diff --git a/CHANGES b/CHANGES index 78b002083a7b525049788160448a8bbe61f4c5ed..a347efc14baaf0bcc71d45ff900c91c06e28d2d0 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.7e and 0.9.8 [xx XXX xxxx] + *) Add processing of proxy certificates (see RFC 3820). This work was + sponsored by KTH (The Royal Institute of Technology in Stockholm) and + EGEE (Enabling Grids for E-science in Europe). + [Richard Levitte] + *) RC4 performance overhaul on modern architectures/implementations, such as Intel P4, IA-64 and AMD64. [Andy Polyakov] diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf index 05663c95b7df030ba83c273d6da7034d2ff98dc8..130b430d42e6cbb6ede9d04d11dd07b3f971e2ce 100644 --- a/apps/openssl-vms.cnf +++ b/apps/openssl-vms.cnf @@ -258,3 +258,56 @@ basicConstraints = CA:true # issuerAltName=issuer:copy authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 8941f454f8a577d088f5628772498a75e2f21e54..6d731cbe8b732aba8111c56663949e7f84953e71 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -258,3 +258,56 @@ basicConstraints = CA:true # issuerAltName=issuer:copy authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 7a5138276ebef86843b24b943a5d3c8e3473c810..c2a707a9845a8b9253d0c9cad826842557ba211a 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 746 -#define NUM_SN 742 -#define NUM_LN 742 -#define NUM_OBJ 704 +#define NUM_NID 751 +#define NUM_SN 747 +#define NUM_LN 747 +#define NUM_OBJ 709 -static unsigned char lvalues[4963]={ +static unsigned char lvalues[5002]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -772,6 +772,11 @@ static unsigned char lvalues[4963]={ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4935] OBJ_sha384 */ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4944] OBJ_sha512 */ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4953] OBJ_sha224 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4962] OBJ_id_ppl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4969] OBJ_proxyCertInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4977] OBJ_id_ppl_anyLanguage */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4985] OBJ_id_ppl_inheritAll */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4993] OBJ_Independent */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1932,6 +1937,14 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"SHA224","sha224",NID_sha224,9,&(lvalues[4953]),0}, {"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL}, {"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL}, +{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4962]),0}, +{"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, + &(lvalues[4969]),0}, +{"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8, + &(lvalues[4977]),0}, +{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8, + &(lvalues[4985]),0}, +{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4993]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -2271,6 +2284,10 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[271]),/* "id-pkix1-explicit-93" */ &(nid_objs[270]),/* "id-pkix1-implicit-88" */ &(nid_objs[272]),/* "id-pkix1-implicit-93" */ +&(nid_objs[746]),/* "id-ppl" */ +&(nid_objs[748]),/* "id-ppl-anyLanguage" */ +&(nid_objs[750]),/* "id-ppl-independent" */ +&(nid_objs[749]),/* "id-ppl-inheritAll" */ &(nid_objs[267]),/* "id-qcs" */ &(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */ &(nid_objs[259]),/* "id-qt" */ @@ -2453,6 +2470,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[415]),/* "prime256v1" */ &(nid_objs[385]),/* "private" */ &(nid_objs[84]),/* "privateKeyUsagePeriod" */ +&(nid_objs[747]),/* "proxyCertInfo" */ &(nid_objs[510]),/* "pseudonym" */ &(nid_objs[435]),/* "pss" */ &(nid_objs[286]),/* "qcStatements" */ @@ -2683,6 +2701,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[363]),/* "AD Time Stamping" */ &(nid_objs[405]),/* "ANSI X9.62" */ &(nid_objs[368]),/* "Acceptable OCSP Responses" */ +&(nid_objs[748]),/* "Any language" */ &(nid_objs[177]),/* "Authority Information Access" */ &(nid_objs[365]),/* "Basic OCSP Response" */ &(nid_objs[285]),/* "Biometric Info" */ @@ -2705,6 +2724,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[296]),/* "IPSec User" */ &(nid_objs[182]),/* "ISO Member Body" */ &(nid_objs[183]),/* "ISO US Member Body" */ +&(nid_objs[750]),/* "Independent" */ +&(nid_objs[749]),/* "Inherit all" */ &(nid_objs[647]),/* "International Organizations" */ &(nid_objs[142]),/* "Invalidity Date" */ &(nid_objs[504]),/* "MIME MHS" */ @@ -2748,6 +2769,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[164]),/* "Policy Qualifier CPS" */ &(nid_objs[165]),/* "Policy Qualifier User Notice" */ &(nid_objs[385]),/* "Private" */ +&(nid_objs[747]),/* "Proxy Certificate Information" */ &(nid_objs[ 1]),/* "RSA Data Security, Inc." */ &(nid_objs[ 2]),/* "RSA Data Security, Inc. PKCS" */ &(nid_objs[188]),/* "S/MIME" */ @@ -3009,6 +3031,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[271]),/* "id-pkix1-explicit-93" */ &(nid_objs[270]),/* "id-pkix1-implicit-88" */ &(nid_objs[272]),/* "id-pkix1-implicit-93" */ +&(nid_objs[746]),/* "id-ppl" */ &(nid_objs[267]),/* "id-qcs" */ &(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */ &(nid_objs[259]),/* "id-qt" */ @@ -3727,6 +3750,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[266]),/* OBJ_id_aca 1 3 6 1 5 5 7 10 */ &(nid_objs[267]),/* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ &(nid_objs[268]),/* OBJ_id_cct 1 3 6 1 5 5 7 12 */ +&(nid_objs[746]),/* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ &(nid_objs[176]),/* OBJ_id_ad 1 3 6 1 5 5 7 48 */ &(nid_objs[507]),/* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ &(nid_objs[508]),/* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ @@ -3801,6 +3825,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[292]),/* OBJ_sbqp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ &(nid_objs[397]),/* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ &(nid_objs[398]),/* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ +&(nid_objs[747]),/* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ &(nid_objs[164]),/* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ &(nid_objs[165]),/* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ &(nid_objs[293]),/* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ @@ -3871,6 +3896,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[360]),/* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ &(nid_objs[361]),/* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ &(nid_objs[362]),/* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ +&(nid_objs[748]),/* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ +&(nid_objs[749]),/* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ +&(nid_objs[750]),/* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ &(nid_objs[178]),/* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ &(nid_objs[179]),/* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ &(nid_objs[363]),/* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index e53aadb6c60c23bc6118cdda8204710d6bf40bed..322577094a0cd2c1aae048faf2672bd5e0e2c9dc 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -1265,6 +1265,10 @@ #define NID_id_cct 268 #define OBJ_id_cct OBJ_id_pkix,12L +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 746 +#define OBJ_id_ppl OBJ_id_pkix,21L + #define SN_id_ad "id-ad" #define NID_id_ad 176 #define OBJ_id_ad OBJ_id_pkix,48L @@ -1380,6 +1384,11 @@ #define NID_sinfo_access 398 #define OBJ_sinfo_access OBJ_id_pe,11L +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 747 +#define OBJ_proxyCertInfo OBJ_id_pe,14L + #define SN_id_qt_cps "id-qt-cps" #define LN_id_qt_cps "Policy Qualifier CPS" #define NID_id_qt_cps 164 @@ -1704,6 +1713,21 @@ #define NID_id_cct_PKIResponse 362 #define OBJ_id_cct_PKIResponse OBJ_id_cct,3L +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 748 +#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 749 +#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 750 +#define OBJ_Independent OBJ_id_ppl,2L + #define SN_ad_OCSP "OCSP" #define LN_ad_OCSP "OCSP" #define NID_ad_OCSP 178 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index c5dd8db1d37980b1328303d189eb7149c4b56c73..180d20f1bc2b5a474e282e99d694f775f316353a 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -743,3 +743,8 @@ sha512 742 sha224 743 ipsec3 744 ipsec4 745 +id_ppl 746 +proxyCertInfo 747 +id_ppl_anyLanguage 748 +id_ppl_inheritAll 749 +Independent 750 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index f2ea4a4db0f769cb9a2e7a263e4010324785dfb9..46a405b3e64b134ff845d119b3995feef27cba1f 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -405,6 +405,7 @@ id-pkix 9 : id-pda id-pkix 10 : id-aca id-pkix 11 : id-qcs id-pkix 12 : id-cct +id-pkix 21 : id-ppl id-pkix 48 : id-ad # PKIX Modules @@ -439,6 +440,7 @@ id-pe 9 : sbqp-routerIdentifier id-pe 10 : ac-proxying !Cname sinfo-access id-pe 11 : subjectInfoAccess : Subject Information Access +id-pe 14 : proxyCertInfo : Proxy Certificate Information # PKIX policyQualifiers for Internet policy qualifiers id-qt 1 : id-qt-cps : Policy Qualifier CPS @@ -554,6 +556,11 @@ id-cct 1 : id-cct-crs id-cct 2 : id-cct-PKIData id-cct 3 : id-cct-PKIResponse +# Predefined Proxy Certificate policy languages +id-ppl 0 : id-ppl-anyLanguage : Any language +id-ppl 1 : id-ppl-inheritAll : Inherit all +id-ppl 2 : id-ppl-independent : Independent + # access descriptors for authority info access extension !Cname ad-OCSP id-ad 1 : OCSP : OCSP diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 016164cb686bd44fc039c5fba9517d95a869df69..46673fddd138493607a9d3ddf2bd33790c2bbd5c 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -280,6 +280,7 @@ struct x509_st CRYPTO_EX_DATA ex_data; /* These contain copies of various extension values */ long ex_pathlen; + long ex_pcpathlen; unsigned long ex_flags; unsigned long ex_kusage; unsigned long ex_xkusage; diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 57ff33dc1983963dfed8bd1ba85e4c59a0cb29bd..247e7e178ab6363ce1a59b3ffc5e63cdeb3e3382 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -126,6 +126,8 @@ const char *X509_verify_cert_error_string(long n) return ("invalid non-CA certificate (has CA markings)"); case X509_V_ERR_PATH_LENGTH_EXCEEDED: return ("path length constraint exceeded"); + case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: + return("proxy path length constraint exceeded"); case X509_V_ERR_INVALID_PURPOSE: return ("unsupported certificate purpose"); case X509_V_ERR_CERT_UNTRUSTED: @@ -142,28 +144,22 @@ const char *X509_verify_cert_error_string(long n) return("authority and issuer serial number mismatch"); case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: return("key usage does not include certificate signing"); - case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: return("unable to get CRL issuer certificate"); - case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: return("unhandled critical extension"); - case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: return("key usage does not include CRL signing"); - + case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: + return("key usage does not include digital signature"); case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: return("unhandled critical CRL extension"); - case X509_V_ERR_INVALID_EXTENSION: return("invalid or inconsistent certificate extension"); - case X509_V_ERR_INVALID_POLICY_EXTENSION: return("invalid or inconsistent certificate policy extension"); - case X509_V_ERR_NO_EXPLICIT_POLICY: return("no explicit policy"); - default: BIO_snprintf(buf,sizeof buf,"error number %ld",n); return(buf); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index c6c83ad72f915a8fa040a6323350e4822bb448d3..cbdd978a7dbd205d57c75851b3d284da1f4b14ff 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -389,6 +389,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) int i, ok=0, must_be_ca; X509 *x; int (*cb)(); + int proxy_path_length = 0; cb=ctx->verify_cb; /* must_be_ca can have 1 of 3 values: @@ -472,7 +473,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) } /* Check pathlen */ if ((i > 1) && (x->ex_pathlen != -1) - && (i > (x->ex_pathlen + 1))) + && (i > (x->ex_pathlen + proxy_path_length + 1))) { ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; ctx->error_depth = i; @@ -480,8 +481,26 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ok=cb(0,ctx); if (!ok) goto end; } - /* The next certificate must be a CA */ - must_be_ca = 1; + /* If this certificate is a proxy certificate, the next + certificate must be another proxy certificate or a EE + certificate. If not, the next certificate must be a + CA certificate. */ + if (x->ex_flags & EXFLAG_PROXY) + { + if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) + { + ctx->error = + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; + ctx->error_depth = i; + ctx->current_cert = x; + ok=cb(0,ctx); + if (!ok) goto end; + } + proxy_path_length++; + must_be_ca = 0; + } + else + must_be_ca = 1; } ok = 1; end: diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index 5f49c2a8b7b352355bee30946c61289fae506548..33ace72671a8f7086f6dcd43a5f584a72cc42084 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -323,10 +323,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 #define X509_V_ERR_INVALID_NON_CA 37 +#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 -#define X509_V_ERR_INVALID_EXTENSION 38 -#define X509_V_ERR_INVALID_POLICY_EXTENSION 39 -#define X509_V_ERR_NO_EXPLICIT_POLICY 40 +#define X509_V_ERR_INVALID_EXTENSION 40 +#define X509_V_ERR_INVALID_POLICY_EXTENSION 41 +#define X509_V_ERR_NO_EXPLICIT_POLICY 42 /* The application is not happy */ diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 57c236e3d23d6cc0bf6b0e864f32940255480d4d..f91301188c28c17904106aa6542a0af8c59672f2 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -26,13 +26,13 @@ LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \ v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \ v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ -v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c pcy_cache.c pcy_node.c \ -pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c +v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \ +pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ -v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o pcy_cache.o pcy_node.o \ -pcy_data.o pcy_map.o pcy_tree.o pcy_lib.o +v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o v3_pcia.o v3_pci.o \ +pcy_cache.o pcy_node.o pcy_data.o pcy_map.o pcy_tree.o pcy_lib.o SRC= $(LIBSRC) @@ -410,6 +410,32 @@ v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c +v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c +v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 7be85651894b0a2907ccd7eae68f07555599f505..3ee4bffe39bfbe104971fdfdbb9675db59bb7700 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -64,7 +64,7 @@ extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld; extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; -extern X509V3_EXT_METHOD v3_crl_hold; +extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp; @@ -112,6 +112,7 @@ static X509V3_EXT_METHOD *standard_exts[] = { #ifndef OPENSSL_NO_OCSP &v3_crl_hold, #endif +&v3_pci, &v3_policy_mappings, &v3_name_constraints, &v3_inhibit_anyp diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c new file mode 100644 index 0000000000000000000000000000000000000000..42fb0d74df6d682290b05aec2768db77c6e7abab --- /dev/null +++ b/crypto/x509v3/v3_pci.c @@ -0,0 +1,307 @@ +/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */ +/* Contributed to the OpenSSL Project 2004 + * by Richard Levitte (richard@levitte.org) + */ +/* Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include "cryptlib.h" +#include +#include + +static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, + BIO *out, int indent); +static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *str); + +X509V3_EXT_METHOD v3_pci = + { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), + 0,0,0,0, + 0,0, + NULL, NULL, + (X509V3_EXT_I2R)i2r_pci, + (X509V3_EXT_R2I)r2i_pci, + NULL, + }; + +static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, + BIO *out, int indent) + { + BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); + if (pci->pcPathLengthConstraint) + i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); + else + BIO_printf(out, "infinite"); + BIO_puts(out, "\n"); + BIO_printf(out, "%*sPolicy Language: ", indent, ""); + i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); + BIO_puts(out, "\n"); + if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) + BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", + pci->proxyPolicy->policy->data); + return 1; + } + +static int process_pci_value(CONF_VALUE *val, + ASN1_OBJECT **language, ASN1_INTEGER **pathlen, + ASN1_OCTET_STRING **policy) + { + int free_policy = 0; + + if (strcmp(val->name, "language") == 0) + { + if (*language) + { + X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED); + X509V3_conf_err(val); + return 0; + } + if (!(*language = OBJ_txt2obj(val->value, 0))) + { + X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); + return 0; + } + } + else if (strcmp(val->name, "pathlen") == 0) + { + if (*pathlen) + { + X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED); + X509V3_conf_err(val); + return 0; + } + if (!X509V3_get_value_int(val, pathlen)) + { + X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH); + X509V3_conf_err(val); + return 0; + } + } + else if (strcmp(val->name, "policy") == 0) + { + unsigned char *tmp_data = NULL; + long val_len; + if (!*policy) + { + *policy = ASN1_OCTET_STRING_new(); + if (!*policy) + { + X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + return 0; + } + free_policy = 1; + } + if (strncmp(val->value, "hex:", 4) == 0) + { + unsigned char *tmp_data2 = + string_to_hex(val->value + 4, &val_len); + + if (!tmp_data2) goto err; + + tmp_data = OPENSSL_realloc((*policy)->data, + (*policy)->length + val_len + 1); + if (tmp_data) + { + (*policy)->data = tmp_data; + memcpy(&(*policy)->data[(*policy)->length], + tmp_data2, val_len); + (*policy)->length += val_len; + (*policy)->data[(*policy)->length] = '\0'; + } + } + else if (strncmp(val->value, "file:", 5) == 0) + { + unsigned char buf[2048]; + int n; + BIO *b = BIO_new_file(val->value + 5, "r"); + if (!b) + { + X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB); + X509V3_conf_err(val); + goto err; + } + while((n = BIO_read(b, buf, sizeof(buf))) > 0 + || (n == 0 && BIO_should_retry(b))) + { + if (!n) continue; + + tmp_data = OPENSSL_realloc((*policy)->data, + (*policy)->length + n + 1); + + if (!tmp_data) + break; + + (*policy)->data = tmp_data; + memcpy(&(*policy)->data[(*policy)->length], + buf, n); + (*policy)->length += n; + (*policy)->data[(*policy)->length] = '\0'; + } + + if (n < 0) + { + X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB); + X509V3_conf_err(val); + goto err; + } + } + else if (strncmp(val->value, "text:", 5) == 0) + { + val_len = strlen(val->value + 5); + tmp_data = OPENSSL_realloc((*policy)->data, + (*policy)->length + val_len + 1); + if (tmp_data) + { + (*policy)->data = tmp_data; + memcpy(&(*policy)->data[(*policy)->length], + val->value + 5, val_len); + (*policy)->length += val_len; + (*policy)->data[(*policy)->length] = '\0'; + } + } + else + { + X509V3err(X509V3_F_R2I_PCI,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG); + X509V3_conf_err(val); + goto err; + } + if (!tmp_data) + { + X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } + } + return 1; +err: + if (free_policy) + { + ASN1_OCTET_STRING_free(*policy); + *policy = NULL; + } + return 0; + } + +static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *value) + { + PROXY_CERT_INFO_EXTENSION *pci = NULL; + STACK_OF(CONF_VALUE) *vals; + ASN1_OBJECT *language = NULL; + ASN1_INTEGER *pathlen = NULL; + ASN1_OCTET_STRING *policy = NULL; + int i, j; + + vals = X509V3_parse_list(value); + for (i = 0; i < sk_CONF_VALUE_num(vals); i++) + { + CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); + if (!cnf->name || (*cnf->name != '@' && !cnf->value)) + { + X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING); + X509V3_conf_err(cnf); + goto err; + } + if (*cnf->name == '@') + { + STACK_OF(CONF_VALUE) *sect; + int success_p = 1; + + sect = X509V3_get_section(ctx, cnf->name + 1); + if (!sect) + { + X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION); + X509V3_conf_err(cnf); + goto err; + } + for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) + { + success_p = + process_pci_value(sk_CONF_VALUE_value(sect, j), + &language, &pathlen, &policy); + } + X509V3_section_free(ctx, sect); + if (!success_p) + goto err; + } + else + { + if (!process_pci_value(cnf, + &language, &pathlen, &policy)) + { + X509V3_conf_err(cnf); + goto err; + } + } + } + + /* Language is mandatory */ + if (!language) + { + X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); + goto err; + } + + pci = PROXY_CERT_INFO_EXTENSION_new(); + if (!pci) + { + X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); + goto err; + } + pci->proxyPolicy = PROXY_POLICY_new(); + if (!pci->proxyPolicy) + { + X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); + goto err; + } + + pci->proxyPolicy->policyLanguage = language; language = NULL; + pci->proxyPolicy->policy = policy; policy = NULL; + pci->pcPathLengthConstraint = pathlen; pathlen = NULL; + goto end; +err: + if (language) { ASN1_OBJECT_free(language); language = NULL; } + if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; } + if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; } + if (pci && pci->proxyPolicy) + { + PROXY_POLICY_free(pci->proxyPolicy); + pci->proxyPolicy = NULL; + } + if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; } +end: + sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); + return pci; + } diff --git a/crypto/x509v3/v3_pcia.c b/crypto/x509v3/v3_pcia.c new file mode 100644 index 0000000000000000000000000000000000000000..bb362e0e5a9d18546fa8e536eaa0f62dedba285c --- /dev/null +++ b/crypto/x509v3/v3_pcia.c @@ -0,0 +1,55 @@ +/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */ +/* Contributed to the OpenSSL Project 2004 + * by Richard Levitte (richard@levitte.org) + */ +/* Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include + +ASN1_SEQUENCE(PROXY_POLICY) = + { + ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT), + ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(PROXY_POLICY) + +IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY) + +ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) = + { + ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER), + ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY) +} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION) + +IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index a60d41bc243645aeabffc7e71534b13e632a66b5..9f992c9087598a7125b140252baa7714106e6417 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -285,7 +285,8 @@ int X509_supported_extension(X509_EXTENSION *ex) NID_key_usage, /* 83 */ NID_subject_alt_name, /* 85 */ NID_basic_constraints, /* 87 */ - NID_ext_key_usage /* 126 */ + NID_ext_key_usage, /* 126 */ + NID_proxyCertInfo /* 661 */ }; int ex_nid; @@ -306,6 +307,7 @@ int X509_supported_extension(X509_EXTENSION *ex) static void x509v3_cache_extensions(X509 *x) { BASIC_CONSTRAINTS *bs; + PROXY_CERT_INFO_EXTENSION *pci; ASN1_BIT_STRING *usage; ASN1_BIT_STRING *ns; EXTENDED_KEY_USAGE *extusage; @@ -334,6 +336,18 @@ static void x509v3_cache_extensions(X509 *x) BASIC_CONSTRAINTS_free(bs); x->ex_flags |= EXFLAG_BCONS; } + /* Handle proxy certificates */ + if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { + if (x->ex_flags & EXFLAG_CA) { + x->ex_flags |= EXFLAG_INVALID; + } + if (pci->pcPathLengthConstraint) { + x->ex_pcpathlen = + ASN1_INTEGER_get(pci->pcPathLengthConstraint); + } else x->ex_pcpathlen = -1; + PROXY_CERT_INFO_EXTENSION_free(pci); + x->ex_flags |= EXFLAG_PROXY; + } /* Handle key usage */ if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { if(usage->length > 0) { @@ -623,7 +637,13 @@ int X509_check_issued(X509 *issuer, X509 *subject) return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; } } - if(ku_reject(issuer, KU_KEY_CERT_SIGN)) return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; + if(subject->ex_flags & EXFLAG_PROXY) + { + if(ku_reject(issuer, KU_DIGITAL_SIGNATURE)) + return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; + } + else if(ku_reject(issuer, KU_KEY_CERT_SIGN)) + return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; return X509_V_OK; } diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 2e210799db8f42c78ca2734a38d3ef42603d05dd..ac96c3ff1ea974dc40446b665f6ca79e54ad7be7 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -81,6 +81,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, {ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, {ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"}, +{ERR_PACK(0,X509V3_F_R2I_PCI,0), "R2I_PCI"}, {ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"}, {ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"}, {ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"}, @@ -138,6 +139,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"}, {X509V3_R_ILLEGAL_EMPTY_EXTENSION ,"illegal empty extension"}, {X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"}, +{X509V3_R_INCORRECT_POLICY_SYNTAX_TAG ,"incorrect policy syntax tag"}, {X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"}, {X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"}, {X509V3_R_INVALID_NAME ,"invalid name"}, @@ -149,6 +151,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"}, {X509V3_R_INVALID_OPTION ,"invalid option"}, {X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, +{X509V3_R_INVALID_PROXY_POLICY_SETTING ,"invalid proxy policy setting"}, {X509V3_R_INVALID_PURPOSE ,"invalid purpose"}, {X509V3_R_INVALID_SECTION ,"invalid section"}, {X509V3_R_INVALID_SYNTAX ,"invalid syntax"}, @@ -159,11 +162,16 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"}, {X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"}, {X509V3_R_NO_POLICY_IDENTIFIER ,"no policy identifier"}, +{X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED,"no proxy cert policy language defined"}, {X509V3_R_NO_PUBLIC_KEY ,"no public key"}, {X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"}, {X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"}, {X509V3_R_OPERATION_NOT_DEFINED ,"operation not defined"}, {X509V3_R_OTHERNAME_ERROR ,"othername error"}, +{X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED,"policy language alreadty defined"}, +{X509V3_R_POLICY_PATH_LENGTH ,"policy path length"}, +{X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED,"policy path length alreadty defined"}, +{X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED,"policy syntax not currently supported"}, {X509V3_R_SECTION_NOT_FOUND ,"section not found"}, {X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"}, {X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"}, diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 4ade7cf6ec6035b0c8019f5da7acc3b5724847b8..c1662e2acdd13a963d1611b7a376ae717fe96ce0 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -313,6 +313,23 @@ typedef struct POLICY_CONSTRAINTS_st { ASN1_INTEGER *inhibitPolicyMapping; } POLICY_CONSTRAINTS; +/* Proxy certificate structures, see RFC 3820 */ +typedef struct PROXY_POLICY_st + { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; + } PROXY_POLICY; + +typedef struct PROXY_CERT_INFO_EXTENSION_st + { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; + } PROXY_CERT_INFO_EXTENSION; + +DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) +DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + + #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ ",name:", val->name, ",value:", val->value); @@ -351,6 +368,7 @@ typedef struct POLICY_CONSTRAINTS_st { #define EXFLAG_INVALID 0x80 #define EXFLAG_SET 0x100 #define EXFLAG_CRITICAL 0x200 +#define EXFLAG_PROXY 0x400 #define EXFLAG_INVALID_POLICY 0x400 @@ -631,6 +649,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_NREF_NOS 133 #define X509V3_F_POLICY_SECTION 131 #define X509V3_F_R2I_CERTPOL 130 +#define X509V3_F_R2I_PCI 149 #define X509V3_F_S2I_ASN1_IA5STRING 100 #define X509V3_F_S2I_ASN1_INTEGER 108 #define X509V3_F_S2I_ASN1_OCTET_STRING 112 @@ -685,6 +704,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_EXTENSION_VALUE_ERROR 116 #define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 #define X509V3_R_ILLEGAL_HEX_DIGIT 113 +#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 #define X509V3_R_INVALID_BOOLEAN_STRING 104 #define X509V3_R_INVALID_EXTENSION_STRING 105 #define X509V3_R_INVALID_NAME 106 @@ -696,6 +716,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 #define X509V3_R_INVALID_OPTION 138 #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +#define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 #define X509V3_R_INVALID_PURPOSE 146 #define X509V3_R_INVALID_SECTION 135 #define X509V3_R_INVALID_SYNTAX 143 @@ -706,11 +727,16 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_NO_ISSUER_CERTIFICATE 121 #define X509V3_R_NO_ISSUER_DETAILS 127 #define X509V3_R_NO_POLICY_IDENTIFIER 139 +#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 #define X509V3_R_NO_PUBLIC_KEY 114 #define X509V3_R_NO_SUBJECT_DETAILS 125 #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 #define X509V3_R_OPERATION_NOT_DEFINED 148 #define X509V3_R_OTHERNAME_ERROR 147 +#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 +#define X509V3_R_POLICY_PATH_LENGTH 156 +#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 +#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 #define X509V3_R_SECTION_NOT_FOUND 150 #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 diff --git a/test/CAss.cnf b/test/CAss.cnf index 0884fee36159c3fdba98084f49cbff30a3e1e7db..20f8f05e3dfd36febc570603016a364288a76c50 100644 --- a/test/CAss.cnf +++ b/test/CAss.cnf @@ -71,4 +71,6 @@ emailAddress = optional [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always -basicConstraints = CA:true +basicConstraints = CA:true,pathlen:1 +keyUsage = cRLSign, keyCertSign +issuerAltName=issuer:copy diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 7b7b7a8e1f46034a7fa92fa976d3208e2af7116c..b49dec0b3e1735347d0802ff26eb5320ac5d4a5b 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -274,17 +274,23 @@ test_gen: @echo "Generate and verify a certificate request" @$(SET_SO_PATHS); sh ./testgen -test_ss keyU.ss certU.ss certCA.ss: testss +test_ss keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ + intP1.ss intP2.ss: testss @echo "Generate and certify a test certificate" @$(SET_SO_PATHS); sh ./testss + @cat certCA.ss certU.ss > intP1.ss + @cat certCA.ss certU.ss certP1.ss > intP2.ss test_engine: @echo "Manipulate the ENGINE structures" $(SET_SO_PATHS); ./$(ENGINETEST) -test_ssl: keyU.ss certU.ss certCA.ss +test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ + intP1.ss intP2.ss @echo "test SSL protocol" @$(SET_SO_PATHS); sh ./testssl keyU.ss certU.ss certCA.ss + @$(SET_SO_PATHS); sh ./testssl keyP1.ss certP1.ss intP1.ss + @$(SET_SO_PATHS); sh ./testssl keyP2.ss certP2.ss intP2.ss test_ca: @$(SET_SO_PATHS); if ../apps/openssl no-rsa; then \ diff --git a/test/P1ss.cnf b/test/P1ss.cnf new file mode 100644 index 0000000000000000000000000000000000000000..864e4d2ad67fbe6fb97390bb648e48c37b4e5f5a --- /dev/null +++ b/test/P1ss.cnf @@ -0,0 +1,37 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +default_bits = 512 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = md2 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Brother 1 + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Brother 2 + +2.commonName = Common Name (eg, YOUR name) +2.commonName_value = Proxy 1 + +[ v3_proxy ] +basicConstraints=CA:FALSE +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:foo diff --git a/test/P2ss.cnf b/test/P2ss.cnf new file mode 100644 index 0000000000000000000000000000000000000000..04a76cd34bbeb0a1be82be1ee958a00a9f007cf3 --- /dev/null +++ b/test/P2ss.cnf @@ -0,0 +1,45 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +default_bits = 512 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = md2 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Brother 1 + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Brother 2 + +2.commonName = Common Name (eg, YOUR name) +2.commonName_value = Proxy 1 + +3.commonName = Common Name (eg, YOUR name) +3.commonName_value = Proxy 2 + +[ v3_proxy ] +basicConstraints=CA:FALSE +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always +proxyCertInfo=critical,@proxy_ext + +[ proxy_ext ] +language=id-ppl-anyLanguage +pathlen=0 +policy=text:bar diff --git a/test/Uss.cnf b/test/Uss.cnf index c89692d5199c32e1ff74c59853175e868b00f7b3..0c0ebb5f67294dc455424b807ae0b0ed375c8367 100644 --- a/test/Uss.cnf +++ b/test/Uss.cnf @@ -26,3 +26,11 @@ organizationName_value = Dodgy Brothers 1.commonName = Common Name (eg, YOUR name) 1.commonName_value = Brother 2 + +[ v3_ee ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always +basicConstraints = CA:false +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +issuerAltName=issuer:copy + diff --git a/test/testss b/test/testss index 8d3557f356d9a1697d874e105eb87c3d5c36e41b..e71510befaa875475cc20fb236676f2505995ead 100644 --- a/test/testss +++ b/test/testss @@ -17,6 +17,18 @@ Ukey="keyU.ss" Ureq="reqU.ss" Ucert="certU.ss" +P1conf="P1ss.cnf" +P1key="keyP1.ss" +P1req="reqP1.ss" +P1cert="certP1.ss" +P1intermediate="tmp_intP1.ss" + +P2conf="P2ss.cnf" +P2key="keyP2.ss" +P2req="reqP2.ss" +P2cert="certP2.ss" +P2intermediate="tmp_intP2.ss" + echo echo "make a certificate request using 'req'" @@ -35,7 +47,7 @@ if [ $? != 0 ]; then fi echo echo "convert the certificate request into a self signed certificate using 'x509'" -$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >err.ss +$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss if [ $? != 0 ]; then echo "error using 'x509' to self sign a certificate request" exit 1 @@ -68,18 +80,18 @@ if [ $? != 0 ]; then fi echo -echo "make another certificate request using 'req'" +echo "make a user certificate request using 'req'" $reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss if [ $? != 0 ]; then - echo "error using 'req' to generate a certificate request" + echo "error using 'req' to generate a user certificate request" exit 1 fi echo -echo "sign certificate request with the just created CA via 'x509'" -$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey >err.ss +echo "sign user certificate request with the just created CA via 'x509'" +$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss if [ $? != 0 ]; then - echo "error using 'x509' to sign a certificate request" + echo "error using 'x509' to sign a user certificate request" exit 1 fi @@ -88,6 +100,50 @@ echo echo "Certificate details" $x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert +echo +echo "make a proxy certificate request using 'req'" +$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss +if [ $? != 0 ]; then + echo "error using 'req' to generate a proxy certificate request" + exit 1 +fi + +echo +echo "sign proxy certificate request with the just created user certificate via 'x509'" +$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss +if [ $? != 0 ]; then + echo "error using 'x509' to sign a proxy certificate request" + exit 1 +fi + +cat $Ucert > $P1intermediate +$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert +echo +echo "Certificate details" +$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert + +echo +echo "make another proxy certificate request using 'req'" +$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss +if [ $? != 0 ]; then + echo "error using 'req' to generate another proxy certificate request" + exit 1 +fi + +echo +echo "sign second proxy certificate request with the first proxy certificate via 'x509'" +$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss +if [ $? != 0 ]; then + echo "error using 'x509' to sign a second proxy certificate request" + exit 1 +fi + +cat $Ucert $P1cert > $P2intermediate +$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert +echo +echo "Certificate details" +$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert + echo echo The generated CA certificate is $CAcert echo The generated CA private key is $CAkey @@ -95,5 +151,13 @@ echo The generated CA private key is $CAkey echo The generated user certificate is $Ucert echo The generated user private key is $Ukey +echo The first generated proxy certificate is $P1cert +echo The first generated proxy private key is $P1key + +echo The second generated proxy certificate is $P2cert +echo The second generated proxy private key is $P2key + /bin/rm err.ss +#/bin/rm $P1intermediate +#/bin/rm $P2intermediate exit 0 diff --git a/util/libeay.num b/util/libeay.num index 674b07be4036b22a9ebebb8d751882b44ffcfc7b..30beee2fb34bdc125d65e6087680d2047b946ba0 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2843,448 +2843,460 @@ FIPS_mode 3283 NOEXIST::FUNCTION: FIPS_selftest_failed 3284 NOEXIST::FUNCTION: sk_is_sorted 3285 EXIST::FUNCTION: X509_check_ca 3286 EXIST::FUNCTION: -ERR_set_mark 3287 EXIST::FUNCTION: -X509_STORE_CTX_set0_crls 3288 EXIST::FUNCTION: -ENGINE_set_STORE 3289 EXIST::FUNCTION:ENGINE -ENGINE_register_ECDSA 3290 EXIST::FUNCTION:ENGINE -STORE_method_set_list_start_function 3291 EXIST:!VMS:FUNCTION: -STORE_meth_set_list_start_fn 3291 EXIST:VMS:FUNCTION: -NAME_CONSTRAINTS_free 3292 EXIST::FUNCTION: -STORE_ATTR_INFO_set_number 3293 EXIST::FUNCTION: -X509_STORE_CTX_set0_param 3294 EXIST::FUNCTION: -POLICY_MAPPING_it 3295 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_MAPPING_it 3295 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -STORE_parse_attrs_start 3296 EXIST::FUNCTION: -POLICY_CONSTRAINTS_free 3297 EXIST::FUNCTION: -BN_nist_mod_192 3298 EXIST::FUNCTION: -EC_GROUP_get_trinomial_basis 3299 EXIST::FUNCTION:EC -STORE_set_method 3300 EXIST::FUNCTION: -EVP_aes_256_cfb128 3301 EXIST::FUNCTION:AES -GENERAL_SUBTREE_free 3302 EXIST::FUNCTION: -NAME_CONSTRAINTS_it 3303 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NAME_CONSTRAINTS_it 3303 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ECDH_get_default_method 3304 EXIST::FUNCTION:ECDH -PKCS12_add_safe 3305 EXIST::FUNCTION: -STORE_method_get_update_store_function 3306 EXIST:!VMS:FUNCTION: -STORE_meth_get_update_store_fn 3306 EXIST:VMS:FUNCTION: -ENGINE_register_ECDH 3307 EXIST::FUNCTION:ENGINE -EVP_sha384 3308 EXIST::FUNCTION:SHA,SHA512 -SHA512_Update 3309 EXIST::FUNCTION:SHA,SHA512 -i2d_ECPrivateKey 3310 EXIST::FUNCTION:EC -BN_get0_nist_prime_192 3311 EXIST::FUNCTION: -STORE_modify_certificate 3312 EXIST::FUNCTION: -EC_POINT_set_affine_coordinates_GF2m 3313 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_affine_coords_GF2m 3313 EXIST:VMS:FUNCTION:EC -BN_GF2m_mod_exp_arr 3314 EXIST::FUNCTION: -STORE_ATTR_INFO_modify_number 3315 EXIST::FUNCTION: -X509_keyid_get0 3316 EXIST::FUNCTION: -EC_GROUP_new_by_nid 3317 EXIST::FUNCTION:EC -ENGINE_load_gmp 3318 EXIST::FUNCTION:ENGINE,STATIC_ENGINE -BN_GF2m_mod_mul_arr 3319 EXIST::FUNCTION: -STORE_list_public_key_endp 3320 EXIST::FUNCTION: -o2i_ECPublicKey 3321 EXIST::FUNCTION:EC -EC_KEY_copy 3322 EXIST::FUNCTION:EC -BIO_dump_fp 3323 EXIST::FUNCTION:FP_API -X509_policy_node_get0_parent 3324 EXIST::FUNCTION: -EC_GROUP_check_discriminant 3325 EXIST::FUNCTION:EC -i2o_ECPublicKey 3326 EXIST::FUNCTION:EC -a2i_IPADDRESS 3327 EXIST::FUNCTION: -STORE_method_set_initialise_function 3328 EXIST:!VMS:FUNCTION: -STORE_meth_set_initialise_fn 3328 EXIST:VMS:FUNCTION: -X509_STORE_CTX_set_depth 3329 EXIST::FUNCTION: -X509_VERIFY_PARAM_inherit 3330 EXIST::FUNCTION: -EC_POINT_point2bn 3331 EXIST::FUNCTION:EC -STORE_ATTR_INFO_set_dn 3332 EXIST::FUNCTION: -X509_policy_tree_get0_policies 3333 EXIST::FUNCTION: -EC_GROUP_new_curve_GF2m 3334 EXIST::FUNCTION:EC -STORE_destroy_method 3335 EXIST::FUNCTION: -ENGINE_unregister_STORE 3336 EXIST::FUNCTION:ENGINE -EVP_PKEY_get1_EC_KEY 3337 EXIST::FUNCTION:EC -STORE_ATTR_INFO_get0_number 3338 EXIST::FUNCTION: -ENGINE_get_default_ECDH 3339 EXIST::FUNCTION:ENGINE -ASN1_OCTET_STRING_NDEF_it 3340 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_OCTET_STRING_NDEF_it 3340 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -STORE_delete_public_key 3341 EXIST::FUNCTION: -STORE_get_public_key 3342 EXIST::FUNCTION: -STORE_modify_arbitrary 3343 EXIST::FUNCTION: -ENGINE_get_static_state 3344 EXIST::FUNCTION:ENGINE -ECDSA_SIG_new 3345 EXIST::FUNCTION:ECDSA -OPENSSL_DIR_end 3346 EXIST::FUNCTION: -BN_GF2m_mod_sqr 3347 EXIST::FUNCTION: -EC_POINT_bn2point 3348 EXIST::FUNCTION:EC -X509_VERIFY_PARAM_set_depth 3349 EXIST::FUNCTION: -STORE_get_method 3350 EXIST::FUNCTION: -STORE_parse_attrs_end 3351 EXIST::FUNCTION: -EC_GROUP_get_point_conversion_form 3352 EXIST:!VMS:FUNCTION:EC -EC_GROUP_get_point_conv_form 3352 EXIST:VMS:FUNCTION:EC -STORE_method_set_store_function 3353 EXIST::FUNCTION: -STORE_ATTR_INFO_in 3354 EXIST::FUNCTION: -PEM_read_bio_ECPKParameters 3355 EXIST::FUNCTION:EC -EC_GROUP_get_pentanomial_basis 3356 EXIST::FUNCTION:EC -X509_VERIFY_PARAM_set1_policies 3357 EXIST::FUNCTION: -EVP_sha512 3358 EXIST::FUNCTION:SHA,SHA512 -X509_VERIFY_PARAM_set1_name 3359 EXIST::FUNCTION: -X509_VERIFY_PARAM_set_purpose 3360 EXIST::FUNCTION: -EC_GROUP_get_nid 3361 EXIST::FUNCTION:EC -STORE_get_number 3362 EXIST::FUNCTION: -ECDSA_sign_setup 3363 EXIST::FUNCTION:ECDSA -BN_GF2m_mod_solve_quad_arr 3364 EXIST::FUNCTION: -EC_KEY_up_ref 3365 EXIST::FUNCTION:EC -POLICY_MAPPING_free 3366 EXIST::FUNCTION: -BN_GF2m_mod_div 3367 EXIST::FUNCTION: -X509_VERIFY_PARAM_set_flags 3368 EXIST::FUNCTION: -EC_KEY_free 3369 EXIST::FUNCTION:EC -STORE_method_set_list_next_function 3370 EXIST:!VMS:FUNCTION: -STORE_meth_set_list_next_fn 3370 EXIST:VMS:FUNCTION: -PEM_write_bio_ECPrivateKey 3371 EXIST::FUNCTION:EC -d2i_EC_PUBKEY 3372 EXIST::FUNCTION:EC -STORE_method_get_generate_function 3373 EXIST:!VMS:FUNCTION: -STORE_meth_get_generate_fn 3373 EXIST:VMS:FUNCTION: -STORE_method_set_list_end_function 3374 EXIST:!VMS:FUNCTION: -STORE_meth_set_list_end_fn 3374 EXIST:VMS:FUNCTION: -EC_GROUP_have_precompute_mult 3375 EXIST::FUNCTION:EC -EC_KEY_print_fp 3376 EXIST::FUNCTION:EC,FP_API -BN_GF2m_mod_arr 3377 EXIST::FUNCTION: -PEM_write_bio_X509_CERT_PAIR 3378 EXIST::FUNCTION: -EVP_PKEY_cmp 3379 EXIST::FUNCTION: -X509_policy_level_node_count 3380 EXIST::FUNCTION: -STORE_new_engine 3381 EXIST::FUNCTION: -STORE_list_public_key_start 3382 EXIST::FUNCTION: -X509_VERIFY_PARAM_new 3383 EXIST::FUNCTION: -ECDH_get_ex_data 3384 EXIST::FUNCTION:ECDH -ECDSA_do_sign 3385 EXIST::FUNCTION:ECDSA -ENGINE_unregister_ECDH 3386 EXIST::FUNCTION:ENGINE -ECDH_OpenSSL 3387 EXIST::FUNCTION:ECDH -EC_POINT_dup 3388 EXIST::FUNCTION:EC -GENERAL_SUBTREE_new 3389 EXIST::FUNCTION: -STORE_list_crl_endp 3390 EXIST::FUNCTION: -EC_get_builtin_curves 3391 EXIST::FUNCTION:EC -EVP_aes_128_cfb128 3392 EXIST::FUNCTION:AES -X509_policy_node_get0_qualifiers 3393 EXIST:!VMS:FUNCTION: -X509_pcy_node_get0_qualifiers 3393 EXIST:VMS:FUNCTION: -STORE_list_crl_end 3394 EXIST::FUNCTION: -EVP_PKEY_set1_EC_KEY 3395 EXIST::FUNCTION:EC -BN_GF2m_mod_sqrt_arr 3396 EXIST::FUNCTION: -i2d_ECPrivateKey_bio 3397 EXIST::FUNCTION:BIO,EC -ECPKParameters_print_fp 3398 EXIST::FUNCTION:EC,FP_API -ECDSA_SIG_free 3399 EXIST::FUNCTION:ECDSA -PEM_write_bio_ECPKParameters 3400 EXIST::FUNCTION:EC -STORE_method_set_ctrl_function 3401 EXIST::FUNCTION: -STORE_list_public_key_end 3402 EXIST::FUNCTION: -EC_GROUP_set_nid 3403 EXIST::FUNCTION:EC -STORE_get_arbitrary 3404 EXIST::FUNCTION: -STORE_store_crl 3405 EXIST::FUNCTION: -X509_policy_node_get0_policy 3406 EXIST::FUNCTION: -PKCS12_add_safes 3407 EXIST::FUNCTION: -X509_policy_tree_free 3408 EXIST::FUNCTION: -BN_GF2m_poly2arr 3409 EXIST::FUNCTION: -STORE_ctrl 3410 EXIST::FUNCTION: -EVP_sha224 3411 EXIST::FUNCTION:SHA,SHA256 -STORE_ATTR_INFO_compare 3412 EXIST::FUNCTION: -BN_get0_nist_prime_224 3413 EXIST::FUNCTION: -i2d_ECParameters 3414 EXIST::FUNCTION:EC -i2d_ECPKParameters 3415 EXIST::FUNCTION:EC -BN_GENCB_call 3416 EXIST::FUNCTION: -BN_ncopy 3417 EXIST::FUNCTION: -d2i_ECPKParameters 3418 EXIST::FUNCTION:EC -STORE_method_set_generate_function 3419 EXIST:!VMS:FUNCTION: -STORE_meth_set_generate_fn 3419 EXIST:VMS:FUNCTION: -ENGINE_set_ECDH 3420 EXIST::FUNCTION:ENGINE -NAME_CONSTRAINTS_new 3421 EXIST::FUNCTION: -SHA256_Init 3422 EXIST::FUNCTION:SHA,SHA256 -PEM_write_bio_EC_PUBKEY 3423 EXIST::FUNCTION:EC -STORE_ATTR_INFO_set_cstr 3424 EXIST::FUNCTION: -STORE_list_crl_next 3425 EXIST::FUNCTION: -STORE_ATTR_INFO_in_range 3426 EXIST::FUNCTION: -ECParameters_print 3427 EXIST::FUNCTION:BIO,EC -STORE_method_set_delete_function 3428 EXIST:!VMS:FUNCTION: -STORE_meth_set_delete_fn 3428 EXIST:VMS:FUNCTION: -STORE_list_certificate_next 3429 EXIST::FUNCTION: -ASN1_generate_nconf 3430 EXIST::FUNCTION: -BUF_memdup 3431 EXIST::FUNCTION: -BN_GF2m_mod_mul 3432 EXIST::FUNCTION: -STORE_method_get_list_next_function 3433 EXIST:!VMS:FUNCTION: -STORE_meth_get_list_next_fn 3433 EXIST:VMS:FUNCTION: -STORE_ATTR_INFO_get0_dn 3434 EXIST::FUNCTION: -STORE_list_private_key_next 3435 EXIST::FUNCTION: -EC_GROUP_set_seed 3436 EXIST::FUNCTION:EC -X509_VERIFY_PARAM_set_trust 3437 EXIST::FUNCTION: -STORE_ATTR_INFO_free 3438 EXIST::FUNCTION: -STORE_get_private_key 3439 EXIST::FUNCTION: -STORE_ATTR_INFO_new 3440 EXIST::FUNCTION: -EC_GROUP_get_curve_GF2m 3441 EXIST::FUNCTION:EC -STORE_method_set_revoke_function 3442 EXIST:!VMS:FUNCTION: -STORE_meth_set_revoke_fn 3442 EXIST:VMS:FUNCTION: -STORE_store_number 3443 EXIST::FUNCTION: -BN_is_prime_ex 3444 EXIST::FUNCTION: -STORE_revoke_public_key 3445 EXIST::FUNCTION: -X509_STORE_CTX_get0_param 3446 EXIST::FUNCTION: -STORE_delete_arbitrary 3447 EXIST::FUNCTION: -PEM_read_X509_CERT_PAIR 3448 EXIST:!WIN16:FUNCTION: -X509_STORE_set_depth 3449 EXIST::FUNCTION: -ECDSA_get_ex_data 3450 EXIST::FUNCTION:ECDSA -SHA224 3451 EXIST::FUNCTION:SHA,SHA256 -BIO_dump_indent_fp 3452 EXIST::FUNCTION:FP_API -BUF_strndup 3453 EXIST::FUNCTION: -STORE_list_certificate_start 3454 EXIST::FUNCTION: -BN_GF2m_mod 3455 EXIST::FUNCTION: -X509_REQ_check_private_key 3456 EXIST::FUNCTION: -EC_GROUP_get_seed_len 3457 EXIST::FUNCTION:EC -ERR_load_STORE_strings 3458 EXIST::FUNCTION: -PEM_read_bio_EC_PUBKEY 3459 EXIST::FUNCTION:EC -STORE_list_private_key_end 3460 EXIST::FUNCTION: -i2d_EC_PUBKEY 3461 EXIST::FUNCTION:EC -ECDSA_get_default_method 3462 EXIST::FUNCTION:ECDSA -ASN1_put_eoc 3463 EXIST::FUNCTION: -X509_STORE_CTX_get_explicit_policy 3464 EXIST:!VMS:FUNCTION: -X509_STORE_CTX_get_expl_policy 3464 EXIST:VMS:FUNCTION: -ECDSA_DATA_free 3465 EXIST::FUNCTION:ECDSA -X509_VERIFY_PARAM_table_cleanup 3466 EXIST::FUNCTION: -STORE_modify_private_key 3467 EXIST::FUNCTION: -X509_VERIFY_PARAM_free 3468 EXIST::FUNCTION: -EC_METHOD_get_field_type 3469 EXIST::FUNCTION:EC -EC_GFp_nist_method 3470 EXIST::FUNCTION:EC -STORE_method_set_modify_function 3471 EXIST:!VMS:FUNCTION: -STORE_meth_set_modify_fn 3471 EXIST:VMS:FUNCTION: -STORE_parse_attrs_next 3472 EXIST::FUNCTION: -ENGINE_load_padlock 3473 EXIST::FUNCTION:ENGINE -X509_CERT_PAIR_it 3474 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_CERT_PAIR_it 3474 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -STORE_method_get_revoke_function 3475 EXIST:!VMS:FUNCTION: -STORE_meth_get_revoke_fn 3475 EXIST:VMS:FUNCTION: -STORE_method_set_get_function 3476 EXIST::FUNCTION: -STORE_modify_number 3477 EXIST::FUNCTION: -STORE_method_get_store_function 3478 EXIST::FUNCTION: -STORE_store_private_key 3479 EXIST::FUNCTION: -BN_GF2m_mod_sqr_arr 3480 EXIST::FUNCTION: -STORE_Memory 3481 EXIST::FUNCTION: -sk_find_ex 3482 EXIST::FUNCTION: -EC_GROUP_set_curve_GF2m 3483 EXIST::FUNCTION:EC -ENGINE_set_default_ECDSA 3484 EXIST::FUNCTION:ENGINE -POLICY_CONSTRAINTS_new 3485 EXIST::FUNCTION: -BN_GF2m_mod_sqrt 3486 EXIST::FUNCTION: -ECDH_set_default_method 3487 EXIST::FUNCTION:ECDH -EC_KEY_generate_key 3488 EXIST::FUNCTION:EC -SHA384_Update 3489 EXIST::FUNCTION:SHA,SHA512 -BN_GF2m_arr2poly 3490 EXIST::FUNCTION: -STORE_method_get_get_function 3491 EXIST::FUNCTION: -STORE_method_set_cleanup_function 3492 EXIST:!VMS:FUNCTION: -STORE_meth_set_cleanup_fn 3492 EXIST:VMS:FUNCTION: -EC_GROUP_check 3493 EXIST::FUNCTION:EC -d2i_ECPrivateKey_bio 3494 EXIST::FUNCTION:BIO,EC -STORE_method_get_lock_store_function 3495 EXIST:!VMS:FUNCTION: -STORE_meth_get_lock_store_fn 3495 EXIST:VMS:FUNCTION: -X509_VERIFY_PARAM_get_depth 3496 EXIST::FUNCTION: -EVP_aes_192_cfb128 3497 EXIST::FUNCTION:AES -SHA224_Final 3498 EXIST::FUNCTION:SHA,SHA256 -STORE_method_set_update_store_function 3499 EXIST:!VMS:FUNCTION: -STORE_meth_set_update_store_fn 3499 EXIST:VMS:FUNCTION: -SHA224_Update 3500 EXIST::FUNCTION:SHA,SHA256 -d2i_ECPrivateKey 3501 EXIST::FUNCTION:EC -ASN1_item_ndef_i2d 3502 EXIST::FUNCTION: -STORE_delete_private_key 3503 EXIST::FUNCTION: -ERR_pop_to_mark 3504 EXIST::FUNCTION: -ENGINE_register_all_STORE 3505 EXIST::FUNCTION:ENGINE -X509_policy_level_get0_node 3506 EXIST::FUNCTION: -i2d_PKCS7_NDEF 3507 EXIST::FUNCTION: -EC_GROUP_get_degree 3508 EXIST::FUNCTION:EC -ASN1_generate_v3 3509 EXIST::FUNCTION: -STORE_ATTR_INFO_modify_cstr 3510 EXIST::FUNCTION: -X509_policy_tree_level_count 3511 EXIST::FUNCTION: -BN_GF2m_add 3512 EXIST::FUNCTION: -STORE_generate_crl 3513 EXIST::FUNCTION: -STORE_store_public_key 3514 EXIST::FUNCTION: -X509_CERT_PAIR_free 3515 EXIST::FUNCTION: -STORE_revoke_private_key 3516 EXIST::FUNCTION: -BN_nist_mod_224 3517 EXIST::FUNCTION: -SHA512_Final 3518 EXIST::FUNCTION:SHA,SHA512 -STORE_ATTR_INFO_modify_dn 3519 EXIST::FUNCTION: -STORE_method_get_initialise_function 3520 EXIST:!VMS:FUNCTION: -STORE_meth_get_initialise_fn 3520 EXIST:VMS:FUNCTION: -STORE_delete_number 3521 EXIST::FUNCTION: -i2d_EC_PUBKEY_bio 3522 EXIST::FUNCTION:BIO,EC -EC_GROUP_get_asn1_flag 3523 EXIST::FUNCTION:EC -STORE_ATTR_INFO_in_ex 3524 EXIST::FUNCTION: -STORE_list_crl_start 3525 EXIST::FUNCTION: -ECDH_get_ex_new_index 3526 EXIST::FUNCTION:ECDH -STORE_method_get_modify_function 3527 EXIST:!VMS:FUNCTION: -STORE_meth_get_modify_fn 3527 EXIST:VMS:FUNCTION: -v2i_ASN1_BIT_STRING 3528 EXIST::FUNCTION: -STORE_store_certificate 3529 EXIST::FUNCTION: -OBJ_bsearch_ex 3530 EXIST::FUNCTION: -X509_STORE_CTX_set_default 3531 EXIST::FUNCTION: -STORE_ATTR_INFO_set_sha1str 3532 EXIST::FUNCTION: -BN_GF2m_mod_inv 3533 EXIST::FUNCTION: -BN_GF2m_mod_exp 3534 EXIST::FUNCTION: -STORE_modify_public_key 3535 EXIST::FUNCTION: -STORE_method_get_list_start_function 3536 EXIST:!VMS:FUNCTION: -STORE_meth_get_list_start_fn 3536 EXIST:VMS:FUNCTION: -EC_GROUP_get0_seed 3537 EXIST::FUNCTION:EC -ecdsa_check 3538 EXIST::FUNCTION:ECDSA -STORE_store_arbitrary 3539 EXIST::FUNCTION: -STORE_method_set_unlock_store_function 3540 EXIST:!VMS:FUNCTION: -STORE_meth_set_unlock_store_fn 3540 EXIST:VMS:FUNCTION: -BN_GF2m_mod_div_arr 3541 EXIST::FUNCTION: -ENGINE_set_ECDSA 3542 EXIST::FUNCTION:ENGINE -STORE_create_method 3543 EXIST::FUNCTION: -ECPKParameters_print 3544 EXIST::FUNCTION:BIO,EC -PEM_write_EC_PUBKEY 3545 EXIST:!WIN16:FUNCTION:EC -X509_VERIFY_PARAM_set1 3546 EXIST::FUNCTION: -ECDH_set_method 3547 EXIST::FUNCTION:ECDH -v2i_GENERAL_NAME_ex 3548 EXIST::FUNCTION: -ECDH_set_ex_data 3549 EXIST::FUNCTION:ECDH -STORE_generate_key 3550 EXIST::FUNCTION: -BN_nist_mod_521 3551 EXIST::FUNCTION: -X509_policy_tree_get0_level 3552 EXIST::FUNCTION: -EC_GROUP_set_point_conversion_form 3553 EXIST:!VMS:FUNCTION:EC -EC_GROUP_set_point_conv_form 3553 EXIST:VMS:FUNCTION:EC -PEM_read_EC_PUBKEY 3554 EXIST:!WIN16:FUNCTION:EC -i2d_ECDSA_SIG 3555 EXIST::FUNCTION:ECDSA -ECDSA_OpenSSL 3556 EXIST::FUNCTION:ECDSA -STORE_delete_crl 3557 EXIST::FUNCTION: -ASN1_const_check_infinite_end 3558 EXIST::FUNCTION: -ECDSA_set_default_method 3559 EXIST::FUNCTION:ECDSA -EC_POINT_set_compressed_coordinates_GF2m 3560 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_compr_coords_GF2m 3560 EXIST:VMS:FUNCTION:EC -EC_GROUP_cmp 3561 EXIST::FUNCTION:EC -STORE_revoke_certificate 3562 EXIST::FUNCTION: -ECDH_DATA_new_method 3563 EXIST::FUNCTION:ECDH -BN_get0_nist_prime_256 3564 EXIST::FUNCTION: -STORE_method_get_delete_function 3565 EXIST:!VMS:FUNCTION: -STORE_meth_get_delete_fn 3565 EXIST:VMS:FUNCTION: -SHA224_Init 3566 EXIST::FUNCTION:SHA,SHA256 -PEM_read_ECPrivateKey 3567 EXIST:!WIN16:FUNCTION:EC -SHA512_Init 3568 EXIST::FUNCTION:SHA,SHA512 -STORE_parse_attrs_endp 3569 EXIST::FUNCTION: -ERR_load_ECDSA_strings 3570 EXIST::FUNCTION:ECDSA -EC_GROUP_get_basis_type 3571 EXIST::FUNCTION:EC -ECDH_DATA_new 3572 EXIST::FUNCTION:ECDH -STORE_list_public_key_next 3573 EXIST::FUNCTION: -i2v_ASN1_BIT_STRING 3574 EXIST::FUNCTION: -STORE_OBJECT_free 3575 EXIST::FUNCTION: -BN_nist_mod_384 3576 EXIST::FUNCTION: -i2d_X509_CERT_PAIR 3577 EXIST::FUNCTION: -PEM_write_ECPKParameters 3578 EXIST:!WIN16:FUNCTION:EC -ECDH_compute_key 3579 EXIST::FUNCTION:ECDH -STORE_ATTR_INFO_get0_sha1str 3580 EXIST::FUNCTION: -ENGINE_register_all_ECDH 3581 EXIST::FUNCTION:ENGINE -STORE_ATTR_INFO_get0_cstr 3582 EXIST::FUNCTION: -POLICY_CONSTRAINTS_it 3583 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_CONSTRAINTS_it 3583 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -STORE_get_ex_new_index 3584 EXIST::FUNCTION: -X509_VERIFY_PARAM_add0_policy 3585 EXIST::FUNCTION: -BN_GF2m_mod_solve_quad 3586 EXIST::FUNCTION: -SHA256 3587 EXIST::FUNCTION:SHA,SHA256 -i2d_ECPrivateKey_fp 3588 EXIST::FUNCTION:EC,FP_API -X509_policy_tree_get0_user_policies 3589 EXIST:!VMS:FUNCTION: -X509_pcy_tree_get0_usr_policies 3589 EXIST:VMS:FUNCTION: -OPENSSL_DIR_read 3590 EXIST::FUNCTION: -ENGINE_register_all_ECDSA 3591 EXIST::FUNCTION:ENGINE -X509_VERIFY_PARAM_lookup 3592 EXIST::FUNCTION: -EC_POINT_get_affine_coordinates_GF2m 3593 EXIST:!VMS:FUNCTION:EC -EC_POINT_get_affine_coords_GF2m 3593 EXIST:VMS:FUNCTION:EC -EC_GROUP_dup 3594 EXIST::FUNCTION:EC -ENGINE_get_default_ECDSA 3595 EXIST::FUNCTION:ENGINE -EC_KEY_new 3596 EXIST::FUNCTION:EC -SHA256_Transform 3597 EXIST::FUNCTION:SHA,SHA256 -ECDSA_verify 3598 EXIST::FUNCTION:ECDSA -EC_POINT_point2hex 3599 EXIST::FUNCTION:EC -ENGINE_get_STORE 3600 EXIST::FUNCTION:ENGINE -SHA512 3601 EXIST::FUNCTION:SHA,SHA512 -STORE_get_certificate 3602 EXIST::FUNCTION: -ECDSA_do_verify 3603 EXIST::FUNCTION:ECDSA -d2i_ECPrivateKey_fp 3604 EXIST::FUNCTION:EC,FP_API -STORE_delete_certificate 3605 EXIST::FUNCTION: -SHA512_Transform 3606 EXIST::FUNCTION:SHA,SHA512 -X509_STORE_set1_param 3607 EXIST::FUNCTION: -STORE_method_get_ctrl_function 3608 EXIST::FUNCTION: -STORE_free 3609 EXIST::FUNCTION: -PEM_write_ECPrivateKey 3610 EXIST:!WIN16:FUNCTION:EC -STORE_method_get_unlock_store_function 3611 EXIST:!VMS:FUNCTION: -STORE_meth_get_unlock_store_fn 3611 EXIST:VMS:FUNCTION: -STORE_get_ex_data 3612 EXIST::FUNCTION: -PEM_read_ECPKParameters 3613 EXIST:!WIN16:FUNCTION:EC -X509_CERT_PAIR_new 3614 EXIST::FUNCTION: -ENGINE_register_STORE 3615 EXIST::FUNCTION:ENGINE -RSA_generate_key_ex 3616 EXIST::FUNCTION:RSA -DSA_generate_parameters_ex 3617 EXIST::FUNCTION:DSA -ECParameters_print_fp 3618 EXIST::FUNCTION:EC,FP_API -X509V3_NAME_from_section 3619 EXIST::FUNCTION: -STORE_modify_crl 3620 EXIST::FUNCTION: -STORE_list_private_key_start 3621 EXIST::FUNCTION: -POLICY_MAPPINGS_it 3622 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_MAPPINGS_it 3622 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -GENERAL_SUBTREE_it 3623 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -GENERAL_SUBTREE_it 3623 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ECDH_DATA_free 3624 EXIST::FUNCTION:ECDH -PEM_write_X509_CERT_PAIR 3625 EXIST:!WIN16:FUNCTION: -BIO_dump_indent_cb 3626 EXIST::FUNCTION: -d2i_X509_CERT_PAIR 3627 EXIST::FUNCTION: -STORE_list_private_key_endp 3628 EXIST::FUNCTION: -asn1_const_Finish 3629 EXIST::FUNCTION: -i2d_EC_PUBKEY_fp 3630 EXIST::FUNCTION:EC,FP_API -BN_nist_mod_256 3631 EXIST::FUNCTION: -ECDSA_DATA_new 3632 EXIST::FUNCTION:ECDSA -X509_VERIFY_PARAM_add0_table 3633 EXIST::FUNCTION: -EVP_sha256 3634 EXIST::FUNCTION:SHA,SHA256 -ECDSA_size 3635 EXIST::FUNCTION:ECDSA -d2i_EC_PUBKEY_bio 3636 EXIST::FUNCTION:BIO,EC -BN_get0_nist_prime_521 3637 EXIST::FUNCTION: -STORE_ATTR_INFO_modify_sha1str 3638 EXIST::FUNCTION: -BN_generate_prime_ex 3639 EXIST::FUNCTION: -SHA256_Final 3640 EXIST::FUNCTION:SHA,SHA256 -DH_generate_parameters_ex 3641 EXIST::FUNCTION:DH -PEM_read_bio_ECPrivateKey 3642 EXIST::FUNCTION:EC -STORE_method_get_cleanup_function 3643 EXIST:!VMS:FUNCTION: -STORE_meth_get_cleanup_fn 3643 EXIST:VMS:FUNCTION: -ENGINE_get_ECDH 3644 EXIST::FUNCTION:ENGINE -d2i_ECDSA_SIG 3645 EXIST::FUNCTION:ECDSA -BN_is_prime_fasttest_ex 3646 EXIST::FUNCTION: -ECDSA_sign 3647 EXIST::FUNCTION:ECDSA -X509_policy_check 3648 EXIST::FUNCTION: -STORE_set_ex_data 3649 EXIST::FUNCTION: -ENGINE_get_ECDSA 3650 EXIST::FUNCTION:ENGINE -EVP_ecdsa 3651 EXIST::FUNCTION:SHA -PKCS12_add_cert 3652 EXIST::FUNCTION: -STORE_OBJECT_new 3653 EXIST::FUNCTION: -ERR_load_ECDH_strings 3654 EXIST::FUNCTION:ECDH -EC_KEY_dup 3655 EXIST::FUNCTION:EC -EVP_CIPHER_CTX_rand_key 3656 EXIST::FUNCTION: -ECDSA_set_method 3657 EXIST::FUNCTION:ECDSA -a2i_IPADDRESS_NC 3658 EXIST::FUNCTION: -d2i_ECParameters 3659 EXIST::FUNCTION:EC -STORE_list_certificate_end 3660 EXIST::FUNCTION: -STORE_get_crl 3661 EXIST::FUNCTION: -X509_POLICY_NODE_print 3662 EXIST::FUNCTION: -SHA384_Init 3663 EXIST::FUNCTION:SHA,SHA512 -EC_GF2m_simple_method 3664 EXIST::FUNCTION:EC -ECDSA_set_ex_data 3665 EXIST::FUNCTION:ECDSA -SHA384_Final 3666 EXIST::FUNCTION:SHA,SHA512 -PKCS7_set_digest 3667 EXIST::FUNCTION: -EC_KEY_print 3668 EXIST::FUNCTION:BIO,EC -STORE_method_set_lock_store_function 3669 EXIST:!VMS:FUNCTION: -STORE_meth_set_lock_store_fn 3669 EXIST:VMS:FUNCTION: -ECDSA_get_ex_new_index 3670 EXIST::FUNCTION:ECDSA -SHA384 3671 EXIST::FUNCTION:SHA,SHA512 -POLICY_MAPPING_new 3672 EXIST::FUNCTION: -STORE_list_certificate_endp 3673 EXIST::FUNCTION: -X509_STORE_CTX_get0_policy_tree 3674 EXIST::FUNCTION: -EC_GROUP_set_asn1_flag 3675 EXIST::FUNCTION:EC -EC_KEY_check_key 3676 EXIST::FUNCTION:EC -d2i_EC_PUBKEY_fp 3677 EXIST::FUNCTION:EC,FP_API -PKCS7_set0_type_other 3678 EXIST::FUNCTION: -ecdh_check 3679 EXIST::FUNCTION:ECDH -ECDSA_DATA_new_method 3680 EXIST::FUNCTION:ECDSA -PEM_read_bio_X509_CERT_PAIR 3681 EXIST::FUNCTION: -STORE_method_get_list_end_function 3682 EXIST:!VMS:FUNCTION: -STORE_meth_get_list_end_fn 3682 EXIST:VMS:FUNCTION: -X509_VERIFY_PARAM_set_time 3683 EXIST::FUNCTION: -ENGINE_set_default_ECDH 3684 EXIST::FUNCTION:ENGINE -STORE_new_method 3685 EXIST::FUNCTION: -PKCS12_add_key 3686 EXIST::FUNCTION: -DSO_merge 3687 EXIST::FUNCTION: -EC_POINT_hex2point 3688 EXIST::FUNCTION:EC -BIO_dump_cb 3689 EXIST::FUNCTION: -SHA256_Update 3690 EXIST::FUNCTION:SHA,SHA256 -BN_GF2m_mod_inv_arr 3691 EXIST::FUNCTION: -ENGINE_unregister_ECDSA 3692 EXIST::FUNCTION:ENGINE +d2i_PROXY_CERT_INFO_EXTENSION 3287 EXIST::FUNCTION: +PROXY_POLICY_it 3288 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +PROXY_POLICY_it 3288 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +i2d_PROXY_POLICY 3289 EXIST::FUNCTION: +i2d_PROXY_CERT_INFO_EXTENSION 3290 EXIST::FUNCTION: +d2i_PROXY_POLICY 3291 EXIST::FUNCTION: +PROXY_CERT_INFO_EXTENSION_new 3292 EXIST::FUNCTION: +PROXY_CERT_INFO_EXTENSION_free 3293 EXIST::FUNCTION: +PROXY_CERT_INFO_EXTENSION_it 3294 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +PROXY_CERT_INFO_EXTENSION_it 3294 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PROXY_POLICY_free 3295 EXIST::FUNCTION: +PROXY_POLICY_new 3296 EXIST::FUNCTION: +ERR_set_mark 3297 EXIST::FUNCTION: +X509_STORE_CTX_set0_crls 3298 EXIST::FUNCTION: +ENGINE_set_STORE 3299 EXIST::FUNCTION:ENGINE +ENGINE_register_ECDSA 3300 EXIST::FUNCTION:ENGINE +STORE_method_set_list_start_function 3301 EXIST:!VMS:FUNCTION: +STORE_meth_set_list_start_fn 3301 EXIST:VMS:FUNCTION: +NAME_CONSTRAINTS_free 3302 EXIST::FUNCTION: +STORE_ATTR_INFO_set_number 3303 EXIST::FUNCTION: +X509_STORE_CTX_set0_param 3304 EXIST::FUNCTION: +POLICY_MAPPING_it 3305 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_MAPPING_it 3305 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_parse_attrs_start 3306 EXIST::FUNCTION: +POLICY_CONSTRAINTS_free 3307 EXIST::FUNCTION: +BN_nist_mod_192 3308 EXIST::FUNCTION: +EC_GROUP_get_trinomial_basis 3309 EXIST::FUNCTION:EC +STORE_set_method 3310 EXIST::FUNCTION: +EVP_aes_256_cfb128 3311 EXIST::FUNCTION:AES +GENERAL_SUBTREE_free 3312 EXIST::FUNCTION: +NAME_CONSTRAINTS_it 3313 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +NAME_CONSTRAINTS_it 3313 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ECDH_get_default_method 3314 EXIST::FUNCTION:ECDH +PKCS12_add_safe 3315 EXIST::FUNCTION: +STORE_method_get_update_store_function 3316 EXIST:!VMS:FUNCTION: +STORE_meth_get_update_store_fn 3316 EXIST:VMS:FUNCTION: +ENGINE_register_ECDH 3317 EXIST::FUNCTION:ENGINE +EVP_sha384 3318 EXIST::FUNCTION:SHA,SHA512 +SHA512_Update 3319 EXIST::FUNCTION:SHA,SHA512 +i2d_ECPrivateKey 3320 EXIST::FUNCTION:EC +BN_get0_nist_prime_192 3321 EXIST::FUNCTION: +STORE_modify_certificate 3322 EXIST::FUNCTION: +EC_POINT_set_affine_coordinates_GF2m 3323 EXIST:!VMS:FUNCTION:EC +EC_POINT_set_affine_coords_GF2m 3323 EXIST:VMS:FUNCTION:EC +BN_GF2m_mod_exp_arr 3324 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_number 3325 EXIST::FUNCTION: +X509_keyid_get0 3326 EXIST::FUNCTION: +EC_GROUP_new_by_nid 3327 EXIST::FUNCTION:EC +ENGINE_load_gmp 3328 EXIST::FUNCTION:ENGINE,STATIC_ENGINE +BN_GF2m_mod_mul_arr 3329 EXIST::FUNCTION: +STORE_list_public_key_endp 3330 EXIST::FUNCTION: +o2i_ECPublicKey 3331 EXIST::FUNCTION:EC +EC_KEY_copy 3332 EXIST::FUNCTION:EC +BIO_dump_fp 3333 EXIST::FUNCTION:FP_API +X509_policy_node_get0_parent 3334 EXIST::FUNCTION: +EC_GROUP_check_discriminant 3335 EXIST::FUNCTION:EC +i2o_ECPublicKey 3336 EXIST::FUNCTION:EC +a2i_IPADDRESS 3337 EXIST::FUNCTION: +STORE_method_set_initialise_function 3338 EXIST:!VMS:FUNCTION: +STORE_meth_set_initialise_fn 3338 EXIST:VMS:FUNCTION: +X509_STORE_CTX_set_depth 3339 EXIST::FUNCTION: +X509_VERIFY_PARAM_inherit 3340 EXIST::FUNCTION: +EC_POINT_point2bn 3341 EXIST::FUNCTION:EC +STORE_ATTR_INFO_set_dn 3342 EXIST::FUNCTION: +X509_policy_tree_get0_policies 3343 EXIST::FUNCTION: +EC_GROUP_new_curve_GF2m 3344 EXIST::FUNCTION:EC +STORE_destroy_method 3345 EXIST::FUNCTION: +ENGINE_unregister_STORE 3346 EXIST::FUNCTION:ENGINE +EVP_PKEY_get1_EC_KEY 3347 EXIST::FUNCTION:EC +STORE_ATTR_INFO_get0_number 3348 EXIST::FUNCTION: +ENGINE_get_default_ECDH 3349 EXIST::FUNCTION:ENGINE +ASN1_OCTET_STRING_NDEF_it 3350 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASN1_OCTET_STRING_NDEF_it 3350 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_delete_public_key 3351 EXIST::FUNCTION: +STORE_get_public_key 3352 EXIST::FUNCTION: +STORE_modify_arbitrary 3353 EXIST::FUNCTION: +ENGINE_get_static_state 3354 EXIST::FUNCTION:ENGINE +ECDSA_SIG_new 3355 EXIST::FUNCTION:ECDSA +OPENSSL_DIR_end 3356 EXIST::FUNCTION: +BN_GF2m_mod_sqr 3357 EXIST::FUNCTION: +EC_POINT_bn2point 3358 EXIST::FUNCTION:EC +X509_VERIFY_PARAM_set_depth 3359 EXIST::FUNCTION: +STORE_get_method 3360 EXIST::FUNCTION: +STORE_parse_attrs_end 3361 EXIST::FUNCTION: +EC_GROUP_get_point_conversion_form 3362 EXIST:!VMS:FUNCTION:EC +EC_GROUP_get_point_conv_form 3362 EXIST:VMS:FUNCTION:EC +STORE_method_set_store_function 3363 EXIST::FUNCTION: +STORE_ATTR_INFO_in 3364 EXIST::FUNCTION: +PEM_read_bio_ECPKParameters 3365 EXIST::FUNCTION:EC +EC_GROUP_get_pentanomial_basis 3366 EXIST::FUNCTION:EC +X509_VERIFY_PARAM_set1_policies 3367 EXIST::FUNCTION: +EVP_sha512 3368 EXIST::FUNCTION:SHA,SHA512 +X509_VERIFY_PARAM_set1_name 3369 EXIST::FUNCTION: +X509_VERIFY_PARAM_set_purpose 3370 EXIST::FUNCTION: +EC_GROUP_get_nid 3371 EXIST::FUNCTION:EC +STORE_get_number 3372 EXIST::FUNCTION: +ECDSA_sign_setup 3373 EXIST::FUNCTION:ECDSA +BN_GF2m_mod_solve_quad_arr 3374 EXIST::FUNCTION: +EC_KEY_up_ref 3375 EXIST::FUNCTION:EC +POLICY_MAPPING_free 3376 EXIST::FUNCTION: +BN_GF2m_mod_div 3377 EXIST::FUNCTION: +X509_VERIFY_PARAM_set_flags 3378 EXIST::FUNCTION: +EC_KEY_free 3379 EXIST::FUNCTION:EC +STORE_method_set_list_next_function 3380 EXIST:!VMS:FUNCTION: +STORE_meth_set_list_next_fn 3380 EXIST:VMS:FUNCTION: +PEM_write_bio_ECPrivateKey 3381 EXIST::FUNCTION:EC +d2i_EC_PUBKEY 3382 EXIST::FUNCTION:EC +STORE_method_get_generate_function 3383 EXIST:!VMS:FUNCTION: +STORE_meth_get_generate_fn 3383 EXIST:VMS:FUNCTION: +STORE_method_set_list_end_function 3384 EXIST:!VMS:FUNCTION: +STORE_meth_set_list_end_fn 3384 EXIST:VMS:FUNCTION: +EC_GROUP_have_precompute_mult 3385 EXIST::FUNCTION:EC +EC_KEY_print_fp 3386 EXIST::FUNCTION:EC,FP_API +BN_GF2m_mod_arr 3387 EXIST::FUNCTION: +PEM_write_bio_X509_CERT_PAIR 3388 EXIST::FUNCTION: +EVP_PKEY_cmp 3389 EXIST::FUNCTION: +X509_policy_level_node_count 3390 EXIST::FUNCTION: +STORE_new_engine 3391 EXIST::FUNCTION: +STORE_list_public_key_start 3392 EXIST::FUNCTION: +X509_VERIFY_PARAM_new 3393 EXIST::FUNCTION: +ECDH_get_ex_data 3394 EXIST::FUNCTION:ECDH +ECDSA_do_sign 3395 EXIST::FUNCTION:ECDSA +ENGINE_unregister_ECDH 3396 EXIST::FUNCTION:ENGINE +ECDH_OpenSSL 3397 EXIST::FUNCTION:ECDH +EC_POINT_dup 3398 EXIST::FUNCTION:EC +GENERAL_SUBTREE_new 3399 EXIST::FUNCTION: +STORE_list_crl_endp 3400 EXIST::FUNCTION: +EC_get_builtin_curves 3401 EXIST::FUNCTION:EC +EVP_aes_128_cfb128 3402 EXIST::FUNCTION:AES +X509_policy_node_get0_qualifiers 3403 EXIST:!VMS:FUNCTION: +X509_pcy_node_get0_qualifiers 3403 EXIST:VMS:FUNCTION: +STORE_list_crl_end 3404 EXIST::FUNCTION: +EVP_PKEY_set1_EC_KEY 3405 EXIST::FUNCTION:EC +BN_GF2m_mod_sqrt_arr 3406 EXIST::FUNCTION: +i2d_ECPrivateKey_bio 3407 EXIST::FUNCTION:BIO,EC +ECPKParameters_print_fp 3408 EXIST::FUNCTION:EC,FP_API +ECDSA_SIG_free 3409 EXIST::FUNCTION:ECDSA +PEM_write_bio_ECPKParameters 3410 EXIST::FUNCTION:EC +STORE_method_set_ctrl_function 3411 EXIST::FUNCTION: +STORE_list_public_key_end 3412 EXIST::FUNCTION: +EC_GROUP_set_nid 3413 EXIST::FUNCTION:EC +STORE_get_arbitrary 3414 EXIST::FUNCTION: +STORE_store_crl 3415 EXIST::FUNCTION: +X509_policy_node_get0_policy 3416 EXIST::FUNCTION: +PKCS12_add_safes 3417 EXIST::FUNCTION: +X509_policy_tree_free 3418 EXIST::FUNCTION: +BN_GF2m_poly2arr 3419 EXIST::FUNCTION: +STORE_ctrl 3420 EXIST::FUNCTION: +EVP_sha224 3421 EXIST::FUNCTION:SHA,SHA256 +STORE_ATTR_INFO_compare 3422 EXIST::FUNCTION: +BN_get0_nist_prime_224 3423 EXIST::FUNCTION: +i2d_ECParameters 3424 EXIST::FUNCTION:EC +i2d_ECPKParameters 3425 EXIST::FUNCTION:EC +BN_GENCB_call 3426 EXIST::FUNCTION: +BN_ncopy 3427 EXIST::FUNCTION: +d2i_ECPKParameters 3428 EXIST::FUNCTION:EC +STORE_method_set_generate_function 3429 EXIST:!VMS:FUNCTION: +STORE_meth_set_generate_fn 3429 EXIST:VMS:FUNCTION: +ENGINE_set_ECDH 3430 EXIST::FUNCTION:ENGINE +NAME_CONSTRAINTS_new 3431 EXIST::FUNCTION: +SHA256_Init 3432 EXIST::FUNCTION:SHA,SHA256 +PEM_write_bio_EC_PUBKEY 3433 EXIST::FUNCTION:EC +STORE_ATTR_INFO_set_cstr 3434 EXIST::FUNCTION: +STORE_list_crl_next 3435 EXIST::FUNCTION: +STORE_ATTR_INFO_in_range 3436 EXIST::FUNCTION: +ECParameters_print 3437 EXIST::FUNCTION:BIO,EC +STORE_method_set_delete_function 3438 EXIST:!VMS:FUNCTION: +STORE_meth_set_delete_fn 3438 EXIST:VMS:FUNCTION: +STORE_list_certificate_next 3439 EXIST::FUNCTION: +ASN1_generate_nconf 3440 EXIST::FUNCTION: +BUF_memdup 3441 EXIST::FUNCTION: +BN_GF2m_mod_mul 3442 EXIST::FUNCTION: +STORE_method_get_list_next_function 3443 EXIST:!VMS:FUNCTION: +STORE_meth_get_list_next_fn 3443 EXIST:VMS:FUNCTION: +STORE_ATTR_INFO_get0_dn 3444 EXIST::FUNCTION: +STORE_list_private_key_next 3445 EXIST::FUNCTION: +EC_GROUP_set_seed 3446 EXIST::FUNCTION:EC +X509_VERIFY_PARAM_set_trust 3447 EXIST::FUNCTION: +STORE_ATTR_INFO_free 3448 EXIST::FUNCTION: +STORE_get_private_key 3449 EXIST::FUNCTION: +STORE_ATTR_INFO_new 3450 EXIST::FUNCTION: +EC_GROUP_get_curve_GF2m 3451 EXIST::FUNCTION:EC +STORE_method_set_revoke_function 3452 EXIST:!VMS:FUNCTION: +STORE_meth_set_revoke_fn 3452 EXIST:VMS:FUNCTION: +STORE_store_number 3453 EXIST::FUNCTION: +BN_is_prime_ex 3454 EXIST::FUNCTION: +STORE_revoke_public_key 3455 EXIST::FUNCTION: +X509_STORE_CTX_get0_param 3456 EXIST::FUNCTION: +STORE_delete_arbitrary 3457 EXIST::FUNCTION: +PEM_read_X509_CERT_PAIR 3458 EXIST:!WIN16:FUNCTION: +X509_STORE_set_depth 3459 EXIST::FUNCTION: +ECDSA_get_ex_data 3460 EXIST::FUNCTION:ECDSA +SHA224 3461 EXIST::FUNCTION:SHA,SHA256 +BIO_dump_indent_fp 3462 EXIST::FUNCTION:FP_API +BUF_strndup 3463 EXIST::FUNCTION: +STORE_list_certificate_start 3464 EXIST::FUNCTION: +BN_GF2m_mod 3465 EXIST::FUNCTION: +X509_REQ_check_private_key 3466 EXIST::FUNCTION: +EC_GROUP_get_seed_len 3467 EXIST::FUNCTION:EC +ERR_load_STORE_strings 3468 EXIST::FUNCTION: +PEM_read_bio_EC_PUBKEY 3469 EXIST::FUNCTION:EC +STORE_list_private_key_end 3470 EXIST::FUNCTION: +i2d_EC_PUBKEY 3471 EXIST::FUNCTION:EC +ECDSA_get_default_method 3472 EXIST::FUNCTION:ECDSA +ASN1_put_eoc 3473 EXIST::FUNCTION: +X509_STORE_CTX_get_explicit_policy 3474 EXIST:!VMS:FUNCTION: +X509_STORE_CTX_get_expl_policy 3474 EXIST:VMS:FUNCTION: +ECDSA_DATA_free 3475 EXIST::FUNCTION:ECDSA +X509_VERIFY_PARAM_table_cleanup 3476 EXIST::FUNCTION: +STORE_modify_private_key 3477 EXIST::FUNCTION: +X509_VERIFY_PARAM_free 3478 EXIST::FUNCTION: +EC_METHOD_get_field_type 3479 EXIST::FUNCTION:EC +EC_GFp_nist_method 3480 EXIST::FUNCTION:EC +STORE_method_set_modify_function 3481 EXIST:!VMS:FUNCTION: +STORE_meth_set_modify_fn 3481 EXIST:VMS:FUNCTION: +STORE_parse_attrs_next 3482 EXIST::FUNCTION: +ENGINE_load_padlock 3483 EXIST::FUNCTION:ENGINE +X509_CERT_PAIR_it 3484 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +X509_CERT_PAIR_it 3484 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_method_get_revoke_function 3485 EXIST:!VMS:FUNCTION: +STORE_meth_get_revoke_fn 3485 EXIST:VMS:FUNCTION: +STORE_method_set_get_function 3486 EXIST::FUNCTION: +STORE_modify_number 3487 EXIST::FUNCTION: +STORE_method_get_store_function 3488 EXIST::FUNCTION: +STORE_store_private_key 3489 EXIST::FUNCTION: +BN_GF2m_mod_sqr_arr 3490 EXIST::FUNCTION: +STORE_Memory 3491 EXIST::FUNCTION: +sk_find_ex 3492 EXIST::FUNCTION: +EC_GROUP_set_curve_GF2m 3493 EXIST::FUNCTION:EC +ENGINE_set_default_ECDSA 3494 EXIST::FUNCTION:ENGINE +POLICY_CONSTRAINTS_new 3495 EXIST::FUNCTION: +BN_GF2m_mod_sqrt 3496 EXIST::FUNCTION: +ECDH_set_default_method 3497 EXIST::FUNCTION:ECDH +EC_KEY_generate_key 3498 EXIST::FUNCTION:EC +SHA384_Update 3499 EXIST::FUNCTION:SHA,SHA512 +BN_GF2m_arr2poly 3500 EXIST::FUNCTION: +STORE_method_get_get_function 3501 EXIST::FUNCTION: +STORE_method_set_cleanup_function 3502 EXIST:!VMS:FUNCTION: +STORE_meth_set_cleanup_fn 3502 EXIST:VMS:FUNCTION: +EC_GROUP_check 3503 EXIST::FUNCTION:EC +d2i_ECPrivateKey_bio 3504 EXIST::FUNCTION:BIO,EC +STORE_method_get_lock_store_function 3505 EXIST:!VMS:FUNCTION: +STORE_meth_get_lock_store_fn 3505 EXIST:VMS:FUNCTION: +X509_VERIFY_PARAM_get_depth 3506 EXIST::FUNCTION: +EVP_aes_192_cfb128 3507 EXIST::FUNCTION:AES +SHA224_Final 3508 EXIST::FUNCTION:SHA,SHA256 +STORE_method_set_update_store_function 3509 EXIST:!VMS:FUNCTION: +STORE_meth_set_update_store_fn 3509 EXIST:VMS:FUNCTION: +SHA224_Update 3510 EXIST::FUNCTION:SHA,SHA256 +d2i_ECPrivateKey 3511 EXIST::FUNCTION:EC +ASN1_item_ndef_i2d 3512 EXIST::FUNCTION: +STORE_delete_private_key 3513 EXIST::FUNCTION: +ERR_pop_to_mark 3514 EXIST::FUNCTION: +ENGINE_register_all_STORE 3515 EXIST::FUNCTION:ENGINE +X509_policy_level_get0_node 3516 EXIST::FUNCTION: +i2d_PKCS7_NDEF 3517 EXIST::FUNCTION: +EC_GROUP_get_degree 3518 EXIST::FUNCTION:EC +ASN1_generate_v3 3519 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_cstr 3520 EXIST::FUNCTION: +X509_policy_tree_level_count 3521 EXIST::FUNCTION: +BN_GF2m_add 3522 EXIST::FUNCTION: +STORE_generate_crl 3523 EXIST::FUNCTION: +STORE_store_public_key 3524 EXIST::FUNCTION: +X509_CERT_PAIR_free 3525 EXIST::FUNCTION: +STORE_revoke_private_key 3526 EXIST::FUNCTION: +BN_nist_mod_224 3527 EXIST::FUNCTION: +SHA512_Final 3528 EXIST::FUNCTION:SHA,SHA512 +STORE_ATTR_INFO_modify_dn 3529 EXIST::FUNCTION: +STORE_method_get_initialise_function 3530 EXIST:!VMS:FUNCTION: +STORE_meth_get_initialise_fn 3530 EXIST:VMS:FUNCTION: +STORE_delete_number 3531 EXIST::FUNCTION: +i2d_EC_PUBKEY_bio 3532 EXIST::FUNCTION:BIO,EC +EC_GROUP_get_asn1_flag 3533 EXIST::FUNCTION:EC +STORE_ATTR_INFO_in_ex 3534 EXIST::FUNCTION: +STORE_list_crl_start 3535 EXIST::FUNCTION: +ECDH_get_ex_new_index 3536 EXIST::FUNCTION:ECDH +STORE_method_get_modify_function 3537 EXIST:!VMS:FUNCTION: +STORE_meth_get_modify_fn 3537 EXIST:VMS:FUNCTION: +v2i_ASN1_BIT_STRING 3538 EXIST::FUNCTION: +STORE_store_certificate 3539 EXIST::FUNCTION: +OBJ_bsearch_ex 3540 EXIST::FUNCTION: +X509_STORE_CTX_set_default 3541 EXIST::FUNCTION: +STORE_ATTR_INFO_set_sha1str 3542 EXIST::FUNCTION: +BN_GF2m_mod_inv 3543 EXIST::FUNCTION: +BN_GF2m_mod_exp 3544 EXIST::FUNCTION: +STORE_modify_public_key 3545 EXIST::FUNCTION: +STORE_method_get_list_start_function 3546 EXIST:!VMS:FUNCTION: +STORE_meth_get_list_start_fn 3546 EXIST:VMS:FUNCTION: +EC_GROUP_get0_seed 3547 EXIST::FUNCTION:EC +ecdsa_check 3548 EXIST::FUNCTION:ECDSA +STORE_store_arbitrary 3549 EXIST::FUNCTION: +STORE_method_set_unlock_store_function 3550 EXIST:!VMS:FUNCTION: +STORE_meth_set_unlock_store_fn 3550 EXIST:VMS:FUNCTION: +BN_GF2m_mod_div_arr 3551 EXIST::FUNCTION: +ENGINE_set_ECDSA 3552 EXIST::FUNCTION:ENGINE +STORE_create_method 3553 EXIST::FUNCTION: +ECPKParameters_print 3554 EXIST::FUNCTION:BIO,EC +PEM_write_EC_PUBKEY 3555 EXIST:!WIN16:FUNCTION:EC +X509_VERIFY_PARAM_set1 3556 EXIST::FUNCTION: +ECDH_set_method 3557 EXIST::FUNCTION:ECDH +v2i_GENERAL_NAME_ex 3558 EXIST::FUNCTION: +ECDH_set_ex_data 3559 EXIST::FUNCTION:ECDH +STORE_generate_key 3560 EXIST::FUNCTION: +BN_nist_mod_521 3561 EXIST::FUNCTION: +X509_policy_tree_get0_level 3562 EXIST::FUNCTION: +EC_GROUP_set_point_conversion_form 3563 EXIST:!VMS:FUNCTION:EC +EC_GROUP_set_point_conv_form 3563 EXIST:VMS:FUNCTION:EC +PEM_read_EC_PUBKEY 3564 EXIST:!WIN16:FUNCTION:EC +i2d_ECDSA_SIG 3565 EXIST::FUNCTION:ECDSA +ECDSA_OpenSSL 3566 EXIST::FUNCTION:ECDSA +STORE_delete_crl 3567 EXIST::FUNCTION: +ASN1_const_check_infinite_end 3568 EXIST::FUNCTION: +ECDSA_set_default_method 3569 EXIST::FUNCTION:ECDSA +EC_POINT_set_compressed_coordinates_GF2m 3570 EXIST:!VMS:FUNCTION:EC +EC_POINT_set_compr_coords_GF2m 3570 EXIST:VMS:FUNCTION:EC +EC_GROUP_cmp 3571 EXIST::FUNCTION:EC +STORE_revoke_certificate 3572 EXIST::FUNCTION: +ECDH_DATA_new_method 3573 EXIST::FUNCTION:ECDH +BN_get0_nist_prime_256 3574 EXIST::FUNCTION: +STORE_method_get_delete_function 3575 EXIST:!VMS:FUNCTION: +STORE_meth_get_delete_fn 3575 EXIST:VMS:FUNCTION: +SHA224_Init 3576 EXIST::FUNCTION:SHA,SHA256 +PEM_read_ECPrivateKey 3577 EXIST:!WIN16:FUNCTION:EC +SHA512_Init 3578 EXIST::FUNCTION:SHA,SHA512 +STORE_parse_attrs_endp 3579 EXIST::FUNCTION: +ERR_load_ECDSA_strings 3580 EXIST::FUNCTION:ECDSA +EC_GROUP_get_basis_type 3581 EXIST::FUNCTION:EC +ECDH_DATA_new 3582 EXIST::FUNCTION:ECDH +STORE_list_public_key_next 3583 EXIST::FUNCTION: +i2v_ASN1_BIT_STRING 3584 EXIST::FUNCTION: +STORE_OBJECT_free 3585 EXIST::FUNCTION: +BN_nist_mod_384 3586 EXIST::FUNCTION: +i2d_X509_CERT_PAIR 3587 EXIST::FUNCTION: +PEM_write_ECPKParameters 3588 EXIST:!WIN16:FUNCTION:EC +ECDH_compute_key 3589 EXIST::FUNCTION:ECDH +STORE_ATTR_INFO_get0_sha1str 3590 EXIST::FUNCTION: +ENGINE_register_all_ECDH 3591 EXIST::FUNCTION:ENGINE +STORE_ATTR_INFO_get0_cstr 3592 EXIST::FUNCTION: +POLICY_CONSTRAINTS_it 3593 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_CONSTRAINTS_it 3593 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_get_ex_new_index 3594 EXIST::FUNCTION: +X509_VERIFY_PARAM_add0_policy 3595 EXIST::FUNCTION: +BN_GF2m_mod_solve_quad 3596 EXIST::FUNCTION: +SHA256 3597 EXIST::FUNCTION:SHA,SHA256 +i2d_ECPrivateKey_fp 3598 EXIST::FUNCTION:EC,FP_API +X509_policy_tree_get0_user_policies 3599 EXIST:!VMS:FUNCTION: +X509_pcy_tree_get0_usr_policies 3599 EXIST:VMS:FUNCTION: +OPENSSL_DIR_read 3600 EXIST::FUNCTION: +ENGINE_register_all_ECDSA 3601 EXIST::FUNCTION:ENGINE +X509_VERIFY_PARAM_lookup 3602 EXIST::FUNCTION: +EC_POINT_get_affine_coordinates_GF2m 3603 EXIST:!VMS:FUNCTION:EC +EC_POINT_get_affine_coords_GF2m 3603 EXIST:VMS:FUNCTION:EC +EC_GROUP_dup 3604 EXIST::FUNCTION:EC +ENGINE_get_default_ECDSA 3605 EXIST::FUNCTION:ENGINE +EC_KEY_new 3606 EXIST::FUNCTION:EC +SHA256_Transform 3607 EXIST::FUNCTION:SHA,SHA256 +ECDSA_verify 3608 EXIST::FUNCTION:ECDSA +EC_POINT_point2hex 3609 EXIST::FUNCTION:EC +ENGINE_get_STORE 3610 EXIST::FUNCTION:ENGINE +SHA512 3611 EXIST::FUNCTION:SHA,SHA512 +STORE_get_certificate 3612 EXIST::FUNCTION: +ECDSA_do_verify 3613 EXIST::FUNCTION:ECDSA +d2i_ECPrivateKey_fp 3614 EXIST::FUNCTION:EC,FP_API +STORE_delete_certificate 3615 EXIST::FUNCTION: +SHA512_Transform 3616 EXIST::FUNCTION:SHA,SHA512 +X509_STORE_set1_param 3617 EXIST::FUNCTION: +STORE_method_get_ctrl_function 3618 EXIST::FUNCTION: +STORE_free 3619 EXIST::FUNCTION: +PEM_write_ECPrivateKey 3620 EXIST:!WIN16:FUNCTION:EC +STORE_method_get_unlock_store_function 3621 EXIST:!VMS:FUNCTION: +STORE_meth_get_unlock_store_fn 3621 EXIST:VMS:FUNCTION: +STORE_get_ex_data 3622 EXIST::FUNCTION: +PEM_read_ECPKParameters 3623 EXIST:!WIN16:FUNCTION:EC +X509_CERT_PAIR_new 3624 EXIST::FUNCTION: +ENGINE_register_STORE 3625 EXIST::FUNCTION:ENGINE +RSA_generate_key_ex 3626 EXIST::FUNCTION:RSA +DSA_generate_parameters_ex 3627 EXIST::FUNCTION:DSA +ECParameters_print_fp 3628 EXIST::FUNCTION:EC,FP_API +X509V3_NAME_from_section 3629 EXIST::FUNCTION: +STORE_modify_crl 3630 EXIST::FUNCTION: +STORE_list_private_key_start 3631 EXIST::FUNCTION: +POLICY_MAPPINGS_it 3632 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_MAPPINGS_it 3632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +GENERAL_SUBTREE_it 3633 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +GENERAL_SUBTREE_it 3633 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ECDH_DATA_free 3634 EXIST::FUNCTION:ECDH +PEM_write_X509_CERT_PAIR 3635 EXIST:!WIN16:FUNCTION: +BIO_dump_indent_cb 3636 EXIST::FUNCTION: +d2i_X509_CERT_PAIR 3637 EXIST::FUNCTION: +STORE_list_private_key_endp 3638 EXIST::FUNCTION: +asn1_const_Finish 3639 EXIST::FUNCTION: +i2d_EC_PUBKEY_fp 3640 EXIST::FUNCTION:EC,FP_API +BN_nist_mod_256 3641 EXIST::FUNCTION: +ECDSA_DATA_new 3642 EXIST::FUNCTION:ECDSA +X509_VERIFY_PARAM_add0_table 3643 EXIST::FUNCTION: +EVP_sha256 3644 EXIST::FUNCTION:SHA,SHA256 +ECDSA_size 3645 EXIST::FUNCTION:ECDSA +d2i_EC_PUBKEY_bio 3646 EXIST::FUNCTION:BIO,EC +BN_get0_nist_prime_521 3647 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_sha1str 3648 EXIST::FUNCTION: +BN_generate_prime_ex 3649 EXIST::FUNCTION: +SHA256_Final 3650 EXIST::FUNCTION:SHA,SHA256 +DH_generate_parameters_ex 3651 EXIST::FUNCTION:DH +PEM_read_bio_ECPrivateKey 3652 EXIST::FUNCTION:EC +STORE_method_get_cleanup_function 3653 EXIST:!VMS:FUNCTION: +STORE_meth_get_cleanup_fn 3653 EXIST:VMS:FUNCTION: +ENGINE_get_ECDH 3654 EXIST::FUNCTION:ENGINE +d2i_ECDSA_SIG 3655 EXIST::FUNCTION:ECDSA +BN_is_prime_fasttest_ex 3656 EXIST::FUNCTION: +ECDSA_sign 3657 EXIST::FUNCTION:ECDSA +X509_policy_check 3658 EXIST::FUNCTION: +STORE_set_ex_data 3659 EXIST::FUNCTION: +ENGINE_get_ECDSA 3660 EXIST::FUNCTION:ENGINE +EVP_ecdsa 3661 EXIST::FUNCTION:SHA +PKCS12_add_cert 3662 EXIST::FUNCTION: +STORE_OBJECT_new 3663 EXIST::FUNCTION: +ERR_load_ECDH_strings 3664 EXIST::FUNCTION:ECDH +EC_KEY_dup 3665 EXIST::FUNCTION:EC +EVP_CIPHER_CTX_rand_key 3666 EXIST::FUNCTION: +ECDSA_set_method 3667 EXIST::FUNCTION:ECDSA +a2i_IPADDRESS_NC 3668 EXIST::FUNCTION: +d2i_ECParameters 3669 EXIST::FUNCTION:EC +STORE_list_certificate_end 3670 EXIST::FUNCTION: +STORE_get_crl 3671 EXIST::FUNCTION: +X509_POLICY_NODE_print 3672 EXIST::FUNCTION: +SHA384_Init 3673 EXIST::FUNCTION:SHA,SHA512 +EC_GF2m_simple_method 3674 EXIST::FUNCTION:EC +ECDSA_set_ex_data 3675 EXIST::FUNCTION:ECDSA +SHA384_Final 3676 EXIST::FUNCTION:SHA,SHA512 +PKCS7_set_digest 3677 EXIST::FUNCTION: +EC_KEY_print 3678 EXIST::FUNCTION:BIO,EC +STORE_method_set_lock_store_function 3679 EXIST:!VMS:FUNCTION: +STORE_meth_set_lock_store_fn 3679 EXIST:VMS:FUNCTION: +ECDSA_get_ex_new_index 3680 EXIST::FUNCTION:ECDSA +SHA384 3681 EXIST::FUNCTION:SHA,SHA512 +POLICY_MAPPING_new 3682 EXIST::FUNCTION: +STORE_list_certificate_endp 3683 EXIST::FUNCTION: +X509_STORE_CTX_get0_policy_tree 3684 EXIST::FUNCTION: +EC_GROUP_set_asn1_flag 3685 EXIST::FUNCTION:EC +EC_KEY_check_key 3686 EXIST::FUNCTION:EC +d2i_EC_PUBKEY_fp 3687 EXIST::FUNCTION:EC,FP_API +PKCS7_set0_type_other 3688 EXIST::FUNCTION: +ecdh_check 3689 EXIST::FUNCTION:ECDH +ECDSA_DATA_new_method 3690 EXIST::FUNCTION:ECDSA +PEM_read_bio_X509_CERT_PAIR 3691 EXIST::FUNCTION: +STORE_method_get_list_end_function 3692 EXIST:!VMS:FUNCTION: +STORE_meth_get_list_end_fn 3692 EXIST:VMS:FUNCTION: +X509_VERIFY_PARAM_set_time 3693 EXIST::FUNCTION: +ENGINE_set_default_ECDH 3694 EXIST::FUNCTION:ENGINE +STORE_new_method 3695 EXIST::FUNCTION: +PKCS12_add_key 3696 EXIST::FUNCTION: +DSO_merge 3697 EXIST::FUNCTION: +EC_POINT_hex2point 3698 EXIST::FUNCTION:EC +BIO_dump_cb 3699 EXIST::FUNCTION: +SHA256_Update 3700 EXIST::FUNCTION:SHA,SHA256 +BN_GF2m_mod_inv_arr 3701 EXIST::FUNCTION: +ENGINE_unregister_ECDSA 3702 EXIST::FUNCTION:ENGINE