From a5db6fa5760f21d16d59e025e930c02456e00fef Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 03:53:12 +0000 Subject: Define a STORE type. For documentation, read the entry in CHANGES, crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h. --- CHANGES | 6 + Makefile.org | 3 +- crypto/Makefile.ssl | 3 +- crypto/crypto-lib.com | 4 +- crypto/err/err.h | 3 + crypto/err/openssl.ec | 2 + crypto/store/.cvsignore | 2 + crypto/store/Makefile.ssl | 141 +++++ crypto/store/README | 94 +++ crypto/store/store.h | 482 +++++++++++++++ crypto/store/str_err.c | 176 ++++++ crypto/store/str_lib.c | 1507 +++++++++++++++++++++++++++++++++++++++++++++ crypto/store/str_locl.h | 123 ++++ crypto/store/str_mem.c | 324 ++++++++++ crypto/store/str_meth.c | 215 +++++++ util/mkdef.pl | 1 + 16 files changed, 3083 insertions(+), 3 deletions(-) create mode 100644 crypto/store/.cvsignore create mode 100644 crypto/store/Makefile.ssl create mode 100644 crypto/store/README create mode 100644 crypto/store/store.h create mode 100644 crypto/store/str_err.c create mode 100644 crypto/store/str_lib.c create mode 100644 crypto/store/str_locl.h create mode 100644 crypto/store/str_mem.c create mode 100644 crypto/store/str_meth.c diff --git a/CHANGES b/CHANGES index 57f503b675..7389f35924 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add the STORE type. The intention is to provide a common interface + to certificate and key stores, be they simple file-based stores, or + HSM-type store, or LDAP stores, or... + NOTE: The code is currently UNTESTED and isn't really used anywhere. + [Richard Levitte] + *) Add a generic structure called OPENSSL_ITEM. This can be used to pass a list of arguments to any function as well as provide a way for a function to pass data back to the caller. diff --git a/Makefile.org b/Makefile.org index 6f2188ad82..02cad4dfac 100644 --- a/Makefile.org +++ b/Makefile.org @@ -178,7 +178,8 @@ SDIRS= \ des rc2 rc4 rc5 idea bf cast \ bn ec rsa dsa ecdsa dh ecdh dso engine aes \ buffer bio stack lhash rand err objects \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ + store # tests to perform. "alltests" is a special word indicating that all tests # should be performed. diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index 522a162c1e..b52157e4db 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -30,7 +30,8 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \ des rc2 rc4 rc5 idea bf cast \ bn ec rsa dsa ecdsa ecdh dh dso engine aes \ buffer bio stack lhash rand err objects \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ + store GENERAL=Makefile README crypto-lib.com install.com diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index c118da309a..a6838c2480 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -80,7 +80,8 @@ $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,"+ - "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ - "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5" + "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - + "STORE" $! $! Check To Make Sure We Have Valid Command Line Parameters. $! @@ -265,6 +266,7 @@ $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - $ LIB_UI_COMPAT = ",ui_compat" $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT $ LIB_KRB5 = "krb5_asn" +$ LIB_STORE = "str_err,str_lib,str_meth,str_mem" $! $! Setup exceptional compilations $! diff --git a/crypto/err/err.h b/crypto/err/err.h index 95658addf9..08838190fd 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -135,6 +135,7 @@ typedef struct err_state_st #define ERR_LIB_COMP 41 #define ERR_LIB_ECDSA 42 #define ERR_LIB_ECDH 43 +#define ERR_LIB_STORE 44 #define ERR_LIB_USER 128 @@ -165,6 +166,7 @@ typedef struct err_state_st #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) #define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) #define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) +#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ @@ -219,6 +221,7 @@ typedef struct err_state_st #define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ #define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ #define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ +#define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */ #define ERR_R_NESTED_ASN1_ERROR 58 #define ERR_R_BAD_ASN1_OBJECT_HEADER 59 diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 3ac40512d2..64200fceba 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -27,8 +27,10 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c L UI crypto/ui/ui.h crypto/ui/ui_err.c +L COMP crypto/comp/comp.h crypto/comp/comp_err.c L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c +L STORE crypto/store/store.h crypto/store/str_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE diff --git a/crypto/store/.cvsignore b/crypto/store/.cvsignore new file mode 100644 index 0000000000..695fdd0059 --- /dev/null +++ b/crypto/store/.cvsignore @@ -0,0 +1,2 @@ +Makefile.save +lib diff --git a/crypto/store/Makefile.ssl b/crypto/store/Makefile.ssl new file mode 100644 index 0000000000..2d81355049 --- /dev/null +++ b/crypto/store/Makefile.ssl @@ -0,0 +1,141 @@ +# +# OpenSSL/crypto/store/Makefile +# + +DIR= store +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +#TEST= storetest.c +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= str_err.c str_lib.c str_meth.c str_mem.c +LIBOBJ= str_err.o str_lib.o str_meth.o str_mem.o + +SRC= $(LIBSRC) + +EXHEADER= store.h str_compat.h +HEADER= $(EXHEADER) str_locl.h + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +str_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +str_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +str_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +str_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +str_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +str_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +str_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +str_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +str_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +str_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +str_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +str_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +str_err.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +str_err.o: str_err.c +str_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +str_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +str_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +str_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +str_lib.o: ../../include/openssl/x509_vfy.h str_lib.c str_locl.h +str_mem.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +str_mem.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +str_mem.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +str_mem.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +str_mem.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +str_mem.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +str_mem.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +str_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_mem.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +str_mem.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +str_mem.o: ../../include/openssl/stack.h ../../include/openssl/store.h +str_mem.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +str_mem.o: ../../include/openssl/x509_vfy.h str_locl.h str_mem.c +str_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +str_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +str_meth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +str_meth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +str_meth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +str_meth.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +str_meth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +str_meth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +str_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_meth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +str_meth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +str_meth.o: ../../include/openssl/stack.h ../../include/openssl/store.h +str_meth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +str_meth.o: ../../include/openssl/x509_vfy.h str_locl.h str_meth.c diff --git a/crypto/store/README b/crypto/store/README new file mode 100644 index 0000000000..a5a494899d --- /dev/null +++ b/crypto/store/README @@ -0,0 +1,94 @@ +The STORE type +============== + +A STORE, as defined in this code section, is really a rather simple +thing which stores objects and per-object associations to a number +of attributes. What attributes are supported entirely depends on +the particular implementation of a STORE. It has some support for +generation of certain objects (for example, keys and CRLs). + + +Supported object types +---------------------- + +For now, the objects that are supported are the following: + +X.509 certificate +X.509 CRL +private key +public key +number + +The intention is that a STORE should be able to store everything +needed by an application that wants a cert/key store, as well as +the data a CA might need to store (this includes the serial number +counter, which explains the support for numbers). + + +Supported attribute types +------------------------- + +For now, the following attributes are supported: + +Friendly Name - the value is a normal C string +Key ID - the value is a 160 bit SHA1 hash +Issuer Key ID - the value is a 160 bit SHA1 hash +Subject Key ID - the value is a 160 bit SHA1 hash +Issuer/Serial Hash - the value is a 160 bit SHA1 hash +Issuer - the value is a X509_NAME +Serial - the value is a BIGNUM +Subject - the value is a X509_NAME +Certificate Hash - the value is a 160 bit SHA1 hash +Email - the value is a normal C string +Filename - the value is a normal C string + +It is expected that these attributes should be enough to support +the need from most, if not all, current applications. Applications +that need to do certificate verification would typically use Subject +Key ID, Issuer/Serial Hash or Subject to look up issuer certificates. +S/MIME applications would typically use Email to look up recipient +and signer certificates. + +There's added support for combined sets of attributes to search for, +with the special OR attribute. + + +Supported basic functionality +----------------------------- + +The functions that are supported through the STORE type are these: + +generate_object - for example to generate keys and CRLs +get_object - to look up one object + NOTE: this function is really rather + redundant and probably of lesser usage + than the list functions +store_object - store an object and the attributes + associated with it +modify_object - modify the attributes associated with + a specific object +revoke_object - revoke an object + NOTE: this only marks an object as + invalid, it doesn't remove the object + from the database +delete_object - remove an object from the database +list_object - list objects associated with a given + set of attributes + NOTE: this is really four functions: + list_start, list_next, list_end and + list_endp +update_store - update the internal data of the store +lock_store - lock the store +unlock_store - unlock the store + +The list functions need some extra explanation: list_start is +used to set up a lookup. That's where the attributes to use in +the search are set up. It returns a search context. list_next +returns the next object searched for. list_end closes the search. +list_endp is used to check if we have reached the end. + +A few words on the store functions as well: update_store is +typically used by a CA application to update the internal +structure of a database. This may for example involve automatic +removal of expired certificates. lock_store and unlock_store +are used for locking a store to allow exclusive writes. diff --git a/crypto/store/store.h b/crypto/store/store.h new file mode 100644 index 0000000000..f99a26414d --- /dev/null +++ b/crypto/store/store.h @@ -0,0 +1,482 @@ +/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_STORE_H +#define HEADER_STORE_H + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* The STORE type is a per-store context that holds all the necessary data + to perform all the supported storage operations. */ +typedef struct store_st STORE; + +/* All instances of STORE have a reference to a method structure, which is a + ordered vector of functions that implement the lower level things to do. + There is an instruction on the implementation further down, in the section + for method implementors. */ +typedef struct store_method_st STORE_METHOD; + + +/* All the following functions return 0, a negative number or NULL on error. + When everything is fine, they return a positive value or a non-NULL + pointer, all depending on their purpose. */ + +/* Creators and destructor. */ +STORE *STORE_new_method(const STORE_METHOD *method); +void STORE_free(STORE *ui); + + +/* Give a user interface parametrised control commands. This can be used to + send down an integer, a data pointer or a function pointer, as well as + be used to get information from a STORE. */ +int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)()); + +/* A control to set the directory with keys and certificates. Used by the + built-in directory level method. */ +#define STORE_CTRL_SET_DIRECTORY 0x0001 +/* A control to set a file to load. Used by the built-in file level method. */ +#define STORE_CTRL_SET_FILE 0x0002 +/* A control to set a configuration file to load. Can be used by any method + that wishes to load a configuration file. */ +#define STORE_CTRL_SET_CONF_FILE 0x0003 +/* A control to set a the section of the loaded configuration file. Can be + used by any method that wishes to load a configuration file. */ +#define STORE_CTRL_SET_CONF_SECTION 0x0004 + + +/* Some methods may use extra data */ +#define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg) +#define STORE_get_app_data(s) STORE_get_ex_data(s,0) +int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int STORE_set_ex_data(STORE *r,int idx,void *arg); +void *STORE_get_ex_data(STORE *r, int idx); + +/* Use specific methods instead of the built-in one */ +const STORE_METHOD *STORE_get_method(STORE *store); +const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth); + +/* The standard OpenSSL methods. */ +/* This is the in-memory method. It does everything except revoking and updating, + and is of course volatile. It's used by other methods that have an in-memory + cache. */ +const STORE_METHOD *STORE_Memory(void); +/* This is the directory store. It does everything except revoking and updating, + and uses STORE_Memory() to cache things in memory. */ +const STORE_METHOD *STORE_Directory(void); +/* This is the file store. It does everything except revoking and updating, + and uses STORE_Memory() to cache things in memory. Certificates are added + to it with the store operation, and it will only get cached certificates. */ +const STORE_METHOD *STORE_File(void); + + +/* Store functions take a type code for the type of data they should store + or fetch */ +typedef enum STORE_object_types + { + STORE_OBJECT_TYPE_X509_CERTIFICATE= 0x01, + STORE_OBJECT_TYPE_X509_CRL= 0x02, + STORE_OBJECT_TYPE_PRIVATE_KEY= 0x03, + STORE_OBJECT_TYPE_PUBLIC_KEY= 0x04, + STORE_OBJECT_TYPE_NUMBER= 0x05, + STORE_OBJECT_TYPE_NUM= 0x05 /* The amount of known + object types */ + } STORE_OBJECT_TYPES; +/* List of text strings corresponding to the object types. */ +extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1]; + +/* Some store functions take a parameter list. Those parameters come with + one of the following codes. The comments following the codes below indicate + what type the value should be a pointer to. */ +typedef enum STORE_params + { + STORE_PARAM_EVP_TYPE= 0x01, /* int */ + STORE_PARAM_BITS= 0x02, /* size_t */ + STORE_PARAM_KEY_PARAMETERS= 0x03, /* ??? */ + STORE_PARAM_KEY_NO_PARAMETERS= 0x04, /* N/A */ + STORE_PARAM_TYPE_NUM= 0x04 /* The amount of known + parameter types */ + } STORE_PARAM_TYPES; +/* Parameter value sizes. -1 means unknown, anything else is the required size. */ +extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1]; + +/* Store functions take attribute lists. Those attributes come with codes. + The comments following the codes below indicate what type the value should + be a pointer to. */ +typedef enum STORE_attribs + { + STORE_ATTR_END= 0x00, + STORE_ATTR_FRIENDLYNAME= 0x01, /* C string */ + STORE_ATTR_KEYID= 0x02, /* 160 bit string (SHA1) */ + STORE_ATTR_ISSUERKEYID= 0x03, /* 160 bit string (SHA1) */ + STORE_ATTR_SUBJECTKEYID= 0x04, /* 160 bit string (SHA1) */ + STORE_ATTR_ISSUERSERIALHASH= 0x05, /* 160 bit string (SHA1) */ + STORE_ATTR_ISSUER= 0x06, /* X509_NAME * */ + STORE_ATTR_SERIAL= 0x07, /* BIGNUM * */ + STORE_ATTR_SUBJECT= 0x08, /* X509_NAME * */ + STORE_ATTR_CERTHASH= 0x09, /* 160 bit string (SHA1) */ + STORE_ATTR_EMAIL= 0x0a, /* C string */ + STORE_ATTR_FILENAME= 0x0b, /* C string */ + STORE_ATTR_TYPE_NUM= 0x0b, /* The amount of known + attribute types */ + STORE_ATTR_OR= 0xff /* This is a special + separator, which + expresses the OR + operation. */ + } STORE_ATTR_TYPES; +/* Attribute value sizes. -1 means unknown, anything else is the required size. */ +extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1]; + +typedef enum STORE_certificate_status + { + STORE_X509_VALID= 0x00, + STORE_X509_EXPIRED= 0x01, + STORE_X509_SUSPENDED= 0x02, + STORE_X509_REVOKED= 0x03 + } STORE_CERTIFICATE_STATUS; + +/* Engine store functions will return a structure that contains all the necessary + * information, including revokation status for certificates. This is really not + * needed for application authors, as the ENGINE framework functions will extract + * the OpenSSL-specific information when at all possible. However, for engine + * authors, it's crucial to know this structure. */ +typedef struct STORE_OBJECT_st + { + STORE_OBJECT_TYPES type; + union + { + struct + { + STORE_CERTIFICATE_STATUS status; + X509 *certificate; + } x509; + X509_CRL *crl; + EVP_PKEY *key; + BIGNUM *number; + } data; + } STORE_OBJECT; +DECLARE_STACK_OF(STORE_OBJECT); +STORE_OBJECT *STORE_OBJECT_new(void); +void STORE_OBJECT_free(STORE_OBJECT *data); + + + +/* The following functions handle the storage. They return 0, a negative number + or NULL on error, anything else on success. */ +X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[]); +int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[]); +void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[]); +X509 *STORE_list_certificate_next(STORE *e, void *handle); +int STORE_list_certificate_end(STORE *e, void *handle); +int STORE_list_certificate_endp(STORE *e, void *handle); +EVP_PKEY *STORE_generate_key(STORE *e, + int evp_type, size_t bits, OPENSSL_ITEM attributes[]); +EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_private_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[]); +int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[]); +void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[]); +EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle); +int STORE_list_private_key_end(STORE *e, void *handle); +int STORE_list_private_key_endp(STORE *e, void *handle); +EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[]); +int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[]); +void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[]); +EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle); +int STORE_list_public_key_end(STORE *e, void *handle); +int STORE_list_public_key_endp(STORE *e, void *handle); +X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[]); +X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[]); +int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[]); +void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[]); +X509_CRL *STORE_list_crl_next(STORE *e, void *handle); +int STORE_list_crl_end(STORE *e, void *handle); +int STORE_list_crl_endp(STORE *e, void *handle); +int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[]); +int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[]); + + +/* Create and manipulate methods */ +STORE_METHOD *STORE_create_method(char *name); +void STORE_destroy_method(STORE_METHOD *store_method); + +/* These callback types are use for store handlers */ +typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *); +typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *); +typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]); +typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); +typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); +typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle); +typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle); +typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); +typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[]); +typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]); +typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[]); +typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)()); + +int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR gen_f); +int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR gen_f); +int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR gen_f); +int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f); +int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f); +int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f); +int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f); +int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f); +int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f); +int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f); +int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f); +int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f); + +STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm); +STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm); +STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm); +STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm); +STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm); +STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm); +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm); +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm); +STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm); +STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm); +STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm); +STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm); +STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm); +STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm); +STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm); + +/* Method helper structures and functions. */ + +/* This structure is the result of parsing through the information in a list + of OPENSSL_ITEMs. It stores all the necessary information in a structured + way.*/ +typedef struct STORE_attr_info_st STORE_ATTR_INFO; + +/* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO. + Note that we do this in the list form, since the list of OPENSSL_ITEMs can + come in blocks separated with STORE_ATTR_OR. Note that the value returned + by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */ +void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes); +STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle); +int STORE_parse_attrs_end(void *handle); +int STORE_parse_attrs_endp(void *handle); + +/* Creator and destructor */ +STORE_ATTR_INFO *STORE_ATTR_INFO_new(void); +int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs); + +/* Manipulators */ +char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); +unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, + STORE_ATTR_TYPES code); +X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); +BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); +int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size); +int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size); +int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn); +int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number); +int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size); +int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size); +int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn); +int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number); + +/* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values + in each contained attribute. */ +int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +/* Check if the set of attributes in a are also set in b. */ +int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */ +int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_STORE_strings(void); + +/* Error codes for the STORE functions. */ + +/* Function codes. */ +#define STORE_F_MEM_DELETE 134 +#define STORE_F_MEM_GENERATE 135 +#define STORE_F_MEM_LIST_NEXT 136 +#define STORE_F_MEM_LIST_START 137 +#define STORE_F_MEM_STORE 138 +#define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139 +#define STORE_F_STORE_ATTR_INFO_GET0_DN 140 +#define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141 +#define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR 142 +#define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR 143 +#define STORE_F_STORE_ATTR_INFO_MODIFY_DN 144 +#define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER 145 +#define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR 146 +#define STORE_F_STORE_ATTR_INFO_SET_CSTR 147 +#define STORE_F_STORE_ATTR_INFO_SET_DN 148 +#define STORE_F_STORE_ATTR_INFO_SET_NUMBER 149 +#define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 +#define STORE_F_STORE_CERTIFICATE 100 +#define STORE_F_STORE_CRL 101 +#define STORE_F_STORE_DELETE_CERTIFICATE 102 +#define STORE_F_STORE_DELETE_CRL 103 +#define STORE_F_STORE_DELETE_NUMBER 104 +#define STORE_F_STORE_DELETE_PRIVATE_KEY 105 +#define STORE_F_STORE_DELETE_PUBLIC_KEY 106 +#define STORE_F_STORE_GENERATE_CRL 107 +#define STORE_F_STORE_GENERATE_KEY 108 +#define STORE_F_STORE_GET_CERTIFICATE 109 +#define STORE_F_STORE_GET_CRL 110 +#define STORE_F_STORE_GET_NUMBER 111 +#define STORE_F_STORE_GET_PRIVATE_KEY 112 +#define STORE_F_STORE_GET_PUBLIC_KEY 113 +#define STORE_F_STORE_LIST_CERTIFICATE_END 114 +#define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115 +#define STORE_F_STORE_LIST_CERTIFICATE_START 116 +#define STORE_F_STORE_LIST_CRL_END 117 +#define STORE_F_STORE_LIST_CRL_NEXT 118 +#define STORE_F_STORE_LIST_CRL_START 119 +#define STORE_F_STORE_LIST_PRIVATE_KEY_END 120 +#define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121 +#define STORE_F_STORE_LIST_PRIVATE_KEY_START 122 +#define STORE_F_STORE_LIST_PUBLIC_KEY_END 123 +#define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 +#define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 +#define STORE_F_STORE_NEW_ENGINE 133 +#define STORE_F_STORE_NEW_METHOD 132 +#define STORE_F_STORE_NUMBER 126 +#define STORE_F_STORE_PARSE_ATTRS_END 151 +#define STORE_F_STORE_PARSE_ATTRS_NEXT 152 +#define STORE_F_STORE_PRIVATE_KEY 127 +#define STORE_F_STORE_PUBLIC_KEY 128 +#define STORE_F_STORE_REVOKE_CERTIFICATE 129 +#define STORE_F_STORE_REVOKE_PRIVATE_KEY 130 +#define STORE_F_STORE_REVOKE_PUBLIC_KEY 131 + +/* Reason codes. */ +#define STORE_R_ALREADY_HAS_A_VALUE 127 +#define STORE_R_FAILED_DELETING_CERTIFICATE 100 +#define STORE_R_FAILED_DELETING_KEY 101 +#define STORE_R_FAILED_DELETING_NUMBER 102 +#define STORE_R_FAILED_GENERATING_CRL 103 +#define STORE_R_FAILED_GENERATING_KEY 104 +#define STORE_R_FAILED_GETTING_CERTIFICATE 105 +#define STORE_R_FAILED_GETTING_KEY 106 +#define STORE_R_FAILED_GETTING_NUMBER 107 +#define STORE_R_FAILED_LISTING_CERTIFICATES 108 +#define STORE_R_FAILED_LISTING_KEYS 109 +#define STORE_R_FAILED_REVOKING_CERTIFICATE 110 +#define STORE_R_FAILED_REVOKING_KEY 111 +#define STORE_R_FAILED_STORING_CERTIFICATE 112 +#define STORE_R_FAILED_STORING_KEY 113 +#define STORE_R_FAILED_STORING_NUMBER 114 +#define STORE_R_NOT_IMPLEMENTED 128 +#define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 +#define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 +#define STORE_R_NO_GENERATE_CRL_FUNCTION 117 +#define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 +#define STORE_R_NO_GET_OBJECT_FUNCTION 119 +#define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 +#define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 +#define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 +#define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 +#define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 +#define STORE_R_NO_STORE 129 +#define STORE_R_NO_STORE_OBJECT_FUNCTION 125 +#define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126 +#define STORE_R_NO_VALUE 130 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/crypto/store/str_err.c b/crypto/store/str_err.c new file mode 100644 index 0000000000..ac88dff0e1 --- /dev/null +++ b/crypto/store/str_err.c @@ -0,0 +1,176 @@ +/* crypto/store/str_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR +static ERR_STRING_DATA STORE_str_functs[]= + { +{ERR_PACK(0,STORE_F_MEM_DELETE,0), "MEM_DELETE"}, +{ERR_PACK(0,STORE_F_MEM_GENERATE,0), "MEM_GENERATE"}, +{ERR_PACK(0,STORE_F_MEM_LIST_NEXT,0), "MEM_LIST_NEXT"}, +{ERR_PACK(0,STORE_F_MEM_LIST_START,0), "MEM_LIST_START"}, +{ERR_PACK(0,STORE_F_MEM_STORE,0), "MEM_STORE"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_CSTR,0), "STORE_ATTR_INFO_get0_cstr"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_DN,0), "STORE_ATTR_INFO_get0_dn"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_NUMBER,0), "STORE_ATTR_INFO_get0_number"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,0), "STORE_ATTR_INFO_get0_sha1str"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,0), "STORE_ATTR_INFO_modify_cstr"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_DN,0), "STORE_ATTR_INFO_modify_dn"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,0), "STORE_ATTR_INFO_modify_number"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,0), "STORE_ATTR_INFO_modify_sha1str"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_CSTR,0), "STORE_ATTR_INFO_set_cstr"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_DN,0), "STORE_ATTR_INFO_set_dn"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_NUMBER,0), "STORE_ATTR_INFO_set_number"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_SHA1STR,0), "STORE_ATTR_INFO_set_sha1str"}, +{ERR_PACK(0,STORE_F_STORE_CERTIFICATE,0), "STORE_CERTIFICATE"}, +{ERR_PACK(0,STORE_F_STORE_CRL,0), "STORE_CRL"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_CERTIFICATE,0), "STORE_delete_certificate"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_CRL,0), "STORE_delete_crl"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_NUMBER,0), "STORE_delete_number"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_PRIVATE_KEY,0), "STORE_delete_private_key"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_PUBLIC_KEY,0), "STORE_delete_public_key"}, +{ERR_PACK(0,STORE_F_STORE_GENERATE_CRL,0), "STORE_generate_crl"}, +{ERR_PACK(0,STORE_F_STORE_GENERATE_KEY,0), "STORE_generate_key"}, +{ERR_PACK(0,STORE_F_STORE_GET_CERTIFICATE,0), "STORE_get_certificate"}, +{ERR_PACK(0,STORE_F_STORE_GET_CRL,0), "STORE_get_crl"}, +{ERR_PACK(0,STORE_F_STORE_GET_NUMBER,0), "STORE_get_number"}, +{ERR_PACK(0,STORE_F_STORE_GET_PRIVATE_KEY,0), "STORE_get_private_key"}, +{ERR_PACK(0,STORE_F_STORE_GET_PUBLIC_KEY,0), "STORE_get_public_key"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_END,0), "STORE_list_certificate_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_NEXT,0), "STORE_list_certificate_next"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_START,0), "STORE_list_certificate_start"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CRL_END,0), "STORE_list_crl_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CRL_NEXT,0), "STORE_list_crl_next"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CRL_START,0), "STORE_list_crl_start"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_END,0), "STORE_list_private_key_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,0), "STORE_list_private_key_next"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_START,0), "STORE_list_private_key_start"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_END,0), "STORE_list_public_key_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,0), "STORE_list_public_key_next"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_START,0), "STORE_list_public_key_start"}, +{ERR_PACK(0,STORE_F_STORE_NEW_ENGINE,0), "STORE_NEW_ENGINE"}, +{ERR_PACK(0,STORE_F_STORE_NEW_METHOD,0), "STORE_new_method"}, +{ERR_PACK(0,STORE_F_STORE_NUMBER,0), "STORE_NUMBER"}, +{ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_END,0), "STORE_PARSE_ATTRS_END"}, +{ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_NEXT,0), "STORE_parse_attrs_next"}, +{ERR_PACK(0,STORE_F_STORE_PRIVATE_KEY,0), "STORE_PRIVATE_KEY"}, +{ERR_PACK(0,STORE_F_STORE_PUBLIC_KEY,0), "STORE_PUBLIC_KEY"}, +{ERR_PACK(0,STORE_F_STORE_REVOKE_CERTIFICATE,0), "STORE_revoke_certificate"}, +{ERR_PACK(0,STORE_F_STORE_REVOKE_PRIVATE_KEY,0), "STORE_revoke_private_key"}, +{ERR_PACK(0,STORE_F_STORE_REVOKE_PUBLIC_KEY,0), "STORE_revoke_public_key"}, +{0,NULL} + }; + +static ERR_STRING_DATA STORE_str_reasons[]= + { +{STORE_R_ALREADY_HAS_A_VALUE ,"already has a value"}, +{STORE_R_FAILED_DELETING_CERTIFICATE ,"failed deleting certificate"}, +{STORE_R_FAILED_DELETING_KEY ,"failed deleting key"}, +{STORE_R_FAILED_DELETING_NUMBER ,"failed deleting number"}, +{STORE_R_FAILED_GENERATING_CRL ,"failed generating crl"}, +{STORE_R_FAILED_GENERATING_KEY ,"failed generating key"}, +{STORE_R_FAILED_GETTING_CERTIFICATE ,"failed getting certificate"}, +{STORE_R_FAILED_GETTING_KEY ,"failed getting key"}, +{STORE_R_FAILED_GETTING_NUMBER ,"failed getting number"}, +{STORE_R_FAILED_LISTING_CERTIFICATES ,"failed listing certificates"}, +{STORE_R_FAILED_LISTING_KEYS ,"failed listing keys"}, +{STORE_R_FAILED_REVOKING_CERTIFICATE ,"failed revoking certificate"}, +{STORE_R_FAILED_REVOKING_KEY ,"failed revoking key"}, +{STORE_R_FAILED_STORING_CERTIFICATE ,"failed storing certificate"}, +{STORE_R_FAILED_STORING_KEY ,"failed storing key"}, +{STORE_R_FAILED_STORING_NUMBER ,"failed storing number"}, +{STORE_R_NOT_IMPLEMENTED ,"not implemented"}, +{STORE_R_NO_DELETE_NUMBER_FUNCTION ,"no delete number function"}, +{STORE_R_NO_DELETE_OBJECT_FUNCTION ,"no delete object function"}, +{STORE_R_NO_GENERATE_CRL_FUNCTION ,"no generate crl function"}, +{STORE_R_NO_GENERATE_OBJECT_FUNCTION ,"no generate object function"}, +{STORE_R_NO_GET_OBJECT_FUNCTION ,"no get object function"}, +{STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION ,"no get object number function"}, +{STORE_R_NO_LIST_OBJECT_END_FUNCTION ,"no list object end function"}, +{STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION ,"no list object next function"}, +{STORE_R_NO_LIST_OBJECT_START_FUNCTION ,"no list object start function"}, +{STORE_R_NO_REVOKE_OBJECT_FUNCTION ,"no revoke object function"}, +{STORE_R_NO_STORE ,"no store"}, +{STORE_R_NO_STORE_OBJECT_FUNCTION ,"no store object function"}, +{STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION ,"no store object number function"}, +{STORE_R_NO_VALUE ,"no value"}, +{0,NULL} + }; + +#endif + +void ERR_load_STORE_strings(void) + { + static int init=1; + + if (init) + { + init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(ERR_LIB_STORE,STORE_str_functs); + ERR_load_strings(ERR_LIB_STORE,STORE_str_reasons); +#endif + + } + } diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c new file mode 100644 index 0000000000..8383a30e19 --- /dev/null +++ b/crypto/store/str_lib.c @@ -0,0 +1,1507 @@ +/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include "str_locl.h" + +const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] = + { + 0, + "X.509 Certificate", + "X.509 CRL", + "Private Key", + "Public Key", + "Number" + }; + +const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] = + { + 0, + sizeof(int), /* EVP_TYPE */ + sizeof(size_t), /* BITS */ + -1, /* KEY_PARAMETERS */ + 0 /* KEY_NO_PARAMETERS */ + }; + +const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] = + { + 0, + -1, /* FRIENDLYNAME: C string */ + SHA_DIGEST_LENGTH, /* KEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* ISSUERKEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* ISSUERSERIALHASH: SHA1 digest, 160 bits */ + sizeof(X509_NAME *), /* ISSUER: X509_NAME * */ + sizeof(BIGNUM *), /* SERIAL: BIGNUM * */ + sizeof(X509_NAME *), /* SUBJECT: X509_NAME * */ + SHA_DIGEST_LENGTH, /* CERTHASH: SHA1 digest, 160 bits */ + -1, /* EMAIL: C string */ + -1, /* FILENAME: C string */ + }; + +STORE *STORE_new_method(const STORE_METHOD *method) + { + STORE *ret; + + ret=(STORE *)OPENSSL_malloc(sizeof(STORE)); + if (ret == NULL) + { + STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE); + return NULL; + } + if (method == NULL) + { + STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + else + ret->meth=method; + + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data); + if (ret->meth->init && !ret->meth->init(ret)) + { + STORE_free(ret); + ret = NULL; + } + return ret; + } + +STORE *STORE_new_engine(ENGINE *engine) + { + STORE *ret = NULL; + ENGINE *e = engine; + const STORE_METHOD *meth = 0; + +#ifdef OPENSSL_NO_ENGINE + e = NULL; +#else + if (engine) + { + if (!ENGINE_init(engine)) + { + STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); + return NULL; + } + e = engine; + } + else + { + STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if(e) + { + meth = ENGINE_get_STORE(e); + if(!meth) + { + STOREerr(STORE_F_STORE_NEW_ENGINE, + ERR_R_ENGINE_LIB); + ENGINE_finish(e); + return NULL; + } + } +#endif + + ret = STORE_new_method(meth); + if (ret == NULL) + { + STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_STORE_LIB); + return NULL; + } + + ret->engine = e; + + return(ret); + } + +void STORE_free(STORE *store) + { + if (store == NULL) + return; + if (store->meth->clean) + store->meth->clean(store); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data); + OPENSSL_free(store); + } + + +int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp, + new_func, dup_func, free_func); + } + +int STORE_set_ex_data(STORE *r, int idx, void *arg) + { + return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); + } + +void *STORE_get_ex_data(STORE *r, int idx) + { + return(CRYPTO_get_ex_data(&r->ex_data,idx)); + } + +const STORE_METHOD *STORE_get_method(STORE *store) + { + return store->meth; + } + +const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth) + { + store->meth=meth; + return store->meth; + } + + +/* API helpers */ + +#define check_store(s,fncode,fnname,fnerrcode) \ + do \ + { \ + if ((s) == NULL || (s)->meth) \ + { \ + STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \ + return 0; \ + } \ + if ((s)->meth->fnname == NULL) \ + { \ + STOREerr((fncode), (fnerrcode)); \ + return 0; \ + } \ + } \ + while(0) + +/* API functions */ + +X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + X509 *x; + + check_store(s,STORE_F_STORE_GET_CERTIFICATE, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes); + if (!object || !object->data.x509.certificate) + { + STOREerr(STORE_F_STORE_GET_CERTIFICATE, + STORE_R_FAILED_GETTING_CERTIFICATE); + return 0; + } + CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509); +#ifdef REF_PRINT + REF_PRINT("X509",data); +#endif + x = object->data.x509.certificate; + STORE_OBJECT_free(object); + return x; + } + +int store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_CERTIFICATE, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_CERTIFICATE, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509); +#ifdef REF_PRINT + REF_PRINT("X509",data); +#endif + object->data.x509.certificate = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_CERTIFICATE, + STORE_R_FAILED_STORING_CERTIFICATE); + return 0; + } + return 1; + } + +int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE, + revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); + + if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes)) + { + STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE, + STORE_R_FAILED_REVOKING_CERTIFICATE); + return 0; + } + return 1; + } + +int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_CERTIFICATE, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_CERTIFICATE, + STORE_R_FAILED_DELETING_CERTIFICATE); + return 0; + } + return 1; + } + +void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + return handle; + } + +X509 *STORE_list_certificate_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + X509 *x; + + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.x509.certificate) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509); +#ifdef REF_PRINT + REF_PRINT("X509",data); +#endif + x = object->data.x509.certificate; + STORE_OBJECT_free(object); + return x; + } + +int STORE_list_certificate_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + return 1; + } + +int STORE_list_certificate_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + return 1; + } + +EVP_PKEY *STORE_generate_key(STORE *s, + int evp_type, size_t bits, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + OPENSSL_ITEM params[3]; + + params[0].code = STORE_PARAM_EVP_TYPE; + params[0].value = &evp_type; + params[0].value_size = sizeof(evp_type); + params[1].code = STORE_PARAM_BITS; + params[1].value = &bits; + params[1].value_size = sizeof(bits); + params[2].code = 0; + + check_store(s,STORE_F_STORE_GENERATE_KEY, + generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION); + + object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + params, attributes); + if (!object || !object->data.key) + { + STOREerr(STORE_F_STORE_GENERATE_KEY, + STORE_R_FAILED_GENERATING_KEY); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_GET_PRIVATE_KEY, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, + STORE_R_FAILED_GETTING_KEY); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_PRIVATE_KEY, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_PRIVATE_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + object->data.key = EVP_PKEY_new(); + if (!object->data.key) + { + STOREerr(STORE_F_STORE_PRIVATE_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + object->data.key = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_PRIVATE_KEY, + STORE_R_FAILED_STORING_KEY); + return 0; + } + return i; + } + +int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[]) + { + int i; + + check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY, + revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); + + i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + + if (!i) + { + STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY, + STORE_R_FAILED_REVOKING_KEY); + return 0; + } + return i; + } + +int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY, + STORE_R_FAILED_DELETING_KEY); + return 0; + } + return 1; + } + +void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return handle; + } + +EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int STORE_list_private_key_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +int STORE_list_private_key_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_GET_PUBLIC_KEY, + get_obj