New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
+ *) Modify RSA and DSA PEM read routines to transparently handle
+ PKCS#8 format private keys. New *_PUBKEY_* functions that handle
+ public keys in a format compatible with certificate
+ SubjectPublicKeyInfo structures. Unfortunately there were already
+ functions called *_PublicKey_* which used various odd formats so
+ these are retained for compatability: however the DSA variants were
+ never in a public release so they have been deleted. Changed dsa/rsa
+ utilities to handle the new format: note no releases ever handled public
+ keys so we should be OK.
+
+ The primary motivation for this change is to avoid the same fiasco
+ that dogs private keys: there are several incompatible private key
+ formats some of which are standard and some OpenSSL specific and
+ require various evil hacks to allow partial transparent handling and
+ even then it doesn't work with DER formats. Given the option anything
+ other than PKCS#8 should be dumped: but the other formats have to
+ stay in the name of compatability.
+
+ With public keys and the benefit of hindsight one standard format
+ is used which works with EVP_PKEY, RSA or DSA structures: though
+ it clearly returns an error if you try to read the wrong kind of key.
+
+ Added a -pubkey option to the 'x509' utility to output the public key.
+ Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*() and add
+ EVP_PKEY_rset_*() functions that do the same as the EVP_PKEY_assign_*()
+ except they up the reference count of the added key (they don't "swallow"
+ the supplied key).
+ [Steve Henson]
+
+ *) Fixes to crypto/x509/by_file.c the code to read in certificates and
+ CRLs would fail if the file contained no certificates or no CRLs:
+ added a new function to read in both types and return the number
+ read: this means that if none are read it will be an error. The
+ DER versions of the certificate and CRL reader would always fail
+ because it isn't possible to mix certificates and CRLs in DER format
+ without choking one or the other routine. Changed this to just read
+ a certificate: this is the best we can do. Also modified the code
+ in apps/verify.c to take notice of return codes: it was previously
+ attempting to read in certificates from NULL pointers and ignoring
+ any errors: this is one reason why the cert and CRL reader seemed
+ to work. It doesn't check return codes from the default certificate
+ routines: these may well fail if the certificates aren't installed.
+ [Steve Henson]
+
*) Code to support otherName option in GeneralName.
[Steve Henson]
BIO_printf(bio_err,"read DSA key\n");
if (informat == FORMAT_ASN1) {
- if(pubin) dsa=d2i_DSAPublicKey_bio(in,NULL);
+ if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL);
else dsa=d2i_DSAPrivateKey_bio(in,NULL);
} else if (informat == FORMAT_PEM) {
- if(pubin) dsa=PEM_read_bio_DSAPublicKey(in,NULL, NULL, NULL);
+ if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
else {
if(passin) dsa=PEM_read_bio_DSAPrivateKey(in,NULL,
key_cb,passin);
if (noout) goto end;
BIO_printf(bio_err,"writing DSA key\n");
if (outformat == FORMAT_ASN1) {
- if(pubin || pubout) i=i2d_DSAPublicKey_bio(out,dsa);
+ if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
else i=i2d_DSAPrivateKey_bio(out,dsa);
} else if (outformat == FORMAT_PEM) {
if(pubin || pubout)
- i=PEM_write_bio_DSAPublicKey(out,dsa);
+ i=PEM_write_bio_DSA_PUBKEY(out,dsa);
else {
if(passout) i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
NULL,0,key_cb, passout);
ERR_load_crypto_strings();
+ if(check && pubin) {
+ BIO_printf(bio_err, "Only private keys can be checked\n");
+ goto end;
+ }
+
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
}
}
- BIO_printf(bio_err,"read RSA private key\n");
+ BIO_printf(bio_err,"read RSA key\n");
if (informat == FORMAT_ASN1) {
- if (pubin) rsa=d2i_RSAPublicKey_bio(in,NULL);
+ if (pubin) rsa=d2i_RSA_PUBKEY_bio(in,NULL);
else rsa=d2i_RSAPrivateKey_bio(in,NULL);
}
#ifndef NO_RC4
}
#endif
else if (informat == FORMAT_PEM) {
- if(pubin) rsa=PEM_read_bio_RSAPublicKey(in,NULL,NULL,NULL);
+ if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL);
else {
if(passin) rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
key_cb,passin);
}
if (rsa == NULL)
{
- BIO_printf(bio_err,"unable to load Key\n");
+ BIO_printf(bio_err,"unable to load key\n");
ERR_print_errors(bio_err);
goto end;
}
if (modulus)
{
- fprintf(stdout,"Modulus=");
+ BIO_printf(out,"Modulus=");
BN_print(out,rsa->n);
- fprintf(stdout,"\n");
+ BIO_printf(out,"\n");
}
if (check)
}
BIO_printf(bio_err,"writing RSA key\n");
if (outformat == FORMAT_ASN1) {
- if(pubout || pubin) i=i2d_RSAPublicKey_bio(out,rsa);
+ if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
else i=i2d_RSAPrivateKey_bio(out,rsa);
}
#ifndef NO_RC4
#endif
else if (outformat == FORMAT_PEM) {
if(pubout || pubin)
- i=PEM_write_bio_RSAPublicKey(out,rsa);
+ i=PEM_write_bio_RSA_PUBKEY(out,rsa);
else {
if(passout) i=PEM_write_bio_RSAPrivateKey(out,rsa,
enc,NULL,0,key_cb,passout);
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
if (lookup == NULL) abort();
- if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
- X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+ if (CAfile) {
+ i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM);
+ if(!i) {
+ BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
if (lookup == NULL) abort();
- if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
- X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+ if (CApath) {
+ i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM);
+ if(!i) {
+ BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
ERR_clear_error();
" -purpose - print out certificate purposes\n",
" -dates - both Before and After dates\n",
" -modulus - print the RSA key modulus\n",
+" -pubkey - output the public key\n",
" -fingerprint - print the certificate fingerprint\n",
" -alias - output certificate alias\n",
" -noout - no certificate output\n",
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
int trustout=0,clrtrust=0,clrnotrust=0,aliasout=0;
int C=0;
- int x509req=0,days=DEF_DAYS,modulus=0;
+ int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
int pprint = 0;
char **pp;
X509_STORE *ctx=NULL;
serial= ++num;
else if (strcmp(*argv,"-modulus") == 0)
modulus= ++num;
+ else if (strcmp(*argv,"-pubkey") == 0)
+ pubkey= ++num;
else if (strcmp(*argv,"-x509toreq") == 0)
x509req= ++num;
else if (strcmp(*argv,"-text") == 0)
BIO_printf(STDout,"\n");
EVP_PKEY_free(pkey);
}
+ else
+ if (pubkey == i)
+ {
+ EVP_PKEY *pkey;
+
+ pkey=X509_get_pubkey(x);
+ if (pkey == NULL)
+ {
+ BIO_printf(bio_err,"Error getting public key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ PEM_write_bio_PUBKEY(STDout, pkey);
+ EVP_PKEY_free(pkey);
+ }
else
if (C == i)
{
#define ASN1_F_I2D_DSAPARAMS 178
#define ASN1_F_I2D_DSAPRIVATEKEY 179
#define ASN1_F_I2D_DSAPUBLICKEY 180
+#define ASN1_F_I2D_DSA_PUBKEY 290
#define ASN1_F_I2D_NETSCAPE_RSA 181
#define ASN1_F_I2D_PKCS7 182
#define ASN1_F_I2D_PRIVATEKEY 183
#define ASN1_F_I2D_PUBLICKEY 184
#define ASN1_F_I2D_RSAPRIVATEKEY 185
#define ASN1_F_I2D_RSAPUBLICKEY 186
+#define ASN1_F_I2D_RSA_PUBKEY 289
#define ASN1_F_I2D_X509_ATTRIBUTE 187
#define ASN1_F_I2T_ASN1_OBJECT 188
#define ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW 229
{ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0), "i2d_DSAparams"},
{ERR_PACK(0,ASN1_F_I2D_DSAPRIVATEKEY,0), "i2d_DSAPrivateKey"},
{ERR_PACK(0,ASN1_F_I2D_DSAPUBLICKEY,0), "i2d_DSAPublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"},
{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"},
{ERR_PACK(0,ASN1_F_I2D_PKCS7,0), "i2d_PKCS7"},
{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0), "i2d_PrivateKey"},
{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0), "i2d_PublicKey"},
{ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0), "i2d_RSAPrivateKey"},
{ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0), "i2d_RSAPublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0), "i2d_RSA_PUBKEY"},
{ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0), "i2d_X509_ATTRIBUTE"},
{ERR_PACK(0,ASN1_F_I2T_ASN1_OBJECT,0), "i2t_ASN1_OBJECT"},
{ERR_PACK(0,ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW,0), "NETSCAPE_CERT_SEQUENCE_new"},
return(NULL);
}
+/* Now two pseudo ASN1 routines that take an EVP_PKEY structure
+ * and encode or decode as X509_PUBKEY
+ */
+
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp,
+ long length)
+{
+ X509_PUBKEY *xpk;
+ EVP_PKEY *pktmp;
+ xpk = d2i_X509_PUBKEY(NULL, pp, length);
+ if(!xpk) return NULL;
+ pktmp = X509_PUBKEY_get(xpk);
+ X509_PUBKEY_free(xpk);
+ if(!pktmp) return NULL;
+ if(a) {
+ EVP_PKEY_free(*a);
+ *a = pktmp;
+ }
+ return pktmp;
+}
+
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
+{
+ X509_PUBKEY *xpk=NULL;
+ int ret;
+ if(!a) return 0;
+ if(!X509_PUBKEY_set(&xpk, a)) return 0;
+ ret = i2d_X509_PUBKEY(xpk, pp);
+ X509_PUBKEY_free(xpk);
+ return ret;
+}
+
+/* The following are equivalents but which return RSA and DSA
+ * keys
+ */
+
+RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
+ long length)
+{
+ EVP_PKEY *pkey;
+ RSA *key;
+ unsigned char *q;
+ q = *pp;
+ pkey = d2i_PUBKEY(NULL, &q, length);
+ if(!pkey) return NULL;
+ key = EVP_PKEY_rget_RSA(pkey);
+ EVP_PKEY_free(pkey);
+ if(!key) return NULL;
+ *pp = q;
+ if(a) {
+ RSA_free(*a);
+ *a = key;
+ }
+ return key;
+}
+
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
+{
+ EVP_PKEY *pktmp;
+ int ret;
+ if(!a) return 0;
+ pktmp = EVP_PKEY_new();
+ if(!pktmp) {
+ ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ EVP_PKEY_rset_RSA(pktmp, a);
+ ret = i2d_PUBKEY(pktmp, pp);
+ EVP_PKEY_free(pktmp);
+ return ret;
+}
+
+DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
+ long length)
+{
+ EVP_PKEY *pkey;
+ DSA *key;
+ unsigned char *q;
+ q = *pp;
+ pkey = d2i_PUBKEY(NULL, &q, length);
+ if(!pkey) return NULL;
+ key = EVP_PKEY_rget_DSA(pkey);
+ EVP_PKEY_free(pkey);
+ if(!key) return NULL;
+ *pp = q;
+ if(a) {
+ DSA_free(*a);
+ *a = key;
+ }
+ return key;
+}
+
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
+{
+ EVP_PKEY *pktmp;
+ int ret;
+ if(!a) return 0;
+ pktmp = EVP_PKEY_new();
+ if(!pktmp) {
+ ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ EVP_PKEY_rset_DSA(pktmp, a);
+ ret = i2d_PUBKEY(pktmp, pp);
+ EVP_PKEY_free(pktmp);
+ return ret;
+}
int EVP_PKEY_bits(EVP_PKEY *pkey);
int EVP_PKEY_size(EVP_PKEY *pkey);
int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
-RSA * EVP_PKEY_get_RSA(EVP_PKEY *pkey);
-DSA * EVP_PKEY_get_DSA(EVP_PKEY *pkey);
-DH * EVP_PKEY_get_DH(EVP_PKEY *pkey);
+int EVP_PKEY_rset_RSA(EVP_PKEY *pkey,RSA *key);
+int EVP_PKEY_rset_DSA(EVP_PKEY *pkey,DSA *key);
+int EVP_PKEY_rset_DH(EVP_PKEY *pkey,DH *key);
+RSA * EVP_PKEY_rget_RSA(EVP_PKEY *pkey);
+DSA * EVP_PKEY_rget_DSA(EVP_PKEY *pkey);
+DH * EVP_PKEY_rget_DH(EVP_PKEY *pkey);
EVP_PKEY * EVP_PKEY_new(void);
void EVP_PKEY_free(EVP_PKEY *pkey);
EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp,
}
#ifndef NO_RSA
-RSA *EVP_PKEY_get_RSA(EVP_PKEY *pkey)
+int EVP_PKEY_rset_RSA(EVP_PKEY *pkey, RSA *key)
+{
+ CRYPTO_add(&key->references, 1, CRYPTO_LOCK_RSA);
+ return EVP_PKEY_assign_RSA(pkey, key);
+}
+
+RSA *EVP_PKEY_rget_RSA(EVP_PKEY *pkey)
{
if(pkey->type != EVP_PKEY_RSA) {
EVPerr(EVP_F_EVP_PKEY_GET_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
#endif
#ifndef NO_DSA
-DSA *EVP_PKEY_get_DSA(EVP_PKEY *pkey)
+int EVP_PKEY_rset_DSA(EVP_PKEY *pkey, DSA *key)
+{
+ CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DSA);
+ return EVP_PKEY_assign_DSA(pkey, key);
+}
+
+DSA *EVP_PKEY_rget_DSA(EVP_PKEY *pkey)
{
if(pkey->type != EVP_PKEY_DSA) {
EVPerr(EVP_F_EVP_PKEY_GET_DSA, EVP_R_EXPECTING_A_DSA_KEY);
return NULL;
}
- CRYPTO_add(&pkey->pkey.rsa->references, 1, CRYPTO_LOCK_DSA);
+ CRYPTO_add(&pkey->pkey.dsa->references, 1, CRYPTO_LOCK_DSA);
return pkey->pkey.dsa;
}
#endif
#ifndef NO_DH
-DH *EVP_PKEY_get_DH(EVP_PKEY *pkey)
+
+int EVP_PKEY_rset_DH(EVP_PKEY *pkey, DH *key)
+{
+ CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DH);
+ return EVP_PKEY_assign_DH(pkey, key);
+}
+
+DH *EVP_PKEY_rget_DH(EVP_PKEY *pkey)
{
if(pkey->type != EVP_PKEY_DH) {
EVPerr(EVP_F_EVP_PKEY_GET_DH, EVP_R_EXPECTING_A_DH_KEY);
#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST"
#define PEM_STRING_X509_CRL "X509 CRL"
#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY"
+#define PEM_STRING_PUBLIC "PUBLIC KEY"
#define PEM_STRING_RSA "RSA PRIVATE KEY"
#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY"
#define PEM_STRING_DSA "DSA PRIVATE KEY"
DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
DECLARE_PEM_rw(RSAPublicKey, RSA)
+DECLARE_PEM_rw(RSA_PUBKEY, RSA)
#endif
DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
-DECLARE_PEM_rw(DSAPublicKey, DSA)
+DECLARE_PEM_rw(DSA_PUBKEY, DSA)
DECLARE_PEM_rw(DSAparams, DSA)
DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
+DECLARE_PEM_rw(PUBKEY, EVP_PKEY);
+
int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
char *, int, pem_password_cb *, void *);
int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
+
IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
#ifndef NO_RSA
-IMPLEMENT_PEM_rw_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+/* We treat RSA or DSA private keys as a special case.
+ *
+ * For private keys we read in an EVP_PKEY structure with
+ * PEM_read_bio_PrivateKey() and extract the relevant private
+ * key: this means can handle "traditional" and PKCS#8 formats
+ * transparently.
+ */
+
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
+{
+ RSA *rtmp;
+ if(!key) return NULL;
+ rtmp = EVP_PKEY_rget_RSA(key);
+ EVP_PKEY_free(key);
+ if(!rtmp) return NULL;
+ if(rsa) {
+ RSA_free(*rsa);
+ *rsa = rtmp;
+ }
+ return rtmp;
+}
+
+RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
+ void *u)
+{
+ EVP_PKEY *pktmp;
+ pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+ return pkey_get_rsa(pktmp, rsa);
+}
+
+#ifndef NO_FP_API
+
+RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
+ void *u)
+{
+ EVP_PKEY *pktmp;
+ pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+ return pkey_get_rsa(pktmp, rsa);
+}
+#endif
+
+IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
+IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
#endif
#ifndef NO_DSA
-IMPLEMENT_PEM_rw_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
+{
+ DSA *dtmp;
+ if(!key) return NULL;
+ dtmp = EVP_PKEY_rget_DSA(key);
+ EVP_PKEY_free(key);
+ if(!dtmp) return NULL;
+ if(dsa) {
+ DSA_free(*dsa);
+ *dsa = dtmp;
+ }
+ return dtmp;
+}
+
+DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
+ void *u)
+{
+ EVP_PKEY *pktmp;
+ pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+ return pkey_get_dsa(pktmp, dsa);
+}
+
+IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
+
+#ifndef NO_FP_API
+
+DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
+ void *u)
+{
+ EVP_PKEY *pktmp;
+ pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+ return pkey_get_dsa(pktmp, dsa);
+}
-IMPLEMENT_PEM_rw(DSAPublicKey, DSA, PEM_STRING_DSA_PUBLIC, DSAPublicKey)
+#endif
IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
*/
IMPLEMENT_PEM_read(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)
+
+IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY);
static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
char **ret)
{
- int ok=0,ok2=0;
+ int ok=0;
char *file;
switch (cmd)
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT)
{
- ok=X509_load_cert_file(ctx,X509_get_default_cert_file(),
+ ok=X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
X509_FILETYPE_PEM);
- ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(),
- X509_FILETYPE_PEM);
- if (!ok || !ok2)
+ if (!ok)
{
X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
}
else
{
file=(char *)Getenv(X509_get_default_cert_file_env());
- ok=X509_load_cert_file(ctx,file,
- X509_FILETYPE_PEM);
- ok2=X509_load_crl_file(ctx,file,
+ ok=X509_load_cert_crl_file(ctx,file,
X509_FILETYPE_PEM);
}
}
else
{
- ok=X509_load_cert_file(ctx,argp,(int)argl);
- ok2=X509_load_crl_file(ctx,argp,(int)argl);
+ if(argl == X509_FILETYPE_PEM)
+ ok=X509_load_cert_crl_file(ctx,argp,
+ X509_FILETYPE_PEM);
+ else ok=X509_load_cert_file(ctx,argp,(int)argl);
}
break;
}
- return((ok && ok2)?ok:0);
+ return(ok);
}
int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
return(ret);
}
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+ STACK_OF(X509_INFO) *inf;
+ X509_INFO *itmp;
+ BIO *in;
+ int i, count = 0;
+ if(type != X509_FILETYPE_PEM)
+ return X509_load_cert_file(ctx, file, type);
+ in = BIO_new_file(file, "r");
+ if(!in) {
+ X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
+ return 0;
+ }
+ inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+ BIO_free(in);
+ if(!inf) {
+ X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
+ return 0;
+ }
+ for(i = 0; i < sk_X509_INFO_num(inf); i++) {
+ itmp = sk_X509_INFO_value(inf, i);
+ if(itmp->x509) {
+ X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
+ count++;
+ } else if(itmp->crl) {
+ X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
+ count++;
+ }
+ }
+ sk_X509_INFO_pop_free(inf, X509_INFO_free);
+ return count;
+}
+
+
#endif /* NO_STDIO */
int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
+int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
#endif
#ifndef NO_DSA
-DSA *d2i_DSAPublicKey_fp(FILE *fp, DSA **dsa);
-int i2d_DSAPublicKey_fp(FILE *fp, DSA *dsa);
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
+int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
#endif
#ifndef NO_DSA
-DSA *d2i_DSAPublicKey_bio(BIO *bp, DSA **dsa);
-int i2d_DSAPublicKey_bio(BIO *bp, DSA *dsa);
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
#endif
EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
int X509_get_pubkey_parameters(EVP_PKEY *pkey,
STACK_OF(X509) *chain);
-
+int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
+EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
+ long length);
+int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
+RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
+ long length);
+int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
+DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
+ long length);
X509_SIG * X509_SIG_new(void );
void X509_SIG_free(X509_SIG *a);
#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
+#define X509_F_X509_LOAD_CERT_CRL_FILE 132
#define X509_F_X509_LOAD_CERT_FILE 111
#define X509_F_X509_LOAD_CRL_FILE 112
#define X509_F_X509_NAME_ADD_ENTRY 113
{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
+{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"},
{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"},
{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"},
{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"},
#ifndef NO_STDIO
int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
#endif
(unsigned char **)(rsa)));
}
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
+ {
+ return((RSA *)ASN1_d2i_fp((char *(*)())
+ RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp),
+ (unsigned char **)(rsa)));
+ }
+
int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
{
return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
}
+
+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
+ {
+ return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa));
+ }
#endif
RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
(unsigned char **)(rsa)));
}
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
+ {
+ return((RSA *)ASN1_d2i_bio((char *(*)())
+ RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp),
+ (unsigned char **)(rsa)));
+ }
+
int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
{
return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
}
+
+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
+ {
+ return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa));
+ }
#endif
#ifndef NO_DSA
return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
}
-DSA *d2i_DSAPublicKey_fp(FILE *fp, DSA **dsa)
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
{
return((DSA *)ASN1_d2i_fp((char *(*)())
- DSA_new,(char *(*)())d2i_DSAPublicKey, (fp),
+ DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp),
(unsigned char **)(dsa)));
}
-int i2d_DSAPublicKey_fp(FILE *fp, DSA *dsa)
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
{
- return(ASN1_i2d_fp(i2d_DSAPublicKey,fp,(unsigned char *)dsa));
+ return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa));
}
#endif
return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
}
-DSA *d2i_DSAPublicKey_bio(BIO *bp, DSA **dsa)
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
{
return((DSA *)ASN1_d2i_bio((char *(*)())
- DSA_new,(char *(*)())d2i_DSAPublicKey, (bp),
+ DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp),
(unsigned char **)(dsa)));
}
-int i2d_DSAPublicKey_bio(BIO *bp, DSA *dsa)
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
{
- return(ASN1_i2d_bio(i2d_DSAPublicKey,bp,(unsigned char *)dsa));
+ return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa));
}
#endif
sk_X509_PURPOSE_push 1920
sk_X509_PURPOSE_delete 1921
sk_X509_PURPOSE_num 1922
-PEM_read_DSAPublicKey 1923
+PEM_read_DSA_PUBKEY 1923
ASN1_T61STRING_free 1924
-d2i_DSAPublicKey_fp 1925
+d2i_DSA_PUBKEY_fp 1925
DSA_set_method 1926
X509_get_ex_data 1927
ASN1_STRING_type 1928
X509V3_X509_get_d2i 1933
ASN1_INTEGER_cmp 1934
ASN1_TIME_new 1935
-d2i_DSAPublicKey_bio 1936
+d2i_DSA_PUBKEY_bio 1936
sk_X509_PURPOSE_new_null 1937
ASN1_UTCTIME_free 1938
DSA_set_default_method 1939
sk_X509_PURPOSE_set_cmp_func 1940
-PEM_write_bio_DSAPublicKey 1941
+PEM_write_bio_DSA_PUBKEY 1941
X509_PURPOSE_get_id 1942
DISPLAYTEXT_free 1943
X509V3_CRL_get_d2i 1944
ASN1_IA5STRING_new 1956
X509_check_purpose 1957
ASN1_ENUMERATED_new 1958
-PEM_write_DSAPublicKey 1959
+PEM_write_DSA_PUBKEY 1959
ASN1_BMPSTRING_free 1960
ASN1_T61STRING_new 1961
ASN1_UTCTIME_new 1962
ASN1_UTF8STRING_free 1969
X509_PURPOSE_enum 1970
sk_X509_PURPOSE_pop_free 1971
-i2d_DSAPublicKey_fp 1972
+i2d_DSA_PUBKEY_fp 1972
sk_X509_PURPOSE_free 1973
sk_X509_PURPOSE_dup 1974
ASN1_OCTET_STRING_dup 1975
sk_X509_PURPOSE_new 1981
sk_X509_PURPOSE_insert 1982
ASN1_GENERALIZEDTIME_new 1983
-PEM_read_bio_DSAPublicKey 1984
+PEM_read_bio_DSA_PUBKEY 1984
ASN1_OCTET_STRING_new 1985
ASN1_INTEGER_new 1986
-i2d_DSAPublicKey_bio 1987
+i2d_DSA_PUBKEY_bio 1987
ASN1_STRING_length_set 1988
DIRECTORYSTRING_new 1989
ASN1_mbstring_copy 1990
ASN1_mbstring_ncopy 2014
sk_ASN1_STRING_TABLE_find 2015
sk_ASN1_STRING_TABLE_new 2016
-EVP_PKEY_get_RSA 2017
-EVP_PKEY_get_DH 2018
-EVP_PKEY_get_DSA 2019
+EVP_PKEY_rget_RSA 2017
+EVP_PKEY_rget_DH 2018
+EVP_PKEY_rget_DSA 2019
X509_PURPOSE_cleanup 2020
ASN1_STRING_set_default_mask_asc 2021
X509_NAME_add_entry_by_txt 2022
d2i_OTHERNAME 2051
OTHERNAME_free 2052
X509_cmp 2053
+PEM_write_PUBKEY 2054
+PEM_write_bio_RSA_PUBKEY 2055
+d2i_RSA_PUBKEY_fp 2056
+EVP_PKEY_rset_DSA 2057
+X509_load_cert_crl_file 2058
+i2d_RSA_PUBKEY 2059
+PEM_read_RSA_PUBKEY 2060
+i2d_DSA_PUBKEY 2061
+i2d_RSA_PUBKEY_bio 2062
+i2d_PUBKEY 2063
+PEM_read_bio_PUBKEY 2064
+PEM_read_PUBKEY 2065
+d2i_RSA_PUBKEY 2066
+d2i_DSA_PUBKEY 2067
+d2i_RSA_PUBKEY_bio 2068
+d2i_PUBKEY 2069
+EVP_PKEY_rset_RSA 2070
+PEM_read_bio_RSA_PUBKEY 2071
+PEM_write_RSA_PUBKEY 2072
+EVP_PKEY_rset_DH 2073
+i2d_RSA_PUBKEY_fp 2074
+PEM_write_bio_PUBKEY 2075