kris
/
boringssl
1
0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
Non puoi selezionare più di 25 argomenti Gli argomenti devono iniziare con una lettera o un numero, possono includere trattini ('-') e possono essere lunghi fino a 35 caratteri.
3736 Commit
12 Rami (Branch)
38 MiB
 
 
 
 
 
 
Albero (Tree): 3a2b47ab5b
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '3a2b47ab5b'
${ noResults }
boringssl/crypto/x509/x509_lu.c

696 righe
20 KiB
Originale Blame Cronologia 

  1. /* crypto/x509/x509_lu.c */

  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  3.  * All rights reserved.

  4.  *

  5.  * This package is an SSL implementation written

  6.  * by Eric Young (eay@cryptsoft.com).

  7.  * The implementation was written so as to conform with Netscapes SSL.

  8.  *

  9.  * This library is free for commercial and non-commercial use as long as

  10.  * the following conditions are aheared to.  The following conditions

  11.  * apply to all code found in this distribution, be it the RC4, RSA,

  12.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  13.  * included with this distribution is covered by the same copyright terms

  14.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  15.  *

  16.  * Copyright remains Eric Young's, and as such any Copyright notices in

  17.  * the code are not to be removed.

  18.  * If this package is used in a product, Eric Young should be given attribution

  19.  * as the author of the parts of the library used.

  20.  * This can be in the form of a textual message at program startup or

  21.  * in documentation (online or textual) provided with the package.

  22.  *

  23.  * Redistribution and use in source and binary forms, with or without

  24.  * modification, are permitted provided that the following conditions

  25.  * are met:

  26.  * 1. Redistributions of source code must retain the copyright

  27.  *    notice, this list of conditions and the following disclaimer.

  28.  * 2. Redistributions in binary form must reproduce the above copyright

  29.  *    notice, this list of conditions and the following disclaimer in the

  30.  *    documentation and/or other materials provided with the distribution.

  31.  * 3. All advertising materials mentioning features or use of this software

  32.  *    must display the following acknowledgement:

  33.  *    "This product includes cryptographic software written by

  34.  *     Eric Young (eay@cryptsoft.com)"

  35.  *    The word 'cryptographic' can be left out if the rouines from the library

  36.  *    being used are not cryptographic related :-).

  37.  * 4. If you include any Windows specific code (or a derivative thereof) from

  38.  *    the apps directory (application code) you must include an acknowledgement:

  39.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  40.  *

  41.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  42.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  43.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  44.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  45.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  46.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  47.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  49.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  50.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  51.  * SUCH DAMAGE.

  52.  *

  53.  * The licence and distribution terms for any publically available version or

  54.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  55.  * copied and put under another distribution licence

  56.  * [including the GNU Public Licence.] */

  57. 

  58. #include <string.h>

  59. 

  60. #include <openssl/err.h>

  61. #include <openssl/lhash.h>

  62. #include <openssl/mem.h>

  63. #include <openssl/thread.h>

  64. #include <openssl/x509.h>

  65. #include <openssl/x509v3.h>

  66. 

  67. #include "../internal.h"

  68. 

  69. X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)

  70. {

  71.     X509_LOOKUP *ret;

  72. 

  73.     ret = (X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));

  74.     if (ret == NULL)

  75.         return NULL;

  76. 

  77.     ret->init = 0;

  78.     ret->skip = 0;

  79.     ret->method = method;

  80.     ret->method_data = NULL;

  81.     ret->store_ctx = NULL;

  82.     if ((method->new_item != NULL) && !method->new_item(ret)) {

  83.         OPENSSL_free(ret);

  84.         return NULL;

  85.     }

  86.     return ret;

  87. }

  88. 

  89. void X509_LOOKUP_free(X509_LOOKUP *ctx)

  90. {

  91.     if (ctx == NULL)

  92.         return;

  93.     if ((ctx->method != NULL) && (ctx->method->free != NULL))

  94.         (*ctx->method->free) (ctx);

  95.     OPENSSL_free(ctx);

  96. }

  97. 

  98. int X509_LOOKUP_init(X509_LOOKUP *ctx)

  99. {

  100.     if (ctx->method == NULL)

  101.         return 0;

  102.     if (ctx->method->init != NULL)

  103.         return ctx->method->init(ctx);

  104.     else

  105.         return 1;

  106. }

  107. 

  108. int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)

  109. {

  110.     if (ctx->method == NULL)

  111.         return 0;

  112.     if (ctx->method->shutdown != NULL)

  113.         return ctx->method->shutdown(ctx);

  114.     else

  115.         return 1;

  116. }

  117. 

  118. int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,

  119.                      char **ret)

  120. {

  121.     if (ctx->method == NULL)

  122.         return -1;

  123.     if (ctx->method->ctrl != NULL)

  124.         return ctx->method->ctrl(ctx, cmd, argc, argl, ret);

  125.     else

  126.         return 1;

  127. }

  128. 

  129. int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,

  130.                            X509_OBJECT *ret)

  131. {

  132.     if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))

  133.         return 0;

  134.     if (ctx->skip)

  135.         return 0;

  136.     return ctx->method->get_by_subject(ctx, type, name, ret) > 0;

  137. }

  138. 

  139. int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,

  140.                                  ASN1_INTEGER *serial, X509_OBJECT *ret)

  141. {

  142.     if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))

  143.         return 0;

  144.     return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret) > 0;

  145. }

  146. 

  147. int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,

  148.                                unsigned char *bytes, int len,

  149.                                X509_OBJECT *ret)

  150. {

  151.     if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))

  152.         return 0;

  153.     return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret) > 0;

  154. }

  155. 

  156. int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,

  157.                          X509_OBJECT *ret)

  158. {

  159.     if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))

  160.         return 0;

  161.     return ctx->method->get_by_alias(ctx, type, str, len, ret) > 0;

  162. }

  163. 

  164. static int x509_object_cmp(const X509_OBJECT **a, const X509_OBJECT **b)

  165. {

  166.     int ret;

  167. 

  168.     ret = ((*a)->type - (*b)->type);

  169.     if (ret)

  170.         return ret;

  171.     switch ((*a)->type) {

  172.     case X509_LU_X509:

  173.         ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);

  174.         break;

  175.     case X509_LU_CRL:

  176.         ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);

  177.         break;

  178.     default:

  179.         /* abort(); */

  180.         return 0;

  181.     }

  182.     return ret;

  183. }

  184. 

  185. X509_STORE *X509_STORE_new(void)

  186. {

  187.     X509_STORE *ret;

  188. 

  189.     if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)

  190.         return NULL;

  191.     OPENSSL_memset(ret, 0, sizeof(*ret));

  192.     CRYPTO_MUTEX_init(&ret->objs_lock);

  193.     ret->objs = sk_X509_OBJECT_new(x509_object_cmp);

  194.     if (ret->objs == NULL)

  195.         goto err;

  196.     ret->cache = 1;

  197.     ret->get_cert_methods = sk_X509_LOOKUP_new_null();

  198.     if (ret->get_cert_methods == NULL)

  199.         goto err;

  200.     ret->param = X509_VERIFY_PARAM_new();

  201.     if (ret->param == NULL)

  202.         goto err;

  203. 

  204.     ret->references = 1;

  205.     return ret;

  206.  err:

  207.     if (ret) {

  208.         CRYPTO_MUTEX_cleanup(&ret->objs_lock);

  209.         if (ret->param)

  210.             X509_VERIFY_PARAM_free(ret->param);

  211.         if (ret->get_cert_methods)

  212.             sk_X509_LOOKUP_free(ret->get_cert_methods);

  213.         if (ret->objs)

  214.             sk_X509_OBJECT_free(ret->objs);

  215.         OPENSSL_free(ret);

  216.     }

  217.     return NULL;

  218. }

  219. 

  220. int X509_STORE_up_ref(X509_STORE *store)

  221. {

  222.     CRYPTO_refcount_inc(&store->references);

  223.     return 1;

  224. }

  225. 

  226. static void cleanup(X509_OBJECT *a)

  227. {

  228.     if (a == NULL) {

  229.         return;

  230.     }

  231.     if (a->type == X509_LU_X509) {

  232.         X509_free(a->data.x509);

  233.     } else if (a->type == X509_LU_CRL) {

  234.         X509_CRL_free(a->data.crl);

  235.     } else {

  236.         /* abort(); */

  237.     }

  238. 

  239.     OPENSSL_free(a);

  240. }

  241. 

  242. void X509_STORE_free(X509_STORE *vfy)

  243. {

  244.     size_t j;

  245.     STACK_OF(X509_LOOKUP) *sk;

  246.     X509_LOOKUP *lu;

  247. 

  248.     if (vfy == NULL)

  249.         return;

  250. 

  251.     if (!CRYPTO_refcount_dec_and_test_zero(&vfy->references)) {

  252.         return;

  253.     }

  254. 

  255.     CRYPTO_MUTEX_cleanup(&vfy->objs_lock);

  256. 

  257.     sk = vfy->get_cert_methods;

  258.     for (j = 0; j < sk_X509_LOOKUP_num(sk); j++) {

  259.         lu = sk_X509_LOOKUP_value(sk, j);

  260.         X509_LOOKUP_shutdown(lu);

  261.         X509_LOOKUP_free(lu);

  262.     }

  263.     sk_X509_LOOKUP_free(sk);

  264.     sk_X509_OBJECT_pop_free(vfy->objs, cleanup);

  265. 

  266.     if (vfy->param)

  267.         X509_VERIFY_PARAM_free(vfy->param);

  268.     OPENSSL_free(vfy);

  269. }

  270. 

  271. X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)

  272. {

  273.     size_t i;

  274.     STACK_OF(X509_LOOKUP) *sk;

  275.     X509_LOOKUP *lu;

  276. 

  277.     sk = v->get_cert_methods;

  278.     for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {

  279.         lu = sk_X509_LOOKUP_value(sk, i);

  280.         if (m == lu->method) {

  281.             return lu;

  282.         }

  283.     }

  284.     /* a new one */

  285.     lu = X509_LOOKUP_new(m);

  286.     if (lu == NULL)

  287.         return NULL;

  288.     else {

  289.         lu->store_ctx = v;

  290.         if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))

  291.             return lu;

  292.         else {

  293.             X509_LOOKUP_free(lu);

  294.             return NULL;

  295.         }

  296.     }

  297. }

  298. 

  299. int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,

  300.                               X509_OBJECT *ret)

  301. {

  302.     X509_STORE *ctx = vs->ctx;

  303.     X509_LOOKUP *lu;

  304.     X509_OBJECT stmp, *tmp;

  305.     int i;

  306. 

  307.     CRYPTO_MUTEX_lock_write(&ctx->objs_lock);

  308.     tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);

  309.     CRYPTO_MUTEX_unlock_write(&ctx->objs_lock);

  310. 

  311.     if (tmp == NULL || type == X509_LU_CRL) {

  312.         for (i = 0; i < (int)sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {

  313.             lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);

  314.             if (X509_LOOKUP_by_subject(lu, type, name, &stmp)) {

  315.                 tmp = &stmp;

  316.                 break;

  317.             }

  318.         }

  319.         if (tmp == NULL)

  320.             return 0;

  321.     }

  322. 

  323.     /*

  324.      * if (ret->data.ptr != NULL) X509_OBJECT_free_contents(ret);

  325.      */

  326. 

  327.     ret->type = tmp->type;

  328.     ret->data.ptr = tmp->data.ptr;

  329. 

  330.     X509_OBJECT_up_ref_count(ret);

  331. 

  332.     return 1;

  333. }

  334. 

  335. int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)

  336. {

  337.     X509_OBJECT *obj;

  338.     int ret = 1;

  339. 

  340.     if (x == NULL)

  341.         return 0;

  342.     obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));

  343.     if (obj == NULL) {

  344.         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);

  345.         return 0;

  346.     }

  347.     obj->type = X509_LU_X509;

  348.     obj->data.x509 = x;

  349. 

  350.     CRYPTO_MUTEX_lock_write(&ctx->objs_lock);

  351. 

  352.     X509_OBJECT_up_ref_count(obj);

  353. 

  354.     if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {

  355.         X509_OBJECT_free_contents(obj);

  356.         OPENSSL_free(obj);

  357.         OPENSSL_PUT_ERROR(X509, X509_R_CERT_ALREADY_IN_HASH_TABLE);

  358.         ret = 0;

  359.     } else

  360.         sk_X509_OBJECT_push(ctx->objs, obj);

  361. 

  362.     CRYPTO_MUTEX_unlock_write(&ctx->objs_lock);

  363. 

  364.     return ret;

  365. }

  366. 

  367. int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)

  368. {

  369.     X509_OBJECT *obj;

  370.     int ret = 1;

  371. 

  372.     if (x == NULL)

  373.         return 0;

  374.     obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));

  375.     if (obj == NULL) {

  376.         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);

  377.         return 0;

  378.     }

  379.     obj->type = X509_LU_CRL;

  380.     obj->data.crl = x;

  381. 

  382.     CRYPTO_MUTEX_lock_write(&ctx->objs_lock);

  383. 

  384.     X509_OBJECT_up_ref_count(obj);

  385. 

  386.     if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {

  387.         X509_OBJECT_free_contents(obj);

  388.         OPENSSL_free(obj);

  389.         OPENSSL_PUT_ERROR(X509, X509_R_CERT_ALREADY_IN_HASH_TABLE);

  390.         ret = 0;

  391.     } else

  392.         sk_X509_OBJECT_push(ctx->objs, obj);

  393. 

  394.     CRYPTO_MUTEX_unlock_write(&ctx->objs_lock);

  395. 

  396.     return ret;

  397. }

  398. 

  399. void X509_STORE_set0_additional_untrusted(X509_STORE *ctx,

  400.                                           STACK_OF(X509) *untrusted) {

  401.   ctx->additional_untrusted = untrusted;

  402. }

  403. 

  404. int X509_OBJECT_up_ref_count(X509_OBJECT *a)

  405. {

  406.     switch (a->type) {

  407.     case X509_LU_X509:

  408.         X509_up_ref(a->data.x509);

  409.         break;

  410.     case X509_LU_CRL:

  411.         X509_CRL_up_ref(a->data.crl);

  412.         break;

  413.     }

  414.     return 1;

  415. }

  416. 

  417. void X509_OBJECT_free_contents(X509_OBJECT *a)

  418. {

  419.     switch (a->type) {

  420.     case X509_LU_X509:

  421.         X509_free(a->data.x509);

  422.         break;

  423.     case X509_LU_CRL:

  424.         X509_CRL_free(a->data.crl);

  425.         break;

  426.     }

  427. }

  428. 

  429. static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,

  430.                                X509_NAME *name, int *pnmatch)

  431. {

  432.     X509_OBJECT stmp;

  433.     X509 x509_s;

  434.     X509_CINF cinf_s;

  435.     X509_CRL crl_s;

  436.     X509_CRL_INFO crl_info_s;

  437. 

  438.     stmp.type = type;

  439.     switch (type) {

  440.     case X509_LU_X509:

  441.         stmp.data.x509 = &x509_s;

  442.         x509_s.cert_info = &cinf_s;

  443.         cinf_s.subject = name;

  444.         break;

  445.     case X509_LU_CRL:

  446.         stmp.data.crl = &crl_s;

  447.         crl_s.crl = &crl_info_s;

  448.         crl_info_s.issuer = name;

  449.         break;

  450.     default:

  451.         /* abort(); */

  452.         return -1;

  453.     }

  454. 

  455.     size_t idx;

  456.     if (!sk_X509_OBJECT_find(h, &idx, &stmp))

  457.         return -1;

  458. 

  459.     if (pnmatch != NULL) {

  460.         int tidx;

  461.         const X509_OBJECT *tobj, *pstmp;

  462.         *pnmatch = 1;

  463.         pstmp = &stmp;

  464.         for (tidx = idx + 1; tidx < (int)sk_X509_OBJECT_num(h); tidx++) {

  465.             tobj = sk_X509_OBJECT_value(h, tidx);

  466.             if (x509_object_cmp(&tobj, &pstmp))

  467.                 break;

  468.             (*pnmatch)++;

  469.         }

  470.     }

  471. 

  472.     return idx;

  473. }

  474. 

  475. int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,

  476.                                X509_NAME *name)

  477. {

  478.     return x509_object_idx_cnt(h, type, name, NULL);

  479. }

  480. 

  481. X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,

  482.                                              int type, X509_NAME *name)

  483. {

  484.     int idx;

  485.     idx = X509_OBJECT_idx_by_subject(h, type, name);

  486.     if (idx == -1)

  487.         return NULL;

  488.     return sk_X509_OBJECT_value(h, idx);

  489. }

  490. 

  491. STACK_OF (X509) * X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)

  492. {

  493.     int i, idx, cnt;

  494.     STACK_OF(X509) *sk;

  495.     X509 *x;

  496.     X509_OBJECT *obj;

  497.     sk = sk_X509_new_null();

  498.     if (sk == NULL)

  499.         return NULL;

  500.     CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);

  501.     idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);

  502.     if (idx < 0) {

  503.         /*

  504.          * Nothing found in cache: do lookup to possibly add new objects to

  505.          * cache

  506.          */

  507.         X509_OBJECT xobj;

  508.         CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);

  509.         if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) {

  510.             sk_X509_free(sk);

  511.             return NULL;

  512.         }

  513.         X509_OBJECT_free_contents(&xobj);

  514.         CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);

  515.         idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);

  516.         if (idx < 0) {

  517.             CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);

  518.             sk_X509_free(sk);

  519.             return NULL;

  520.         }

  521.     }

  522.     for (i = 0; i < cnt; i++, idx++) {

  523.         obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);

  524.         x = obj->data.x509;

  525.         if (!sk_X509_push(sk, x)) {

  526.             CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);

  527.             sk_X509_pop_free(sk, X509_free);

  528.             return NULL;

  529.         }

  530.         X509_up_ref(x);

  531.     }

  532.     CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);

  533.     return sk;

  534. 

  535. }

  536. 

  537. STACK_OF (X509_CRL) * X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)

  538. {

  539.     int i, idx, cnt;

  540.     STACK_OF(X509_CRL) *sk;

  541.     X509_CRL *x;

  542.     X509_OBJECT *obj, xobj;

  543.     sk = sk_X509_CRL_new_null();

  544.     if (sk == NULL)

  545.         return NULL;

  546. 

  547.     /* Always do lookup to possibly add new CRLs to cache. */

  548.     if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) {

  549.         sk_X509_CRL_free(sk);

  550.         return NULL;

  551.     }

  552.     X509_OBJECT_free_contents(&xobj);

  553.     CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);

  554.     idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);

  555.     if (idx < 0) {

  556.         CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);

  557.         sk_X509_CRL_free(sk);

  558.         return NULL;

  559.     }

  560. 

  561.     for (i = 0; i < cnt; i++, idx++) {

  562.         obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);

  563.         x = obj->data.crl;

  564.         X509_CRL_up_ref(x);

  565.         if (!sk_X509_CRL_push(sk, x)) {

  566.             CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);

  567.             X509_CRL_free(x);

  568.             sk_X509_CRL_pop_free(sk, X509_CRL_free);

  569.             return NULL;

  570.         }

  571.     }

  572.     CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);

  573.     return sk;

  574. }

  575. 

  576. X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,

  577.                                         X509_OBJECT *x)

  578. {

  579.     size_t idx, i;

  580.     X509_OBJECT *obj;

  581. 

  582.     if (!sk_X509_OBJECT_find(h, &idx, x)) {

  583.         return NULL;

  584.     }

  585.     if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))

  586.         return sk_X509_OBJECT_value(h, idx);

  587.     for (i = idx; i < sk_X509_OBJECT_num(h); i++) {

  588.         obj = sk_X509_OBJECT_value(h, i);

  589.         if (x509_object_cmp

  590.             ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))

  591.             return NULL;

  592.         if (x->type == X509_LU_X509) {

  593.             if (!X509_cmp(obj->data.x509, x->data.x509))

  594.                 return obj;

  595.         } else if (x->type == X509_LU_CRL) {

  596.             if (!X509_CRL_match(obj->data.crl, x->data.crl))

  597.                 return obj;

  598.         } else

  599.             return obj;

  600.     }

  601.     return NULL;

  602. }

  603. 

  604. /*

  605.  * Try to get issuer certificate from store. Due to limitations of the API

  606.  * this can only retrieve a single certificate matching a given subject name.

  607.  * However it will fill the cache with all matching certificates, so we can

  608.  * examine the cache for all matches. Return values are: 1 lookup

  609.  * successful.  0 certificate not found. -1 some other error.

  610.  */

  611. int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)

  612. {

  613.     X509_NAME *xn;

  614.     X509_OBJECT obj, *pobj;

  615.     int idx, ret;

  616.     size_t i;

  617.     xn = X509_get_issuer_name(x);

  618.     if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj))

  619.         return 0;

  620.     /* If certificate matches all OK */

  621.     if (ctx->check_issued(ctx, x, obj.data.x509)) {

  622.         *issuer = obj.data.x509;

  623.         return 1;

  624.     }

  625.     X509_OBJECT_free_contents(&obj);

  626. 

  627.     /* Else find index of first cert accepted by 'check_issued' */

  628.     ret = 0;

  629.     CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);

  630.     idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);

  631.     if (idx != -1) {            /* should be true as we've had at least one

  632.                                  * match */

  633.         /* Look through all matching certs for suitable issuer */

  634.         for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) {

  635.             pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);

  636.             /* See if we've run past the matches */

  637.             if (pobj->type != X509_LU_X509)

  638.                 break;

  639.             if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))

  640.                 break;

  641.             if (ctx->check_issued(ctx, x, pobj->data.x509)) {

  642.                 *issuer = pobj->data.x509;

  643.                 X509_OBJECT_up_ref_count(pobj);

  644.                 ret = 1;

  645.                 break;

  646.             }

  647.         }

  648.     }

  649.     CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);

  650.     return ret;

  651. }

  652. 

  653. int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)

  654. {

  655.     return X509_VERIFY_PARAM_set_flags(ctx->param, flags);

  656. }

  657. 

  658. int X509_STORE_set_depth(X509_STORE *ctx, int depth)

  659. {

  660.     X509_VERIFY_PARAM_set_depth(ctx->param, depth);

  661.     return 1;

  662. }

  663. 

  664. int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)

  665. {

  666.     return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);

  667. }

  668. 

  669. int X509_STORE_set_trust(X509_STORE *ctx, int trust)

  670. {

  671.     return X509_VERIFY_PARAM_set_trust(ctx->param, trust);

  672. }

  673. 

  674. int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)

  675. {

  676.     return X509_VERIFY_PARAM_set1(ctx->param, param);

  677. }

  678. 

  679. void X509_STORE_set_verify_cb(X509_STORE *ctx,

  680.                               int (*verify_cb) (int, X509_STORE_CTX *))

  681. {

  682.     ctx->verify_cb = verify_cb;

  683. }

  684. 

  685. void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,

  686.                                    STACK_OF (X509_CRL) *

  687.                                    (*cb) (X509_STORE_CTX *ctx, X509_NAME *nm))

  688. {

  689.     ctx->lookup_crls = cb;

  690. }

  691. 

  692. X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)

  693. {

  694.     return ctx->ctx;

  695. }