret=a->length; + i=a->data[0]; + if ((t == V_ASN1_INTEGER) && (i > 127)) { + pad=1; + pb=0; + } else if(t == V_ASN1_NEG_INTEGER) { + if(i>128) { + pad=1; + pb=0xFF; + } else if(i == 128) { + /* + * Special case: if any other bytes non zero we pad: + * otherwise we don't. + */ + for(i = 1; i < a->length; i++) if(a->data[i]) { + pad=1; + pb=0xFF; + break; + } + } + } + ret+=pad; + } + r=ASN1_object_size(0,ret,V_ASN1_INTEGER); + if (pp == NULL) return(r); + p= *pp; + + ASN1_put_object(&p,0,ret,V_ASN1_INTEGER,V_ASN1_UNIVERSAL); + if (pad) *(p++)=pb; + if (a->length == 0) *(p++)=0; + else if (t == V_ASN1_INTEGER) memcpy(p,a->data,(unsigned int)a->length); + else { + /* Begin at the end of the encoding */ + n=a->data + a->length - 1; + p += a->length - 1; + i = a->length; + /* Copy zeros to destination as long as source is zero */ + while(!*n) { + *(p--) = 0; + n--; + i--; + } + /* Complement and increment next octet */ + *(p--) = ((*(n--)) ^ 0xff) + 1; + i--; + /* Complement any octets left */ + for(;i > 0; i--) *(p--) = *(n--) ^ 0xff; + } + + *pp+=r; + return(r); + } + +ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp, + long length) + { + ASN1_INTEGER *ret=NULL; + unsigned char *p,*to,*s, *pend; + long len; + int inf,tag,xclass; + int i; + + if ((a == NULL) || ((*a) == NULL)) + { + if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); + ret->type=V_ASN1_INTEGER; + } + else + ret=(*a); + + p= *pp; + inf=ASN1_get_object(&p,&len,&tag,&xclass,length); + pend = p + len; + if (inf & 0x80) + { + i=ASN1_R_BAD_OBJECT_HEADER; + goto err; + } + + if (tag != V_ASN1_INTEGER) + { + i=ASN1_R_EXPECTING_AN_INTEGER; + goto err; + } + + /* We must Malloc stuff, even for 0 bytes otherwise it + * signifies a missing NULL parameter. */ + s=(unsigned char *)Malloc((int)len+1); + if (s == NULL) + { + i=ERR_R_MALLOC_FAILURE; + goto err; + } + to=s; + if(!len) { + /* Strictly speaking this is an illegal INTEGER but we + * tolerate it. + */ + ret->type=V_ASN1_INTEGER; + } else if (*p & 0x80) /* a negative number */ + { + ret->type=V_ASN1_NEG_INTEGER; + if ((*p == 0xff) && (len != 1)) { + p++; + len--; + } + i = len; + p += i - 1; + to += i - 1; + while((!*p) && i) { + *(to--) = 0; + i--; + p--; + } + /* Special case: if all zeros then the number will be of + * the form FF followed by n zero bytes: this corresponds to + * 1 followed by n zero bytes. We've already written n zeros + * so we just append an extra one and set the first byte to + * a 1. This is treated separately because it is the only case + * where the number of bytes is larger than len. + */ + if(!i) { + *s = 1; + s[len] = 0; + len++; + } else { + *(to--) = (*(p--) ^ 0xff) + 1; + i--; + for(;i > 0; i--) *(to--) = *(p--) ^ 0xff; + } + } else { + ret->type=V_ASN1_INTEGER; + if ((*p == 0) && (len != 1)) + { + p++; + len--; + } + memcpy(s,p,(int)len); + } + + if (ret->data != NULL) Free(ret->data); + ret->data=s; + ret->length=(int)len; + if (a != NULL) (*a)=ret; + *pp=pend; + return(ret); +err: + ASN1err(ASN1_F_D2I_ASN1_INTEGER,i); + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + M_ASN1_INTEGER_free(ret); + return(NULL); + } + +/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of + * ASN1 integers: some broken software can encode a positive INTEGER + * with its MSB set as negative (it doesn't add a padding zero). + */ + +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp, + long length) + { + ASN1_INTEGER *ret=NULL; + unsigned char *p,*to,*s; + long len; + int inf,tag,xclass; + int i; + + if ((a == NULL) || ((*a) == NULL)) + { + if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); + ret->type=V_ASN1_INTEGER; + } + else + ret=(*a); + + p= *pp; + inf=ASN1_get_object(&p,&len,&tag,&xclass,length); + if (inf & 0x80) + { + i=ASN1_R_BAD_OBJECT_HEADER; + goto err; + } + + if (tag != V_ASN1_INTEGER) + { + i=ASN1_R_EXPECTING_AN_INTEGER; + goto err; + } + + /* We must Malloc stuff, even for 0 bytes otherwise it + * signifies a missing NULL parameter. */ + s=(unsigned char *)Malloc((int)len+1); + if (s == NULL) + { + i=ERR_R_MALLOC_FAILURE; + goto err; + } + to=s; + ret->type=V_ASN1_INTEGER; + if(len) { + if ((*p == 0) && (len != 1)) + { + p++; + len--; + } + memcpy(s,p,(int)len); + p+=len; + } + + if (ret->data != NULL) Free(ret->data); + ret->data=s; + ret->length=(int)len; + if (a != NULL) (*a)=ret; + *pp=p; + return(ret); +err: + ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i); + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + M_ASN1_INTEGER_free(ret); + return(NULL); + } + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) + { + int i,j,k; + unsigned char buf[sizeof(long)+1]; + long d; + + a->type=V_ASN1_INTEGER; + if (a->length < (sizeof(long)+1)) + { + if (a->data != NULL) + Free(a->data); + if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL) + memset((char *)a->data,0,sizeof(long)+1); + } + if (a->data == NULL) + { + ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE); + return(0); + } + d=v; + if (d < 0) + { + d= -d; + a->type=V_ASN1_NEG_INTEGER; + } + + for (i=0; i>=8; + } + j=0; + for (k=i-1; k >=0; k--) + a->data[j++]=buf[k]; + a->length=j; + return(1); + } + +long ASN1_INTEGER_get(ASN1_INTEGER *a) + { + int neg=0,i; + long r=0; + + if (a == NULL) return(0L); + i=a->type; + if (i == V_ASN1_NEG_INTEGER) + neg=1; + else if (i != V_ASN1_INTEGER) + return(0); + + if (a->length > sizeof(long)) + { + /* hmm... a bit ugly */ + return(0xffffffffL); + } + if (a->data == NULL) + return(0); + + for (i=0; ilength; i++) + { + r<<=8; + r|=(unsigned char)a->data[i]; + } + if (neg) r= -r; + return(r); + } + +ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) + { + ASN1_INTEGER *ret; + int len,j; + + if (ai == NULL) + ret=M_ASN1_INTEGER_new(); + else + ret=ai; + if (ret == NULL) + { + ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); + goto err; + } + if(bn->neg) ret->type = V_ASN1_NEG_INTEGER; + else ret->type=V_ASN1_INTEGER; + j=BN_num_bits(bn); + len=((j == 0)?0:((j/8)+1)); + ret->data=(unsigned char *)Malloc(len+4); + ret->length=BN_bn2bin(bn,ret->data); + return(ret); +err: + if (ret != ai) M_ASN1_INTEGER_free(ret); + return(NULL); + } + +BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn) + { + BIGNUM *ret; + + if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) + ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); + if(ai->type == V_ASN1_NEG_INTEGER) bn->neg = 1; + return(ret); + } diff --git a/lib/dns/sec/openssl/a_object.c b/lib/dns/sec/openssl/a_object.c new file mode 100644 index 0000000000..ff6b08fafa --- /dev/null +++ b/lib/dns/sec/openssl/a_object.c @@ -0,0 +1,309 @@ +/* crypto/asn1/a_object.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include +#include +#include + +int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) + { + unsigned char *p; + + if ((a == NULL) || (a->data == NULL)) return(0); + + if (pp == NULL) + return(ASN1_object_size(0,a->length,V_ASN1_OBJECT)); + + p= *pp; + ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); + memcpy(p,a->data,a->length); + p+=a->length; + + *pp=p; + return(a->length); + } + +int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) + { + int i,first,len=0,c; + char tmp[24]; + const char *p; + unsigned long l; + + if (num == 0) + return(0); + else if (num == -1) + num=strlen(buf); + + p=buf; + c= *(p++); + num--; + if ((c >= '0') && (c <= '2')) + { + first=(c-'0')*40; + } + else + { + ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE); + goto err; + } + + if (num <= 0) + { + ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER); + goto err; + } + c= *(p++); + num--; + for (;;) + { + if (num <= 0) break; + if ((c != '.') && (c != ' ')) + { + ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR); + goto err; + } + l=0; + for (;;) + { + if (num <= 0) break; + num--; + c= *(p++); + if ((c == ' ') || (c == '.')) + break; + if ((c < '0') || (c > '9')) + { + ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); + goto err; + } + l=l*10L+(long)(c-'0'); + } + if (len == 0) + { + if ((first < 2) && (l >= 40)) + { + ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE); + goto err; + } + l+=(long)first; + } + i=0; + for (;;) + { + tmp[i++]=(unsigned char)l&0x7f; + l>>=7L; + if (l == 0L) break; + } + if (out != NULL) + { + if (len+i > olen) + { + ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL); + goto err; + } + while (--i > 0) + out[len++]=tmp[i]|0x80; + out[len++]=tmp[0]; + } + else + len+=i; + } + return(len); +err: + return(0); + } + +int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) +{ + return OBJ_obj2txt(buf, buf_len, a, 0); +} + +#if 0 +int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) + { + char buf[80]; + int i; + + if ((a == NULL) || (a->data == NULL)) + return(BIO_write(bp,"NULL",4)); + i=i2t_ASN1_OBJECT(buf,80,a); + if (i > 80) i=80; + BIO_write(bp,buf,i); + return(i); + } +#endif + +ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, + long length) + { + ASN1_OBJECT *ret=NULL; + unsigned char *p; + long len; + int tag,xclass; + int inf,i; + + /* only the ASN1_OBJECTs from the 'table' will have values + * for ->sn or ->ln */ + if ((a == NULL) || ((*a) == NULL) || + !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) + { + if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL); + } + else ret=(*a); + + p= *pp; + + inf=ASN1_get_object(&p,&len,&tag,&xclass,length); + if (inf & 0x80) + { + i=ASN1_R_BAD_OBJECT_HEADER; + goto err; + } + + if (tag != V_ASN1_OBJECT) + { + i=ASN1_R_EXPECTING_AN_OBJECT; + goto err; + } + if ((ret->data == NULL) || (ret->length < len)) + { + if (ret->data != NULL) Free(ret->data); + ret->data=(unsigned char *)Malloc(len ? (int)len : 1); + ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; + if (ret->data == NULL) + { i=ERR_R_MALLOC_FAILURE; goto err; } + } + memcpy(ret->data,p,(int)len); + ret->length=(int)len; + ret->sn=NULL; + ret->ln=NULL; + /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ + p+=len; + + if (a != NULL) (*a)=ret; + *pp=p; + return(ret); +err: + ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + ASN1_OBJECT_free(ret); + return(NULL); + } + +ASN1_OBJECT *ASN1_OBJECT_new(void) + { + ASN1_OBJECT *ret; + + ret=(ASN1_OBJECT *)Malloc(sizeof(ASN1_OBJECT)); + if (ret == NULL) + { + ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE); + return(NULL); + } + ret->length=0; + ret->data=NULL; + ret->nid=0; + ret->sn=NULL; + ret->ln=NULL; + ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; + return(ret); + } + +void ASN1_OBJECT_free(ASN1_OBJECT *a) + { + if (a == NULL) return; + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) + { +#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */ + if (a->sn != NULL) Free((void *)a->sn); + if (a->ln != NULL) Free((void *)a->ln); +#endif + a->sn=a->ln=NULL; + } + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) + { + if (a->data != NULL) Free(a->data); + a->data=NULL; + a->length=0; + } + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) + Free(a); + } + +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + char *sn, char *ln) + { + ASN1_OBJECT o; + + o.sn=sn; + o.ln=ln; + o.data=data; + o.nid=nid; + o.length=len; + o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| + ASN1_OBJECT_FLAG_DYNAMIC_DATA; + return(OBJ_dup(&o)); + } + +IMPLEMENT_STACK_OF(ASN1_OBJECT) +IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT) diff --git a/lib/dns/sec/openssl/a_octet.c b/lib/dns/sec/openssl/a_octet.c new file mode 100644 index 0000000000..95113f74cc --- /dev/null +++ b/lib/dns/sec/openssl/a_octet.c @@ -0,0 +1,97 @@ +/* crypto/asn1/a_octet.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include + +ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void) +{ return M_ASN1_OCTET_STRING_new(); } + +void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *x) +{ M_ASN1_OCTET_STRING_free(x); } + +ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x) +{ return M_ASN1_OCTET_STRING_dup(x); } + +int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b) +{ return M_ASN1_OCTET_STRING_cmp(a, b); } + +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len) +{ return M_ASN1_OCTET_STRING_set(x, d, len); } + +int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **pp) +{ return M_i2d_ASN1_OCTET_STRING(a, pp); } + +ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, + unsigned char **pp, long length) + { + ASN1_OCTET_STRING *ret=NULL; + + ret=(ASN1_OCTET_STRING *)d2i_ASN1_bytes((ASN1_STRING **)a, + pp,length,V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL); + if (ret == NULL) + { + ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ERR_R_NESTED_ASN1_ERROR); + return(NULL); + } + return(ret); + } + diff --git a/lib/dns/sec/openssl/a_print.c b/lib/dns/sec/openssl/a_print.c new file mode 100644 index 0000000000..67e128c15a --- /dev/null +++ b/lib/dns/sec/openssl/a_print.c @@ -0,0 +1,200 @@ +/* crypto/asn1/a_print.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include + +ASN1_IA5STRING *ASN1_IA5STRING_new(void) +{ return M_ASN1_IA5STRING_new();} + +void ASN1_IA5STRING_free(ASN1_IA5STRING *x) +{ M_ASN1_IA5STRING_free(x);} + +int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **pp) + { return(M_i2d_ASN1_IA5STRING(a,pp)); } + +ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, unsigned char **pp, + long l) + { return(M_d2i_ASN1_IA5STRING(a,pp,l)); } + +ASN1_T61STRING *ASN1_T61STRING_new(void) +{ return M_ASN1_T61STRING_new();} + +void ASN1_T61STRING_free(ASN1_T61STRING *x) +{ M_ASN1_T61STRING_free(x);} + +ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, unsigned char **pp, + long l) + { return(M_d2i_ASN1_T61STRING(a,pp,l)); } + +ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void) +{ return M_ASN1_PRINTABLESTRING_new();} + +void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *x) +{ M_ASN1_PRINTABLESTRING_free(x);} + +ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a, + unsigned char **pp, long l) + { return(M_d2i_ASN1_PRINTABLESTRING(a,pp, + l)); } + +int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp) + { return(M_i2d_ASN1_PRINTABLESTRING(a,pp)); } + +int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **pp) + { return(M_i2d_ASN1_PRINTABLE(a,pp)); } + +ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, unsigned char **pp, + long l) + { return(M_d2i_ASN1_PRINTABLE(a,pp,l)); } + +int ASN1_PRINTABLE_type(unsigned char *s, int len) + { + int c; + int ia5=0; + int t61=0; + + if (len <= 0) len= -1; + if (s == NULL) return(V_ASN1_PRINTABLESTRING); + + while ((*s) && (len-- != 0)) + { + c= *(s++); +#ifndef CHARSET_EBCDIC + if (!( ((c >= 'a') && (c <= 'z')) || + ((c >= 'A') && (c <= 'Z')) || + (c == ' ') || + ((c >= '0') && (c <= '9')) || + (c == ' ') || (c == '\'') || + (c == '(') || (c == ')') || + (c == '+') || (c == ',') || + (c == '-') || (c == '.') || + (c == '/') || (c == ':') || + (c == '=') || (c == '?'))) + ia5=1; + if (c&0x80) + t61=1; +#else + if (!isalnum(c) && (c != ' ') && + strchr("'()+,-./:=?", c) == NULL) + ia5=1; + if (os_toascii[c] & 0x80) + t61=1; +#endif + } + if (t61) return(V_ASN1_T61STRING); + if (ia5) return(V_ASN1_IA5STRING); + return(V_ASN1_PRINTABLESTRING); + } + +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) + { + int i; + unsigned char *p; + + if (s->type != V_ASN1_UNIVERSALSTRING) return(0); + if ((s->length%4) != 0) return(0); + p=s->data; + for (i=0; ilength; i+=4) + { + if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0')) + break; + else + p+=4; + } + if (i < s->length) return(0); + p=s->data; + for (i=3; ilength; i+=4) + { + *(p++)=s->data[i]; + } + *(p)='\0'; + s->length/=4; + s->type=ASN1_PRINTABLE_type(s->data,s->length); + return(1); + } + +ASN1_STRING *DIRECTORYSTRING_new(void) +{ return M_DIRECTORYSTRING_new();} + +void DIRECTORYSTRING_free(ASN1_STRING *x) +{ M_DIRECTORYSTRING_free(x);} + +int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **pp) + { return(M_i2d_DIRECTORYSTRING(a,pp)); } + +ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp, + long l) + { return(M_d2i_DIRECTORYSTRING(a,pp,l)); } + +ASN1_STRING *DISPLAYTEXT_new(void) +{ return M_DISPLAYTEXT_new();} + +void DISPLAYTEXT_free(ASN1_STRING *x) +{ M_DISPLAYTEXT_free(x);} + +int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **pp) + { return(M_i2d_DISPLAYTEXT(a,pp)); } + +ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp, + long l) + { return(M_d2i_DISPLAYTEXT(a,pp,l)); } diff --git a/lib/dns/sec/openssl/a_set.c b/lib/dns/sec/openssl/a_set.c new file mode 100644 index 0000000000..c21fc89110 --- /dev/null +++ b/lib/dns/sec/openssl/a_set.c @@ -0,0 +1,220 @@ +/* crypto/asn1/a_set.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include + +typedef struct + { + unsigned char *pbData; + int cbData; + } MYBLOB; + +/* SetBlobCmp + * This function compares two elements of SET_OF block + */ +static int SetBlobCmp(const void *elem1, const void *elem2 ) + { + const MYBLOB *b1 = (const MYBLOB *)elem1; + const MYBLOB *b2 = (const MYBLOB *)elem2; + int r; + + r = memcmp(b1->pbData, b2->pbData, + b1->cbData < b2->cbData ? b1->cbData : b2->cbData); + if(r != 0) + return r; + return b1->cbData-b2->cbData; + } + +/* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */ +int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, + int ex_class, int is_set) + { + int ret=0,r; + int i; + unsigned char *p; + unsigned char *pStart, *pTempMem; + MYBLOB *rgSetBlob; + int totSize; + + if (a == NULL) return(0); + for (i=sk_num(a)-1; i>=0; i--) + ret+=func(sk_value(a,i),NULL); + r=ASN1_object_size(1,ret,ex_tag); + if (pp == NULL) return(r); + + p= *pp; + ASN1_put_object(&p,1,ret,ex_tag,ex_class); + +/* Modified by gp@nsj.co.jp */ + /* And then again by Ben */ + /* And again by Steve */ + + if(!is_set || (sk_num(a) < 2)) + { + for (i=0; i c.max) + { + ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR); + goto err; + } + /* check for infinite constructed - it can be as long + * as the amount of data passed to us */ + if (c.inf == (V_ASN1_CONSTRUCTED+1)) + c.slen=length+ *pp-c.p; + c.max=c.p+c.slen; + + while (c.p < c.max) + { + char *s; + + if (M_ASN1_D2I_end_sequence()) break; + if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) + { + ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT); + asn1_add_error(*pp,(int)(c.q- *pp)); + goto err; + } + if (!sk_push(ret,s)) goto err; + } + if (a != NULL) (*a)=ret; + *pp=c.p; + return(ret); +err: + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + { + if (free_func != NULL) + sk_pop_free(ret,free_func); + else + sk_free(ret); + } + return(NULL); + } + diff --git a/lib/dns/sec/openssl/a_type.c b/lib/dns/sec/openssl/a_type.c new file mode 100644 index 0000000000..773524fcba --- /dev/null +++ b/lib/dns/sec/openssl/a_type.c @@ -0,0 +1,351 @@ +/* crypto/asn1/a_type.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include + +static void ASN1_TYPE_component_free(ASN1_TYPE *a); +int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp) + { + int r=0; + + if (a == NULL) return(0); + + switch (a->type) + { + case V_ASN1_NULL: + if (pp != NULL) + ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL); + r=2; + break; + case V_ASN1_INTEGER: + case V_ASN1_NEG_INTEGER: + r=i2d_ASN1_INTEGER(a->value.integer,pp); + break; + case V_ASN1_ENUMERATED: + case V_ASN1_NEG_ENUMERATED: + r=i2d_ASN1_ENUMERATED(a->value.enumerated,pp); + break; + case V_ASN1_BIT_STRING: + r=i2d_ASN1_BIT_STRING(a->value.bit_string,pp); + break; + case V_ASN1_OCTET_STRING: + r=i2d_ASN1_OCTET_STRING(a->value.octet_string,pp); + break; + case V_ASN1_OBJECT: + r=i2d_ASN1_OBJECT(a->value.object,pp); + break; + case V_ASN1_PRINTABLESTRING: + r=M_i2d_ASN1_PRINTABLESTRING(a->value.printablestring,pp); + break; + case V_ASN1_T61STRING: + r=M_i2d_ASN1_T61STRING(a->value.t61string,pp); + break; + case V_ASN1_IA5STRING: + r=M_i2d_ASN1_IA5STRING(a->value.ia5string,pp); + break; + case V_ASN1_GENERALSTRING: + r=M_i2d_ASN1_GENERALSTRING(a->value.generalstring,pp); + break; + case V_ASN1_UNIVERSALSTRING: + r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp); + break; + case V_ASN1_UTF8STRING: + r=M_i2d_ASN1_UTF8STRING(a->value.utf8string,pp); + break; + case V_ASN1_VISIBLESTRING: + r=M_i2d_ASN1_VISIBLESTRING(a->value.visiblestring,pp); + break; + case V_ASN1_BMPSTRING: + r=M_i2d_ASN1_BMPSTRING(a->value.bmpstring,pp); + break; + case V_ASN1_UTCTIME: + r=i2d_ASN1_UTCTIME(a->value.utctime,pp); + break; + case V_ASN1_GENERALIZEDTIME: + r=i2d_ASN1_GENERALIZEDTIME(a->value.generalizedtime,pp); + break; + case V_ASN1_SET: + case V_ASN1_SEQUENCE: + if (a->value.set == NULL) + r=0; + else + { + r=a->value.set->length; + if (pp != NULL) + { + memcpy(*pp,a->value.set->data,r); + *pp+=r; + } + } + break; + } + return(r); + } + +ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length) + { + ASN1_TYPE *ret=NULL; + unsigned char *q,*p,*max; + int inf,tag,xclass; + long len; + + if ((a == NULL) || ((*a) == NULL)) + { + if ((ret=ASN1_TYPE_new()) == NULL) goto err; + } + else + ret=(*a); + + p= *pp; + q=p; + max=(p+length); + + inf=ASN1_get_object(&q,&len,&tag,&xclass,length); + if (inf & 0x80) goto err; + + ASN1_TYPE_component_free(ret); + + switch (tag) + { + case V_ASN1_NULL: + p=q; + ret->value.ptr=NULL; + break; + case V_ASN1_INTEGER: + if ((ret->value.integer= + d2i_ASN1_INTEGER(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_ENUMERATED: + if ((ret->value.enumerated= + d2i_ASN1_ENUMERATED(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_BIT_STRING: + if ((ret->value.bit_string= + d2i_ASN1_BIT_STRING(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_OCTET_STRING: + if ((ret->value.octet_string= + d2i_ASN1_OCTET_STRING(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_VISIBLESTRING: + if ((ret->value.visiblestring= + d2i_ASN1_VISIBLESTRING(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_UTF8STRING: + if ((ret->value.utf8string= + d2i_ASN1_UTF8STRING(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_OBJECT: + if ((ret->value.object= + d2i_ASN1_OBJECT(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_PRINTABLESTRING: + if ((ret->value.printablestring= + d2i_ASN1_PRINTABLESTRING(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_T61STRING: + if ((ret->value.t61string= + M_d2i_ASN1_T61STRING(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_IA5STRING: + if ((ret->value.ia5string= + M_d2i_ASN1_IA5STRING(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_GENERALSTRING: + if ((ret->value.generalstring= + M_d2i_ASN1_GENERALSTRING(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_UNIVERSALSTRING: + if ((ret->value.universalstring= + M_d2i_ASN1_UNIVERSALSTRING(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_BMPSTRING: + if ((ret->value.bmpstring= + M_d2i_ASN1_BMPSTRING(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_UTCTIME: + if ((ret->value.utctime= + d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_GENERALIZEDTIME: + if ((ret->value.generalizedtime= + d2i_ASN1_GENERALIZEDTIME(NULL,&p,max-p)) == NULL) + goto err; + break; + case V_ASN1_SET: + case V_ASN1_SEQUENCE: + /* Sets and sequences are left complete */ + if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err; + ret->value.set->type=tag; + len+=(q-p); + if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err; + p+=len; + break; + default: + ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE); + goto err; + } + + ret->type=tag; + if (a != NULL) (*a)=ret; + *pp=p; + return(ret); +err: + if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_TYPE_free(ret); + return(NULL); + } + +ASN1_TYPE *ASN1_TYPE_new(void) + { + ASN1_TYPE *ret=NULL; + ASN1_CTX c; + + M_ASN1_New_Malloc(ret,ASN1_TYPE); + ret->type= -1; + ret->value.ptr=NULL; + return(ret); + M_ASN1_New_Error(ASN1_F_ASN1_TYPE_NEW); + } + +void ASN1_TYPE_free(ASN1_TYPE *a) + { + if (a == NULL) return; + ASN1_TYPE_component_free(a); + Free(a); + } + +int ASN1_TYPE_get(ASN1_TYPE *a) + { + if (a->value.ptr != NULL) + return(a->type); + else + return(0); + } + +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) + { + if (a->value.ptr != NULL) + ASN1_TYPE_component_free(a); + a->type=type; + a->value.ptr=value; + } + +static void ASN1_TYPE_component_free(ASN1_TYPE *a) + { + if (a == NULL) return; + + if (a->value.ptr != NULL) + { + switch (a->type) + { + case V_ASN1_OBJECT: + ASN1_OBJECT_free(a->value.object); + break; + case V_ASN1_INTEGER: + case V_ASN1_NEG_INTEGER: + case V_ASN1_ENUMERATED: + case V_ASN1_NEG_ENUMERATED: + case V_ASN1_BIT_STRING: + case V_ASN1_OCTET_STRING: + case V_ASN1_SEQUENCE: + case V_ASN1_SET: + case V_ASN1_NUMERICSTRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + case V_ASN1_VIDEOTEXSTRING: + case V_ASN1_IA5STRING: + case V_ASN1_UTCTIME: + case V_ASN1_GENERALIZEDTIME: + case V_ASN1_GRAPHICSTRING: + case V_ASN1_VISIBLESTRING: + case V_ASN1_GENERALSTRING: + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_BMPSTRING: + case V_ASN1_UTF8STRING: + ASN1_STRING_free((ASN1_STRING *)a->value.ptr); + break; + default: + /* MEMORY LEAK */ + break; + } + a->type=0; + a->value.ptr=NULL; + } + } + +IMPLEMENT_STACK_OF(ASN1_TYPE) +IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) diff --git a/lib/dns/sec/openssl/a_utctm.c b/lib/dns/sec/openssl/a_utctm.c new file mode 100644 index 0000000000..c61faa2492 --- /dev/null +++ b/lib/dns/sec/openssl/a_utctm.c @@ -0,0 +1,269 @@ +/* crypto/asn1/a_utctm.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include +#ifdef VMS +#include +#include +#include +#endif +#include "cryptlib.h" +#include + +ASN1_UTCTIME *ASN1_UTCTIME_new(void) +{ return M_ASN1_UTCTIME_new(); } + +void ASN1_UTCTIME_free(ASN1_UTCTIME *x) +{ M_ASN1_UTCTIME_free(x); } + +int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp) + { +#ifndef CHARSET_EBCDIC + return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, + V_ASN1_UTCTIME,V_ASN1_UNIVERSAL)); +#else + /* KLUDGE! We convert to ascii before writing DER */ + int len; + char tmp[24]; + ASN1_STRING x = *(ASN1_STRING *)a; + + len = x.length; + ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); + x.data = tmp; + return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL); +#endif + } + + +ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp, + long length) + { + ASN1_UTCTIME *ret=NULL; + + ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length, + V_ASN1_UTCTIME,V_ASN1_UNIVERSAL); + if (ret == NULL) + { + ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR); + return(NULL); + } +#ifdef CHARSET_EBCDIC + ascii2ebcdic(ret->data, ret->data, ret->length); +#endif + if (!ASN1_UTCTIME_check(ret)) + { + ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT); + goto err; + } + + return(ret); +err: + if ((ret != NULL) && ((a == NULL) || (*a != ret))) + M_ASN1_UTCTIME_free(ret); + return(NULL); + } + +int ASN1_UTCTIME_check(ASN1_UTCTIME *d) + { + static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0}; + static int max[8]={99,12,31,23,59,59,12,59}; + char *a; + int n,i,l,o; + + if (d->type != V_ASN1_UTCTIME) return(0); + l=d->length; + a=(char *)d->data; + o=0; + + if (l < 11) goto err; + for (i=0; i<6; i++) + { + if ((i == 5) && ((a[o] == 'Z') || + (a[o] == '+') || (a[o] == '-'))) + { i++; break; } + if ((a[o] < '0') || (a[o] > '9')) goto err; + n= a[o]-'0'; + if (++o > l) goto err; + + if ((a[o] < '0') || (a[o] > '9')) goto err; + n=(n*10)+ a[o]-'0'; + if (++o > l) goto err; + + if ((n < min[i]) || (n > max[i])) goto err; + } + if (a[o] == 'Z') + o++; + else if ((a[o] == '+') || (a[o] == '-')) + { + o++; + if (o+4 > l) goto err; + for (i=6; i<8; i++) + { + if ((a[o] < '0') || (a[o] > '9')) goto err; + n= a[o]-'0'; + o++; + if ((a[o] < '0') || (a[o] > '9')) goto err; + n=(n*10)+ a[o]-'0'; + if ((n < min[i]) || (n > max[i])) goto err; + o++; + } + } + return(o == l); +err: + return(0); + } + +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str) + { + ASN1_UTCTIME t; + + t.type=V_ASN1_UTCTIME; + t.length=strlen(str); + t.data=(unsigned char *)str; + if (ASN1_UTCTIME_check(&t)) + { + if (s != NULL) + { + ASN1_STRING_set((ASN1_STRING *)s, + (unsigned char *)str,t.length); + } + return(1); + } + else + return(0); + } + +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) + { + char *p; + struct tm *ts; +#if defined(THREADS) && !defined(WIN32) + struct tm data; +#endif + + if (s == NULL) + s=M_ASN1_UTCTIME_new(); + if (s == NULL) + return(NULL); + +#if defined(THREADS) && !defined(WIN32) + gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */ + ts=&data; +#else + ts=gmtime(&t); +#endif +#ifdef VMS + if (ts == NULL) + { + static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL"); + static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL"); + char result[256]; + unsigned int reslen = 0; + struct { + short buflen; + short code; + void *bufaddr; + unsigned int *reslen; + } itemlist[] = { + { 0, LNM$_STRING, 0, 0 }, + { 0, 0, 0, 0 }, + }; + int status; + + /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */ + itemlist[0].buflen = sizeof(result); + itemlist[0].bufaddr = result; + itemlist[0].reslen = &reslen; + status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist); + if (!(status & 1)) + return NULL; + result[reslen] = '\0'; + + /* Get the numerical value of the equivalence string */ + status = atoi(result); + + /* and use it to move time to GMT */ + t -= status; + + /* then convert the result to the time structure */ + ts=(struct tm *)localtime(&t); + } +#endif + p=(char *)s->data; + if ((p == NULL) || (s->length < 14)) + { + p=Malloc(20); + if (p == NULL) return(NULL); + if (s->data != NULL) + Free(s->data); + s->data=(unsigned char *)p; + } + + sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, + ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); + s->length=strlen(p); + s->type=V_ASN1_UTCTIME; +#ifdef CHARSET_EBCDIC_not + ebcdic2ascii(s->data, s->data, s->length); +#endif + return(s); + } diff --git a/lib/dns/sec/openssl/a_utf8.c b/lib/dns/sec/openssl/a_utf8.c new file mode 100644 index 0000000000..6982a9086a --- /dev/null +++ b/lib/dns/sec/openssl/a_utf8.c @@ -0,0 +1,241 @@ +/* crypto/asn1/a_utf8.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include + +ASN1_UTF8STRING *ASN1_UTF8STRING_new(void) +{ return M_ASN1_UTF8STRING_new();} + +void ASN1_UTF8STRING_free(ASN1_UTF8STRING *x) +{ M_ASN1_UTF8STRING_free(x);} + +int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **pp) + { + return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, + V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL)); + } + +ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, unsigned char **pp, + long length) + { + ASN1_UTF8STRING *ret=NULL; + + ret=(ASN1_UTF8STRING *)d2i_ASN1_bytes((ASN1_STRING **)a, + pp,length,V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL); + if (ret == NULL) + { + ASN1err(ASN1_F_D2I_ASN1_UTF8STRING,ERR_R_NESTED_ASN1_ERROR); + return(NULL); + } + return(ret); + } + + +/* UTF8 utilities */ + +/* This parses a UTF8 string one character at a time. It is passed a pointer + * to the string and the length of the string. It sets 'value' to the value of + * the current character. It returns the number of characters read or a + * negative error code: + * -1 = string too short + * -2 = illegal character + * -3 = subsequent characters not of the form 10xxxxxx + * -4 = character encoded incorrectly (not minimal length). + */ + +int UTF8_getc(const unsigned char *str, int len, unsigned long *val) +{ + const unsigned char *p; + unsigned long value; + int ret; + if(len <= 0) return 0; + p = str; + + /* Check syntax and work out the encoded value (if correct) */ + if((*p & 0x80) == 0) { + value = *p++ & 0x7f; + ret = 1; + } else if((*p & 0xe0) == 0xc0) { + if(len < 2) return -1; + if((p[1] & 0xc0) != 0x80) return -3; + value = (*p++ & 0x1f) << 6; + value |= *p++ & 0x3f; + if(value < 0x80) return -4; + ret = 2; + } else if((*p & 0xf0) == 0xe0) { + if(len < 3) return -1; + if( ((p[1] & 0xc0) != 0x80) + || ((p[2] & 0xc0) != 0x80) ) return -3; + value = (*p++ & 0xf) << 12; + value |= (*p++ & 0x3f) << 6; + value |= *p++ & 0x3f; + if(value < 0x800) return -4; + ret = 3; + } else if((*p & 0xf8) == 0xf0) { + if(len < 4) return -1; + if( ((p[1] & 0xc0) != 0x80) + || ((p[2] & 0xc0) != 0x80) + || ((p[3] & 0xc0) != 0x80) ) return -3; + value = (*p++ & 0x7) << 18; + value |= (*p++ & 0x3f) << 12; + value |= (*p++ & 0x3f) << 6; + value |= *p++ & 0x3f; + if(value < 0x10000) return -4; + ret = 4; + } else if((*p & 0xfc) == 0xf8) { + if(len < 5) return -1; + if( ((p[1] & 0xc0) != 0x80) + || ((p[2] & 0xc0) != 0x80) + || ((p[3] & 0xc0) != 0x80) + || ((p[4] & 0xc0) != 0x80) ) return -3; + value = (*p++ & 0x3) << 24; + value |= (*p++ & 0x3f) << 18; + value |= (*p++ & 0x3f) << 12; + value |= (*p++ & 0x3f) << 6; + value |= *p++ & 0x3f; + if(value < 0x200000) return -4; + ret = 5; + } else if((*p & 0xfe) == 0xfc) { + if(len < 6) return -1; + if( ((p[1] & 0xc0) != 0x80) + || ((p[2] & 0xc0) != 0x80) + || ((p[3] & 0xc0) != 0x80) + || ((p[4] & 0xc0) != 0x80) + || ((p[5] & 0xc0) != 0x80) ) return -3; + value = (*p++ & 0x1) << 30; + value |= (*p++ & 0x3f) << 24; + value |= (*p++ & 0x3f) << 18; + value |= (*p++ & 0x3f) << 12; + value |= (*p++ & 0x3f) << 6; + value |= *p++ & 0x3f; + if(value < 0x4000000) return -4; + ret = 6; + } else return -2; + *val = value; + return ret; +} + +/* This takes a character 'value' and writes the UTF8 encoded value in + * 'str' where 'str' is a buffer containing 'len' characters. Returns + * the number of characters written or -1 if 'len' is too small. 'str' can + * be set to NULL in which case it just returns the number of characters. + * It will need at most 6 characters. + */ + +int UTF8_putc(unsigned char *str, int len, unsigned long value) +{ + if(!str) len = 6; /* Maximum we will need */ + else if(len <= 0) return -1; + if(value < 0x80) { + if(str) *str = (unsigned char)value; + return 1; + } + if(value < 0x800) { + if(len < 2) return -1; + if(str) { + *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0); + *str = (unsigned char)((value & 0x3f) | 0x80); + } + return 2; + } + if(value < 0x10000) { + if(len < 3) return -1; + if(str) { + *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0); + *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); + *str = (unsigned char)((value & 0x3f) | 0x80); + } + return 3; + } + if(value < 0x200000) { + if(len < 4) return -1; + if(str) { + *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0); + *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); + *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); + *str = (unsigned char)((value & 0x3f) | 0x80); + } + return 4; + } + if(value < 0x4000000) { + if(len < 5) return -1; + if(str) { + *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8); + *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); + *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); + *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); + *str = (unsigned char)((value & 0x3f) | 0x80); + } + return 5; + } + if(len < 6) return -1; + if(str) { + *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc); + *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80); + *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); + *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); + *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); + *str = (unsigned char)((value & 0x3f) | 0x80); + } + return 6; +} diff --git a/lib/dns/sec/openssl/a_vis.c b/lib/dns/sec/openssl/a_vis.c new file mode 100644 index 0000000000..993d92af2c --- /dev/null +++ b/lib/dns/sec/openssl/a_vis.c @@ -0,0 +1,92 @@ +/* crypto/asn1/a_vis.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include + +ASN1_VISIBLESTRING *ASN1_VISIBLESTRING_new(void) +{ return M_ASN1_VISIBLESTRING_new(); } + +void ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *x) +{ M_ASN1_VISIBLESTRING_free(x); } + +int i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a, unsigned char **pp) + { + return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, + V_ASN1_VISIBLESTRING,V_ASN1_UNIVERSAL)); + } + +ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a, + unsigned char **pp, long length) + { + ASN1_VISIBLESTRING *ret=NULL; + + ret=(ASN1_VISIBLESTRING *)d2i_ASN1_bytes((ASN1_STRING **)a, + pp,length,V_ASN1_VISIBLESTRING,V_ASN1_UNIVERSAL); + if (ret == NULL) + { + ASN1err(ASN1_F_D2I_ASN1_VISIBLESTRING,ERR_R_NESTED_ASN1_ERROR); + return(NULL); + } + return(ret); + } + diff --git a/lib/dns/sec/openssl/asn1_lib.c b/lib/dns/sec/openssl/asn1_lib.c new file mode 100644 index 0000000000..ada754b6e9 --- /dev/null +++ b/lib/dns/sec/openssl/asn1_lib.c @@ -0,0 +1,427 @@ +/* crypto/asn1/asn1_lib.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include +#include + +static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max); +static void asn1_put_length(unsigned char **pp, int length); +const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT; + +int ASN1_check_infinite_end(unsigned char **p, long len) + { + /* If there is 0 or 1 byte left, the length check should pick + * things up */ + if (len <= 0) + return(1); + else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) + { + (*p)+=2; + return(1); + } + return(0); + } + + +int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, + long omax) + { + int i,ret; + long l; + unsigned char *p= *pp; + int tag,xclass,inf; + long max=omax; + + if (!max) goto err; + ret=(*p&V_ASN1_CONSTRUCTED); + xclass=(*p&V_ASN1_PRIVATE); + i= *p&V_ASN1_PRIMITIVE_TAG; + if (i == V_ASN1_PRIMITIVE_TAG) + { /* high-tag */ + p++; + if (--max == 0) goto err; + l=0; + while (*p&0x80) + { + l<<=7L; + l|= *(p++)&0x7f; + if (--max == 0) goto err; + } + l<<=7L; + l|= *(p++)&0x7f; + tag=(int)l; + } + else + { + tag=i; + p++; + if (--max == 0) goto err; + } + *ptag=tag; + *pclass=xclass; + if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; + +#if 0 + fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", + (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), + (int)(omax+ *pp)); + +#endif +#if 0 + if ((p+ *plength) > (omax+ *pp)) + { + ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); + /* Set this so that even if things are not long enough + * the values are set correctly */ + ret|=0x80; + } +#endif + *pp=p; + return(ret|inf); +err: + ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG); + return(0x80); + } + +static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) + { + unsigned char *p= *pp; + long ret=0; + int i; + + if (max-- < 1) return(0); + if (*p == 0x80) + { + *inf=1; + ret=0; + p++; + } + else + { + *inf=0; + i= *p&0x7f; + if (*(p++) & 0x80) + { + if (max-- == 0) return(0); + while (i-- > 0) + { + ret<<=8L; + ret|= *(p++); + if (max-- == 0) return(0); + } + } + else + ret=i; + } + *pp=p; + *rl=ret; + return(1); + } + +/* class 0 is constructed + * constructed == 2 for indefinite length constructed */ +void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, + int xclass) + { + unsigned char *p= *pp; + int i; + + i=(constructed)?V_ASN1_CONSTRUCTED:0; + i|=(xclass&V_ASN1_PRIVATE); + if (tag < 31) + *(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG); + else + { + *(p++)=i|V_ASN1_PRIMITIVE_TAG; + while (tag > 0x7f) + { + *(p++)=(tag&0x7f)|0x80; + tag>>=7; + } + *(p++)=(tag&0x7f); + } + if ((constructed == 2) && (length == 0)) + *(p++)=0x80; /* der_put_length would output 0 instead */ + else + asn1_put_length(&p,length); + *pp=p; + } + +static void asn1_put_length(unsigned char **pp, int length) + { + unsigned char *p= *pp; + int i,l; + if (length <= 127) + *(p++)=(unsigned char)length; + else + { + l=length; + for (i=0; l > 0; i++) + l>>=8; + *(p++)=i|0x80; + l=i; + while (i-- > 0) + { + p[i]=length&0xff; + length>>=8; + } + p+=l; + } + *pp=p; + } + +int ASN1_object_size(int constructed, int length, int tag) + { + int ret; + + ret=length; + ret++; + if (tag >= 31) + { + while (tag > 0) + { + tag>>=7; + ret++; + } + } + if ((length == 0) && (constructed == 2)) + ret+=2; + ret++; + if (length > 127) + { + while (length > 0) + { + length>>=8; + ret++; + } + } + return(ret); + } + +int asn1_Finish(ASN1_CTX *c) + { + if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos)) + { + if (!ASN1_check_infinite_end(&c->p,c->slen)) + { + c->error=ERR_R_MISSING_ASN1_EOS; + return(0); + } + } + if ( ((c->slen != 0) && !(c->inf & 1)) || + ((c->slen < 0) && (c->inf & 1))) + { + c->error=ERR_R_ASN1_LENGTH_MISMATCH; + return(0); + } + return(1); + } + +int asn1_GetSequence(ASN1_CTX *c, long *length) + { + unsigned char *q; + + q=c->p; + c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass), + *length); + if (c->inf & 0x80) + { + c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL; + return(0); + } + if (c->tag != V_ASN1_SEQUENCE) + { + c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE; + return(0); + } + (*length)-=(c->p-q); + if (c->max && (*length < 0)) + { + c->error=ERR_R_ASN1_LENGTH_MISMATCH; + return(0); + } + if (c->inf == (1|V_ASN1_CONSTRUCTED)) + c->slen= *length+ *(c->pp)-c->p; + c->eos=0; + return(1); + } + +ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str) + { + ASN1_STRING *ret; + + if (str == NULL) return(NULL); + if ((ret=ASN1_STRING_type_new(str->type)) == NULL) + return(NULL); + if (!ASN1_STRING_set(ret,str->data,str->length)) + { + ASN1_STRING_free(ret); + return(NULL); + } + ret->flags = str->flags; + return(ret); + } + +int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) + { + unsigned char *c; + const char *data=_data; + + if (len < 0) + { + if (data == NULL) + return(0); + else + len=strlen(data); + } + if ((str->length < len) || (str->data == NULL)) + { + c=str->data; + if (c == NULL) + str->data=Malloc(len+1); + else + str->data=Realloc(c,len+1); + + if (str->data == NULL) + { + str->data=c; + return(0); + } + } + str->length=len; + if (data != NULL) + { + memcpy(str->data,data,len); + /* an allowance for strings :-) */ + str->data[len]='\0'; + } + return(1); + } + +ASN1_STRING *ASN1_STRING_new(void) + { + return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + } + + +ASN1_STRING *ASN1_STRING_type_new(int type) + { + ASN1_STRING *ret; + + ret=(ASN1_STRING *)Malloc(sizeof(ASN1_STRING)); + if (ret == NULL) + { + ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE); + return(NULL); + } + ret->length=0; + ret->type=type; + ret->data=NULL; + ret->flags=0; + return(ret); + } + +void ASN1_STRING_free(ASN1_STRING *a) + { + if (a == NULL) return; + if (a->data != NULL) Free(a->data); + Free(a); + } + +int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) + { + int i; + + i=(a->length-b->length); + if (i == 0) + { + i=memcmp(a->data,b->data,a->length); + if (i == 0) + return(a->type-b->type); + else + return(i); + } + else + return(i); + } + +void asn1_add_error(unsigned char *address, int offset) + { + char buf1[16],buf2[16]; + + sprintf(buf1,"%lu",(unsigned long)address); + sprintf(buf2,"%d",offset); + ERR_add_error_data(4,"address=",buf1," offset=",buf2); + } + +int ASN1_STRING_length(ASN1_STRING *x) +{ return M_ASN1_STRING_length(x); } + +void ASN1_STRING_length_set(ASN1_STRING *x, int len) +{ M_ASN1_STRING_length_set(x, len); return; } + +int ASN1_STRING_type(ASN1_STRING *x) +{ return M_ASN1_STRING_type(x); } + +unsigned char * ASN1_STRING_data(ASN1_STRING *x) +{ return M_ASN1_STRING_data(x); } diff --git a/lib/dns/sec/openssl/bn_blind.c b/lib/dns/sec/openssl/bn_blind.c new file mode 100644 index 0000000000..d6684b60e1 --- /dev/null +++ b/lib/dns/sec/openssl/bn_blind.c @@ -0,0 +1,147 @@ +/* crypto/bn/bn_blind.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include "bn_lcl.h" + +BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod) + { + BN_BLINDING *ret=NULL; + + bn_check_top(Ai); + bn_check_top(mod); + + if ((ret=(BN_BLINDING *)Malloc(sizeof(BN_BLINDING))) == NULL) + { + BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE); + return(NULL); + } + memset(ret,0,sizeof(BN_BLINDING)); + if ((ret->A=BN_new()) == NULL) goto err; + if ((ret->Ai=BN_new()) == NULL) goto err; + if (!BN_copy(ret->A,A)) goto err; + if (!BN_copy(ret->Ai,Ai)) goto err; + ret->mod=mod; + return(ret); +err: + if (ret != NULL) BN_BLINDING_free(ret); + return(NULL); + } + +void BN_BLINDING_free(BN_BLINDING *r) + { + if(r == NULL) + return; + + if (r->A != NULL) BN_free(r->A ); + if (r->Ai != NULL) BN_free(r->Ai); + Free(r); + } + +int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) + { + int ret=0; + + if ((b->A == NULL) || (b->Ai == NULL)) + { + BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED); + goto err; + } + + if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; + if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; + + ret=1; +err: + return(ret); + } + +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) + { + bn_check_top(n); + + if ((b->A == NULL) || (b->Ai == NULL)) + { + BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITIALIZED); + return(0); + } + return(BN_mod_mul(n,n,b->A,b->mod,ctx)); + } + +int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) + { + int ret; + + bn_check_top(n); + if ((b->A == NULL) || (b->Ai == NULL)) + { + BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITIALIZED); + return(0); + } + if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0) + { + if (!BN_BLINDING_update(b,ctx)) + return(0); + } + return(ret); + } + diff --git a/lib/dns/sec/openssl/include/openssl/asn1.h b/lib/dns/sec/openssl/include/openssl/asn1.h new file mode 100644 index 0000000000..99bd64a11e --- /dev/null +++ b/lib/dns/sec/openssl/include/openssl/asn1.h @@ -0,0 +1,1067 @@ +/* crypto/asn1/asn1.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_ASN1_H +#define HEADER_ASN1_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include +#include + +#ifdef VMS +#include +#endif + +#define V_ASN1_UNIVERSAL 0x00 +#define V_ASN1_APPLICATION 0x40 +#define V_ASN1_CONTEXT_SPECIFIC 0x80 +#define V_ASN1_PRIVATE 0xc0 + +#define V_ASN1_CONSTRUCTED 0x20 +#define V_ASN1_PRIMITIVE_TAG 0x1f +#define V_ASN1_PRIMATIVE_TAG 0x1f + +#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */ + +#define V_ASN1_UNDEF -1 +#define V_ASN1_EOC 0 +#define V_ASN1_BOOLEAN 1 /**/ +#define V_ASN1_INTEGER 2 +#define V_ASN1_NEG_INTEGER (2+0x100) +#define V_ASN1_BIT_STRING 3 +#define V_ASN1_OCTET_STRING 4 +#define V_ASN1_NULL 5 +#define V_ASN1_OBJECT 6 +#define V_ASN1_OBJECT_DESCRIPTOR 7 +#define V_ASN1_EXTERNAL 8 +#define V_ASN1_REAL 9 +#define V_ASN1_ENUMERATED 10 +#define V_ASN1_NEG_ENUMERATED (10+0x100) +#define V_ASN1_UTF8STRING 12 +#define V_ASN1_SEQUENCE 16 +#define V_ASN1_SET 17 +#define V_ASN1_NUMERICSTRING 18 /**/ +#define V_ASN1_PRINTABLESTRING 19 +#define V_ASN1_T61STRING 20 +#define V_ASN1_TELETEXSTRING 20 /* alias */ +#define V_ASN1_VIDEOTEXSTRING 21 /**/ +#define V_ASN1_IA5STRING 22 +#define V_ASN1_UTCTIME 23 +#define V_ASN1_GENERALIZEDTIME 24 /**/ +#define V_ASN1_GRAPHICSTRING 25 /**/ +#define V_ASN1_ISO64STRING 26 /**/ +#define V_ASN1_VISIBLESTRING 26 /* alias */ +#define V_ASN1_GENERALSTRING 27 /**/ +#define V_ASN1_UNIVERSALSTRING 28 /**/ +#define V_ASN1_BMPSTRING 30 + +/* For use with d2i_ASN1_type_bytes() */ +#define B_ASN1_NUMERICSTRING 0x0001 +#define B_ASN1_PRINTABLESTRING 0x0002 +#define B_ASN1_T61STRING 0x0004 +#define B_ASN1_TELETEXSTRING 0x0008 +#define B_ASN1_VIDEOTEXSTRING 0x0008 +#define B_ASN1_IA5STRING 0x0010 +#define B_ASN1_GRAPHICSTRING 0x0020 +#define B_ASN1_ISO64STRING 0x0040 +#define B_ASN1_VISIBLESTRING 0x0040 +#define B_ASN1_GENERALSTRING 0x0080 +#define B_ASN1_UNIVERSALSTRING 0x0100 +#define B_ASN1_OCTET_STRING 0x0200 +#define B_ASN1_BIT_STRING 0x0400 +#define B_ASN1_BMPSTRING 0x0800 +#define B_ASN1_UNKNOWN 0x1000 +#define B_ASN1_UTF8STRING 0x2000 + +/* For use with ASN1_mbstring_copy() */ +#define MBSTRING_FLAG 0x1000 +#define MBSTRING_ASC (MBSTRING_FLAG|1) +#define MBSTRING_BMP (MBSTRING_FLAG|2) +#define MBSTRING_UNIV (MBSTRING_FLAG|3) +#define MBSTRING_UTF8 (MBSTRING_FLAG|4) + +#define DECLARE_ASN1_SET_OF(type) \ +int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \ + int (*func)(type *,unsigned char **), int ex_tag, \ + int ex_class, int is_set); \ +STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \ + long length, \ + type *(*func)(type **, \ + unsigned char **,long), \ + void (*free_func)(type *), \ + int ex_tag,int ex_class); + +#define IMPLEMENT_ASN1_SET_OF(type) \ +int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \ + int (*func)(type *,unsigned char **), int ex_tag, \ + int ex_class, int is_set) \ + { return i2d_ASN1_SET((STACK *)a,pp,func,ex_tag,ex_class,is_set); } \ +STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \ + long length, \ + type *(*func)(type **, \ + unsigned char **,long), \ + void (*free_func)(type *), \ + int ex_tag,int ex_class) \ + { return (STACK_OF(type) *)d2i_ASN1_SET((STACK **)a,pp,length, \ + (char *(*)())func, \ + (void (*)())free_func, \ + ex_tag,ex_class); } + +typedef struct asn1_ctx_st + { + unsigned char *p;/* work char pointer */ + int eos; /* end of sequence read for indefinite encoding */ + int error; /* error code to use when returning an error */ + int inf; /* constructed if 0x20, indefinite is 0x21 */ + int tag; /* tag from last 'get object' */ + int xclass; /* class from last 'get object' */ + long slen; /* length of last 'get object' */ + unsigned char *max; /* largest value of p allowed */ + unsigned char *q;/* temporary variable */ + unsigned char **pp;/* variable */ + int line; /* used in error processing */ + } ASN1_CTX; + +/* These are used internally in the ASN1_OBJECT to keep track of + * whether the names and data need to be free()ed */ +#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ +#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */ +#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */ +#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ +typedef struct asn1_object_st + { + const char *sn,*ln; + int nid; + int length; + unsigned char *data; + int flags; /* Should we free this one */ + } ASN1_OBJECT; + +#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ +/* This is the base type that holds just about everything :-) */ +typedef struct asn1_string_st + { + int length; + int type; + unsigned char *data; + /* The value of the following field depends on the type being + * held. It is mostly being used for BIT_STRING so if the + * input data has a non-zero 'unused bits' value, it will be + * handled correctly */ + long flags; + } ASN1_STRING; + +#define STABLE_FLAGS_MALLOC 0x01 +#define STABLE_NO_MASK 0x02 +#define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) + +typedef struct asn1_string_table_st { + int nid; + long minsize; + long maxsize; + unsigned long mask; + unsigned long flags; +} ASN1_STRING_TABLE; + +DECLARE_STACK_OF(ASN1_STRING_TABLE) + +/* size limits: this stuff is taken straight from RFC2459 */ + +#define ub_name 32768 +#define ub_common_name 64 +#define ub_locality_name 128 +#define ub_state_name 128 +#define ub_organization_name 64 +#define ub_organization_unit_name 64 +#define ub_title 64 +#define ub_email_address 128 + +#ifdef NO_ASN1_TYPEDEFS +#define ASN1_INTEGER ASN1_STRING +#define ASN1_ENUMERATED ASN1_STRING +#define ASN1_BIT_STRING ASN1_STRING +#define ASN1_OCTET_STRING ASN1_STRING +#define ASN1_PRINTABLESTRING ASN1_STRING +#define ASN1_T61STRING ASN1_STRING +#define ASN1_IA5STRING ASN1_STRING +#define ASN1_UTCTIME ASN1_STRING +#define ASN1_GENERALIZEDTIME ASN1_STRING +#define ASN1_TIME ASN1_STRING +#define ASN1_GENERALSTRING ASN1_STRING +#define ASN1_UNIVERSALSTRING ASN1_STRING +#define ASN1_BMPSTRING ASN1_STRING +#define ASN1_VISIBLESTRING ASN1_STRING +#define ASN1_UTF8STRING ASN1_STRING +#else +typedef struct asn1_string_st ASN1_INTEGER; +typedef struct asn1_string_st ASN1_ENUMERATED; +typedef struct asn1_string_st ASN1_BIT_STRING; +typedef struct asn1_string_st ASN1_OCTET_STRING; +typedef struct asn1_string_st ASN1_PRINTABLESTRING; +typedef struct asn1_string_st ASN1_T61STRING; +typedef struct asn1_string_st ASN1_IA5STRING; +typedef struct asn1_string_st ASN1_GENERALSTRING; +typedef struct asn1_string_st ASN1_UNIVERSALSTRING; +typedef struct asn1_string_st ASN1_BMPSTRING; +typedef struct asn1_string_st ASN1_UTCTIME; +typedef struct asn1_string_st ASN1_TIME; +typedef struct asn1_string_st ASN1_GENERALIZEDTIME; +typedef struct asn1_string_st ASN1_VISIBLESTRING; +typedef struct asn1_string_st ASN1_UTF8STRING; +#endif + +typedef int ASN1_NULL; + +typedef struct asn1_type_st + { + int type; + union { + char *ptr; + ASN1_STRING * asn1_string; + ASN1_OBJECT * object; + ASN1_INTEGER * integer; + ASN1_ENUMERATED * enumerated; + ASN1_BIT_STRING * bit_string; + ASN1_OCTET_STRING * octet_string; + ASN1_PRINTABLESTRING * printablestring; + ASN1_T61STRING * t61string; + ASN1_IA5STRING * ia5string; + ASN1_GENERALSTRING * generalstring; + ASN1_BMPSTRING * bmpstring; + ASN1_UNIVERSALSTRING * universalstring; + ASN1_UTCTIME * utctime; + ASN1_GENERALIZEDTIME * generalizedtime; + ASN1_VISIBLESTRING * visiblestring; + ASN1_UTF8STRING * utf8string; + /* set and sequence are left complete and still + * contain the set or sequence bytes */ + ASN1_STRING * set; + ASN1_STRING * sequence; + } value; + } ASN1_TYPE; + +DECLARE_STACK_OF(ASN1_TYPE) +DECLARE_ASN1_SET_OF(ASN1_TYPE) + +typedef struct asn1_method_st + { + int (*i2d)(); + char *(*d2i)(); + char *(*create)(); + void (*destroy)(); + } ASN1_METHOD; + +/* This is used when parsing some Netscape objects */ +typedef struct asn1_header_st + { + ASN1_OCTET_STRING *header; + char *data; + ASN1_METHOD *meth; + } ASN1_HEADER; + +/* This is used to contain a list of bit names */ +typedef struct BIT_STRING_BITNAME_st { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + + +#define M_ASN1_STRING_length(x) ((x)->length) +#define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) +#define M_ASN1_STRING_type(x) ((x)->type) +#define M_ASN1_STRING_data(x) ((x)->data) + +/* Macros for string operations */ +#define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ + ASN1_STRING_type_new(V_ASN1_BIT_STRING) +#define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ + ASN1_STRING_dup((ASN1_STRING *)a) +#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ + (ASN1_STRING *)a,(ASN1_STRING *)b) +#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) + +#define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ + ASN1_STRING_type_new(V_ASN1_INTEGER) +#define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a) +#define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ + (ASN1_STRING *)a,(ASN1_STRING *)b) + +#define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ + ASN1_STRING_type_new(V_ASN1_ENUMERATED) +#define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a) +#define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ + (ASN1_STRING *)a,(ASN1_STRING *)b) + +#define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ + ASN1_STRING_type_new(V_ASN1_OCTET_STRING) +#define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ + ASN1_STRING_dup((ASN1_STRING *)a) +#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ + (ASN1_STRING *)a,(ASN1_STRING *)b) +#define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) +#define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) +#define M_i2d_ASN1_OCTET_STRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ + V_ASN1_UNIVERSAL) + +#define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) +#define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ + pp,a->type,V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_PRINTABLE(a,pp,l) \ + d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_T61STRING| \ + B_ASN1_IA5STRING| \ + B_ASN1_BIT_STRING| \ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING|\ + B_ASN1_UNKNOWN) + +#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) +#define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ + pp,a->type,V_ASN1_UNIVERSAL) +#define M_d2i_DIRECTORYSTRING(a,pp,l) \ + d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_TELETEXSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_UTF8STRING) + +#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) +#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ + pp,a->type,V_ASN1_UNIVERSAL) +#define M_d2i_DISPLAYTEXT(a,pp,l) \ + d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ + B_ASN1_VISIBLESTRING| \ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING) + +#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ + ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) +#define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \ + (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) + +#define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ + ASN1_STRING_type_new(V_ASN1_T61STRING) +#define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_T61STRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_T61STRING(a,pp,l) \ + (ASN1_T61STRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) + +#define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ + ASN1_STRING_type_new(V_ASN1_IA5STRING) +#define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_IA5STRING_dup(a) \ + (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a) +#define M_i2d_ASN1_IA5STRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_IA5STRING(a,pp,l) \ + (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ + B_ASN1_IA5STRING) + +#define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ + ASN1_STRING_type_new(V_ASN1_UTCTIME) +#define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a) + +#define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ + ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) +#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ + (ASN1_STRING *)a) + +#define M_ASN1_TIME_new() (ASN1_TIME *)\ + ASN1_STRING_type_new(V_ASN1_UTCTIME) +#define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a) + +#define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ + ASN1_STRING_type_new(V_ASN1_GENERALSTRING) +#define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_GENERALSTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \ + (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) + +#define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ + ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) +#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \ + (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) + +#define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ + ASN1_STRING_type_new(V_ASN1_BMPSTRING) +#define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_BMPSTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_BMPSTRING(a,pp,l) \ + (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) + +#define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ + ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) +#define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_VISIBLESTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \ + (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING) + +#define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ + ASN1_STRING_type_new(V_ASN1_UTF8STRING) +#define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_UTF8STRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_UTF8STRING(a,pp,l) \ + (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING) + + /* for the is_set parameter to i2d_ASN1_SET */ +#define IS_SEQUENCE 0 +#define IS_SET 1 + +ASN1_TYPE * ASN1_TYPE_new(void ); +void ASN1_TYPE_free(ASN1_TYPE *a); +int i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp); +ASN1_TYPE * d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length); +int ASN1_TYPE_get(ASN1_TYPE *a); +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); + +ASN1_OBJECT * ASN1_OBJECT_new(void ); +void ASN1_OBJECT_free(ASN1_OBJECT *a); +int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp); +ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp, + long length); + +DECLARE_STACK_OF(ASN1_OBJECT) +DECLARE_ASN1_SET_OF(ASN1_OBJECT) + +ASN1_STRING * ASN1_STRING_new(void); +void ASN1_STRING_free(ASN1_STRING *a); +ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); +ASN1_STRING * ASN1_STRING_type_new(int type ); +int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); + /* Since this is used to store all sorts of things, via macros, for now, make + its data void * */ +int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +int ASN1_STRING_length(ASN1_STRING *x); +void ASN1_STRING_length_set(ASN1_STRING *x, int n); +int ASN1_STRING_type(ASN1_STRING *x); +unsigned char * ASN1_STRING_data(ASN1_STRING *x); + +ASN1_BIT_STRING * ASN1_BIT_STRING_new(void); +void ASN1_BIT_STRING_free(ASN1_BIT_STRING *a); +int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp); +ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp, + long length); +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, + int length ); +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); + +#ifdef HEADER_BIO_H +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); +#endif +int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl); +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, + BIT_STRING_BITNAME *tbl); + +int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); +int d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length); + +ASN1_INTEGER * ASN1_INTEGER_new(void); +void ASN1_INTEGER_free(ASN1_INTEGER *a); +int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp); +ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp, + long length); +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp, + long length); +ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x); +int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y); + +ASN1_ENUMERATED * ASN1_ENUMERATED_new(void); +void ASN1_ENUMERATED_free(ASN1_ENUMERATED *a); +int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a,unsigned char **pp); +ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp, + long length); + +int ASN1_UTCTIME_check(ASN1_UTCTIME *a); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); + +int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); + +ASN1_OCTET_STRING * ASN1_OCTET_STRING_new(void); +void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a); +int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp); +ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, + unsigned char **pp,long length); +ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); +int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len); + +ASN1_VISIBLESTRING * ASN1_VISIBLESTRING_new(void); +void ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a); +int i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a,unsigned char **pp); +ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a, + unsigned char **pp,long length); + +ASN1_UTF8STRING * ASN1_UTF8STRING_new(void); +void ASN1_UTF8STRING_free(ASN1_UTF8STRING *a); +int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a,unsigned char **pp); +ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, + unsigned char **pp,long length); + +ASN1_NULL * ASN1_NULL_new(void); +void ASN1_NULL_free(ASN1_NULL *a); +int i2d_ASN1_NULL(ASN1_NULL *a,unsigned char **pp); +ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **a, unsigned char **pp,long length); + +ASN1_BMPSTRING * ASN1_BMPSTRING_new(void); +void ASN1_BMPSTRING_free(ASN1_BMPSTRING *a); +int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp); +ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp, + long length); + + +int UTF8_getc(const unsigned char *str, int len, unsigned long *val); +int UTF8_putc(unsigned char *str, int len, unsigned long value); + +int i2d_ASN1_PRINTABLE(ASN1_STRING *a,unsigned char **pp); +ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, + unsigned char **pp, long l); + +ASN1_PRINTABLESTRING * ASN1_PRINTABLESTRING_new(void); +void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a); +ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a, + unsigned char **pp, long l); +int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp); + +ASN1_STRING * DIRECTORYSTRING_new(void); +void DIRECTORYSTRING_free(ASN1_STRING *a); +int i2d_DIRECTORYSTRING(ASN1_STRING *a,unsigned char **pp); +ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp, + long length); + +ASN1_STRING * DISPLAYTEXT_new(void); +void DISPLAYTEXT_free(ASN1_STRING *a); +int i2d_DISPLAYTEXT(ASN1_STRING *a,unsigned char **pp); +ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp, long length); + +ASN1_T61STRING * ASN1_T61STRING_new(void); +void ASN1_T61STRING_free(ASN1_IA5STRING *a); +ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, + unsigned char **pp, long l); + +ASN1_IA5STRING * ASN1_IA5STRING_new(void); +void ASN1_IA5STRING_free(ASN1_IA5STRING *a); +int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a,unsigned char **pp); +ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, + unsigned char **pp, long l); + +ASN1_UTCTIME * ASN1_UTCTIME_new(void); +void ASN1_UTCTIME_free(ASN1_UTCTIME *a); +int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a,unsigned char **pp); +ASN1_UTCTIME * d2i_ASN1_UTCTIME(ASN1_UTCTIME **a,unsigned char **pp, + long length); + +ASN1_GENERALIZEDTIME * ASN1_GENERALIZEDTIME_new(void); +void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a); +int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a,unsigned char **pp); +ASN1_GENERALIZEDTIME * d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,unsigned char **pp, + long length); + +ASN1_TIME * ASN1_TIME_new(void); +void ASN1_TIME_free(ASN1_TIME *a); +int i2d_ASN1_TIME(ASN1_TIME *a,unsigned char **pp); +ASN1_TIME * d2i_ASN1_TIME(ASN1_TIME **a,unsigned char **pp, long length); +ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); + +int i2d_ASN1_SET(STACK *a, unsigned char **pp, + int (*func)(), int ex_tag, int ex_class, int is_set); +STACK * d2i_ASN1_SET(STACK **a, unsigned char **pp, long length, + char *(*func)(), void (*free_func)(), + int ex_tag, int ex_class); + +#ifdef HEADER_BIO_H +int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); +int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size); +int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a); +int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size); +int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a); +int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size); +int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); +#endif +int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a); + +int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num); +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len, + char *sn, char *ln); + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); +long ASN1_INTEGER_get(ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn); + +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn); + +/* General */ +/* given a string, return the correct type, max is the maximum length */ +int ASN1_PRINTABLE_type(unsigned char *s, int max); + +int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); +ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, + long length, int Ptag, int Pclass); +/* type is one or more of the B_ASN1_ values. */ +ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp, + long length,int type); + +/* PARSING */ +int asn1_Finish(ASN1_CTX *c); + +/* SPECIALS */ +int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax); +int ASN1_check_infinite_end(unsigned char **p,long len); +void ASN1_put_object(unsigned char **pp, int constructed, int length, + int tag, int xclass); +int ASN1_object_size(int constructed, int length, int tag); + +/* Used to implement other functions */ +char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x); + +#ifndef NO_FP_API +char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x); +int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x); +#endif + +#ifdef HEADER_BIO_H +char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x); +int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x); +int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp,ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp,ASN1_STRING *v); +int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent); +#endif +const char *ASN1_tag2str(int tag); + +/* Used to load and write netscape format cert/key */ +int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp); +ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,unsigned char **pp, long length); +ASN1_HEADER *ASN1_HEADER_new(void ); +void ASN1_HEADER_free(ASN1_HEADER *a); + +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + +void ERR_load_ASN1_strings(void); + +/* Not used that much at this point, except for the first two */ +ASN1_METHOD *X509_asn1_meth(void); +ASN1_METHOD *RSAPrivateKey_asn1_meth(void); +ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void); +ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void); + +int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, + unsigned char *data, int len); +int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, + unsigned char *data, int max_len); +int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, + unsigned char *data, int len); +int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, + unsigned char *data, int max_len); + +STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), + void (*free_func)() ); +unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, + int *len ); +void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)()); +ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct); + +void ASN1_STRING_set_default_mask(unsigned long mask); +int ASN1_STRING_set_default_mask_asc(char *p); +unsigned long ASN1_STRING_get_default_mask(void); +int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask); +int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, + long minsize, long maxsize); + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, int inform, int nid); +ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); +int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); +void ASN1_STRING_TABLE_cleanup(void); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +/* Error codes for the ASN1 functions. */ + +/* Function codes. */ +#define ASN1_F_A2D_ASN1_OBJECT 100 +#define ASN1_F_A2I_ASN1_ENUMERATED 236 +#define ASN1_F_A2I_ASN1_INTEGER 101 +#define ASN1_F_A2I_ASN1_STRING 102 +#define ASN1_F_ACCESS_DESCRIPTION_NEW 291 +#define ASN1_F_ASN1_COLLATE_PRIMITIVE 103 +#define ASN1_F_ASN1_D2I_BIO 104 +#define ASN1_F_ASN1_D2I_FP 105 +#define ASN1_F_ASN1_DUP 106 +#define ASN1_F_ASN1_ENUMERATED_SET 232 +#define ASN1_F_ASN1_ENUMERATED_TO_BN 233 +#define ASN1_F_ASN1_GENERALIZEDTIME_NEW 222 +#define ASN1_F_ASN1_GET_OBJECT 107 +#define ASN1_F_ASN1_HEADER_NEW 108 +#define ASN1_F_ASN1_I2D_BIO 109 +#define ASN1_F_ASN1_I2D_FP 110 +#define ASN1_F_ASN1_INTEGER_SET 111 +#define ASN1_F_ASN1_INTEGER_TO_BN 112 +#define ASN1_F_ASN1_MBSTRING_COPY 282 +#define ASN1_F_ASN1_OBJECT_NEW 113 +#define ASN1_F_ASN1_PACK_STRING 245 +#define ASN1_F_ASN1_PBE_SET 253 +#define ASN1_F_ASN1_SEQ_PACK 246 +#define ASN1_F_ASN1_SEQ_UNPACK 247 +#define ASN1_F_ASN1_SIGN 114 +#define ASN1_F_ASN1_STRING_NEW 115 +#define ASN1_F_ASN1_STRING_TABLE_ADD 283 +#define ASN1_F_ASN1_STRING_TYPE_NEW 116 +#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 117 +#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 118 +#define ASN1_F_ASN1_TYPE_NEW 119 +#define ASN1_F_ASN1_UNPACK_STRING 248 +#define ASN1_F_ASN1_UTCTIME_NEW 120 +#define ASN1_F_ASN1_VERIFY 121 +#define ASN1_F_AUTHORITY_KEYID_NEW 237 +#define ASN1_F_BASIC_CONSTRAINTS_NEW 226 +#define ASN1_F_BN_TO_ASN1_ENUMERATED 234 +#define ASN1_F_BN_TO_ASN1_INTEGER 122 +#define ASN1_F_D2I_ACCESS_DESCRIPTION 284 +#define ASN1_F_D2I_ASN1_BIT_STRING 123 +#define ASN1_F_D2I_ASN1_BMPSTRING 124 +#define ASN1_F_D2I_ASN1_BOOLEAN 125 +#define ASN1_F_D2I_ASN1_BYTES 126 +#define ASN1_F_D2I_ASN1_ENUMERATED 235 +#define ASN1_F_D2I_ASN1_GENERALIZEDTIME 223 +#define ASN1_F_D2I_ASN1_HEADER 127 +#define ASN1_F_D2I_ASN1_INTEGER 128 +#define ASN1_F_D2I_ASN1_NULL 292 +#define ASN1_F_D2I_ASN1_OBJECT 129 +#define ASN1_F_D2I_ASN1_OCTET_STRING 130 +#define ASN1_F_D2I_ASN1_PRINT_TYPE 131 +#define ASN1_F_D2I_ASN1_SET 132 +#define ASN1_F_D2I_ASN1_TIME 224 +#define ASN1_F_D2I_ASN1_TYPE 133 +#define ASN1_F_D2I_ASN1_TYPE_BYTES 134 +#define ASN1_F_D2I_ASN1_UINTEGER 280 +#define ASN1_F_D2I_ASN1_UTCTIME 135 +#define ASN1_F_D2I_ASN1_UTF8STRING 266 +#define ASN1_F_D2I_ASN1_VISIBLESTRING 267 +#define ASN1_F_D2I_AUTHORITY_KEYID 238 +#define ASN1_F_D2I_BASIC_CONSTRAINTS 227 +#define ASN1_F_D2I_DHPARAMS 136 +#define ASN1_F_D2I_DIST_POINT 276 +#define ASN1_F_D2I_DIST_POINT_NAME 277 +#define ASN1_F_D2I_DSAPARAMS 137 +#define ASN1_F_D2I_DSAPRIVATEKEY 138 +#define ASN1_F_D2I_DSAPUBLICKEY 139 +#define ASN1_F_D2I_GENERAL_NAME 230 +#define ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE 228 +#define ASN1_F_D2I_NETSCAPE_PKEY 140 +#define ASN1_F_D2I_NETSCAPE_RSA 141 +#define ASN1_F_D2I_NETSCAPE_RSA_2 142 +#define ASN1_F_D2I_NETSCAPE_SPKAC 143 +#define ASN1_F_D2I_NETSCAPE_SPKI 144 +#define ASN1_F_D2I_NOTICEREF 268 +#define ASN1_F_D2I_OTHERNAME 287 +#define ASN1_F_D2I_PBE2PARAM 262 +#define ASN1_F_D2I_PBEPARAM 249 +#define ASN1_F_D2I_PBKDF2PARAM 263 +#define ASN1_F_D2I_PKCS12 254 +#define ASN1_F_D2I_PKCS12_BAGS 255 +#define ASN1_F_D2I_PKCS12_MAC_DATA 256 +#define ASN1_F_D2I_PKCS12_SAFEBAG 257 +#define ASN1_F_D2I_PKCS7 145 +#define ASN1_F_D2I_PKCS7_DIGEST 146 +#define ASN1_F_D2I_PKCS7_ENCRYPT 147 +#define ASN1_F_D2I_PKCS7_ENC_CONTENT 148 +#define ASN1_F_D2I_PKCS7_ENVELOPE 149 +#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL 150 +#define ASN1_F_D2I_PKCS7_RECIP_INFO 151 +#define ASN1_F_D2I_PKCS7_SIGNED 152 +#define ASN1_F_D2I_PKCS7_SIGNER_INFO 153 +#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE 154 +#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO 250 +#define ASN1_F_D2I_PKEY_USAGE_PERIOD 239 +#define ASN1_F_D2I_POLICYINFO 269 +#define ASN1_F_D2I_POLICYQUALINFO 270 +#define ASN1_F_D2I_PRIVATEKEY 155 +#define ASN1_F_D2I_PUBLICKEY 156 +#define ASN1_F_D2I_RSAPRIVATEKEY 157 +#define ASN1_F_D2I_RSAPUBLICKEY 158 +#define ASN1_F_D2I_SXNET 241 +#define ASN1_F_D2I_SXNETID 243 +#define ASN1_F_D2I_USERNOTICE 271 +#define ASN1_F_D2I_X509 159 +#define ASN1_F_D2I_X509_ALGOR 160 +#define ASN1_F_D2I_X509_ATTRIBUTE 161 +#define ASN1_F_D2I_X509_CERT_AUX 285 +#define ASN1_F_D2I_X509_CINF 162 +#define ASN1_F_D2I_X509_CRL 163 +#define ASN1_F_D2I_X509_CRL_INFO 164 +#define ASN1_F_D2I_X509_EXTENSION 165 +#define ASN1_F_D2I_X509_KEY 166 +#define ASN1_F_D2I_X509_NAME 167 +#define ASN1_F_D2I_X509_NAME_ENTRY 168 +#define ASN1_F_D2I_X509_PKEY 169 +#define ASN1_F_D2I_X509_PUBKEY 170 +#define ASN1_F_D2I_X509_REQ 171 +#define ASN1_F_D2I_X509_REQ_INFO 172 +#define ASN1_F_D2I_X509_REVOKED 173 +#define ASN1_F_D2I_X509_SIG 174 +#define ASN1_F_D2I_X509_VAL 175 +#define ASN1_F_DIST_POINT_NAME_NEW 278 +#define ASN1_F_DIST_POINT_NEW 279 +#define ASN1_F_GENERAL_NAME_NEW 231 +#define ASN1_F_I2D_ASN1_HEADER 176 +#define ASN1_F_I2D_ASN1_TIME 225 +#define ASN1_F_I2D_DHPARAMS 177 +#define ASN1_F_I2D_DSAPARAMS 178 +#define ASN1_F_I2D_DSAPRIVATEKEY 179 +#define ASN1_F_I2D_DSAPUBLICKEY 180 +#define ASN1_F_I2D_DSA_PUBKEY 290 +#define ASN1_F_I2D_NETSCAPE_RSA 181 +#define ASN1_F_I2D_PKCS7 182 +#define ASN1_F_I2D_PRIVATEKEY 183 +#define ASN1_F_I2D_PUBLICKEY 184 +#define ASN1_F_I2D_RSAPRIVATEKEY 185 +#define ASN1_F_I2D_RSAPUBLICKEY 186 +#define ASN1_F_I2D_RSA_PUBKEY 289 +#define ASN1_F_I2D_X509_ATTRIBUTE 187 +#define ASN1_F_I2T_ASN1_OBJECT 188 +#define ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW 229 +#define ASN1_F_NETSCAPE_PKEY_NEW 189 +#define ASN1_F_NETSCAPE_SPKAC_NEW 190 +#define ASN1_F_NETSCAPE_SPKI_NEW 191 +#define ASN1_F_NOTICEREF_NEW 272 +#define ASN1_F_OTHERNAME_NEW 288 +#define ASN1_F_PBE2PARAM_NEW 264 +#define ASN1_F_PBEPARAM_NEW 251 +#define ASN1_F_PBKDF2PARAM_NEW 265 +#define ASN1_F_PKCS12_BAGS_NEW 258 +#define ASN1_F_PKCS12_MAC_DATA_NEW 259 +#define ASN1_F_PKCS12_NEW 260 +#define ASN1_F_PKCS12_SAFEBAG_NEW 261 +#define ASN1_F_PKCS5_PBE2_SET 281 +#define ASN1_F_PKCS7_DIGEST_NEW 192 +#define ASN1_F_PKCS7_ENCRYPT_NEW 193 +#define ASN1_F_PKCS7_ENC_CONTENT_NEW 194 +#define ASN1_F_PKCS7_ENVELOPE_NEW 195 +#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW 196 +#define ASN1_F_PKCS7_NEW 197 +#define ASN1_F_PKCS7_RECIP_INFO_NEW 198 +#define ASN1_F_PKCS7_SIGNED_NEW 199 +#define ASN1_F_PKCS7_SIGNER_INFO_NEW 200 +#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 201 +#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW 252 +#define ASN1_F_PKEY_USAGE_PERIOD_NEW 240 +#define ASN1_F_POLICYINFO_NEW 273 +#define ASN1_F_POLICYQUALINFO_NEW 274 +#define ASN1_F_SXNETID_NEW 244 +#define ASN1_F_SXNET_NEW 242 +#define ASN1_F_USERNOTICE_NEW 275 +#define ASN1_F_X509_ALGOR_NEW 202 +#define ASN1_F_X509_ATTRIBUTE_NEW 203 +#define ASN1_F_X509_CERT_AUX_NEW 286 +#define ASN1_F_X509_CINF_NEW 204 +#define ASN1_F_X509_CRL_INFO_NEW 205 +#define ASN1_F_X509_CRL_NEW 206 +#define ASN1_F_X509_DHPARAMS_NEW 207 +#define ASN1_F_X509_EXTENSION_NEW 208 +#define ASN1_F_X509_INFO_NEW 209 +#define ASN1_F_X509_KEY_NEW 210 +#define ASN1_F_X509_NAME_ENTRY_NEW 211 +#define ASN1_F_X509_NAME_NEW 212 +#define ASN1_F_X509_NEW 213 +#define ASN1_F_X509_PKEY_NEW 214 +#define ASN1_F_X509_PUBKEY_NEW 215 +#define ASN1_F_X509_REQ_INFO_NEW 216 +#define ASN1_F_X509_REQ_NEW 217 +#define ASN1_F_X509_REVOKED_NEW 218 +#define ASN1_F_X509_SIG_NEW 219 +#define ASN1_F_X509_VAL_FREE 220 +#define ASN1_F_X509_VAL_NEW 221 + +/* Reason codes. */ +#define ASN1_R_BAD_CLASS 100 +#define ASN1_R_BAD_OBJECT_HEADER 101 +#define ASN1_R_BAD_PASSWORD_READ 102 +#define ASN1_R_BAD_PKCS7_CONTENT 103 +#define ASN1_R_BAD_PKCS7_TYPE 104 +#define ASN1_R_BAD_TAG 105 +#define ASN1_R_BAD_TYPE 106 +#define ASN1_R_BN_LIB 107 +#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 108 +#define ASN1_R_BUFFER_TOO_SMALL 109 +#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 166 +#define ASN1_R_DATA_IS_WRONG 110 +#define ASN1_R_DECODE_ERROR 155 +#define ASN1_R_DECODING_ERROR 111 +#define ASN1_R_ENCODE_ERROR 156 +#define ASN1_R_ERROR_PARSING_SET_ELEMENT 112 +#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 157 +#define ASN1_R_EXPECTING_AN_ENUMERATED 154 +#define ASN1_R_EXPECTING_AN_INTEGER 113 +#define ASN1_R_EXPECTING_AN_OBJECT 114 +#define ASN1_R_EXPECTING_AN_OCTET_STRING 115 +#define ASN1_R_EXPECTING_A_BIT_STRING 116 +#define ASN1_R_EXPECTING_A_BOOLEAN 117 +#define ASN1_R_EXPECTING_A_GENERALIZEDTIME 151 +#define ASN1_R_EXPECTING_A_NULL 164 +#define ASN1_R_EXPECTING_A_TIME 152 +#define ASN1_R_EXPECTING_A_UTCTIME 118 +#define ASN1_R_FIRST_NUM_TOO_LARGE 119 +#define ASN1_R_GENERALIZEDTIME_TOO_LONG 153 +#define ASN1_R_HEADER_TOO_LONG 120 +#define ASN1_R_ILLEGAL_CHARACTERS 158 +#define ASN1_R_INVALID_BMPSTRING_LENGTH 159 +#define ASN1_R_INVALID_DIGIT 121 +#define ASN1_R_INVALID_SEPARATOR 122 +#define ASN1_R_INVALID_TIME_FORMAT 123 +#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 160 +#define ASN1_R_INVALID_UTF8STRING 161 +#define ASN1_R_IV_TOO_LARGE 124 +#define ASN1_R_LENGTH_ERROR 125 +#define ASN1_R_MISSING_SECOND_NUMBER 126 +#define ASN1_R_NON_HEX_CHARACTERS 127 +#define ASN1_R_NOT_ENOUGH_DATA 128 +#define ASN1_R_NULL_IS_WRONG_LENGTH 165 +#define ASN1_R_ODD_NUMBER_OF_CHARS 129 +#define ASN1_R_PARSING 130 +#define ASN1_R_PRIVATE_KEY_HEADER_MISSING 131 +#define ASN1_R_SECOND_NUMBER_TOO_LARGE 132 +#define ASN1_R_SHORT_LINE 133 +#define ASN1_R_STRING_TOO_LONG 163 +#define ASN1_R_STRING_TOO_SHORT 134 +#define ASN1_R_TAG_VALUE_TOO_HIGH 135 +#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 136 +#define ASN1_R_TOO_LONG 137 +#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 138 +#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 139 +#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE 140 +#define ASN1_R_UNKNOWN_FORMAT 162 +#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 141 +#define ASN1_R_UNKNOWN_OBJECT_TYPE 142 +#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 143 +#define ASN1_R_UNSUPPORTED_CIPHER 144 +#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 145 +#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 146 +#define ASN1_R_UTCTIME_TOO_LONG 147 +#define ASN1_R_WRONG_PRINTABLE_TYPE 148 +#define ASN1_R_WRONG_TAG 149 +#define ASN1_R_WRONG_TYPE 150 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/lib/dns/sec/openssl/include/openssl/e_os.h b/lib/dns/sec/openssl/include/openssl/e_os.h index 9a15144f4a..6937fe3814 100644 --- a/lib/dns/sec/openssl/include/openssl/e_os.h +++ b/lib/dns/sec/openssl/include/openssl/e_os.h @@ -80,6 +80,19 @@ extern "C" { #define DEVRANDOM "/dev/urandom" #endif +#define NO_BF +#define NO_CAST +#define NO_DES +#define NO_IDEA +#define NO_MD2 +#define NO_MDC2 +#define NO_RC2 +#define NO_RC4 +#define NO_RC5 +#define NO_RIPEMD +#define NO_OBJECT +#define NO_BIO + /******************************************************************** The Microsoft section ********************************************************************/ diff --git a/lib/dns/sec/openssl/include/openssl/err.h b/lib/dns/sec/openssl/include/openssl/err.h index 3dff1b0589..7594d09407 100644 --- a/lib/dns/sec/openssl/include/openssl/err.h +++ b/lib/dns/sec/openssl/include/openssl/err.h @@ -157,10 +157,13 @@ typedef struct err_state_st #define SYSerr(f,r) do {} while (0) #define BNerr(f,r) do {} while (0) #define DHerr(f,r) do {} while (0) +#define RSAerr(f,r) do {} while (0) #define DSAerr(f,r) do {} while (0) #define CRYPTOerr(f,r) do {} while (0) #define BUFerr(f,r) do {} while (0) #define RANDerr(f,r) do {} while (0) +#define OBJerr(f,r) do {} while (0) +#define ASN1err(f,r) do {} while (0) #endif /* Borland C seems too stupid to be able to shift and do longs in diff --git a/lib/dns/sec/openssl/include/openssl/evp.h b/lib/dns/sec/openssl/include/openssl/evp.h new file mode 100644 index 0000000000..54215b0905 --- /dev/null +++ b/lib/dns/sec/openssl/include/openssl/evp.h @@ -0,0 +1,743 @@ +/* crypto/evp/evp.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_ENVELOPE_H +#define HEADER_ENVELOPE_H + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef NO_MD2 +#include +#endif +#ifndef NO_MD5 +#include +#endif +#ifndef NO_SHA +#include +#endif +#ifndef NO_RIPEMD +#include +#endif +#ifndef NO_DES +#include +#endif +#ifndef NO_RC4 +#include +#endif +#ifndef NO_RC2 +#include +#endif +#ifndef NO_RC5 +#include +#endif +#ifndef NO_BF +#include +#endif +#ifndef NO_CAST +#include +#endif +#ifndef NO_IDEA +#include +#endif +#ifndef NO_MDC2 +#include +#endif + +#define EVP_RC2_KEY_SIZE 16 +#define EVP_RC4_KEY_SIZE 16 +#define EVP_BLOWFISH_KEY_SIZE 16 +#define EVP_CAST5_KEY_SIZE 16 +#define EVP_RC5_32_12_16_KEY_SIZE 16 +#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ +#define EVP_MAX_KEY_LENGTH 24 +#define EVP_MAX_IV_LENGTH 8 + +#define PKCS5_SALT_LEN 8 +/* Default PKCS#5 iteration count */ +#define PKCS5_DEFAULT_ITER 2048 + +#ifndef NO_RSA +#include +#endif + +#ifndef NO_DSA +#include +#endif + +#ifndef NO_DH +#include +#endif + +#include + +#define EVP_PK_RSA 0x0001 +#define EVP_PK_DSA 0x0002 +#define EVP_PK_DH 0x0004 +#define EVP_PKT_SIGN 0x0010 +#define EVP_PKT_ENC 0x0020 +#define EVP_PKT_EXCH 0x0040 +#define EVP_PKS_RSA 0x0100 +#define EVP_PKS_DSA 0x0200 +#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ + +#define EVP_PKEY_NONE NID_undef +#define EVP_PKEY_RSA NID_rsaEncryption +#define EVP_PKEY_RSA2 NID_rsa +#define EVP_PKEY_DSA NID_dsa +#define EVP_PKEY_DSA1 NID_dsa_2 +#define EVP_PKEY_DSA2 NID_dsaWithSHA +#define EVP_PKEY_DSA3 NID_dsaWithSHA1 +#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +#define EVP_PKEY_DH NID_dhKeyAgreement + +/* Type needs to be a bit field + * Sub-type needs to be for variations on the method, as in, can it do + * arbitrary encryption.... */ +typedef struct evp_pkey_st + { + int type; + int save_type; + int references; + union { + char *ptr; +#ifndef NO_RSA + struct rsa_st *rsa; /* RSA */ +#endif +#ifndef NO_DSA + struct dsa_st *dsa; /* DSA */ +#endif +#ifndef NO_DH + struct dh_st *dh; /* DH */ +#endif + } pkey; + int save_parameters; + STACK /*X509_ATTRIBUTE*/ *attributes; /* [ 0 ] */ + } EVP_PKEY; + +#define EVP_PKEY_MO_SIGN 0x0001 +#define EVP_PKEY_MO_VERIFY 0x0002 +#define EVP_PKEY_MO_ENCRYPT 0x0004 +#define EVP_PKEY_MO_DECRYPT 0x0008 + +#if 0 +/* This structure is required to tie the message digest and signing together. + * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or + * oid, md and pkey. + * This is required because for various smart-card perform the digest and + * signing/verification on-board. To handle this case, the specific + * EVP_MD and EVP_PKEY_METHODs need to be closely associated. + * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it. + * This can either be software or a token to provide the required low level + * routines. + */ +typedef struct evp_pkey_md_st + { + int oid; + EVP_MD *md; + EVP_PKEY_METHOD *pkey; + } EVP_PKEY_MD; + +#define EVP_rsa_md2() \ + EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\ + EVP_rsa_pkcs1(),EVP_md2()) +#define EVP_rsa_md5() \ + EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\ + EVP_rsa_pkcs1(),EVP_md5()) +#define EVP_rsa_sha0() \ + EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\ + EVP_rsa_pkcs1(),EVP_sha()) +#define EVP_rsa_sha1() \ + EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\ + EVP_rsa_pkcs1(),EVP_sha1()) +#define EVP_rsa_ripemd160() \ + EVP_PKEY_MD_add(NID_ripemd160WithRSA,\ + EVP_rsa_pkcs1(),EVP_ripemd160()) +#define EVP_rsa_mdc2() \ + EVP_PKEY_MD_add(NID_mdc2WithRSA,\ + EVP_rsa_octet_string(),EVP_mdc2()) +#define EVP_dsa_sha() \ + EVP_PKEY_MD_add(NID_dsaWithSHA,\ + EVP_dsa(),EVP_mdc2()) +#define EVP_dsa_sha1() \ + EVP_PKEY_MD_add(NID_dsaWithSHA1,\ + EVP_dsa(),EVP_sha1()) + +typedef struct evp_pkey_method_st + { + char *name; + int flags; + int type; /* RSA, DSA, an SSLeay specific constant */ + int oid; /* For the pub-key type */ + int encrypt_oid; /* pub/priv key encryption */ + + int (*sign)(); + int (*verify)(); + struct { + int + int (*set)(); /* get and/or set the underlying type */ + int (*get)(); + int (*encrypt)(); + int (*decrypt)(); + int (*i2d)(); + int (*d2i)(); + int (*dup)(); + } pub,priv; + int (*set_asn1_parameters)(); + int (*get_asn1_parameters)(); + } EVP_PKEY_METHOD; +#endif + +#ifndef EVP_MD +typedef struct env_md_st + { + int type; + int pkey_type; + int md_size; + void (*init)(); + void (*update)(); + void (*final)(); + + int (*sign)(); + int (*verify)(); + int required_pkey_type[5]; /*EVP_PKEY_xxx */ + int block_size; + int ctx_size; /* how big does the ctx need to be */ + } EVP_MD; + + + +#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} + +#ifndef NO_DSA +#define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ + {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ + EVP_PKEY_DSA4,0} +#else +#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method +#endif + +#ifndef NO_RSA +#define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ + {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} +#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ + RSA_sign_ASN1_OCTET_STRING, \ + RSA_verify_ASN1_OCTET_STRING, \ + {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} +#else +#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method +#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method +#endif + +#endif /* !EVP_MD */ + +typedef struct env_md_ctx_st + { + const EVP_MD *digest; + union { + unsigned char base[4]; +#ifndef NO_MD2 + MD2_CTX md2; +#endif +#ifndef NO_MD5 + MD5_CTX md5; +#endif +#ifndef NO_RIPEMD + RIPEMD160_CTX ripemd160; +#endif +#ifndef NO_SHA + SHA_CTX sha; +#endif +#ifndef NO_MDC2 + MDC2_CTX mdc2; +#endif + } md; + } EVP_MD_CTX; + +typedef struct evp_cipher_st + { + int nid; + int block_size; + int key_len; + int iv_len; + void (*init)(); /* init for encryption */ + void (*do_cipher)(); /* encrypt data */ + void (*cleanup)(); /* used by cipher method */ + int ctx_size; /* how big the ctx needs to be */ + /* int set_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */ + int (*set_asn1_parameters)(); /* Populate a ASN1_TYPE with parameters */ + /* int get_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */ + int (*get_asn1_parameters)(); /* Get parameters from a ASN1_TYPE */ + } EVP_CIPHER; + +typedef struct evp_cipher_info_st + { + const EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; + } EVP_CIPHER_INFO; + +typedef struct evp_cipher_ctx_st + { + const EVP_CIPHER *cipher; + int encrypt; /* encrypt or decrypt */ + int buf_len; /* number we have left */ + + unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ + unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ + unsigned char buf[EVP_MAX_IV_LENGTH]; /* saved partial block */ + int num; /* used by cfb/ofb mode */ + + char *app_data; /* application stuff */ + union { +#ifndef NO_RC4 + struct + { + unsigned char key[EVP_RC4_KEY_SIZE]; + RC4_KEY ks; /* working key */ + } rc4; +#endif +#ifndef NO_DES + des_key_schedule des_ks;/* key schedule */ + struct + { + des_key_schedule ks;/* key schedule */ + des_cblock inw; + des_cblock outw; + } desx_cbc; + struct + { + des_key_schedule ks1;/* key schedule */ + des_key_schedule ks2;/* key schedule (for ede) */ + des_key_schedule ks3;/* key schedule (for ede3) */ + } des_ede; +#endif +#ifndef NO_IDEA + IDEA_KEY_SCHEDULE idea_ks;/* key schedule */ +#endif +#ifndef NO_RC2 + RC2_KEY rc2_ks;/* key schedule */ +#endif +#ifndef NO_RC5 + RC5_32_KEY rc5_ks;/* key schedule */ +#endif +#ifndef NO_BF + BF_KEY bf_ks;/* key schedule */ +#endif +#ifndef NO_CAST + CAST_KEY cast_ks;/* key schedule */ +#endif + } c; + } EVP_CIPHER_CTX; + +typedef struct evp_Encode_Ctx_st + { + int num; /* number saved in a partial encode/decode */ + int length; /* The length is either the output line length + * (in input bytes) or the shortest input line + * length that is ok. Once decoding begins, + * the length is adjusted up each time a longer + * line is decoded */ + unsigned char enc_data[80]; /* data to encode */ + int line_num; /* number read on current line */ + int expect_nl; + } EVP_ENCODE_CTX; + +/* Password based encryption function */ +typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER *cipher, + EVP_MD *md, int en_de); + +#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) +#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (char *)(dsa)) +#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ + (char *)(dh)) + +/* Add some extra combinations */ +#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +#define EVP_MD_type(e) ((e)->type) +#define EVP_MD_pkey_type(e) ((e)->pkey_type) +#define EVP_MD_size(e) ((e)->md_size) +#define EVP_MD_block_size(e) ((e)->block_size) + +#define EVP_MD_CTX_md(e) ((e)->digest) +#define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) +#define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) +#define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) + +#define EVP_CIPHER_nid(e) ((e)->nid) +#define EVP_CIPHER_block_size(e) ((e)->block_size) +#define EVP_CIPHER_key_length(e) ((e)->key_len) +#define EVP_CIPHER_iv_length(e) ((e)->iv_len) + +#define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) +#define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) +#define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) +#define EVP_CIPHER_CTX_key_length(e) ((e)->cipher->key_len) +#define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) +#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) +#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) +#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) + +#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) +#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) + +#define EVP_SignInit(a,b) EVP_DigestInit(a,b) +#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) + +#ifdef CONST_STRICT +void BIO_set_md(BIO *,const EVP_MD *md); +#else +# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) +#endif +#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) +#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) +#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) + +#define EVP_Cipher(c,o,i,l) (c)->cipher->do_cipher((c),(o),(i),(l)) + +#define EVP_add_cipher_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +#define EVP_add_digest_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) +#define EVP_delete_cipher_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); +#define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + + +int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); +void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +void EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, + unsigned int cnt); +void EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); + +int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); +void EVP_set_pw_prompt(char *prompt); +char * EVP_get_pw_prompt(void); + +int EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt, + unsigned char *data, int datal, int count, + unsigned char *key,unsigned char *iv); + +void EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, + unsigned char *key, unsigned char *iv); +void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, unsigned char *in, int inl); +void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +void EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, + unsigned char *key, unsigned char *iv); +void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, unsigned char *in, int inl); +int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); + +void EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, + unsigned char *key,unsigned char *iv,int enc); +void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, unsigned char *in, int inl); +int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); + +int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, + EVP_PKEY *pkey); + +int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, + unsigned int siglen,EVP_PKEY *pkey); + +int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, + int ekl,unsigned char *iv,EVP_PKEY *priv); +int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, + int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); +void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); + +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, + int *outl,unsigned char *in,int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, + unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +void ERR_load_EVP_strings(void ); + +void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); +void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); + +#ifdef HEADER_BIO_H +BIO_METHOD *BIO_f_md(void); +BIO_METHOD *BIO_f_base64(void); +BIO_METHOD *BIO_f_cipher(void); +BIO_METHOD *BIO_f_reliable(void); +void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, + unsigned char *i, int enc); +#endif + +EVP_MD *EVP_md_null(void); +EVP_MD *EVP_md2(void); +EVP_MD *EVP_md5(void); +EVP_MD *EVP_sha(void); +EVP_MD *EVP_sha1(void); +EVP_MD *EVP_dss(void); +EVP_MD *EVP_dss1(void); +EVP_MD *EVP_mdc2(void); +EVP_MD *EVP_ripemd160(void); + +EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +EVP_CIPHER *EVP_des_ecb(void); +EVP_CIPHER *EVP_des_ede(void); +EVP_CIPHER *EVP_des_ede3(void); +EVP_CIPHER *EVP_des_cfb(void); +EVP_CIPHER *EVP_des_ede_cfb(void); +EVP_CIPHER *EVP_des_ede3_cfb(void); +EVP_CIPHER *EVP_des_ofb(void); +EVP_CIPHER *EVP_des_ede_ofb(void); +EVP_CIPHER *EVP_des_ede3_ofb(void); +EVP_CIPHER *EVP_des_cbc(void); +EVP_CIPHER *EVP_des_ede_cbc(void); +EVP_CIPHER *EVP_des_ede3_cbc(void); +EVP_CIPHER *EVP_desx_cbc(void); +EVP_CIPHER *EVP_rc4(void); +EVP_CIPHER *EVP_rc4_40(void); +EVP_CIPHER *EVP_idea_ecb(void); +EVP_CIPHER *EVP_idea_cfb(void); +EVP_CIPHER *EVP_idea_ofb(void); +EVP_CIPHER *EVP_idea_cbc(void); +EVP_CIPHER *EVP_rc2_ecb(void); +EVP_CIPHER *EVP_rc2_cbc(void); +EVP_CIPHER *EVP_rc2_40_cbc(void); +EVP_CIPHER *EVP_rc2_64_cbc(void); +EVP_CIPHER *EVP_rc2_cfb(void); +EVP_CIPHER *EVP_rc2_ofb(void); +EVP_CIPHER *EVP_bf_ecb(void); +EVP_CIPHER *EVP_bf_cbc(void); +EVP_CIPHER *EVP_bf_cfb(void); +EVP_CIPHER *EVP_bf_ofb(void); +EVP_CIPHER *EVP_cast5_ecb(void); +EVP_CIPHER *EVP_cast5_cbc(void); +EVP_CIPHER *EVP_cast5_cfb(void); +EVP_CIPHER *EVP_cast5_ofb(void); +EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); +EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); + +void OpenSSL_add_all_algorithms(void); +void OpenSSL_add_all_ciphers(void); +void OpenSSL_add_all_digests(void); +#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() +#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() +#define SSLeay_add_all_digests() OpenSSL_add_all_digests() + +int EVP_add_cipher(EVP_CIPHER *cipher); +int EVP_add_digest(EVP_MD *digest); + +const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +const EVP_MD *EVP_get_digestbyname(const char *name); +void EVP_cleanup(void); + +int EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key, + int enc_key_len,EVP_PKEY *private_key); +int EVP_PKEY_encrypt(unsigned char *enc_key, + unsigned char *key,int key_len,EVP_PKEY *pub_key); +int EVP_PKEY_type(int type); +int EVP_PKEY_bits(EVP_PKEY *pkey); +int EVP_PKEY_size(EVP_PKEY *pkey); +int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key); +#ifndef NO_RSA +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key); +RSA * EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +#endif +#ifndef NO_DSA +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key); +DSA * EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +#endif +#ifndef NO_DH +int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key); +DH * EVP_PKEY_get1_DH(EVP_PKEY *pkey); +#endif +EVP_PKEY * EVP_PKEY_new(void); +void EVP_PKEY_free(EVP_PKEY *pkey); +EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, + long length); +int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); + +EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, + long length); +EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, + long length); +int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); + +int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); +int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); +int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); + +int EVP_CIPHER_type(const EVP_CIPHER *ctx); + +/* calls methods */ +int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* These are used by EVP_CIPHER methods */ +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); + +/* PKCS5 password based encryption */ +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, + int en_de); +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, + int en_de); + +void PKCS5_PBE_add(void); + +int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); +int EVP_PBE_alg_add(int nid, EVP_CIPHER *cipher, EVP_MD *md, + EVP_PBE_KEYGEN *keygen); +void EVP_PBE_cleanup(void); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +/* Error codes for the EVP functions. */ + +/* Function codes. */ +#define EVP_F_D2I_PKEY 100 +#define EVP_F_EVP_DECRYPTFINAL 101 +#define EVP_F_EVP_MD_CTX_COPY 110 +#define EVP_F_EVP_OPENINIT 102 +#define EVP_F_EVP_PBE_ALG_ADD 115 +#define EVP_F_EVP_PBE_CIPHERINIT 116 +#define EVP_F_EVP_PKCS82PKEY 111 +#define EVP_F_EVP_PKCS8_SET_BROKEN 112 +#define EVP_F_EVP_PKEY2PKCS8 113 +#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +#define EVP_F_EVP_PKEY_DECRYPT 104 +#define EVP_F_EVP_PKEY_ENCRYPT 105 +#define EVP_F_EVP_PKEY_GET1_DH 119 +#define EVP_F_EVP_PKEY_GET1_DSA 120 +#define EVP_F_EVP_PKEY_GET1_RSA 121 +#define EVP_F_EVP_PKEY_NEW 106 +#define EVP_F_EVP_SIGNFINAL 107 +#define EVP_F_EVP_VERIFYFINAL 108 +#define EVP_F_PKCS5_PBE_KEYIVGEN 117 +#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +#define EVP_F_RC2_MAGIC_TO_METH 109 + +/* Reason codes. */ +#define EVP_R_BAD_DECRYPT 100 +#define EVP_R_BN_DECODE_ERROR 112 +#define EVP_R_BN_PUBKEY_ERROR 113 +#define EVP_R_CIPHER_PARAMETER_ERROR 122 +#define EVP_R_DECODE_ERROR 114 +#define EVP_R_DIFFERENT_KEY_TYPES 101 +#define EVP_R_ENCODE_ERROR 115 +#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 +#define EVP_R_EXPECTING_AN_RSA_KEY 127 +#define EVP_R_EXPECTING_A_DH_KEY 128 +#define EVP_R_EXPECTING_A_DSA_KEY 129 +#define EVP_R_INPUT_NOT_INITIALIZED 111 +#define EVP_R_IV_TOO_LARGE 102 +#define EVP_R_KEYGEN_FAILURE 120 +#define EVP_R_MISSING_PARAMETERS 103 +#define EVP_R_NO_DSA_PARAMETERS 116 +#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 +#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 +#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 +#define EVP_R_PUBLIC_KEY_NOT_RSA 106 +#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +#define EVP_R_UNSUPPORTED_CIPHER 107 +#define EVP_R_UNSUPPORTED_KEYLENGTH 123 +#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +#define EVP_R_UNSUPPORTED_KEY_SIZE 108 +#define EVP_R_UNSUPPORTED_PRF 125 +#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +#define EVP_R_UNSUPPORTED_SALT_TYPE 126 +#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/lib/dns/sec/openssl/include/openssl/rsa.h b/lib/dns/sec/openssl/include/openssl/rsa.h new file mode 100644 index 0000000000..f9f9b5cfe9 --- /dev/null +++ b/lib/dns/sec/openssl/include/openssl/rsa.h @@ -0,0 +1,338 @@ +/* crypto/rsa/rsa.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RSA_H +#define HEADER_RSA_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +#ifdef NO_RSA +#error RSA is disabled. +#endif + +typedef struct rsa_st RSA; + +typedef struct rsa_meth_st + { + const char *name; + int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to, + RSA *rsa,int padding); + int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to, + RSA *rsa,int padding); + int (*rsa_priv_enc)(int flen,unsigned char *from,unsigned char *to, + RSA *rsa,int padding); + int (*rsa_priv_dec)(int flen,unsigned char *from,unsigned char *to, + RSA *rsa,int padding); + int (*rsa_mod_exp)(BIGNUM *r0,BIGNUM *I,RSA *rsa); /* Can be null */ + int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ + int (*init)(RSA *rsa); /* called at new */ + int (*finish)(RSA *rsa); /* called at free */ + int flags; /* RSA_METHOD_FLAG_* things */ + char *app_data; /* may be needed! */ +/* New sign and verify functions: some libraries don't allow arbitrary data + * to be signed/verified: this allows them to be used. Note: for this to work + * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used + * RSA_sign(), RSA_verify() should be used instead. Note: for backwards + * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER + * option is set in 'flags'. + */ + int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); + int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + + } RSA_METHOD; + +struct rsa_st + { + /* The first parameter is used to pickup errors where + * this is passed instead of aEVP_PKEY, it is set to 0 */ + int pad; + int version; + RSA_METHOD *meth; + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + /* be careful using this if the RSA structure is shared */ + CRYPTO_EX_DATA ex_data; + int references; + int flags; + + /* Used to cache montgomery values */ + BN_MONT_CTX *_method_mod_n; + BN_MONT_CTX *_method_mod_p; + BN_MONT_CTX *_method_mod_q; + + /* all BIGNUM values are actually in the following data, if it is not + * NULL */ + char *bignum_data; + BN_BLINDING *blinding; + }; + +#define RSA_3 0x3L +#define RSA_F4 0x10001L + +#define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ + +#define RSA_FLAG_CACHE_PUBLIC 0x02 +#define RSA_FLAG_CACHE_PRIVATE 0x04 +#define RSA_FLAG_BLINDING 0x08 +#define RSA_FLAG_THREAD_SAFE 0x10 +/* This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag bn_mod_exp + * gets called when private key components are absent. + */ +#define RSA_FLAG_EXT_PKEY 0x20 + +/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. + */ +#define RSA_FLAG_SIGN_VER 0x40 + +#define RSA_PKCS1_PADDING 1 +#define RSA_SSLV23_PADDING 2 +#define RSA_NO_PADDING 3 +#define RSA_PKCS1_OAEP_PADDING 4 + +#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +#define RSA_get_app_data(s) RSA_get_ex_data(s,0) + +RSA * RSA_new(void); +RSA * RSA_new_method(RSA_METHOD *method); +int RSA_size(RSA *); +RSA * RSA_generate_key(int bits, unsigned long e,void + (*callback)(int,int,void *),void *cb_arg); +int RSA_check_key(RSA *); + /* next 4 return -1 on error */ +int RSA_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +int RSA_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +int RSA_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +int RSA_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +void RSA_free (RSA *r); + +int RSA_flags(RSA *r); + +void RSA_set_default_method(RSA_METHOD *meth); +RSA_METHOD *RSA_get_default_method(void); +RSA_METHOD *RSA_get_method(RSA *rsa); +RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); + +/* This function needs the memory locking malloc callbacks to be installed */ +int RSA_memory_lock(RSA *r); + +/* If you have RSAref compiled in. */ +RSA_METHOD *RSA_PKCS1_RSAref(void); + +/* these are the actual SSLeay RSA functions */ +RSA_METHOD *RSA_PKCS1_SSLeay(void); + +RSA_METHOD *RSA_null_method(void); + +void ERR_load_RSA_strings(void ); + +RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); +int i2d_RSAPublicKey(RSA *a, unsigned char **pp); +RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); +int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); +#ifndef NO_FP_API +int RSA_print_fp(FILE *fp, RSA *r,int offset); +#endif + +#ifdef HEADER_BIO_H +int RSA_print(BIO *bp, RSA *r,int offset); +#endif + +int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); +RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); +/* Naughty internal function required elsewhere, to handle a MS structure + * that is the same as the netscape one :-) */ +RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length, int (*cb)()); + +/* The following 2 functions sign and verify a X509_SIG ASN1 object + * inside PKCS#1 padded RSA encryption */ +int RSA_sign(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +/* The following 2 function sign and verify a ASN1_OCTET_STRING + * object inside PKCS#1 padded RSA encryption */ +int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +void RSA_blinding_off(RSA *rsa); + +int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, + unsigned char *f,int fl); +int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, + unsigned char *f,int fl,int rsa_len); +int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, + unsigned char *f,int fl); +int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, + unsigned char *f,int fl,int rsa_len); +int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, + unsigned char *f,int fl,unsigned char *p, + int pl); +int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen, + unsigned char *f,int fl,int rsa_len, + unsigned char *p,int pl); +int RSA_padding_add_SSLv23(unsigned char *to,int tlen, + unsigned char *f,int fl); +int RSA_padding_check_SSLv23(unsigned char *to,int tlen, + unsigned char *f,int fl,int rsa_len); +int RSA_padding_add_none(unsigned char *to,int tlen, + unsigned char *f,int fl); +int RSA_padding_check_none(unsigned char *to,int tlen, + unsigned char *f,int fl,int rsa_len); + +int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int RSA_set_ex_data(RSA *r,int idx,void *arg); +void *RSA_get_ex_data(RSA *r, int idx); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +/* Error codes for the RSA functions. */ + +/* Function codes. */ +#define RSA_F_MEMORY_LOCK 100 +#define RSA_F_RSA_CHECK_KEY 123 +#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 +#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 +#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 +#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 +#define RSA_F_RSA_GENERATE_KEY 105 +#define RSA_F_RSA_NEW_METHOD 106 +#define RSA_F_RSA_NULL 124 +#define RSA_F_RSA_PADDING_ADD_NONE 107 +#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +#define RSA_F_RSA_PADDING_ADD_SSLV23 110 +#define RSA_F_RSA_PADDING_CHECK_NONE 111 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +#define RSA_F_RSA_PRINT 115 +#define RSA_F_RSA_PRINT_FP 116 +#define RSA_F_RSA_SIGN 117 +#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +#define RSA_F_RSA_VERIFY 119 +#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 + +/* Reason codes. */ +#define RSA_R_ALGORITHM_MISMATCH 100 +#define RSA_R_BAD_E_VALUE 101 +#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +#define RSA_R_BAD_PAD_BYTE_COUNT 103 +#define RSA_R_BAD_SIGNATURE 104 +#define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +#define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +#define RSA_R_DATA_TOO_LARGE 109 +#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +#define RSA_R_DATA_TOO_SMALL 111 +#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +#define RSA_R_INVALID_MESSAGE_LENGTH 131 +#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +#define RSA_R_KEY_SIZE_TOO_SMALL 120 +#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +#define RSA_R_OAEP_DECODING_ERROR 121 +#define RSA_R_PADDING_CHECK_FAILED 114 +#define RSA_R_P_NOT_PRIME 128 +#define RSA_R_Q_NOT_PRIME 129 +#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +#define RSA_R_UNKNOWN_PADDING_TYPE 118 +#define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/lib/dns/sec/openssl/include/openssl/x509.h b/lib/dns/sec/openssl/include/openssl/x509.h new file mode 100644 index 0000000000..0192272e7c --- /dev/null +++ b/lib/dns/sec/openssl/include/openssl/x509.h @@ -0,0 +1,1204 @@ +/* crypto/x509/x509.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_X509_H +#define HEADER_X509_H + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef VMS +#undef X509_REVOKED_get_ext_by_critical +#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic +#endif + +#include +#include +#include + +#ifndef NO_RSA +#include +#endif + +#ifndef NO_DSA +#include +#endif + +#ifndef NO_DH +#include +#endif + +#include + + +#ifdef WIN32 +/* Under Win32 this is defined in wincrypt.h */ +#undef X509_NAME +#endif + +#define X509_FILETYPE_PEM 1 +#define X509_FILETYPE_ASN1 2 +#define X509_FILETYPE_DEFAULT 3 + +#define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +#define X509v3_KU_NON_REPUDIATION 0x0040 +#define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +#define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +#define X509v3_KU_KEY_AGREEMENT 0x0008 +#define X509v3_KU_KEY_CERT_SIGN 0x0004 +#define X509v3_KU_CRL_SIGN 0x0002 +#define X509v3_KU_ENCIPHER_ONLY 0x0001 +#define X509v3_KU_DECIPHER_ONLY 0x8000 +#define X509v3_KU_UNDEF 0xffff + +typedef struct X509_objects_st + { + int nid; + int (*a2i)(); + int (*i2a)(); + } X509_OBJECTS; + +typedef struct X509_algor_st + { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; + } X509_ALGOR; + +DECLARE_STACK_OF(X509_ALGOR) +DECLARE_ASN1_SET_OF(X509_ALGOR) + +typedef struct X509_val_st + { + ASN1_UTCTIME *notBefore; + ASN1_UTCTIME *notAfter; + } X509_VAL; + +typedef struct X509_pubkey_st + { + X509_ALGOR *algor; + ASN1_BIT_STRING *public_key; + EVP_PKEY *pkey; + } X509_PUBKEY; + +typedef struct X509_sig_st + { + X509_ALGOR *algor; + ASN1_OCTET_STRING *digest; + } X509_SIG; + +typedef struct X509_name_entry_st + { + ASN1_OBJECT *object; + ASN1_STRING *value; + int set; + int size; /* temp variable */ + } X509_NAME_ENTRY; + +DECLARE_STACK_OF(X509_NAME_ENTRY) +DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) + +/* we always keep X509_NAMEs in 2 forms. */ +typedef struct X509_name_st + { + STACK_OF(X509_NAME_ENTRY) *entries; + int modified; /* true if 'bytes' needs to be built */ +#ifdef HEADER_BUFFER_H + BUF_MEM *bytes; +#else + char *bytes; +#endif + unsigned long hash; /* Keep the hash around for lookups */ + } X509_NAME; + +DECLARE_STACK_OF(X509_NAME) + +#define X509_EX_V_NETSCAPE_HACK 0x8000 +#define X509_EX_V_INIT 0x0001 +typedef struct X509_extension_st + { + ASN1_OBJECT *object; + short critical; + short netscape_hack; + ASN1_OCTET_STRING *value; + struct v3_ext_method *method; /* V3 method to use */ + void *ext_val; /* extension value */ + } X509_EXTENSION; + +DECLARE_STACK_OF(X509_EXTENSION) +DECLARE_ASN1_SET_OF(X509_EXTENSION) + +/* a sequence of these are used */ +typedef struct x509_attributes_st + { + ASN1_OBJECT *object; + int set; /* 1 for a set, 0 for a single item (which is wrong) */ + union { + char *ptr; +/* 1 */ STACK_OF(ASN1_TYPE) *set; +/* 0 */ ASN1_TYPE *single; + } value; + } X509_ATTRIBUTE; + +DECLARE_STACK_OF(X509_ATTRIBUTE) +DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) + +typedef struct X509_req_info_st + { + ASN1_INTEGER *version; + X509_NAME *subject; + X509_PUBKEY *pubkey; + /* d=2 hl=2 l= 0 cons: cont: 00 */ + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ + int req_kludge; + } X509_REQ_INFO; + +typedef struct X509_req_st + { + X509_REQ_INFO *req_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int references; + } X509_REQ; + +typedef struct x509_cinf_st + { + ASN1_INTEGER *version; /* [ 0 ] default of v1 */ + ASN1_INTEGER *serialNumber; + X509_ALGOR *signature; + X509_NAME *issuer; + X509_VAL *validity; + X509_NAME *subject; + X509_PUBKEY *key; + ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ + ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ + STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ + } X509_CINF; + +/* This stuff is certificate "auxiliary info" + * it contains details which are useful in certificate + * stores and databases. When used this is tagged onto + * the end of the certificate itself + */ + +typedef struct x509_cert_aux_st + { + STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ + STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ + ASN1_UTF8STRING *alias; /* "friendly name" */ + ASN1_OCTET_STRING *keyid; /* key id of private key */ + STACK_OF(X509_ALGOR) *other; /* other unspecified info */ + } X509_CERT_AUX; + +typedef struct x509_st + { + X509_CINF *cert_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int valid; + int references; + char *name; + CRYPTO_EX_DATA ex_data; + /* These contain copies of various extension values */ + long ex_pathlen; + unsigned long ex_flags; + unsigned long ex_kusage; + unsigned long ex_xkusage; + unsigned long ex_nscert; +#ifndef NO_SHA + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; +#endif + X509_CERT_AUX *aux; + } X509; + +DECLARE_STACK_OF(X509) +DECLARE_ASN1_SET_OF(X509) + +/* This is used for a table of trust checking functions */ + +typedef struct x509_trust_st { + int trust; + int flags; + int (*check_trust)(struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; +} X509_TRUST; + +DECLARE_STACK_OF(X509_TRUST) + +/* standard trust ids */ + +#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ + +#define X509_TRUST_COMPAT 1 +#define X509_TRUST_SSL_CLIENT 2 +#define X509_TRUST_SSL_SERVER 3 +#define X509_TRUST_EMAIL 4 +#define X509_TRUST_OBJECT_SIGN 5 + +/* Keep these up to date! */ +#define X509_TRUST_MIN 1 +#define X509_TRUST_MAX 5 + + +/* trust_flags values */ +#define X509_TRUST_DYNAMIC 1 +#define X509_TRUST_DYNAMIC_NAME 2 + +/* check_trust return codes */ + +#define X509_TRUST_TRUSTED 1 +#define X509_TRUST_REJECTED 2 +#define X509_TRUST_UNTRUSTED 3 + +typedef struct X509_revoked_st + { + ASN1_INTEGER *serialNumber; + ASN1_UTCTIME *revocationDate; + STACK_OF(X509_EXTENSION) /* optional */ *extensions; + int sequence; /* load sequence */ + } X509_REVOKED; + +DECLARE_STACK_OF(X509_REVOKED) +DECLARE_ASN1_SET_OF(X509_REVOKED) + +typedef struct X509_crl_info_st + { + ASN1_INTEGER *version; + X509_ALGOR *sig_alg; + X509_NAME *issuer; + ASN1_UTCTIME *lastUpdate; + ASN1_UTCTIME *nextUpdate; + STACK_OF(X509_REVOKED) *revoked; + STACK_OF(X509_EXTENSION) /* [0] */ *extensions; + } X509_CRL_INFO; + +typedef struct X509_crl_st + { + /* actual signature */ + X509_CRL_INFO *crl; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int references; + } X509_CRL; + +DECLARE_STACK_OF(X509_CRL) +DECLARE_ASN1_SET_OF(X509_CRL) + +typedef struct private_key_st + { + int version; + /* The PKCS#8 data types */ + X509_ALGOR *enc_algor; + ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ + + /* When decrypted, the following will not be NULL */ + EVP_PKEY *dec_pkey; + + /* used to encrypt and decrypt */ + int key_length; + char *key_data; + int key_free; /* true if we should auto free key_data */ + + /* expanded version of 'enc_algor' */ + EVP_CIPHER_INFO cipher; + + int references; + } X509_PKEY; + +#ifdef HEADER_ENVELOPE_H +typedef struct X509_info_st + { + X509 *x509; + X509_CRL *crl; + X509_PKEY *x_pkey; + + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; + + int references; + } X509_INFO; + +DECLARE_STACK_OF(X509_INFO) +#endif + +/* The next 2 structures and their 8 routines were sent to me by + * Pat Richard and are used to manipulate + * Netscapes spki structures - useful if you are writing a CA web page + */ +typedef struct Netscape_spkac_st + { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ + } NETSCAPE_SPKAC; + +typedef struct Netscape_spki_st + { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + X509_ALGOR *sig_algor; + ASN1_BIT_STRING *signature; + } NETSCAPE_SPKI; + +/* Netscape certificate sequence structure */ +typedef struct Netscape_certificate_sequence + { + ASN1_OBJECT *type; + STACK_OF(X509) *certs; + } NETSCAPE_CERT_SEQUENCE; + +typedef struct CBCParameter_st + { + unsigned char iv[8]; + } CBC_PARAM; + +/* Password based encryption structure */ + +typedef struct PBEPARAM_st { +ASN1_OCTET_STRING *salt; +ASN1_INTEGER *iter; +} PBEPARAM; + +/* Password based encryption V2 structures */ + +typedef struct PBE2PARAM_st { +X509_ALGOR *keyfunc; +X509_ALGOR *encryption; +} PBE2PARAM; + +typedef struct PBKDF2PARAM_st { +ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ +ASN1_INTEGER *iter; +ASN1_INTEGER *keylength; +X509_ALGOR *prf; +} PBKDF2PARAM; + + +/* PKCS#8 private key info structure */ + +typedef struct pkcs8_priv_key_info_st + { + int broken; /* Flag for various broken formats */ +#define PKCS8_OK 0 +#define PKCS8_NO_OCTET 1 +#define PKCS8_EMBEDDED_PARAM 2 +#define PKCS8_NS_DB 3 + ASN1_INTEGER *version; + X509_ALGOR *pkeyalg; + ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ + STACK_OF(X509_ATTRIBUTE) *attributes; + } PKCS8_PRIV_KEY_INFO; + +#include +#include + +#ifdef SSLEAY_MACROS +#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ + a->signature,(char *)a->cert_info,r) +#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \ + a->sig_alg,a->signature,(char *)a->req_info,r) +#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \ + a->sig_alg, a->signature,(char *)a->crl,r) + +#define X509_sign(x,pkey,md) \ + ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \ + x->sig_alg, x->signature, (char *)x->cert_info,pkey,md) +#define X509_REQ_sign(x,pkey,md) \ + ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \ + x->signature, (char *)x->req_info,pkey,md) +#define X509_CRL_sign(x,pkey,md) \ + ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \ + x->signature, (char *)x->crl,pkey,md) +#define NETSCAPE_SPKI_sign(x,pkey,md) \ + ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \ + x->signature, (char *)x->spkac,pkey,md) + +#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ + (char *(*)())d2i_X509,(char *)x509) +#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\ + (int (*)())i2d_X509_ATTRIBUTE, \ + (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa) +#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ + (int (*)())i2d_X509_EXTENSION, \ + (char *(*)())d2i_X509_EXTENSION,(char *)ex) +#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \ + (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)) +#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509) +#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ + (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)) +#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) + +#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \ + (char *(*)())d2i_X509_CRL,(char *)crl) +#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \ + X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\ + (unsigned char **)(crl)) +#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\ + (unsigned char *)crl) +#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \ + X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\ + (unsigned char **)(crl)) +#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\ + (unsigned char *)crl) + +#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \ + (char *(*)())d2i_PKCS7,(char *)p7) +#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \ + PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\ + (unsigned char **)(p7)) +#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\ + (unsigned char *)p7) +#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \ + PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\ + (unsigned char **)(p7)) +#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\ + (unsigned char *)p7) + +#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \ + (char *(*)())d2i_X509_REQ,(char *)req) +#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\ + X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\ + (unsigned char **)(req)) +#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\ + (unsigned char *)req) +#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\ + X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\ + (unsigned char **)(req)) +#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\ + (unsigned char *)req) + +#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \ + (char *(*)())d2i_RSAPublicKey,(char *)rsa) +#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \ + (char *(*)())d2i_RSAPrivateKey,(char *)rsa) + +#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ + RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \ + (unsigned char **)(rsa)) +#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \ + (unsigned char *)rsa) +#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ + RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \ + (unsigned char **)(rsa)) +#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \ + (unsigned char *)rsa) + +#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ + RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \ + (unsigned char **)(rsa)) +#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \ + (unsigned char *)rsa) +#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ + RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \ + (unsigned char **)(rsa)) +#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \ + (unsigned char *)rsa) + +#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\ + DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \ + (unsigned char **)(dsa)) +#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \ + (unsigned char *)dsa) +#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\ + DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \ + (unsigned char **)(dsa)) +#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ + (unsigned char *)dsa) + +#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ + (char *(*)())d2i_X509_ALGOR,(char *)xn) + +#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ + (char *(*)())d2i_X509_NAME,(char *)xn) +#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ + (int (*)())i2d_X509_NAME_ENTRY, \ + (char *(*)())d2i_X509_NAME_ENTRY,\ + (char *)ne) + +#define X509_digest(data,type,md,len) \ + ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) +#define X509_NAME_digest(data,type,md,len) \ + ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) +#ifndef PKCS7_ISSUER_AND_SERIAL_digest +#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ + ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ + (char *)data,md,len) +#endif +#endif + +#define X509_EXT_PACK_UNKNOWN 1 +#define X509_EXT_PACK_STRING 2 + +#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) +/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ +#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) +#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) +#define X509_extract_key(x) X509_get_pubkey(x) /*****/ +#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) +#define X509_REQ_get_subject_name(x) ((x)->req_info->subject) +#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) +#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) + +#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) +#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) +#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) +#define X509_CRL_get_issuer(x) ((x)->crl->issuer) +#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) + +/* This one is only used so that a binary form can output, as in + * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ +#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) + + +const char *X509_verify_cert_error_string(long n); + +#ifndef SSLEAY_MACROS +#ifdef HEADER_ENVELOPE_H +int X509_verify(X509 *a, EVP_PKEY *r); + +int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len); +char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + +int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + +int X509_digest(X509 *data,const EVP_MD *type,unsigned char *md,unsigned int *len); +int X509_NAME_digest(X509_NAME *data,const EVP_MD *type, + unsigned char *md,unsigned int *len); +#endif + +#ifndef NO_FP_API +X509 *d2i_X509_fp(FILE *fp, X509 **x509); +int i2d_X509_fp(FILE *fp,X509 *x509); +X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl); +int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl); +X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req); +int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req); +#ifndef NO_RSA +RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa); +int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); +RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa); +int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); +RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa); +int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa); +#endif +#ifndef NO_DSA +DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); +int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); +DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); +int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); +#endif +X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); +int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); +int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +#endif + +#ifdef HEADER_BIO_H +X509 *d2i_X509_bio(BIO *bp,X509 **x509); +int i2d_X509_bio(BIO *bp,X509 *x509); +X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl); +int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl); +X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req); +int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req); +#ifndef NO_RSA +RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa); +int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); +RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa); +int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); +RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa); +int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa); +#endif +#ifndef NO_DSA +DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); +int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); +DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); +int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); +#endif +X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8); +int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); +int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +#endif + +X509 *X509_dup(X509 *x509); +X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); +X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); +X509_CRL *X509_CRL_dup(X509_CRL *crl); +X509_REQ *X509_REQ_dup(X509_REQ *req); +X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +X509_NAME *X509_NAME_dup(X509_NAME *xn); +X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); +#ifndef NO_RSA +RSA *RSAPublicKey_dup(RSA *rsa); +RSA *RSAPrivateKey_dup(RSA *rsa); +#endif + +#endif /* !SSLEAY_MACROS */ + +int X509_cmp_current_time(ASN1_UTCTIME *s); +ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj); + +const char * X509_get_default_cert_area(void ); +const char * X509_get_default_cert_dir(void ); +const char * X509_get_default_cert_file(void ); +const char * X509_get_default_cert_dir_env(void ); +const char * X509_get_default_cert_file_env(void ); +const char * X509_get_default_private_dir(void ); + +X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); +void ERR_load_X509_strings(void ); + +X509_ALGOR * X509_ALGOR_new(void ); +void X509_ALGOR_free(X509_ALGOR *a); +int i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp); +X509_ALGOR * d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp, + long length); + +X509_VAL * X509_VAL_new(void ); +void X509_VAL_free(X509_VAL *a); +int i2d_X509_VAL(X509_VAL *a,unsigned char **pp); +X509_VAL * d2i_X509_VAL(X509_VAL **a,unsigned char **pp, + long length); + +X509_PUBKEY * X509_PUBKEY_new(void ); +void X509_PUBKEY_free(X509_PUBKEY *a); +int i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp); +X509_PUBKEY * d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp, + long length); +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); +int X509_get_pubkey_parameters(EVP_PKEY *pkey, + STACK_OF(X509) *chain); +int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp); +EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp, + long length); +#ifndef NO_RSA +int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp); +RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp, + long length); +#endif +#ifndef NO_DSA +int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp); +DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp, + long length); +#endif + +X509_SIG * X509_SIG_new(void ); +void X509_SIG_free(X509_SIG *a); +int i2d_X509_SIG(X509_SIG *a,unsigned char **pp); +X509_SIG * d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length); + +X509_REQ_INFO *X509_REQ_INFO_new(void); +void X509_REQ_INFO_free(X509_REQ_INFO *a); +int i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp); +X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp, + long length); + +X509_REQ * X509_REQ_new(void); +void X509_REQ_free(X509_REQ *a); +int i2d_X509_REQ(X509_REQ *a,unsigned char **pp); +X509_REQ * d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length); + +X509_ATTRIBUTE *X509_ATTRIBUTE_new(void ); +void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a); +int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp); +X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp, + long length); +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + + +X509_EXTENSION *X509_EXTENSION_new(void ); +void X509_EXTENSION_free(X509_EXTENSION *a); +int i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp); +X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp, + long length); + +X509_NAME_ENTRY *X509_NAME_ENTRY_new(void); +void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a); +int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp); +X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp, + long length); + +X509_NAME * X509_NAME_new(void); +void X509_NAME_free(X509_NAME *a); +int i2d_X509_NAME(X509_NAME *a,unsigned char **pp); +X509_NAME * d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length); +int X509_NAME_set(X509_NAME **xn, X509_NAME *name); + + +X509_CINF * X509_CINF_new(void); +void X509_CINF_free(X509_CINF *a); +int i2d_X509_CINF(X509_CINF *a,unsigned char **pp); +X509_CINF * d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length); + +X509 * X509_new(void); +void X509_free(X509 *a); +int i2d_X509(X509 *a,unsigned char **pp); +X509 * d2i_X509(X509 **a,unsigned char **pp,long length); +int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int X509_set_ex_data(X509 *r, int idx, void *arg); +void *X509_get_ex_data(X509 *r, int idx); +int i2d_X509_AUX(X509 *a,unsigned char **pp); +X509 * d2i_X509_AUX(X509 **a,unsigned char **pp,long length); + +X509_CERT_AUX * X509_CERT_AUX_new(void); +void X509_CERT_AUX_free(X509_CERT_AUX *a); +int i2d_X509_CERT_AUX(X509_CERT_AUX *a,unsigned char **pp); +X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp, + long length); +int X509_alias_set1(X509 *x, unsigned char *name, int len); +unsigned char * X509_alias_get0(X509 *x, int *len); +int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); +int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj); +void X509_trust_clear(X509 *x); +void X509_reject_clear(X509 *x); + +X509_REVOKED * X509_REVOKED_new(void); +void X509_REVOKED_free(X509_REVOKED *a); +int i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp); +X509_REVOKED * d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length); + +X509_CRL_INFO *X509_CRL_INFO_new(void); +void X509_CRL_INFO_free(X509_CRL_INFO *a); +int i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp); +X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp, + long length); + +X509_CRL * X509_CRL_new(void); +void X509_CRL_free(X509_CRL *a); +int i2d_X509_CRL(X509_CRL *a,unsigned char **pp); +X509_CRL * d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length); + +X509_PKEY * X509_PKEY_new(void ); +void X509_PKEY_free(X509_PKEY *a); +int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); +X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length); + +NETSCAPE_SPKI * NETSCAPE_SPKI_new(void ); +void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a); +int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp); +NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp, + long length); + +NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void ); +void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a); +int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp); +NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp, + long length); + + +int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp); +NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void); +NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, unsigned char **pp, long length); +void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a); + +#ifdef HEADER_ENVELOPE_H +X509_INFO * X509_INFO_new(void); +void X509_INFO_free(X509_INFO *a); +char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); + +int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1, + ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); + +int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data, + unsigned char *md,unsigned int *len); + +int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, + char *data,EVP_PKEY *pkey, const EVP_MD *type); +#endif + +int X509_set_version(X509 *x,long version); +int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +ASN1_INTEGER * X509_get_serialNumber(X509 *x); +int X509_set_issuer_name(X509 *x, X509_NAME *name); +X509_NAME * X509_get_issuer_name(X509 *a); +int X509_set_subject_name(X509 *x, X509_NAME *name); +X509_NAME * X509_get_subject_name(X509 *a); +int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm); +int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm); +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +EVP_PKEY * X509_get_pubkey(X509 *x); +int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); + +int X509_REQ_set_version(X509_REQ *x,long version); +int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); +int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); +int X509_REQ_extension_nid(int nid); +int * X509_REQ_get_extension_nids(void); +void X509_REQ_set_extension_nids(int *nids); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); +int X509_REQ_get_attr_count(const X509_REQ *req); +int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, + int lastpos); +int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); +X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); +int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + ASN1_OBJECT *obj, int type, + unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_txt(X509_REQ *req, + char *attrname, int type, + unsigned char *bytes, int len); + +int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); + +int X509_issuer_and_serial_cmp(X509 *a, X509 *b); +unsigned long X509_issuer_and_serial_hash(X509 *a); + +int X509_issuer_name_cmp(X509 *a, X509 *b); +unsigned long X509_issuer_name_hash(X509 *a); + +int X509_subject_name_cmp(X509 *a,X509 *b); +unsigned long X509_subject_name_hash(X509 *x); + +int X509_cmp (X509 *a, X509 *b); +int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); +unsigned long X509_NAME_hash(X509_NAME *x); + +int X509_CRL_cmp(X509_CRL *a,X509_CRL *b); +#ifndef NO_FP_API +int X509_print_fp(FILE *bp,X509 *x); +int X509_CRL_print_fp(FILE *bp,X509_CRL *x); +int X509_REQ_print_fp(FILE *bp,X509_REQ *req); +#endif + +#ifdef HEADER_BIO_H +int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); +int X509_print(BIO *bp,X509 *x); +int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); +int X509_CRL_print(BIO *bp,X509_CRL *x); +int X509_REQ_print(BIO *bp,X509_REQ *req); +#endif + +int X509_NAME_entry_count(X509_NAME *name); +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, + char *buf,int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, + char *buf,int len); + +/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use + * lastpos, search after that position on. */ +int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, + int lastpos); +X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, + int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, + unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + unsigned char *bytes, int len, int loc, int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + char *field, int type, unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type,unsigned char *bytes, int len); +int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, + unsigned char *bytes, int len, int loc, int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + ASN1_OBJECT *obj, int type,unsigned char *bytes, + int len); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, + ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + unsigned char *bytes, int len); +ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); + +int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, + int nid, int lastpos); +int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, + ASN1_OBJECT *obj,int lastpos); +int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, + int crit, int lastpos); +X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + X509_EXTENSION *ex, int loc); + +int X509_get_ext_count(X509 *x); +int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos); +int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(X509 *x, int loc); +X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); + +int X509_CRL_get_ext_count(X509_CRL *x); +int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); +int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos); +int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); +X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); +X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); + +int X509_REVOKED_get_ext_count(X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); +int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos); +int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); +X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); +X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, ASN1_OCTET_STRING *data); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj); +int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, + ASN1_OCTET_STRING *data); +ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_get_critical(X509_EXTENSION *ex); + +int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); +int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); +X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, + ASN1_OBJECT *obj, int type, + unsigned char *bytes, int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, + int nid, int type, + unsigned char *bytes, int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, + char *attrname, int type, + unsigned char *bytes, int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, void *data, int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + ASN1_OBJECT *obj, int atrtype, void *data, int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + char *atrname, int type, unsigned char *bytes, int len); +int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj); +int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len); +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, + int atrtype, void *data); +int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); +ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +int X509_verify_cert(X509_STORE_CTX *ctx); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name, + ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name); + +int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp); +PBEPARAM *PBEPARAM_new(void); +PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length); +void PBEPARAM_free(PBEPARAM *a); +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen); + +int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp); +PBKDF2PARAM *PBKDF2PARAM_new(void); +PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp, long length); +void PBKDF2PARAM_free(PBKDF2PARAM *a); + +int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp); +PBE2PARAM *PBE2PARAM_new(void); +PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length); +void PBE2PARAM_free(PBE2PARAM *a); + +/* PKCS#8 utilities */ + +int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp); +PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a, + unsigned char **pp, long length); +void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a); + +EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); +PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); + +int X509_check_trust(X509 *x, int id, int flags); +int X509_TRUST_get_count(void); +X509_TRUST * X509_TRUST_get0(int idx); +int X509_TRUST_get_by_id(int id); +int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), + char *name, int arg1, void *arg2); +void X509_TRUST_cleanup(void); +int X509_TRUST_get_flags(X509_TRUST *xp); +char *X509_TRUST_get0_name(X509_TRUST *xp); +int X509_TRUST_get_trust(X509_TRUST *xp); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +/* Error codes for the X509 functions. */ + +/* Function codes. */ +#define X509_F_ADD_CERT_DIR 100 +#define X509_F_BY_FILE_CTRL 101 +#define X509_F_DIR_CTRL 102 +#define X509_F_GET_CERT_BY_SUBJECT 103 +#define X509_F_NETSCAPE_SPKI_B64_DECODE 129 +#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 +#define X509_F_X509V3_ADD_EXT 104 +#define X509_F_X509_ADD_ATTR 135 +#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 +#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 +#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 +#define X509_F_X509_ATTRIBUTE_GET0_DATA 139 +#define X509_F_X509_ATTRIBUTE_SET1_DATA 138 +#define X509_F_X509_CHECK_PRIVATE_KEY 128 +#define X509_F_X509_EXTENSION_CREATE_BY_NID 108 +#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 +#define X509_F_X509_GET_PUBKEY_PARAMETERS 110 +#define X509_F_X509_LOAD_CERT_CRL_FILE 132 +#define X509_F_X509_LOAD_CERT_FILE 111 +#define X509_F_X509_LOAD_CRL_FILE 112 +#define X509_F_X509_NAME_ADD_ENTRY 113 +#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 +#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 +#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 +#define X509_F_X509_NAME_ONELINE 116 +#define X509_F_X509_NAME_PRINT 117 +#define X509_F_X509_PRINT_FP 118 +#define X509_F_X509_PUBKEY_GET 119 +#define X509_F_X509_PUBKEY_SET 120 +#define X509_F_X509_REQ_PRINT 121 +#define X509_F_X509_REQ_PRINT_FP 122 +#define X509_F_X509_REQ_TO_X509 123 +#define X509_F_X509_STORE_ADD_CERT 124 +#define X509_F_X509_STORE_ADD_CRL 125 +#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 +#define X509_F_X509_TO_X509_REQ 126 +#define X509_F_X509_TRUST_ADD 133 +#define X509_F_X509_VERIFY_CERT 127 + +/* Reason codes. */ +#define X509_R_BAD_X509_FILETYPE 100 +#define X509_R_BASE64_DECODE_ERROR 118 +#define X509_R_CANT_CHECK_DH_KEY 114 +#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +#define X509_R_ERR_ASN1_LIB 102 +#define X509_R_INVALID_DIRECTORY 113 +#define X509_R_INVALID_FIELD_NAME 119 +#define X509_R_KEY_TYPE_MISMATCH 115 +#define X509_R_KEY_VALUES_MISMATCH 116 +#define X509_R_LOADING_CERT_DIR 103 +#define X509_R_LOADING_DEFAULTS 104 +#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +#define X509_R_SHOULD_RETRY 106 +#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +#define X509_R_UNKNOWN_KEY_TYPE 117 +#define X509_R_UNKNOWN_NID 109 +#define X509_R_UNKNOWN_PURPOSE_ID 121 +#define X509_R_UNKNOWN_TRUST_ID 120 +#define X509_R_UNSUPPORTED_ALGORITHM 111 +#define X509_R_WRONG_LOOKUP_TYPE 112 +#define X509_R_WRONG_TYPE 122 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/lib/dns/sec/openssl/obj_dat.c b/lib/dns/sec/openssl/obj_dat.c new file mode 100644 index 0000000000..ea07c065bd --- /dev/null +++ b/lib/dns/sec/openssl/obj_dat.c @@ -0,0 +1,654 @@ +/* crypto/objects/obj_dat.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include +#include "cryptlib.h" +#include +#include +#include + +/* obj_dat.h is generated from objects.h by obj_dat.pl */ +#ifndef NO_OBJECT +#include "obj_dat.h" +#else +/* You will have to load all the objects needed manually in the application */ +#define NUM_NID 0 +#define NUM_SN 0 +#define NUM_LN 0 +#define NUM_OBJ 0 +static unsigned char lvalues[1]; +static ASN1_OBJECT nid_objs[1]; +static ASN1_OBJECT *sn_objs[1]; +static ASN1_OBJECT *ln_objs[1]; +static ASN1_OBJECT *obj_objs[1]; +#endif + +static int sn_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b); +static int ln_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b); +static int obj_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b); +#define ADDED_DATA 0 +#define ADDED_SNAME 1 +#define ADDED_LNAME 2 +#define ADDED_NID 3 + +typedef struct added_obj_st + { + int type; + ASN1_OBJECT *obj; + } ADDED_OBJ; + +static int new_nid=NUM_NID; +static LHASH *added=NULL; + +static int sn_cmp(ASN1_OBJECT **ap, ASN1_OBJECT **bp) + { return(strcmp((*ap)->sn,(*bp)->sn)); } + +static int ln_cmp(ASN1_OBJECT **ap, ASN1_OBJECT **bp) + { return(strcmp((*ap)->ln,(*bp)->ln)); } + +static unsigned long add_hash(ADDED_OBJ *ca) + { + ASN1_OBJECT *a; + int i; + unsigned long ret=0; + unsigned char *p; + + a=ca->obj; + switch (ca->type) + { + case ADDED_DATA: + ret=a->length<<20L; + p=(unsigned char *)a->data; + for (i=0; ilength; i++) + ret^=p[i]<<((i*3)%24); + break; + case ADDED_SNAME: + ret=lh_strhash(a->sn); + break; + case ADDED_LNAME: + ret=lh_strhash(a->ln); + break; + case ADDED_NID: + ret=a->nid; + break; + default: + abort(); + } + ret&=0x3fffffffL; + ret|=ca->type<<30L; + return(ret); + } + +static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) + { + ASN1_OBJECT *a,*b; + int i; + + i=ca->type-cb->type; + if (i) return(i); + a=ca->obj; + b=cb->obj; + switch (ca->type) + { + case ADDED_DATA: + i=(a->length - b->length); + if (i) return(i); + return(memcmp(a->data,b->data,a->length)); + case ADDED_SNAME: + if (a->sn == NULL) return(-1); + else if (b->sn == NULL) return(1); + else return(strcmp(a->sn,b->sn)); + case ADDED_LNAME: + if (a->ln == NULL) return(-1); + else if (b->ln == NULL) return(1); + else return(strcmp(a->ln,b->ln)); + case ADDED_NID: + return(a->nid-b->nid); + default: + abort(); + } + return(1); /* should not get here */ + } + +static int init_added(void) + { + if (added != NULL) return(1); + added=lh_new(add_hash,add_cmp); + return(added != NULL); + } + +static void cleanup1(ADDED_OBJ *a) + { + a->obj->nid=0; + a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC| + ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| + ASN1_OBJECT_FLAG_DYNAMIC_DATA; + } + +static void cleanup2(ADDED_OBJ *a) + { a->obj->nid++; } + +static void cleanup3(ADDED_OBJ *a) + { + if (--a->obj->nid == 0) + ASN1_OBJECT_free(a->obj); + Free(a); + } + +void OBJ_cleanup(void) + { + if (added == NULL) return; + added->down_load=0; + lh_doall(added,cleanup1); /* zero counters */ + lh_doall(added,cleanup2); /* set counters */ + lh_doall(added,cleanup3); /* free objects */ + lh_free(added); + added=NULL; + } + +int OBJ_new_nid(int num) + { + int i; + + i=new_nid; + new_nid+=num; + return(i); + } + +int OBJ_add_object(ASN1_OBJECT *obj) + { + ASN1_OBJECT *o; + ADDED_OBJ *ao[4]={NULL,NULL,NULL,NULL},*aop; + int i; + + if (added == NULL) + if (!init_added()) return(0); + if ((o=OBJ_dup(obj)) == NULL) goto err; + ao[ADDED_NID]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ)); + if ((o->length != 0) && (obj->data != NULL)) + ao[ADDED_DATA]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ)); + if (o->sn != NULL) + ao[ADDED_SNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ)); + if (o->ln != NULL) + ao[ADDED_LNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ)); + + for (i=ADDED_DATA; i<=ADDED_NID; i++) + { + if (ao[i] != NULL) + { + ao[i]->type=i; + ao[i]->obj=o; + aop=(ADDED_OBJ *)lh_insert(added,ao[i]); + /* memory leak, buit should not normally matter */ + if (aop != NULL) + Free(aop); + } + } + o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| + ASN1_OBJECT_FLAG_DYNAMIC_DATA); + + return(o->nid); +err: + for (i=ADDED_DATA; i<=ADDED_NID; i++) + if (ao[i] != NULL) Free(ao[i]); + if (o != NULL) Free(o); + return(NID_undef); + } + +ASN1_OBJECT *OBJ_nid2obj(int n) + { + ADDED_OBJ ad,*adp; + ASN1_OBJECT ob; + + if ((n >= 0) && (n < NUM_NID)) + { + if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) + { + OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID); + return(NULL); + } + return((ASN1_OBJECT *)&(nid_objs[n])); + } + else if (added == NULL) + return(NULL); + else + { + ad.type=ADDED_NID; + ad.obj= &ob; + ob.nid=n; + adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + if (adp != NULL) + return(adp->obj); + else + { + OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID); + return(NULL); + } + } + } + +const char *OBJ_nid2sn(int n) + { + ADDED_OBJ ad,*adp; + ASN1_OBJECT ob; + + if ((n >= 0) && (n < NUM_NID)) + { + if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) + { + OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID); + return(NULL); + } + return(nid_objs[n].sn); + } + else if (added == NULL) + return(NULL); + else + { + ad.type=ADDED_NID; + ad.obj= &ob; + ob.nid=n; + adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + if (adp != NULL) + return(adp->obj->sn); + else + { + OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID); + return(NULL); + } + } + } + +const char *OBJ_nid2ln(int n) + { + ADDED_OBJ ad,*adp; + ASN1_OBJECT ob; + + if ((n >= 0) && (n < NUM_NID)) + { + if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) + { + OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID); + return(NULL); + } + return(nid_objs[n].ln); + } + else if (added == NULL) + return(NULL); + else + { + ad.type=ADDED_NID; + ad.obj= &ob; + ob.nid=n; + adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + if (adp != NULL) + return(adp->obj->ln); + else + { + OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID); + return(NULL); + } + } + } + +int OBJ_obj2nid(ASN1_OBJECT *a) + { + ASN1_OBJECT **op; + ADDED_OBJ ad,*adp; + + if (a == NULL) + return(NID_undef); + if (a->nid != 0) + return(a->nid); + + if (added != NULL) + { + ad.type=ADDED_DATA; + ad.obj=a; + adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + if (adp != NULL) return (adp->obj->nid); + } + op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ, + sizeof(ASN1_OBJECT *),(int (*)())obj_cmp); + if (op == NULL) + return(NID_undef); + return((*op)->nid); + } + +/* Convert an object name into an ASN1_OBJECT + * if "noname" is not set then search for short and long names first. + * This will convert the "dotted" form into an object: unlike OBJ_txt2nid + * it can be used with any objects, not just registered ones. + */ + +ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) + { + int nid = NID_undef; + ASN1_OBJECT *op=NULL; + unsigned char *buf,*p; + int i, j; + + if(!no_name) { + if( ((nid = OBJ_sn2nid(s)) != NID_undef) || + ((nid = OBJ_ln2nid(s)) != NID_undef) ) + return OBJ_nid2obj(nid); + } + + /* Work out size of content octets */ + i=a2d_ASN1_OBJECT(NULL,0,s,-1); + if (i <= 0) { + /* Clear the error */ + ERR_get_error(); + return NULL; + } + /* Work out total size */ + j = ASN1_object_size(0,i,V_ASN1_OBJECT); + + if((buf=(unsigned char *)Malloc(j)) == NULL) return NULL; + + p = buf; + /* Write out tag+length */ + ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); + /* Write out contents */ + a2d_ASN1_OBJECT(p,i,s,-1); + + p=buf; + op=d2i_ASN1_OBJECT(NULL,&p,i); + Free(buf); + return op; + } + +int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name) +{ + int i,idx=0,n=0,len,nid; + unsigned long l; + unsigned char *p; + const char *s; + char tbuf[32]; + + if (buf_len <= 0) return(0); + + if ((a == NULL) || (a->data == NULL)) { + buf[0]='\0'; + return(0); + } + + nid=OBJ_obj2nid(a); + if ((nid == NID_undef) || no_name) { + len=a->length; + p=a->data; + + idx=0; + l=0; + while (idx < a->length) { + l|=(p[idx]&0x7f); + if (!(p[idx] & 0x80)) break; + l<<=7L; + idx++; + } + idx++; + i=(int)(l/40); + if (i > 2) i=2; + l-=(long)(i*40); + + sprintf(tbuf,"%d.%lu",i,l); + i=strlen(tbuf); + strncpy(buf,tbuf,buf_len); + buf_len-=i; + buf+=i; + n+=i; + + l=0; + for (; idx 0) + strncpy(buf,tbuf,buf_len); + buf_len-=i; + buf+=i; + n+=i; + l=0; + } + l<<=7L; + } + } else { + s=OBJ_nid2ln(nid); + if (s == NULL) + s=OBJ_nid2sn(nid); + strncpy(buf,s,buf_len); + n=strlen(s); + } + buf[buf_len-1]='\0'; + return(n); +} + +int OBJ_txt2nid(char *s) +{ + ASN1_OBJECT *obj; + int nid; + obj = OBJ_txt2obj(s, 0); + nid = OBJ_obj2nid(obj); + ASN1_OBJECT_free(obj); + return nid; +} + +int OBJ_ln2nid(const char *s) + { + ASN1_OBJECT o,*oo= &o,**op; + ADDED_OBJ ad,*adp; + + o.ln=s; + if (added != NULL) + { + ad.type=ADDED_LNAME; + ad.obj= &o; + adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + if (adp != NULL) return (adp->obj->nid); + } + op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN, + sizeof(ASN1_OBJECT *),(int (*)())ln_cmp); + if (op == NULL) return(NID_undef); + return((*op)->nid); + } + +int OBJ_sn2nid(const char *s) + { + ASN1_OBJECT o,*oo= &o,**op; + ADDED_OBJ ad,*adp; + + o.sn=s; + if (added != NULL) + { + ad.type=ADDED_SNAME; + ad.obj= &o; + adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + if (adp != NULL) return (adp->obj->nid); + } + op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN, + sizeof(ASN1_OBJECT *),(int (*)())sn_cmp); + if (op == NULL) return(NID_undef); + return((*op)->nid); + } + +static int obj_cmp(ASN1_OBJECT **ap, ASN1_OBJECT **bp) + { + int j; + ASN1_OBJECT *a= *ap; + ASN1_OBJECT *b= *bp; + + j=(a->length - b->length); + if (j) return(j); + return(memcmp(a->data,b->data,a->length)); + } + +char *OBJ_bsearch(char *key, char *base, int num, int size, int (*cmp)()) + { + int l,h,i,c; + char *p; + + if (num == 0) return(NULL); + l=0; + h=num; + while (l < h) + { + i=(l+h)/2; + p= &(base[i*size]); + c=(*cmp)(key,p); + if (c < 0) + h=i; + else if (c > 0) + l=i+1; + else + return(p); + } +#ifdef CHARSET_EBCDIC +/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and + * I don't have perl (yet), we revert to a *LINEAR* search + * when the object wasn't found in the binary search. + */ + for (i=0; i +#include "../rename.h" + +#include +#include "cryptlib.h" +#include +#include +#include + +ASN1_OBJECT *OBJ_dup(ASN1_OBJECT *o) + { + ASN1_OBJECT *r; + int i; + char *ln=NULL; + + if (o == NULL) return(NULL); + if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) + return(o); + + r=ASN1_OBJECT_new(); + if (r == NULL) + { + OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB); + return(NULL); + } + r->data=Malloc(o->length); + if (r->data == NULL) + goto err; + memcpy(r->data,o->data,o->length); + r->length=o->length; + r->nid=o->nid; + r->ln=r->sn=NULL; + if (o->ln != NULL) + { + i=strlen(o->ln)+1; + r->ln=ln=Malloc(i); + if (r->ln == NULL) goto err; + memcpy(ln,o->ln,i); + } + + if (o->sn != NULL) + { + char *s; + + i=strlen(o->sn)+1; + r->sn=s=Malloc(i); + if (r->sn == NULL) goto err; + memcpy(s,o->sn,i); + } + r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC| + ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA); + return(r); +err: + OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE); + if (r != NULL) + { + if (ln != NULL) Free(ln); + if (r->data != NULL) Free(r->data); + Free(r); + } + return(NULL); + } + +int OBJ_cmp(ASN1_OBJECT *a, ASN1_OBJECT *b) + { + int ret; + + ret=(a->length-b->length); + if (ret) return(ret); + return(memcmp(a->data,b->data,a->length)); + } diff --git a/lib/dns/sec/openssl/rsa_chk.c b/lib/dns/sec/openssl/rsa_chk.c new file mode 100644 index 0000000000..ff2e15b9d9 --- /dev/null +++ b/lib/dns/sec/openssl/rsa_chk.c @@ -0,0 +1,187 @@ +/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include "../rename.h" + +#include +#include +#include + + +int RSA_check_key(RSA *key) + { + BIGNUM *i, *j, *k, *l, *m; + BN_CTX *ctx; + int r; + int ret=1; + + i = BN_new(); + j = BN_new(); + k = BN_new(); + l = BN_new(); + m = BN_new(); + ctx = BN_CTX_new(); + if (i == NULL || j == NULL || k == NULL || l == NULL || + m == NULL || ctx == NULL) + { + ret = -1; + RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* p prime? */ + r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL); + if (r != 1) + { + ret = r; + if (r != 0) + goto err; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); + } + + /* q prime? */ + r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL); + if (r != 1) + { + ret = r; + if (r != 0) + goto err; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); + } + + /* n = p*q? */ + r = BN_mul(i, key->p, key->q, ctx); + if (!r) { ret = -1; goto err; } + + if (BN_cmp(i, key->n) != 0) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); + } + + /* d*e = 1 mod lcm(p-1,q-1)? */ + + r = BN_sub(i, key->p, BN_value_one()); + if (!r) { ret = -1; goto err; } + r = BN_sub(j, key->q, BN_value_one()); + if (!r) { ret = -1; goto err; } + + /* now compute k = lcm(i,j) */ + r = BN_mul(l, i, j, ctx); + if (!r) { ret = -1; goto err; } + r = BN_gcd(m, i, j, ctx); + if (!r) { ret = -1; goto err; } + r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ + if (!r) { ret = -1; goto err; } + + r = BN_mod_mul(i, key->d, key->e, k, ctx); + if (!r) { ret = -1; goto err; } + + if (!BN_is_one(i)) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); + } + + if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) + { + /* dmp1 = d mod (p-1)? */ + r = BN_sub(i, key->p, BN_value_one()); + if (!r) { ret = -1; goto err; } + + r = BN_mod(j, key->d, i, ctx); + if (!r) { ret = -1; goto err; } + + if (BN_cmp(j, key->dmp1) != 0) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, + RSA_R_DMP1_NOT_CONGRUENT_TO_D); + } + + /* dmq1 = d mod (q-1)? */ + r = BN_sub(i, key->q, BN_value_one()); + if (!r) { ret = -1; goto err; } + + r = BN_mod(j, key->d, i, ctx); + if (!r) { ret = -1; goto err; } + + if (BN_cmp(j, key->dmq1) != 0) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, + RSA_R_DMQ1_NOT_CONGRUENT_TO_D); + } + + /* iqmp = q^-1 mod p? */ + if(!BN_mod_inverse(i, key->q, key->p, ctx)) + { + ret = -1; + goto err; + } + + if (BN_cmp(i, key->iqmp) != 0) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, + RSA_R_IQMP_NOT_INVERSE_OF_Q); + } + } + + err: + if (i != NULL) BN_free(i); + if (j != NULL) BN_free(j); + if (k != NULL) BN_free(k); + if (l != NULL) BN_free(l); + if (m != NULL) BN_free(m); + if (ctx != NULL) BN_CTX_free(ctx); + return (ret); + } diff --git a/lib/dns/sec/openssl/rsa_eay.c b/lib/dns/sec/openssl/rsa_eay.c new file mode 100644 index 0000000000..2c75aca226 --- /dev/null +++ b/lib/dns/sec/openssl/rsa_eay.c @@ -0,0 +1,494 @@ +/* crypto/rsa/rsa_eay.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include +#include +#include + +#ifndef RSA_NULL + +static int RSA_eay_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa); +static int RSA_eay_init(RSA *rsa); +static int RSA_eay_finish(RSA *rsa); +static RSA_METHOD rsa_pkcs1_eay_meth={ + "Eric Young's PKCS#1 RSA", + RSA_eay_public_encrypt, + RSA_eay_public_decrypt, + RSA_eay_private_encrypt, + RSA_eay_private_decrypt, + RSA_eay_mod_exp, + BN_mod_exp_mont, + RSA_eay_init, + RSA_eay_finish, + 0, + NULL, + }; + +RSA_METHOD *RSA_PKCS1_SSLeay(void) + { + return(&rsa_pkcs1_eay_meth); + } + +static int RSA_eay_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + BIGNUM f,ret; + int i,j,k,num=0,r= -1; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + BN_init(&f); + BN_init(&ret); + if ((ctx=BN_CTX_new()) == NULL) goto err; + num=BN_num_bytes(rsa->n); + if ((buf=(unsigned char *)Malloc(num)) == NULL) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + switch (padding) + { + case RSA_PKCS1_PADDING: + i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen); + break; +#ifndef NO_SHA + case RSA_PKCS1_OAEP_PADDING: + i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0); + break; +#endif + case RSA_SSLV23_PADDING: + i=RSA_padding_add_SSLv23(buf,num,from,flen); + break; + case RSA_NO_PADDING: + i=RSA_padding_add_none(buf,num,from,flen); + break; + default: + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (i <= 0) goto err; + + if (BN_bin2bn(buf,num,&f) == NULL) goto err; + + if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) + { + if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx)) + goto err; + } + + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, + rsa->_method_mod_n)) goto err; + + /* put in leading 0 bytes if the number is less than the + * length of the modulus */ + j=BN_num_bytes(&ret); + i=BN_bn2bin(&ret,&(to[num-j])); + for (k=0; k<(num-i); k++) + to[k]=0; + + r=num; +err: + if (ctx != NULL) BN_CTX_free(ctx); + BN_clear_free(&f); + BN_clear_free(&ret); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + BIGNUM f,ret; + int i,j,k,num=0,r= -1; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + BN_init(&f); + BN_init(&ret); + + if ((ctx=BN_CTX_new()) == NULL) goto err; + num=BN_num_bytes(rsa->n); + if ((buf=(unsigned char *)Malloc(num)) == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + switch (padding) + { + case RSA_PKCS1_PADDING: + i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); + break; + case RSA_NO_PADDING: + i=RSA_padding_add_none(buf,num,from,flen); + break; + case RSA_SSLV23_PADDING: + default: + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (i <= 0) goto err; + + if (BN_bin2bn(buf,num,&f) == NULL) goto err; + + if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) + RSA_blinding_on(rsa,ctx); + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + + if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || + ((rsa->p != NULL) && + (rsa->q != NULL) && + (rsa->dmp1 != NULL) && + (rsa->dmq1 != NULL) && + (rsa->iqmp != NULL)) ) + { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } + else + { + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; + } + + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; + + /* put in leading 0 bytes if the number is less than the + * length of the modulus */ + j=BN_num_bytes(&ret); + i=BN_bn2bin(&ret,&(to[num-j])); + for (k=0; k<(num-i); k++) + to[k]=0; + + r=num; +err: + if (ctx != NULL) BN_CTX_free(ctx); + BN_clear_free(&ret); + BN_clear_free(&f); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + BIGNUM f,ret; + int j,num=0,r= -1; + unsigned char *p; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + BN_init(&f); + BN_init(&ret); + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + num=BN_num_bytes(rsa->n); + + if ((buf=(unsigned char *)Malloc(num)) == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + /* This check was for equality but PGP does evil things + * and chops off the top '0' bytes */ + if (flen > num) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); + goto err; + } + + /* make data into a big number */ + if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err; + + if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) + RSA_blinding_on(rsa,ctx); + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + + /* do the decrypt */ + if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || + ((rsa->p != NULL) && + (rsa->q != NULL) && + (rsa->dmp1 != NULL) && + (rsa->dmq1 != NULL) && + (rsa->iqmp != NULL)) ) + { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } + else + { + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) + goto err; + } + + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; + + p=buf; + j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */ + + switch (padding) + { + case RSA_PKCS1_PADDING: + r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); + break; +#ifndef NO_SHA + case RSA_PKCS1_OAEP_PADDING: + r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0); + break; +#endif + case RSA_SSLV23_PADDING: + r=RSA_padding_check_SSLv23(to,num,buf,j,num); + break; + case RSA_NO_PADDING: + r=RSA_padding_check_none(to,num,buf,j,num); + break; + default: + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (r < 0) + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED); + +err: + if (ctx != NULL) BN_CTX_free(ctx); + BN_clear_free(&f); + BN_clear_free(&ret); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + BIGNUM f,ret; + int i,num=0,r= -1; + unsigned char *p; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + BN_init(&f); + BN_init(&ret); + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + num=BN_num_bytes(rsa->n); + buf=(unsigned char *)Malloc(num); + if (buf == NULL) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + /* This check was for equality but PGP does evil things + * and chops off the top '0' bytes */ + if (flen > num) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); + goto err; + } + + if (BN_bin2bn(from,flen,&f) == NULL) goto err; + /* do the decrypt */ + if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) + { + if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx)) + goto err; + } + + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, + rsa->_method_mod_n)) goto err; + + p=buf; + i=BN_bn2bin(&ret,p); + + switch (padding) + { + case RSA_PKCS1_PADDING: + r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); + break; + case RSA_NO_PADDING: + r=RSA_padding_check_none(to,num,buf,i,num); + break; + default: + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (r < 0) + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED); + +err: + if (ctx != NULL) BN_CTX_free(ctx); + BN_clear_free(&f); + BN_clear_free(&ret); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) + { + BIGNUM r1,m1; + int ret=0; + BN_CTX *ctx; + + if ((ctx=BN_CTX_new()) == NULL) goto err; + BN_init(&m1); + BN_init(&r1); + + if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) + { + if (rsa->_method_mod_p == NULL) + { + if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p, + ctx)) + goto err; + } + if (rsa->_method_mod_q == NULL) + { + if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q, + ctx)) + goto err; + } + } + + if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, + rsa->_method_mod_q)) goto err; + + if (!BN_mod(&r1,I,rsa->p,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx, + rsa->_method_mod_p)) goto err; + + if (!BN_sub(r0,r0,&m1)) goto err; + /* This will help stop the size of r0 increasing, which does + * affect the multiply if it optimised for a power of 2 size */ + if (r0->neg) + if (!BN_add(r0,r0,rsa->p)) goto err; + + if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err; + if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err; + /* If p < q it is occasionally possible for the correction of + * adding 'p' if r0 is negative above to leave the result still + * negative. This can break the private key operations: the following + * second correction should *always* correct this rare occurrence. + * This will *never* happen with OpenSSL generated keys because + * they ensure p > q [steve] + */ + if (r0->neg) + if (!BN_add(r0,r0,rsa->p)) goto err; + if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err; + if (!BN_add(r0,&r1,&m1)) goto err; + + ret=1; +err: + BN_clear_free(&m1); + BN_clear_free(&r1); + BN_CTX_free(ctx); + return(ret); + } + +static int RSA_eay_init(RSA *rsa) + { + rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; + return(1); + } + +static int RSA_eay_finish(RSA *rsa) + { + if (rsa->_method_mod_n != NULL) + BN_MONT_CTX_free(rsa->_method_mod_n); + if (rsa->_method_mod_p != NULL) + BN_MONT_CTX_free(rsa->_method_mod_p); + if (rsa->_method_mod_q != NULL) + BN_MONT_CTX_free(rsa->_method_mod_q); + return(1); + } + +#endif diff --git a/lib/dns/sec/openssl/rsa_gen.c b/lib/dns/sec/openssl/rsa_gen.c new file mode 100644 index 0000000000..3114648eae --- /dev/null +++ b/lib/dns/sec/openssl/rsa_gen.c @@ -0,0 +1,200 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include +#include "cryptlib.h" +#include +#include + +RSA *RSA_generate_key(int bits, unsigned long e_value, + void (*callback)(int,int,void *), void *cb_arg) + { + RSA *rsa=NULL; + BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; + int bitsp,bitsq,ok= -1,n=0,i; + BN_CTX *ctx=NULL,*ctx2=NULL; + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + ctx2=BN_CTX_new(); + if (ctx2 == NULL) goto err; + BN_CTX_start(ctx); + r0 = BN_CTX_get(ctx); + r1 = BN_CTX_get(ctx); + r2 = BN_CTX_get(ctx); + r3 = BN_CTX_get(ctx); + if (r3 == NULL) goto err; + + bitsp=(bits+1)/2; + bitsq=bits-bitsp; + rsa=RSA_new(); + if (rsa == NULL) goto err; + + /* set e */ + rsa->e=BN_new(); + if (rsa->e == NULL) goto err; + +#if 1 + /* The problem is when building with 8, 16, or 32 BN_ULONG, + * unsigned long can be larger */ + for (i=0; ie,i); + } +#else + if (!BN_set_word(rsa->e,e_value)) goto err; +#endif + + /* generate p and q */ + for (;;) + { + rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg); + if (rsa->p == NULL) goto err; + if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; + if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; + if (BN_is_one(r1)) break; + if (callback != NULL) callback(2,n++,cb_arg); + BN_free(rsa->p); + } + if (callback != NULL) callback(3,0,cb_arg); + for (;;) + { + rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg); + if (rsa->q == NULL) goto err; + if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; + if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; + if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0)) + break; + if (callback != NULL) callback(2,n++,cb_arg); + BN_free(rsa->q); + } + if (callback != NULL) callback(3,1,cb_arg); + if (BN_cmp(rsa->p,rsa->q) < 0) + { + tmp=rsa->p; + rsa->p=rsa->q; + rsa->q=tmp; + } + + /* calculate n */ + rsa->n=BN_new(); + if (rsa->n == NULL) goto err; + if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err; + + /* calculate d */ + if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ + if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ + if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ + +/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */ +/* for (;;) + { + if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err; + if (BN_is_one(r3)) break; + + if (1) + { + if (!BN_add_word(rsa->e,2L)) goto err; + continue; + } + RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE); + goto err; + } +*/ + rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */ + if (rsa->d == NULL) goto err; + + /* calculate d mod (p-1) */ + rsa->dmp1=BN_new(); + if (rsa->dmp1 == NULL) goto err; + if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err; + + /* calculate d mod (q-1) */ + rsa->dmq1=BN_new(); + if (rsa->dmq1 == NULL) goto err; + if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err; + + /* calculate inverse of q mod p */ + rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2); + if (rsa->iqmp == NULL) goto err; + + ok=1; +err: + if (ok == -1) + { + RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN); + ok=0; + } + BN_CTX_end(ctx); + BN_CTX_free(ctx); + BN_CTX_free(ctx2); + + if (!ok) + { + if (rsa != NULL) RSA_free(rsa); + return(NULL); + } + else + return(rsa); + } + diff --git a/lib/dns/sec/openssl/rsa_lib.c b/lib/dns/sec/openssl/rsa_lib.c new file mode 100644 index 0000000000..4392f0b957 --- /dev/null +++ b/lib/dns/sec/openssl/rsa_lib.c @@ -0,0 +1,336 @@ +/* crypto/rsa/rsa_lib.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include +#include "cryptlib.h" +#include +#include +#include + +const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; + +static RSA_METHOD *default_RSA_meth=NULL; +static int rsa_meth_num=0; +static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL; + +RSA *RSA_new(void) + { + return(RSA_new_method(NULL)); + } + +void RSA_set_default_method(RSA_METHOD *meth) + { + default_RSA_meth=meth; + } + +RSA_METHOD *RSA_get_default_method(void) +{ + return default_RSA_meth; +} + +RSA_METHOD *RSA_get_method(RSA *rsa) +{ + return rsa->meth; +} + +RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth) +{ + RSA_METHOD *mtmp; + mtmp = rsa->meth; + if (mtmp->finish) mtmp->finish(rsa); + rsa->meth = meth; + if (meth->init) meth->init(rsa); + return mtmp; +} + +RSA *RSA_new_method(RSA_METHOD *meth) + { + RSA *ret; + + if (default_RSA_meth == NULL) + { +#ifdef RSA_NULL + default_RSA_meth=RSA_null_method(); +#else +#ifdef RSAref + default_RSA_meth=RSA_PKCS1_RSAref(); +#else + default_RSA_meth=RSA_PKCS1_SSLeay(); +#endif +#endif + } + ret=(RSA *)Malloc(sizeof(RSA)); + if (ret == NULL) + { + RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); + return(NULL); + } + + if (meth == NULL) + ret->meth=default_RSA_meth; + else + ret->meth=meth; + + ret->pad=0; + ret->version=0; + ret->n=NULL; + ret->e=NULL; + ret->d=NULL; + ret->p=NULL; + ret->q=NULL; + ret->dmp1=NULL; + ret->dmq1=NULL; + ret->iqmp=NULL; + ret->references=1; + ret->_method_mod_n=NULL; + ret->_method_mod_p=NULL; + ret->_method_mod_q=NULL; + ret->blinding=NULL; + ret->bignum_data=NULL; + ret->flags=ret->meth->flags; + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { + Free(ret); + ret=NULL; + } + else + CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data); + return(ret); + } + +void RSA_free(RSA *r) + { + int i; + + if (r == NULL) return; + + i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); +#ifdef REF_PRINT + REF_PRINT("RSA",r); +#endif + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"RSA_free, bad reference count\n"); + abort(); + } +#endif + + CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data); + + if (r->meth->finish != NULL) + r->meth->finish(r); + + if (r->n != NULL) BN_clear_free(r->n); + if (r->e != NULL) BN_clear_free(r->e); + if (r->d != NULL) BN_clear_free(r->d); + if (r->p != NULL) BN_clear_free(r->p); + if (r->q != NULL) BN_clear_free(r->q); + if (r->dmp1 != NULL) BN_clear_free(r->dmp1); + if (r->dmq1 != NULL) BN_clear_free(r->dmq1); + if (r->iqmp != NULL) BN_clear_free(r->iqmp); + if (r->blinding != NULL) BN_BLINDING_free(r->blinding); + if (r->bignum_data != NULL) Free_locked(r->bignum_data); + Free(r); + } + +int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + rsa_meth_num++; + return(CRYPTO_get_ex_new_index(rsa_meth_num-1, + &rsa_meth,argl,argp,new_func,dup_func,free_func)); + } + +int RSA_set_ex_data(RSA *r, int idx, void *arg) + { + return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); + } + +void *RSA_get_ex_data(RSA *r, int idx) + { + return(CRYPTO_get_ex_data(&r->ex_data,idx)); + } + +int RSA_size(RSA *r) + { + return(BN_num_bytes(r->n)); + } + +int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to, + RSA *rsa, int padding) + { + return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); + } + +int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to, + RSA *rsa, int padding) + { + return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); + } + +int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to, + RSA *rsa, int padding) + { + return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); + } + +int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to, + RSA *rsa, int padding) + { + return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); + } + +int RSA_flags(RSA *r) + { + return((r == NULL)?0:r->meth->flags); + } + +void RSA_blinding_off(RSA *rsa) + { + if (rsa->blinding != NULL) + { + BN_BLINDING_free(rsa->blinding); + rsa->blinding=NULL; + } + rsa->flags&= ~RSA_FLAG_BLINDING; + } + +int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) + { + BIGNUM *A,*Ai; + BN_CTX *ctx; + int ret=0; + + if (p_ctx == NULL) + { + if ((ctx=BN_CTX_new()) == NULL) goto err; + } + else + ctx=p_ctx; + + if (rsa->blinding != NULL) + BN_BLINDING_free(rsa->blinding); + + BN_CTX_start(ctx); + A = BN_CTX_get(ctx); + if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err; + if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; + + if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) + goto err; + rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); + rsa->flags|=RSA_FLAG_BLINDING; + BN_free(Ai); + ret=1; +err: + BN_CTX_end(ctx); + if (ctx != p_ctx) BN_CTX_free(ctx); + return(ret); + } + +int RSA_memory_lock(RSA *r) + { + int i,j,k,off; + char *p; + BIGNUM *bn,**t[6],*b; + BN_ULONG *ul; + + if (r->d == NULL) return(1); + t[0]= &r->d; + t[1]= &r->p; + t[2]= &r->q; + t[3]= &r->dmp1; + t[4]= &r->dmq1; + t[5]= &r->iqmp; + k=sizeof(BIGNUM)*6; + off=k/sizeof(BN_ULONG)+1; + j=1; + for (i=0; i<6; i++) + j+= (*t[i])->top; + if ((p=Malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) + { + RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); + return(0); + } + bn=(BIGNUM *)p; + ul=(BN_ULONG *)&(p[off]); + for (i=0; i<6; i++) + { + b= *(t[i]); + *(t[i])= &(bn[i]); + memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); + bn[i].flags=BN_FLG_STATIC_DATA; + bn[i].d=ul; + memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); + ul+=b->top; + BN_clear_free(b); + } + + /* I should fix this so it can still be done */ + r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC); + + r->bignum_data=p; + return(1); + } + diff --git a/lib/dns/sec/openssl/rsa_none.c b/lib/dns/sec/openssl/rsa_none.c new file mode 100644 index 0000000000..531b60424d --- /dev/null +++ b/lib/dns/sec/openssl/rsa_none.c @@ -0,0 +1,101 @@ +/* crypto/rsa/rsa_none.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include +#include +#include + +int RSA_padding_add_none(unsigned char *to, int tlen, unsigned char *from, + int flen) + { + if (flen > tlen) + { + RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return(0); + } + + if (flen < tlen) + { + RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); + return(0); + } + + memcpy(to,from,(unsigned int)flen); + return(1); + } + +int RSA_padding_check_none(unsigned char *to, int tlen, unsigned char *from, + int flen, int num) + { + + if (flen > tlen) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE); + return(-1); + } + + memset(to,0,tlen-flen); + memcpy(to+tlen-flen,from,flen); + return(tlen); + } + diff --git a/lib/dns/sec/openssl/rsa_oaep.c b/lib/dns/sec/openssl/rsa_oaep.c new file mode 100644 index 0000000000..30602ffa43 --- /dev/null +++ b/lib/dns/sec/openssl/rsa_oaep.c @@ -0,0 +1,166 @@ +/* crypto/rsa/rsa_oaep.c */ +/* Written by Ulf Moeller. This software is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */ + +/* EME_OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ + +#include +#include "../rename.h" + +#if !defined(NO_SHA) && !defined(NO_SHA1) +#include +#include "cryptlib.h" +#include +#include +#include +#include + +int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen); + +int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + unsigned char *from, int flen, unsigned char *param, int plen) + { + int i, emlen = tlen - 1; + unsigned char *db, *seed; + unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; + + if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, + RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return (0); + } + + if (emlen < 2 * SHA_DIGEST_LENGTH + 1) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); + return (0); + } + + dbmask = Malloc(emlen - SHA_DIGEST_LENGTH); + if (dbmask == NULL) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); + return (0); + } + + to[0] = 0; + seed = to + 1; + db = to + SHA_DIGEST_LENGTH + 1; + + SHA1(param, plen, db); + memset(db + SHA_DIGEST_LENGTH, 0, + emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); + db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; + memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen); + if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0) + return (0); +#ifdef PKCS_TESTVECT + memcpy(seed, + "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", + 20); +#endif + + MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); + for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) + db[i] ^= dbmask[i]; + + MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); + for (i = 0; i < SHA_DIGEST_LENGTH; i++) + seed[i] ^= seedmask[i]; + + Free(dbmask); + return (1); + } + +int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + unsigned char *from, int flen, int num, unsigned char *param, + int plen) + { + int i, dblen, mlen = -1; + unsigned char *maskeddb; + int lzero; + unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; + + if (--num < 2 * SHA_DIGEST_LENGTH + 1) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + return (-1); + } + + dblen = num - SHA_DIGEST_LENGTH; + db = Malloc(dblen); + if (db == NULL) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); + return (-1); + } + + lzero = num - flen; + maskeddb = from - lzero + SHA_DIGEST_LENGTH; + + MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); + for (i = lzero; i < SHA_DIGEST_LENGTH; i++) + seed[i] ^= from[i - lzero]; + + MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); + for (i = 0; i < dblen; i++) + db[i] ^= maskeddb[i]; + + SHA1(param, plen, phash); + + if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + else + { + for (i = SHA_DIGEST_LENGTH; i < dblen; i++) + if (db[i] != 0x00) + break; + if (db[i] != 0x01 || i++ >= dblen) + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, + RSA_R_OAEP_DECODING_ERROR); + else + { + mlen = dblen - i; + if (tlen < mlen) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); + mlen = -1; + } + else + memcpy(to, db + i, mlen); + } + } + Free(db); + return (mlen); + } + +int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen) + { + long i, outlen = 0; + unsigned char cnt[4]; + SHA_CTX c; + unsigned char md[SHA_DIGEST_LENGTH]; + + for (i = 0; outlen < len; i++) + { + cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255, + cnt[2] = (i >> 8) & 255, cnt[3] = i & 255; + SHA1_Init(&c); + SHA1_Update(&c, seed, seedlen); + SHA1_Update(&c, cnt, 4); + if (outlen + SHA_DIGEST_LENGTH <= len) + { + SHA1_Final(mask + outlen, &c); + outlen += SHA_DIGEST_LENGTH; + } + else + { + SHA1_Final(md, &c); + memcpy(mask + outlen, md, len - outlen); + outlen = len; + } + } + return (0); + } +#endif diff --git a/lib/dns/sec/openssl/rsa_pk1.c b/lib/dns/sec/openssl/rsa_pk1.c new file mode 100644 index 0000000000..d54863f350 --- /dev/null +++ b/lib/dns/sec/openssl/rsa_pk1.c @@ -0,0 +1,227 @@ +/* crypto/rsa/rsa_pk1.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include +#include +#include + +int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + unsigned char *from, int flen) + { + int j; + unsigned char *p; + + if (flen > (tlen-11)) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return(0); + } + + p=(unsigned char *)to; + + *(p++)=0; + *(p++)=1; /* Private Key BT (Block Type) */ + + /* pad out with 0xff data */ + j=tlen-3-flen; + memset(p,0xff,j); + p+=j; + *(p++)='\0'; + memcpy(p,from,(unsigned int)flen); + return(1); + } + +int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + unsigned char *from, int flen, int num) + { + int i,j; + unsigned char *p; + + p=from; + if ((num != (flen+1)) || (*(p++) != 01)) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01); + return(-1); + } + + /* scan over padding data */ + j=flen-1; /* one for type. */ + for (i=0; i tlen) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE); + return(-1); + } + memcpy(to,p,(unsigned int)j); + + return(j); + } + +int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + unsigned char *from, int flen) + { + int i,j; + unsigned char *p; + + if (flen > (tlen-11)) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return(0); + } + + p=(unsigned char *)to; + + *(p++)=0; + *(p++)=2; /* Public Key BT (Block Type) */ + + /* pad out with non-zero random data */ + j=tlen-3-flen; + + if (RAND_bytes(p,j) <= 0) + return(0); + for (i=0; i tlen) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE); + return(-1); + } + memcpy(to,p,(unsigned int)j); + + return(j); + } + diff --git a/lib/dns/sec/openssl/rsa_sign.c b/lib/dns/sec/openssl/rsa_sign.c new file mode 100644 index 0000000000..7d8651cfc8 --- /dev/null +++ b/lib/dns/sec/openssl/rsa_sign.c @@ -0,0 +1,224 @@ +/* crypto/rsa/rsa_sign.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include +#include +#include +#include + +/* Size of an SSL signature: MD5+SHA1 */ +#define SSL_SIG_LENGTH 36 + +int RSA_sign(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa) + { + X509_SIG sig; + ASN1_TYPE parameter; + int i,j,ret=1; + unsigned char *p,*s = NULL; + X509_ALGOR algor; + ASN1_OCTET_STRING digest; + if(rsa->flags & RSA_FLAG_SIGN_VER) + return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); + /* Special case: SSL signature, just check the length */ + if(type == NID_md5_sha1) { + if(m_len != SSL_SIG_LENGTH) { + RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH); + return(0); + } + i = SSL_SIG_LENGTH; + s = m; + } else { + sig.algor= &algor; + sig.algor->algorithm=OBJ_nid2obj(type); + if (sig.algor->algorithm == NULL) + { + RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); + return(0); + } + if (sig.algor->algorithm->length == 0) + { + RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); + return(0); + } + parameter.type=V_ASN1_NULL; + parameter.value.ptr=NULL; + sig.algor->parameter= ¶meter; + + sig.digest= &digest; + sig.digest->data=m; + sig.digest->length=m_len; + + i=i2d_X509_SIG(&sig,NULL); + } + j=RSA_size(rsa); + if ((i-RSA_PKCS1_PADDING) > j) + { + RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + return(0); + } + if(type != NID_md5_sha1) { + s=(unsigned char *)Malloc((unsigned int)j+1); + if (s == NULL) + { + RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE); + return(0); + } + p=s; + i2d_X509_SIG(&sig,&p); + } + i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); + if (i <= 0) + ret=0; + else + *siglen=i; + + if(type != NID_md5_sha1) { + memset(s,0,(unsigned int)j+1); + Free(s); + } + return(ret); + } + +int RSA_verify(int dtype, unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa) + { + int i,ret=0,sigtype; + unsigned char *p,*s; + X509_SIG *sig=NULL; + + if (siglen != (unsigned int)RSA_size(rsa)) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); + return(0); + } + + if(rsa->flags & RSA_FLAG_SIGN_VER) + return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); + + s=(unsigned char *)Malloc((unsigned int)siglen); + if (s == NULL) + { + RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); + goto err; + } + if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); + return(0); + } + i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); + + if (i <= 0) goto err; + + /* Special case: SSL signature */ + if(dtype == NID_md5_sha1) { + if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + else ret = 1; + } else { + p=s; + sig=d2i_X509_SIG(NULL,&p,(long)i); + + if (sig == NULL) goto err; + sigtype=OBJ_obj2nid(sig->algor->algorithm); + + + #ifdef RSA_DEBUG + /* put a backward compatibility flag in EAY */ + fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), + OBJ_nid2ln(dtype)); + #endif + if (sigtype != dtype) + { + if (((dtype == NID_md5) && + (sigtype == NID_md5WithRSAEncryption)) || + ((dtype == NID_md2) && + (sigtype == NID_md2WithRSAEncryption))) + { + /* ok, we will let it through */ + #if !defined(NO_STDIO) && !defined(WIN16) + fprintf(stderr,"signature has problems, re-make with post SSLeay045\n"); + #endif + } + else + { + RSAerr(RSA_F_RSA_VERIFY, + RSA_R_ALGORITHM_MISMATCH); + goto err; + } + } + if ( ((unsigned int)sig->digest->length != m_len) || + (memcmp(m,sig->digest->data,m_len) != 0)) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + } + else + ret=1; + } +err: + if (sig != NULL) X509_SIG_free(sig); + memset(s,0,(unsigned int)siglen); + Free(s); + return(ret); + } + diff --git a/lib/dns/sec/openssl/rsa_ssl.c b/lib/dns/sec/openssl/rsa_ssl.c new file mode 100644 index 0000000000..bf2bab60c2 --- /dev/null +++ b/lib/dns/sec/openssl/rsa_ssl.c @@ -0,0 +1,157 @@ +/* crypto/rsa/rsa_ssl.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include +#include +#include + +int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from, + int flen) + { + int i,j; + unsigned char *p; + + if (flen > (tlen-11)) + { + RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return(0); + } + + p=(unsigned char *)to; + + *(p++)=0; + *(p++)=2; /* Public Key BT (Block Type) */ + + /* pad out with non-zero random data */ + j=tlen-3-8-flen; + + if (RAND_bytes(p,j) <= 0) + return(0); + for (i=0; i tlen) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE); + return(-1); + } + memcpy(to,p,(unsigned int)j); + + return(j); + } + diff --git a/lib/dns/sec/openssl/x_algor.c b/lib/dns/sec/openssl/x_algor.c new file mode 100644 index 0000000000..c8999d2ded --- /dev/null +++ b/lib/dns/sec/openssl/x_algor.c @@ -0,0 +1,120 @@ +/* crypto/asn1/x_algor.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include +#include + +int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp) + { + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len(a->algorithm,i2d_ASN1_OBJECT); + if (a->parameter != NULL) + { M_ASN1_I2D_len(a->parameter,i2d_ASN1_TYPE); } + + M_ASN1_I2D_seq_total(); + M_ASN1_I2D_put(a->algorithm,i2d_ASN1_OBJECT); + if (a->parameter != NULL) + { M_ASN1_I2D_put(a->parameter,i2d_ASN1_TYPE); } + + M_ASN1_I2D_finish(); + } + +X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length) + { + M_ASN1_D2I_vars(a,X509_ALGOR *,X509_ALGOR_new); + + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + M_ASN1_D2I_get(ret->algorithm,d2i_ASN1_OBJECT); + if (!M_ASN1_D2I_end_sequence()) + { M_ASN1_D2I_get(ret->parameter,d2i_ASN1_TYPE); } + else + { + ASN1_TYPE_free(ret->parameter); + ret->parameter=NULL; + } + M_ASN1_D2I_Finish(a,X509_ALGOR_free,ASN1_F_D2I_X509_ALGOR); + } + +X509_ALGOR *X509_ALGOR_new(void) + { + X509_ALGOR *ret=NULL; + ASN1_CTX c; + + M_ASN1_New_Malloc(ret,X509_ALGOR); + ret->algorithm=OBJ_nid2obj(NID_undef); + ret->parameter=NULL; + return(ret); + M_ASN1_New_Error(ASN1_F_X509_ALGOR_NEW); + } + +void X509_ALGOR_free(X509_ALGOR *a) + { + if (a == NULL) return; + ASN1_OBJECT_free(a->algorithm); + ASN1_TYPE_free(a->parameter); + Free(a); + } + +IMPLEMENT_STACK_OF(X509_ALGOR) +IMPLEMENT_ASN1_SET_OF(X509_ALGOR) diff --git a/lib/dns/sec/openssl/x_sig.c b/lib/dns/sec/openssl/x_sig.c new file mode 100644 index 0000000000..8030ccb896 --- /dev/null +++ b/lib/dns/sec/openssl/x_sig.c @@ -0,0 +1,113 @@ +/* crypto/asn1/x_sig.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "../rename.h" + +#include +#include "cryptlib.h" +#include +#include + +int i2d_X509_SIG(X509_SIG *a, unsigned char **pp) + { + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len(a->algor, i2d_X509_ALGOR); + M_ASN1_I2D_len(a->digest, i2d_ASN1_OCTET_STRING); + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put(a->algor, i2d_X509_ALGOR); + M_ASN1_I2D_put(a->digest, i2d_ASN1_OCTET_STRING); + + M_ASN1_I2D_finish(); + } + +X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length) + { + M_ASN1_D2I_vars(a,X509_SIG *,X509_SIG_new); + + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR); + M_ASN1_D2I_get(ret->digest,d2i_ASN1_OCTET_STRING); + M_ASN1_D2I_Finish(a,X509_SIG_free,ASN1_F_D2I_X509_SIG); + } + +X509_SIG *X509_SIG_new(void) + { + X509_SIG *ret=NULL; + ASN1_CTX c; + + M_ASN1_New_Malloc(ret,X509_SIG); + M_ASN1_New(ret->algor,X509_ALGOR_new); + M_ASN1_New(ret->digest,M_ASN1_OCTET_STRING_new); + return(ret); + M_ASN1_New_Error(ASN1_F_X509_SIG_NEW); + } + +void X509_SIG_free(X509_SIG *a) + { + if (a == NULL) return; + X509_ALGOR_free(a->algor); + M_ASN1_OCTET_STRING_free(a->digest); + Free(a); + } + +