1c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* crypto/x509/x509_cmp.c */ 2c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * All rights reserved. 4c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 5c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * This package is an SSL implementation written 6c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * by Eric Young (eay@cryptsoft.com). 7c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * The implementation was written so as to conform with Netscapes SSL. 8c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 9c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * This library is free for commercial and non-commercial use as long as 10c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * the following conditions are aheared to. The following conditions 11c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * apply to all code found in this distribution, be it the RC4, RSA, 12c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * included with this distribution is covered by the same copyright terms 14c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 16c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * Copyright remains Eric Young's, and as such any Copyright notices in 17c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * the code are not to be removed. 18c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * If this package is used in a product, Eric Young should be given attribution 19c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * as the author of the parts of the library used. 20c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * This can be in the form of a textual message at program startup or 21c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * in documentation (online or textual) provided with the package. 22c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 23c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * Redistribution and use in source and binary forms, with or without 24c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * modification, are permitted provided that the following conditions 25c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * are met: 26c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 1. Redistributions of source code must retain the copyright 27c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * notice, this list of conditions and the following disclaimer. 28c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 2. Redistributions in binary form must reproduce the above copyright 29c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * notice, this list of conditions and the following disclaimer in the 30c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * documentation and/or other materials provided with the distribution. 31c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 3. All advertising materials mentioning features or use of this software 32c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * must display the following acknowledgement: 33c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * "This product includes cryptographic software written by 34c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * Eric Young (eay@cryptsoft.com)" 35c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * The word 'cryptographic' can be left out if the rouines from the library 36c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * being used are not cryptographic related :-). 37c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 4. If you include any Windows specific code (or a derivative thereof) from 38c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * the apps directory (application code) you must include an acknowledgement: 39c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 41c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * SUCH DAMAGE. 52c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 53c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * The licence and distribution terms for any publically available version or 54c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * derivative of this code cannot be changed. i.e. this code cannot simply be 55c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * copied and put under another distribution licence 56c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * [including the GNU Public Licence.] 57c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 58c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 59c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <stdio.h> 60c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <ctype.h> 61c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include "cryptlib.h" 62c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/asn1.h> 63c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/objects.h> 64c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/x509.h> 65c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/x509v3.h> 66c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 67c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) 68c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 69c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i; 70c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_CINF *ai,*bi; 71c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 72c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ai=a->cert_info; 73c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org bi=b->cert_info; 74c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber); 75c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (i) return(i); 76c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(X509_NAME_cmp(ai->issuer,bi->issuer)); 77c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 78c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 79c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef OPENSSL_NO_MD5 80c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgunsigned long X509_issuer_and_serial_hash(X509 *a) 81c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 82c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned long ret=0; 83c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org EVP_MD_CTX ctx; 84c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned char md[16]; 85c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org char *f; 86c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 87c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org EVP_MD_CTX_init(&ctx); 88c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org f=X509_NAME_oneline(a->cert_info->issuer,NULL,0); 892c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) 902c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org goto err; 917453c6c0666947e06d87565404f4397a4b387f91digit@chromium.org if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f))) 922c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org goto err; 93c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org OPENSSL_free(f); 942c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, 952c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org (unsigned long)a->cert_info->serialNumber->length)) 962c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org goto err; 972c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if (!EVP_DigestFinal_ex(&ctx,&(md[0]),NULL)) 982c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org goto err; 99c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| 100c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) 101c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org )&0xffffffffL; 1022c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org err: 103c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org EVP_MD_CTX_cleanup(&ctx); 104c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(ret); 105c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 106c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 107c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 108c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint X509_issuer_name_cmp(const X509 *a, const X509 *b) 109c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 110c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); 111c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 112c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 113c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint X509_subject_name_cmp(const X509 *a, const X509 *b) 114c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 115c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); 116c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 117c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 118c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) 119c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 120c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); 121c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 122c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 123480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#ifndef OPENSSL_NO_SHA 124480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgint X509_CRL_match(const X509_CRL *a, const X509_CRL *b) 125480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 126480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return memcmp(a->sha1_hash, b->sha1_hash, 20); 127480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 128480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#endif 129480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 130c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgX509_NAME *X509_get_issuer_name(X509 *a) 131c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 132c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(a->cert_info->issuer); 133c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 134c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 135c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgunsigned long X509_issuer_name_hash(X509 *x) 136c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 137c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(X509_NAME_hash(x->cert_info->issuer)); 138c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 139c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 140480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#ifndef OPENSSL_NO_MD5 141480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgunsigned long X509_issuer_name_hash_old(X509 *x) 142480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 143480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return(X509_NAME_hash_old(x->cert_info->issuer)); 144480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 145480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#endif 146480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 147c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgX509_NAME *X509_get_subject_name(X509 *a) 148c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 149c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(a->cert_info->subject); 150c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 151c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 152c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgASN1_INTEGER *X509_get_serialNumber(X509 *a) 153c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 154c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(a->cert_info->serialNumber); 155c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 156c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 157c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgunsigned long X509_subject_name_hash(X509 *x) 158c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 159c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(X509_NAME_hash(x->cert_info->subject)); 160c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 161c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 162480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#ifndef OPENSSL_NO_MD5 163480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgunsigned long X509_subject_name_hash_old(X509 *x) 164480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 165480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return(X509_NAME_hash_old(x->cert_info->subject)); 166480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 167480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#endif 168480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 169c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef OPENSSL_NO_SHA 170c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Compare two certificates: they must be identical for 171c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * this to work. NB: Although "cmp" operations are generally 172c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * prototyped to take "const" arguments (eg. for use in 173c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * STACKs), the way X509 handling is - these operations may 174c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * involve ensuring the hashes are up-to-date and ensuring 175c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * certain cert information is cached. So this is the point 176c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * where the "depth-first" constification tree has to halt 177c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * with an evil cast. 178c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 179c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint X509_cmp(const X509 *a, const X509 *b) 180c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org{ 181c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* ensure hash is valid */ 182c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_check_purpose((X509 *)a, -1, 0); 183c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_check_purpose((X509 *)b, -1, 0); 184c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 185c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); 186c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org} 187c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 188c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 189c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 190480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgint X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) 191c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 192480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org int ret; 193c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 194480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org /* Ensure canonical encoding is present and up to date */ 195c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 196480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (!a->canon_enc || a->modified) 197480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 198480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ret = i2d_X509_NAME((X509_NAME *)a, NULL); 199480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (ret < 0) 200480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return -2; 201480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 202c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 203480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (!b->canon_enc || b->modified) 204c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 205480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ret = i2d_X509_NAME((X509_NAME *)b, NULL); 206480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (ret < 0) 207480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return -2; 208c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 209c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 210480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ret = a->canon_enclen - b->canon_enclen; 211c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 212480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (ret) 213480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return ret; 214c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 215480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); 216c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 217480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 218c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 219480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgunsigned long X509_NAME_hash(X509_NAME *x) 220480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 221480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org unsigned long ret=0; 222480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org unsigned char md[SHA_DIGEST_LENGTH]; 223c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 224480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org /* Make sure X509_NAME structure contains valid cached encoding */ 225480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org i2d_X509_NAME(x,NULL); 2262c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), 2272c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org NULL)) 2282c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org return 0; 229c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 230480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| 231480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) 232480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org )&0xffffffffL; 233480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return(ret); 234c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 235c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 236480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 237c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef OPENSSL_NO_MD5 238c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* I now DER encode the name and hash it. Since I cache the DER encoding, 239c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * this is reasonably efficient. */ 240480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 241480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgunsigned long X509_NAME_hash_old(X509_NAME *x) 242c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 2432c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org EVP_MD_CTX md_ctx; 244c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned long ret=0; 245c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned char md[16]; 246c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 247c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Make sure X509_NAME structure contains valid cached encoding */ 248c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org i2d_X509_NAME(x,NULL); 2492c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org EVP_MD_CTX_init(&md_ctx); 2502c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 2517453c6c0666947e06d87565404f4397a4b387f91digit@chromium.org if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) 2527453c6c0666947e06d87565404f4397a4b387f91digit@chromium.org && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) 2537453c6c0666947e06d87565404f4397a4b387f91digit@chromium.org && EVP_DigestFinal_ex(&md_ctx,md,NULL)) 2547453c6c0666947e06d87565404f4397a4b387f91digit@chromium.org ret=(((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| 2557453c6c0666947e06d87565404f4397a4b387f91digit@chromium.org ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) 2567453c6c0666947e06d87565404f4397a4b387f91digit@chromium.org )&0xffffffffL; 2572c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org EVP_MD_CTX_cleanup(&md_ctx); 258c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 259c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(ret); 260c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 261c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 262c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 263c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Search a stack of X509 for a match */ 264c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgX509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, 265c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ASN1_INTEGER *serial) 266c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 267c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i; 268c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_CINF cinf; 269c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509 x,*x509=NULL; 270c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 271c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(!sk) return NULL; 272c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 273c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org x.cert_info= &cinf; 274c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org cinf.serialNumber=serial; 275c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org cinf.issuer=name; 276c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 277c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i=0; i<sk_X509_num(sk); i++) 278c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 279c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org x509=sk_X509_value(sk,i); 280c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (X509_issuer_and_serial_cmp(x509,&x) == 0) 281c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(x509); 282c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 283c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(NULL); 284c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 285c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 286c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgX509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) 287c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 288c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509 *x509; 289c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i; 290c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 291c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i=0; i<sk_X509_num(sk); i++) 292c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 293c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org x509=sk_X509_value(sk,i); 294c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0) 295c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(x509); 296c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 297c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(NULL); 298c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 299c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 300c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgEVP_PKEY *X509_get_pubkey(X509 *x) 301c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 302c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((x == NULL) || (x->cert_info == NULL)) 303c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(NULL); 304c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(X509_PUBKEY_get(x->cert_info->key)); 305c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 306c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 307c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) 308c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 309c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(!x) return NULL; 310c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return x->cert_info->key->public_key; 311c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 312c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 313c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint X509_check_private_key(X509 *x, EVP_PKEY *k) 314c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 315480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org EVP_PKEY *xk; 316480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org int ret; 317c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 318c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org xk=X509_get_pubkey(x); 319480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 320480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (xk) 321480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ret = EVP_PKEY_cmp(xk, k); 322480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org else 323480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ret = -2; 324480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 325480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org switch (ret) 326c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 327c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case 1: 328c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org break; 329c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case 0: 330c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); 331c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org break; 332c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case -1: 333c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); 334c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org break; 335c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case -2: 336c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); 337c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 338480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (xk) 339480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org EVP_PKEY_free(xk); 340480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (ret > 0) 341480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return 1; 342480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return 0; 343c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 344