]>
Commit | Line | Data |
---|---|---|
b1322259 RS |
1 | /* |
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
d02b48c6 | 3 | * |
b1322259 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
b39fc560 | 11 | #include "internal/cryptlib.h" |
ec577822 BM |
12 | #include <openssl/lhash.h> |
13 | #include <openssl/x509.h> | |
e3e57192 | 14 | #include "internal/x509_int.h" |
926a56bf | 15 | #include <openssl/x509v3.h> |
0930251d | 16 | #include "x509_lcl.h" |
d02b48c6 | 17 | |
6b691a5c | 18 | X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) |
0f113f3e MC |
19 | { |
20 | X509_LOOKUP *ret; | |
21 | ||
64b25758 | 22 | ret = OPENSSL_zalloc(sizeof(*ret)); |
0f113f3e MC |
23 | if (ret == NULL) |
24 | return NULL; | |
25 | ||
0f113f3e | 26 | ret->method = method; |
0f113f3e MC |
27 | if ((method->new_item != NULL) && !method->new_item(ret)) { |
28 | OPENSSL_free(ret); | |
29 | return NULL; | |
30 | } | |
31 | return ret; | |
32 | } | |
d02b48c6 | 33 | |
6b691a5c | 34 | void X509_LOOKUP_free(X509_LOOKUP *ctx) |
0f113f3e MC |
35 | { |
36 | if (ctx == NULL) | |
37 | return; | |
38 | if ((ctx->method != NULL) && (ctx->method->free != NULL)) | |
39 | (*ctx->method->free) (ctx); | |
40 | OPENSSL_free(ctx); | |
41 | } | |
d02b48c6 | 42 | |
3067095e RL |
43 | int X509_STORE_lock(X509_STORE *s) |
44 | { | |
45 | return CRYPTO_THREAD_write_lock(s->lock); | |
46 | } | |
47 | ||
48 | int X509_STORE_unlock(X509_STORE *s) | |
49 | { | |
50 | return CRYPTO_THREAD_unlock(s->lock); | |
51 | } | |
52 | ||
6b691a5c | 53 | int X509_LOOKUP_init(X509_LOOKUP *ctx) |
0f113f3e MC |
54 | { |
55 | if (ctx->method == NULL) | |
56 | return 0; | |
57 | if (ctx->method->init != NULL) | |
58 | return ctx->method->init(ctx); | |
59 | else | |
60 | return 1; | |
61 | } | |
d02b48c6 | 62 | |
6b691a5c | 63 | int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) |
0f113f3e MC |
64 | { |
65 | if (ctx->method == NULL) | |
66 | return 0; | |
67 | if (ctx->method->shutdown != NULL) | |
68 | return ctx->method->shutdown(ctx); | |
69 | else | |
70 | return 1; | |
71 | } | |
d02b48c6 | 72 | |
303c0028 | 73 | int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, |
0f113f3e MC |
74 | char **ret) |
75 | { | |
76 | if (ctx->method == NULL) | |
77 | return -1; | |
78 | if (ctx->method->ctrl != NULL) | |
79 | return ctx->method->ctrl(ctx, cmd, argc, argl, ret); | |
80 | else | |
81 | return 1; | |
82 | } | |
d02b48c6 | 83 | |
6b691a5c | 84 | int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, |
0f113f3e MC |
85 | X509_OBJECT *ret) |
86 | { | |
87 | if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) | |
88 | return X509_LU_FAIL; | |
89 | if (ctx->skip) | |
90 | return 0; | |
91 | return ctx->method->get_by_subject(ctx, type, name, ret); | |
92 | } | |
d02b48c6 | 93 | |
6b691a5c | 94 | int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, |
0f113f3e MC |
95 | ASN1_INTEGER *serial, X509_OBJECT *ret) |
96 | { | |
97 | if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL)) | |
98 | return X509_LU_FAIL; | |
99 | return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret); | |
100 | } | |
d02b48c6 | 101 | |
6b691a5c | 102 | int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, |
0f113f3e MC |
103 | unsigned char *bytes, int len, |
104 | X509_OBJECT *ret) | |
105 | { | |
106 | if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) | |
107 | return X509_LU_FAIL; | |
108 | return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret); | |
109 | } | |
d02b48c6 | 110 | |
6b691a5c | 111 | int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, |
0f113f3e MC |
112 | X509_OBJECT *ret) |
113 | { | |
114 | if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) | |
115 | return X509_LU_FAIL; | |
116 | return ctx->method->get_by_alias(ctx, type, str, len, ret); | |
117 | } | |
118 | ||
119 | static int x509_object_cmp(const X509_OBJECT *const *a, | |
120 | const X509_OBJECT *const *b) | |
121 | { | |
122 | int ret; | |
123 | ||
124 | ret = ((*a)->type - (*b)->type); | |
125 | if (ret) | |
126 | return ret; | |
127 | switch ((*a)->type) { | |
128 | case X509_LU_X509: | |
129 | ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509); | |
130 | break; | |
131 | case X509_LU_CRL: | |
132 | ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl); | |
133 | break; | |
134 | default: | |
135 | /* abort(); */ | |
136 | return 0; | |
137 | } | |
138 | return ret; | |
139 | } | |
d02b48c6 | 140 | |
6b691a5c | 141 | X509_STORE *X509_STORE_new(void) |
0f113f3e MC |
142 | { |
143 | X509_STORE *ret; | |
144 | ||
64b25758 | 145 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) |
0f113f3e | 146 | return NULL; |
90945fa3 MC |
147 | if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) |
148 | goto err; | |
0f113f3e | 149 | ret->cache = 1; |
90945fa3 MC |
150 | if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) |
151 | goto err; | |
0f113f3e MC |
152 | |
153 | if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) | |
90945fa3 | 154 | goto err; |
0f113f3e | 155 | |
90945fa3 MC |
156 | if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) |
157 | goto err; | |
0f113f3e | 158 | |
c001ce33 AG |
159 | ret->lock = CRYPTO_THREAD_lock_new(); |
160 | if (ret->lock == NULL) | |
161 | goto err; | |
162 | ||
0f113f3e MC |
163 | ret->references = 1; |
164 | return ret; | |
c001ce33 | 165 | |
90945fa3 MC |
166 | err: |
167 | X509_VERIFY_PARAM_free(ret->param); | |
168 | sk_X509_OBJECT_free(ret->objs); | |
169 | sk_X509_LOOKUP_free(ret->get_cert_methods); | |
170 | OPENSSL_free(ret); | |
171 | return NULL; | |
0f113f3e | 172 | } |
d02b48c6 | 173 | |
6b691a5c | 174 | static void cleanup(X509_OBJECT *a) |
0f113f3e | 175 | { |
222561fe RS |
176 | if (!a) |
177 | return; | |
0f113f3e MC |
178 | if (a->type == X509_LU_X509) { |
179 | X509_free(a->data.x509); | |
180 | } else if (a->type == X509_LU_CRL) { | |
181 | X509_CRL_free(a->data.crl); | |
182 | } else { | |
183 | /* abort(); */ | |
184 | } | |
185 | ||
186 | OPENSSL_free(a); | |
187 | } | |
d02b48c6 | 188 | |
6b691a5c | 189 | void X509_STORE_free(X509_STORE *vfy) |
0f113f3e MC |
190 | { |
191 | int i; | |
192 | STACK_OF(X509_LOOKUP) *sk; | |
193 | X509_LOOKUP *lu; | |
d02b48c6 | 194 | |
0f113f3e MC |
195 | if (vfy == NULL) |
196 | return; | |
e03ddfae | 197 | |
c001ce33 | 198 | CRYPTO_atomic_add(&vfy->references, -1, &i, vfy->lock); |
f3f1cf84 | 199 | REF_PRINT_COUNT("X509_STORE", vfy); |
0f113f3e MC |
200 | if (i > 0) |
201 | return; | |
f3f1cf84 | 202 | REF_ASSERT_ISNT(i < 0); |
bff9ce4d | 203 | |
0f113f3e MC |
204 | sk = vfy->get_cert_methods; |
205 | for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { | |
206 | lu = sk_X509_LOOKUP_value(sk, i); | |
207 | X509_LOOKUP_shutdown(lu); | |
208 | X509_LOOKUP_free(lu); | |
209 | } | |
210 | sk_X509_LOOKUP_free(sk); | |
211 | sk_X509_OBJECT_pop_free(vfy->objs, cleanup); | |
212 | ||
213 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); | |
222561fe | 214 | X509_VERIFY_PARAM_free(vfy->param); |
c001ce33 | 215 | CRYPTO_THREAD_lock_free(vfy->lock); |
0f113f3e MC |
216 | OPENSSL_free(vfy); |
217 | } | |
d02b48c6 | 218 | |
c001ce33 AG |
219 | int X509_STORE_up_ref(X509_STORE *vfy) |
220 | { | |
221 | int i; | |
222 | ||
223 | if (CRYPTO_atomic_add(&vfy->references, 1, &i, vfy->lock) <= 0) | |
224 | return 0; | |
225 | ||
226 | REF_PRINT_COUNT("X509_STORE", a); | |
227 | REF_ASSERT_ISNT(i < 2); | |
228 | return ((i > 1) ? 1 : 0); | |
229 | } | |
230 | ||
6b691a5c | 231 | X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) |
0f113f3e MC |
232 | { |
233 | int i; | |
234 | STACK_OF(X509_LOOKUP) *sk; | |
235 | X509_LOOKUP *lu; | |
236 | ||
237 | sk = v->get_cert_methods; | |
238 | for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { | |
239 | lu = sk_X509_LOOKUP_value(sk, i); | |
240 | if (m == lu->method) { | |
241 | return lu; | |
242 | } | |
243 | } | |
244 | /* a new one */ | |
245 | lu = X509_LOOKUP_new(m); | |
246 | if (lu == NULL) | |
247 | return NULL; | |
248 | else { | |
249 | lu->store_ctx = v; | |
250 | if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) | |
251 | return lu; | |
252 | else { | |
253 | X509_LOOKUP_free(lu); | |
254 | return NULL; | |
255 | } | |
256 | } | |
257 | } | |
d02b48c6 | 258 | |
6ddbb4cd RS |
259 | X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, int type, |
260 | X509_NAME *name) | |
f0e0fd51 | 261 | { |
6ddbb4cd | 262 | X509_OBJECT *ret = X509_OBJECT_new(); |
f0e0fd51 | 263 | |
6ddbb4cd | 264 | if (ret == NULL) |
f0e0fd51 | 265 | return NULL; |
6ddbb4cd RS |
266 | if (!X509_STORE_CTX_get_by_subject(vs, type, name, ret)) { |
267 | X509_OBJECT_free(ret); | |
f0e0fd51 RS |
268 | return NULL; |
269 | } | |
270 | return ret; | |
271 | } | |
272 | ||
6ddbb4cd RS |
273 | int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, |
274 | X509_NAME *name, X509_OBJECT *ret) | |
0f113f3e MC |
275 | { |
276 | X509_STORE *ctx = vs->ctx; | |
277 | X509_LOOKUP *lu; | |
278 | X509_OBJECT stmp, *tmp; | |
279 | int i, j; | |
280 | ||
c001ce33 | 281 | CRYPTO_THREAD_write_lock(ctx->lock); |
0f113f3e | 282 | tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); |
c001ce33 | 283 | CRYPTO_THREAD_unlock(ctx->lock); |
0f113f3e MC |
284 | |
285 | if (tmp == NULL || type == X509_LU_CRL) { | |
286 | for (i = vs->current_method; | |
287 | i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { | |
288 | lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); | |
289 | j = X509_LOOKUP_by_subject(lu, type, name, &stmp); | |
290 | if (j < 0) { | |
291 | vs->current_method = j; | |
292 | return j; | |
293 | } else if (j) { | |
294 | tmp = &stmp; | |
295 | break; | |
296 | } | |
297 | } | |
298 | vs->current_method = 0; | |
299 | if (tmp == NULL) | |
300 | return 0; | |
301 | } | |
302 | ||
0f113f3e MC |
303 | ret->type = tmp->type; |
304 | ret->data.ptr = tmp->data.ptr; | |
305 | ||
306 | X509_OBJECT_up_ref_count(ret); | |
307 | ||
308 | return 1; | |
309 | } | |
d02b48c6 | 310 | |
2f043896 | 311 | int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) |
0f113f3e MC |
312 | { |
313 | X509_OBJECT *obj; | |
68efafc5 | 314 | int ret = 1, added = 1; |
0f113f3e MC |
315 | |
316 | if (x == NULL) | |
317 | return 0; | |
6ddbb4cd RS |
318 | obj = X509_OBJECT_new(); |
319 | if (obj == NULL) | |
0f113f3e | 320 | return 0; |
0f113f3e MC |
321 | obj->type = X509_LU_X509; |
322 | obj->data.x509 = x; | |
68efafc5 | 323 | X509_OBJECT_up_ref_count(obj); |
0f113f3e | 324 | |
c001ce33 | 325 | CRYPTO_THREAD_write_lock(ctx->lock); |
0f113f3e | 326 | |
0f113f3e | 327 | if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { |
0f113f3e MC |
328 | X509err(X509_F_X509_STORE_ADD_CERT, |
329 | X509_R_CERT_ALREADY_IN_HASH_TABLE); | |
330 | ret = 0; | |
68efafc5 F |
331 | } else { |
332 | added = sk_X509_OBJECT_push(ctx->objs, obj); | |
333 | ret = added != 0; | |
334 | } | |
0f113f3e | 335 | |
c001ce33 | 336 | CRYPTO_THREAD_unlock(ctx->lock); |
0f113f3e | 337 | |
68efafc5 F |
338 | if (!ret) /* obj not pushed */ |
339 | X509_OBJECT_free(obj); | |
340 | if (!added) /* on push failure */ | |
341 | X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); | |
342 | ||
0f113f3e MC |
343 | return ret; |
344 | } | |
2f043896 DSH |
345 | |
346 | int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) | |
0f113f3e MC |
347 | { |
348 | X509_OBJECT *obj; | |
68efafc5 | 349 | int ret = 1, added = 1; |
0f113f3e MC |
350 | |
351 | if (x == NULL) | |
352 | return 0; | |
6ddbb4cd RS |
353 | obj = X509_OBJECT_new(); |
354 | if (obj == NULL) | |
0f113f3e | 355 | return 0; |
0f113f3e MC |
356 | obj->type = X509_LU_CRL; |
357 | obj->data.crl = x; | |
68efafc5 | 358 | X509_OBJECT_up_ref_count(obj); |
0f113f3e | 359 | |
c001ce33 | 360 | CRYPTO_THREAD_write_lock(ctx->lock); |
0f113f3e | 361 | |
0f113f3e | 362 | if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { |
0f113f3e MC |
363 | X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE); |
364 | ret = 0; | |
68efafc5 F |
365 | } else { |
366 | added = sk_X509_OBJECT_push(ctx->objs, obj); | |
367 | ret = added != 0; | |
368 | } | |
0f113f3e | 369 | |
c001ce33 | 370 | CRYPTO_THREAD_unlock(ctx->lock); |
0f113f3e | 371 | |
68efafc5 F |
372 | if (!ret) /* obj not pushed */ |
373 | X509_OBJECT_free(obj); | |
374 | if (!added) /* on push failure */ | |
375 | X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); | |
376 | ||
0f113f3e MC |
377 | return ret; |
378 | } | |
2f043896 | 379 | |
c5ebfcab | 380 | int X509_OBJECT_up_ref_count(X509_OBJECT *a) |
0f113f3e MC |
381 | { |
382 | switch (a->type) { | |
bca3f06b RS |
383 | default: |
384 | break; | |
0f113f3e | 385 | case X509_LU_X509: |
c5ebfcab | 386 | return X509_up_ref(a->data.x509); |
0f113f3e | 387 | case X509_LU_CRL: |
c5ebfcab | 388 | return X509_CRL_up_ref(a->data.crl); |
0f113f3e | 389 | } |
c5ebfcab | 390 | return 1; |
0f113f3e | 391 | } |
d02b48c6 | 392 | |
7d7da288 | 393 | X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a) |
f0e0fd51 | 394 | { |
6ddbb4cd RS |
395 | if (a == NULL || a->type != X509_LU_X509) |
396 | return NULL; | |
f0e0fd51 RS |
397 | return a->data.x509; |
398 | } | |
399 | ||
6ddbb4cd RS |
400 | X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a) |
401 | { | |
402 | if (a == NULL || a->type != X509_LU_CRL) | |
403 | return NULL; | |
404 | return a->data.crl; | |
405 | } | |
406 | ||
7d7da288 | 407 | int X509_OBJECT_get_type(const X509_OBJECT *a) |
f0c58c32 CH |
408 | { |
409 | return a->type; | |
410 | } | |
411 | ||
6ddbb4cd | 412 | X509_OBJECT *X509_OBJECT_new() |
f0e0fd51 | 413 | { |
6ddbb4cd RS |
414 | X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret)); |
415 | ||
416 | if (ret == NULL) { | |
417 | X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE); | |
418 | return NULL; | |
419 | } | |
420 | ret->type = X509_LU_FAIL; | |
421 | return ret; | |
f0e0fd51 RS |
422 | } |
423 | ||
6ddbb4cd RS |
424 | |
425 | void X509_OBJECT_free(X509_OBJECT *a) | |
0f113f3e | 426 | { |
f0e0fd51 | 427 | if (a == NULL) |
222561fe | 428 | return; |
0f113f3e | 429 | switch (a->type) { |
bca3f06b RS |
430 | default: |
431 | break; | |
0f113f3e MC |
432 | case X509_LU_X509: |
433 | X509_free(a->data.x509); | |
434 | break; | |
435 | case X509_LU_CRL: | |
436 | X509_CRL_free(a->data.crl); | |
437 | break; | |
438 | } | |
6ddbb4cd | 439 | OPENSSL_free(a); |
0f113f3e | 440 | } |
d02b48c6 | 441 | |
4d50a2b4 | 442 | static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, |
0f113f3e MC |
443 | X509_NAME *name, int *pnmatch) |
444 | { | |
445 | X509_OBJECT stmp; | |
446 | X509 x509_s; | |
0f113f3e | 447 | X509_CRL crl_s; |
0f113f3e MC |
448 | int idx; |
449 | ||
450 | stmp.type = type; | |
451 | switch (type) { | |
452 | case X509_LU_X509: | |
453 | stmp.data.x509 = &x509_s; | |
5cf6abd8 | 454 | x509_s.cert_info.subject = name; |
0f113f3e MC |
455 | break; |
456 | case X509_LU_CRL: | |
457 | stmp.data.crl = &crl_s; | |
7aef39a7 | 458 | crl_s.crl.issuer = name; |
0f113f3e MC |
459 | break; |
460 | default: | |
461 | /* abort(); */ | |
462 | return -1; | |
463 | } | |
464 | ||
465 | idx = sk_X509_OBJECT_find(h, &stmp); | |
466 | if (idx >= 0 && pnmatch) { | |
467 | int tidx; | |
468 | const X509_OBJECT *tobj, *pstmp; | |
469 | *pnmatch = 1; | |
470 | pstmp = &stmp; | |
471 | for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++) { | |
472 | tobj = sk_X509_OBJECT_value(h, tidx); | |
473 | if (x509_object_cmp(&tobj, &pstmp)) | |
474 | break; | |
475 | (*pnmatch)++; | |
476 | } | |
477 | } | |
478 | return idx; | |
479 | } | |
4d50a2b4 DSH |
480 | |
481 | int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, | |
0f113f3e MC |
482 | X509_NAME *name) |
483 | { | |
484 | return x509_object_idx_cnt(h, type, name, NULL); | |
485 | } | |
486 | ||
487 | X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, | |
488 | int type, X509_NAME *name) | |
489 | { | |
490 | int idx; | |
491 | idx = X509_OBJECT_idx_by_subject(h, type, name); | |
492 | if (idx == -1) | |
493 | return NULL; | |
494 | return sk_X509_OBJECT_value(h, idx); | |
495 | } | |
11262391 | 496 | |
f0c58c32 CH |
497 | STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v) |
498 | { | |
499 | return v->objs; | |
500 | } | |
501 | ||
6ddbb4cd | 502 | STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) |
0f113f3e MC |
503 | { |
504 | int i, idx, cnt; | |
6ddbb4cd | 505 | STACK_OF(X509) *sk = NULL; |
0f113f3e MC |
506 | X509 *x; |
507 | X509_OBJECT *obj; | |
6ddbb4cd | 508 | |
c001ce33 | 509 | CRYPTO_THREAD_write_lock(ctx->ctx->lock); |
0f113f3e MC |
510 | idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); |
511 | if (idx < 0) { | |
512 | /* | |
513 | * Nothing found in cache: do lookup to possibly add new objects to | |
514 | * cache | |
515 | */ | |
6ddbb4cd RS |
516 | X509_OBJECT *xobj = X509_OBJECT_new(); |
517 | ||
c001ce33 | 518 | CRYPTO_THREAD_unlock(ctx->ctx->lock); |
6ddbb4cd RS |
519 | if (xobj == NULL) |
520 | return NULL; | |
521 | if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) { | |
522 | X509_OBJECT_free(xobj); | |
0f113f3e MC |
523 | return NULL; |
524 | } | |
6ddbb4cd | 525 | X509_OBJECT_free(xobj); |
c001ce33 | 526 | CRYPTO_THREAD_write_lock(ctx->ctx->lock); |
0f113f3e MC |
527 | idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); |
528 | if (idx < 0) { | |
c001ce33 | 529 | CRYPTO_THREAD_unlock(ctx->ctx->lock); |
0f113f3e MC |
530 | return NULL; |
531 | } | |
532 | } | |
6ddbb4cd RS |
533 | |
534 | sk = sk_X509_new_null(); | |
0f113f3e MC |
535 | for (i = 0; i < cnt; i++, idx++) { |
536 | obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); | |
537 | x = obj->data.x509; | |
05f0fb9f | 538 | X509_up_ref(x); |
0f113f3e | 539 | if (!sk_X509_push(sk, x)) { |
c001ce33 | 540 | CRYPTO_THREAD_unlock(ctx->ctx->lock); |
0f113f3e MC |
541 | X509_free(x); |
542 | sk_X509_pop_free(sk, X509_free); | |
543 | return NULL; | |
544 | } | |
545 | } | |
c001ce33 | 546 | CRYPTO_THREAD_unlock(ctx->ctx->lock); |
0f113f3e | 547 | return sk; |
0f113f3e | 548 | } |
4d50a2b4 | 549 | |
6ddbb4cd | 550 | STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) |
0f113f3e MC |
551 | { |
552 | int i, idx, cnt; | |
6ddbb4cd | 553 | STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); |
0f113f3e | 554 | X509_CRL *x; |
6ddbb4cd | 555 | X509_OBJECT *obj, *xobj = X509_OBJECT_new(); |
0f113f3e | 556 | |
6ddbb4cd RS |
557 | /* Always do lookup to possibly add new CRLs to cache */ |
558 | if (sk == NULL || xobj == NULL || | |
559 | !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { | |
560 | X509_OBJECT_free(xobj); | |
0f113f3e MC |
561 | sk_X509_CRL_free(sk); |
562 | return NULL; | |
563 | } | |
6ddbb4cd | 564 | X509_OBJECT_free(xobj); |
c001ce33 | 565 | CRYPTO_THREAD_write_lock(ctx->ctx->lock); |
0f113f3e MC |
566 | idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); |
567 | if (idx < 0) { | |
c001ce33 | 568 | CRYPTO_THREAD_unlock(ctx->ctx->lock); |
0f113f3e MC |
569 | sk_X509_CRL_free(sk); |
570 | return NULL; | |
571 | } | |
572 | ||
573 | for (i = 0; i < cnt; i++, idx++) { | |
574 | obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); | |
575 | x = obj->data.crl; | |
65cbf983 | 576 | X509_CRL_up_ref(x); |
0f113f3e | 577 | if (!sk_X509_CRL_push(sk, x)) { |
c001ce33 | 578 | CRYPTO_THREAD_unlock(ctx->ctx->lock); |
0f113f3e MC |
579 | X509_CRL_free(x); |
580 | sk_X509_CRL_pop_free(sk, X509_CRL_free); | |
581 | return NULL; | |
582 | } | |
583 | } | |
c001ce33 | 584 | CRYPTO_THREAD_unlock(ctx->ctx->lock); |
0f113f3e MC |
585 | return sk; |
586 | } | |
587 | ||
588 | X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, | |
589 | X509_OBJECT *x) | |
590 | { | |
591 | int idx, i; | |
592 | X509_OBJECT *obj; | |
593 | idx = sk_X509_OBJECT_find(h, x); | |
594 | if (idx == -1) | |
595 | return NULL; | |
596 | if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) | |
597 | return sk_X509_OBJECT_value(h, idx); | |
598 | for (i = idx; i < sk_X509_OBJECT_num(h); i++) { | |
599 | obj = sk_X509_OBJECT_value(h, i); | |
600 | if (x509_object_cmp | |
601 | ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) | |
602 | return NULL; | |
603 | if (x->type == X509_LU_X509) { | |
604 | if (!X509_cmp(obj->data.x509, x->data.x509)) | |
605 | return obj; | |
606 | } else if (x->type == X509_LU_CRL) { | |
607 | if (!X509_CRL_match(obj->data.crl, x->data.crl)) | |
608 | return obj; | |
609 | } else | |
610 | return obj; | |
611 | } | |
612 | return NULL; | |
613 | } | |
d02b48c6 | 614 | |
1d97c843 TH |
615 | /*- |
616 | * Try to get issuer certificate from store. Due to limitations | |
2f043896 DSH |
617 | * of the API this can only retrieve a single certificate matching |
618 | * a given subject name. However it will fill the cache with all | |
a8397553 | 619 | * matching certificates, so we can examine the cache for all |
2f043896 DSH |
620 | * matches. |
621 | * | |
622 | * Return values are: | |
623 | * 1 lookup successful. | |
624 | * 0 certificate not found. | |
625 | * -1 some other error. | |
626 | */ | |
2f043896 | 627 | int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) |
0f113f3e MC |
628 | { |
629 | X509_NAME *xn; | |
6ddbb4cd | 630 | X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL; |
0f113f3e | 631 | int i, ok, idx, ret; |
f0e0fd51 | 632 | |
6ddbb4cd RS |
633 | if (obj == NULL) |
634 | return -1; | |
0f113f3e MC |
635 | *issuer = NULL; |
636 | xn = X509_get_issuer_name(x); | |
6ddbb4cd | 637 | ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj); |
0f113f3e | 638 | if (ok != X509_LU_X509) { |
6ddbb4cd | 639 | X509_OBJECT_free(obj); |
0f113f3e | 640 | if (ok == X509_LU_RETRY) { |
0f113f3e MC |
641 | X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY); |
642 | return -1; | |
6ddbb4cd RS |
643 | } |
644 | if (ok != X509_LU_FAIL) { | |
0f113f3e MC |
645 | /* not good :-(, break anyway */ |
646 | return -1; | |
647 | } | |
648 | return 0; | |
649 | } | |
650 | /* If certificate matches all OK */ | |
6ddbb4cd RS |
651 | if (ctx->check_issued(ctx, x, obj->data.x509)) { |
652 | if (x509_check_cert_time(ctx, obj->data.x509, -1)) { | |
653 | *issuer = obj->data.x509; | |
654 | X509_up_ref(*issuer); | |
655 | X509_OBJECT_free(obj); | |
0f113f3e MC |
656 | return 1; |
657 | } | |
658 | } | |
6ddbb4cd | 659 | X509_OBJECT_free(obj); |
0f113f3e MC |
660 | |
661 | /* Else find index of first cert accepted by 'check_issued' */ | |
662 | ret = 0; | |
c001ce33 | 663 | CRYPTO_THREAD_write_lock(ctx->ctx->lock); |
0f113f3e MC |
664 | idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); |
665 | if (idx != -1) { /* should be true as we've had at least one | |
666 | * match */ | |
667 | /* Look through all matching certs for suitable issuer */ | |
668 | for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) { | |
669 | pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); | |
670 | /* See if we've run past the matches */ | |
671 | if (pobj->type != X509_LU_X509) | |
672 | break; | |
673 | if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) | |
674 | break; | |
675 | if (ctx->check_issued(ctx, x, pobj->data.x509)) { | |
676 | *issuer = pobj->data.x509; | |
677 | ret = 1; | |
678 | /* | |
679 | * If times check, exit with match, | |
680 | * otherwise keep looking. Leave last | |
681 | * match in issuer so we return nearest | |
682 | * match if no certificate time is OK. | |
683 | */ | |
684 | ||
70dd3c65 | 685 | if (x509_check_cert_time(ctx, *issuer, -1)) |
0f113f3e MC |
686 | break; |
687 | } | |
688 | } | |
689 | } | |
c001ce33 | 690 | CRYPTO_THREAD_unlock(ctx->ctx->lock); |
0f113f3e | 691 | if (*issuer) |
05f0fb9f | 692 | X509_up_ref(*issuer); |
0f113f3e MC |
693 | return ret; |
694 | } | |
d02b48c6 | 695 | |
5d7c222d | 696 | int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) |
0f113f3e MC |
697 | { |
698 | return X509_VERIFY_PARAM_set_flags(ctx->param, flags); | |
699 | } | |
5d7c222d DSH |
700 | |
701 | int X509_STORE_set_depth(X509_STORE *ctx, int depth) | |
0f113f3e MC |
702 | { |
703 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); | |
704 | return 1; | |
705 | } | |
bdee69f7 | 706 | |
926a56bf | 707 | int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) |
0f113f3e MC |
708 | { |
709 | return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); | |
710 | } | |
926a56bf DSH |
711 | |
712 | int X509_STORE_set_trust(X509_STORE *ctx, int trust) | |
0f113f3e MC |
713 | { |
714 | return X509_VERIFY_PARAM_set_trust(ctx->param, trust); | |
715 | } | |
5d7c222d DSH |
716 | |
717 | int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) | |
0f113f3e MC |
718 | { |
719 | return X509_VERIFY_PARAM_set1(ctx->param, param); | |
720 | } | |
926a56bf | 721 | |
f0c58c32 CH |
722 | X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx) |
723 | { | |
724 | return ctx->param; | |
725 | } | |
726 | ||
1060a50b RL |
727 | void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify) |
728 | { | |
729 | ctx->verify = verify; | |
730 | } | |
731 | ||
732 | X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx) | |
733 | { | |
734 | return ctx->verify; | |
735 | } | |
736 | ||
a5b37fca | 737 | void X509_STORE_set_verify_cb(X509_STORE *ctx, |
1060a50b | 738 | X509_STORE_CTX_verify_cb verify_cb) |
0f113f3e MC |
739 | { |
740 | ctx->verify_cb = verify_cb; | |
741 | } | |
a5b37fca | 742 | |
1060a50b | 743 | X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx) |
7cafbb4b | 744 | { |
1060a50b RL |
745 | return ctx->verify_cb; |
746 | } | |
747 | ||
748 | void X509_STORE_set_get_issuer(X509_STORE *ctx, | |
749 | X509_STORE_CTX_get_issuer_fn get_issuer) | |
750 | { | |
751 | ctx->get_issuer = get_issuer; | |
752 | } | |
753 | ||
754 | X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx) | |
755 | { | |
756 | return ctx->get_issuer; | |
757 | } | |
758 | ||
759 | void X509_STORE_set_check_issued(X509_STORE *ctx, | |
760 | X509_STORE_CTX_check_issued_fn check_issued) | |
761 | { | |
762 | ctx->check_issued = check_issued; | |
763 | } | |
764 | ||
765 | X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx) | |
766 | { | |
767 | return ctx->check_issued; | |
768 | } | |
769 | ||
770 | void X509_STORE_set_check_revocation(X509_STORE *ctx, | |
771 | X509_STORE_CTX_check_revocation_fn check_revocation) | |
772 | { | |
773 | ctx->check_revocation = check_revocation; | |
774 | } | |
775 | ||
776 | X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx) | |
777 | { | |
778 | return ctx->check_revocation; | |
779 | } | |
780 | ||
781 | void X509_STORE_set_get_crl(X509_STORE *ctx, | |
782 | X509_STORE_CTX_get_crl_fn get_crl) | |
783 | { | |
784 | ctx->get_crl = get_crl; | |
785 | } | |
786 | ||
787 | X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx) | |
788 | { | |
789 | return ctx->get_crl; | |
790 | } | |
791 | ||
792 | void X509_STORE_set_check_crl(X509_STORE *ctx, | |
793 | X509_STORE_CTX_check_crl_fn check_crl) | |
794 | { | |
795 | ctx->check_crl = check_crl; | |
796 | } | |
797 | ||
798 | X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx) | |
799 | { | |
800 | return ctx->check_crl; | |
801 | } | |
802 | ||
803 | void X509_STORE_set_cert_crl(X509_STORE *ctx, | |
804 | X509_STORE_CTX_cert_crl_fn cert_crl) | |
805 | { | |
806 | ctx->cert_crl = cert_crl; | |
807 | } | |
808 | ||
809 | X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx) | |
810 | { | |
811 | return ctx->cert_crl; | |
812 | } | |
813 | ||
0a5fe2eb RL |
814 | void X509_STORE_set_check_policy(X509_STORE *ctx, |
815 | X509_STORE_CTX_check_policy_fn check_policy) | |
816 | { | |
817 | ctx->check_policy = check_policy; | |
818 | } | |
819 | ||
820 | X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx) | |
821 | { | |
822 | return ctx->check_policy; | |
823 | } | |
824 | ||
1060a50b RL |
825 | void X509_STORE_set_lookup_certs(X509_STORE *ctx, |
826 | X509_STORE_CTX_lookup_certs_fn lookup_certs) | |
827 | { | |
828 | ctx->lookup_certs = lookup_certs; | |
829 | } | |
830 | ||
831 | X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx) | |
832 | { | |
833 | return ctx->lookup_certs; | |
834 | } | |
835 | ||
836 | void X509_STORE_set_lookup_crls(X509_STORE *ctx, | |
837 | X509_STORE_CTX_lookup_crls_fn lookup_crls) | |
838 | { | |
839 | ctx->lookup_crls = lookup_crls; | |
840 | } | |
841 | ||
842 | X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx) | |
843 | { | |
844 | return ctx->lookup_crls; | |
845 | } | |
846 | ||
847 | void X509_STORE_set_cleanup(X509_STORE *ctx, | |
848 | X509_STORE_CTX_cleanup_fn ctx_cleanup) | |
849 | { | |
850 | ctx->cleanup = ctx_cleanup; | |
7cafbb4b MC |
851 | } |
852 | ||
1060a50b | 853 | X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx) |
0f113f3e | 854 | { |
1060a50b | 855 | return ctx->cleanup; |
0f113f3e | 856 | } |
2c340864 | 857 | |
3aec886e KY |
858 | int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data) |
859 | { | |
860 | return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); | |
861 | } | |
862 | ||
863 | void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx) | |
864 | { | |
865 | return CRYPTO_get_ex_data(&ctx->ex_data, idx); | |
866 | } | |
867 | ||
2c340864 | 868 | X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx) |
0f113f3e MC |
869 | { |
870 | return ctx->ctx; | |
871 | } |