]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/x509/x509_lu.c
projects / thirdparty / openssl.git / blob
? search:


fbeed018f57e38cc2eaca93c21e23d1e0ef04533
[thirdparty/openssl.git] / crypto / x509 / x509_lu.c
1 /*
2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include "internal/refcount.h"
13 #include <openssl/x509.h>
14 #include "internal/x509_int.h"
15 #include <openssl/x509v3.h>
16 #include "x509_lcl.h"
17
18 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
19 {
20 X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(*ret));
21
22 if (ret == NULL) {
23 X509err(X509_F_X509_LOOKUP_NEW, ERR_R_MALLOC_FAILURE);
24 return NULL;
25 }
26
27 ret->method = method;
28 if (method->new_item != NULL && method->new_item(ret) == 0) {
29 OPENSSL_free(ret);
30 return NULL;
31 }
32 return ret;
33 }
34
35 void X509_LOOKUP_free(X509_LOOKUP *ctx)
36 {
37 if (ctx == NULL)
38 return;
39 if ((ctx->method != NULL) && (ctx->method->free != NULL))
40 (*ctx->method->free) (ctx);
41 OPENSSL_free(ctx);
42 }
43
44 int X509_STORE_lock(X509_STORE *s)
45 {
46 return CRYPTO_THREAD_write_lock(s->lock);
47 }
48
49 int X509_STORE_unlock(X509_STORE *s)
50 {
51 return CRYPTO_THREAD_unlock(s->lock);
52 }
53
54 int X509_LOOKUP_init(X509_LOOKUP *ctx)
55 {
56 if (ctx->method == NULL)
57 return 0;
58 if (ctx->method->init != NULL)
59 return ctx->method->init(ctx);
60 else
61 return 1;
62 }
63
64 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
65 {
66 if (ctx->method == NULL)
67 return 0;
68 if (ctx->method->shutdown != NULL)
69 return ctx->method->shutdown(ctx);
70 else
71 return 1;
72 }
73
74 int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
75 char **ret)
76 {
77 if (ctx->method == NULL)
78 return -1;
79 if (ctx->method->ctrl != NULL)
80 return ctx->method->ctrl(ctx, cmd, argc, argl, ret);
81 else
82 return 1;
83 }
84
85 int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
86 X509_NAME *name, X509_OBJECT *ret)
87 {
88 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
89 return 0;
90 if (ctx->skip)
91 return 0;
92 return ctx->method->get_by_subject(ctx, type, name, ret);
93 }
94
95 int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
96 X509_NAME *name, ASN1_INTEGER *serial,
97 X509_OBJECT *ret)
98 {
99 if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
100 return 0;
101 return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
102 }
103
104 int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
105 const unsigned char *bytes, int len,
106 X509_OBJECT *ret)
107 {
108 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
109 return 0;
110 return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
111 }
112
113 int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
114 const char *str, int len, X509_OBJECT *ret)
115 {
116 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
117 return 0;
118 return ctx->method->get_by_alias(ctx, type, str, len, ret);
119 }
120
121 static int x509_object_cmp(const X509_OBJECT *const *a,
122 const X509_OBJECT *const *b)
123 {
124 int ret;
125
126 ret = ((*a)->type - (*b)->type);
127 if (ret)
128 return ret;
129 switch ((*a)->type) {
130 case X509_LU_X509:
131 ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);
132 break;
133 case X509_LU_CRL:
134 ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
135 break;
136 case X509_LU_NONE:
137 /* abort(); */
138 return 0;
139 }
140 return ret;
141 }
142
143 X509_STORE *X509_STORE_new(void)
144 {
145 X509_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
146
147 if (ret == NULL) {
148 X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
149 return NULL;
150 }
151 if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) {
152 X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
153 goto err;
154 }
155 ret->cache = 1;
156 if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) {
157 X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
158 goto err;
159 }
160
161 if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) {
162 X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
163 goto err;
164 }
165 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) {
166 X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
167 goto err;
168 }
169
170 ret->lock = CRYPTO_THREAD_lock_new();
171 if (ret->lock == NULL) {
172 X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
173 goto err;
174 }
175
176 ret->references = 1;
177 return ret;
178
179 err:
180 X509_VERIFY_PARAM_free(ret->param);
181 sk_X509_OBJECT_free(ret->objs);
182 sk_X509_LOOKUP_free(ret->get_cert_methods);
183 OPENSSL_free(ret);
184 return NULL;
185 }
186
187 void X509_STORE_free(X509_STORE *vfy)
188 {
189 int i;
190 STACK_OF(X509_LOOKUP) *sk;
191 X509_LOOKUP *lu;
192
193 if (vfy == NULL)
194 return;
195 CRYPTO_DOWN_REF(&vfy->references, &i, vfy->lock);
196 REF_PRINT_COUNT("X509_STORE", vfy);
197 if (i > 0)
198 return;
199 REF_ASSERT_ISNT(i < 0);
200
201 sk = vfy->get_cert_methods;
202 for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
203 lu = sk_X509_LOOKUP_value(sk, i);
204 X509_LOOKUP_shutdown(lu);
205 X509_LOOKUP_free(lu);
206 }
207 sk_X509_LOOKUP_free(sk);
208 sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free);
209
210 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
211 X509_VERIFY_PARAM_free(vfy->param);
212 CRYPTO_THREAD_lock_free(vfy->lock);
213 OPENSSL_free(vfy);
214 }
215
216 int X509_STORE_up_ref(X509_STORE *vfy)
217 {
218 int i;
219
220 if (CRYPTO_UP_REF(&vfy->references, &i, vfy->lock) <= 0)
221 return 0;
222
223 REF_PRINT_COUNT("X509_STORE", a);
224 REF_ASSERT_ISNT(i < 2);
225 return ((i > 1) ? 1 : 0);
226 }
227
228 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
229 {
230 int i;
231 STACK_OF(X509_LOOKUP) *sk;
232 X509_LOOKUP *lu;
233
234 sk = v->get_cert_methods;
235 for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
236 lu = sk_X509_LOOKUP_value(sk, i);
237 if (m == lu->method) {
238 return lu;
239 }
240 }
241 /* a new one */
242 lu = X509_LOOKUP_new(m);
243 if (lu == NULL) {
244 X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
245 return NULL;
246 }
247
248 lu->store_ctx = v;
249 if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
250 return lu;
251 /* malloc failed */
252 X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
253 X509_LOOKUP_free(lu);
254 return NULL;
255 }
256
257 X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
258 X509_LOOKUP_TYPE type,
259 X509_NAME *name)
260 {
261 X509_OBJECT *ret = X509_OBJECT_new();
262
263 if (ret == NULL)
264 return NULL;
265 if (!X509_STORE_CTX_get_by_subject(vs, type, name, ret)) {
266 X509_OBJECT_free(ret);
267 return NULL;
268 }
269 return ret;
270 }
271
272 int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
273 X509_NAME *name, X509_OBJECT *ret)
274 {
275 X509_STORE *ctx = vs->ctx;
276 X509_LOOKUP *lu;
277 X509_OBJECT stmp, *tmp;
278 int i, j;
279
280 if (ctx == NULL)
281 return 0;
282
283 CRYPTO_THREAD_write_lock(ctx->lock);
284 tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
285 CRYPTO_THREAD_unlock(ctx->lock);
286
287 if (tmp == NULL || type == X509_LU_CRL) {
288 for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
289 lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
290 j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
291 if (j) {
292 tmp = &stmp;
293 break;
294 }
295 }
296 if (tmp == NULL)
297 return 0;
298 }
299
300 ret->type = tmp->type;
301 ret->data.ptr = tmp->data.ptr;
302
303 X509_OBJECT_up_ref_count(ret);
304
305 return 1;
306 }
307
308 static int x509_store_add(X509_STORE *ctx, void *x, int crl) {
309 X509_OBJECT *obj;
310 int ret = 0, added = 0;
311
312 if (x == NULL)
313 return 0;
314 obj = X509_OBJECT_new();
315 if (obj == NULL)
316 return 0;
317
318 if (crl) {
319 obj->type = X509_LU_CRL;
320 obj->data.crl = (X509_CRL *)x;
321 } else {
322 obj->type = X509_LU_X509;
323 obj->data.x509 = (X509 *)x;
324 }
325 X509_OBJECT_up_ref_count(obj);
326
327 CRYPTO_THREAD_write_lock(ctx->lock);
328
329 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
330 ret = 1;
331 } else {
332 added = sk_X509_OBJECT_push(ctx->objs, obj);
333 ret = added != 0;
334 }
335
336 CRYPTO_THREAD_unlock(ctx->lock);
337
338 if (added == 0) /* obj not pushed */
339 X509_OBJECT_free(obj);
340
341 return ret;
342 }
343
344 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
345 {
346 if (!x509_store_add(ctx, x, 0)) {
347 X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
348 return 0;
349 }
350 return 1;
351 }
352
353 int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
354 {
355 if (!x509_store_add(ctx, x, 1)) {
356 X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
357 return 0;
358 }
359 return 1;
360 }
361
362 int X509_OBJECT_up_ref_count(X509_OBJECT *a)
363 {
364 switch (a->type) {
365 case X509_LU_NONE:
366 break;
367 case X509_LU_X509:
368 return X509_up_ref(a->data.x509);
369 case X509_LU_CRL:
370 return X509_CRL_up_ref(a->data.crl);
371 }
372 return 1;
373 }
374
375 X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
376 {
377 if (a == NULL || a->type != X509_LU_X509)
378 return NULL;
379 return a->data.x509;
380 }
381
382 X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a)
383 {
384 if (a == NULL || a->type != X509_LU_CRL)
385 return NULL;
386 return a->data.crl;
387 }
388
389 X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a)
390 {
391 return a->type;
392 }
393
394 X509_OBJECT *X509_OBJECT_new()
395 {
396 X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret));
397
398 if (ret == NULL) {
399 X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
400 return NULL;
401 }
402 ret->type = X509_LU_NONE;
403 return ret;
404 }
405
406
407 void X509_OBJECT_free(X509_OBJECT *a)
408 {
409 if (a == NULL)
410 return;
411 switch (a->type) {
412 case X509_LU_NONE:
413 break;
414 case X509_LU_X509:
415 X509_free(a->data.x509);
416 break;
417 case X509_LU_CRL:
418 X509_CRL_free(a->data.crl);
419 break;
420 }
421 OPENSSL_free(a);
422 }
423
424 static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
425 X509_NAME *name, int *pnmatch)
426 {
427 X509_OBJECT stmp;
428 X509 x509_s;
429 X509_CRL crl_s;
430 int idx;
431
432 stmp.type = type;
433 switch (type) {
434 case X509_LU_X509:
435 stmp.data.x509 = &x509_s;
436 x509_s.cert_info.subject = name;
437 break;
438 case X509_LU_CRL:
439 stmp.data.crl = &crl_s;
440 crl_s.crl.issuer = name;
441 break;
442 case X509_LU_NONE:
443 /* abort(); */
444 return -1;
445 }
446
447 idx = sk_X509_OBJECT_find(h, &stmp);
448 if (idx >= 0 && pnmatch) {
449 int tidx;
450 const X509_OBJECT *tobj, *pstmp;
451 *pnmatch = 1;
452 pstmp = &stmp;
453 for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++) {
454 tobj = sk_X509_OBJECT_value(h, tidx);
455 if (x509_object_cmp(&tobj, &pstmp))
456 break;
457 (*pnmatch)++;
458 }
459 }
460 return idx;
461 }
462
463 int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
464 X509_NAME *name)
465 {
466 return x509_object_idx_cnt(h, type, name, NULL);
467 }
468
469 X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
470 X509_LOOKUP_TYPE type,
471 X509_NAME *name)
472 {
473 int idx;
474 idx = X509_OBJECT_idx_by_subject(h, type, name);
475 if (idx == -1)
476 return NULL;
477 return sk_X509_OBJECT_value(h, idx);
478 }
479
480 STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v)
481 {
482 return v->objs;
483 }
484
485 STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
486 {
487 int i, idx, cnt;
488 STACK_OF(X509) *sk = NULL;
489 X509 *x;
490 X509_OBJECT *obj;
491
492 if (ctx->ctx == NULL)
493 return NULL;
494
495 CRYPTO_THREAD_write_lock(ctx->ctx->lock);
496 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
497 if (idx < 0) {
498 /*
499 * Nothing found in cache: do lookup to possibly add new objects to
500 * cache
501 */
502 X509_OBJECT *xobj = X509_OBJECT_new();
503
504 CRYPTO_THREAD_unlock(ctx->ctx->lock);
505 if (xobj == NULL)
506 return NULL;
507 if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) {
508 X509_OBJECT_free(xobj);
509 return NULL;
510 }
511 X509_OBJECT_free(xobj);
512 CRYPTO_THREAD_write_lock(ctx->ctx->lock);
513 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
514 if (idx < 0) {
515 CRYPTO_THREAD_unlock(ctx->ctx->lock);
516 return NULL;
517 }
518 }
519
520 sk = sk_X509_new_null();
521 for (i = 0; i < cnt; i++, idx++) {
522 obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
523 x = obj->data.x509;
524 X509_up_ref(x);
525 if (!sk_X509_push(sk, x)) {
526 CRYPTO_THREAD_unlock(ctx->ctx->lock);
527 X509_free(x);
528 sk_X509_pop_free(sk, X509_free);
529 return NULL;
530 }
531 }
532 CRYPTO_THREAD_unlock(ctx->ctx->lock);
533 return sk;
534 }
535
536 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
537 {
538 int i, idx, cnt;
539 STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null();
540 X509_CRL *x;
541 X509_OBJECT *obj, *xobj = X509_OBJECT_new();
542
543 /* Always do lookup to possibly add new CRLs to cache */
544 if (sk == NULL
545 || xobj == NULL
546 || ctx->ctx == NULL
547 || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) {
548 X509_OBJECT_free(xobj);
549 sk_X509_CRL_free(sk);
550 return NULL;
551 }
552 X509_OBJECT_free(xobj);
553 CRYPTO_THREAD_write_lock(ctx->ctx->lock);
554 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
555 if (idx < 0) {
556 CRYPTO_THREAD_unlock(ctx->ctx->lock);
557 sk_X509_CRL_free(sk);
558 return NULL;
559 }
560
561 for (i = 0; i < cnt; i++, idx++) {
562 obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
563 x = obj->data.crl;
564 X509_CRL_up_ref(x);
565 if (!sk_X509_CRL_push(sk, x)) {
566 CRYPTO_THREAD_unlock(ctx->ctx->lock);
567 X509_CRL_free(x);
568 sk_X509_CRL_pop_free(sk, X509_CRL_free);
569 return NULL;
570 }
571 }
572 CRYPTO_THREAD_unlock(ctx->ctx->lock);
573 return sk;
574 }
575
576 X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
577 X509_OBJECT *x)
578 {
579 int idx, i;
580 X509_OBJECT *obj;
581 idx = sk_X509_OBJECT_find(h, x);
582 if (idx == -1)
583 return NULL;
584 if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
585 return sk_X509_OBJECT_value(h, idx);
586 for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
587 obj = sk_X509_OBJECT_value(h, i);
588 if (x509_object_cmp
589 ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
590 return NULL;
591 if (x->type == X509_LU_X509) {
592 if (!X509_cmp(obj->data.x509, x->data.x509))
593 return obj;
594 } else if (x->type == X509_LU_CRL) {
595 if (!X509_CRL_match(obj->data.crl, x->data.crl))
596 return obj;
597 } else
598 return obj;
599 }
600 return NULL;
601 }
602
603 /*-
604 * Try to get issuer certificate from store. Due to limitations
605 * of the API this can only retrieve a single certificate matching
606 * a given subject name. However it will fill the cache with all
607 * matching certificates, so we can examine the cache for all
608 * matches.
609 *
610 * Return values are:
611 * 1 lookup successful.
612 * 0 certificate not found.
613 * -1 some other error.
614 */
615 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
616 {
617 X509_NAME *xn;
618 X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL;
619 int i, ok, idx, ret;
620
621 if (obj == NULL)
622 return -1;
623 *issuer = NULL;
624 xn = X509_get_issuer_name(x);
625 ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj);
626 if (ok != 1) {
627 X509_OBJECT_free(obj);
628 return 0;
629 }
630 /* If certificate matches all OK */
631 if (ctx->check_issued(ctx, x, obj->data.x509)) {
632 if (x509_check_cert_time(ctx, obj->data.x509, -1)) {
633 *issuer = obj->data.x509;
634 X509_up_ref(*issuer);
635 X509_OBJECT_free(obj);
636 return 1;
637 }
638 }
639 X509_OBJECT_free(obj);
640
641 if (ctx->ctx == NULL)
642 return 0;
643
644 /* Else find index of first cert accepted by 'check_issued' */
645 ret = 0;
646 CRYPTO_THREAD_write_lock(ctx->ctx->lock);
647 idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
648 if (idx != -1) { /* should be true as we've had at least one
649 * match */
650 /* Look through all matching certs for suitable issuer */
651 for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) {
652 pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
653 /* See if we've run past the matches */
654 if (pobj->type != X509_LU_X509)
655 break;
656 if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
657 break;
658 if (ctx->check_issued(ctx, x, pobj->data.x509)) {
659 *issuer = pobj->data.x509;
660 ret = 1;
661 /*
662 * If times check, exit with match,
663 * otherwise keep looking. Leave last
664 * match in issuer so we return nearest
665 * match if no certificate time is OK.
666 */
667
668 if (x509_check_cert_time(ctx, *issuer, -1))
669 break;
670 }
671 }
672 }
673 CRYPTO_THREAD_unlock(ctx->ctx->lock);
674 if (*issuer)
675 X509_up_ref(*issuer);
676 return ret;
677 }
678
679 int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
680 {
681 return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
682 }
683
684 int X509_STORE_set_depth(X509_STORE *ctx, int depth)
685 {
686 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
687 return 1;
688 }
689
690 int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
691 {
692 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
693 }
694
695 int X509_STORE_set_trust(X509_STORE *ctx, int trust)
696 {
697 return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
698 }
699
700 int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
701 {
702 return X509_VERIFY_PARAM_set1(ctx->param, param);
703 }
704
705 X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx)
706 {
707 return ctx->param;
708 }
709
710 void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify)
711 {
712 ctx->verify = verify;
713 }
714
715 X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx)
716 {
717 return ctx->verify;
718 }
719
720 void X509_STORE_set_verify_cb(X509_STORE *ctx,
721 X509_STORE_CTX_verify_cb verify_cb)
722 {
723 ctx->verify_cb = verify_cb;
724 }
725
726 X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx)
727 {
728 return ctx->verify_cb;
729 }
730
731 void X509_STORE_set_get_issuer(X509_STORE *ctx,
732 X509_STORE_CTX_get_issuer_fn get_issuer)
733 {
734 ctx->get_issuer = get_issuer;
735 }
736
737 X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx)
738 {
739 return ctx->get_issuer;
740 }
741
742 void X509_STORE_set_check_issued(X509_STORE *ctx,
743 X509_STORE_CTX_check_issued_fn check_issued)
744 {
745 ctx->check_issued = check_issued;
746 }
747
748 X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx)
749 {
750 return ctx->check_issued;
751 }
752
753 void X509_STORE_set_check_revocation(X509_STORE *ctx,
754 X509_STORE_CTX_check_revocation_fn check_revocation)
755 {
756 ctx->check_revocation = check_revocation;
757 }
758
759 X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx)
760 {
761 return ctx->check_revocation;
762 }
763
764 void X509_STORE_set_get_crl(X509_STORE *ctx,
765 X509_STORE_CTX_get_crl_fn get_crl)
766 {
767 ctx->get_crl = get_crl;
768 }
769
770 X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx)
771 {
772 return ctx->get_crl;
773 }
774
775 void X509_STORE_set_check_crl(X509_STORE *ctx,
776 X509_STORE_CTX_check_crl_fn check_crl)
777 {
778 ctx->check_crl = check_crl;
779 }
780
781 X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx)
782 {
783 return ctx->check_crl;
784 }
785
786 void X509_STORE_set_cert_crl(X509_STORE *ctx,
787 X509_STORE_CTX_cert_crl_fn cert_crl)
788 {
789 ctx->cert_crl = cert_crl;
790 }
791
792 X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx)
793 {
794 return ctx->cert_crl;
795 }
796
797 void X509_STORE_set_check_policy(X509_STORE *ctx,
798 X509_STORE_CTX_check_policy_fn check_policy)
799 {
800 ctx->check_policy = check_policy;
801 }
802
803 X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx)
804 {
805 return ctx->check_policy;
806 }
807
808 void X509_STORE_set_lookup_certs(X509_STORE *ctx,
809 X509_STORE_CTX_lookup_certs_fn lookup_certs)
810 {
811 ctx->lookup_certs = lookup_certs;
812 }
813
814 X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx)
815 {
816 return ctx->lookup_certs;
817 }
818
819 void X509_STORE_set_lookup_crls(X509_STORE *ctx,
820 X509_STORE_CTX_lookup_crls_fn lookup_crls)
821 {
822 ctx->lookup_crls = lookup_crls;
823 }
824
825 X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx)
826 {
827 return ctx->lookup_crls;
828 }
829
830 void X509_STORE_set_cleanup(X509_STORE *ctx,
831 X509_STORE_CTX_cleanup_fn ctx_cleanup)
832 {
833 ctx->cleanup = ctx_cleanup;
834 }
835
836 X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx)
837 {
838 return ctx->cleanup;
839 }
840
841 int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data)
842 {
843 return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
844 }
845
846 void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx)
847 {
848 return CRYPTO_get_ex_data(&ctx->ex_data, idx);
849 }
850
851 X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)
852 {
853 return ctx->ctx;
854 }
A mirror of the official openssl repository