]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/x509/x509_lu.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
RT3495: Add a hash for faster dup detection.
[thirdparty/openssl.git] / crypto / x509 / x509_lu.c
CommitLineData
58964a49 1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6
RE		 2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
0f113f3e 7 *
d02b48c6
RE		 8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
0f113f3e 14 *
d02b48c6
RE		 15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
0f113f3e 21 *
d02b48c6
RE		 22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
0f113f3e 36 * 4. If you include any Windows specific code (or a derivative thereof) from
d02b48c6
RE		 37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
0f113f3e 39 *
d02b48c6
RE		 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
0f113f3e 51 *
d02b48c6
RE		 52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57
58#include <stdio.h>
b39fc560 59#include "internal/cryptlib.h"
ec577822
BM		 60#include <openssl/lhash.h>
61#include <openssl/x509.h>
e3e57192 62#include "internal/x509_int.h"
926a56bf 63#include <openssl/x509v3.h>
0930251d 64#include "x509_lcl.h"
d02b48c6 65
6b691a5c 66X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
0f113f3e
MC		 67{
68 X509_LOOKUP *ret;
69
64b25758 70 ret = OPENSSL_zalloc(sizeof(*ret));
0f113f3e
MC		 71 if (ret == NULL)
72 return NULL;
73
0f113f3e 74 ret->method = method;
0f113f3e
MC		 75 if ((method->new_item != NULL) && !method->new_item(ret)) {
76 OPENSSL_free(ret);
77 return NULL;
78 }
79 return ret;
80}
d02b48c6 81
6b691a5c 82void X509_LOOKUP_free(X509_LOOKUP *ctx)
0f113f3e
MC		 83{
84 if (ctx == NULL)
85 return;
86 if ((ctx->method != NULL) && (ctx->method->free != NULL))
87 (*ctx->method->free) (ctx);
88 OPENSSL_free(ctx);
89}
d02b48c6 90
6b691a5c 91int X509_LOOKUP_init(X509_LOOKUP *ctx)
0f113f3e
MC		 92{
93 if (ctx->method == NULL)
94 return 0;
95 if (ctx->method->init != NULL)
96 return ctx->method->init(ctx);
97 else
98 return 1;
99}
d02b48c6 100
6b691a5c 101int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
0f113f3e
MC		 102{
103 if (ctx->method == NULL)
104 return 0;
105 if (ctx->method->shutdown != NULL)
106 return ctx->method->shutdown(ctx);
107 else
108 return 1;
109}
d02b48c6 110
303c0028 111int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
0f113f3e
MC		 112 char **ret)
113{
114 if (ctx->method == NULL)
115 return -1;
116 if (ctx->method->ctrl != NULL)
117 return ctx->method->ctrl(ctx, cmd, argc, argl, ret);
118 else
119 return 1;
120}
d02b48c6 121
6b691a5c 122int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
0f113f3e
MC		 123 X509_OBJECT *ret)
124{
125 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
126 return X509_LU_FAIL;
127 if (ctx->skip)
128 return 0;
129 return ctx->method->get_by_subject(ctx, type, name, ret);
130}
d02b48c6 131
6b691a5c 132int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
0f113f3e
MC		 133 ASN1_INTEGER *serial, X509_OBJECT *ret)
134{
135 if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
136 return X509_LU_FAIL;
137 return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
138}
d02b48c6 139
6b691a5c 140int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
0f113f3e
MC		 141 unsigned char *bytes, int len,
142 X509_OBJECT *ret)
143{
144 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
145 return X509_LU_FAIL;
146 return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
147}
d02b48c6 148
6b691a5c 149int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
0f113f3e
MC		 150 X509_OBJECT *ret)
151{
152 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
153 return X509_LU_FAIL;
154 return ctx->method->get_by_alias(ctx, type, str, len, ret);
155}
156
157static int x509_object_cmp(const X509_OBJECT *const *a,
158 const X509_OBJECT *const *b)
159{
160 int ret;
161
162 ret = ((*a)->type - (*b)->type);
163 if (ret)
164 return ret;
165 switch ((*a)->type) {
166 case X509_LU_X509:
167 ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);
168 break;
169 case X509_LU_CRL:
170 ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
171 break;
172 default:
173 /* abort(); */
174 return 0;
175 }
176 return ret;
177}
d02b48c6 178
6b691a5c 179X509_STORE *X509_STORE_new(void)
0f113f3e
MC		 180{
181 X509_STORE *ret;
182
64b25758 183 if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
0f113f3e 184 return NULL;
90945fa3
MC		 185 if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL)
186 goto err;
0f113f3e 187 ret->cache = 1;
90945fa3
MC		 188 if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL)
189 goto err;
0f113f3e
MC		 190
191 if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
90945fa3 192 goto err;
0f113f3e 193
90945fa3
MC		 194 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
195 goto err;
0f113f3e
MC		 196
197 ret->references = 1;
198 return ret;
90945fa3
MC		 199err:
200 X509_VERIFY_PARAM_free(ret->param);
201 sk_X509_OBJECT_free(ret->objs);
202 sk_X509_LOOKUP_free(ret->get_cert_methods);
203 OPENSSL_free(ret);
204 return NULL;
0f113f3e 205}
d02b48c6 206
6b691a5c 207static void cleanup(X509_OBJECT *a)
0f113f3e 208{
222561fe
RS		 209 if (!a)
210 return;
0f113f3e
MC		 211 if (a->type == X509_LU_X509) {
212 X509_free(a->data.x509);
213 } else if (a->type == X509_LU_CRL) {
214 X509_CRL_free(a->data.crl);
215 } else {
216 /* abort(); */
217 }
218
219 OPENSSL_free(a);
220}
d02b48c6 221
6b691a5c 222void X509_STORE_free(X509_STORE *vfy)
0f113f3e
MC		 223{
224 int i;
225 STACK_OF(X509_LOOKUP) *sk;
226 X509_LOOKUP *lu;
d02b48c6 227
0f113f3e
MC		 228 if (vfy == NULL)
229 return;
e03ddfae 230
0f113f3e 231 i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE);
bff9ce4d 232#ifdef REF_PRINT
0f113f3e 233 REF_PRINT("X509_STORE", vfy);
bff9ce4d 234#endif
0f113f3e
MC		 235 if (i > 0)
236 return;
bff9ce4d 237#ifdef REF_CHECK
0f113f3e
MC		 238 if (i < 0) {
239 fprintf(stderr, "X509_STORE_free, bad reference count\n");
240 abort(); /* ok */
241 }
bff9ce4d
DSH		 242#endif
243
0f113f3e
MC		 244 sk = vfy->get_cert_methods;
245 for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
246 lu = sk_X509_LOOKUP_value(sk, i);
247 X509_LOOKUP_shutdown(lu);
248 X509_LOOKUP_free(lu);
249 }
250 sk_X509_LOOKUP_free(sk);
251 sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
252
253 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
222561fe 254 X509_VERIFY_PARAM_free(vfy->param);
0f113f3e
MC		 255 OPENSSL_free(vfy);
256}
d02b48c6 257
6b691a5c 258X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
0f113f3e
MC		 259{
260 int i;
261 STACK_OF(X509_LOOKUP) *sk;
262 X509_LOOKUP *lu;
263
264 sk = v->get_cert_methods;
265 for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
266 lu = sk_X509_LOOKUP_value(sk, i);
267 if (m == lu->method) {
268 return lu;
269 }
270 }
271 /* a new one */
272 lu = X509_LOOKUP_new(m);
273 if (lu == NULL)
274 return NULL;
275 else {
276 lu->store_ctx = v;
277 if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
278 return lu;
279 else {
280 X509_LOOKUP_free(lu);
281 return NULL;
282 }
283 }
284}
d02b48c6 285
bca3f06b
RS		 286int X509_STORE_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
287 X509_NAME *name, X509_OBJECT *ret)
0f113f3e
MC		 288{
289 X509_STORE *ctx = vs->ctx;
290 X509_LOOKUP *lu;
291 X509_OBJECT stmp, *tmp;
292 int i, j;
293
294 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
295 tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
296 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
297
298 if (tmp == NULL || type == X509_LU_CRL) {
299 for (i = vs->current_method;
300 i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
301 lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
302 j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
303 if (j < 0) {
304 vs->current_method = j;
305 return j;
306 } else if (j) {
307 tmp = &stmp;
308 break;
309 }
310 }
311 vs->current_method = 0;
312 if (tmp == NULL)
313 return 0;
314 }
315
35a1cc90
MC		 316/*- if (ret->data.ptr != NULL)
317 X509_OBJECT_free_contents(ret); */
0f113f3e
MC		 318
319 ret->type = tmp->type;
320 ret->data.ptr = tmp->data.ptr;
321
322 X509_OBJECT_up_ref_count(ret);
323
324 return 1;
325}
d02b48c6 326
2f043896 327int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
0f113f3e
MC		 328{
329 X509_OBJECT *obj;
330 int ret = 1;
331
332 if (x == NULL)
333 return 0;
b4faea50 334 obj = OPENSSL_malloc(sizeof(*obj));
0f113f3e
MC		 335 if (obj == NULL) {
336 X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
337 return 0;
338 }
339 obj->type = X509_LU_X509;
340 obj->data.x509 = x;
341
342 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
343
344 X509_OBJECT_up_ref_count(obj);
345
346 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
347 X509_OBJECT_free_contents(obj);
348 OPENSSL_free(obj);
349 X509err(X509_F_X509_STORE_ADD_CERT,
350 X509_R_CERT_ALREADY_IN_HASH_TABLE);
351 ret = 0;
352 } else
353 sk_X509_OBJECT_push(ctx->objs, obj);
354
355 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
356
357 return ret;
358}
2f043896
DSH		 359
360int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
0f113f3e
MC		 361{
362 X509_OBJECT *obj;
363 int ret = 1;
364
365 if (x == NULL)
366 return 0;
b4faea50 367 obj = OPENSSL_malloc(sizeof(*obj));
0f113f3e
MC		 368 if (obj == NULL) {
369 X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
370 return 0;
371 }
372 obj->type = X509_LU_CRL;
373 obj->data.crl = x;
374
375 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
376
377 X509_OBJECT_up_ref_count(obj);
378
379 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
380 X509_OBJECT_free_contents(obj);
381 OPENSSL_free(obj);
382 X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE);
383 ret = 0;
384 } else
385 sk_X509_OBJECT_push(ctx->objs, obj);
386
387 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
388
389 return ret;
390}
2f043896 391
6b691a5c 392void X509_OBJECT_up_ref_count(X509_OBJECT *a)
0f113f3e
MC		 393{
394 switch (a->type) {
bca3f06b
RS		 395 default:
396 break;
0f113f3e 397 case X509_LU_X509:
05f0fb9f 398 X509_up_ref(a->data.x509);
0f113f3e
MC		 399 break;
400 case X509_LU_CRL:
65cbf983 401 X509_CRL_up_ref(a->data.crl);
0f113f3e
MC		 402 break;
403 }
404}
d02b48c6 405
6b691a5c 406void X509_OBJECT_free_contents(X509_OBJECT *a)
0f113f3e 407{
222561fe
RS		 408 if (!a)
409 return;
0f113f3e 410 switch (a->type) {
bca3f06b
RS		 411 default:
412 break;
0f113f3e
MC		 413 case X509_LU_X509:
414 X509_free(a->data.x509);
415 break;
416 case X509_LU_CRL:
417 X509_CRL_free(a->data.crl);
418 break;
419 }
420}
d02b48c6 421
4d50a2b4 422static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
0f113f3e
MC		 423 X509_NAME *name, int *pnmatch)
424{
425 X509_OBJECT stmp;
426 X509 x509_s;
0f113f3e 427 X509_CRL crl_s;
0f113f3e
MC		 428 int idx;
429
430 stmp.type = type;
431 switch (type) {
432 case X509_LU_X509:
433 stmp.data.x509 = &x509_s;
5cf6abd8 434 x509_s.cert_info.subject = name;
0f113f3e
MC		 435 break;
436 case X509_LU_CRL:
437 stmp.data.crl = &crl_s;
7aef39a7 438 crl_s.crl.issuer = name;
0f113f3e
MC		 439 break;
440 default:
441 /* abort(); */
442 return -1;
443 }
444
445 idx = sk_X509_OBJECT_find(h, &stmp);
446 if (idx >= 0 && pnmatch) {
447 int tidx;
448 const X509_OBJECT *tobj, *pstmp;
449 *pnmatch = 1;
450 pstmp = &stmp;
451 for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++) {
452 tobj = sk_X509_OBJECT_value(h, tidx);
453 if (x509_object_cmp(&tobj, &pstmp))
454 break;
455 (*pnmatch)++;
456 }
457 }
458 return idx;
459}
4d50a2b4
DSH		 460
461int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
0f113f3e
MC		 462 X509_NAME *name)
463{
464 return x509_object_idx_cnt(h, type, name, NULL);
465}
466
467X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
468 int type, X509_NAME *name)
469{
470 int idx;
471 idx = X509_OBJECT_idx_by_subject(h, type, name);
472 if (idx == -1)
473 return NULL;
474 return sk_X509_OBJECT_value(h, idx);
475}
11262391 476
c5957688 477STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
0f113f3e
MC		 478{
479 int i, idx, cnt;
480 STACK_OF(X509) *sk;
481 X509 *x;
482 X509_OBJECT *obj;
483 sk = sk_X509_new_null();
484 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
485 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
486 if (idx < 0) {
487 /*
488 * Nothing found in cache: do lookup to possibly add new objects to
489 * cache
490 */
491 X509_OBJECT xobj;
492 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
493 if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) {
494 sk_X509_free(sk);
495 return NULL;
496 }
497 X509_OBJECT_free_contents(&xobj);
498 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
499 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
500 if (idx < 0) {
501 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
502 sk_X509_free(sk);
503 return NULL;
504 }
505 }
506 for (i = 0; i < cnt; i++, idx++) {
507 obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
508 x = obj->data.x509;
05f0fb9f 509 X509_up_ref(x);
0f113f3e
MC		 510 if (!sk_X509_push(sk, x)) {
511 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
512 X509_free(x);
513 sk_X509_pop_free(sk, X509_free);
514 return NULL;
515 }
516 }
517 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
518 return sk;
519
520}
4d50a2b4 521
c5957688 522STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
0f113f3e
MC		 523{
524 int i, idx, cnt;
525 STACK_OF(X509_CRL) *sk;
526 X509_CRL *x;
527 X509_OBJECT *obj, xobj;
528 sk = sk_X509_CRL_new_null();
0f113f3e
MC		 529
530 /*
531 * Always do lookup to possibly add new CRLs to cache
532 */
0f113f3e
MC		 533 if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) {
534 sk_X509_CRL_free(sk);
535 return NULL;
536 }
537 X509_OBJECT_free_contents(&xobj);
538 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
539 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
540 if (idx < 0) {
541 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
542 sk_X509_CRL_free(sk);
543 return NULL;
544 }
545
546 for (i = 0; i < cnt; i++, idx++) {
547 obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
548 x = obj->data.crl;
65cbf983 549 X509_CRL_up_ref(x);
0f113f3e
MC		 550 if (!sk_X509_CRL_push(sk, x)) {
551 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
552 X509_CRL_free(x);
553 sk_X509_CRL_pop_free(sk, X509_CRL_free);
554 return NULL;
555 }
556 }
557 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
558 return sk;
559}
560
561X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
562 X509_OBJECT *x)
563{
564 int idx, i;
565 X509_OBJECT *obj;
566 idx = sk_X509_OBJECT_find(h, x);
567 if (idx == -1)
568 return NULL;
569 if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
570 return sk_X509_OBJECT_value(h, idx);
571 for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
572 obj = sk_X509_OBJECT_value(h, i);
573 if (x509_object_cmp
574 ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
575 return NULL;
576 if (x->type == X509_LU_X509) {
577 if (!X509_cmp(obj->data.x509, x->data.x509))
578 return obj;
579 } else if (x->type == X509_LU_CRL) {
580 if (!X509_CRL_match(obj->data.crl, x->data.crl))
581 return obj;
582 } else
583 return obj;
584 }
585 return NULL;
586}
d02b48c6 587
1d97c843
TH		 588/*-
589 * Try to get issuer certificate from store. Due to limitations
2f043896
DSH		 590 * of the API this can only retrieve a single certificate matching
591 * a given subject name. However it will fill the cache with all
a8397553 592 * matching certificates, so we can examine the cache for all
2f043896
DSH		 593 * matches.
594 *
595 * Return values are:
596 * 1 lookup successful.
597 * 0 certificate not found.
598 * -1 some other error.
599 */
2f043896 600int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
0f113f3e
MC		 601{
602 X509_NAME *xn;
603 X509_OBJECT obj, *pobj;
604 int i, ok, idx, ret;
605 *issuer = NULL;
606 xn = X509_get_issuer_name(x);
607 ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);
608 if (ok != X509_LU_X509) {
609 if (ok == X509_LU_RETRY) {
610 X509_OBJECT_free_contents(&obj);
611 X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY);
612 return -1;
613 } else if (ok != X509_LU_FAIL) {
614 X509_OBJECT_free_contents(&obj);
615 /* not good :-(, break anyway */
616 return -1;
617 }
618 return 0;
619 }
620 /* If certificate matches all OK */
621 if (ctx->check_issued(ctx, x, obj.data.x509)) {
622 if (x509_check_cert_time(ctx, obj.data.x509, 1)) {
623 *issuer = obj.data.x509;
624 return 1;
625 }
626 }
627 X509_OBJECT_free_contents(&obj);
628
629 /* Else find index of first cert accepted by 'check_issued' */
630 ret = 0;
631 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
632 idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
633 if (idx != -1) { /* should be true as we've had at least one
634 * match */
635 /* Look through all matching certs for suitable issuer */
636 for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) {
637 pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
638 /* See if we've run past the matches */
639 if (pobj->type != X509_LU_X509)
640 break;
641 if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
642 break;
643 if (ctx->check_issued(ctx, x, pobj->data.x509)) {
644 *issuer = pobj->data.x509;
645 ret = 1;
646 /*
647 * If times check, exit with match,
648 * otherwise keep looking. Leave last
649 * match in issuer so we return nearest
650 * match if no certificate time is OK.
651 */
652
653 if (x509_check_cert_time(ctx, *issuer, 1))
654 break;
655 }
656 }
657 }
658 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
659 if (*issuer)
05f0fb9f 660 X509_up_ref(*issuer);
0f113f3e
MC		 661 return ret;
662}
d02b48c6 663
5d7c222d 664int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
0f113f3e
MC		 665{
666 return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
667}
5d7c222d
DSH		 668
669int X509_STORE_set_depth(X509_STORE *ctx, int depth)
0f113f3e
MC		 670{
671 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
672 return 1;
673}
bdee69f7 674
926a56bf 675int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
0f113f3e
MC		 676{
677 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
678}
926a56bf
DSH		 679
680int X509_STORE_set_trust(X509_STORE *ctx, int trust)
0f113f3e
MC		 681{
682 return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
683}
5d7c222d
DSH		 684
685int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
0f113f3e
MC		 686{
687 return X509_VERIFY_PARAM_set1(ctx->param, param);
688}
926a56bf 689
a5b37fca 690void X509_STORE_set_verify_cb(X509_STORE *ctx,
0f113f3e
MC		 691 int (*verify_cb) (int, X509_STORE_CTX *))
692{
693 ctx->verify_cb = verify_cb;
694}
a5b37fca 695
2c340864 696void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
0f113f3e
MC		 697 STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
698 *ctx,
699 X509_NAME *nm))
700{
701 ctx->lookup_crls = cb;
702}
2c340864
DSH		 703
704X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)
0f113f3e
MC		 705{
706 return ctx->ctx;
707}
A mirror of the official openssl repository