kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2555 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: f01fb5dc0e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f01fb5dc0e'
${ noResults }
boringssl/crypto/x509/x509_lu.c

706 lines
20 KiB
Raw Blame History 

  1. /* crypto/x509/x509_lu.c */

  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  3.  * All rights reserved.

  4.  *

  5.  * This package is an SSL implementation written

  6.  * by Eric Young (eay@cryptsoft.com).

  7.  * The implementation was written so as to conform with Netscapes SSL.

  8.  *

  9.  * This library is free for commercial and non-commercial use as long as

  10.  * the following conditions are aheared to.  The following conditions

  11.  * apply to all code found in this distribution, be it the RC4, RSA,

  12.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  13.  * included with this distribution is covered by the same copyright terms

  14.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  15.  *

  16.  * Copyright remains Eric Young's, and as such any Copyright notices in

  17.  * the code are not to be removed.

  18.  * If this package is used in a product, Eric Young should be given attribution

  19.  * as the author of the parts of the library used.

  20.  * This can be in the form of a textual message at program startup or

  21.  * in documentation (online or textual) provided with the package.

  22.  *

  23.  * Redistribution and use in source and binary forms, with or without

  24.  * modification, are permitted provided that the following conditions

  25.  * are met:

  26.  * 1. Redistributions of source code must retain the copyright

  27.  *    notice, this list of conditions and the following disclaimer.

  28.  * 2. Redistributions in binary form must reproduce the above copyright

  29.  *    notice, this list of conditions and the following disclaimer in the

  30.  *    documentation and/or other materials provided with the distribution.

  31.  * 3. All advertising materials mentioning features or use of this software

  32.  *    must display the following acknowledgement:

  33.  *    "This product includes cryptographic software written by

  34.  *     Eric Young (eay@cryptsoft.com)"

  35.  *    The word 'cryptographic' can be left out if the rouines from the library

  36.  *    being used are not cryptographic related :-).

  37.  * 4. If you include any Windows specific code (or a derivative thereof) from

  38.  *    the apps directory (application code) you must include an acknowledgement:

  39.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  40.  *

  41.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  42.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  43.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  44.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  45.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  46.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  47.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  49.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  50.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  51.  * SUCH DAMAGE.

  52.  *

  53.  * The licence and distribution terms for any publically available version or

  54.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  55.  * copied and put under another distribution licence

  56.  * [including the GNU Public Licence.] */

  57. 

  58. #include <string.h>

  59. 

  60. #include <openssl/err.h>

  61. #include <openssl/lhash.h>

  62. #include <openssl/mem.h>

  63. #include <openssl/thread.h>

  64. #include <openssl/x509.h>

  65. #include <openssl/x509v3.h>

  66. 

  67. #include "../internal.h"

  68. 

  69. X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)

  70. {

  71.     X509_LOOKUP *ret;

  72. 

  73.     ret = (X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));

  74.     if (ret == NULL)

  75.         return NULL;

  76. 

  77.     ret->init = 0;

  78.     ret->skip = 0;

  79.     ret->method = method;

  80.     ret->method_data = NULL;

  81.     ret->store_ctx = NULL;

  82.     if ((method->new_item != NULL) && !method->new_item(ret)) {

  83.         OPENSSL_free(ret);

  84.         return NULL;

  85.     }

  86.     return ret;

  87. }

  88. 

  89. void X509_LOOKUP_free(X509_LOOKUP *ctx)

  90. {

  91.     if (ctx == NULL)

  92.         return;

  93.     if ((ctx->method != NULL) && (ctx->method->free != NULL))

  94.         (*ctx->method->free) (ctx);

  95.     OPENSSL_free(ctx);

  96. }

  97. 

  98. int X509_LOOKUP_init(X509_LOOKUP *ctx)

  99. {

  100.     if (ctx->method == NULL)

  101.         return 0;

  102.     if (ctx->method->init != NULL)

  103.         return ctx->method->init(ctx);

  104.     else

  105.         return 1;

  106. }

  107. 

  108. int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)

  109. {

  110.     if (ctx->method == NULL)

  111.         return 0;

  112.     if (ctx->method->shutdown != NULL)

  113.         return ctx->method->shutdown(ctx);

  114.     else

  115.         return 1;

  116. }

  117. 

  118. int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,

  119.                      char **ret)

  120. {

  121.     if (ctx->method == NULL)

  122.         return -1;

  123.     if (ctx->method->ctrl != NULL)

  124.         return ctx->method->ctrl(ctx, cmd, argc, argl, ret);

  125.     else

  126.         return 1;

  127. }

  128. 

  129. int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,

  130.                            X509_OBJECT *ret)

  131. {

  132.     if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))

  133.         return X509_LU_FAIL;

  134.     if (ctx->skip)

  135.         return 0;

  136.     return ctx->method->get_by_subject(ctx, type, name, ret);

  137. }

  138. 

  139. int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,

  140.                                  ASN1_INTEGER *serial, X509_OBJECT *ret)

  141. {

  142.     if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))

  143.         return X509_LU_FAIL;

  144.     return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);

  145. }

  146. 

  147. int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,

  148.                                unsigned char *bytes, int len,

  149.                                X509_OBJECT *ret)

  150. {

  151.     if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))

  152.         return X509_LU_FAIL;

  153.     return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);

  154. }

  155. 

  156. int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,

  157.                          X509_OBJECT *ret)

  158. {

  159.     if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))

  160.         return X509_LU_FAIL;

  161.     return ctx->method->get_by_alias(ctx, type, str, len, ret);

  162. }

  163. 

  164. static int x509_object_cmp(const X509_OBJECT **a, const X509_OBJECT **b)

  165. {

  166.     int ret;

  167. 

  168.     ret = ((*a)->type - (*b)->type);

  169.     if (ret)

  170.         return ret;

  171.     switch ((*a)->type) {

  172.     case X509_LU_X509:

  173.         ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);

  174.         break;

  175.     case X509_LU_CRL:

  176.         ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);

  177.         break;

  178.     default:

  179.         /* abort(); */

  180.         return 0;

  181.     }

  182.     return ret;

  183. }

  184. 

  185. X509_STORE *X509_STORE_new(void)

  186. {

  187.     X509_STORE *ret;

  188. 

  189.     if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)

  190.         return NULL;

  191.     memset(ret, 0, sizeof(*ret));

  192.     CRYPTO_MUTEX_init(&ret->objs_lock);

  193.     ret->objs = sk_X509_OBJECT_new(x509_object_cmp);

  194.     if (ret->objs == NULL)

  195.         goto err;

  196.     ret->cache = 1;

  197.     ret->get_cert_methods = sk_X509_LOOKUP_new_null();

  198.     if (ret->get_cert_methods == NULL)

  199.         goto err;

  200.     ret->param = X509_VERIFY_PARAM_new();

  201.     if (ret->param == NULL)

  202.         goto err;

  203. 

  204.     ret->references = 1;

  205.     return ret;

  206.  err:

  207.     if (ret) {

  208.         CRYPTO_MUTEX_cleanup(&ret->objs_lock);

  209.         if (ret->param)

  210.             X509_VERIFY_PARAM_free(ret->param);

  211.         if (ret->get_cert_methods)

  212.             sk_X509_LOOKUP_free(ret->get_cert_methods);

  213.         if (ret->objs)

  214.             sk_X509_OBJECT_free(ret->objs);

  215.         OPENSSL_free(ret);

  216.     }

  217.     return NULL;

  218. }

  219. 

  220. void X509_STORE_up_ref(X509_STORE *store)

  221. {

  222.     CRYPTO_refcount_inc(&store->references);

  223. }

  224. 

  225. static void cleanup(X509_OBJECT *a)

  226. {

  227.     if (a == NULL) {

  228.         return;

  229.     }

  230.     if (a->type == X509_LU_X509) {

  231.         X509_free(a->data.x509);

  232.     } else if (a->type == X509_LU_CRL) {

  233.         X509_CRL_free(a->data.crl);

  234.     } else {

  235.         /* abort(); */

  236.     }

  237. 

  238.     OPENSSL_free(a);

  239. }

  240. 

  241. void X509_STORE_free(X509_STORE *vfy)

  242. {

  243.     size_t j;

  244.     STACK_OF(X509_LOOKUP) *sk;

  245.     X509_LOOKUP *lu;

  246. 

  247.     if (vfy == NULL)

  248.         return;

  249. 

  250.     if (!CRYPTO_refcount_dec_and_test_zero(&vfy->references)) {

  251.         return;

  252.     }

  253. 

  254.     CRYPTO_MUTEX_cleanup(&vfy->objs_lock);

  255. 

  256.     sk = vfy->get_cert_methods;

  257.     for (j = 0; j < sk_X509_LOOKUP_num(sk); j++) {

  258.         lu = sk_X509_LOOKUP_value(sk, j);

  259.         X509_LOOKUP_shutdown(lu);

  260.         X509_LOOKUP_free(lu);

  261.     }

  262.     sk_X509_LOOKUP_free(sk);

  263.     sk_X509_OBJECT_pop_free(vfy->objs, cleanup);

  264. 

  265.     if (vfy->param)

  266.         X509_VERIFY_PARAM_free(vfy->param);

  267.     OPENSSL_free(vfy);

  268. }

  269. 

  270. X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)

  271. {

  272.     size_t i;

  273.     STACK_OF(X509_LOOKUP) *sk;

  274.     X509_LOOKUP *lu;

  275. 

  276.     sk = v->get_cert_methods;

  277.     for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {

  278.         lu = sk_X509_LOOKUP_value(sk, i);

  279.         if (m == lu->method) {

  280.             return lu;

  281.         }

  282.     }

  283.     /* a new one */

  284.     lu = X509_LOOKUP_new(m);

  285.     if (lu == NULL)

  286.         return NULL;

  287.     else {

  288.         lu->store_ctx = v;

  289.         if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))

  290.             return lu;

  291.         else {

  292.             X509_LOOKUP_free(lu);

  293.             return NULL;

  294.         }

  295.     }

  296. }

  297. 

  298. int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,

  299.                               X509_OBJECT *ret)

  300. {

  301.     X509_STORE *ctx = vs->ctx;

  302.     X509_LOOKUP *lu;

  303.     X509_OBJECT stmp, *tmp;

  304.     int i, j;

  305. 

  306.     CRYPTO_MUTEX_lock_write(&ctx->objs_lock);

  307.     tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);

  308.     CRYPTO_MUTEX_unlock(&ctx->objs_lock);

  309. 

  310.     if (tmp == NULL || type == X509_LU_CRL) {

  311.         for (i = vs->current_method;

  312.              i < (int)sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {

  313.             lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);

  314.             j = X509_LOOKUP_by_subject(lu, type, name, &stmp);

  315.             if (j < 0) {

  316.                 vs->current_method = j;

  317.                 return j;

  318.             } else if (j) {

  319.                 tmp = &stmp;

  320.                 break;

  321.             }

  322.         }

  323.         vs->current_method = 0;

  324.         if (tmp == NULL)

  325.             return 0;

  326.     }

  327. 

  328.     /*

  329.      * if (ret->data.ptr != NULL) X509_OBJECT_free_contents(ret);

  330.      */

  331. 

  332.     ret->type = tmp->type;

  333.     ret->data.ptr = tmp->data.ptr;

  334. 

  335.     X509_OBJECT_up_ref_count(ret);

  336. 

  337.     return 1;

  338. }

  339. 

  340. int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)

  341. {

  342.     X509_OBJECT *obj;

  343.     int ret = 1;

  344. 

  345.     if (x == NULL)

  346.         return 0;

  347.     obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));

  348.     if (obj == NULL) {

  349.         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);

  350.         return 0;

  351.     }

  352.     obj->type = X509_LU_X509;

  353.     obj->data.x509 = x;

  354. 

  355.     CRYPTO_MUTEX_lock_write(&ctx->objs_lock);

  356. 

  357.     X509_OBJECT_up_ref_count(obj);

  358. 

  359.     if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {

  360.         X509_OBJECT_free_contents(obj);

  361.         OPENSSL_free(obj);

  362.         OPENSSL_PUT_ERROR(X509, X509_R_CERT_ALREADY_IN_HASH_TABLE);

  363.         ret = 0;

  364.     } else

  365.         sk_X509_OBJECT_push(ctx->objs, obj);

  366. 

  367.     CRYPTO_MUTEX_unlock(&ctx->objs_lock);

  368. 

  369.     return ret;

  370. }

  371. 

  372. int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)

  373. {

  374.     X509_OBJECT *obj;

  375.     int ret = 1;

  376. 

  377.     if (x == NULL)

  378.         return 0;

  379.     obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));

  380.     if (obj == NULL) {

  381.         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);

  382.         return 0;

  383.     }

  384.     obj->type = X509_LU_CRL;

  385.     obj->data.crl = x;

  386. 

  387.     CRYPTO_MUTEX_lock_write(&ctx->objs_lock);

  388. 

  389.     X509_OBJECT_up_ref_count(obj);

  390. 

  391.     if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {

  392.         X509_OBJECT_free_contents(obj);

  393.         OPENSSL_free(obj);

  394.         OPENSSL_PUT_ERROR(X509, X509_R_CERT_ALREADY_IN_HASH_TABLE);

  395.         ret = 0;

  396.     } else

  397.         sk_X509_OBJECT_push(ctx->objs, obj);

  398. 

  399.     CRYPTO_MUTEX_unlock(&ctx->objs_lock);

  400. 

  401.     return ret;

  402. }

  403. 

  404. void X509_OBJECT_up_ref_count(X509_OBJECT *a)

  405. {

  406.     switch (a->type) {

  407.     case X509_LU_X509:

  408.         X509_up_ref(a->data.x509);

  409.         break;

  410.     case X509_LU_CRL:

  411.         X509_CRL_up_ref(a->data.crl);

  412.         break;

  413.     }

  414. }

  415. 

  416. void X509_OBJECT_free_contents(X509_OBJECT *a)

  417. {

  418.     switch (a->type) {

  419.     case X509_LU_X509:

  420.         X509_free(a->data.x509);

  421.         break;

  422.     case X509_LU_CRL:

  423.         X509_CRL_free(a->data.crl);

  424.         break;

  425.     }

  426. }

  427. 

  428. static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,

  429.                                X509_NAME *name, int *pnmatch)

  430. {

  431.     X509_OBJECT stmp;

  432.     X509 x509_s;

  433.     X509_CINF cinf_s;

  434.     X509_CRL crl_s;

  435.     X509_CRL_INFO crl_info_s;

  436. 

  437.     stmp.type = type;

  438.     switch (type) {

  439.     case X509_LU_X509:

  440.         stmp.data.x509 = &x509_s;

  441.         x509_s.cert_info = &cinf_s;

  442.         cinf_s.subject = name;

  443.         break;

  444.     case X509_LU_CRL:

  445.         stmp.data.crl = &crl_s;

  446.         crl_s.crl = &crl_info_s;

  447.         crl_info_s.issuer = name;

  448.         break;

  449.     default:

  450.         /* abort(); */

  451.         return -1;

  452.     }

  453. 

  454.     size_t idx;

  455.     if (!sk_X509_OBJECT_find(h, &idx, &stmp))

  456.         return -1;

  457. 

  458.     if (pnmatch != NULL) {

  459.         int tidx;

  460.         const X509_OBJECT *tobj, *pstmp;

  461.         *pnmatch = 1;

  462.         pstmp = &stmp;

  463.         for (tidx = idx + 1; tidx < (int)sk_X509_OBJECT_num(h); tidx++) {

  464.             tobj = sk_X509_OBJECT_value(h, tidx);

  465.             if (x509_object_cmp(&tobj, &pstmp))

  466.                 break;

  467.             (*pnmatch)++;

  468.         }

  469.     }

  470. 

  471.     return idx;

  472. }

  473. 

  474. int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,

  475.                                X509_NAME *name)

  476. {

  477.     return x509_object_idx_cnt(h, type, name, NULL);

  478. }

  479. 

  480. X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,

  481.                                              int type, X509_NAME *name)

  482. {

  483.     int idx;

  484.     idx = X509_OBJECT_idx_by_subject(h, type, name);

  485.     if (idx == -1)

  486.         return NULL;

  487.     return sk_X509_OBJECT_value(h, idx);

  488. }

  489. 

  490. STACK_OF (X509) * X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)

  491. {

  492.     int i, idx, cnt;

  493.     STACK_OF(X509) *sk;

  494.     X509 *x;

  495.     X509_OBJECT *obj;

  496.     sk = sk_X509_new_null();

  497.     if (sk == NULL)

  498.         return NULL;

  499.     CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);

  500.     idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);

  501.     if (idx < 0) {

  502.         /*

  503.          * Nothing found in cache: do lookup to possibly add new objects to

  504.          * cache

  505.          */

  506.         X509_OBJECT xobj;

  507.         CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  508.         if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) {

  509.             sk_X509_free(sk);

  510.             return NULL;

  511.         }

  512.         X509_OBJECT_free_contents(&xobj);

  513.         CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);

  514.         idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);

  515.         if (idx < 0) {

  516.             CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  517.             sk_X509_free(sk);

  518.             return NULL;

  519.         }

  520.     }

  521.     for (i = 0; i < cnt; i++, idx++) {

  522.         obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);

  523.         x = obj->data.x509;

  524.         if (!sk_X509_push(sk, X509_up_ref(x))) {

  525.             CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  526.             X509_free(x);

  527.             sk_X509_pop_free(sk, X509_free);

  528.             return NULL;

  529.         }

  530.     }

  531.     CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  532.     return sk;

  533. 

  534. }

  535. 

  536. STACK_OF (X509_CRL) * X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)

  537. {

  538.     int i, idx, cnt;

  539.     STACK_OF(X509_CRL) *sk;

  540.     X509_CRL *x;

  541.     X509_OBJECT *obj, xobj;

  542.     sk = sk_X509_CRL_new_null();

  543.     if (sk == NULL)

  544.         return NULL;

  545. 

  546.     /* Always do lookup to possibly add new CRLs to cache. */

  547.     if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) {

  548.         sk_X509_CRL_free(sk);

  549.         return NULL;

  550.     }

  551.     X509_OBJECT_free_contents(&xobj);

  552.     CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);

  553.     idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);

  554.     if (idx < 0) {

  555.         CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  556.         sk_X509_CRL_free(sk);

  557.         return NULL;

  558.     }

  559. 

  560.     for (i = 0; i < cnt; i++, idx++) {

  561.         obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);

  562.         x = obj->data.crl;

  563.         X509_CRL_up_ref(x);

  564.         if (!sk_X509_CRL_push(sk, x)) {

  565.             CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  566.             X509_CRL_free(x);

  567.             sk_X509_CRL_pop_free(sk, X509_CRL_free);

  568.             return NULL;

  569.         }

  570.     }

  571.     CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  572.     return sk;

  573. }

  574. 

  575. X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,

  576.                                         X509_OBJECT *x)

  577. {

  578.     size_t idx, i;

  579.     X509_OBJECT *obj;

  580. 

  581.     if (!sk_X509_OBJECT_find(h, &idx, x)) {

  582.         return NULL;

  583.     }

  584.     if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))

  585.         return sk_X509_OBJECT_value(h, idx);

  586.     for (i = idx; i < sk_X509_OBJECT_num(h); i++) {

  587.         obj = sk_X509_OBJECT_value(h, i);

  588.         if (x509_object_cmp

  589.             ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))

  590.             return NULL;

  591.         if (x->type == X509_LU_X509) {

  592.             if (!X509_cmp(obj->data.x509, x->data.x509))

  593.                 return obj;

  594.         } else if (x->type == X509_LU_CRL) {

  595.             if (!X509_CRL_match(obj->data.crl, x->data.crl))

  596.                 return obj;

  597.         } else

  598.             return obj;

  599.     }

  600.     return NULL;

  601. }

  602. 

  603. /*

  604.  * Try to get issuer certificate from store. Due to limitations of the API

  605.  * this can only retrieve a single certificate matching a given subject name.

  606.  * However it will fill the cache with all matching certificates, so we can

  607.  * examine the cache for all matches. Return values are: 1 lookup

  608.  * successful.  0 certificate not found. -1 some other error.

  609.  */

  610. int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)

  611. {

  612.     X509_NAME *xn;

  613.     X509_OBJECT obj, *pobj;

  614.     int ok, idx, ret;

  615.     size_t i;

  616.     xn = X509_get_issuer_name(x);

  617.     ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);

  618.     if (ok != X509_LU_X509) {

  619.         if (ok == X509_LU_RETRY) {

  620.             X509_OBJECT_free_contents(&obj);

  621.             OPENSSL_PUT_ERROR(X509, X509_R_SHOULD_RETRY);

  622.             return -1;

  623.         } else if (ok != X509_LU_FAIL) {

  624.             X509_OBJECT_free_contents(&obj);

  625.             /* not good :-(, break anyway */

  626.             return -1;

  627.         }

  628.         return 0;

  629.     }

  630.     /* If certificate matches all OK */

  631.     if (ctx->check_issued(ctx, x, obj.data.x509)) {

  632.         *issuer = obj.data.x509;

  633.         return 1;

  634.     }

  635.     X509_OBJECT_free_contents(&obj);

  636. 

  637.     /* Else find index of first cert accepted by 'check_issued' */

  638.     ret = 0;

  639.     CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);

  640.     idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);

  641.     if (idx != -1) {            /* should be true as we've had at least one

  642.                                  * match */

  643.         /* Look through all matching certs for suitable issuer */

  644.         for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) {

  645.             pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);

  646.             /* See if we've run past the matches */

  647.             if (pobj->type != X509_LU_X509)

  648.                 break;

  649.             if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))

  650.                 break;

  651.             if (ctx->check_issued(ctx, x, pobj->data.x509)) {

  652.                 *issuer = pobj->data.x509;

  653.                 X509_OBJECT_up_ref_count(pobj);

  654.                 ret = 1;

  655.                 break;

  656.             }

  657.         }

  658.     }

  659.     CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);

  660.     return ret;

  661. }

  662. 

  663. int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)

  664. {

  665.     return X509_VERIFY_PARAM_set_flags(ctx->param, flags);

  666. }

  667. 

  668. int X509_STORE_set_depth(X509_STORE *ctx, int depth)

  669. {

  670.     X509_VERIFY_PARAM_set_depth(ctx->param, depth);

  671.     return 1;

  672. }

  673. 

  674. int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)

  675. {

  676.     return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);

  677. }

  678. 

  679. int X509_STORE_set_trust(X509_STORE *ctx, int trust)

  680. {

  681.     return X509_VERIFY_PARAM_set_trust(ctx->param, trust);

  682. }

  683. 

  684. int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)

  685. {

  686.     return X509_VERIFY_PARAM_set1(ctx->param, param);

  687. }

  688. 

  689. void X509_STORE_set_verify_cb(X509_STORE *ctx,

  690.                               int (*verify_cb) (int, X509_STORE_CTX *))

  691. {

  692.     ctx->verify_cb = verify_cb;

  693. }

  694. 

  695. void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,

  696.                                    STACK_OF (X509_CRL) *

  697.                                    (*cb) (X509_STORE_CTX *ctx, X509_NAME *nm))

  698. {

  699.     ctx->lookup_crls = cb;

  700. }

  701. 

  702. X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)

  703. {

  704.     return ctx->ctx;

  705. }