|
version 1.1.1.1, 2012/02/21 22:39:10
|
version 1.1.1.2, 2014/06/15 16:37:12
|
|
Line 1
|
Line 1
|
| /* $NetBSD: crypto_openssl.c,v 1.20 2010/10/20 13:40:02 tteras Exp $ */ | /* $NetBSD: crypto_openssl.c,v 1.20.4.3 2012/12/24 14:50:39 tteras Exp $ */ |
| |
|
| /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */ |
/* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */ |
| |
|
|
Line 44
|
Line 44
|
| /* get openssl/ssleay version number */ |
/* get openssl/ssleay version number */ |
| #include <openssl/opensslv.h> |
#include <openssl/opensslv.h> |
| |
|
| #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL) | #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090813fL) |
| #error OpenSSL version 0.9.6 or later required. | #error OpenSSL version 0.9.8s or later required. |
| #endif |
#endif |
| |
|
| #include <openssl/pem.h> |
#include <openssl/pem.h> |
|
Line 91
|
Line 91
|
| #endif |
#endif |
| #include "plog.h" |
#include "plog.h" |
| |
|
| /* 0.9.7 stuff? */ |
|
| #if OPENSSL_VERSION_NUMBER < 0x0090700fL |
|
| typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; |
|
| #else |
|
| #define USE_NEW_DES_API |
#define USE_NEW_DES_API |
| #endif |
|
| |
|
| #define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0) |
#define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0) |
| |
|
|
Line 285 out:
|
Line 280 out:
|
| } |
} |
| |
|
| /* |
/* |
| * The following are derived from code in crypto/x509/x509_cmp.c |
|
| * in OpenSSL0.9.7c: |
|
| * X509_NAME_wildcmp() adds wildcard matching to the original |
|
| * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is. |
|
| */ |
|
| #include <ctype.h> |
|
| /* Case insensitive string comparision */ |
|
| static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b) |
|
| { |
|
| int i; |
|
| |
|
| if (a->length != b->length) |
|
| return (a->length - b->length); |
|
| |
|
| for (i=0; i<a->length; i++) |
|
| { |
|
| int ca, cb; |
|
| |
|
| ca = tolower(a->data[i]); |
|
| cb = tolower(b->data[i]); |
|
| |
|
| if (ca != cb) |
|
| return(ca-cb); |
|
| } |
|
| return 0; |
|
| } |
|
| |
|
| /* Case insensitive string comparision with space normalization |
|
| * Space normalization - ignore leading, trailing spaces, |
|
| * multiple spaces between characters are replaced by single space |
|
| */ |
|
| static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b) |
|
| { |
|
| unsigned char *pa = NULL, *pb = NULL; |
|
| int la, lb; |
|
| |
|
| la = a->length; |
|
| lb = b->length; |
|
| pa = a->data; |
|
| pb = b->data; |
|
| |
|
| /* skip leading spaces */ |
|
| while (la > 0 && isspace(*pa)) |
|
| { |
|
| la--; |
|
| pa++; |
|
| } |
|
| while (lb > 0 && isspace(*pb)) |
|
| { |
|
| lb--; |
|
| pb++; |
|
| } |
|
| |
|
| /* skip trailing spaces */ |
|
| while (la > 0 && isspace(pa[la-1])) |
|
| la--; |
|
| while (lb > 0 && isspace(pb[lb-1])) |
|
| lb--; |
|
| |
|
| /* compare strings with space normalization */ |
|
| while (la > 0 && lb > 0) |
|
| { |
|
| int ca, cb; |
|
| |
|
| /* compare character */ |
|
| ca = tolower(*pa); |
|
| cb = tolower(*pb); |
|
| if (ca != cb) |
|
| return (ca - cb); |
|
| |
|
| pa++; pb++; |
|
| la--; lb--; |
|
| |
|
| if (la <= 0 || lb <= 0) |
|
| break; |
|
| |
|
| /* is white space next character ? */ |
|
| if (isspace(*pa) && isspace(*pb)) |
|
| { |
|
| /* skip remaining white spaces */ |
|
| while (la > 0 && isspace(*pa)) |
|
| { |
|
| la--; |
|
| pa++; |
|
| } |
|
| while (lb > 0 && isspace(*pb)) |
|
| { |
|
| lb--; |
|
| pb++; |
|
| } |
|
| } |
|
| } |
|
| if (la > 0 || lb > 0) |
|
| return la - lb; |
|
| |
|
| return 0; |
|
| } |
|
| |
|
| static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b) |
|
| { |
|
| int i,j; |
|
| X509_NAME_ENTRY *na,*nb; |
|
| |
|
| if (sk_X509_NAME_ENTRY_num(a->entries) |
|
| != sk_X509_NAME_ENTRY_num(b->entries)) |
|
| return sk_X509_NAME_ENTRY_num(a->entries) |
|
| -sk_X509_NAME_ENTRY_num(b->entries); |
|
| for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) |
|
| { |
|
| na=sk_X509_NAME_ENTRY_value(a->entries,i); |
|
| nb=sk_X509_NAME_ENTRY_value(b->entries,i); |
|
| j=OBJ_cmp(na->object,nb->object); |
|
| if (j) return(j); |
|
| if ((na->value->length == 1 && na->value->data[0] == '*') |
|
| || (nb->value->length == 1 && nb->value->data[0] == '*')) |
|
| continue; |
|
| j=na->value->type-nb->value->type; |
|
| if (j) return(j); |
|
| if (na->value->type == V_ASN1_PRINTABLESTRING) |
|
| j=nocase_spacenorm_cmp(na->value, nb->value); |
|
| else if (na->value->type == V_ASN1_IA5STRING |
|
| && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) |
|
| j=nocase_cmp(na->value, nb->value); |
|
| else |
|
| { |
|
| j=na->value->length-nb->value->length; |
|
| if (j) return(j); |
|
| j=memcmp(na->value->data,nb->value->data, |
|
| na->value->length); |
|
| } |
|
| if (j) return(j); |
|
| j=na->set-nb->set; |
|
| if (j) return(j); |
|
| } |
|
| |
|
| return(0); |
|
| } |
|
| |
|
| /* |
|
| * compare two subjectNames. |
* compare two subjectNames. |
| * OUT: 0: equal |
* OUT: 0: equal |
| * positive: |
* positive: |
|
Line 435 eay_cmp_asn1dn(n1, n2)
|
Line 291 eay_cmp_asn1dn(n1, n2)
|
| { |
{ |
| X509_NAME *a = NULL, *b = NULL; |
X509_NAME *a = NULL, *b = NULL; |
| caddr_t p; |
caddr_t p; |
| |
char oneLine[512]; |
| int i = -1; |
int i = -1; |
| |
int idx; |
| |
|
| p = n1->v; |
p = n1->v; |
| if (!d2i_X509_NAME(&a, (void *)&p, n1->l)) | if (!d2i_X509_NAME(&a, (void *)&p, n1->l)) { |
| | plog(LLV_ERROR, LOCATION, NULL, "eay_cmp_asn1dn: first dn not a dn"); |
| goto end; |
goto end; |
| |
} |
| |
plog(LLV_DEBUG, LOCATION, NULL, "1st name: %s\n", X509_NAME_oneline(a, oneLine, sizeof(oneLine))); |
| p = n2->v; |
p = n2->v; |
| if (!d2i_X509_NAME(&b, (void *)&p, n2->l)) | if (!d2i_X509_NAME(&b, (void *)&p, n2->l)) { |
| | plog(LLV_ERROR, LOCATION, NULL, "eay_cmp_asn1dn: second dn not a dn"); |
| goto end; |
goto end; |
| |
} |
| |
plog(LLV_DEBUG, LOCATION, NULL, "2nd name: %s\n", X509_NAME_oneline(b, oneLine, sizeof(oneLine))); |
| |
|
| i = X509_NAME_wildcmp(a, b); | /* handle wildcard: do not compare entry content but only entry object type */ |
| | for(idx = 0; idx < X509_NAME_entry_count(a); idx++) { |
| | X509_NAME_ENTRY *ea = X509_NAME_get_entry(a, idx); |
| | X509_NAME_ENTRY *eb = X509_NAME_get_entry(b, idx); |
| | if (!eb) { /* reached end of eb while still entries in ea, can not be equal... */ |
| | i = idx+1; |
| | goto end; |
| | } |
| | if ((ea->value->length == 1 && ea->value->data[0] == '*') || |
| | (eb->value->length == 1 && eb->value->data[0] == '*')) { |
| | if (OBJ_cmp(ea->object,eb->object)) { |
| | i = idx+1; |
| | goto end; |
| | } |
| | /* OK: object type equals, we don't care for this entry anymore, so let's forget it... */ |
| | X509_NAME_delete_entry(a, idx); |
| | X509_NAME_delete_entry(b, idx); |
| | X509_NAME_ENTRY_free(ea); |
| | X509_NAME_ENTRY_free(eb); |
| | idx--; |
| | } |
| | } |
| | if (X509_NAME_entry_count(a) == 0 && X509_NAME_entry_count(b) == 0) |
| | i = 0; |
| | else |
| | i = X509_NAME_cmp(a, b); |
| |
|
| end: |
end: |
| if (a) |
if (a) |
|
Line 505 eay_check_x509cert(cert, CApath, CAfile, local)
|
Line 394 eay_check_x509cert(cert, CApath, CAfile, local)
|
| if (csc == NULL) |
if (csc == NULL) |
| goto end; |
goto end; |
| X509_STORE_CTX_init(csc, cert_ctx, x509, NULL); |
X509_STORE_CTX_init(csc, cert_ctx, x509, NULL); |
| #if OPENSSL_VERSION_NUMBER >= 0x00907000L |
|
| X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK); |
X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK); |
| X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL); |
X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL); |
| #endif |
|
| error = X509_verify_cert(csc); |
error = X509_verify_cert(csc); |
| X509_STORE_CTX_free(csc); |
X509_STORE_CTX_free(csc); |
| |
|
|
Line 2501 eay_bn2v(var, bn)
|
Line 2388 eay_bn2v(var, bn)
|
| vchar_t **var; |
vchar_t **var; |
| BIGNUM *bn; |
BIGNUM *bn; |
| { |
{ |
| *var = vmalloc(bn->top * BN_BYTES); | *var = vmalloc(BN_num_bytes(bn)); |
| if (*var == NULL) |
if (*var == NULL) |
| return(-1); |
return(-1); |
| |
|
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to crypto_openssl.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon