1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/*! \file ssl/ssl_cert.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 59221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * openssl-core@openssl.org. 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ECC cipher suite support in OpenSSL originally developed by 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "e_os.h" 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef NO_SYS_TYPES_H 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# include <sys/types.h> 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "o_dir.h" 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/objects.h> 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/bio.h> 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/pem.h> 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/x509v3.h> 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/dh.h> 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/bn.h> 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "ssl_locl.h" 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_get_ex_data_X509_STORE_CTX_idx(void) 136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project static volatile int ssl_x509_store_ctx_idx= -1; 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int got_write_lock = 0; 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ssl_x509_store_ctx_idx < 0) 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project got_write_lock = 1; 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ssl_x509_store_ctx_idx < 0) 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0,"SSL for verify callback",NULL,NULL,NULL); 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (got_write_lock) 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ssl_x509_store_ctx_idx; 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 163392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic void ssl_cert_set_default_md(CERT *cert) 164392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 165392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Set digest values to defaults */ 166392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_DSA 167392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1(); 168392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 169392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_RSA 170392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); 171392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); 172392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 173392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_ECDSA 174392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa(); 175392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 176392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 177392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectCERT *ssl_cert_new(void) 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CERT *ret; 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=(CERT *)OPENSSL_malloc(sizeof(CERT)); 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret == NULL) 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset(ret,0,sizeof(CERT)); 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->references=1; 192392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ssl_cert_set_default_md(ret); 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectCERT *ssl_cert_dup(CERT *cert) 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CERT *ret; 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret == NULL) 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset(ret, 0, sizeof(CERT)); 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* or ret->key = ret->pkeys + (cert->key - cert->pkeys), 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * if you find that more readable */ 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->valid = cert->valid; 215221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->mask_k = cert->mask_k; 216221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->mask_a = cert->mask_a; 217221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->export_mask_k = cert->export_mask_k; 218221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->export_mask_a = cert->export_mask_a; 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cert->rsa_tmp != NULL) 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA_up_ref(cert->rsa_tmp); 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->rsa_tmp = cert->rsa_tmp; 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->rsa_tmp_cb = cert->rsa_tmp_cb; 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cert->dh_tmp != NULL) 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->dh_tmp = DHparams_dup(cert->dh_tmp); 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->dh_tmp == NULL) 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cert->dh_tmp->priv_key) 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!b) 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->dh_tmp->priv_key = b; 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cert->dh_tmp->pub_key) 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!b) 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->dh_tmp->pub_key = b; 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->dh_tmp_cb = cert->dh_tmp_cb; 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cert->ecdh_tmp) 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->ecdh_tmp == NULL) 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < SSL_PKEY_NUM; i++) 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cert->pkeys[i].x509 != NULL) 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->pkeys[i].x509 = cert->pkeys[i].x509; 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_add(&ret->pkeys[i].x509->references, 1, 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_LOCK_X509); 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cert->pkeys[i].privatekey != NULL) 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_LOCK_EVP_PKEY); 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch(i) 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If there was anything special to do for 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * certain types of keys, we'd do it here. 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (Nothing at the moment, I think.) */ 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_PKEY_RSA_ENC: 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_PKEY_RSA_SIGN: 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We have an RSA key. */ 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_PKEY_DSA_SIGN: 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We have a DSA key. */ 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_PKEY_DH_RSA: 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_PKEY_DH_DSA: 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We have a DH key. */ 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_PKEY_ECC: 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We have an ECC key */ 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Can't happen. */ 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* ret->extra_certs *should* exist, but currently the own certificate 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * chain is held inside SSL_CTX */ 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->references=1; 325392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Set digests to defaults. NB: we don't copy existing values as they 326392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * will be set during handshake. 327392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 328392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ssl_cert_set_default_md(ret); 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->rsa_tmp != NULL) 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA_free(ret->rsa_tmp); 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->dh_tmp != NULL) 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH_free(ret->dh_tmp); 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->ecdh_tmp != NULL) 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY_free(ret->ecdh_tmp); 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < SSL_PKEY_NUM; i++) 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->pkeys[i].x509 != NULL) 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(ret->pkeys[i].x509); 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->pkeys[i].privatekey != NULL) 353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(ret->pkeys[i].privatekey); 354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid ssl_cert_free(CERT *c) 361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(c == NULL) 365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return; 366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT); 368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef REF_PRINT 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project REF_PRINT("CERT",c); 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i > 0) return; 372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef REF_CHECK 373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < 0) 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stderr,"ssl_cert_free, bad reference count\n"); 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project abort(); /* ok */ 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (c->rsa_tmp) RSA_free(c->rsa_tmp); 382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (c->dh_tmp) DH_free(c->dh_tmp); 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<SSL_PKEY_NUM; i++) 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (c->pkeys[i].x509 != NULL) 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(c->pkeys[i].x509); 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (c->pkeys[i].privatekey != NULL) 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(c->pkeys[i].privatekey); 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (c->pkeys[i].publickey != NULL) 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(c->pkeys[i].publickey); 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(c); 402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_cert_inst(CERT **o) 405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Create a CERT if there isn't already one 407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (which cannot really happen, as it is initially created in 408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SSL_CTX_new; but the earlier code usually allows for that one 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being non-existant, so we follow that behaviour, as it might 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * turn out that there actually is a reason for it -- but I'm 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * not sure that *all* of the existing code could cope with 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * s->cert being NULL, otherwise we could do without the 413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * initialization in SSL_CTX_new). 414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (o == NULL) 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (*o == NULL) 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((*o = ssl_cert_new()) == NULL) 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSESS_CERT *ssl_sess_cert_new(void) 434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SESS_CERT *ret; 436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = OPENSSL_malloc(sizeof *ret); 438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret == NULL) 439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); 441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset(ret, 0 ,sizeof *ret); 445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); 446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->references = 1; 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid ssl_sess_cert_free(SESS_CERT *sc) 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sc == NULL) 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return; 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT); 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef REF_PRINT 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project REF_PRINT("SESS_CERT", sc); 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i > 0) 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return; 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef REF_CHECK 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < 0) 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stderr,"ssl_sess_cert_free, bad reference count\n"); 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project abort(); /* ok */ 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* i == 0 */ 473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sc->cert_chain != NULL) 474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_pop_free(sc->cert_chain, X509_free); 475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < SSL_PKEY_NUM; i++) 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sc->peer_pkeys[i].x509 != NULL) 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(sc->peer_pkeys[i].x509); 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 /* We don't have the peer's private key. These lines are just 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * here as a reminder that we're still using a not-quite-appropriate 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * data structure. */ 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sc->peer_pkeys[i].privatekey != NULL) 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(sc->peer_pkeys[i].privatekey); 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sc->peer_rsa_tmp != NULL) 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA_free(sc->peer_rsa_tmp); 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sc->peer_dh_tmp != NULL) 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH_free(sc->peer_dh_tmp); 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sc->peer_ecdh_tmp != NULL) 497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY_free(sc->peer_ecdh_tmp); 498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(sc); 501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_set_peer_cert_type(SESS_CERT *sc,int type) 504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sc->peer_cert_type = type; 506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *x; 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE_CTX ctx; 514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((sk == NULL) || (sk_X509_num(sk) == 0)) 516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x=sk_X509_value(sk,0); 519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk)) 520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); 522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_get_verify_depth(s) >= 0) 526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); 527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We need to inherit the verify parameters. These can be determined by 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the context: if its a server it will verify SSL client certificates 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * or vice versa. 533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE_CTX_set_default(&ctx, 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->server ? "ssl_client" : "ssl_server"); 53798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Anything non-default in "param" should overwrite anything in the 53898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * ctx. 53998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom */ 54098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param); 541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->verify_callback) 543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); 544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->ctx->app_verify_callback != NULL) 546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 1 /* new with OpenSSL 0.9.7 */ 547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); 548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ 550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_X509_VERIFY 554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=X509_verify_cert(&ctx); 555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=0; 557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx.error=X509_V_ERR_APPLICATION_VERIFICATION; 558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK); 559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->verify_result=ctx.error; 563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE_CTX_cleanup(&ctx); 564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(i); 566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list) 569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (*ca_list != NULL) 571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); 572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *ca_list=name_list; 574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSTACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) 577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509_NAME) *ret; 580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME *name; 581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=sk_X509_NAME_new_null(); 583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<sk_X509_NAME_num(sk); i++) 584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project name=X509_NAME_dup(sk_X509_NAME_value(sk,i)); 586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((name == NULL) || !sk_X509_NAME_push(ret,name)) 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_NAME_pop_free(ret,X509_NAME_free); 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list) 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project set_client_CA_list(&(s->client_CA),name_list); 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project set_client_CA_list(&(ctx->client_CA),name_list); 603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSTACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) 606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->client_CA); 608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSTACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) 611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->type == SSL_ST_CONNECT) 613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { /* we are in the client */ 614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (((s->version>>8) == SSL3_VERSION_MAJOR) && 615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (s->s3 != NULL)) 616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->s3->tmp.ca_names); 617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->client_CA != NULL) 623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->client_CA); 624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->ctx->client_CA); 626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x) 630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME *name; 632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (x == NULL) return(0); 634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL)) 635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL) 638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sk_X509_NAME_push(*sk,name)) 641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_free(name); 643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_add_client_CA(SSL *ssl,X509 *x) 649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(add_client_CA(&(ssl->client_CA),x)); 651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) 654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(add_client_CA(&(ctx->client_CA),x)); 656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) 659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509_NAME_cmp(*a,*b)); 661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_STDIO 664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/*! 665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; 666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * it doesn't really have anything to do with clients (except that a common use 667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for a stack of CAs is to send it to the client). Actually, it doesn't have 668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * much to do with CAs, either, since it will load any old cert. 669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \param file the file containing one or more certs. 670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \return a ::STACK containing the certs. 671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSTACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *in; 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *x=NULL; 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME *xn=NULL; 677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509_NAME) *ret = NULL,*sk; 678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk=sk_X509_NAME_new(xname_cmp); 680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project in=BIO_new(BIO_s_file_internal()); 682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((sk == NULL) || (in == NULL)) 684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); 686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BIO_read_filename(in,file)) 690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) 695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret == NULL) 697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = sk_X509_NAME_new_null(); 699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret == NULL) 700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); 702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((xn=X509_get_subject_name(x)) == NULL) goto err; 706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* check for duplicates */ 707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project xn=X509_NAME_dup(xn); 708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (xn == NULL) goto err; 709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sk_X509_NAME_find(sk,xn) >= 0) 710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_free(xn); 711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_NAME_push(sk,xn); 714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_NAME_push(ret,xn); 715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0) 719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free); 722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=NULL; 723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sk != NULL) sk_X509_NAME_free(sk); 725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (in != NULL) BIO_free(in); 726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (x != NULL) X509_free(x); 727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret != NULL) 728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/*! 734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Add a file of certs to a stack. 735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \param stack the stack to add to. 736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \param file the file to add from. All certs in this file that are not 737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * already in the stack will be added. 738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \return 1 for success, 0 for failure. Note that in the case of failure some 739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * certs may have been added to \c stack. 740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, 743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const char *file) 744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *in; 746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *x=NULL; 747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME *xn=NULL; 748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=1; 749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); 750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); 752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project in=BIO_new(BIO_s_file_internal()); 754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (in == NULL) 756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE); 758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BIO_read_filename(in,file)) 762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) 767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((xn=X509_get_subject_name(x)) == NULL) goto err; 769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project xn=X509_NAME_dup(xn); 770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (xn == NULL) goto err; 771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sk_X509_NAME_find(stack,xn) >= 0) 772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_free(xn); 773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_NAME_push(stack,xn); 775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 777221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ERR_clear_error(); 778221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0) 780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=0; 783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(in != NULL) 785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(in); 786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(x != NULL) 787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(x); 788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)sk_X509_NAME_set_cmp_func(stack,oldcmp); 790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/*! 795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Add a directory of certs to a stack. 796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \param stack the stack to append to. 797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \param dir the directory to append from. All files in this directory will be 798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * examined as potential certs. Any that are acceptable to 799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be 800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included. 801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \return 1 for success, 0 for failure. Note that in the case of failure some 802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * certs may have been added to \c stack. 803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, 806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const char *dir) 807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_DIR_CTX *d = NULL; 809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const char *filename; 810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret = 0; 811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_lock(CRYPTO_LOCK_READDIR); 813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Note that a side effect is that the CAs will be sorted by name */ 815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while((filename = OPENSSL_DIR_read(&d, dir))) 817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char buf[1024]; 819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int r; 820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(strlen(dir)+strlen(filename)+2 > sizeof buf) 822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); 824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_SYS_VMS 828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename); 829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename); 831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r <= 0 || r >= (int)sizeof(buf)) 833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) 835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (errno) 839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SYSerr(SYS_F_OPENDIR, get_last_sys_error()); 841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); 842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); 843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 1; 847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (d) OPENSSL_DIR_end(&d); 850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); 851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 854