585752add12cdce09c9e92e89701aa63b2a234f3
[openssl.git] / crypto / store / str_lib.c
1 /* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */
2 /*
3  * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
4  * 2003.
5  */
6 /* ====================================================================
7  * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  *
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  *
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in
18  *    the documentation and/or other materials provided with the
19  *    distribution.
20  *
21  * 3. All advertising materials mentioning features or use of this
22  *    software must display the following acknowledgment:
23  *    "This product includes software developed by the OpenSSL Project
24  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25  *
26  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27  *    endorse or promote products derived from this software without
28  *    prior written permission. For written permission, please contact
29  *    openssl-core@openssl.org.
30  *
31  * 5. Products derived from this software may not be called "OpenSSL"
32  *    nor may "OpenSSL" appear in their names without prior written
33  *    permission of the OpenSSL Project.
34  *
35  * 6. Redistributions of any form whatsoever must retain the following
36  *    acknowledgment:
37  *    "This product includes software developed by the OpenSSL Project
38  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51  * OF THE POSSIBILITY OF SUCH DAMAGE.
52  * ====================================================================
53  *
54  * This product includes cryptographic software written by Eric Young
55  * (eay@cryptsoft.com).  This product includes software written by Tim
56  * Hudson (tjh@cryptsoft.com).
57  *
58  */
59
60 #include <string.h>
61 #include <openssl/bn.h>
62 #include <openssl/err.h>
63 #ifndef OPENSSL_NO_ENGINE
64 # include <openssl/engine.h>
65 #endif
66 #include <openssl/sha.h>
67 #include <openssl/x509.h>
68 #include "str_locl.h"
69
70 const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1] = {
71     0,
72     "X.509 Certificate",
73     "X.509 CRL",
74     "Private Key",
75     "Public Key",
76     "Number",
77     "Arbitrary Data"
78 };
79
80 const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1] = {
81     0,
82     sizeof(int),                /* EVP_TYPE */
83     sizeof(size_t),             /* BITS */
84     -1,                         /* KEY_PARAMETERS */
85     0                           /* KEY_NO_PARAMETERS */
86 };
87
88 const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1] = {
89     0,
90     -1,                         /* FRIENDLYNAME: C string */
91     SHA_DIGEST_LENGTH,          /* KEYID: SHA1 digest, 160 bits */
92     SHA_DIGEST_LENGTH,          /* ISSUERKEYID: SHA1 digest, 160 bits */
93     SHA_DIGEST_LENGTH,          /* SUBJECTKEYID: SHA1 digest, 160 bits */
94     SHA_DIGEST_LENGTH,          /* ISSUERSERIALHASH: SHA1 digest, 160 bits */
95     sizeof(X509_NAME *),        /* ISSUER: X509_NAME * */
96     sizeof(BIGNUM *),           /* SERIAL: BIGNUM * */
97     sizeof(X509_NAME *),        /* SUBJECT: X509_NAME * */
98     SHA_DIGEST_LENGTH,          /* CERTHASH: SHA1 digest, 160 bits */
99     -1,                         /* EMAIL: C string */
100     -1,                         /* FILENAME: C string */
101 };
102
103 STORE *STORE_new_method(const STORE_METHOD *method)
104 {
105     STORE *ret;
106
107     if (method == NULL) {
108         STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_PASSED_NULL_PARAMETER);
109         return NULL;
110     }
111
112     ret = OPENSSL_malloc(sizeof(*ret));
113     if (ret == NULL) {
114         STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_MALLOC_FAILURE);
115         return NULL;
116     }
117
118     ret->meth = method;
119
120     CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);
121     if (ret->meth->init && !ret->meth->init(ret)) {
122         STORE_free(ret);
123         ret = NULL;
124     }
125     return ret;
126 }
127
128 STORE *STORE_new_engine(ENGINE *engine)
129 {
130     STORE *ret = NULL;
131     ENGINE *e = engine;
132     const STORE_METHOD *meth = 0;
133
134 #ifdef OPENSSL_NO_ENGINE
135     e = NULL;
136 #else
137     if (engine) {
138         if (!ENGINE_init(engine)) {
139             STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
140             return NULL;
141         }
142         e = engine;
143     } else {
144         STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
145         return NULL;
146     }
147     if (e) {
148         meth = ENGINE_get_STORE(e);
149         if (!meth) {
150             STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
151             ENGINE_finish(e);
152             return NULL;
153         }
154     }
155 #endif
156
157     ret = STORE_new_method(meth);
158     if (ret == NULL) {
159         STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_STORE_LIB);
160         return NULL;
161     }
162
163     ret->engine = e;
164
165     return (ret);
166 }
167
168 void STORE_free(STORE *store)
169 {
170     if (store == NULL)
171         return;
172     if (store->meth->clean)
173         store->meth->clean(store);
174     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);
175     OPENSSL_free(store);
176 }
177
178 int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void))
179 {
180     if (store == NULL) {
181         STOREerr(STORE_F_STORE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
182         return 0;
183     }
184     if (store->meth->ctrl)
185         return store->meth->ctrl(store, cmd, i, p, f);
186     STOREerr(STORE_F_STORE_CTRL, STORE_R_NO_CONTROL_FUNCTION);
187     return 0;
188 }
189
190 int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
191                            CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
192 {
193     return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp,
194                                    new_func, dup_func, free_func);
195 }
196
197 int STORE_set_ex_data(STORE *r, int idx, void *arg)
198 {
199     return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
200 }
201
202 void *STORE_get_ex_data(STORE *r, int idx)
203 {
204     return (CRYPTO_get_ex_data(&r->ex_data, idx));
205 }
206
207 const STORE_METHOD *STORE_get_method(STORE *store)
208 {
209     return store->meth;
210 }
211
212 const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)
213 {
214     store->meth = meth;
215     return store->meth;
216 }
217
218 /* API helpers */
219
220 #define check_store(s,fncode,fnname,fnerrcode) \
221         do \
222                 { \
223                 if ((s) == NULL || (s)->meth == NULL) \
224                         { \
225                         STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
226                         return 0; \
227                         } \
228                 if ((s)->meth->fnname == NULL) \
229                         { \
230                         STOREerr((fncode), (fnerrcode)); \
231                         return 0; \
232                         } \
233                 } \
234         while(0)
235
236 /* API functions */
237
238 X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],
239                             OPENSSL_ITEM parameters[])
240 {
241     STORE_OBJECT *object;
242     X509 *x;
243
244     check_store(s, STORE_F_STORE_GET_CERTIFICATE,
245                 get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
246
247     object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
248                                  attributes, parameters);
249     if (!object || !object->data.x509.certificate) {
250         STOREerr(STORE_F_STORE_GET_CERTIFICATE,
251                  STORE_R_FAILED_GETTING_CERTIFICATE);
252         return 0;
253     }
254     CRYPTO_add(&object->data.x509.certificate->references, 1,
255                CRYPTO_LOCK_X509);
256 #ifdef REF_PRINT
257     REF_PRINT("X509", data);
258 #endif
259     x = object->data.x509.certificate;
260     STORE_OBJECT_free(object);
261     return x;
262 }
263
264 int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],
265                             OPENSSL_ITEM parameters[])
266 {
267     STORE_OBJECT *object;
268     int i;
269
270     check_store(s, STORE_F_STORE_CERTIFICATE,
271                 store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
272
273     object = STORE_OBJECT_new();
274     if (!object) {
275         STOREerr(STORE_F_STORE_STORE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
276         return 0;
277     }
278
279     CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509);
280 #ifdef REF_PRINT
281     REF_PRINT("X509", data);
282 #endif
283     object->data.x509.certificate = data;
284
285     i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
286                               object, attributes, parameters);
287
288     STORE_OBJECT_free(object);
289
290     if (!i) {
291         STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
292                  STORE_R_FAILED_STORING_CERTIFICATE);
293         return 0;
294     }
295     return 1;
296 }
297
298 int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[],
299                              OPENSSL_ITEM add_attributes[],
300                              OPENSSL_ITEM modify_attributes[],
301                              OPENSSL_ITEM delete_attributes[],
302                              OPENSSL_ITEM parameters[])
303 {
304     check_store(s, STORE_F_STORE_MODIFY_CERTIFICATE,
305                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
306
307     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
308                                 search_attributes, add_attributes,
309                                 modify_attributes, delete_attributes,
310                                 parameters)) {
311         STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,
312                  STORE_R_FAILED_MODIFYING_CERTIFICATE);
313         return 0;
314     }
315     return 1;
316 }
317
318 int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[],
319                              OPENSSL_ITEM parameters[])
320 {
321     check_store(s, STORE_F_STORE_REVOKE_CERTIFICATE,
322                 revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
323
324     if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
325                                 attributes, parameters)) {
326         STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,
327                  STORE_R_FAILED_REVOKING_CERTIFICATE);
328         return 0;
329     }
330     return 1;
331 }
332
333 int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[],
334                              OPENSSL_ITEM parameters[])
335 {
336     check_store(s, STORE_F_STORE_DELETE_CERTIFICATE,
337                 delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
338
339     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
340                                 attributes, parameters)) {
341         STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,
342                  STORE_R_FAILED_DELETING_CERTIFICATE);
343         return 0;
344     }
345     return 1;
346 }
347
348 void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[],
349                                    OPENSSL_ITEM parameters[])
350 {
351     void *handle;
352
353     check_store(s, STORE_F_STORE_LIST_CERTIFICATE_START,
354                 list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
355
356     handle = s->meth->list_object_start(s,
357                                         STORE_OBJECT_TYPE_X509_CERTIFICATE,
358                                         attributes, parameters);
359     if (!handle) {
360         STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,
361                  STORE_R_FAILED_LISTING_CERTIFICATES);
362         return 0;
363     }
364     return handle;
365 }
366
367 X509 *STORE_list_certificate_next(STORE *s, void *handle)
368 {
369     STORE_OBJECT *object;
370     X509 *x;
371
372     check_store(s, STORE_F_STORE_LIST_CERTIFICATE_NEXT,
373                 list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
374
375     object = s->meth->list_object_next(s, handle);
376     if (!object || !object->data.x509.certificate) {
377         STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,
378                  STORE_R_FAILED_LISTING_CERTIFICATES);
379         return 0;
380     }
381     CRYPTO_add(&object->data.x509.certificate->references, 1,
382                CRYPTO_LOCK_X509);
383 #ifdef REF_PRINT
384     REF_PRINT("X509", data);
385 #endif
386     x = object->data.x509.certificate;
387     STORE_OBJECT_free(object);
388     return x;
389 }
390
391 int STORE_list_certificate_end(STORE *s, void *handle)
392 {
393     check_store(s, STORE_F_STORE_LIST_CERTIFICATE_END,
394                 list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
395
396     if (!s->meth->list_object_end(s, handle)) {
397         STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,
398                  STORE_R_FAILED_LISTING_CERTIFICATES);
399         return 0;
400     }
401     return 1;
402 }
403
404 int STORE_list_certificate_endp(STORE *s, void *handle)
405 {
406     check_store(s, STORE_F_STORE_LIST_CERTIFICATE_ENDP,
407                 list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
408
409     if (!s->meth->list_object_endp(s, handle)) {
410         STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,
411                  STORE_R_FAILED_LISTING_CERTIFICATES);
412         return 0;
413     }
414     return 1;
415 }
416
417 EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[],
418                              OPENSSL_ITEM parameters[])
419 {
420     STORE_OBJECT *object;
421     EVP_PKEY *pkey;
422
423     check_store(s, STORE_F_STORE_GENERATE_KEY,
424                 generate_object, STORE_R_NO_GENERATE_OBJECT_FUNCTION);
425
426     object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
427                                       attributes, parameters);
428     if (!object || !object->data.key) {
429         STOREerr(STORE_F_STORE_GENERATE_KEY, STORE_R_FAILED_GENERATING_KEY);
430         return 0;
431     }
432     CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
433 #ifdef REF_PRINT
434     REF_PRINT("EVP_PKEY", data);
435 #endif
436     pkey = object->data.key;
437     STORE_OBJECT_free(object);
438     return pkey;
439 }
440
441 EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[],
442                                 OPENSSL_ITEM parameters[])
443 {
444     STORE_OBJECT *object;
445     EVP_PKEY *pkey;
446
447     check_store(s, STORE_F_STORE_GET_PRIVATE_KEY,
448                 get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
449
450     object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
451                                  attributes, parameters);
452     if (!object || !object->data.key || !object->data.key) {
453         STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, STORE_R_FAILED_GETTING_KEY);
454         return 0;
455     }
456     CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
457 #ifdef REF_PRINT
458     REF_PRINT("EVP_PKEY", data);
459 #endif
460     pkey = object->data.key;
461     STORE_OBJECT_free(object);
462     return pkey;
463 }
464
465 int STORE_store_private_key(STORE *s, EVP_PKEY *data,
466                             OPENSSL_ITEM attributes[],
467                             OPENSSL_ITEM parameters[])
468 {
469     STORE_OBJECT *object;
470     int i;
471
472     check_store(s, STORE_F_STORE_STORE_PRIVATE_KEY,
473                 store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
474
475     object = STORE_OBJECT_new();
476     if (!object) {
477         STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
478         return 0;
479     }
480     object->data.key = EVP_PKEY_new();
481     if (!object->data.key) {
482         STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
483         return 0;
484     }
485
486     CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
487 #ifdef REF_PRINT
488     REF_PRINT("EVP_PKEY", data);
489 #endif
490     object->data.key = data;
491
492     i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,
493                               attributes, parameters);
494
495     STORE_OBJECT_free(object);
496
497     if (!i) {
498         STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, STORE_R_FAILED_STORING_KEY);
499         return 0;
500     }
501     return i;
502 }
503
504 int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[],
505                              OPENSSL_ITEM add_attributes[],
506                              OPENSSL_ITEM modify_attributes[],
507                              OPENSSL_ITEM delete_attributes[],
508                              OPENSSL_ITEM parameters[])
509 {
510     check_store(s, STORE_F_STORE_MODIFY_PRIVATE_KEY,
511                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
512
513     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
514                                 search_attributes, add_attributes,
515                                 modify_attributes, delete_attributes,
516                                 parameters)) {
517         STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,
518                  STORE_R_FAILED_MODIFYING_PRIVATE_KEY);
519         return 0;
520     }
521     return 1;
522 }
523
524 int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[],
525                              OPENSSL_ITEM parameters[])
526 {
527     int i;
528
529     check_store(s, STORE_F_STORE_REVOKE_PRIVATE_KEY,
530                 revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
531
532     i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
533                                attributes, parameters);
534
535     if (!i) {
536         STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,
537                  STORE_R_FAILED_REVOKING_KEY);
538         return 0;
539     }
540     return i;
541 }
542
543 int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[],
544                              OPENSSL_ITEM parameters[])
545 {
546     check_store(s, STORE_F_STORE_DELETE_PRIVATE_KEY,
547                 delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
548
549     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
550                                 attributes, parameters)) {
551         STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,
552                  STORE_R_FAILED_DELETING_KEY);
553         return 0;
554     }
555     return 1;
556 }
557
558 void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[],
559                                    OPENSSL_ITEM parameters[])
560 {
561     void *handle;
562
563     check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_START,
564                 list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
565
566     handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
567                                         attributes, parameters);
568     if (!handle) {
569         STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,
570                  STORE_R_FAILED_LISTING_KEYS);
571         return 0;
572     }
573     return handle;
574 }
575
576 EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle)
577 {
578     STORE_OBJECT *object;
579     EVP_PKEY *pkey;
580
581     check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
582                 list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
583
584     object = s->meth->list_object_next(s, handle);
585     if (!object || !object->data.key || !object->data.key) {
586         STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
587                  STORE_R_FAILED_LISTING_KEYS);
588         return 0;
589     }
590     CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
591 #ifdef REF_PRINT
592     REF_PRINT("EVP_PKEY", data);
593 #endif
594     pkey = object->data.key;
595     STORE_OBJECT_free(object);
596     return pkey;
597 }
598
599 int STORE_list_private_key_end(STORE *s, void *handle)
600 {
601     check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_END,
602                 list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
603
604     if (!s->meth->list_object_end(s, handle)) {
605         STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,
606                  STORE_R_FAILED_LISTING_KEYS);
607         return 0;
608     }
609     return 1;
610 }
611
612 int STORE_list_private_key_endp(STORE *s, void *handle)
613 {
614     check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
615                 list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
616
617     if (!s->meth->list_object_endp(s, handle)) {
618         STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
619                  STORE_R_FAILED_LISTING_KEYS);
620         return 0;
621     }
622     return 1;
623 }
624
625 EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[],
626                                OPENSSL_ITEM parameters[])
627 {
628     STORE_OBJECT *object;
629     EVP_PKEY *pkey;
630
631     check_store(s, STORE_F_STORE_GET_PUBLIC_KEY,
632                 get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
633
634     object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
635                                  attributes, parameters);
636     if (!object || !object->data.key || !object->data.key) {
637         STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, STORE_R_FAILED_GETTING_KEY);
638         return 0;
639     }
640     CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
641 #ifdef REF_PRINT
642     REF_PRINT("EVP_PKEY", data);
643 #endif
644     pkey = object->data.key;
645     STORE_OBJECT_free(object);
646     return pkey;
647 }
648
649 int STORE_store_public_key(STORE *s, EVP_PKEY *data,
650                            OPENSSL_ITEM attributes[],
651                            OPENSSL_ITEM parameters[])
652 {
653     STORE_OBJECT *object;
654     int i;
655
656     check_store(s, STORE_F_STORE_STORE_PUBLIC_KEY,
657                 store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
658
659     object = STORE_OBJECT_new();
660     if (!object) {
661         STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
662         return 0;
663     }
664     object->data.key = EVP_PKEY_new();
665     if (!object->data.key) {
666         STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
667         return 0;
668     }
669
670     CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
671 #ifdef REF_PRINT
672     REF_PRINT("EVP_PKEY", data);
673 #endif
674     object->data.key = data;
675
676     i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
677                               attributes, parameters);
678
679     STORE_OBJECT_free(object);
680
681     if (!i) {
682         STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, STORE_R_FAILED_STORING_KEY);
683         return 0;
684     }
685     return i;
686 }
687
688 int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[],
689                             OPENSSL_ITEM add_attributes[],
690                             OPENSSL_ITEM modify_attributes[],
691                             OPENSSL_ITEM delete_attributes[],
692                             OPENSSL_ITEM parameters[])
693 {
694     check_store(s, STORE_F_STORE_MODIFY_PUBLIC_KEY,
695                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
696
697     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
698                                 search_attributes, add_attributes,
699                                 modify_attributes, delete_attributes,
700                                 parameters)) {
701         STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,
702                  STORE_R_FAILED_MODIFYING_PUBLIC_KEY);
703         return 0;
704     }
705     return 1;
706 }
707
708 int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[],
709                             OPENSSL_ITEM parameters[])
710 {
711     int i;
712
713     check_store(s, STORE_F_STORE_REVOKE_PUBLIC_KEY,
714                 revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
715
716     i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
717                                attributes, parameters);
718
719     if (!i) {
720         STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,
721                  STORE_R_FAILED_REVOKING_KEY);
722         return 0;
723     }
724     return i;
725 }
726
727 int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[],
728                             OPENSSL_ITEM parameters[])
729 {
730     check_store(s, STORE_F_STORE_DELETE_PUBLIC_KEY,
731                 delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
732
733     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
734                                 attributes, parameters)) {
735         STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,
736                  STORE_R_FAILED_DELETING_KEY);
737         return 0;
738     }
739     return 1;
740 }
741
742 void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[],
743                                   OPENSSL_ITEM parameters[])
744 {
745     void *handle;
746
747     check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_START,
748                 list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
749
750     handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
751                                         attributes, parameters);
752     if (!handle) {
753         STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,
754                  STORE_R_FAILED_LISTING_KEYS);
755         return 0;
756     }
757     return handle;
758 }
759
760 EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle)
761 {
762     STORE_OBJECT *object;
763     EVP_PKEY *pkey;
764
765     check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
766                 list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
767
768     object = s->meth->list_object_next(s, handle);
769     if (!object || !object->data.key || !object->data.key) {
770         STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
771                  STORE_R_FAILED_LISTING_KEYS);
772         return 0;
773     }
774     CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
775 #ifdef REF_PRINT
776     REF_PRINT("EVP_PKEY", data);
777 #endif
778     pkey = object->data.key;
779     STORE_OBJECT_free(object);
780     return pkey;
781 }
782
783 int STORE_list_public_key_end(STORE *s, void *handle)
784 {
785     check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_END,
786                 list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
787
788     if (!s->meth->list_object_end(s, handle)) {
789         STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,
790                  STORE_R_FAILED_LISTING_KEYS);
791         return 0;
792     }
793     return 1;
794 }
795
796 int STORE_list_public_key_endp(STORE *s, void *handle)
797 {
798     check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
799                 list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
800
801     if (!s->meth->list_object_endp(s, handle)) {
802         STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
803                  STORE_R_FAILED_LISTING_KEYS);
804         return 0;
805     }
806     return 1;
807 }
808
809 X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[],
810                              OPENSSL_ITEM parameters[])
811 {
812     STORE_OBJECT *object;
813     X509_CRL *crl;
814
815     check_store(s, STORE_F_STORE_GENERATE_CRL,
816                 generate_object, STORE_R_NO_GENERATE_CRL_FUNCTION);
817
818     object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,
819                                       attributes, parameters);
820     if (!object || !object->data.crl) {
821         STOREerr(STORE_F_STORE_GENERATE_CRL, STORE_R_FAILED_GENERATING_CRL);
822         return 0;
823     }
824     X509_CRL_up_ref(object->data.crl);
825 #ifdef REF_PRINT
826     REF_PRINT("X509_CRL", data);
827 #endif
828     crl = object->data.crl;
829     STORE_OBJECT_free(object);
830     return crl;
831 }
832
833 X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[],
834                         OPENSSL_ITEM parameters[])
835 {
836     STORE_OBJECT *object;
837     X509_CRL *crl;
838
839     check_store(s, STORE_F_STORE_GET_CRL,
840                 get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
841
842     object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,
843                                  attributes, parameters);
844     if (!object || !object->data.crl) {
845         STOREerr(STORE_F_STORE_GET_CRL, STORE_R_FAILED_GETTING_KEY);
846         return 0;
847     }
848     X509_CRL_up_ref(object->data.crl);
849 #ifdef REF_PRINT
850     REF_PRINT("X509_CRL", data);
851 #endif
852     crl = object->data.crl;
853     STORE_OBJECT_free(object);
854     return crl;
855 }
856
857 int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[],
858                     OPENSSL_ITEM parameters[])
859 {
860     STORE_OBJECT *object;
861     int i;
862
863     check_store(s, STORE_F_STORE_STORE_CRL,
864                 store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
865
866     object = STORE_OBJECT_new();
867     if (!object) {
868         STOREerr(STORE_F_STORE_STORE_CRL, ERR_R_MALLOC_FAILURE);
869         return 0;
870     }
871
872     X509_CRL_up_ref(data);
873 #ifdef REF_PRINT
874     REF_PRINT("X509_CRL", data);
875 #endif
876     object->data.crl = data;
877
878     i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,
879                               attributes, parameters);
880
881     STORE_OBJECT_free(object);
882
883     if (!i) {
884         STOREerr(STORE_F_STORE_STORE_CRL, STORE_R_FAILED_STORING_KEY);
885         return 0;
886     }
887     return i;
888 }
889
890 int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[],
891                      OPENSSL_ITEM add_attributes[],
892                      OPENSSL_ITEM modify_attributes[],
893                      OPENSSL_ITEM delete_attributes[],
894                      OPENSSL_ITEM parameters[])
895 {
896     check_store(s, STORE_F_STORE_MODIFY_CRL,
897                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
898
899     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,
900                                 search_attributes, add_attributes,
901                                 modify_attributes, delete_attributes,
902                                 parameters)) {
903         STOREerr(STORE_F_STORE_MODIFY_CRL, STORE_R_FAILED_MODIFYING_CRL);
904         return 0;
905     }
906     return 1;
907 }
908
909 int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[],
910                      OPENSSL_ITEM parameters[])
911 {
912     check_store(s, STORE_F_STORE_DELETE_CRL,
913                 delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
914
915     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,
916                                 attributes, parameters)) {
917         STOREerr(STORE_F_STORE_DELETE_CRL, STORE_R_FAILED_DELETING_KEY);
918         return 0;
919     }
920     return 1;
921 }
922
923 void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[],
924                            OPENSSL_ITEM parameters[])
925 {
926     void *handle;
927
928     check_store(s, STORE_F_STORE_LIST_CRL_START,
929                 list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
930
931     handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,
932                                         attributes, parameters);
933     if (!handle) {
934         STOREerr(STORE_F_STORE_LIST_CRL_START, STORE_R_FAILED_LISTING_KEYS);
935         return 0;
936     }
937     return handle;
938 }
939
940 X509_CRL *STORE_list_crl_next(STORE *s, void *handle)
941 {
942     STORE_OBJECT *object;
943     X509_CRL *crl;
944
945     check_store(s, STORE_F_STORE_LIST_CRL_NEXT,
946                 list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
947
948     object = s->meth->list_object_next(s, handle);
949     if (!object || !object->data.crl) {
950         STOREerr(STORE_F_STORE_LIST_CRL_NEXT, STORE_R_FAILED_LISTING_KEYS);
951         return 0;
952     }
953     X509_CRL_up_ref(object->data.crl);
954 #ifdef REF_PRINT
955     REF_PRINT("X509_CRL", data);
956 #endif
957     crl = object->data.crl;
958     STORE_OBJECT_free(object);
959     return crl;
960 }
961
962 int STORE_list_crl_end(STORE *s, void *handle)
963 {
964     check_store(s, STORE_F_STORE_LIST_CRL_END,
965                 list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
966
967     if (!s->meth->list_object_end(s, handle)) {
968         STOREerr(STORE_F_STORE_LIST_CRL_END, STORE_R_FAILED_LISTING_KEYS);
969         return 0;
970     }
971     return 1;
972 }
973
974 int STORE_list_crl_endp(STORE *s, void *handle)
975 {
976     check_store(s, STORE_F_STORE_LIST_CRL_ENDP,
977                 list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
978
979     if (!s->meth->list_object_endp(s, handle)) {
980         STOREerr(STORE_F_STORE_LIST_CRL_ENDP, STORE_R_FAILED_LISTING_KEYS);
981         return 0;
982     }
983     return 1;
984 }
985
986 int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[],
987                        OPENSSL_ITEM parameters[])
988 {
989     STORE_OBJECT *object;
990     int i;
991
992     check_store(s, STORE_F_STORE_STORE_NUMBER,
993                 store_object, STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);
994
995     object = STORE_OBJECT_new();
996     if (!object) {
997         STOREerr(STORE_F_STORE_STORE_NUMBER, ERR_R_MALLOC_FAILURE);
998         return 0;
999     }
1000
1001     object->data.number = data;
1002
1003     i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,
1004                               attributes, parameters);
1005
1006     STORE_OBJECT_free(object);
1007
1008     if (!i) {
1009         STOREerr(STORE_F_STORE_STORE_NUMBER, STORE_R_FAILED_STORING_NUMBER);
1010         return 0;
1011     }
1012     return 1;
1013 }
1014
1015 int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[],
1016                         OPENSSL_ITEM add_attributes[],
1017                         OPENSSL_ITEM modify_attributes[],
1018                         OPENSSL_ITEM delete_attributes[],
1019                         OPENSSL_ITEM parameters[])
1020 {
1021     check_store(s, STORE_F_STORE_MODIFY_NUMBER,
1022                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
1023
1024     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,
1025                                 search_attributes, add_attributes,
1026                                 modify_attributes, delete_attributes,
1027                                 parameters)) {
1028         STOREerr(STORE_F_STORE_MODIFY_NUMBER,
1029                  STORE_R_FAILED_MODIFYING_NUMBER);
1030         return 0;
1031     }
1032     return 1;
1033 }
1034
1035 BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[],
1036                          OPENSSL_ITEM parameters[])
1037 {
1038     STORE_OBJECT *object;
1039     BIGNUM *n;
1040
1041     check_store(s, STORE_F_STORE_GET_NUMBER,
1042                 get_object, STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);
1043
1044     object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
1045                                  parameters);
1046     if (!object || !object->data.number) {
1047         STOREerr(STORE_F_STORE_GET_NUMBER, STORE_R_FAILED_GETTING_NUMBER);
1048         return 0;
1049     }
1050     n = object->data.number;
1051     object->data.number = NULL;
1052     STORE_OBJECT_free(object);
1053     return n;
1054 }
1055
1056 int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[],
1057                         OPENSSL_ITEM parameters[])
1058 {
1059     check_store(s, STORE_F_STORE_DELETE_NUMBER,
1060                 delete_object, STORE_R_NO_DELETE_NUMBER_FUNCTION);
1061
1062     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
1063                                 parameters)) {
1064         STOREerr(STORE_F_STORE_DELETE_NUMBER, STORE_R_FAILED_DELETING_NUMBER);
1065         return 0;
1066     }
1067     return 1;
1068 }
1069
1070 int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[],
1071                           OPENSSL_ITEM parameters[])
1072 {
1073     STORE_OBJECT *object;
1074     int i;
1075
1076     check_store(s, STORE_F_STORE_STORE_ARBITRARY,
1077                 store_object, STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);
1078
1079     object = STORE_OBJECT_new();
1080     if (!object) {
1081         STOREerr(STORE_F_STORE_STORE_ARBITRARY, ERR_R_MALLOC_FAILURE);
1082         return 0;
1083     }
1084
1085     object->data.arbitrary = data;
1086
1087     i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,
1088                               attributes, parameters);
1089
1090     STORE_OBJECT_free(object);
1091
1092     if (!i) {
1093         STOREerr(STORE_F_STORE_STORE_ARBITRARY,
1094                  STORE_R_FAILED_STORING_ARBITRARY);
1095         return 0;
1096     }
1097     return 1;
1098 }
1099
1100 int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[],
1101                            OPENSSL_ITEM add_attributes[],
1102                            OPENSSL_ITEM modify_attributes[],
1103                            OPENSSL_ITEM delete_attributes[],
1104                            OPENSSL_ITEM parameters[])
1105 {
1106     check_store(s, STORE_F_STORE_MODIFY_ARBITRARY,
1107                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
1108
1109     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,
1110                                 search_attributes, add_attributes,
1111                                 modify_attributes, delete_attributes,
1112                                 parameters)) {
1113         STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,
1114                  STORE_R_FAILED_MODIFYING_ARBITRARY);
1115         return 0;
1116     }
1117     return 1;
1118 }
1119
1120 BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
1121                              OPENSSL_ITEM parameters[])
1122 {
1123     STORE_OBJECT *object;
1124     BUF_MEM *b;
1125
1126     check_store(s, STORE_F_STORE_GET_ARBITRARY,
1127                 get_object, STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);
1128
1129     object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,
1130                                  attributes, parameters);
1131     if (!object || !object->data.arbitrary) {
1132         STOREerr(STORE_F_STORE_GET_ARBITRARY,
1133                  STORE_R_FAILED_GETTING_ARBITRARY);
1134         return 0;
1135     }
1136     b = object->data.arbitrary;
1137     object->data.arbitrary = NULL;
1138     STORE_OBJECT_free(object);
1139     return b;
1140 }
1141
1142 int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
1143                            OPENSSL_ITEM parameters[])
1144 {
1145     check_store(s, STORE_F_STORE_DELETE_ARBITRARY,
1146                 delete_object, STORE_R_NO_DELETE_ARBITRARY_FUNCTION);
1147
1148     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,
1149                                 parameters)) {
1150         STOREerr(STORE_F_STORE_DELETE_ARBITRARY,
1151                  STORE_R_FAILED_DELETING_ARBITRARY);
1152         return 0;
1153     }
1154     return 1;
1155 }
1156
1157 STORE_OBJECT *STORE_OBJECT_new(void)
1158 {
1159     STORE_OBJECT *object = OPENSSL_malloc(sizeof(*object));
1160     if (object)
1161         memset(object, 0, sizeof(*object));
1162     return object;
1163 }
1164
1165 void STORE_OBJECT_free(STORE_OBJECT *data)
1166 {
1167     if (!data)
1168         return;
1169     switch (data->type) {
1170     case STORE_OBJECT_TYPE_X509_CERTIFICATE:
1171         X509_free(data->data.x509.certificate);
1172         break;
1173     case STORE_OBJECT_TYPE_X509_CRL:
1174         X509_CRL_free(data->data.crl);
1175         break;
1176     case STORE_OBJECT_TYPE_PRIVATE_KEY:
1177     case STORE_OBJECT_TYPE_PUBLIC_KEY:
1178         EVP_PKEY_free(data->data.key);
1179         break;
1180     case STORE_OBJECT_TYPE_NUMBER:
1181         BN_free(data->data.number);
1182         break;
1183     case STORE_OBJECT_TYPE_ARBITRARY:
1184         BUF_MEM_free(data->data.arbitrary);
1185         break;
1186     }
1187     OPENSSL_free(data);
1188 }
1189
1190 struct STORE_attr_info_st {
1191     unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];
1192     union {
1193         char *cstring;
1194         unsigned char *sha1string;
1195         X509_NAME *dn;
1196         BIGNUM *number;
1197         void *any;
1198     } values[STORE_ATTR_TYPE_NUM + 1];
1199     size_t value_sizes[STORE_ATTR_TYPE_NUM + 1];
1200 };
1201
1202 #define ATTR_IS_SET(a,i)        ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \
1203                                 && ((a)->set[(i) / 8] & (1 << ((i) % 8))))
1204 #define SET_ATTRBIT(a,i)        ((a)->set[(i) / 8] |= (1 << ((i) % 8)))
1205 #define CLEAR_ATTRBIT(a,i)      ((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))
1206
1207 STORE_ATTR_INFO *STORE_ATTR_INFO_new(void)
1208 {
1209     STORE_ATTR_INFO *p = OPENSSL_malloc(sizeof(*p));
1210
1211     return p;
1212 }
1213
1214 static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs,
1215                                       STORE_ATTR_TYPES code)
1216 {
1217     if (ATTR_IS_SET(attrs, code)) {
1218         switch (code) {
1219         case STORE_ATTR_FRIENDLYNAME:
1220         case STORE_ATTR_EMAIL:
1221         case STORE_ATTR_FILENAME:
1222             STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);
1223             break;
1224         case STORE_ATTR_KEYID:
1225         case STORE_ATTR_ISSUERKEYID:
1226         case STORE_ATTR_SUBJECTKEYID:
1227         case STORE_ATTR_ISSUERSERIALHASH:
1228         case STORE_ATTR_CERTHASH:
1229             STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);
1230             break;
1231         case STORE_ATTR_ISSUER:
1232         case STORE_ATTR_SUBJECT:
1233             STORE_ATTR_INFO_modify_dn(attrs, code, NULL);
1234             break;
1235         case STORE_ATTR_SERIAL:
1236             STORE_ATTR_INFO_modify_number(attrs, code, NULL);
1237             break;
1238         default:
1239             break;
1240         }
1241     }
1242 }
1243
1244 int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs)
1245 {
1246     if (attrs) {
1247         STORE_ATTR_TYPES i;
1248         for (i = 0; i++ < STORE_ATTR_TYPE_NUM;)
1249             STORE_ATTR_INFO_attr_free(attrs, i);
1250         OPENSSL_free(attrs);
1251     }
1252     return 1;
1253 }
1254
1255 char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
1256 {
1257     if (!attrs) {
1258         STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
1259                  ERR_R_PASSED_NULL_PARAMETER);
1260         return NULL;
1261     }
1262     if (ATTR_IS_SET(attrs, code))
1263         return attrs->values[code].cstring;
1264     STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, STORE_R_NO_VALUE);
1265     return NULL;
1266 }
1267
1268 unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
1269                                             STORE_ATTR_TYPES code)
1270 {
1271     if (!attrs) {
1272         STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
1273                  ERR_R_PASSED_NULL_PARAMETER);
1274         return NULL;
1275     }
1276     if (ATTR_IS_SET(attrs, code))
1277         return attrs->values[code].sha1string;
1278     STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, STORE_R_NO_VALUE);
1279     return NULL;
1280 }
1281
1282 X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs,
1283                                    STORE_ATTR_TYPES code)
1284 {
1285     if (!attrs) {
1286         STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
1287                  ERR_R_PASSED_NULL_PARAMETER);
1288         return NULL;
1289     }
1290     if (ATTR_IS_SET(attrs, code))
1291         return attrs->values[code].dn;
1292     STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, STORE_R_NO_VALUE);
1293     return NULL;
1294 }
1295
1296 BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs,
1297                                     STORE_ATTR_TYPES code)
1298 {
1299     if (!attrs) {
1300         STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
1301                  ERR_R_PASSED_NULL_PARAMETER);
1302         return NULL;
1303     }
1304     if (ATTR_IS_SET(attrs, code))
1305         return attrs->values[code].number;
1306     STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, STORE_R_NO_VALUE);
1307     return NULL;
1308 }
1309
1310 int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1311                              char *cstr, size_t cstr_size)
1312 {
1313     if (!attrs) {
1314         STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
1315                  ERR_R_PASSED_NULL_PARAMETER);
1316         return 0;
1317     }
1318     if (!ATTR_IS_SET(attrs, code)) {
1319         if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size)))
1320             return 1;
1321         STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, ERR_R_MALLOC_FAILURE);
1322         return 0;
1323     }
1324     STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);
1325     return 0;
1326 }
1327
1328 int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1329                                 unsigned char *sha1str, size_t sha1str_size)
1330 {
1331     if (!attrs) {
1332         STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
1333                  ERR_R_PASSED_NULL_PARAMETER);
1334         return 0;
1335     }
1336     if (!ATTR_IS_SET(attrs, code)) {
1337         if ((attrs->values[code].sha1string =
1338              (unsigned char *)BUF_memdup(sha1str, sha1str_size)))
1339             return 1;
1340         STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, ERR_R_MALLOC_FAILURE);
1341         return 0;
1342     }
1343     STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
1344              STORE_R_ALREADY_HAS_A_VALUE);
1345     return 0;
1346 }
1347
1348 int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1349                            X509_NAME *dn)
1350 {
1351     if (!attrs) {
1352         STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_PASSED_NULL_PARAMETER);
1353         return 0;
1354     }
1355     if (!ATTR_IS_SET(attrs, code)) {
1356         if ((attrs->values[code].dn = X509_NAME_dup(dn)))
1357             return 1;
1358         STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_MALLOC_FAILURE);
1359         return 0;
1360     }
1361     STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);
1362     return 0;
1363 }
1364
1365 int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1366                                BIGNUM *number)
1367 {
1368     if (!attrs) {
1369         STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
1370                  ERR_R_PASSED_NULL_PARAMETER);
1371         return 0;
1372     }
1373     if (!ATTR_IS_SET(attrs, code)) {
1374         if ((attrs->values[code].number = BN_dup(number)))
1375             return 1;
1376         STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, ERR_R_MALLOC_FAILURE);
1377         return 0;
1378     }
1379     STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);
1380     return 0;
1381 }
1382
1383 int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1384                                 char *cstr, size_t cstr_size)
1385 {
1386     if (!attrs) {
1387         STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,
1388                  ERR_R_PASSED_NULL_PARAMETER);
1389         return 0;
1390     }
1391     if (ATTR_IS_SET(attrs, code)) {
1392         OPENSSL_free(attrs->values[code].cstring);
1393         attrs->values[code].cstring = NULL;
1394         CLEAR_ATTRBIT(attrs, code);
1395     }
1396     return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);
1397 }
1398
1399 int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs,
1400                                    STORE_ATTR_TYPES code,
1401                                    unsigned char *sha1str,
1402                                    size_t sha1str_size)
1403 {
1404     if (!attrs) {
1405         STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,
1406                  ERR_R_PASSED_NULL_PARAMETER);
1407         return 0;
1408     }
1409     if (ATTR_IS_SET(attrs, code)) {
1410         OPENSSL_free(attrs->values[code].sha1string);
1411         attrs->values[code].sha1string = NULL;
1412         CLEAR_ATTRBIT(attrs, code);
1413     }
1414     return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);
1415 }
1416
1417 int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1418                               X509_NAME *dn)
1419 {
1420     if (!attrs) {
1421         STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,
1422                  ERR_R_PASSED_NULL_PARAMETER);
1423         return 0;
1424     }
1425     if (ATTR_IS_SET(attrs, code)) {
1426         OPENSSL_free(attrs->values[code].dn);
1427         attrs->values[code].dn = NULL;
1428         CLEAR_ATTRBIT(attrs, code);
1429     }
1430     return STORE_ATTR_INFO_set_dn(attrs, code, dn);
1431 }
1432
1433 int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs,
1434                                   STORE_ATTR_TYPES code, BIGNUM *number)
1435 {
1436     if (!attrs) {
1437         STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,
1438                  ERR_R_PASSED_NULL_PARAMETER);
1439         return 0;
1440     }
1441     if (ATTR_IS_SET(attrs, code)) {
1442         OPENSSL_free(attrs->values[code].number);
1443         attrs->values[code].number = NULL;
1444         CLEAR_ATTRBIT(attrs, code);
1445     }
1446     return STORE_ATTR_INFO_set_number(attrs, code, number);
1447 }
1448
1449 struct attr_list_ctx_st {
1450     OPENSSL_ITEM *attributes;
1451 };
1452 void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes)
1453 {
1454     if (attributes) {
1455         struct attr_list_ctx_st *context = OPENSSL_malloc(sizeof(*context));
1456         if (context)
1457             context->attributes = attributes;
1458         else
1459             STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_MALLOC_FAILURE);
1460         return context;
1461     }
1462     STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);
1463     return 0;
1464 }
1465
1466 STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle)
1467 {
1468     struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
1469
1470     if (context && context->attributes) {
1471         STORE_ATTR_INFO *attrs = NULL;
1472
1473         while (context->attributes
1474                && context->attributes->code != STORE_ATTR_OR
1475                && context->attributes->code != STORE_ATTR_END) {
1476             switch (context->attributes->code) {
1477             case STORE_ATTR_FRIENDLYNAME:
1478             case STORE_ATTR_EMAIL:
1479             case STORE_ATTR_FILENAME:
1480                 if (!attrs)
1481                     attrs = STORE_ATTR_INFO_new();
1482                 if (attrs == NULL) {
1483                     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
1484                              ERR_R_MALLOC_FAILURE);
1485                     goto err;
1486                 }
1487                 STORE_ATTR_INFO_set_cstr(attrs,
1488                                          context->attributes->code,
1489                                          context->attributes->value,
1490                                          context->attributes->value_size);
1491                 break;
1492             case STORE_ATTR_KEYID:
1493             case STORE_ATTR_ISSUERKEYID:
1494             case STORE_ATTR_SUBJECTKEYID:
1495             case STORE_ATTR_ISSUERSERIALHASH:
1496             case STORE_ATTR_CERTHASH:
1497                 if (!attrs)
1498                     attrs = STORE_ATTR_INFO_new();
1499                 if (attrs == NULL) {
1500                     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
1501                              ERR_R_MALLOC_FAILURE);
1502                     goto err;
1503                 }
1504                 STORE_ATTR_INFO_set_sha1str(attrs,
1505                                             context->attributes->code,
1506                                             context->attributes->value,
1507                                             context->attributes->value_size);
1508                 break;
1509             case STORE_ATTR_ISSUER:
1510             case STORE_ATTR_SUBJECT:
1511                 if (!attrs)
1512                     attrs = STORE_ATTR_INFO_new();
1513                 if (attrs == NULL) {
1514                     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
1515                              ERR_R_MALLOC_FAILURE);
1516                     goto err;
1517                 }
1518                 STORE_ATTR_INFO_modify_dn(attrs,
1519                                           context->attributes->code,
1520                                           context->attributes->value);
1521                 break;
1522             case STORE_ATTR_SERIAL:
1523                 if (!attrs)
1524                     attrs = STORE_ATTR_INFO_new();
1525                 if (attrs == NULL) {
1526                     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
1527                              ERR_R_MALLOC_FAILURE);
1528                     goto err;
1529                 }
1530                 STORE_ATTR_INFO_modify_number(attrs,
1531                                               context->attributes->code,
1532                                               context->attributes->value);
1533                 break;
1534             }
1535             context->attributes++;
1536         }
1537         if (context->attributes->code == STORE_ATTR_OR)
1538             context->attributes++;
1539         return attrs;
1540  err:
1541         while (context->attributes
1542                && context->attributes->code != STORE_ATTR_OR
1543                && context->attributes->code != STORE_ATTR_END)
1544             context->attributes++;
1545         if (context->attributes->code == STORE_ATTR_OR)
1546             context->attributes++;
1547         return NULL;
1548     }
1549     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);
1550     return NULL;
1551 }
1552
1553 int STORE_parse_attrs_end(void *handle)
1554 {
1555     struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
1556
1557     if (context && context->attributes) {
1558 #if 0
1559         OPENSSL_ITEM *attributes = context->attributes;
1560 #endif
1561         OPENSSL_free(context);
1562         return 1;
1563     }
1564     STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);
1565     return 0;
1566 }
1567
1568 int STORE_parse_attrs_endp(void *handle)
1569 {
1570     struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
1571
1572     if (context && context->attributes) {
1573         return context->attributes->code == STORE_ATTR_END;
1574     }
1575     STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);
1576     return 0;
1577 }
1578
1579 static int attr_info_compare_compute_range(const unsigned char *abits,
1580                                            const unsigned char *bbits,
1581                                            unsigned int *alowp,
1582                                            unsigned int *ahighp,
1583                                            unsigned int *blowp,
1584                                            unsigned int *bhighp)
1585 {
1586     unsigned int alow = (unsigned int)-1, ahigh = 0;
1587     unsigned int blow = (unsigned int)-1, bhigh = 0;
1588     int i, res = 0;
1589
1590     for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
1591         if (res == 0) {
1592             if (*abits < *bbits)
1593                 res = -1;
1594             if (*abits > *bbits)
1595                 res = 1;
1596         }
1597         if (*abits) {
1598             if (alow == (unsigned int)-1) {
1599                 alow = i * 8;
1600                 if (!(*abits & 0x01))
1601                     alow++;
1602                 if (!(*abits & 0x02))
1603                     alow++;
1604                 if (!(*abits & 0x04))
1605                     alow++;
1606                 if (!(*abits & 0x08))
1607                     alow++;
1608                 if (!(*abits & 0x10))
1609                     alow++;
1610                 if (!(*abits & 0x20))
1611                     alow++;
1612                 if (!(*abits & 0x40))
1613                     alow++;
1614             }
1615             ahigh = i * 8 + 7;
1616             if (!(*abits & 0x80))
1617                 ahigh++;
1618             if (!(*abits & 0x40))
1619                 ahigh++;
1620             if (!(*abits & 0x20))
1621                 ahigh++;
1622             if (!(*abits & 0x10))
1623                 ahigh++;
1624             if (!(*abits & 0x08))
1625                 ahigh++;
1626             if (!(*abits & 0x04))
1627                 ahigh++;
1628             if (!(*abits & 0x02))
1629                 ahigh++;
1630         }
1631         if (*bbits) {
1632             if (blow == (unsigned int)-1) {
1633                 blow = i * 8;
1634                 if (!(*bbits & 0x01))
1635                     blow++;
1636                 if (!(*bbits & 0x02))
1637                     blow++;
1638                 if (!(*bbits & 0x04))
1639                     blow++;
1640                 if (!(*bbits & 0x08))
1641                     blow++;
1642                 if (!(*bbits & 0x10))
1643                     blow++;
1644                 if (!(*bbits & 0x20))
1645                     blow++;
1646                 if (!(*bbits & 0x40))
1647                     blow++;
1648             }
1649             bhigh = i * 8 + 7;
1650             if (!(*bbits & 0x80))
1651                 bhigh++;
1652             if (!(*bbits & 0x40))
1653                 bhigh++;
1654             if (!(*bbits & 0x20))
1655                 bhigh++;
1656             if (!(*bbits & 0x10))
1657                 bhigh++;
1658             if (!(*bbits & 0x08))
1659                 bhigh++;
1660             if (!(*bbits & 0x04))
1661                 bhigh++;
1662             if (!(*bbits & 0x02))
1663                 bhigh++;
1664         }
1665     }
1666     if (ahigh + alow < bhigh + blow)
1667         res = -1;
1668     if (ahigh + alow > bhigh + blow)
1669         res = 1;
1670     if (alowp)
1671         *alowp = alow;
1672     if (ahighp)
1673         *ahighp = ahigh;
1674     if (blowp)
1675         *blowp = blow;
1676     if (bhighp)
1677         *bhighp = bhigh;
1678     return res;
1679 }
1680
1681 int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO *const *a,
1682                             const STORE_ATTR_INFO *const *b)
1683 {
1684     if (a == b)
1685         return 0;
1686     if (!a)
1687         return -1;
1688     if (!b)
1689         return 1;
1690     return attr_info_compare_compute_range((*a)->set, (*b)->set, 0, 0, 0, 0);
1691 }
1692
1693 int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
1694 {
1695     unsigned int alow, ahigh, blow, bhigh;
1696
1697     if (a == b)
1698         return 1;
1699     if (!a)
1700         return 0;
1701     if (!b)
1702         return 0;
1703     attr_info_compare_compute_range(a->set, b->set,
1704                                     &alow, &ahigh, &blow, &bhigh);
1705     if (alow >= blow && ahigh <= bhigh)
1706         return 1;
1707     return 0;
1708 }
1709
1710 int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
1711 {
1712     unsigned char *abits, *bbits;
1713     int i;
1714
1715     if (a == b)
1716         return 1;
1717     if (!a)
1718         return 0;
1719     if (!b)
1720         return 0;
1721     abits = a->set;
1722     bbits = b->set;
1723     for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
1724         if (*abits && (*bbits & *abits) != *abits)
1725             return 0;
1726     }
1727     return 1;
1728 }
1729
1730 int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
1731 {
1732     STORE_ATTR_TYPES i;
1733
1734     if (a == b)
1735         return 1;
1736     if (!STORE_ATTR_INFO_in(a, b))
1737         return 0;
1738     for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)
1739         if (ATTR_IS_SET(a, i)) {
1740             switch (i) {
1741             case STORE_ATTR_FRIENDLYNAME:
1742             case STORE_ATTR_EMAIL:
1743             case STORE_ATTR_FILENAME:
1744                 if (strcmp(a->values[i].cstring, b->values[i].cstring))
1745                     return 0;
1746                 break;
1747             case STORE_ATTR_KEYID:
1748             case STORE_ATTR_ISSUERKEYID:
1749             case STORE_ATTR_SUBJECTKEYID:
1750             case STORE_ATTR_ISSUERSERIALHASH:
1751             case STORE_ATTR_CERTHASH:
1752                 if (memcmp(a->values[i].sha1string,
1753                            b->values[i].sha1string, a->value_sizes[i]))
1754                     return 0;
1755                 break;
1756             case STORE_ATTR_ISSUER:
1757             case STORE_ATTR_SUBJECT:
1758                 if (X509_NAME_cmp(a->values[i].dn, b->values[i].dn))
1759                     return 0;
1760                 break;
1761             case STORE_ATTR_SERIAL:
1762                 if (BN_cmp(a->values[i].number, b->values[i].number))
1763                     return 0;
1764                 break;
1765             default:
1766                 break;
1767             }
1768         }
1769
1770     return 1;
1771 }