Change the trust and purpose code so it doesn't need init
either and has a static and dynamic mix.
diff --git a/CHANGES b/CHANGES
index bb47022..d7970a3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,18 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
+ *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and
+ dynamic mix. In both cases the ids can be used as an index into the
+ table. Also modified the X509_TRUST_add() and X509_PURPOSE_add()
+ functions so they accept a list of the field values and the
+ application doesn't need to directly manipulate the X509_TRUST
+ structure.
+ [Steve Henson]
+
+ *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't
+ need initialising.
+ [Steve Henson]
+
*) Modify the way the V3 extension code looks up extensions. This now
works in a similar way to the object code: we have some "standard"
extensions in a static table which is searched with OBJ_bsearch()
diff --git a/apps/req.c b/apps/req.c
index 1c063ee..eb58a1c 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -843,7 +843,6 @@
X509_REQ_free(req);
X509_free(x509ss);
OBJ_cleanup();
- ASN1_STRING_TABLE_cleanup();
#ifndef NO_DSA
if (dsa_params != NULL) DSA_free(dsa_params);
#endif
diff --git a/apps/s_client.c b/apps/s_client.c
index 0afd790..60a8728 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -740,7 +740,6 @@
if (ctx != NULL) SSL_CTX_free(ctx);
if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
- X509_cleanup();
if (bio_c_out != NULL)
{
BIO_free(bio_c_out);
diff --git a/apps/s_server.c b/apps/s_server.c
index 7a3a028..a33e0ff 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -718,7 +718,6 @@
ret=0;
end:
if (ctx != NULL) SSL_CTX_free(ctx);
- X509_cleanup();
if (bio_s_out != NULL)
{
BIO_free(bio_s_out);
diff --git a/apps/verify.c b/apps/verify.c
index f9281a6..e580ace 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -84,7 +84,6 @@
X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL;
- X509_init();
cert_ctx=X509_STORE_new();
if (cert_ctx == NULL) goto end;
X509_STORE_set_verify_cb_func(cert_ctx,cb);
@@ -196,7 +195,6 @@
}
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free);
- X509_cleanup();
EXIT(ret);
}
diff --git a/apps/x509.c b/apps/x509.c
index caf5946..0ed5ef1 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -384,7 +384,6 @@
app_RAND_load_file(NULL, bio_err, 0);
ERR_load_crypto_strings();
- X509_init();
if (!X509_STORE_set_default_paths(ctx))
{
@@ -870,7 +869,6 @@
EVP_PKEY_free(Upkey);
EVP_PKEY_free(CApkey);
X509_REQ_free(rq);
- X509_cleanup();
EXIT(ret);
}
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index e2e100e..2f9c09b 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -66,6 +66,7 @@
static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
static void st_free(ASN1_STRING_TABLE *tbl);
static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b);
+static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b);
/* The following function generates an ASN1_STRING based on limits in a table.
* Frequently the types and length of an ASN1_STRING are restricted by a
@@ -79,7 +80,6 @@
ASN1_STRING *str = NULL;
int ret;
if(!out) out = &str;
- if(!stable) ASN1_STRING_TABLE_add_standard();
tbl = ASN1_STRING_TABLE_get(nid);
if(tbl) ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask,
tbl->minsize, tbl->maxsize);
@@ -102,53 +102,45 @@
#define ub_title 64
#define ub_email_address 128
+/* This table must be kept in NID order */
+
static ASN1_STRING_TABLE tbl_standard[] = {
-{NID_name, 1, ub_name, 0, 0},
-{NID_surname, 1, ub_name, 0, 0},
-{NID_givenName, 1, ub_name, 0, 0},
-{NID_initials, 1, ub_name, 0, 0},
{NID_commonName, 1, ub_common_name, 0, 0},
+{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, 0},
{NID_localityName, 1, ub_locality_name, 0, 0},
{NID_stateOrProvinceName, 1, ub_state_name, 0, 0},
{NID_organizationName, 1, ub_organization_name, 0, 0},
{NID_organizationalUnitName, 1, ub_organization_unit_name, 0, 0},
-{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, 0},
-{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, 0},
{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, 0},
-{NID_undef, 0, 0, 0, 0}
+{NID_givenName, 1, ub_name, 0, 0},
+{NID_surname, 1, ub_name, 0, 0},
+{NID_initials, 1, ub_name, 0, 0},
+{NID_name, 1, ub_name, 0, 0},
+{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, 0},
};
-int ASN1_STRING_TABLE_add_standard(void)
-{
- static int done = 0;
- ASN1_STRING_TABLE *tmp;
- if(done) return 1;
- if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
- if(!stable) {
- ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- for(tmp = tbl_standard; tmp->nid != NID_undef; tmp++) {
- if(!sk_ASN1_STRING_TABLE_push(stable, tmp)) {
- ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- return 1;
-}
-
static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b)
{
return (*a)->nid - (*b)->nid;
}
+static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b)
+{
+ return a->nid - b->nid;
+}
+
ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
{
int idx;
+ ASN1_STRING_TABLE *ttmp;
ASN1_STRING_TABLE fnd;
fnd.nid = nid;
+ ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
+ (char *)tbl_standard,
+ sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
+ sizeof(ASN1_STRING_TABLE), (int(*)())table_cmp);
+ if(ttmp) return ttmp;
+ if(!stable) return NULL;
idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
if(idx < 0) return NULL;
return sk_ASN1_STRING_TABLE_value(stable, idx);
@@ -160,6 +152,7 @@
{
ASN1_STRING_TABLE *tmp;
char new_nid = 0;
+ flags &= ~STABLE_FLAGS_MALLOC;
if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
if(!stable) {
ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
@@ -172,14 +165,13 @@
ERR_R_MALLOC_FAILURE);
return 0;
}
- tmp->flags = STABLE_FLAGS_MALLOC;
+ tmp->flags = flags | STABLE_FLAGS_MALLOC;
tmp->nid = nid;
new_nid = 1;
- }
+ } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
if(minsize != -1) tmp->minsize = minsize;
if(maxsize != -1) tmp->maxsize = maxsize;
tmp->mask = mask;
- tmp->flags = flags & ~STABLE_FLAGS_MALLOC;
if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp);
return 1;
}
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index d36e868..e54a61f 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -773,7 +773,6 @@
ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
const unsigned char *in, int inlen, int inform, int nid);
-int ASN1_STRING_TABLE_add_standard(void);
ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
void ASN1_STRING_TABLE_cleanup(void);
@@ -812,7 +811,6 @@
#define ASN1_F_ASN1_SIGN 114
#define ASN1_F_ASN1_STRING_NEW 115
#define ASN1_F_ASN1_STRING_TABLE_ADD 283
-#define ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD 284
#define ASN1_F_ASN1_STRING_TYPE_NEW 116
#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 117
#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 118
@@ -824,7 +822,7 @@
#define ASN1_F_BASIC_CONSTRAINTS_NEW 226
#define ASN1_F_BN_TO_ASN1_ENUMERATED 234
#define ASN1_F_BN_TO_ASN1_INTEGER 122
-#define ASN1_F_D2I_ACCESS_DESCRIPTION 292
+#define ASN1_F_D2I_ACCESS_DESCRIPTION 284
#define ASN1_F_D2I_ASN1_BIT_STRING 123
#define ASN1_F_D2I_ASN1_BMPSTRING 124
#define ASN1_F_D2I_ASN1_BOOLEAN 125
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index c322d64..0637506 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -92,7 +92,6 @@
{ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"},
{ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0), "ASN1_STRING_new"},
{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_ADD"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD,0), "ASN1_STRING_TABLE_add_standard"},
{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"},
{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"},
{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"},
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index ed95058..5e4da0f 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -280,10 +280,10 @@
/* This is used for a table of trust checking functions */
typedef struct x509_trust_st {
- int trust_id;
- int trust_flags;
+ int trust;
+ int flags;
int (*check_trust)(struct x509_trust_st *, X509 *, int);
- char *trust_name;
+ char *name;
int arg1;
void *arg2;
} X509_TRUST;
@@ -298,6 +298,11 @@
#define X509_TRUST_EMAIL 4
#define X509_TRUST_OBJECT_SIGN 5
+/* Keep these up to date! */
+#define X509_TRUST_MIN 1
+#define X509_TRUST_MAX 5
+
+
/* trust_flags values */
#define X509_TRUST_DYNAMIC 1
#define X509_TRUST_DYNAMIC_NAME 2
@@ -1015,8 +1020,6 @@
ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
-void X509_init(void);
-void X509_cleanup(void);
int X509_verify_cert(X509_STORE_CTX *ctx);
@@ -1059,10 +1062,10 @@
int X509_TRUST_get_count(void);
X509_TRUST * X509_TRUST_iget(int idx);
int X509_TRUST_get_by_id(int id);
-int X509_TRUST_add(X509_TRUST *xp);
+int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
+ char *name, int arg1, void *arg2);
void X509_TRUST_cleanup(void);
-void X509_TRUST_add_standard(void);
-int X509_TRUST_get_id(X509_TRUST *xp);
+int X509_TRUST_get_flags(X509_TRUST *xp);
char *X509_TRUST_iget_name(X509_TRUST *xp);
int X509_TRUST_get_trust(X509_TRUST *xp);
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index 94c64a1..f96f5f9 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -67,72 +67,110 @@
static int trust_1bit(X509_TRUST *trust, X509 *x, int flags);
static int trust_any(X509_TRUST *trust, X509 *x, int flags);
+/* WARNING: the following table should be kept in order of trust
+ * and without any gaps so we can just subtract the minimum trust
+ * value to get an index into the table
+ */
+
static X509_TRUST trstandard[] = {
{X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL},
{X509_TRUST_SSL_CLIENT, 0, trust_1bit, "SSL Client", X509_TRUST_BIT_SSL_CLIENT, NULL},
{X509_TRUST_SSL_SERVER, 0, trust_1bit, "SSL Client", X509_TRUST_BIT_SSL_SERVER, NULL},
{X509_TRUST_EMAIL, 0, trust_1bit, "S/MIME email", X509_TRUST_BIT_EMAIL, NULL},
{X509_TRUST_OBJECT_SIGN, 0, trust_1bit, "Object Signing", X509_TRUST_BIT_OBJECT_SIGN, NULL},
-{0, 0, NULL, NULL, 0, NULL}
};
+#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
+
IMPLEMENT_STACK_OF(X509_TRUST)
static STACK_OF(X509_TRUST) *trtable = NULL;
static int tr_cmp(X509_TRUST **a, X509_TRUST **b)
{
- return (*a)->trust_id - (*b)->trust_id;
+ return (*a)->trust - (*b)->trust;
}
int X509_check_trust(X509 *x, int id, int flags)
{
- int idx;
X509_TRUST *pt;
+ int idx;
if(id == -1) return 1;
- idx = X509_TRUST_get_by_id(id);
- if(idx == -1) return -1;
- pt = sk_X509_TRUST_value(trtable, idx);
+ if(!(idx = X509_TRUST_get_by_id(id))) return 0;
+ pt = X509_TRUST_iget(idx);
return pt->check_trust(pt, x, flags);
}
int X509_TRUST_get_count(void)
{
- return sk_X509_TRUST_num(trtable);
+ if(!trtable) return X509_TRUST_COUNT;
+ return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
}
X509_TRUST * X509_TRUST_iget(int idx)
{
- return sk_X509_TRUST_value(trtable, idx);
+ if(idx < 0) return NULL;
+ if(idx < X509_TRUST_COUNT) return trstandard + idx;
+ return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
}
int X509_TRUST_get_by_id(int id)
{
X509_TRUST tmp;
- tmp.trust_id = id;
+ int idx;
+ if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
+ return id - X509_TRUST_MIN;
+ tmp.trust = id;
if(!trtable) return -1;
- return sk_X509_TRUST_find(trtable, &tmp);
+ idx = sk_X509_TRUST_find(trtable, &tmp);
+ if(idx == -1) return -1;
+ return idx + X509_TRUST_COUNT;
}
-int X509_TRUST_add(X509_TRUST *xp)
+int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
+ char *name, int arg1, void *arg2)
{
int idx;
- if(!trtable)
- {
- trtable = sk_X509_TRUST_new(tr_cmp);
- if (!trtable)
- {
+ X509_TRUST *trtmp;
+ /* This is set according to what we change: application can't set it */
+ flags &= ~X509_TRUST_DYNAMIC;
+ /* This will always be set for application modified trust entries */
+ flags |= X509_TRUST_DYNAMIC_NAME;
+ /* Get existing entry if any */
+ idx = X509_TRUST_get_by_id(id);
+ /* Need a new entry */
+ if(idx == -1) {
+ if(!(trtmp = Malloc(sizeof(X509_TRUST)))) {
X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
return 0;
- }
}
-
- idx = X509_TRUST_get_by_id(xp->trust_id);
- if(idx != -1) {
- trtable_free(sk_X509_TRUST_value(trtable, idx));
- sk_X509_TRUST_set(trtable, idx, xp);
- } else {
- if (!sk_X509_TRUST_push(trtable, xp)) {
+ trtmp->flags = X509_TRUST_DYNAMIC;
+ } else trtmp = X509_TRUST_iget(idx);
+
+ /* Free existing name if dynamic */
+ if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name);
+ /* dup supplied name */
+ if(!(trtmp->name = BUF_strdup(name))) {
+ X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ /* Keep the dynamic flag of existing entry */
+ trtmp->flags &= X509_TRUST_DYNAMIC;
+ /* Set all other flags */
+ trtmp->flags |= flags;
+
+ trtmp->trust = id;
+ trtmp->check_trust = ck;
+ trtmp->arg1 = arg1;
+ trtmp->arg2 = arg2;
+
+ /* If its a new entry manage the dynamic table */
+ if(idx == -1) {
+ if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
+ X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!sk_X509_TRUST_push(trtable, trtmp)) {
X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -143,40 +181,35 @@
static void trtable_free(X509_TRUST *p)
{
if(!p) return;
- if (p->trust_flags & X509_TRUST_DYNAMIC)
+ if (p->flags & X509_TRUST_DYNAMIC)
{
- if (p->trust_flags & X509_TRUST_DYNAMIC_NAME)
- Free(p->trust_name);
+ if (p->flags & X509_TRUST_DYNAMIC_NAME)
+ Free(p->name);
Free(p);
}
}
void X509_TRUST_cleanup(void)
{
+ int i;
+ for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
sk_X509_TRUST_pop_free(trtable, trtable_free);
trtable = NULL;
}
-void X509_TRUST_add_standard(void)
+int X509_TRUST_get_flags(X509_TRUST *xp)
{
- X509_TRUST *xp;
- for(xp = trstandard; xp->trust_name; xp++)
- X509_TRUST_add(xp);
-}
-
-int X509_TRUST_get_id(X509_TRUST *xp)
-{
- return xp->trust_id;
+ return xp->flags;
}
char *X509_TRUST_iget_name(X509_TRUST *xp)
{
- return xp->trust_name;
+ return xp->name;
}
int X509_TRUST_get_trust(X509_TRUST *xp)
{
- return xp->trust_id;
+ return xp->trust;
}
static int trust_1bit(X509_TRUST *trust, X509 *x, int flags)
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index 100b087..5288798 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -265,24 +265,3 @@
if (ex == NULL) return(0);
return(ex->critical);
}
-
-/* Initialisation routine: used to initialise the X509 and X509v3 tables */
-
-static int init_done = 0;
-
-void X509_init(void)
-{
- if(init_done) return;
- X509V3_add_standard_extensions();
- X509_PURPOSE_add_standard();
- X509_TRUST_add_standard();
- init_done = 1;
-}
-
-void X509_cleanup(void)
-{
- X509V3_EXT_cleanup();
- X509_PURPOSE_cleanup();
- X509_TRUST_cleanup();
- init_done = 0;
-}
diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl
index 83bd70e..8cf90be 100644
--- a/crypto/x509v3/Makefile.ssl
+++ b/crypto/x509v3/Makefile.ssl
@@ -339,7 +339,7 @@
v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h
v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index c81f9a1..801a585 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -91,7 +91,7 @@
&v3_info,
};
-/* Number of standard extensions: keep up to date */
+/* Number of standard extensions */
-#define STANDARD_EXTENSION_COUNT 22
+#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index e350c81..5e7b4c3 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -82,9 +82,10 @@
{X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
{X509_PURPOSE_CRL_SIGN, X509_TRUST_ANY, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
- {-1, 0, 0, NULL, NULL, NULL, NULL}
};
+#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
+
IMPLEMENT_STACK_OF(X509_PURPOSE)
static STACK_OF(X509_PURPOSE) *xptable = NULL;
@@ -100,7 +101,6 @@
X509_PURPOSE *pt;
if(!(x->ex_flags & EXFLAG_SET)) {
CRYPTO_w_lock(CRYPTO_LOCK_X509);
- X509_init();
x509v3_cache_extensions(x);
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
}
@@ -108,25 +108,28 @@
idx = X509_PURPOSE_get_by_id(id);
if(idx == -1) return -1;
pt = sk_X509_PURPOSE_value(xptable, idx);
- return pt->check_purpose(pt, x,ca);
+ return pt->check_purpose(pt, x, ca);
}
int X509_PURPOSE_get_count(void)
{
- return sk_X509_PURPOSE_num(xptable);
+ if(!xptable) return X509_PURPOSE_COUNT;
+ return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
}
X509_PURPOSE * X509_PURPOSE_iget(int idx)
{
- return sk_X509_PURPOSE_value(xptable, idx);
+ if(idx < 0) return NULL;
+ if(idx < X509_PURPOSE_COUNT) return xstandard + idx;
+ return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
}
int X509_PURPOSE_get_by_sname(char *sname)
{
int i;
X509_PURPOSE *xptmp;
- for(i = 0; i < sk_X509_PURPOSE_num(xptable); i++) {
- xptmp = sk_X509_PURPOSE_value(xptable, i);
+ for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+ xptmp = X509_PURPOSE_iget(i);
if(!strcmp(xptmp->sname, sname)) return i;
}
return -1;
@@ -136,30 +139,66 @@
int X509_PURPOSE_get_by_id(int purpose)
{
X509_PURPOSE tmp;
+ int idx;
+ if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
+ return purpose - X509_PURPOSE_MIN;
tmp.purpose = purpose;
if(!xptable) return -1;
- return sk_X509_PURPOSE_find(xptable, &tmp);
+ idx = sk_X509_PURPOSE_find(xptable, &tmp);
+ if(idx == -1) return -1;
+ return idx + X509_PURPOSE_COUNT;
}
-int X509_PURPOSE_add(X509_PURPOSE *xp)
+int X509_PURPOSE_add(int id, int trust, int flags,
+ int (*ck)(X509_PURPOSE *, X509 *, int),
+ char *name, char *sname, void *arg)
{
int idx;
- if(!xptable)
- {
- xptable = sk_X509_PURPOSE_new(xp_cmp);
- if (!xptable)
- {
+ X509_PURPOSE *ptmp;
+ /* This is set according to what we change: application can't set it */
+ flags &= ~X509_PURPOSE_DYNAMIC;
+ /* This will always be set for application modified trust entries */
+ flags |= X509_PURPOSE_DYNAMIC_NAME;
+ /* Get existing entry if any */
+ idx = X509_PURPOSE_get_by_id(id);
+ /* Need a new entry */
+ if(idx == -1) {
+ if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) {
X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
return 0;
- }
}
-
- idx = X509_PURPOSE_get_by_id(xp->purpose);
- if(idx != -1) {
- xptable_free(sk_X509_PURPOSE_value(xptable, idx));
- sk_X509_PURPOSE_set(xptable, idx, xp);
- } else {
- if (!sk_X509_PURPOSE_push(xptable, xp)) {
+ ptmp->flags = X509_PURPOSE_DYNAMIC;
+ } else ptmp = X509_PURPOSE_iget(idx);
+
+ /* Free existing name if dynamic */
+ if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
+ Free(ptmp->name);
+ Free(ptmp->sname);
+ }
+ /* dup supplied name */
+ ptmp->name = BUF_strdup(name);
+ ptmp->sname = BUF_strdup(sname);
+ if(!ptmp->name || !ptmp->sname) {
+ X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ /* Keep the dynamic flag of existing entry */
+ ptmp->flags &= X509_PURPOSE_DYNAMIC;
+ /* Set all other flags */
+ ptmp->flags |= flags;
+
+ ptmp->purpose = id;
+ ptmp->trust = trust;
+ ptmp->check_purpose = ck;
+ ptmp->usr_data = arg;
+
+ /* If its a new entry manage the dynamic table */
+ if(idx == -1) {
+ if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
+ X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -182,16 +221,12 @@
void X509_PURPOSE_cleanup(void)
{
+ int i;
sk_X509_PURPOSE_pop_free(xptable, xptable_free);
+ for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
xptable = NULL;
}
-void X509_PURPOSE_add_standard(void)
-{
- X509_PURPOSE *xp;
- for(xp = xstandard; xp->name; xp++) X509_PURPOSE_add(xp);
-}
-
int X509_PURPOSE_get_id(X509_PURPOSE *xp)
{
return xp->purpose;
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index bee56ab..5e988a9 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -345,6 +345,9 @@
#define X509_PURPOSE_SMIME_ENCRYPT 5
#define X509_PURPOSE_CRL_SIGN 6
+#define X509_PURPOSE_MIN 1
+#define X509_PURPOSE_MAX 6
+
DECLARE_STACK_OF(X509_PURPOSE)
void ERR_load_X509V3_strings(void);
@@ -532,7 +535,9 @@
X509_PURPOSE * X509_PURPOSE_iget(int idx);
int X509_PURPOSE_get_by_sname(char *sname);
int X509_PURPOSE_get_by_id(int id);
-int X509_PURPOSE_add(X509_PURPOSE *xp);
+int X509_PURPOSE_add(int id, int trust, int flags,
+ int (*ck)(X509_PURPOSE *, X509 *, int),
+ char *name, char *sname, void *arg);
char *X509_PURPOSE_iget_name(X509_PURPOSE *xp);
char *X509_PURPOSE_iget_sname(X509_PURPOSE *xp);
int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 3bd8d15..10d080d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1120,12 +1120,6 @@
ret->extra_certs=NULL;
ret->comp_methods=SSL_COMP_get_compression_methods();
- /* Initialise X509 tables: otherwise some certificate operations
- * wont work. This is a non op if called more than once.
- */
-
- X509_init();
-
return(ret);
err:
SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
diff --git a/util/libeay.num b/util/libeay.num
index a14719d..bf3d063 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -1883,241 +1883,233 @@
ASN1_GENERALIZEDTIME_free 1908
X509V3_REVOKED_get_d2i 1909
X509_set_ex_data 1910
-X509_PURPOSE_add_standard 1911
-sk_X509_PURPOSE_value 1912
-sk_X509_PURPOSE_zero 1913
-ASN1_VISIBLESTRING_new 1914
-ASN1_PRINTABLESTRING_free 1915
-ASN1_BMPSTRING_new 1916
-ASN1_UTF8STRING_new 1917
-sk_X509_PURPOSE_pop 1918
-DSA_get_default_method 1919
-sk_X509_PURPOSE_push 1920
-sk_X509_PURPOSE_delete 1921
-sk_X509_PURPOSE_num 1922
-PEM_read_DSA_PUBKEY 1923
-ASN1_T61STRING_free 1924
-d2i_DSA_PUBKEY_fp 1925
-DSA_set_method 1926
-X509_get_ex_data 1927
-ASN1_STRING_type 1928
-sk_X509_PURPOSE_find 1929
-ASN1_TIME_free 1930
-ASN1_OCTET_STRING_cmp 1931
-ASN1_BIT_STRING_new 1932
-X509V3_X509_get_d2i 1933
-ASN1_INTEGER_cmp 1934
-ASN1_TIME_new 1935
-d2i_DSA_PUBKEY_bio 1936
-sk_X509_PURPOSE_new_null 1937
-ASN1_UTCTIME_free 1938
-DSA_set_default_method 1939
-sk_X509_PURPOSE_set_cmp_func 1940
-PEM_write_bio_DSA_PUBKEY 1941
-X509_PURPOSE_get_by_id 1942
-DISPLAYTEXT_free 1943
-X509V3_CRL_get_d2i 1944
-ASN1_OCTET_STRING_free 1945
-X509_get_ex_new_index 1946
-ASN1_STRING_length 1947
-ASN1_PRINTABLESTRING_new 1948
-X509V3_get_d2i 1949
-ASN1_ENUMERATED_free 1950
-sk_X509_PURPOSE_unshift 1951
-sk_X509_PURPOSE_set 1952
-sk_X509_PURPOSE_sort 1953
-DIRECTORYSTRING_free 1954
-ASN1_OCTET_STRING_set 1955
-ASN1_IA5STRING_new 1956
-X509_check_purpose 1957
-ASN1_ENUMERATED_new 1958
-PEM_write_DSA_PUBKEY 1959
-ASN1_BMPSTRING_free 1960
-ASN1_T61STRING_new 1961
-ASN1_UTCTIME_new 1962
-ASN1_IA5STRING_free 1963
-ASN1_STRING_data 1964
-X509_PURPOSE_iget_name 1965
-sk_X509_PURPOSE_delete_ptr 1966
-ASN1_BIT_STRING_free 1967
-X509_PURPOSE_add 1968
-ASN1_UTF8STRING_free 1969
-X509_PURPOSE_get 1970
-sk_X509_PURPOSE_pop_free 1971
-i2d_DSA_PUBKEY_fp 1972
-sk_X509_PURPOSE_free 1973
-sk_X509_PURPOSE_dup 1974
-ASN1_OCTET_STRING_dup 1975
-ASN1_BIT_STRING_set 1976
-ASN1_INTEGER_free 1977
-ASN1_INTEGER_dup 1978
-ASN1_VISIBLESTRING_free 1979
-sk_X509_PURPOSE_shift 1980
-sk_X509_PURPOSE_new 1981
-sk_X509_PURPOSE_insert 1982
-ASN1_GENERALIZEDTIME_new 1983
-PEM_read_bio_DSA_PUBKEY 1984
-ASN1_OCTET_STRING_new 1985
-ASN1_INTEGER_new 1986
-i2d_DSA_PUBKEY_bio 1987
-ASN1_STRING_length_set 1988
-DIRECTORYSTRING_new 1989
-ASN1_mbstring_copy 1990
-sk_ASN1_STRING_TABLE_value 1991
-sk_ASN1_STRING_TABLE_pop 1992
-sk_ASN1_STRING_TABLE_num 1993
-sk_ASN1_STRING_TABLE_delete_ptr 1994
-sk_ASN1_STRING_TABLE_sort 1995
+X509_reject_set_bit_asc 1911
+X509_NAME_add_entry_by_txt 1912
+sk_X509_TRUST_pop 1913
+X509_NAME_add_entry_by_NID 1914
+X509_PURPOSE_iget 1915
+sk_ACCESS_DESCRIPTION_shift 1916
+PEM_read_X509_AUX 1917
+d2i_AUTHORITY_INFO_ACCESS 1918
+sk_X509_TRUST_set_cmp_func 1919
+sk_X509_TRUST_free 1920
+PEM_write_PUBKEY 1921
+sk_X509_TRUST_num 1922
+sk_ACCESS_DESCRIPTION_delete 1923
+sk_ASN1_STRING_TABLE_value 1924
+ACCESS_DESCRIPTION_new 1925
+X509_CERT_AUX_free 1926
+d2i_ACCESS_DESCRIPTION 1927
+X509_PURPOSE_add_standard 1928
+sk_X509_PURPOSE_value 1929
+sk_X509_PURPOSE_zero 1930
+X509_TRUST_add 1931
+ASN1_VISIBLESTRING_new 1932
+X509_alias_set 1933
+ASN1_PRINTABLESTRING_free 1934
+EVP_PKEY_rget_DSA 1935
+ASN1_BMPSTRING_new 1936
+ASN1_mbstring_copy 1937
+ASN1_UTF8STRING_new 1938
+sk_ACCESS_DESCRIPTION_set 1939
+sk_X509_PURPOSE_pop 1940
+DSA_get_default_method 1941
+sk_X509_PURPOSE_push 1942
+sk_X509_PURPOSE_delete 1943
+sk_X509_PURPOSE_num 1944
+i2d_ASN1_SET_OF_ACCESS_DESCRIPTION 1945
+ASN1_T61STRING_free 1946
+sk_ACCESS_DESCRIPTION_free 1947
+sk_ASN1_STRING_TABLE_pop 1948
+DSA_set_method 1949
+X509_get_ex_data 1950
+ASN1_STRING_type 1951
+X509_PURPOSE_get_by_sname 1952
+sk_X509_PURPOSE_find 1953
+ASN1_TIME_free 1954
+ASN1_OCTET_STRING_cmp 1955
+sk_ACCESS_DESCRIPTION_value 1956
+ASN1_BIT_STRING_new 1957
+X509V3_X509_get_d2i 1958
+PEM_read_bio_X509_AUX 1959
+ASN1_STRING_set_default_mask_asc 1960
+PEM_write_bio_RSA_PUBKEY 1961
+sk_ASN1_STRING_TABLE_num 1962
+ASN1_INTEGER_cmp 1963
+d2i_RSA_PUBKEY_fp 1964
+sk_ACCESS_DESCRIPTION_unshift 1965
+sk_ASN1_STRING_TABLE_delete_ptr 1966
+X509_trust_set_bit_asc 1967
+PEM_write_bio_DSA_PUBKEY 1968
+X509_STORE_CTX_free 1969
+EVP_PKEY_rset_DSA 1970
+i2d_DSA_PUBKEY_fp 1971
+X509_load_cert_crl_file 1972
+ASN1_TIME_new 1973
+i2d_RSA_PUBKEY 1974
+sk_X509_TRUST_pop_free 1975
+X509_STORE_CTX_purpose_inherit 1976
+PEM_read_RSA_PUBKEY 1977
+sk_X509_TRUST_zero 1978
+sk_ACCESS_DESCRIPTION_pop_free 1979
+d2i_X509_AUX 1980
+i2d_DSA_PUBKEY 1981
+X509_CERT_AUX_print 1982
+sk_X509_PURPOSE_new_null 1983
+PEM_read_DSA_PUBKEY 1984
+i2d_RSA_PUBKEY_bio 1985
+ASN1_BIT_STRING_num_asc 1986
+i2d_PUBKEY 1987
+ASN1_UTCTIME_free 1988
+DSA_set_default_method 1989
+X509_PURPOSE_get_by_id 1990
+sk_X509_TRUST_push 1991
+sk_ASN1_STRING_TABLE_sort 1992
+sk_X509_PURPOSE_set_cmp_func 1993
+ACCESS_DESCRIPTION_free 1994
+PEM_read_bio_PUBKEY 1995
ASN1_STRING_set_by_NID 1996
-sk_ASN1_STRING_TABLE_pop_free 1997
-sk_ASN1_STRING_TABLE_unshift 1998
-ASN1_STRING_TABLE_cleanup 1999
-ASN1_STRING_set_default_mask 2000
-sk_ASN1_STRING_TABLE_insert 2001
-sk_ASN1_STRING_TABLE_free 2002
-sk_ASN1_STRING_TABLE_set 2003
-ASN1_STRING_TABLE_add_standard 2004
-sk_ASN1_STRING_TABLE_set_cmp_func 2005
-ASN1_STRING_get_default_mask 2006
-ASN1_STRING_TABLE_get 2007
-sk_ASN1_STRING_TABLE_delete 2008
-sk_ASN1_STRING_TABLE_zero 2009
-sk_ASN1_STRING_TABLE_shift 2010
-sk_ASN1_STRING_TABLE_new_null 2011
-sk_ASN1_STRING_TABLE_push 2012
-sk_ASN1_STRING_TABLE_dup 2013
-ASN1_mbstring_ncopy 2014
-sk_ASN1_STRING_TABLE_find 2015
-sk_ASN1_STRING_TABLE_new 2016
-EVP_PKEY_rget_RSA 2017
-EVP_PKEY_rget_DH 2018
-EVP_PKEY_rget_DSA 2019
-X509_PURPOSE_cleanup 2020
-ASN1_STRING_set_default_mask_asc 2021
-X509_NAME_add_entry_by_txt 2022
-X509_NAME_add_entry_by_NID 2023
-X509_NAME_add_entry_by_OBJ 2024
-X509_NAME_ENTRY_create_by_txt 2025
-PEM_read_X509_AUX 2026
-X509_CERT_AUX_free 2027
-X509_alias_set 2028
-PEM_read_bio_X509_AUX 2029
-X509_trust_set_bit_asc 2030
-d2i_X509_AUX 2031
-X509_CERT_AUX_print 2032
-ASN1_BIT_STRING_num_asc 2033
-X509_CERT_AUX_new 2034
-ASN1_BIT_STRING_set_asc 2035
-i2d_X509_CERT_AUX 2036
-PEM_write_X509_AUX 2037
-X509_notrust_set_bit 2038
-X509_add_notrust_object 2039
-PEM_write_bio_X509_AUX 2040
-X509_alias_get 2041
-X509_trust_set_bit 2042
-d2i_X509_CERT_AUX 2043
-X509_notrust_set_bit_asc 2044
-i2d_X509_AUX 2045
-ASN1_BIT_STRING_name_print 2046
-X509_add_trust_object 2047
-OTHERNAME_new 2048
-i2d_OTHERNAME 2049
-CRYPTO_add_info 2050
-d2i_OTHERNAME 2051
-OTHERNAME_free 2052
-X509_cmp 2053
-PEM_write_PUBKEY 2054
-PEM_write_bio_RSA_PUBKEY 2055
-d2i_RSA_PUBKEY_fp 2056
-EVP_PKEY_rset_DSA 2057
-X509_load_cert_crl_file 2058
-i2d_RSA_PUBKEY 2059
-PEM_read_RSA_PUBKEY 2060
-i2d_DSA_PUBKEY 2061
-i2d_RSA_PUBKEY_bio 2062
-i2d_PUBKEY 2063
-PEM_read_bio_PUBKEY 2064
-PEM_read_PUBKEY 2065
-d2i_RSA_PUBKEY 2066
-d2i_DSA_PUBKEY 2067
-d2i_RSA_PUBKEY_bio 2068
-d2i_PUBKEY 2069
-EVP_PKEY_rset_RSA 2070
-PEM_read_bio_RSA_PUBKEY 2071
-PEM_write_RSA_PUBKEY 2072
-EVP_PKEY_rset_DH 2073
-i2d_RSA_PUBKEY_fp 2074
-PEM_write_bio_PUBKEY 2075
-sk_ACCESS_DESCRIPTION_shift 2076
-d2i_AUTHORITY_INFO_ACCESS 2077
-sk_ACCESS_DESCRIPTION_delete 2078
-ACCESS_DESCRIPTION_new 2079
-d2i_ACCESS_DESCRIPTION 2080
-sk_ACCESS_DESCRIPTION_set 2081
-i2d_ASN1_SET_OF_ACCESS_DESCRIPTION 2082
-sk_ACCESS_DESCRIPTION_free 2083
-sk_ACCESS_DESCRIPTION_value 2084
-sk_ACCESS_DESCRIPTION_unshift 2085
-sk_ACCESS_DESCRIPTION_pop_free 2086
-ACCESS_DESCRIPTION_free 2087
-sk_ACCESS_DESCRIPTION_dup 2088
-sk_ACCESS_DESCRIPTION_zero 2089
-sk_ACCESS_DESCRIPTION_new 2090
-sk_ACCESS_DESCRIPTION_push 2091
-d2i_ASN1_SET_OF_ACCESS_DESCRIPTION 2092
-sk_ACCESS_DESCRIPTION_find 2093
-AUTHORITY_INFO_ACCESS_free 2094
-sk_ACCESS_DESCRIPTION_pop 2095
-i2d_AUTHORITY_INFO_ACCESS 2096
-sk_ACCESS_DESCRIPTION_num 2097
-i2d_ACCESS_DESCRIPTION 2098
-sk_ACCESS_DESCRIPTION_new_null 2099
-sk_ACCESS_DESCRIPTION_delete_ptr 2100
-sk_ACCESS_DESCRIPTION_insert 2101
-sk_ACCESS_DESCRIPTION_sort 2102
-sk_ACCESS_DESCRIPTION_set_cmp_func 2103
-sk_X509_TRUST_pop 2104
-X509_cleanup 2105
-sk_X509_TRUST_set_cmp_func 2106
-X509_PURPOSE_get_by_sname 2107
-X509_STORE_CTX_free 2108
-sk_X509_TRUST_pop_free 2109
-X509_STORE_CTX_purpose_inherit 2110
-sk_X509_TRUST_push 2111
-X509_PURPOSE_get_id 2112
-sk_X509_TRUST_find 2113
-X509_TRUST_get_id 2114
-X509_TRUST_iget_name 2115
-X509_TRUST_iget 2116
-sk_X509_TRUST_unshift 2117
-X509_PURPOSE_get_count 2118
-X509_add_reject_object 2119
-sk_X509_TRUST_new_null 2120
-sk_X509_TRUST_new 2121
-sk_X509_TRUST_delete_ptr 2122
-X509_PURPOSE_iget_sname 2123
-X509_TRUST_get_count 2124
-X509_reject_set_bit_asc 2125
-X509_PURPOSE_iget 2126
-sk_X509_TRUST_free 2127
-sk_X509_TRUST_num 2128
-X509_init 2129
-X509_TRUST_add 2130
-X509_TRUST_add_standard 2131
-sk_X509_TRUST_zero 2132
-sk_X509_TRUST_shift 2133
-X509_TRUST_cleanup 2134
-sk_X509_TRUST_set 2135
-X509_TRUST_get_by_id 2136
-X509_PURPOSE_get_trust 2137
-X509_STORE_CTX_set_trust 2138
-X509_STORE_CTX_new 2139
-sk_X509_TRUST_value 2140
-X509_TRUST_get_trust 2141
-X509_STORE_CTX_set_purpose 2142
-sk_X509_TRUST_dup 2143
-sk_X509_TRUST_insert 2144
-X509_check_trust 2145
-sk_X509_TRUST_sort 2146
-X509_reject_set_bit 2147
-sk_X509_TRUST_delete 2148
+X509_PURPOSE_get_id 1997
+DISPLAYTEXT_free 1998
+OTHERNAME_new 1999
+sk_X509_TRUST_find 2000
+X509_CERT_AUX_new 2001
+sk_ACCESS_DESCRIPTION_dup 2002
+sk_ASN1_STRING_TABLE_pop_free 2003
+sk_ASN1_STRING_TABLE_unshift 2004
+sk_X509_TRUST_shift 2005
+sk_ACCESS_DESCRIPTION_zero 2006
+X509_TRUST_cleanup 2007
+X509_NAME_add_entry_by_OBJ 2008
+X509V3_CRL_get_d2i 2009
+sk_X509_TRUST_set 2010
+X509_PURPOSE_iget_name 2011
+PEM_read_PUBKEY 2012
+sk_ACCESS_DESCRIPTION_new 2013
+i2d_DSA_PUBKEY_bio 2014
+i2d_OTHERNAME 2015
+ASN1_OCTET_STRING_free 2016
+ASN1_BIT_STRING_set_asc 2017
+sk_ACCESS_DESCRIPTION_push 2018
+X509_get_ex_new_index 2019
+ASN1_STRING_TABLE_cleanup 2020
+X509_TRUST_get_by_id 2021
+X509_PURPOSE_get_trust 2022
+ASN1_STRING_length 2023
+d2i_ASN1_SET_OF_ACCESS_DESCRIPTION 2024
+ASN1_PRINTABLESTRING_new 2025
+X509V3_get_d2i 2026
+ASN1_ENUMERATED_free 2027
+i2d_X509_CERT_AUX 2028
+sk_ACCESS_DESCRIPTION_find 2029
+X509_STORE_CTX_set_trust 2030
+sk_X509_PURPOSE_unshift 2031
+ASN1_STRING_set_default_mask 2032
+X509_STORE_CTX_new 2033
+EVP_PKEY_rget_RSA 2034
+sk_X509_PURPOSE_set 2035
+sk_ASN1_STRING_TABLE_insert 2036
+sk_X509_PURPOSE_sort 2037
+DIRECTORYSTRING_free 2038
+PEM_write_X509_AUX 2039
+ASN1_OCTET_STRING_set 2040
+d2i_DSA_PUBKEY_fp 2041
+sk_ASN1_STRING_TABLE_free 2042
+sk_X509_TRUST_value 2043
+d2i_RSA_PUBKEY 2044
+sk_ASN1_STRING_TABLE_set 2045
+X509_TRUST_iget_name 2046
+X509_TRUST_iget 2047
+AUTHORITY_INFO_ACCESS_free 2048
+ASN1_IA5STRING_new 2049
+d2i_DSA_PUBKEY 2050
+X509_check_purpose 2051
+ASN1_ENUMERATED_new 2052
+d2i_RSA_PUBKEY_bio 2053
+d2i_PUBKEY 2054
+X509_TRUST_get_trust 2055
+X509_TRUST_get_flags 2056
+ASN1_BMPSTRING_free 2057
+ASN1_T61STRING_new 2058
+sk_X509_TRUST_unshift 2059
+ASN1_UTCTIME_new 2060
+sk_ACCESS_DESCRIPTION_pop 2061
+i2d_AUTHORITY_INFO_ACCESS 2062
+EVP_PKEY_rset_RSA 2063
+X509_STORE_CTX_set_purpose 2064
+ASN1_IA5STRING_free 2065
+PEM_write_bio_X509_AUX 2066
+X509_PURPOSE_get_count 2067
+CRYPTO_add_info 2068
+sk_ACCESS_DESCRIPTION_num 2069
+sk_ASN1_STRING_TABLE_set_cmp_func 2070
+X509_NAME_ENTRY_create_by_txt 2071
+ASN1_STRING_get_default_mask 2072
+sk_X509_TRUST_dup 2073
+X509_alias_get 2074
+ASN1_STRING_data 2075
+sk_X509_TRUST_insert 2076
+i2d_ACCESS_DESCRIPTION 2077
+X509_trust_set_bit 2078
+sk_X509_PURPOSE_delete_ptr 2079
+ASN1_BIT_STRING_free 2080
+PEM_read_bio_RSA_PUBKEY 2081
+X509_add_reject_object 2082
+X509_check_trust 2083
+sk_X509_TRUST_new_null 2084
+sk_ACCESS_DESCRIPTION_new_null 2085
+sk_ACCESS_DESCRIPTION_delete_ptr 2086
+sk_X509_TRUST_sort 2087
+PEM_read_bio_DSA_PUBKEY 2088
+sk_X509_TRUST_new 2089
+X509_PURPOSE_add 2090
+ASN1_STRING_TABLE_get 2091
+ASN1_UTF8STRING_free 2092
+d2i_DSA_PUBKEY_bio 2093
+sk_ASN1_STRING_TABLE_delete 2094
+PEM_write_RSA_PUBKEY 2095
+d2i_OTHERNAME 2096
+sk_ACCESS_DESCRIPTION_insert 2097
+X509_reject_set_bit 2098
+sk_X509_TRUST_delete_ptr 2099
+sk_X509_PURPOSE_pop_free 2100
+PEM_write_DSA_PUBKEY 2101
+sk_X509_PURPOSE_free 2102
+sk_X509_PURPOSE_dup 2103
+sk_ASN1_STRING_TABLE_zero 2104
+X509_PURPOSE_iget_sname 2105
+sk_ASN1_STRING_TABLE_shift 2106
+EVP_PKEY_rset_DH 2107
+ASN1_OCTET_STRING_dup 2108
+ASN1_BIT_STRING_set 2109
+X509_TRUST_get_count 2110
+ASN1_INTEGER_free 2111
+OTHERNAME_free 2112
+i2d_RSA_PUBKEY_fp 2113
+ASN1_INTEGER_dup 2114
+d2i_X509_CERT_AUX 2115
+sk_ASN1_STRING_TABLE_new_null 2116
+PEM_write_bio_PUBKEY 2117
+ASN1_VISIBLESTRING_free 2118
+X509_PURPOSE_cleanup 2119
+sk_ASN1_STRING_TABLE_push 2120
+sk_ASN1_STRING_TABLE_dup 2121
+sk_X509_PURPOSE_shift 2122
+ASN1_mbstring_ncopy 2123
+sk_X509_PURPOSE_new 2124
+sk_X509_PURPOSE_insert 2125
+ASN1_GENERALIZEDTIME_new 2126
+sk_ACCESS_DESCRIPTION_sort 2127
+EVP_PKEY_rget_DH 2128
+sk_ACCESS_DESCRIPTION_set_cmp_func 2129
+ASN1_OCTET_STRING_new 2130
+ASN1_INTEGER_new 2131
+i2d_X509_AUX 2132
+sk_ASN1_STRING_TABLE_find 2133
+ASN1_BIT_STRING_name_print 2134
+X509_cmp 2135
+ASN1_STRING_length_set 2136
+DIRECTORYSTRING_new 2137
+sk_ASN1_STRING_TABLE_new 2138
+sk_X509_TRUST_delete 2139
+X509_add_trust_object 2140
