crypto/store/str_lib.c

   1 /*
   2  * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
   3  * 2003.
   4  */
   5 /* ====================================================================
   6  * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in
  17  *    the documentation and/or other materials provided with the
  18  *    distribution.
  19  *
  20  * 3. All advertising materials mentioning features or use of this
  21  *    software must display the following acknowledgment:
  22  *    "This product includes software developed by the OpenSSL Project
  23  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  24  *
  25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26  *    endorse or promote products derived from this software without
  27  *    prior written permission. For written permission, please contact
  28  *    openssl-core@openssl.org.
  29  *
  30  * 5. Products derived from this software may not be called "OpenSSL"
  31  *    nor may "OpenSSL" appear in their names without prior written
  32  *    permission of the OpenSSL Project.
  33  *
  34  * 6. Redistributions of any form whatsoever must retain the following
  35  *    acknowledgment:
  36  *    "This product includes software developed by the OpenSSL Project
  37  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  38  *
  39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50  * OF THE POSSIBILITY OF SUCH DAMAGE.
  51  * ====================================================================
  52  *
  53  * This product includes cryptographic software written by Eric Young
  54  * (eay@cryptsoft.com).  This product includes software written by Tim
  55  * Hudson (tjh@cryptsoft.com).
  56  *
  57  */
  58
  59 #include <string.h>
  60 #include <openssl/bn.h>
  61 #include <openssl/err.h>
  62 #ifndef OPENSSL_NO_ENGINE
  63 # include <openssl/engine.h>
  64 #endif
  65 #include <openssl/sha.h>
  66 #include <openssl/x509.h>
  67 #include "str_locl.h"
  68
  69 const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1] = {
  70     0,
  71     "X.509 Certificate",
  72     "X.509 CRL",
  73     "Private Key",
  74     "Public Key",
  75     "Number",
  76     "Arbitrary Data"
  77 };
  78
  79 const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1] = {
  80     0,
  81     sizeof(int),                /* EVP_TYPE */
  82     sizeof(size_t),             /* BITS */
  83     -1,                         /* KEY_PARAMETERS */
  84     0                           /* KEY_NO_PARAMETERS */
  85 };
  86
  87 const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1] = {
  88     0,
  89     -1,                         /* FRIENDLYNAME: C string */
  90     SHA_DIGEST_LENGTH,          /* KEYID: SHA1 digest, 160 bits */
  91     SHA_DIGEST_LENGTH,          /* ISSUERKEYID: SHA1 digest, 160 bits */
  92     SHA_DIGEST_LENGTH,          /* SUBJECTKEYID: SHA1 digest, 160 bits */
  93     SHA_DIGEST_LENGTH,          /* ISSUERSERIALHASH: SHA1 digest, 160 bits */
  94     sizeof(X509_NAME *),        /* ISSUER: X509_NAME * */
  95     sizeof(BIGNUM *),           /* SERIAL: BIGNUM * */
  96     sizeof(X509_NAME *),        /* SUBJECT: X509_NAME * */
  97     SHA_DIGEST_LENGTH,          /* CERTHASH: SHA1 digest, 160 bits */
  98     -1,                         /* EMAIL: C string */
  99     -1,                         /* FILENAME: C string */
 100 };
 101
 102 STORE *STORE_new_method(const STORE_METHOD *method)
 103 {
 104     STORE *ret;
 105
 106     if (method == NULL) {
 107         STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_PASSED_NULL_PARAMETER);
 108         return NULL;
 109     }
 110
 111     ret = OPENSSL_malloc(sizeof(*ret));
 112     if (ret == NULL) {
 113         STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_MALLOC_FAILURE);
 114         return NULL;
 115     }
 116
 117     ret->meth = method;
 118
 119     CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);
 120     if (ret->meth->init && !ret->meth->init(ret)) {
 121         STORE_free(ret);
 122         ret = NULL;
 123     }
 124     return ret;
 125 }
 126
 127 STORE *STORE_new_engine(ENGINE *engine)
 128 {
 129     STORE *ret = NULL;
 130     ENGINE *e = engine;
 131     const STORE_METHOD *meth = 0;
 132
 133 #ifdef OPENSSL_NO_ENGINE
 134     e = NULL;
 135 #else
 136     if (engine) {
 137         if (!ENGINE_init(engine)) {
 138             STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
 139             return NULL;
 140         }
 141         e = engine;
 142     } else {
 143         STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
 144         return NULL;
 145     }
 146     if (e) {
 147         meth = ENGINE_get_STORE(e);
 148         if (!meth) {
 149             STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
 150             ENGINE_finish(e);
 151             return NULL;
 152         }
 153     }
 154 #endif
 155
 156     ret = STORE_new_method(meth);
 157     if (ret == NULL) {
 158         STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_STORE_LIB);
 159         return NULL;
 160     }
 161
 162     ret->engine = e;
 163
 164     return (ret);
 165 }
 166
 167 void STORE_free(STORE *store)
 168 {
 169     if (store == NULL)
 170         return;
 171     if (store->meth->clean)
 172         store->meth->clean(store);
 173     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);
 174     OPENSSL_free(store);
 175 }
 176
 177 int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void))
 178 {
 179     if (store == NULL) {
 180         STOREerr(STORE_F_STORE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
 181         return 0;
 182     }
 183     if (store->meth->ctrl)
 184         return store->meth->ctrl(store, cmd, i, p, f);
 185     STOREerr(STORE_F_STORE_CTRL, STORE_R_NO_CONTROL_FUNCTION);
 186     return 0;
 187 }
 188
 189 int STORE_set_ex_data(STORE *r, int idx, void *arg)
 190 {
 191     return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
 192 }
 193
 194 void *STORE_get_ex_data(STORE *r, int idx)
 195 {
 196     return (CRYPTO_get_ex_data(&r->ex_data, idx));
 197 }
 198
 199 const STORE_METHOD *STORE_get_method(STORE *store)
 200 {
 201     return store->meth;
 202 }
 203
 204 const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)
 205 {
 206     store->meth = meth;
 207     return store->meth;
 208 }
 209
 210 /* API helpers */
 211
 212 #define check_store(s,fncode,fnname,fnerrcode) \
 213         do \
 214                 { \
 215                 if ((s) == NULL || (s)->meth == NULL) \
 216                         { \
 217                         STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
 218                         return 0; \
 219                         } \
 220                 if ((s)->meth->fnname == NULL) \
 221                         { \
 222                         STOREerr((fncode), (fnerrcode)); \
 223                         return 0; \
 224                         } \
 225                 } \
 226         while(0)
 227
 228 /* API functions */
 229
 230 X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],
 231                             OPENSSL_ITEM parameters[])
 232 {
 233     STORE_OBJECT *object;
 234     X509 *x;
 235
 236     check_store(s, STORE_F_STORE_GET_CERTIFICATE,
 237                 get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
 238
 239     object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
 240                                  attributes, parameters);
 241     if (!object || !object->data.x509.certificate) {
 242         STOREerr(STORE_F_STORE_GET_CERTIFICATE,
 243                  STORE_R_FAILED_GETTING_CERTIFICATE);
 244         return 0;
 245     }
 246     X509_up_ref(object->data.x509.certificate);
 247 #ifdef REF_PRINT
 248     REF_PRINT("X509", data);
 249 #endif
 250     x = object->data.x509.certificate;
 251     STORE_OBJECT_free(object);
 252     return x;
 253 }
 254
 255 int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],
 256                             OPENSSL_ITEM parameters[])
 257 {
 258     STORE_OBJECT *object;
 259     int i;
 260
 261     check_store(s, STORE_F_STORE_STORE_CERTIFICATE,
 262                 store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
 263
 264     object = STORE_OBJECT_new();
 265     if (object == NULL) {
 266         STOREerr(STORE_F_STORE_STORE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
 267         return 0;
 268     }
 269
 270     X509_up_ref(data);
 271 #ifdef REF_PRINT
 272     REF_PRINT("X509", data);
 273 #endif
 274     object->data.x509.certificate = data;
 275
 276     i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
 277                               object, attributes, parameters);
 278
 279     STORE_OBJECT_free(object);
 280
 281     if (!i) {
 282         STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
 283                  STORE_R_FAILED_STORING_CERTIFICATE);
 284         return 0;
 285     }
 286     return 1;
 287 }
 288
 289 int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[],
 290                              OPENSSL_ITEM add_attributes[],
 291                              OPENSSL_ITEM modify_attributes[],
 292                              OPENSSL_ITEM delete_attributes[],
 293                              OPENSSL_ITEM parameters[])
 294 {
 295     check_store(s, STORE_F_STORE_MODIFY_CERTIFICATE,
 296                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
 297
 298     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
 299                                 search_attributes, add_attributes,
 300                                 modify_attributes, delete_attributes,
 301                                 parameters)) {
 302         STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,
 303                  STORE_R_FAILED_MODIFYING_CERTIFICATE);
 304         return 0;
 305     }
 306     return 1;
 307 }
 308
 309 int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[],
 310                              OPENSSL_ITEM parameters[])
 311 {
 312     check_store(s, STORE_F_STORE_REVOKE_CERTIFICATE,
 313                 revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
 314
 315     if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
 316                                 attributes, parameters)) {
 317         STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,
 318                  STORE_R_FAILED_REVOKING_CERTIFICATE);
 319         return 0;
 320     }
 321     return 1;
 322 }
 323
 324 int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[],
 325                              OPENSSL_ITEM parameters[])
 326 {
 327     check_store(s, STORE_F_STORE_DELETE_CERTIFICATE,
 328                 delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
 329
 330     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
 331                                 attributes, parameters)) {
 332         STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,
 333                  STORE_R_FAILED_DELETING_CERTIFICATE);
 334         return 0;
 335     }
 336     return 1;
 337 }
 338
 339 void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[],
 340                                    OPENSSL_ITEM parameters[])
 341 {
 342     void *handle;
 343
 344     check_store(s, STORE_F_STORE_LIST_CERTIFICATE_START,
 345                 list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
 346
 347     handle = s->meth->list_object_start(s,
 348                                         STORE_OBJECT_TYPE_X509_CERTIFICATE,
 349                                         attributes, parameters);
 350     if (!handle) {
 351         STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,
 352                  STORE_R_FAILED_LISTING_CERTIFICATES);
 353         return 0;
 354     }
 355     return handle;
 356 }
 357
 358 X509 *STORE_list_certificate_next(STORE *s, void *handle)
 359 {
 360     STORE_OBJECT *object;
 361     X509 *x;
 362
 363     check_store(s, STORE_F_STORE_LIST_CERTIFICATE_NEXT,
 364                 list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
 365
 366     object = s->meth->list_object_next(s, handle);
 367     if (!object || !object->data.x509.certificate) {
 368         STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,
 369                  STORE_R_FAILED_LISTING_CERTIFICATES);
 370         return 0;
 371     }
 372     X509_up_ref(object->data.x509.certificate);
 373 #ifdef REF_PRINT
 374     REF_PRINT("X509", data);
 375 #endif
 376     x = object->data.x509.certificate;
 377     STORE_OBJECT_free(object);
 378     return x;
 379 }
 380
 381 int STORE_list_certificate_end(STORE *s, void *handle)
 382 {
 383     check_store(s, STORE_F_STORE_LIST_CERTIFICATE_END,
 384                 list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
 385
 386     if (!s->meth->list_object_end(s, handle)) {
 387         STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,
 388                  STORE_R_FAILED_LISTING_CERTIFICATES);
 389         return 0;
 390     }
 391     return 1;
 392 }
 393
 394 int STORE_list_certificate_endp(STORE *s, void *handle)
 395 {
 396     check_store(s, STORE_F_STORE_LIST_CERTIFICATE_ENDP,
 397                 list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
 398
 399     if (!s->meth->list_object_endp(s, handle)) {
 400         STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,
 401                  STORE_R_FAILED_LISTING_CERTIFICATES);
 402         return 0;
 403     }
 404     return 1;
 405 }
 406
 407 EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[],
 408                              OPENSSL_ITEM parameters[])
 409 {
 410     STORE_OBJECT *object;
 411     EVP_PKEY *pkey;
 412
 413     check_store(s, STORE_F_STORE_GENERATE_KEY,
 414                 generate_object, STORE_R_NO_GENERATE_OBJECT_FUNCTION);
 415
 416     object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
 417                                       attributes, parameters);
 418     if (!object || !object->data.key) {
 419         STOREerr(STORE_F_STORE_GENERATE_KEY, STORE_R_FAILED_GENERATING_KEY);
 420         return 0;
 421     }
 422     EVP_PKEY_up_ref(object->data.key);
 423 #ifdef REF_PRINT
 424     REF_PRINT("EVP_PKEY", data);
 425 #endif
 426     pkey = object->data.key;
 427     STORE_OBJECT_free(object);
 428     return pkey;
 429 }
 430
 431 EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[],
 432                                 OPENSSL_ITEM parameters[])
 433 {
 434     STORE_OBJECT *object;
 435     EVP_PKEY *pkey;
 436
 437     check_store(s, STORE_F_STORE_GET_PRIVATE_KEY,
 438                 get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
 439
 440     object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
 441                                  attributes, parameters);
 442     if (!object || !object->data.key || !object->data.key) {
 443         STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, STORE_R_FAILED_GETTING_KEY);
 444         return 0;
 445     }
 446     EVP_PKEY_up_ref(object->data.key);
 447 #ifdef REF_PRINT
 448     REF_PRINT("EVP_PKEY", data);
 449 #endif
 450     pkey = object->data.key;
 451     STORE_OBJECT_free(object);
 452     return pkey;
 453 }
 454
 455 int STORE_store_private_key(STORE *s, EVP_PKEY *data,
 456                             OPENSSL_ITEM attributes[],
 457                             OPENSSL_ITEM parameters[])
 458 {
 459     STORE_OBJECT *object;
 460     int i;
 461
 462     check_store(s, STORE_F_STORE_STORE_PRIVATE_KEY,
 463                 store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
 464
 465     object = STORE_OBJECT_new();
 466     if (object == NULL) {
 467         STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
 468         return 0;
 469     }
 470     object->data.key = EVP_PKEY_new();
 471     if (object->data.key == NULL) {
 472         STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
 473         return 0;
 474     }
 475
 476     EVP_PKEY_up_ref(data);
 477 #ifdef REF_PRINT
 478     REF_PRINT("EVP_PKEY", data);
 479 #endif
 480     object->data.key = data;
 481
 482     i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,
 483                               attributes, parameters);
 484
 485     STORE_OBJECT_free(object);
 486
 487     if (!i) {
 488         STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, STORE_R_FAILED_STORING_KEY);
 489         return 0;
 490     }
 491     return i;
 492 }
 493
 494 int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[],
 495                              OPENSSL_ITEM add_attributes[],
 496                              OPENSSL_ITEM modify_attributes[],
 497                              OPENSSL_ITEM delete_attributes[],
 498                              OPENSSL_ITEM parameters[])
 499 {
 500     check_store(s, STORE_F_STORE_MODIFY_PRIVATE_KEY,
 501                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
 502
 503     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
 504                                 search_attributes, add_attributes,
 505                                 modify_attributes, delete_attributes,
 506                                 parameters)) {
 507         STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,
 508                  STORE_R_FAILED_MODIFYING_PRIVATE_KEY);
 509         return 0;
 510     }
 511     return 1;
 512 }
 513
 514 int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[],
 515                              OPENSSL_ITEM parameters[])
 516 {
 517     int i;
 518
 519     check_store(s, STORE_F_STORE_REVOKE_PRIVATE_KEY,
 520                 revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
 521
 522     i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
 523                                attributes, parameters);
 524
 525     if (!i) {
 526         STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,
 527                  STORE_R_FAILED_REVOKING_KEY);
 528         return 0;
 529     }
 530     return i;
 531 }
 532
 533 int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[],
 534                              OPENSSL_ITEM parameters[])
 535 {
 536     check_store(s, STORE_F_STORE_DELETE_PRIVATE_KEY,
 537                 delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
 538
 539     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
 540                                 attributes, parameters)) {
 541         STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,
 542                  STORE_R_FAILED_DELETING_KEY);
 543         return 0;
 544     }
 545     return 1;
 546 }
 547
 548 void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[],
 549                                    OPENSSL_ITEM parameters[])
 550 {
 551     void *handle;
 552
 553     check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_START,
 554                 list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
 555
 556     handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
 557                                         attributes, parameters);
 558     if (!handle) {
 559         STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,
 560                  STORE_R_FAILED_LISTING_KEYS);
 561         return 0;
 562     }
 563     return handle;
 564 }
 565
 566 EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle)
 567 {
 568     STORE_OBJECT *object;
 569     EVP_PKEY *pkey;
 570
 571     check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
 572                 list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
 573
 574     object = s->meth->list_object_next(s, handle);
 575     if (!object || !object->data.key || !object->data.key) {
 576         STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
 577                  STORE_R_FAILED_LISTING_KEYS);
 578         return 0;
 579     }
 580     EVP_PKEY_up_ref(object->data.key);
 581 #ifdef REF_PRINT
 582     REF_PRINT("EVP_PKEY", data);
 583 #endif
 584     pkey = object->data.key;
 585     STORE_OBJECT_free(object);
 586     return pkey;
 587 }
 588
 589 int STORE_list_private_key_end(STORE *s, void *handle)
 590 {
 591     check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_END,
 592                 list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
 593
 594     if (!s->meth->list_object_end(s, handle)) {
 595         STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,
 596                  STORE_R_FAILED_LISTING_KEYS);
 597         return 0;
 598     }
 599     return 1;
 600 }
 601
 602 int STORE_list_private_key_endp(STORE *s, void *handle)
 603 {
 604     check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
 605                 list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
 606
 607     if (!s->meth->list_object_endp(s, handle)) {
 608         STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
 609                  STORE_R_FAILED_LISTING_KEYS);
 610         return 0;
 611     }
 612     return 1;
 613 }
 614
 615 EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[],
 616                                OPENSSL_ITEM parameters[])
 617 {
 618     STORE_OBJECT *object;
 619     EVP_PKEY *pkey;
 620
 621     check_store(s, STORE_F_STORE_GET_PUBLIC_KEY,
 622                 get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
 623
 624     object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
 625                                  attributes, parameters);
 626     if (!object || !object->data.key || !object->data.key) {
 627         STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, STORE_R_FAILED_GETTING_KEY);
 628         return 0;
 629     }
 630     EVP_PKEY_up_ref(object->data.key);
 631 #ifdef REF_PRINT
 632     REF_PRINT("EVP_PKEY", data);
 633 #endif
 634     pkey = object->data.key;
 635     STORE_OBJECT_free(object);
 636     return pkey;
 637 }
 638
 639 int STORE_store_public_key(STORE *s, EVP_PKEY *data,
 640                            OPENSSL_ITEM attributes[],
 641                            OPENSSL_ITEM parameters[])
 642 {
 643     STORE_OBJECT *object;
 644     int i;
 645
 646     check_store(s, STORE_F_STORE_STORE_PUBLIC_KEY,
 647                 store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
 648
 649     object = STORE_OBJECT_new();
 650     if (object == NULL) {
 651         STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
 652         return 0;
 653     }
 654     object->data.key = EVP_PKEY_new();
 655     if (object->data.key == NULL) {
 656         STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
 657         return 0;
 658     }
 659
 660     EVP_PKEY_up_ref(data);
 661 #ifdef REF_PRINT
 662     REF_PRINT("EVP_PKEY", data);
 663 #endif
 664     object->data.key = data;
 665
 666     i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
 667                               attributes, parameters);
 668
 669     STORE_OBJECT_free(object);
 670
 671     if (!i) {
 672         STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, STORE_R_FAILED_STORING_KEY);
 673         return 0;
 674     }
 675     return i;
 676 }
 677
 678 int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[],
 679                             OPENSSL_ITEM add_attributes[],
 680                             OPENSSL_ITEM modify_attributes[],
 681                             OPENSSL_ITEM delete_attributes[],
 682                             OPENSSL_ITEM parameters[])
 683 {
 684     check_store(s, STORE_F_STORE_MODIFY_PUBLIC_KEY,
 685                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
 686
 687     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
 688                                 search_attributes, add_attributes,
 689                                 modify_attributes, delete_attributes,
 690                                 parameters)) {
 691         STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,
 692                  STORE_R_FAILED_MODIFYING_PUBLIC_KEY);
 693         return 0;
 694     }
 695     return 1;
 696 }
 697
 698 int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[],
 699                             OPENSSL_ITEM parameters[])
 700 {
 701     int i;
 702
 703     check_store(s, STORE_F_STORE_REVOKE_PUBLIC_KEY,
 704                 revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
 705
 706     i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
 707                                attributes, parameters);
 708
 709     if (!i) {
 710         STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,
 711                  STORE_R_FAILED_REVOKING_KEY);
 712         return 0;
 713     }
 714     return i;
 715 }
 716
 717 int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[],
 718                             OPENSSL_ITEM parameters[])
 719 {
 720     check_store(s, STORE_F_STORE_DELETE_PUBLIC_KEY,
 721                 delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
 722
 723     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
 724                                 attributes, parameters)) {
 725         STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,
 726                  STORE_R_FAILED_DELETING_KEY);
 727         return 0;
 728     }
 729     return 1;
 730 }
 731
 732 void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[],
 733                                   OPENSSL_ITEM parameters[])
 734 {
 735     void *handle;
 736
 737     check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_START,
 738                 list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
 739
 740     handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
 741                                         attributes, parameters);
 742     if (!handle) {
 743         STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,
 744                  STORE_R_FAILED_LISTING_KEYS);
 745         return 0;
 746     }
 747     return handle;
 748 }
 749
 750 EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle)
 751 {
 752     STORE_OBJECT *object;
 753     EVP_PKEY *pkey;
 754
 755     check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
 756                 list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
 757
 758     object = s->meth->list_object_next(s, handle);
 759     if (!object || !object->data.key || !object->data.key) {
 760         STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
 761                  STORE_R_FAILED_LISTING_KEYS);
 762         return 0;
 763     }
 764     EVP_PKEY_up_ref(object->data.key);
 765 #ifdef REF_PRINT
 766     REF_PRINT("EVP_PKEY", data);
 767 #endif
 768     pkey = object->data.key;
 769     STORE_OBJECT_free(object);
 770     return pkey;
 771 }
 772
 773 int STORE_list_public_key_end(STORE *s, void *handle)
 774 {
 775     check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_END,
 776                 list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
 777
 778     if (!s->meth->list_object_end(s, handle)) {
 779         STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,
 780                  STORE_R_FAILED_LISTING_KEYS);
 781         return 0;
 782     }
 783     return 1;
 784 }
 785
 786 int STORE_list_public_key_endp(STORE *s, void *handle)
 787 {
 788     check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
 789                 list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
 790
 791     if (!s->meth->list_object_endp(s, handle)) {
 792         STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
 793                  STORE_R_FAILED_LISTING_KEYS);
 794         return 0;
 795     }
 796     return 1;
 797 }
 798
 799 X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[],
 800                              OPENSSL_ITEM parameters[])
 801 {
 802     STORE_OBJECT *object;
 803     X509_CRL *crl;
 804
 805     check_store(s, STORE_F_STORE_GENERATE_CRL,
 806                 generate_object, STORE_R_NO_GENERATE_CRL_FUNCTION);
 807
 808     object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,
 809                                       attributes, parameters);
 810     if (!object || !object->data.crl) {
 811         STOREerr(STORE_F_STORE_GENERATE_CRL, STORE_R_FAILED_GENERATING_CRL);
 812         return 0;
 813     }
 814     X509_CRL_up_ref(object->data.crl);
 815 #ifdef REF_PRINT
 816     REF_PRINT("X509_CRL", data);
 817 #endif
 818     crl = object->data.crl;
 819     STORE_OBJECT_free(object);
 820     return crl;
 821 }
 822
 823 X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[],
 824                         OPENSSL_ITEM parameters[])
 825 {
 826     STORE_OBJECT *object;
 827     X509_CRL *crl;
 828
 829     check_store(s, STORE_F_STORE_GET_CRL,
 830                 get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
 831
 832     object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,
 833                                  attributes, parameters);
 834     if (!object || !object->data.crl) {
 835         STOREerr(STORE_F_STORE_GET_CRL, STORE_R_FAILED_GETTING_KEY);
 836         return 0;
 837     }
 838     X509_CRL_up_ref(object->data.crl);
 839 #ifdef REF_PRINT
 840     REF_PRINT("X509_CRL", data);
 841 #endif
 842     crl = object->data.crl;
 843     STORE_OBJECT_free(object);
 844     return crl;
 845 }
 846
 847 int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[],
 848                     OPENSSL_ITEM parameters[])
 849 {
 850     STORE_OBJECT *object;
 851     int i;
 852
 853     check_store(s, STORE_F_STORE_STORE_CRL,
 854                 store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
 855
 856     object = STORE_OBJECT_new();
 857     if (object == NULL) {
 858         STOREerr(STORE_F_STORE_STORE_CRL, ERR_R_MALLOC_FAILURE);
 859         return 0;
 860     }
 861
 862     X509_CRL_up_ref(data);
 863 #ifdef REF_PRINT
 864     REF_PRINT("X509_CRL", data);
 865 #endif
 866     object->data.crl = data;
 867
 868     i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,
 869                               attributes, parameters);
 870
 871     STORE_OBJECT_free(object);
 872
 873     if (!i) {
 874         STOREerr(STORE_F_STORE_STORE_CRL, STORE_R_FAILED_STORING_KEY);
 875         return 0;
 876     }
 877     return i;
 878 }
 879
 880 int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[],
 881                      OPENSSL_ITEM add_attributes[],
 882                      OPENSSL_ITEM modify_attributes[],
 883                      OPENSSL_ITEM delete_attributes[],
 884                      OPENSSL_ITEM parameters[])
 885 {
 886     check_store(s, STORE_F_STORE_MODIFY_CRL,
 887                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
 888
 889     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,
 890                                 search_attributes, add_attributes,
 891                                 modify_attributes, delete_attributes,
 892                                 parameters)) {
 893         STOREerr(STORE_F_STORE_MODIFY_CRL, STORE_R_FAILED_MODIFYING_CRL);
 894         return 0;
 895     }
 896     return 1;
 897 }
 898
 899 int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[],
 900                      OPENSSL_ITEM parameters[])
 901 {
 902     check_store(s, STORE_F_STORE_DELETE_CRL,
 903                 delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
 904
 905     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,
 906                                 attributes, parameters)) {
 907         STOREerr(STORE_F_STORE_DELETE_CRL, STORE_R_FAILED_DELETING_KEY);
 908         return 0;
 909     }
 910     return 1;
 911 }
 912
 913 void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[],
 914                            OPENSSL_ITEM parameters[])
 915 {
 916     void *handle;
 917
 918     check_store(s, STORE_F_STORE_LIST_CRL_START,
 919                 list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
 920
 921     handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,
 922                                         attributes, parameters);
 923     if (!handle) {
 924         STOREerr(STORE_F_STORE_LIST_CRL_START, STORE_R_FAILED_LISTING_KEYS);
 925         return 0;
 926     }
 927     return handle;
 928 }
 929
 930 X509_CRL *STORE_list_crl_next(STORE *s, void *handle)
 931 {
 932     STORE_OBJECT *object;
 933     X509_CRL *crl;
 934
 935     check_store(s, STORE_F_STORE_LIST_CRL_NEXT,
 936                 list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
 937
 938     object = s->meth->list_object_next(s, handle);
 939     if (!object || !object->data.crl) {
 940         STOREerr(STORE_F_STORE_LIST_CRL_NEXT, STORE_R_FAILED_LISTING_KEYS);
 941         return 0;
 942     }
 943     X509_CRL_up_ref(object->data.crl);
 944 #ifdef REF_PRINT
 945     REF_PRINT("X509_CRL", data);
 946 #endif
 947     crl = object->data.crl;
 948     STORE_OBJECT_free(object);
 949     return crl;
 950 }
 951
 952 int STORE_list_crl_end(STORE *s, void *handle)
 953 {
 954     check_store(s, STORE_F_STORE_LIST_CRL_END,
 955                 list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
 956
 957     if (!s->meth->list_object_end(s, handle)) {
 958         STOREerr(STORE_F_STORE_LIST_CRL_END, STORE_R_FAILED_LISTING_KEYS);
 959         return 0;
 960     }
 961     return 1;
 962 }
 963
 964 int STORE_list_crl_endp(STORE *s, void *handle)
 965 {
 966     check_store(s, STORE_F_STORE_LIST_CRL_ENDP,
 967                 list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
 968
 969     if (!s->meth->list_object_endp(s, handle)) {
 970         STOREerr(STORE_F_STORE_LIST_CRL_ENDP, STORE_R_FAILED_LISTING_KEYS);
 971         return 0;
 972     }
 973     return 1;
 974 }
 975
 976 int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[],
 977                        OPENSSL_ITEM parameters[])
 978 {
 979     STORE_OBJECT *object;
 980     int i;
 981
 982     check_store(s, STORE_F_STORE_STORE_NUMBER,
 983                 store_object, STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);
 984
 985     object = STORE_OBJECT_new();
 986     if (object == NULL) {
 987         STOREerr(STORE_F_STORE_STORE_NUMBER, ERR_R_MALLOC_FAILURE);
 988         return 0;
 989     }
 990
 991     object->data.number = data;
 992
 993     i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,
 994                               attributes, parameters);
 995
 996     STORE_OBJECT_free(object);
 997
 998     if (!i) {
 999         STOREerr(STORE_F_STORE_STORE_NUMBER, STORE_R_FAILED_STORING_NUMBER);
1000         return 0;
1001     }
1002     return 1;
1003 }
1004
1005 int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[],
1006                         OPENSSL_ITEM add_attributes[],
1007                         OPENSSL_ITEM modify_attributes[],
1008                         OPENSSL_ITEM delete_attributes[],
1009                         OPENSSL_ITEM parameters[])
1010 {
1011     check_store(s, STORE_F_STORE_MODIFY_NUMBER,
1012                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
1013
1014     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,
1015                                 search_attributes, add_attributes,
1016                                 modify_attributes, delete_attributes,
1017                                 parameters)) {
1018         STOREerr(STORE_F_STORE_MODIFY_NUMBER,
1019                  STORE_R_FAILED_MODIFYING_NUMBER);
1020         return 0;
1021     }
1022     return 1;
1023 }
1024
1025 BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[],
1026                          OPENSSL_ITEM parameters[])
1027 {
1028     STORE_OBJECT *object;
1029     BIGNUM *n;
1030
1031     check_store(s, STORE_F_STORE_GET_NUMBER,
1032                 get_object, STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);
1033
1034     object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
1035                                  parameters);
1036     if (!object || !object->data.number) {
1037         STOREerr(STORE_F_STORE_GET_NUMBER, STORE_R_FAILED_GETTING_NUMBER);
1038         return 0;
1039     }
1040     n = object->data.number;
1041     object->data.number = NULL;
1042     STORE_OBJECT_free(object);
1043     return n;
1044 }
1045
1046 int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[],
1047                         OPENSSL_ITEM parameters[])
1048 {
1049     check_store(s, STORE_F_STORE_DELETE_NUMBER,
1050                 delete_object, STORE_R_NO_DELETE_NUMBER_FUNCTION);
1051
1052     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
1053                                 parameters)) {
1054         STOREerr(STORE_F_STORE_DELETE_NUMBER, STORE_R_FAILED_DELETING_NUMBER);
1055         return 0;
1056     }
1057     return 1;
1058 }
1059
1060 int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[],
1061                           OPENSSL_ITEM parameters[])
1062 {
1063     STORE_OBJECT *object;
1064     int i;
1065
1066     check_store(s, STORE_F_STORE_STORE_ARBITRARY,
1067                 store_object, STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);
1068
1069     object = STORE_OBJECT_new();
1070     if (object == NULL) {
1071         STOREerr(STORE_F_STORE_STORE_ARBITRARY, ERR_R_MALLOC_FAILURE);
1072         return 0;
1073     }
1074
1075     object->data.arbitrary = data;
1076
1077     i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,
1078                               attributes, parameters);
1079
1080     STORE_OBJECT_free(object);
1081
1082     if (!i) {
1083         STOREerr(STORE_F_STORE_STORE_ARBITRARY,
1084                  STORE_R_FAILED_STORING_ARBITRARY);
1085         return 0;
1086     }
1087     return 1;
1088 }
1089
1090 int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[],
1091                            OPENSSL_ITEM add_attributes[],
1092                            OPENSSL_ITEM modify_attributes[],
1093                            OPENSSL_ITEM delete_attributes[],
1094                            OPENSSL_ITEM parameters[])
1095 {
1096     check_store(s, STORE_F_STORE_MODIFY_ARBITRARY,
1097                 modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
1098
1099     if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,
1100                                 search_attributes, add_attributes,
1101                                 modify_attributes, delete_attributes,
1102                                 parameters)) {
1103         STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,
1104                  STORE_R_FAILED_MODIFYING_ARBITRARY);
1105         return 0;
1106     }
1107     return 1;
1108 }
1109
1110 BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
1111                              OPENSSL_ITEM parameters[])
1112 {
1113     STORE_OBJECT *object;
1114     BUF_MEM *b;
1115
1116     check_store(s, STORE_F_STORE_GET_ARBITRARY,
1117                 get_object, STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);
1118
1119     object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,
1120                                  attributes, parameters);
1121     if (!object || !object->data.arbitrary) {
1122         STOREerr(STORE_F_STORE_GET_ARBITRARY,
1123                  STORE_R_FAILED_GETTING_ARBITRARY);
1124         return 0;
1125     }
1126     b = object->data.arbitrary;
1127     object->data.arbitrary = NULL;
1128     STORE_OBJECT_free(object);
1129     return b;
1130 }
1131
1132 int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
1133                            OPENSSL_ITEM parameters[])
1134 {
1135     check_store(s, STORE_F_STORE_DELETE_ARBITRARY,
1136                 delete_object, STORE_R_NO_DELETE_ARBITRARY_FUNCTION);
1137
1138     if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,
1139                                 parameters)) {
1140         STOREerr(STORE_F_STORE_DELETE_ARBITRARY,
1141                  STORE_R_FAILED_DELETING_ARBITRARY);
1142         return 0;
1143     }
1144     return 1;
1145 }
1146
1147 STORE_OBJECT *STORE_OBJECT_new(void)
1148 {
1149     STORE_OBJECT *object = OPENSSL_zalloc(sizeof(*object));
1150     return object;
1151 }
1152
1153 void STORE_OBJECT_free(STORE_OBJECT *data)
1154 {
1155     if (!data)
1156         return;
1157     switch (data->type) {
1158     case STORE_OBJECT_TYPE_X509_CERTIFICATE:
1159         X509_free(data->data.x509.certificate);
1160         break;
1161     case STORE_OBJECT_TYPE_X509_CRL:
1162         X509_CRL_free(data->data.crl);
1163         break;
1164     case STORE_OBJECT_TYPE_PRIVATE_KEY:
1165     case STORE_OBJECT_TYPE_PUBLIC_KEY:
1166         EVP_PKEY_free(data->data.key);
1167         break;
1168     case STORE_OBJECT_TYPE_NUMBER:
1169         BN_free(data->data.number);
1170         break;
1171     case STORE_OBJECT_TYPE_ARBITRARY:
1172         BUF_MEM_free(data->data.arbitrary);
1173         break;
1174     }
1175     OPENSSL_free(data);
1176 }
1177
1178 struct STORE_attr_info_st {
1179     unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];
1180     union {
1181         char *cstring;
1182         unsigned char *sha1string;
1183         X509_NAME *dn;
1184         BIGNUM *number;
1185         void *any;
1186     } values[STORE_ATTR_TYPE_NUM + 1];
1187     size_t value_sizes[STORE_ATTR_TYPE_NUM + 1];
1188 };
1189
1190 #define ATTR_IS_SET(a,i)        ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \
1191                                 && ((a)->set[(i) / 8] & (1 << ((i) % 8))))
1192 #define SET_ATTRBIT(a,i)        ((a)->set[(i) / 8] |= (1 << ((i) % 8)))
1193 #define CLEAR_ATTRBIT(a,i)      ((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))
1194
1195 STORE_ATTR_INFO *STORE_ATTR_INFO_new(void)
1196 {
1197     STORE_ATTR_INFO *p = OPENSSL_malloc(sizeof(*p));
1198
1199     return p;
1200 }
1201
1202 static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs,
1203                                       STORE_ATTR_TYPES code)
1204 {
1205     if (ATTR_IS_SET(attrs, code)) {
1206         switch (code) {
1207         case STORE_ATTR_FRIENDLYNAME:
1208         case STORE_ATTR_EMAIL:
1209         case STORE_ATTR_FILENAME:
1210             STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);
1211             break;
1212         case STORE_ATTR_KEYID:
1213         case STORE_ATTR_ISSUERKEYID:
1214         case STORE_ATTR_SUBJECTKEYID:
1215         case STORE_ATTR_ISSUERSERIALHASH:
1216         case STORE_ATTR_CERTHASH:
1217             STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);
1218             break;
1219         case STORE_ATTR_ISSUER:
1220         case STORE_ATTR_SUBJECT:
1221             STORE_ATTR_INFO_modify_dn(attrs, code, NULL);
1222             break;
1223         case STORE_ATTR_SERIAL:
1224             STORE_ATTR_INFO_modify_number(attrs, code, NULL);
1225             break;
1226         default:
1227             break;
1228         }
1229     }
1230 }
1231
1232 int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs)
1233 {
1234     if (attrs) {
1235         STORE_ATTR_TYPES i;
1236         for (i = 0; i++ < STORE_ATTR_TYPE_NUM;)
1237             STORE_ATTR_INFO_attr_free(attrs, i);
1238         OPENSSL_free(attrs);
1239     }
1240     return 1;
1241 }
1242
1243 char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
1244 {
1245     if (!attrs) {
1246         STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
1247                  ERR_R_PASSED_NULL_PARAMETER);
1248         return NULL;
1249     }
1250     if (ATTR_IS_SET(attrs, code))
1251         return attrs->values[code].cstring;
1252     STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, STORE_R_NO_VALUE);
1253     return NULL;
1254 }
1255
1256 unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
1257                                             STORE_ATTR_TYPES code)
1258 {
1259     if (!attrs) {
1260         STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
1261                  ERR_R_PASSED_NULL_PARAMETER);
1262         return NULL;
1263     }
1264     if (ATTR_IS_SET(attrs, code))
1265         return attrs->values[code].sha1string;
1266     STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, STORE_R_NO_VALUE);
1267     return NULL;
1268 }
1269
1270 X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs,
1271                                    STORE_ATTR_TYPES code)
1272 {
1273     if (!attrs) {
1274         STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
1275                  ERR_R_PASSED_NULL_PARAMETER);
1276         return NULL;
1277     }
1278     if (ATTR_IS_SET(attrs, code))
1279         return attrs->values[code].dn;
1280     STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, STORE_R_NO_VALUE);
1281     return NULL;
1282 }
1283
1284 BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs,
1285                                     STORE_ATTR_TYPES code)
1286 {
1287     if (!attrs) {
1288         STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
1289                  ERR_R_PASSED_NULL_PARAMETER);
1290         return NULL;
1291     }
1292     if (ATTR_IS_SET(attrs, code))
1293         return attrs->values[code].number;
1294     STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, STORE_R_NO_VALUE);
1295     return NULL;
1296 }
1297
1298 int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1299                              char *cstr, size_t cstr_size)
1300 {
1301     if (!attrs) {
1302         STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
1303                  ERR_R_PASSED_NULL_PARAMETER);
1304         return 0;
1305     }
1306     if (!ATTR_IS_SET(attrs, code)) {
1307         if ((attrs->values[code].cstring = OPENSSL_strndup(cstr, cstr_size)))
1308             return 1;
1309         STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, ERR_R_MALLOC_FAILURE);
1310         return 0;
1311     }
1312     STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);
1313     return 0;
1314 }
1315
1316 int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1317                                 unsigned char *sha1str, size_t sha1str_size)
1318 {
1319     if (!attrs) {
1320         STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
1321                  ERR_R_PASSED_NULL_PARAMETER);
1322         return 0;
1323     }
1324     if (!ATTR_IS_SET(attrs, code)) {
1325         if ((attrs->values[code].sha1string =
1326              (unsigned char *)OPENSSL_memdup(sha1str, sha1str_size)))
1327             return 1;
1328         STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, ERR_R_MALLOC_FAILURE);
1329         return 0;
1330     }
1331     STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
1332              STORE_R_ALREADY_HAS_A_VALUE);
1333     return 0;
1334 }
1335
1336 int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1337                            X509_NAME *dn)
1338 {
1339     if (!attrs) {
1340         STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_PASSED_NULL_PARAMETER);
1341         return 0;
1342     }
1343     if (!ATTR_IS_SET(attrs, code)) {
1344         if ((attrs->values[code].dn = X509_NAME_dup(dn)))
1345             return 1;
1346         STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_MALLOC_FAILURE);
1347         return 0;
1348     }
1349     STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);
1350     return 0;
1351 }
1352
1353 int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1354                                BIGNUM *number)
1355 {
1356     if (!attrs) {
1357         STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
1358                  ERR_R_PASSED_NULL_PARAMETER);
1359         return 0;
1360     }
1361     if (!ATTR_IS_SET(attrs, code)) {
1362         if ((attrs->values[code].number = BN_dup(number)))
1363             return 1;
1364         STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, ERR_R_MALLOC_FAILURE);
1365         return 0;
1366     }
1367     STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);
1368     return 0;
1369 }
1370
1371 int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1372                                 char *cstr, size_t cstr_size)
1373 {
1374     if (!attrs) {
1375         STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,
1376                  ERR_R_PASSED_NULL_PARAMETER);
1377         return 0;
1378     }
1379     if (ATTR_IS_SET(attrs, code)) {
1380         OPENSSL_free(attrs->values[code].cstring);
1381         attrs->values[code].cstring = NULL;
1382         CLEAR_ATTRBIT(attrs, code);
1383     }
1384     return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);
1385 }
1386
1387 int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs,
1388                                    STORE_ATTR_TYPES code,
1389                                    unsigned char *sha1str,
1390                                    size_t sha1str_size)
1391 {
1392     if (!attrs) {
1393         STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,
1394                  ERR_R_PASSED_NULL_PARAMETER);
1395         return 0;
1396     }
1397     if (ATTR_IS_SET(attrs, code)) {
1398         OPENSSL_free(attrs->values[code].sha1string);
1399         attrs->values[code].sha1string = NULL;
1400         CLEAR_ATTRBIT(attrs, code);
1401     }
1402     return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);
1403 }
1404
1405 int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
1406                               X509_NAME *dn)
1407 {
1408     if (!attrs) {
1409         STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,
1410                  ERR_R_PASSED_NULL_PARAMETER);
1411         return 0;
1412     }
1413     if (ATTR_IS_SET(attrs, code)) {
1414         OPENSSL_free(attrs->values[code].dn);
1415         attrs->values[code].dn = NULL;
1416         CLEAR_ATTRBIT(attrs, code);
1417     }
1418     return STORE_ATTR_INFO_set_dn(attrs, code, dn);
1419 }
1420
1421 int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs,
1422                                   STORE_ATTR_TYPES code, BIGNUM *number)
1423 {
1424     if (!attrs) {
1425         STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,
1426                  ERR_R_PASSED_NULL_PARAMETER);
1427         return 0;
1428     }
1429     if (ATTR_IS_SET(attrs, code)) {
1430         OPENSSL_free(attrs->values[code].number);
1431         attrs->values[code].number = NULL;
1432         CLEAR_ATTRBIT(attrs, code);
1433     }
1434     return STORE_ATTR_INFO_set_number(attrs, code, number);
1435 }
1436
1437 struct attr_list_ctx_st {
1438     OPENSSL_ITEM *attributes;
1439 };
1440 void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes)
1441 {
1442     if (attributes) {
1443         struct attr_list_ctx_st *context = OPENSSL_malloc(sizeof(*context));
1444         if (context != NULL)
1445             context->attributes = attributes;
1446         else
1447             STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_MALLOC_FAILURE);
1448         return context;
1449     }
1450     STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);
1451     return 0;
1452 }
1453
1454 STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle)
1455 {
1456     struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
1457
1458     if (context && context->attributes) {
1459         STORE_ATTR_INFO *attrs = NULL;
1460
1461         while (context->attributes
1462                && context->attributes->code != STORE_ATTR_OR
1463                && context->attributes->code != STORE_ATTR_END) {
1464             switch (context->attributes->code) {
1465             case STORE_ATTR_FRIENDLYNAME:
1466             case STORE_ATTR_EMAIL:
1467             case STORE_ATTR_FILENAME:
1468                 if (attrs == NULL)
1469                     attrs = STORE_ATTR_INFO_new();
1470                 if (attrs == NULL) {
1471                     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
1472                              ERR_R_MALLOC_FAILURE);
1473                     goto err;
1474                 }
1475                 STORE_ATTR_INFO_set_cstr(attrs,
1476                                          context->attributes->code,
1477                                          context->attributes->value,
1478                                          context->attributes->value_size);
1479                 break;
1480             case STORE_ATTR_KEYID:
1481             case STORE_ATTR_ISSUERKEYID:
1482             case STORE_ATTR_SUBJECTKEYID:
1483             case STORE_ATTR_ISSUERSERIALHASH:
1484             case STORE_ATTR_CERTHASH:
1485                 if (attrs == NULL)
1486                     attrs = STORE_ATTR_INFO_new();
1487                 if (attrs == NULL) {
1488                     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
1489                              ERR_R_MALLOC_FAILURE);
1490                     goto err;
1491                 }
1492                 STORE_ATTR_INFO_set_sha1str(attrs,
1493                                             context->attributes->code,
1494                                             context->attributes->value,
1495                                             context->attributes->value_size);
1496                 break;
1497             case STORE_ATTR_ISSUER:
1498             case STORE_ATTR_SUBJECT:
1499                 if (attrs == NULL)
1500                     attrs = STORE_ATTR_INFO_new();
1501                 if (attrs == NULL) {
1502                     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
1503                              ERR_R_MALLOC_FAILURE);
1504                     goto err;
1505                 }
1506                 STORE_ATTR_INFO_modify_dn(attrs,
1507                                           context->attributes->code,
1508                                           context->attributes->value);
1509                 break;
1510             case STORE_ATTR_SERIAL:
1511                 if (attrs == NULL)
1512                     attrs = STORE_ATTR_INFO_new();
1513                 if (attrs == NULL) {
1514                     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
1515                              ERR_R_MALLOC_FAILURE);
1516                     goto err;
1517                 }
1518                 STORE_ATTR_INFO_modify_number(attrs,
1519                                               context->attributes->code,
1520                                               context->attributes->value);
1521                 break;
1522             }
1523             context->attributes++;
1524         }
1525         if (context->attributes->code == STORE_ATTR_OR)
1526             context->attributes++;
1527         return attrs;
1528  err:
1529         while (context->attributes
1530                && context->attributes->code != STORE_ATTR_OR
1531                && context->attributes->code != STORE_ATTR_END)
1532             context->attributes++;
1533         if (context->attributes->code == STORE_ATTR_OR)
1534             context->attributes++;
1535         return NULL;
1536     }
1537     STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);
1538     return NULL;
1539 }
1540
1541 int STORE_parse_attrs_end(void *handle)
1542 {
1543     struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
1544
1545     if (context && context->attributes) {
1546 #if 0
1547         OPENSSL_ITEM *attributes = context->attributes;
1548 #endif
1549         OPENSSL_free(context);
1550         return 1;
1551     }
1552     STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);
1553     return 0;
1554 }
1555
1556 int STORE_parse_attrs_endp(void *handle)
1557 {
1558     struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
1559
1560     if (context && context->attributes) {
1561         return context->attributes->code == STORE_ATTR_END;
1562     }
1563     STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);
1564     return 0;
1565 }
1566
1567 static int attr_info_compare_compute_range(const unsigned char *abits,
1568                                            const unsigned char *bbits,
1569                                            unsigned int *alowp,
1570                                            unsigned int *ahighp,
1571                                            unsigned int *blowp,
1572                                            unsigned int *bhighp)
1573 {
1574     unsigned int alow = (unsigned int)-1, ahigh = 0;
1575     unsigned int blow = (unsigned int)-1, bhigh = 0;
1576     int i, res = 0;
1577
1578     for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
1579         if (res == 0) {
1580             if (*abits < *bbits)
1581                 res = -1;
1582             if (*abits > *bbits)
1583                 res = 1;
1584         }
1585         if (*abits) {
1586             if (alow == (unsigned int)-1) {
1587                 alow = i * 8;
1588                 if (!(*abits & 0x01))
1589                     alow++;
1590                 if (!(*abits & 0x02))
1591                     alow++;
1592                 if (!(*abits & 0x04))
1593                     alow++;
1594                 if (!(*abits & 0x08))
1595                     alow++;
1596                 if (!(*abits & 0x10))
1597                     alow++;
1598                 if (!(*abits & 0x20))
1599                     alow++;
1600                 if (!(*abits & 0x40))
1601                     alow++;
1602             }
1603             ahigh = i * 8 + 7;
1604             if (!(*abits & 0x80))
1605                 ahigh++;
1606             if (!(*abits & 0x40))
1607                 ahigh++;
1608             if (!(*abits & 0x20))
1609                 ahigh++;
1610             if (!(*abits & 0x10))
1611                 ahigh++;
1612             if (!(*abits & 0x08))
1613                 ahigh++;
1614             if (!(*abits & 0x04))
1615                 ahigh++;
1616             if (!(*abits & 0x02))
1617                 ahigh++;
1618         }
1619         if (*bbits) {
1620             if (blow == (unsigned int)-1) {
1621                 blow = i * 8;
1622                 if (!(*bbits & 0x01))
1623                     blow++;
1624                 if (!(*bbits & 0x02))
1625                     blow++;
1626                 if (!(*bbits & 0x04))
1627                     blow++;
1628                 if (!(*bbits & 0x08))
1629                     blow++;
1630                 if (!(*bbits & 0x10))
1631                     blow++;
1632                 if (!(*bbits & 0x20))
1633                     blow++;
1634                 if (!(*bbits & 0x40))
1635                     blow++;
1636             }
1637             bhigh = i * 8 + 7;
1638             if (!(*bbits & 0x80))
1639                 bhigh++;
1640             if (!(*bbits & 0x40))
1641                 bhigh++;
1642             if (!(*bbits & 0x20))
1643                 bhigh++;
1644             if (!(*bbits & 0x10))
1645                 bhigh++;
1646             if (!(*bbits & 0x08))
1647                 bhigh++;
1648             if (!(*bbits & 0x04))
1649                 bhigh++;
1650             if (!(*bbits & 0x02))
1651                 bhigh++;
1652         }
1653     }
1654     if (ahigh + alow < bhigh + blow)
1655         res = -1;
1656     if (ahigh + alow > bhigh + blow)
1657         res = 1;
1658     if (alowp)
1659         *alowp = alow;
1660     if (ahighp)
1661         *ahighp = ahigh;
1662     if (blowp)
1663         *blowp = blow;
1664     if (bhighp)
1665         *bhighp = bhigh;
1666     return res;
1667 }
1668
1669 int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO *const *a,
1670                             const STORE_ATTR_INFO *const *b)
1671 {
1672     if (a == b)
1673         return 0;
1674     if (!a)
1675         return -1;
1676     if (!b)
1677         return 1;
1678     return attr_info_compare_compute_range((*a)->set, (*b)->set, 0, 0, 0, 0);
1679 }
1680
1681 int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
1682 {
1683     unsigned int alow, ahigh, blow, bhigh;
1684
1685     if (a == b)
1686         return 1;
1687     if (!a)
1688         return 0;
1689     if (!b)
1690         return 0;
1691     attr_info_compare_compute_range(a->set, b->set,
1692                                     &alow, &ahigh, &blow, &bhigh);
1693     if (alow >= blow && ahigh <= bhigh)
1694         return 1;
1695     return 0;
1696 }
1697
1698 int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
1699 {
1700     unsigned char *abits, *bbits;
1701     int i;
1702
1703     if (a == b)
1704         return 1;
1705     if (!a)
1706         return 0;
1707     if (!b)
1708         return 0;
1709     abits = a->set;
1710     bbits = b->set;
1711     for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
1712         if (*abits && (*bbits & *abits) != *abits)
1713             return 0;
1714     }
1715     return 1;
1716 }
1717
1718 int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
1719 {
1720     STORE_ATTR_TYPES i;
1721
1722     if (a == b)
1723         return 1;
1724     if (!STORE_ATTR_INFO_in(a, b))
1725         return 0;
1726     for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)
1727         if (ATTR_IS_SET(a, i)) {
1728             switch (i) {
1729             case STORE_ATTR_FRIENDLYNAME:
1730             case STORE_ATTR_EMAIL:
1731             case STORE_ATTR_FILENAME:
1732                 if (strcmp(a->values[i].cstring, b->values[i].cstring))
1733                     return 0;
1734                 break;
1735             case STORE_ATTR_KEYID:
1736             case STORE_ATTR_ISSUERKEYID:
1737             case STORE_ATTR_SUBJECTKEYID:
1738             case STORE_ATTR_ISSUERSERIALHASH:
1739             case STORE_ATTR_CERTHASH:
1740                 if (memcmp(a->values[i].sha1string,
1741                            b->values[i].sha1string, a->value_sizes[i]))
1742                     return 0;
1743                 break;
1744             case STORE_ATTR_ISSUER:
1745             case STORE_ATTR_SUBJECT:
1746                 if (X509_NAME_cmp(a->values[i].dn, b->values[i].dn))
1747                     return 0;
1748                 break;
1749             case STORE_ATTR_SERIAL:
1750                 if (BN_cmp(a->values[i].number, b->values[i].number))
1751                     return 0;
1752                 break;
1753             default:
1754                 break;
1755             }
1756         }
1757
1758     return 1;
1759 }