kris
/
boringssl
1
0
Fork 0
Código Incidencias 0 Pull Requests 0 Lanzamientos 0 Wiki Actividad
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
2203 Commits
12 Ramas
38 MiB
 
 
 
 
 
 
Árbol: 232127d245
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde '232127d245'
${ noResults }
boringssl/crypto/x509/x509_lu.c

701 líneas
20 KiB
Original Blame Histórico 

  1. /* crypto/x509/x509_lu.c */

  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  3.  * All rights reserved.

  4.  *

  5.  * This package is an SSL implementation written

  6.  * by Eric Young (eay@cryptsoft.com).

  7.  * The implementation was written so as to conform with Netscapes SSL.

  8.  *

  9.  * This library is free for commercial and non-commercial use as long as

  10.  * the following conditions are aheared to.  The following conditions

  11.  * apply to all code found in this distribution, be it the RC4, RSA,

  12.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  13.  * included with this distribution is covered by the same copyright terms

  14.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  15.  *

  16.  * Copyright remains Eric Young's, and as such any Copyright notices in

  17.  * the code are not to be removed.

  18.  * If this package is used in a product, Eric Young should be given attribution

  19.  * as the author of the parts of the library used.

  20.  * This can be in the form of a textual message at program startup or

  21.  * in documentation (online or textual) provided with the package.

  22.  *

  23.  * Redistribution and use in source and binary forms, with or without

  24.  * modification, are permitted provided that the following conditions

  25.  * are met:

  26.  * 1. Redistributions of source code must retain the copyright

  27.  *    notice, this list of conditions and the following disclaimer.

  28.  * 2. Redistributions in binary form must reproduce the above copyright

  29.  *    notice, this list of conditions and the following disclaimer in the

  30.  *    documentation and/or other materials provided with the distribution.

  31.  * 3. All advertising materials mentioning features or use of this software

  32.  *    must display the following acknowledgement:

  33.  *    "This product includes cryptographic software written by

  34.  *     Eric Young (eay@cryptsoft.com)"

  35.  *    The word 'cryptographic' can be left out if the rouines from the library

  36.  *    being used are not cryptographic related :-).

  37.  * 4. If you include any Windows specific code (or a derivative thereof) from

  38.  *    the apps directory (application code) you must include an acknowledgement:

  39.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  40.  *

  41.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  42.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  43.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  44.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  45.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  46.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  47.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  49.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  50.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  51.  * SUCH DAMAGE.

  52.  *

  53.  * The licence and distribution terms for any publically available version or

  54.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  55.  * copied and put under another distribution licence

  56.  * [including the GNU Public Licence.] */

  57. 

  58. #include <string.h>

  59. 

  60. #include <openssl/err.h>

  61. #include <openssl/lhash.h>

  62. #include <openssl/mem.h>

  63. #include <openssl/thread.h>

  64. #include <openssl/x509.h>

  65. #include <openssl/x509v3.h>

  66. 

  67. #include "../internal.h"

  68. 

  69. X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)

  70. {

  71.     X509_LOOKUP *ret;

  72. 

  73.     ret = (X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));

  74.     if (ret == NULL)

  75.         return NULL;

  76. 

  77.     ret->init = 0;

  78.     ret->skip = 0;

  79.     ret->method = method;

  80.     ret->method_data = NULL;

  81.     ret->store_ctx = NULL;

  82.     if ((method->new_item != NULL) && !method->new_item(ret)) {

  83.         OPENSSL_free(ret);

  84.         return NULL;

  85.     }

  86.     return ret;

  87. }

  88. 

  89. void X509_LOOKUP_free(X509_LOOKUP *ctx)

  90. {

  91.     if (ctx == NULL)

  92.         return;

  93.     if ((ctx->method != NULL) && (ctx->method->free != NULL))

  94.         (*ctx->method->free) (ctx);

  95.     OPENSSL_free(ctx);

  96. }

  97. 

  98. int X509_LOOKUP_init(X509_LOOKUP *ctx)

  99. {

  100.     if (ctx->method == NULL)

  101.         return 0;

  102.     if (ctx->method->init != NULL)

  103.         return ctx->method->init(ctx);

  104.     else

  105.         return 1;

  106. }

  107. 

  108. int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)

  109. {

  110.     if (ctx->method == NULL)

  111.         return 0;

  112.     if (ctx->method->shutdown != NULL)

  113.         return ctx->method->shutdown(ctx);

  114.     else

  115.         return 1;

  116. }

  117. 

  118. int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,

  119.                      char **ret)

  120. {

  121.     if (ctx->method == NULL)

  122.         return -1;

  123.     if (ctx->method->ctrl != NULL)

  124.         return ctx->method->ctrl(ctx, cmd, argc, argl, ret);

  125.     else

  126.         return 1;

  127. }

  128. 

  129. int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,

  130.                            X509_OBJECT *ret)

  131. {

  132.     if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))

  133.         return X509_LU_FAIL;

  134.     if (ctx->skip)

  135.         return 0;

  136.     return ctx->method->get_by_subject(ctx, type, name, ret);

  137. }

  138. 

  139. int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,

  140.                                  ASN1_INTEGER *serial, X509_OBJECT *ret)

  141. {

  142.     if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))

  143.         return X509_LU_FAIL;

  144.     return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);

  145. }

  146. 

  147. int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,

  148.                                unsigned char *bytes, int len,

  149.                                X509_OBJECT *ret)

  150. {

  151.     if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))

  152.         return X509_LU_FAIL;

  153.     return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);

  154. }

  155. 

  156. int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,

  157.                          X509_OBJECT *ret)

  158. {

  159.     if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))

  160.         return X509_LU_FAIL;

  161.     return ctx->method->get_by_alias(ctx, type, str, len, ret);

  162. }

  163. 

  164. static int x509_object_cmp(const X509_OBJECT **a, const X509_OBJECT **b)

  165. {

  166.     int ret;

  167. 

  168.     ret = ((*a)->type - (*b)->type);

  169.     if (ret)

  170.         return ret;

  171.     switch ((*a)->type) {

  172.     case X509_LU_X509:

  173.         ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);

  174.         break;

  175.     case X509_LU_CRL:

  176.         ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);

  177.         break;

  178.     default:

  179.         /* abort(); */

  180.         return 0;

  181.     }

  182.     return ret;

  183. }

  184. 

  185. X509_STORE *X509_STORE_new(void)

  186. {

  187.     X509_STORE *ret;

  188. 

  189.     if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)

  190.         return NULL;

  191.     memset(ret, 0, sizeof(*ret));

  192.     CRYPTO_MUTEX_init(&ret->objs_lock);

  193.     ret->objs = sk_X509_OBJECT_new(x509_object_cmp);

  194.     if (ret->objs == NULL)

  195.         goto err;

  196.     ret->cache = 1;

  197.     ret->get_cert_methods = sk_X509_LOOKUP_new_null();

  198.     if (ret->get_cert_methods == NULL)

  199.         goto err;

  200.     ret->param = X509_VERIFY_PARAM_new();

  201.     if (ret->param == NULL)

  202.         goto err;

  203. 

  204.     ret->references = 1;

  205.     return ret;

  206.  err:

  207.     if (ret) {

  208.         CRYPTO_MUTEX_cleanup(&ret->objs_lock);

  209.         if (ret->param)

  210.             X509_VERIFY_PARAM_free(ret->param);

  211.         if (ret->get_cert_methods)

  212.             sk_X509_LOOKUP_free(ret->get_cert_methods);

  213.         if (ret->objs)

  214.             sk_X509_OBJECT_free(ret->objs);

  215.         OPENSSL_free(ret);

  216.     }

  217.     return NULL;

  218. }

  219. 

  220. static void cleanup(X509_OBJECT *a)

  221. {

  222.     if (a == NULL) {

  223.         return;

  224.     }

  225.     if (a->type == X509_LU_X509) {

  226.         X509_free(a->data.x509);

  227.     } else if (a->type == X509_LU_CRL) {

  228.         X509_CRL_free(a->data.crl);

  229.     } else {

  230.         /* abort(); */

  231.     }

  232. 

  233.     OPENSSL_free(a);

  234. }

  235. 

  236. void X509_STORE_free(X509_STORE *vfy)

  237. {

  238.     size_t j;

  239.     STACK_OF(X509_LOOKUP) *sk;

  240.     X509_LOOKUP *lu;

  241. 

  242.     if (vfy == NULL)

  243.         return;

  244. 

  245.     if (!CRYPTO_refcount_dec_and_test_zero(&vfy->references)) {

  246.         return;

  247.     }

  248. 

  249.     CRYPTO_MUTEX_cleanup(&vfy->objs_lock);

  250. 

  251.     sk = vfy->get_cert_methods;

  252.     for (j = 0; j < sk_X509_LOOKUP_num(sk); j++) {

  253.         lu = sk_X509_LOOKUP_value(sk, j);

  254.         X509_LOOKUP_shutdown(lu);

  255.         X509_LOOKUP_free(lu);

  256.     }

  257.     sk_X509_LOOKUP_free(sk);

  258.     sk_X509_OBJECT_pop_free(vfy->objs, cleanup);

  259. 

  260.     if (vfy->param)

  261.         X509_VERIFY_PARAM_free(vfy->param);

  262.     OPENSSL_free(vfy);

  263. }

  264. 

  265. X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)

  266. {

  267.     size_t i;

  268.     STACK_OF(X509_LOOKUP) *sk;

  269.     X509_LOOKUP *lu;

  270. 

  271.     sk = v->get_cert_methods;

  272.     for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {

  273.         lu = sk_X509_LOOKUP_value(sk, i);

  274.         if (m == lu->method) {

  275.             return lu;

  276.         }

  277.     }

  278.     /* a new one */

  279.     lu = X509_LOOKUP_new(m);

  280.     if (lu == NULL)

  281.         return NULL;

  282.     else {

  283.         lu->store_ctx = v;

  284.         if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))

  285.             return lu;

  286.         else {

  287.             X509_LOOKUP_free(lu);

  288.             return NULL;

  289.         }

  290.     }

  291. }

  292. 

  293. int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,

  294.                               X509_OBJECT *ret)

  295. {

  296.     X509_STORE *ctx = vs->ctx;

  297.     X509_LOOKUP *lu;

  298.     X509_OBJECT stmp, *tmp;

  299.     int i, j;

  300. 

  301.     CRYPTO_MUTEX_lock_write(&ctx->objs_lock);

  302.     tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);

  303.     CRYPTO_MUTEX_unlock(&ctx->objs_lock);

  304. 

  305.     if (tmp == NULL || type == X509_LU_CRL) {

  306.         for (i = vs->current_method;

  307.              i < (int)sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {

  308.             lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);

  309.             j = X509_LOOKUP_by_subject(lu, type, name, &stmp);

  310.             if (j < 0) {

  311.                 vs->current_method = j;

  312.                 return j;

  313.             } else if (j) {

  314.                 tmp = &stmp;

  315.                 break;

  316.             }

  317.         }

  318.         vs->current_method = 0;

  319.         if (tmp == NULL)

  320.             return 0;

  321.     }

  322. 

  323.     /*

  324.      * if (ret->data.ptr != NULL) X509_OBJECT_free_contents(ret);

  325.      */

  326. 

  327.     ret->type = tmp->type;

  328.     ret->data.ptr = tmp->data.ptr;

  329. 

  330.     X509_OBJECT_up_ref_count(ret);

  331. 

  332.     return 1;

  333. }

  334. 

  335. int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)

  336. {

  337.     X509_OBJECT *obj;

  338.     int ret = 1;

  339. 

  340.     if (x == NULL)

  341.         return 0;

  342.     obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));

  343.     if (obj == NULL) {

  344.         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);

  345.         return 0;

  346.     }

  347.     obj->type = X509_LU_X509;

  348.     obj->data.x509 = x;

  349. 

  350.     CRYPTO_MUTEX_lock_write(&ctx->objs_lock);

  351. 

  352.     X509_OBJECT_up_ref_count(obj);

  353. 

  354.     if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {

  355.         X509_OBJECT_free_contents(obj);

  356.         OPENSSL_free(obj);

  357.         OPENSSL_PUT_ERROR(X509, X509_R_CERT_ALREADY_IN_HASH_TABLE);

  358.         ret = 0;

  359.     } else

  360.         sk_X509_OBJECT_push(ctx->objs, obj);

  361. 

  362.     CRYPTO_MUTEX_unlock(&ctx->objs_lock);

  363. 

  364.     return ret;

  365. }

  366. 

  367. int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)

  368. {

  369.     X509_OBJECT *obj;

  370.     int ret = 1;

  371. 

  372.     if (x == NULL)

  373.         return 0;

  374.     obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));

  375.     if (obj == NULL) {

  376.         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);

  377.         return 0;

  378.     }

  379.     obj->type = X509_LU_CRL;

  380.     obj->data.crl = x;

  381. 

  382.     CRYPTO_MUTEX_lock_write(&ctx->objs_lock);

  383. 

  384.     X509_OBJECT_up_ref_count(obj);

  385. 

  386.     if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {

  387.         X509_OBJECT_free_contents(obj);

  388.         OPENSSL_free(obj);

  389.         OPENSSL_PUT_ERROR(X509, X509_R_CERT_ALREADY_IN_HASH_TABLE);

  390.         ret = 0;

  391.     } else

  392.         sk_X509_OBJECT_push(ctx->objs, obj);

  393. 

  394.     CRYPTO_MUTEX_unlock(&ctx->objs_lock);

  395. 

  396.     return ret;

  397. }

  398. 

  399. void X509_OBJECT_up_ref_count(X509_OBJECT *a)

  400. {

  401.     switch (a->type) {

  402.     case X509_LU_X509:

  403.         X509_up_ref(a->data.x509);

  404.         break;

  405.     case X509_LU_CRL:

  406.         X509_CRL_up_ref(a->data.crl);

  407.         break;

  408.     }

  409. }

  410. 

  411. void X509_OBJECT_free_contents(X509_OBJECT *a)

  412. {

  413.     switch (a->type) {

  414.     case X509_LU_X509:

  415.         X509_free(a->data.x509);

  416.         break;

  417.     case X509_LU_CRL:

  418.         X509_CRL_free(a->data.crl);

  419.         break;

  420.     }

  421. }

  422. 

  423. static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,

  424.                                X509_NAME *name, int *pnmatch)

  425. {

  426.     X509_OBJECT stmp;

  427.     X509 x509_s;

  428.     X509_CINF cinf_s;

  429.     X509_CRL crl_s;

  430.     X509_CRL_INFO crl_info_s;

  431. 

  432.     stmp.type = type;

  433.     switch (type) {

  434.     case X509_LU_X509:

  435.         stmp.data.x509 = &x509_s;

  436.         x509_s.cert_info = &cinf_s;

  437.         cinf_s.subject = name;

  438.         break;

  439.     case X509_LU_CRL:

  440.         stmp.data.crl = &crl_s;

  441.         crl_s.crl = &crl_info_s;

  442.         crl_info_s.issuer = name;

  443.         break;

  444.     default:

  445.         /* abort(); */

  446.         return -1;

  447.     }

  448. 

  449.     size_t idx;

  450.     if (!sk_X509_OBJECT_find(h, &idx, &stmp))

  451.         return -1;

  452. 

  453.     if (pnmatch != NULL) {

  454.         int tidx;

  455.         const X509_OBJECT *tobj, *pstmp;

  456.         *pnmatch = 1;

  457.         pstmp = &stmp;

  458.         for (tidx = idx + 1; tidx < (int)sk_X509_OBJECT_num(h); tidx++) {

  459.             tobj = sk_X509_OBJECT_value(h, tidx);

  460.             if (x509_object_cmp(&tobj, &pstmp))

  461.                 break;

  462.             (*pnmatch)++;

  463.         }

  464.     }

  465. 

  466.     return idx;

  467. }

  468. 

  469. int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,

  470.                                X509_NAME *name)

  471. {

  472.     return x509_object_idx_cnt(h, type, name, NULL);

  473. }

  474. 

  475. X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,

  476.                                              int type, X509_NAME *name)

  477. {

  478.     int idx;

  479.     idx = X509_OBJECT_idx_by_subject(h, type, name);

  480.     if (idx == -1)

  481.         return NULL;

  482.     return sk_X509_OBJECT_value(h, idx);

  483. }

  484. 

  485. STACK_OF (X509) * X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)

  486. {

  487.     int i, idx, cnt;

  488.     STACK_OF(X509) *sk;

  489.     X509 *x;

  490.     X509_OBJECT *obj;

  491.     sk = sk_X509_new_null();

  492.     if (sk == NULL)

  493.         return NULL;

  494.     CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);

  495.     idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);

  496.     if (idx < 0) {

  497.         /*

  498.          * Nothing found in cache: do lookup to possibly add new objects to

  499.          * cache

  500.          */

  501.         X509_OBJECT xobj;

  502.         CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  503.         if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) {

  504.             sk_X509_free(sk);

  505.             return NULL;

  506.         }

  507.         X509_OBJECT_free_contents(&xobj);

  508.         CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);

  509.         idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);

  510.         if (idx < 0) {

  511.             CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  512.             sk_X509_free(sk);

  513.             return NULL;

  514.         }

  515.     }

  516.     for (i = 0; i < cnt; i++, idx++) {

  517.         obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);

  518.         x = obj->data.x509;

  519.         if (!sk_X509_push(sk, X509_up_ref(x))) {

  520.             CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  521.             X509_free(x);

  522.             sk_X509_pop_free(sk, X509_free);

  523.             return NULL;

  524.         }

  525.     }

  526.     CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  527.     return sk;

  528. 

  529. }

  530. 

  531. STACK_OF (X509_CRL) * X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)

  532. {

  533.     int i, idx, cnt;

  534.     STACK_OF(X509_CRL) *sk;

  535.     X509_CRL *x;

  536.     X509_OBJECT *obj, xobj;

  537.     sk = sk_X509_CRL_new_null();

  538.     if (sk == NULL)

  539.         return NULL;

  540. 

  541.     /* Always do lookup to possibly add new CRLs to cache. */

  542.     if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) {

  543.         sk_X509_CRL_free(sk);

  544.         return NULL;

  545.     }

  546.     X509_OBJECT_free_contents(&xobj);

  547.     CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);

  548.     idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);

  549.     if (idx < 0) {

  550.         CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  551.         sk_X509_CRL_free(sk);

  552.         return NULL;

  553.     }

  554. 

  555.     for (i = 0; i < cnt; i++, idx++) {

  556.         obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);

  557.         x = obj->data.crl;

  558.         X509_CRL_up_ref(x);

  559.         if (!sk_X509_CRL_push(sk, x)) {

  560.             CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  561.             X509_CRL_free(x);

  562.             sk_X509_CRL_pop_free(sk, X509_CRL_free);

  563.             return NULL;

  564.         }

  565.     }

  566.     CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  567.     return sk;

  568. }

  569. 

  570. X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,

  571.                                         X509_OBJECT *x)

  572. {

  573.     size_t idx, i;

  574.     X509_OBJECT *obj;

  575. 

  576.     if (!sk_X509_OBJECT_find(h, &idx, x)) {

  577.         return NULL;

  578.     }

  579.     if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))

  580.         return sk_X509_OBJECT_value(h, idx);

  581.     for (i = idx; i < sk_X509_OBJECT_num(h); i++) {

  582.         obj = sk_X509_OBJECT_value(h, i);

  583.         if (x509_object_cmp

  584.             ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))

  585.             return NULL;

  586.         if (x->type == X509_LU_X509) {

  587.             if (!X509_cmp(obj->data.x509, x->data.x509))

  588.                 return obj;

  589.         } else if (x->type == X509_LU_CRL) {

  590.             if (!X509_CRL_match(obj->data.crl, x->data.crl))

  591.                 return obj;

  592.         } else

  593.             return obj;

  594.     }

  595.     return NULL;

  596. }

  597. 

  598. /*

  599.  * Try to get issuer certificate from store. Due to limitations of the API

  600.  * this can only retrieve a single certificate matching a given subject name.

  601.  * However it will fill the cache with all matching certificates, so we can

  602.  * examine the cache for all matches. Return values are: 1 lookup

  603.  * successful.  0 certificate not found. -1 some other error.

  604.  */

  605. int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)

  606. {

  607.     X509_NAME *xn;

  608.     X509_OBJECT obj, *pobj;

  609.     int ok, idx, ret;

  610.     size_t i;

  611.     xn = X509_get_issuer_name(x);

  612.     ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);

  613.     if (ok != X509_LU_X509) {

  614.         if (ok == X509_LU_RETRY) {

  615.             X509_OBJECT_free_contents(&obj);

  616.             OPENSSL_PUT_ERROR(X509, X509_R_SHOULD_RETRY);

  617.             return -1;

  618.         } else if (ok != X509_LU_FAIL) {

  619.             X509_OBJECT_free_contents(&obj);

  620.             /* not good :-(, break anyway */

  621.             return -1;

  622.         }

  623.         return 0;

  624.     }

  625.     /* If certificate matches all OK */

  626.     if (ctx->check_issued(ctx, x, obj.data.x509)) {

  627.         *issuer = obj.data.x509;

  628.         return 1;

  629.     }

  630.     X509_OBJECT_free_contents(&obj);

  631. 

  632.     /* Else find index of first cert accepted by 'check_issued' */

  633.     ret = 0;

  634.     CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);

  635.     idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);

  636.     if (idx != -1) {            /* should be true as we've had at least one

  637.                                  * match */

  638.         /* Look through all matching certs for suitable issuer */

  639.         for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) {

  640.             pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);

  641.             /* See if we've run past the matches */

  642.             if (pobj->type != X509_LU_X509)

  643.                 break;

  644.             if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))

  645.                 break;

  646.             if (ctx->check_issued(ctx, x, pobj->data.x509)) {

  647.                 *issuer = pobj->data.x509;

  648.                 X509_OBJECT_up_ref_count(pobj);

  649.                 ret = 1;

  650.                 break;

  651.             }

  652.         }

  653.     }

  654.     CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  655.     return ret;

  656. }

  657. 

  658. int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)

  659. {

  660.     return X509_VERIFY_PARAM_set_flags(ctx->param, flags);

  661. }

  662. 

  663. int X509_STORE_set_depth(X509_STORE *ctx, int depth)

  664. {

  665.     X509_VERIFY_PARAM_set_depth(ctx->param, depth);

  666.     return 1;

  667. }

  668. 

  669. int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)

  670. {

  671.     return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);

  672. }

  673. 

  674. int X509_STORE_set_trust(X509_STORE *ctx, int trust)

  675. {

  676.     return X509_VERIFY_PARAM_set_trust(ctx->param, trust);

  677. }

  678. 

  679. int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)

  680. {

  681.     return X509_VERIFY_PARAM_set1(ctx->param, param);

  682. }

  683. 

  684. void X509_STORE_set_verify_cb(X509_STORE *ctx,

  685.                               int (*verify_cb) (int, X509_STORE_CTX *))

  686. {

  687.     ctx->verify_cb = verify_cb;

  688. }

  689. 

  690. void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,

  691.                                    STACK_OF (X509_CRL) *

  692.                                    (*cb) (X509_STORE_CTX *ctx, X509_NAME *nm))

  693. {

  694.     ctx->lookup_crls = cb;

  695. }

  696. 

  697. X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)

  698. {

  699.     return ctx->ctx;

  700. }