crypto/store/str_lib.c

   1 /* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */
   2 /*
   3  * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
   4  * 2003.
   5  */
   6 /* ====================================================================
   7  * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  *
  13  * 1. Redistributions of source code must retain the above copyright
  14  *    notice, this list of conditions and the following disclaimer.
  15  *
  16  * 2. Redistributions in binary form must reproduce the above copyright
  17  *    notice, this list of conditions and the following disclaimer in
  18  *    the documentation and/or other materials provided with the
  19  *    distribution.
  20  *
  21  * 3. All advertising materials mentioning features or use of this
  22  *    software must display the following acknowledgment:
  23  *    "This product includes software developed by the OpenSSL Project
  24  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  25  *
  26  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27  *    endorse or promote products derived from this software without
  28  *    prior written permission. For written permission, please contact
  29  *    openssl-core@openssl.org.
  30  *
  31  * 5. Products derived from this software may not be called "OpenSSL"
  32  *    nor may "OpenSSL" appear in their names without prior written
  33  *    permission of the OpenSSL Project.
  34  *
  35  * 6. Redistributions of any form whatsoever must retain the following
  36  *    acknowledgment:
  37  *    "This product includes software developed by the OpenSSL Project
  38  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  39  *
  40  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  41  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51  * OF THE POSSIBILITY OF SUCH DAMAGE.
  52  * ====================================================================
  53  *
  54  * This product includes cryptographic software written by Eric Young
  55  * (eay@cryptsoft.com).  This product includes software written by Tim
  56  * Hudson (tjh@cryptsoft.com).
  57  *
  58  */
  59
  60 #include <string.h>
  61 #include <openssl/bn.h>
  62 #include <openssl/err.h>
  63 #ifndef OPENSSL_NO_ENGINE
  64 # include <openssl/engine.h>
  65 #endif
  66 #include <openssl/sha.h>
  67 #include <openssl/x509.h>
  68 #include "str_locl.h"
  69
  70 const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1] = {
  71     0,
  72     "X.509 Certificate",
  73     "X.509 CRL",
  74     "Private Key",
  75     "Public Key",
  76     "Number",
  77     "Arbitrary Data"
  78 };
  79
  80 const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1] = {
  81     0,
  82     sizeof(int),                /* EVP_TYPE */
  83     sizeof(size_t),             /* BITS */
  84     -1,                         /* KEY_PARAMETERS */
  85     0                           /* KEY_NO_PARAMETERS */
  86 };
  87
  88 const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1] = {
  89     0,
  90     -1,                         /* FRIENDLYNAME: C string */
  91     SHA_DIGEST_LENGTH,          /* KEYID: SHA1 digest, 160 bits */
  92     SHA_DIGEST_LENGTH,          /* ISSUERKEYID: SHA1 digest, 160 bits */
  93     SHA_DIGEST_LENGTH,          /* SUBJECTKEYID: SHA1 digest, 160 bits */
  94     SHA_DIGEST_LENGTH,          /* ISSUERSERIALHASH: SHA1 digest, 160 bits */
  95     sizeof(X509_NAME *),        /* ISSUER: X509_NAME * */
  96     sizeof(BIGNUM *),           /* SERIAL: BIGNUM * */
  97     sizeof(X509_NAME *),        /* SUBJECT: X509_NAME * */
  98     SHA_DIGEST_LENGTH,          /* CERTHASH: SHA1 digest, 160 bits */
  99     -1,                         /* EMAIL: C string */
 100     -1,                         /* FILENAME: C string */
 101 };
 102
 103 STORE *STORE_new_method(const STORE_METHOD *method)
 104 {
 105     STORE *ret;
 106
 107     if (method == NULL) {
 108         STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_PASSED_NULL_PARAMETER);
 109         return NULL;
 110     }
 111
 112     ret = OPENSSL_malloc(sizeof(*ret));
 113     if (ret == NULL) {
 114         STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_MALLOC_FAILURE);
 115         return NULL;
 116     }
 117
 118     ret->meth = method;
 119
 120     CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);
 121     if (ret->meth->init && !ret->meth->init(ret)) {
 122         STORE_free(ret);
 123         ret = NULL;
 124     }
 125     return ret;
 126 }
 127
 128 STORE *STORE_new_engine(ENGINE *engine)
 129 {
 130     STORE *ret = NULL;
 131     ENGINE *e = engine;
 132     const STORE_METHOD *meth = 0;
 133
 134 #ifdef OPENSSL_NO_ENGINE
 135     e = NULL;
 136 #else
 137     if (engine) {
 138         if (!ENGINE_init(engine)) {
 139             STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
 140             return NULL;
 141         }
 142         e = engine;
 143     } else {
 144         STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
 145         return NULL;
 146     }
 147     if (e) {
 148         meth = ENGINE_get_STORE(e);
 149         if (!meth) {
 150             STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
 151             ENGINE_finish(e);
 152             return NULL;
 153         }
 154     }
 155 #endif
 156
 157     ret = STORE_new_method(meth);
 158     if (ret == NULL) {
 159         STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_STORE_LIB);
 160         return NULL;
 161     }
 162
 163     ret->engine = e;
 164
 165     return (ret);
 166 }
 167
 168 void STORE_free(STORE *store)
 169 {
 170     if (store == NULL)
 171         return;
 172     if (store->meth->clean)
 173         store->meth->clean(store);
 174     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);
 175     OPENSSL_free(store);
 176 }
 177
 178 int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void))
 179 {
 180     if (store == NULL) {
 181         STOREerr(STORE_F_STORE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
 182         return 0;
 183     }
 184     if (store->meth->ctrl)
 185         return store->meth->ctrl(store, cmd, i, p, f);
 186     STOREerr(STORE_F_STORE_CTRL, STORE_R_NO_CONTROL_FUNCTION);
 187     return 0;
 188 }
 189
 190 int STORE_set_ex_data(STORE *r, int idx, void *arg)
 191 {
 192     return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
 193 }
 194
 195 void *STORE_get_ex_data(STORE *r, int idx)
 196 {
 197     return (CRYPTO_get_ex_data(&r->ex_data, idx));
 198 }
 199
 200 const STORE_METHOD *STORE_get_method(STORE *store)
 201 {
 202     return store->meth;
 203 }
 204
 205 const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)
 206 {
 207     store->meth = meth;
 208     return store->meth;
 209 }
 210
 211 /* API helpers */
 212
 213 #define check_store(s,fncode,fnname,fnerrcode) \
 214         do \
 215                 { \
 216                 if ((s) == NULL || (s)->meth == NULL) \
 217                         { \
 218                         STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
 219                         return 0; \
 220                         } \
 221                 if ((s)->meth->fnname == NULL) \
 222                         { \
 223                         STOREerr((fncode), (fnerrcode)); \
 224                         return 0; \
 225                         } \
 226                 } \
 227         while(0)
 228
 229 /* API functions */
 230
 231 X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],
 232                             OPENSSL_ITEM parameters[])
 233 {
 234     STORE_OBJECT *object;
 235     X509 *x;
 236
 237     check_store(s, STORE_F_STORE_GET_CERTIFICATE,
 238                 get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
 239
 240     object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
 241                                  attributes, parameters);
 242     if (!object || !object->data.x509.certificate) {
 243         STOREerr(STORE_F_STORE_GET_CERTIFICATE,
 244                  STORE_R_FAILED_GETTING_CERTIFICATE);
 245         return 0;
 246     }
 247     X509_up_ref(object->data.x509.certificate);
 248 #ifdef REF_PRINT
 249     REF_PRINT("X509", data);
 250 #endif
 251     x = object->data.x509.certificate;
 252     STORE_OBJECT_free(object);
 253     return x;
 254 }
 255
 256 int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],
 257                             OPENSSL_ITEM parameters[])
 258 {
 259     STORE_OBJECT *object;
 260     int i;
 261
 262     check_store(s, STORE_F_STORE_STORE_CERTIFICATE,
 263                 store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
 264
 265     object = STORE_OBJECT_new();
 266     if (object == NULL) {
 267         STOREerr(STORE_F_STORE_STORE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
 268         return 0;
 269     }
 270
 271     X509_up_ref(data);
 272 #ifdef REF_PRINT
 273     REF_PRINT("X509", data);
 274 #endif
 275     object->data.x509.certificate = data;
 276
 277     i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
 278                               object, attributes, parameters);
 279
 280     STORE_OBJECT_free(object);
 281
 282     if (!i) {
 283         STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
 284                  STORE_R_FAILED_STORING_CERTIFICATE);
 285         return 0;
 286     }
 287     return 1;
 288 }
 289
 290 int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[],
 291                              OPENSSL_ITEM add_attributes[],
 292                              OPENSSL_ITEM modify_attributes[],
 293                              OPENSSL_ITEM delete_attributes[],
 294                              OPENSSL_ITEM parameters[])
 295 {
 296     check_store(s, STORE_F_STORE_MODIFY_CERTIFICATE,
 297                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
 298
 299     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
 300                                 search_attributes, add_attributes,
 301                                 modify_attributes, delete_attributes,
 302                                 parameters)) {
 303         STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,
 304                  STORE_R_FAILED_MODIFYING_CERTIFICATE);
 305         return 0;
 306     }
 307     return 1;
 308 }
 309
 310 int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[],
 311                              OPENSSL_ITEM parameters[])
 312 {
 313     check_store(s, STORE_F_STORE_REVOKE_CERTIFICATE,
 314                 revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
 315
 316     if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
 317                                 attributes, parameters)) {
 318         STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,
 319                  STORE_R_FAILED_REVOKING_CERTIFICATE);
 320         return 0;
 321     }
 322     return 1;
 323 }
 324
 325 int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[],
 326                              OPENSSL_ITEM parameters[])
 327 {
 328     check_store(s, STORE_F_STORE_DELETE_CERTIFICATE,
 329                 delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
 330
 331     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
 332                                 attributes, parameters)) {
 333         STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,
 334                  STORE_R_FAILED_DELETING_CERTIFICATE);
 335         return 0;
 336     }
 337     return 1;
 338 }
 339
 340 void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[],
 341                                    OPENSSL_ITEM parameters[])
 342 {
 343     void *handle;
 344
 345     check_store(s, STORE_F_STORE_LIST_CERTIFICATE_START,
 346                 list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
 347
 348     handle = s->meth->list_object_start(s,
 349                                         STORE_OBJECT_TYPE_X509_CERTIFICATE,
 350                                         attributes, parameters);
 351     if (!handle) {
 352         STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,
 353                  STORE_R_FAILED_LISTING_CERTIFICATES);
 354         return 0;
 355     }
 356     return handle;
 357 }
 358
 359 X509 *STORE_list_certificate_next(STORE *s, void *handle)
 360 {
 361     STORE_OBJECT *object;
 362     X509 *x;
 363
 364     check_store(s, STORE_F_STORE_LIST_CERTIFICATE_NEXT,
 365                 list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
 366
 367     object = s->meth->list_object_next(s, handle);
 368     if (!object || !object->data.x509.certificate) {
 369         STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,
 370                  STORE_R_FAILED_LISTING_CERTIFICATES);
 371         return 0;
 372     }
 373     X509_up_ref(object->data.x509.certificate);
 374 #ifdef REF_PRINT
 375     REF_PRINT("X509", data);
 376 #endif
 377     x = object->data.x509.certificate;
 378     STORE_OBJECT_free(object);
 379     return x;
 380 }
 381
 382 int STORE_list_certificate_end(STORE *s, void *handle)
 383 {
 384     check_store(s, STORE_F_STORE_LIST_CERTIFICATE_END,
 385                 list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
 386
 387     if (!s->meth->list_object_end(s, handle)) {
 388         STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,
 389                  STORE_R_FAILED_LISTING_CERTIFICATES);
 390         return 0;
 391     }
 392     return 1;
 393 }
 394
 395 int STORE_list_certificate_endp(STORE *s, void *handle)
 396 {
 397     check_store(s, STORE_F_STORE_LIST_CERTIFICATE_ENDP,
 398                 list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
 399
 400     if (!s->meth->list_object_endp(s, handle)) {
 401         STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,
 402                  STORE_R_FAILED_LISTING_CERTIFICATES);
 403         return 0;
 404     }
 405     return 1;
 406 }
 407
 408 EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[],
 409                              OPENSSL_ITEM parameters[])
 410 {
 411     STORE_OBJECT *object;
 412     EVP_PKEY *pkey;
 413
 414     check_store(s, STORE_F_STORE_GENERATE_KEY,
 415                 generate_object, STORE_R_NO_GENERATE_OBJECT_FUNCTION);
 416
 417     object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
 418                                       attributes, parameters);
 419     if (!object || !object->data.key) {
 420         STOREerr(STORE_F_STORE_GENERATE_KEY, STORE_R_FAILED_GENERATING_KEY);
 421         return 0;
 422     }
 423     CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
 424 #ifdef REF_PRINT
 425     REF_PRINT("EVP_PKEY", data);
 426 #endif
 427     pkey = object->data.key;
 428     STORE_OBJECT_free(object);
 429     return pkey;
 430 }
 431
 432 EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[],
 433                                 OPENSSL_ITEM parameters[])
 434 {
 435     STORE_OBJECT *object;
 436     EVP_PKEY *pkey;
 437
 438     check_store(s, STORE_F_STORE_GET_PRIVATE_KEY,
 439                 get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
 440
 441     object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
 442                                  attributes, parameters);
 443     if (!object || !object->data.key || !object->data.key) {
 444         STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, STORE_R_FAILED_GETTING_KEY);
 445         return 0;
 446     }
 447     CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
 448 #ifdef REF_PRINT
 449     REF_PRINT("EVP_PKEY", data);
 450 #endif
 451     pkey = object->data.key;
 452     STORE_OBJECT_free(object);
 453     return pkey;
 454 }
 455
 456 int STORE_store_private_key(STORE *s, EVP_PKEY *data,
 457                             OPENSSL_ITEM attributes[],
 458                             OPENSSL_ITEM parameters[])
 459 {
 460     STORE_OBJECT *object;
 461     int i;
 462
 463     check_store(s, STORE_F_STORE_STORE_PRIVATE_KEY,
 464                 store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
 465
 466     object = STORE_OBJECT_new();
 467     if (object == NULL) {
 468         STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
 469         return 0;
 470     }
 471     object->data.key = EVP_PKEY_new();
 472     if (object->data.key == NULL) {
 473         STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
 474         return 0;
 475     }
 476
 477     CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
 478 #ifdef REF_PRINT
 479     REF_PRINT("EVP_PKEY", data);
 480 #endif
 481     object->data.key = data;
 482
 483     i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,
 484                               attributes, parameters);
 485
 486     STORE_OBJECT_free(object);
 487
 488     if (!i) {
 489         STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, STORE_R_FAILED_STORING_KEY);
 490         return 0;
 491     }
 492     return i;
 493 }
 494
 495 int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[],
 496                              OPENSSL_ITEM add_attributes[],
 497                              OPENSSL_ITEM modify_attributes[],
 498                              OPENSSL_ITEM delete_attributes[],
 499                              OPENSSL_ITEM parameters[])
 500 {
 501     check_store(s, STORE_F_STORE_MODIFY_PRIVATE_KEY,
 502                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
 503
 504     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
 505                                 search_attributes, add_attributes,
 506                                 modify_attributes, delete_attributes,
 507                                 parameters)) {
 508         STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,
 509                  STORE_R_FAILED_MODIFYING_PRIVATE_KEY);
 510         return 0;
 511     }
 512     return 1;
 513 }
 514
 515 int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[],
 516                              OPENSSL_ITEM parameters[])
 517 {
 518     int i;
 519
 520     check_store(s, STORE_F_STORE_REVOKE_PRIVATE_KEY,
 521                 revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
 522
 523     i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
 524                                attributes, parameters);
 525
 526     if (!i) {
 527         STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,
 528                  STORE_R_FAILED_REVOKING_KEY);
 529         return 0;
 530     }
 531     return i;
 532 }
 533
 534 int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[],
 535                              OPENSSL_ITEM parameters[])
 536 {
 537     check_store(s, STORE_F_STORE_DELETE_PRIVATE_KEY,
 538                 delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
 539
 540     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
 541                                 attributes, parameters)) {
 542         STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,
 543                  STORE_R_FAILED_DELETING_KEY);
 544         return 0;
 545     }
 546     return 1;
 547 }
 548
 549 void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[],
 550                                    OPENSSL_ITEM parameters[])
 551 {
 552     void *handle;
 553
 554     check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_START,
 555                 list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
 556
 557     handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
 558                                         attributes, parameters);
 559     if (!handle) {
 560         STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,
 561                  STORE_R_FAILED_LISTING_KEYS);
 562         return 0;
 563     }
 564     return handle;
 565 }
 566
 567 EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle)
 568 {
 569     STORE_OBJECT *object;
 570     EVP_PKEY *pkey;
 571
 572     check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
 573                 list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
 574
 575     object = s->meth->list_object_next(s, handle);
 576     if (!object || !object->data.key || !object->data.key) {
 577         STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
 578                  STORE_R_FAILED_LISTING_KEYS);
 579         return 0;
 580     }
 581     CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
 582 #ifdef REF_PRINT
 583     REF_PRINT("EVP_PKEY", data);
 584 #endif
 585     pkey = object->data.key;
 586     STORE_OBJECT_free(object);
 587     return pkey;
 588 }
 589
 590 int STORE_list_private_key_end(STORE *s, void *handle)
 591 {
 592     check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_END,
 593                 list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
 594
 595     if (!s->meth->list_object_end(s, handle)) {
 596         STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,
 597                  STORE_R_FAILED_LISTING_KEYS);
 598         return 0;
 599     }
 600     return 1;
 601 }
 602
 603 int STORE_list_private_key_endp(STORE *s, void *handle)
 604 {
 605     check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
 606                 list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
 607
 608     if (!s->meth->list_object_endp(s, handle)) {
 609         STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
 610                  STORE_R_FAILED_LISTING_KEYS);
 611         return 0;
 612     }
 613     return 1;
 614 }
 615
 616 EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[],
 617                                OPENSSL_ITEM parameters[])
 618 {
 619     STORE_OBJECT *object;
 620     EVP_PKEY *pkey;
 621
 622     check_store(s, STORE_F_STORE_GET_PUBLIC_KEY,
 623                 get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
 624
 625     object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
 626                                  attributes, parameters);
 627     if (!object || !object->data.key || !object->data.key) {
 628         STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, STORE_R_FAILED_GETTING_KEY);
 629         return 0;
 630     }
 631     CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
 632 #ifdef REF_PRINT
 633     REF_PRINT("EVP_PKEY", data);
 634 #endif
 635     pkey = object->data.key;
 636     STORE_OBJECT_free(object);
 637     return pkey;
 638 }
 639
 640 int STORE_store_public_key(STORE *s, EVP_PKEY *data,
 641                            OPENSSL_ITEM attributes[],
 642                            OPENSSL_ITEM parameters[])
 643 {
 644     STORE_OBJECT *object;
 645     int i;
 646
 647     check_store(s, STORE_F_STORE_STORE_PUBLIC_KEY,
 648                 store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
 649
 650     object = STORE_OBJECT_new();
 651     if (object == NULL) {
 652         STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
 653         return 0;
 654     }
 655     object->data.key = EVP_PKEY_new();
 656     if (object->data.key == NULL) {
 657         STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
 658         return 0;
 659     }
 660
 661     CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
 662 #ifdef REF_PRINT
 663     REF_PRINT("EVP_PKEY", data);
 664 #endif
 665     object->data.key = data;
 666
 667     i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
 668                               attributes, parameters);
 669
 670     STORE_OBJECT_free(object);
 671
 672     if (!i) {
 673         STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, STORE_R_FAILED_STORING_KEY);
 674         return 0;
 675     }
 676     return i;
 677 }
 678
 679 int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[],
 680                             OPENSSL_ITEM add_attributes[],
 681                             OPENSSL_ITEM modify_attributes[],
 682                             OPENSSL_ITEM delete_attributes[],
 683                             OPENSSL_ITEM parameters[])
 684 {
 685     check_store(s, STORE_F_STORE_MODIFY_PUBLIC_KEY,
 686                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
 687
 688     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
 689                                 search_attributes, add_attributes,
 690                                 modify_attributes, delete_attributes,
 691                                 parameters)) {
 692         STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,
 693                  STORE_R_FAILED_MODIFYING_PUBLIC_KEY);
 694         return 0;
 695     }
 696     return 1;
 697 }
 698
 699 int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[],
 700                             OPENSSL_ITEM parameters[])
 701 {
 702     int i;
 703
 704     check_store(s, STORE_F_STORE_REVOKE_PUBLIC_KEY,
 705                 revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
 706
 707     i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
 708                                attributes, parameters);
 709
 710     if (!i) {
 711         STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,
 712                  STORE_R_FAILED_REVOKING_KEY);
 713         return 0;
 714     }
 715     return i;
 716 }
 717
 718 int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[],
 719                             OPENSSL_ITEM parameters[])
 720 {
 721     check_store(s, STORE_F_STORE_DELETE_PUBLIC_KEY,
 722                 delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
 723
 724     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
 725                                 attributes, parameters)) {
 726         STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,
 727                  STORE_R_FAILED_DELETING_KEY);
 728         return 0;
 729     }
 730     return 1;
 731 }
 732
 733 void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[],
 734                                   OPENSSL_ITEM parameters[])
 735 {
 736     void *handle;
 737
 738     check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_START,
 739                 list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
 740
 741     handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
 742                                         attributes, parameters);
 743     if (!handle) {
 744         STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,
 745                  STORE_R_FAILED_LISTING_KEYS);
 746         return 0;
 747     }
 748     return handle;
 749 }
 750
 751 EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle)
 752 {
 753     STORE_OBJECT *object;
 754     EVP_PKEY *pkey;
 755
 756     check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
 757                 list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
 758
 759     object = s->meth->list_object_next(s, handle);
 760     if (!object || !object->data.key || !object->data.key) {
 761         STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
 762                  STORE_R_FAILED_LISTING_KEYS);
 763         return 0;
 764     }
 765     CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
 766 #ifdef REF_PRINT
 767     REF_PRINT("EVP_PKEY", data);
 768 #endif
 769     pkey = object->data.key;
 770     STORE_OBJECT_free(object);
 771     return pkey;
 772 }
 773
 774 int STORE_list_public_key_end(STORE *s, void *handle)
 775 {
 776     check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_END,
 777                 list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
 778
 779     if (!s->meth->list_object_end(s, handle)) {
 780         STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,
 781                  STORE_R_FAILED_LISTING_KEYS);
 782         return 0;
 783     }
 784     return 1;
 785 }
 786
 787 int STORE_list_public_key_endp(STORE *s, void *handle)
 788 {
 789     check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
 790                 list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
 791
 792     if (!s->meth->list_object_endp(s, handle)) {
 793         STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
 794                  STORE_R_FAILED_LISTING_KEYS);
 795         return 0;
 796     }
 797     return 1;
 798 }
 799
 800 X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[],
 801                              OPENSSL_ITEM parameters[])
 802 {
 803     STORE_OBJECT *object;
 804     X509_CRL *crl;
 805
 806     check_store(s, STORE_F_STORE_GENERATE_CRL,
 807                 generate_object, STORE_R_NO_GENERATE_CRL_FUNCTION);
 808
 809     object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,
 810                                       attributes, parameters);
 811     if (!object || !object->data.crl) {
 812         STOREerr(STORE_F_STORE_GENERATE_CRL, STORE_R_FAILED_GENERATING_CRL);
 813         return 0;
 814     }
 815     X509_CRL_up_ref(object->data.crl);
 816 #ifdef REF_PRINT
 817     REF_PRINT("X509_CRL", data);
 818 #endif
 819     crl = object->data.crl;
 820     STORE_OBJECT_free(object);
 821     return crl;
 822 }
 823
 824 X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[],
 825                         OPENSSL_ITEM parameters[])
 826 {
 827     STORE_OBJECT *object;
 828     X509_CRL *crl;
 829
 830     check_store(s, STORE_F_STORE_GET_CRL,
 831                 get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
 832
 833     object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,
 834                                  attributes, parameters);
 835     if (!object || !object->data.crl) {
 836         STOREerr(STORE_F_STORE_GET_CRL, STORE_R_FAILED_GETTING_KEY);
 837         return 0;
 838     }
 839     X509_CRL_up_ref(object->data.crl);
 840 #ifdef REF_PRINT
 841     REF_PRINT("X509_CRL", data);
 842 #endif
 843     crl = object->data.crl;
 844     STORE_OBJECT_free(object);
 845     return crl;
 846 }
 847
 848 int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[],
 849                     OPENSSL_ITEM parameters[])
 850 {
 851     STORE_OBJECT *object;
 852     int i;
 853
 854     check_store(s, STORE_F_STORE_STORE_CRL,
 855                 store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
 856
 857     object = STORE_OBJECT_new();
 858     if (object == NULL) {
 859         STOREerr(STORE_F_STORE_STORE_CRL, ERR_R_MALLOC_FAILURE);
 860         return 0;
 861     }
 862
 863     X509_CRL_up_ref(data);
 864 #ifdef REF_PRINT
 865     REF_PRINT("X509_CRL", data);
 866 #endif
 867     object->data.crl = data;
 868
 869     i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,
 870                               attributes, parameters);
 871
 872     STORE_OBJECT_free(object);
 873
 874     if (!i) {
 875         STOREerr(STORE_F_STORE_STORE_CRL, STORE_R_FAILED_STORING_KEY);
 876         return 0;
 877     }
 878     return i;
 879 }
 880
 881 int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[],
 882                      OPENSSL_ITEM add_attributes[],
 883                      OPENSSL_ITEM modify_attributes[],
 884                      OPENSSL_ITEM delete_attributes[],
 885                      OPENSSL_ITEM parameters[])
 886 {
 887     check_store(s, STORE_F_STORE_MODIFY_CRL,
 888                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
 889
 890     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,
 891                                 search_attributes, add_attributes,
 892                                 modify_attributes, delete_attributes,
 893                                 parameters)) {
 894         STOREerr(STORE_F_STORE_MODIFY_CRL, STORE_R_FAILED_MODIFYING_CRL);
 895         return 0;
 896     }
 897     return 1;
 898 }
 899
 900 int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[],
 901                      OPENSSL_ITEM parameters[])
 902 {
 903     check_store(s, STORE_F_STORE_DELETE_CRL,
 904                 delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
 905
 906     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,
 907                                 attributes, parameters)) {
 908         STOREerr(STORE_F_STORE_DELETE_CRL, STORE_R_FAILED_DELETING_KEY);
 909         return 0;
 910     }
 911     return 1;
 912 }
 913
 914 void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[],
 915                            OPENSSL_ITEM parameters[])
 916 {
 917     void *handle;
 918
 919     check_store(s, STORE_F_STORE_LIST_CRL_START,
 920                 list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
 921
 922     handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,
 923                                         attributes, parameters);
 924     if (!handle) {
 925         STOREerr(STORE_F_STORE_LIST_CRL_START, STORE_R_FAILED_LISTING_KEYS);
 926         return 0;
 927     }
 928     return handle;
 929 }
 930
 931 X509_CRL *STORE_list_crl_next(STORE *s, void *handle)
 932 {
 933     STORE_OBJECT *object;
 934     X509_CRL *crl;
 935
 936     check_store(s, STORE_F_STORE_LIST_CRL_NEXT,
 937                 list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
 938
 939     object = s->meth->list_object_next(s, handle);
 940     if (!object || !object->data.crl) {
 941         STOREerr(STORE_F_STORE_LIST_CRL_NEXT, STORE_R_FAILED_LISTING_KEYS);
 942         return 0;
 943     }
 944     X509_CRL_up_ref(object->data.crl);
 945 #ifdef REF_PRINT
 946     REF_PRINT("X509_CRL", data);
 947 #endif
 948     crl = object->data.crl;
 949     STORE_OBJECT_free(object);
 950     return crl;
 951 }
 952
 953 int STORE_list_crl_end(STORE *s, void *handle)
 954 {
 955     check_store(s, STORE_F_STORE_LIST_CRL_END,
 956                 list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
 957
 958     if (!s->meth->list_object_end(s, handle)) {
 959         STOREerr(STORE_F_STORE_LIST_CRL_END, STORE_R_FAILED_LISTING_KEYS);
 960         return 0;
 961     }
 962     return 1;
 963 }
 964
 965 int STORE_list_crl_endp(STORE *s, void *handle)
 966 {
 967     check_store(s, STORE_F_STORE_LIST_CRL_ENDP,
 968                 list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
 969
 970     if (!s->meth->list_object_endp(s, handle)) {
 971         STOREerr(STORE_F_STORE_LIST_CRL_ENDP, STORE_R_FAILED_LISTING_KEYS);
 972         return 0;
 973     }
 974     return 1;
 975 }
 976
 977 int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[],
 978                        OPENSSL_ITEM parameters[])
 979 {
 980     STORE_OBJECT *object;
 981     int i;
 982
 983     check_store(s, STORE_F_STORE_STORE_NUMBER,
 984                 store_object, STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);
 985
 986     object = STORE_OBJECT_new();
 987     if (object == NULL) {
 988         STOREerr(STORE_F_STORE_STORE_NUMBER, ERR_R_MALLOC_FAILURE);
 989         return 0;
 990     }
 991
 992     object->data.number = data;
 993
 994     i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,
 995                               attributes, parameters);
 996
 997     STORE_OBJECT_free(object);
 998
 999     if (!i) {
1000         STOREerr(STORE_F_STORE_STORE_NUMBER, STORE_R_FAILED_STORING_NUMBER);
1001         return 0;
1002     }
1003     return 1;
1004 }
1005
1006 int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[],
1007                         OPENSSL_ITEM add_attributes[],
1008                         OPENSSL_ITEM modify_attributes[],
1009                         OPENSSL_ITEM delete_attributes[],
1010                         OPENSSL_ITEM parameters[])
1011 {
1012     check_store(s, STORE_F_STORE_MODIFY_NUMBER,
1013                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
1014
1015     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,
1016                                 search_attributes, add_attributes,
1017                                 modify_attributes, delete_attributes,
1018                                 parameters)) {
1019         STOREerr(STORE_F_STORE_MODIFY_NUMBER,
1020                  STORE_R_FAILED_MODIFYING_NUMBER);
1021         return 0;
1022     }
1023     return 1;
1024 }
1025
1026 BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[],
1027                          OPENSSL_ITEM parameters[])
1028 {
1029     STORE_OBJECT *object;
1030     BIGNUM *n;
1031
1032     check_store(s, STORE_F_STORE_GET_NUMBER,
1033                 get_object, STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);
1034
1035     object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
1036                                  parameters);
1037     if (!object || !object->data.number) {
1038         STOREerr(STORE_F_STORE_GET_NUMBER, STORE_R_FAILED_GETTING_NUMBER);
1039         return 0;
1040     }
1041     n = object->data.number;
1042     object->data.number = NULL;
1043     STORE_OBJECT_free(object);
1044     return n;
1045 }
1046
1047 int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[],
1048                         OPENSSL_ITEM parameters[])
1049 {
1050     check_store(s, STORE_F_STORE_DELETE_NUMBER,
1051                 delete_object, STORE_R_NO_DELETE_NUMBER_FUNCTION);
1052
1053     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
1054                                 parameters)) {
1055         STOREerr(STORE_F_STORE_DELETE_NUMBER, STORE_R_FAILED_DELETING_NUMBER);
1056         return 0;
1057     }
1058     return 1;
1059 }
1060
1061 int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[],
1062                           OPENSSL_ITEM parameters[])
1063 {
1064     STORE_OBJECT *object;
1065     int i;
1066
1067     check_store(s, STORE_F_STORE_STORE_ARBITRARY,
1068                 store_object, STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);
1069
1070     object = STORE_OBJECT_new();
1071     if (object == NULL) {
1072         STOREerr(STORE_F_STORE_STORE_ARBITRARY, ERR_R_MALLOC_FAILURE);
1073         return 0;
1074     }
1075
1076     object->data.arbitrary = data;
1077
1078     i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,
1079                               attributes, parameters);
1080
1081     STORE_OBJECT_free(object);
1082
1083     if (!i) {
1084         STOREerr(STORE_F_STORE_STORE_ARBITRARY,
1085                  STORE_R_FAILED_STORING_ARBITRARY);
1086         return 0;
1087     }
1088     return 1;
1089 }
1090
1091 int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[],
1092                            OPENSSL_ITEM add_attributes[],
1093                            OPENSSL_ITEM modify_attributes[],
1094                            OPENSSL_ITEM delete_attributes[],
1095                            OPENSSL_ITEM parameters[])
1096 {
1097     check_store(s, STORE_F_STORE_MODIFY_ARBITRARY,
1098                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
1099
1100     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,
1101                                 search_attributes, add_attributes,
1102                                 modify_attributes, delete_attributes,
1103                                 parameters)) {
1104         STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,
1105                  STORE_R_FAILED_MODIFYING_ARBITRARY);
1106         return 0;
1107     }
1108     return 1;
1109 }
1110
1111 BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
1112                              OPENSSL_ITEM parameters[])
1113 {
1114     STORE_OBJECT *object;
1115     BUF_MEM *b;
1116
1117     check_store(s, STORE_F_STORE_GET_ARBITRARY,
1118                 get_object, STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);
1119
1120     object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,
1121                                  attributes, parameters);
1122     if (!object || !object->data.arbitrary) {
1123         STOREerr(STORE_F_STORE_GET_ARBITRARY,
1124                  STORE_R_FAILED_GETTING_ARBITRARY);
1125         return 0;
1126     }
1127     b = object->data.arbitrary;
1128     object->data.arbitrary = NULL;
1129     STORE_OBJECT_free(object);
1130     return b;
1131 }
1132
1133 int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
1134                            OPENSSL_ITEM parameters[])
1135 {
1136     check_store(s, STORE_F_STORE_DELETE_ARBITRARY,
1137                 delete_object, STORE_R_NO_DELETE_ARBITRARY_FUNCTION);
1138
1139     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,
1140                                 parameters)) {
1141         STOREerr(STORE_F_STORE_DELETE_ARBITRARY,
1142                  STORE_R_FAILED_DELETING_ARBITRARY);
1143         return 0;
1144     }
1145     return 1;
1146 }
1147
1148 STORE_OBJECT *STORE_OBJECT_new(void)
1149 {
1150     STORE_OBJECT *object = OPENSSL_zalloc(sizeof(*object));
1151     return object;
1152 }
1153
1154 void STORE_OBJECT_free(STORE_OBJECT *data)
1155 {
1156     if (!data)
1157         return;
1158     switch (data->type) {
1159     case STORE_OBJECT_TYPE_X509_CERTIFICATE:
1160         X509_free(data->data.x509.certificate);
1161         break;
1162     case STORE_OBJECT_TYPE_X509_CRL:
1163         X509_CRL_free(data->data.crl);
1164         break;
1165     case STORE_OBJECT_TYPE_PRIVATE_KEY:
1166     case STORE_OBJECT_TYPE_PUBLIC_KEY:
1167         EVP_PKEY_free(data->data.key);
1168         break;
1169     case STORE_OBJECT_TYPE_NUMBER:
1170         BN_free(data->data.number);
1171         break;
1172     case STORE_OBJECT_TYPE_ARBITRARY:
1173         BUF_MEM_free(data->data.arbitrary);
1174         break;
1175     }
1176     OPENSSL_free(data);
1177 }
1178
1179 struct STORE_attr_info_st {
1180     unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];
1181     union {
1182         char *cstring;
1183         unsigned char *sha1string;
1184         X509_NAME *dn;
1185         BIGNUM *number;
1186         void *any;
1187     } values[STORE_ATTR_TYPE_NUM + 1];
1188     size_t value_sizes[STORE_ATTR_TYPE_NUM + 1];
1189 };
1190
1191 #define ATTR_IS_SET(a,i)        ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \
1192                                 && ((a)->set[(i) / 8] & (1 << ((i) % 8))))
1193 #define SET_ATTRBIT(a,i)        ((a)->set[(i) / 8] |= (1 << ((i) % 8)))
1194 #define CLEAR_ATTRBIT(a,i)      ((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))
1195
1196 STORE_ATTR_INFO *STORE_ATTR_INFO_new(void)
1197 {
1198     STORE_ATTR_INFO *p = OPENSSL_malloc(sizeof(*p));
1199
1200     return p;
1201 }
1202
1203 static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs,
1204                                       STORE_ATTR_TYPES code)
1205 {
1206     if (ATTR_IS_SET(attrs, code)) {
1207         switch (code) {
1208         case STORE_ATTR_FRIENDLYNAME:
1209         case STORE_ATTR_EMAIL:
1210         case STORE_ATTR_FILENAME:
1211             STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);
1212             break;
1213         case STORE_ATTR_KEYID:
1214         case STORE_ATTR_ISSUERKEYID:
1215         case STORE_ATTR_SUBJECTKEYID:
1216         case STORE_ATTR_ISSUERSERIALHASH:
1217         case STORE_ATTR_CERTHASH:
1218             STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);
1219             break;
1220         case STORE_ATTR_ISSUER:
1221         case STORE_ATTR_SUBJECT:
1222             STORE_ATTR_INFO_modify_dn(attrs, code, NULL);
1223             break;
1224         case STORE_ATTR_SERIAL:
1225             STORE_ATTR_INFO_modify_number(attrs, code, NULL);
1226             break;
1227         default:
1228             break;
1229         }
1230     }
1231 }
1232
1233 int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs)
1234 {
1235     if (attrs) {
1236         STORE_ATTR_TYPES i;
1237         for (i = 0; i++ < STORE_ATTR_TYPE_NUM;)
1238             STORE_ATTR_INFO_attr_free(attrs, i);
1239         OPENSSL_free(attrs);
1240     }
1241     return 1;
1242 }
1243
1244 char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
1245 {
1246     if (!attrs) {
1247         STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
1248                  ERR_R_PASSED_NULL_PARAMETER);
1249         return NULL;
1250     }
1251     if (ATTR_IS_SET(attrs, code))
1252         return attrs->values[code].cstring;
1253     STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, STORE_R_NO_VALUE);
1254     return NULL;
1255 }
1256
1257 unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
1258                                             STORE_ATTR_TYPES code)
1259 {
1260     if (!attrs) {
1261         STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
1262                  ERR_R_PASSED_NULL_PARAMETER);
1263         return NULL;
1264     }
1265     if (ATTR_IS_SET(attrs, code))
1266         return attrs->values[code].sha1string;
1267     STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, STORE_R_NO_VALUE);
1268     return NULL;
1269 }
1270
1271 X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs,
1272                                    STORE_ATTR_TYPES code)
1273 {
1274     if (!attrs) {
1275         STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
1276                  ERR_R_PASSED_NULL_PARAMETER);
1277         return NULL;
1278     }
1279     if (ATTR_IS_SET(attrs, code))
1280         return attrs->values[code].dn;
1281     STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, STORE_R_NO_VALUE);
1282     return NULL;
1283 }
1284
1285 BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs,
1286                                     STORE_ATTR_TYPES code)
1287 {
1288     if (!attrs) {
1289         STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
1290                  ERR_R_PASSED_NULL_PARAMETER);
1291         return NULL;
1292     }
1293     if (ATTR_IS_SET(attrs, code))
1294         return attrs->values[code].number;
1295     STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, STORE_R_NO_VALUE);
1296     return NULL;
1297 }
1298
1299 int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1300                              char *cstr, size_t cstr_size)
1301 {
1302     if (!attrs) {
1303         STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
1304                  ERR_R_PASSED_NULL_PARAMETER);
1305         return 0;
1306     }
1307     if (!ATTR_IS_SET(attrs, code)) {
1308         if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size)))
1309             return 1;
1310         STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, ERR_R_MALLOC_FAILURE);
1311         return 0;
1312     }
1313     STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);
1314     return 0;
1315 }
1316
1317 int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1318                                 unsigned char *sha1str, size_t sha1str_size)
1319 {
1320     if (!attrs) {
1321         STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
1322                  ERR_R_PASSED_NULL_PARAMETER);
1323         return 0;
1324     }
1325     if (!ATTR_IS_SET(attrs, code)) {
1326         if ((attrs->values[code].sha1string =
1327              (unsigned char *)BUF_memdup(sha1str, sha1str_size)))
1328             return 1;
1329         STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, ERR_R_MALLOC_FAILURE);
1330         return 0;
1331     }
1332     STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
1333              STORE_R_ALREADY_HAS_A_VALUE);
1334     return 0;
1335 }
1336
1337 int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1338                            X509_NAME *dn)
1339 {
1340     if (!attrs) {
1341         STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_PASSED_NULL_PARAMETER);
1342         return 0;
1343     }
1344     if (!ATTR_IS_SET(attrs, code)) {
1345         if ((attrs->values[code].dn = X509_NAME_dup(dn)))
1346             return 1;
1347         STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_MALLOC_FAILURE);
1348         return 0;
1349     }
1350     STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);
1351     return 0;
1352 }
1353
1354 int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1355                                BIGNUM *number)
1356 {
1357     if (!attrs) {
1358         STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
1359                  ERR_R_PASSED_NULL_PARAMETER);
1360         return 0;
1361     }
1362     if (!ATTR_IS_SET(attrs, code)) {
1363         if ((attrs->values[code].number = BN_dup(number)))
1364             return 1;
1365         STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, ERR_R_MALLOC_FAILURE);
1366         return 0;
1367     }
1368     STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);
1369     return 0;
1370 }
1371
1372 int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1373                                 char *cstr, size_t cstr_size)
1374 {
1375     if (!attrs) {
1376         STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,
1377                  ERR_R_PASSED_NULL_PARAMETER);
1378         return 0;
1379     }
1380     if (ATTR_IS_SET(attrs, code)) {
1381         OPENSSL_free(attrs->values[code].cstring);
1382         attrs->values[code].cstring = NULL;
1383         CLEAR_ATTRBIT(attrs, code);
1384     }
1385     return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);
1386 }
1387
1388 int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs,
1389                                    STORE_ATTR_TYPES code,
1390                                    unsigned char *sha1str,
1391                                    size_t sha1str_size)
1392 {
1393     if (!attrs) {
1394         STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,
1395                  ERR_R_PASSED_NULL_PARAMETER);
1396         return 0;
1397     }
1398     if (ATTR_IS_SET(attrs, code)) {
1399         OPENSSL_free(attrs->values[code].sha1string);
1400         attrs->values[code].sha1string = NULL;
1401         CLEAR_ATTRBIT(attrs, code);
1402     }
1403     return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);
1404 }
1405
1406 int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1407                               X509_NAME *dn)
1408 {
1409     if (!attrs) {
1410         STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,
1411                  ERR_R_PASSED_NULL_PARAMETER);
1412         return 0;
1413     }
1414     if (ATTR_IS_SET(attrs, code)) {
1415         OPENSSL_free(attrs->values[code].dn);
1416         attrs->values[code].dn = NULL;
1417         CLEAR_ATTRBIT(attrs, code);
1418     }
1419     return STORE_ATTR_INFO_set_dn(attrs, code, dn);
1420 }
1421
1422 int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs,
1423                                   STORE_ATTR_TYPES code, BIGNUM *number)
1424 {
1425     if (!attrs) {
1426         STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,
1427                  ERR_R_PASSED_NULL_PARAMETER);
1428         return 0;
1429     }
1430     if (ATTR_IS_SET(attrs, code)) {
1431         OPENSSL_free(attrs->values[code].number);
1432         attrs->values[code].number = NULL;
1433         CLEAR_ATTRBIT(attrs, code);
1434     }
1435     return STORE_ATTR_INFO_set_number(attrs, code, number);
1436 }
1437
1438 struct attr_list_ctx_st {
1439     OPENSSL_ITEM *attributes;
1440 };
1441 void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes)
1442 {
1443     if (attributes) {
1444         struct attr_list_ctx_st *context = OPENSSL_malloc(sizeof(*context));
1445         if (context != NULL)
1446             context->attributes = attributes;
1447         else
1448             STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_MALLOC_FAILURE);
1449         return context;
1450     }
1451     STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);
1452     return 0;
1453 }
1454
1455 STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle)
1456 {
1457     struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
1458
1459     if (context && context->attributes) {
1460         STORE_ATTR_INFO *attrs = NULL;
1461
1462         while (context->attributes
1463                && context->attributes->code != STORE_ATTR_OR
1464                && context->attributes->code != STORE_ATTR_END) {
1465             switch (context->attributes->code) {
1466             case STORE_ATTR_FRIENDLYNAME:
1467             case STORE_ATTR_EMAIL:
1468             case STORE_ATTR_FILENAME:
1469                 if (attrs == NULL)
1470                     attrs = STORE_ATTR_INFO_new();
1471                 if (attrs == NULL) {
1472                     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
1473                              ERR_R_MALLOC_FAILURE);
1474                     goto err;
1475                 }
1476                 STORE_ATTR_INFO_set_cstr(attrs,
1477                                          context->attributes->code,
1478                                          context->attributes->value,
1479                                          context->attributes->value_size);
1480                 break;
1481             case STORE_ATTR_KEYID:
1482             case STORE_ATTR_ISSUERKEYID:
1483             case STORE_ATTR_SUBJECTKEYID:
1484             case STORE_ATTR_ISSUERSERIALHASH:
1485             case STORE_ATTR_CERTHASH:
1486                 if (attrs == NULL)
1487                     attrs = STORE_ATTR_INFO_new();
1488                 if (attrs == NULL) {
1489                     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
1490                              ERR_R_MALLOC_FAILURE);
1491                     goto err;
1492                 }
1493                 STORE_ATTR_INFO_set_sha1str(attrs,
1494                                             context->attributes->code,
1495                                             context->attributes->value,
1496                                             context->attributes->value_size);
1497                 break;
1498             case STORE_ATTR_ISSUER:
1499             case STORE_ATTR_SUBJECT:
1500                 if (attrs == NULL)
1501                     attrs = STORE_ATTR_INFO_new();
1502                 if (attrs == NULL) {
1503                     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
1504                              ERR_R_MALLOC_FAILURE);
1505                     goto err;
1506                 }
1507                 STORE_ATTR_INFO_modify_dn(attrs,
1508                                           context->attributes->code,
1509                                           context->attributes->value);
1510                 break;
1511             case STORE_ATTR_SERIAL:
1512                 if (attrs == NULL)
1513                     attrs = STORE_ATTR_INFO_new();
1514                 if (attrs == NULL) {
1515                     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
1516                              ERR_R_MALLOC_FAILURE);
1517                     goto err;
1518                 }
1519                 STORE_ATTR_INFO_modify_number(attrs,
1520                                               context->attributes->code,
1521                                               context->attributes->value);
1522                 break;
1523             }
1524             context->attributes++;
1525         }
1526         if (context->attributes->code == STORE_ATTR_OR)
1527             context->attributes++;
1528         return attrs;
1529  err:
1530         while (context->attributes
1531                && context->attributes->code != STORE_ATTR_OR
1532                && context->attributes->code != STORE_ATTR_END)
1533             context->attributes++;
1534         if (context->attributes->code == STORE_ATTR_OR)
1535             context->attributes++;
1536         return NULL;
1537     }
1538     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);
1539     return NULL;
1540 }
1541
1542 int STORE_parse_attrs_end(void *handle)
1543 {
1544     struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
1545
1546     if (context && context->attributes) {
1547 #if 0
1548         OPENSSL_ITEM *attributes = context->attributes;
1549 #endif
1550         OPENSSL_free(context);
1551         return 1;
1552     }
1553     STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);
1554     return 0;
1555 }
1556
1557 int STORE_parse_attrs_endp(void *handle)
1558 {
1559     struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
1560
1561     if (context && context->attributes) {
1562         return context->attributes->code == STORE_ATTR_END;
1563     }
1564     STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);
1565     return 0;
1566 }
1567
1568 static int attr_info_compare_compute_range(const unsigned char *abits,
1569                                            const unsigned char *bbits,
1570                                            unsigned int *alowp,
1571                                            unsigned int *ahighp,
1572                                            unsigned int *blowp,
1573                                            unsigned int *bhighp)
1574 {
1575     unsigned int alow = (unsigned int)-1, ahigh = 0;
1576     unsigned int blow = (unsigned int)-1, bhigh = 0;
1577     int i, res = 0;
1578
1579     for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
1580         if (res == 0) {
1581             if (*abits < *bbits)
1582                 res = -1;
1583             if (*abits > *bbits)
1584                 res = 1;
1585         }
1586         if (*abits) {
1587             if (alow == (unsigned int)-1) {
1588                 alow = i * 8;
1589                 if (!(*abits & 0x01))
1590                     alow++;
1591                 if (!(*abits & 0x02))
1592                     alow++;
1593                 if (!(*abits & 0x04))
1594                     alow++;
1595                 if (!(*abits & 0x08))
1596                     alow++;
1597                 if (!(*abits & 0x10))
1598                     alow++;
1599                 if (!(*abits & 0x20))
1600                     alow++;
1601                 if (!(*abits & 0x40))
1602                     alow++;
1603             }
1604             ahigh = i * 8 + 7;
1605             if (!(*abits & 0x80))
1606                 ahigh++;
1607             if (!(*abits & 0x40))
1608                 ahigh++;
1609             if (!(*abits & 0x20))
1610                 ahigh++;
1611             if (!(*abits & 0x10))
1612                 ahigh++;
1613             if (!(*abits & 0x08))
1614                 ahigh++;
1615             if (!(*abits & 0x04))
1616                 ahigh++;
1617             if (!(*abits & 0x02))
1618                 ahigh++;
1619         }
1620         if (*bbits) {
1621             if (blow == (unsigned int)-1) {
1622                 blow = i * 8;
1623                 if (!(*bbits & 0x01))
1624                     blow++;
1625                 if (!(*bbits & 0x02))
1626                     blow++;
1627                 if (!(*bbits & 0x04))
1628                     blow++;
1629                 if (!(*bbits & 0x08))
1630                     blow++;
1631                 if (!(*bbits & 0x10))
1632                     blow++;
1633                 if (!(*bbits & 0x20))
1634                     blow++;
1635                 if (!(*bbits & 0x40))
1636                     blow++;
1637             }
1638             bhigh = i * 8 + 7;
1639             if (!(*bbits & 0x80))
1640                 bhigh++;
1641             if (!(*bbits & 0x40))
1642                 bhigh++;
1643             if (!(*bbits & 0x20))
1644                 bhigh++;
1645             if (!(*bbits & 0x10))
1646                 bhigh++;
1647             if (!(*bbits & 0x08))
1648                 bhigh++;
1649             if (!(*bbits & 0x04))
1650                 bhigh++;
1651             if (!(*bbits & 0x02))
1652                 bhigh++;
1653         }
1654     }
1655     if (ahigh + alow < bhigh + blow)
1656         res = -1;
1657     if (ahigh + alow > bhigh + blow)
1658         res = 1;
1659     if (alowp)
1660         *alowp = alow;
1661     if (ahighp)
1662         *ahighp = ahigh;
1663     if (blowp)
1664         *blowp = blow;
1665     if (bhighp)
1666         *bhighp = bhigh;
1667     return res;
1668 }
1669
1670 int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO *const *a,
1671                             const STORE_ATTR_INFO *const *b)
1672 {
1673     if (a == b)
1674         return 0;
1675     if (!a)
1676         return -1;
1677     if (!b)
1678         return 1;
1679     return attr_info_compare_compute_range((*a)->set, (*b)->set, 0, 0, 0, 0);
1680 }
1681
1682 int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
1683 {
1684     unsigned int alow, ahigh, blow, bhigh;
1685
1686     if (a == b)
1687         return 1;
1688     if (!a)
1689         return 0;
1690     if (!b)
1691         return 0;
1692     attr_info_compare_compute_range(a->set, b->set,
1693                                     &alow, &ahigh, &blow, &bhigh);
1694     if (alow >= blow && ahigh <= bhigh)
1695         return 1;
1696     return 0;
1697 }
1698
1699 int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
1700 {
1701     unsigned char *abits, *bbits;
1702     int i;
1703
1704     if (a == b)
1705         return 1;
1706     if (!a)
1707         return 0;
1708     if (!b)
1709         return 0;
1710     abits = a->set;
1711     bbits = b->set;
1712     for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
1713         if (*abits && (*bbits & *abits) != *abits)
1714             return 0;
1715     }
1716     return 1;
1717 }
1718
1719 int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
1720 {
1721     STORE_ATTR_TYPES i;
1722
1723     if (a == b)
1724         return 1;
1725     if (!STORE_ATTR_INFO_in(a, b))
1726         return 0;
1727     for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)
1728         if (ATTR_IS_SET(a, i)) {
1729             switch (i) {
1730             case STORE_ATTR_FRIENDLYNAME:
1731             case STORE_ATTR_EMAIL:
1732             case STORE_ATTR_FILENAME:
1733                 if (strcmp(a->values[i].cstring, b->values[i].cstring))
1734                     return 0;
1735                 break;
1736             case STORE_ATTR_KEYID:
1737             case STORE_ATTR_ISSUERKEYID:
1738             case STORE_ATTR_SUBJECTKEYID:
1739             case STORE_ATTR_ISSUERSERIALHASH:
1740             case STORE_ATTR_CERTHASH:
1741                 if (memcmp(a->values[i].sha1string,
1742                            b->values[i].sha1string, a->value_sizes[i]))
1743                     return 0;
1744                 break;
1745             case STORE_ATTR_ISSUER:
1746             case STORE_ATTR_SUBJECT:
1747                 if (X509_NAME_cmp(a->values[i].dn, b->values[i].dn))
1748                     return 0;
1749                 break;
1750             case STORE_ATTR_SERIAL:
1751                 if (BN_cmp(a->values[i].number, b->values[i].number))
1752                     return 0;
1753                 break;
1754             default:
1755                 break;
1756             }
1757         }
1758
1759     return 1;
1760 }