summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_lu.c
diff options
context:
space:
mode:
authortedu <>2014-04-18 01:59:00 +0000
committertedu <>2014-04-18 01:59:00 +0000
commit513bec93d6747369737d3a618ef58a44410059f6 (patch)
tree88ee4831e2437f9075e786ffb662bb05fe0e3df6 /src/lib/libcrypto/x509/x509_lu.c
parent1fca82b89342502ff32bda59bd067e303ff9d5ab (diff)
downloadopenbsd-513bec93d6747369737d3a618ef58a44410059f6.tar.gz
openbsd-513bec93d6747369737d3a618ef58a44410059f6.tar.bz2
openbsd-513bec93d6747369737d3a618ef58a44410059f6.zip
blunt force knf
Diffstat (limited to 'src/lib/libcrypto/x509/x509_lu.c')
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c317
1 files changed, 134 insertions, 183 deletions
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index 38b034bfee..a89cd70313 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -63,7 +63,7 @@
63#include <openssl/x509v3.h> 63#include <openssl/x509v3.h>
64 64
65X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) 65X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
66 { 66{
67 X509_LOOKUP *ret; 67 X509_LOOKUP *ret;
68 68
69 ret=(X509_LOOKUP *)malloc(sizeof(X509_LOOKUP)); 69 ret=(X509_LOOKUP *)malloc(sizeof(X509_LOOKUP));
@@ -74,50 +74,49 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
74 ret->method=method; 74 ret->method=method;
75 ret->method_data=NULL; 75 ret->method_data=NULL;
76 ret->store_ctx=NULL; 76 ret->store_ctx=NULL;
77 if ((method->new_item != NULL) && !method->new_item(ret)) 77 if ((method->new_item != NULL) && !method->new_item(ret)) {
78 {
79 free(ret); 78 free(ret);
80 return NULL; 79 return NULL;
81 }
82 return ret;
83 } 80 }
81 return ret;
82}
84 83
85void X509_LOOKUP_free(X509_LOOKUP *ctx) 84void X509_LOOKUP_free(X509_LOOKUP *ctx)
86 { 85{
87 if (ctx == NULL) return; 86 if (ctx == NULL) return;
88 if ( (ctx->method != NULL) && 87 if ( (ctx->method != NULL) &&
89 (ctx->method->free != NULL)) 88 (ctx->method->free != NULL))
90 (*ctx->method->free)(ctx); 89 (*ctx->method->free)(ctx);
91 free(ctx); 90 free(ctx);
92 } 91}
93 92
94int X509_LOOKUP_init(X509_LOOKUP *ctx) 93int X509_LOOKUP_init(X509_LOOKUP *ctx)
95 { 94{
96 if (ctx->method == NULL) return 0; 95 if (ctx->method == NULL) return 0;
97 if (ctx->method->init != NULL) 96 if (ctx->method->init != NULL)
98 return ctx->method->init(ctx); 97 return ctx->method->init(ctx);
99 else 98 else
100 return 1; 99 return 1;
101 } 100}
102 101
103int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) 102int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
104 { 103{
105 if (ctx->method == NULL) return 0; 104 if (ctx->method == NULL) return 0;
106 if (ctx->method->shutdown != NULL) 105 if (ctx->method->shutdown != NULL)
107 return ctx->method->shutdown(ctx); 106 return ctx->method->shutdown(ctx);
108 else 107 else
109 return 1; 108 return 1;
110 } 109}
111 110
112int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, 111int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
113 char **ret) 112 char **ret)
114 { 113{
115 if (ctx->method == NULL) return -1; 114 if (ctx->method == NULL) return -1;
116 if (ctx->method->ctrl != NULL) 115 if (ctx->method->ctrl != NULL)
117 return ctx->method->ctrl(ctx,cmd,argc,argl,ret); 116 return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
118 else 117 else
119 return 1; 118 return 1;
120 } 119}
121 120
122int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, 121int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
123 X509_OBJECT *ret) 122 X509_OBJECT *ret)
@@ -126,42 +125,41 @@ int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
126 return X509_LU_FAIL; 125 return X509_LU_FAIL;
127 if (ctx->skip) return 0; 126 if (ctx->skip) return 0;
128 return ctx->method->get_by_subject(ctx,type,name,ret); 127 return ctx->method->get_by_subject(ctx,type,name,ret);
129 } 128}
130 129
131int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, 130int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
132 ASN1_INTEGER *serial, X509_OBJECT *ret) 131 ASN1_INTEGER *serial, X509_OBJECT *ret)
133 { 132{
134 if ((ctx->method == NULL) || 133 if ((ctx->method == NULL) ||
135 (ctx->method->get_by_issuer_serial == NULL)) 134 (ctx->method->get_by_issuer_serial == NULL))
136 return X509_LU_FAIL; 135 return X509_LU_FAIL;
137 return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret); 136 return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
138 } 137}
139 138
140int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, 139int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
141 unsigned char *bytes, int len, X509_OBJECT *ret) 140 unsigned char *bytes, int len, X509_OBJECT *ret)
142 { 141{
143 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) 142 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
144 return X509_LU_FAIL; 143 return X509_LU_FAIL;
145 return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret); 144 return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
146 } 145}
147 146
148int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, 147int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
149 X509_OBJECT *ret) 148 X509_OBJECT *ret)
150 { 149{
151 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) 150 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
152 return X509_LU_FAIL; 151 return X509_LU_FAIL;
153 return ctx->method->get_by_alias(ctx,type,str,len,ret); 152 return ctx->method->get_by_alias(ctx,type,str,len,ret);
154 } 153}
155 154
156 155
157static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) 156static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
158 { 157 {
159 int ret; 158 int ret;
160 159
161 ret=((*a)->type - (*b)->type); 160 ret=((*a)->type - (*b)->type);
162 if (ret) return ret; 161 if (ret) return ret;
163 switch ((*a)->type) 162 switch ((*a)->type) {
164 {
165 case X509_LU_X509: 163 case X509_LU_X509:
166 ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); 164 ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
167 break; 165 break;
@@ -171,12 +169,12 @@ static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * con
171 default: 169 default:
172 /* abort(); */ 170 /* abort(); */
173 return 0; 171 return 0;
174 }
175 return ret;
176 } 172 }
173 return ret;
174}
177 175
178X509_STORE *X509_STORE_new(void) 176X509_STORE *X509_STORE_new(void)
179 { 177{
180 X509_STORE *ret; 178 X509_STORE *ret;
181 179
182 if ((ret=(X509_STORE *)malloc(sizeof(X509_STORE))) == NULL) 180 if ((ret=(X509_STORE *)malloc(sizeof(X509_STORE))) == NULL)
@@ -191,7 +189,7 @@ X509_STORE *X509_STORE_new(void)
191 sk_X509_OBJECT_free(ret->objs); 189 sk_X509_OBJECT_free(ret->objs);
192 free(ret); 190 free(ret);
193 return NULL; 191 return NULL;
194 } 192}
195 193
196 ret->get_issuer = 0; 194 ret->get_issuer = 0;
197 ret->check_issued = 0; 195 ret->check_issued = 0;
@@ -203,37 +201,31 @@ X509_STORE *X509_STORE_new(void)
203 ret->lookup_crls = 0; 201 ret->lookup_crls = 0;
204 ret->cleanup = 0; 202 ret->cleanup = 0;
205 203
206 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) 204 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) {
207 {
208 sk_X509_OBJECT_free(ret->objs); 205 sk_X509_OBJECT_free(ret->objs);
209 free(ret); 206 free(ret);
210 return NULL; 207 return NULL;
211 } 208 }
212 209
213 ret->references=1; 210 ret->references=1;
214 return ret; 211 return ret;
215 } 212}
216 213
217static void cleanup(X509_OBJECT *a) 214static void cleanup(X509_OBJECT *a)
218 { 215{
219 if (a->type == X509_LU_X509) 216 if (a->type == X509_LU_X509) {
220 {
221 X509_free(a->data.x509); 217 X509_free(a->data.x509);
222 } 218 } else if (a->type == X509_LU_CRL) {
223 else if (a->type == X509_LU_CRL)
224 {
225 X509_CRL_free(a->data.crl); 219 X509_CRL_free(a->data.crl);
226 } 220 } else {
227 else
228 {
229 /* abort(); */ 221 /* abort(); */
230 } 222 }
231 223
232 free(a); 224 free(a);
233 } 225}
234 226
235void X509_STORE_free(X509_STORE *vfy) 227void X509_STORE_free(X509_STORE *vfy)
236 { 228{
237 int i; 229 int i;
238 STACK_OF(X509_LOOKUP) *sk; 230 STACK_OF(X509_LOOKUP) *sk;
239 X509_LOOKUP *lu; 231 X509_LOOKUP *lu;
@@ -242,12 +234,11 @@ void X509_STORE_free(X509_STORE *vfy)
242 return; 234 return;
243 235
244 sk=vfy->get_cert_methods; 236 sk=vfy->get_cert_methods;
245 for (i=0; i<sk_X509_LOOKUP_num(sk); i++) 237 for (i=0; i<sk_X509_LOOKUP_num(sk); i++) {
246 {
247 lu=sk_X509_LOOKUP_value(sk,i); 238 lu=sk_X509_LOOKUP_value(sk,i);
248 X509_LOOKUP_shutdown(lu); 239 X509_LOOKUP_shutdown(lu);
249 X509_LOOKUP_free(lu); 240 X509_LOOKUP_free(lu);
250 } 241 }
251 sk_X509_LOOKUP_free(sk); 242 sk_X509_LOOKUP_free(sk);
252 sk_X509_OBJECT_pop_free(vfy->objs, cleanup); 243 sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
253 244
@@ -255,43 +246,39 @@ void X509_STORE_free(X509_STORE *vfy)
255 if (vfy->param) 246 if (vfy->param)
256 X509_VERIFY_PARAM_free(vfy->param); 247 X509_VERIFY_PARAM_free(vfy->param);
257 free(vfy); 248 free(vfy);
258 } 249}
259 250
260X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) 251X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
261 { 252{
262 int i; 253 int i;
263 STACK_OF(X509_LOOKUP) *sk; 254 STACK_OF(X509_LOOKUP) *sk;
264 X509_LOOKUP *lu; 255 X509_LOOKUP *lu;
265 256
266 sk=v->get_cert_methods; 257 sk=v->get_cert_methods;
267 for (i=0; i<sk_X509_LOOKUP_num(sk); i++) 258 for (i=0; i<sk_X509_LOOKUP_num(sk); i++) {
268 {
269 lu=sk_X509_LOOKUP_value(sk,i); 259 lu=sk_X509_LOOKUP_value(sk,i);
270 if (m == lu->method) 260 if (m == lu->method) {
271 {
272 return lu; 261 return lu;
273 }
274 } 262 }
263 }
275 /* a new one */ 264 /* a new one */
276 lu=X509_LOOKUP_new(m); 265 lu=X509_LOOKUP_new(m);
277 if (lu == NULL) 266 if (lu == NULL)
278 return NULL; 267 return NULL;
279 else 268 else {
280 {
281 lu->store_ctx=v; 269 lu->store_ctx=v;
282 if (sk_X509_LOOKUP_push(v->get_cert_methods,lu)) 270 if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
283 return lu; 271 return lu;
284 else 272 else {
285 {
286 X509_LOOKUP_free(lu); 273 X509_LOOKUP_free(lu);
287 return NULL; 274 return NULL;
288 }
289 } 275 }
290 } 276 }
277}
291 278
292int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, 279int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
293 X509_OBJECT *ret) 280 X509_OBJECT *ret)
294 { 281{
295 X509_STORE *ctx=vs->ctx; 282 X509_STORE *ctx=vs->ctx;
296 X509_LOOKUP *lu; 283 X509_LOOKUP *lu;
297 X509_OBJECT stmp,*tmp; 284 X509_OBJECT stmp,*tmp;
@@ -301,27 +288,22 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
301 tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); 288 tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
302 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 289 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
303 290
304 if (tmp == NULL || type == X509_LU_CRL) 291 if (tmp == NULL || type == X509_LU_CRL) {
305 { 292 for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
306 for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
307 {
308 lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i); 293 lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
309 j=X509_LOOKUP_by_subject(lu,type,name,&stmp); 294 j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
310 if (j < 0) 295 if (j < 0) {
311 {
312 vs->current_method=j; 296 vs->current_method=j;
313 return j; 297 return j;
314 } 298 } else if (j) {
315 else if (j)
316 {
317 tmp= &stmp; 299 tmp= &stmp;
318 break; 300 break;
319 }
320 } 301 }
302 }
321 vs->current_method=0; 303 vs->current_method=0;
322 if (tmp == NULL) 304 if (tmp == NULL)
323 return 0; 305 return 0;
324 } 306 }
325 307
326/* if (ret->data.ptr != NULL) 308/* if (ret->data.ptr != NULL)
327 X509_OBJECT_free_contents(ret); */ 309 X509_OBJECT_free_contents(ret); */
@@ -332,20 +314,19 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
332 X509_OBJECT_up_ref_count(ret); 314 X509_OBJECT_up_ref_count(ret);
333 315
334 return 1; 316 return 1;
335 } 317}
336 318
337int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) 319int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
338 { 320{
339 X509_OBJECT *obj; 321 X509_OBJECT *obj;
340 int ret=1; 322 int ret=1;
341 323
342 if (x == NULL) return 0; 324 if (x == NULL) return 0;
343 obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT)); 325 obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT));
344 if (obj == NULL) 326 if (obj == NULL) {
345 {
346 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); 327 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
347 return 0; 328 return 0;
348 } 329 }
349 obj->type=X509_LU_X509; 330 obj->type=X509_LU_X509;
350 obj->data.x509=x; 331 obj->data.x509=x;
351 332
@@ -353,32 +334,30 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
353 334
354 X509_OBJECT_up_ref_count(obj); 335 X509_OBJECT_up_ref_count(obj);
355 336
356 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) 337 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
357 {
358 X509_OBJECT_free_contents(obj); 338 X509_OBJECT_free_contents(obj);
359 free(obj); 339 free(obj);
360 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); 340 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
361 ret=0; 341 ret=0;
362 } 342 }
363 else sk_X509_OBJECT_push(ctx->objs, obj); 343 else sk_X509_OBJECT_push(ctx->objs, obj);
364 344
365 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 345 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
366 346
367 return ret; 347 return ret;
368 } 348}
369 349
370int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) 350int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
371 { 351{
372 X509_OBJECT *obj; 352 X509_OBJECT *obj;
373 int ret=1; 353 int ret=1;
374 354
375 if (x == NULL) return 0; 355 if (x == NULL) return 0;
376 obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT)); 356 obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT));
377 if (obj == NULL) 357 if (obj == NULL) {
378 {
379 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); 358 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
380 return 0; 359 return 0;
381 } 360 }
382 obj->type=X509_LU_CRL; 361 obj->type=X509_LU_CRL;
383 obj->data.crl=x; 362 obj->data.crl=x;
384 363
@@ -386,49 +365,46 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
386 365
387 X509_OBJECT_up_ref_count(obj); 366 X509_OBJECT_up_ref_count(obj);
388 367
389 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) 368 if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
390 {
391 X509_OBJECT_free_contents(obj); 369 X509_OBJECT_free_contents(obj);
392 free(obj); 370 free(obj);
393 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); 371 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
394 ret=0; 372 ret=0;
395 } 373 } else
396 else sk_X509_OBJECT_push(ctx->objs, obj); 374 sk_X509_OBJECT_push(ctx->objs, obj);
397 375
398 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 376 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
399 377
400 return ret; 378 return ret;
401 } 379}
402 380
403void X509_OBJECT_up_ref_count(X509_OBJECT *a) 381void X509_OBJECT_up_ref_count(X509_OBJECT *a)
404 { 382{
405 switch (a->type) 383 switch (a->type) {
406 {
407 case X509_LU_X509: 384 case X509_LU_X509:
408 CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509); 385 CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
409 break; 386 break;
410 case X509_LU_CRL: 387 case X509_LU_CRL:
411 CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL); 388 CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
412 break; 389 break;
413 }
414 } 390 }
391}
415 392
416void X509_OBJECT_free_contents(X509_OBJECT *a) 393void X509_OBJECT_free_contents(X509_OBJECT *a)
417 { 394{
418 switch (a->type) 395 switch (a->type) {
419 {
420 case X509_LU_X509: 396 case X509_LU_X509:
421 X509_free(a->data.x509); 397 X509_free(a->data.x509);
422 break; 398 break;
423 case X509_LU_CRL: 399 case X509_LU_CRL:
424 X509_CRL_free(a->data.crl); 400 X509_CRL_free(a->data.crl);
425 break; 401 break;
426 }
427 } 402 }
403}
428 404
429static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, 405static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
430 X509_NAME *name, int *pnmatch) 406 X509_NAME *name, int *pnmatch)
431 { 407{
432 X509_OBJECT stmp; 408 X509_OBJECT stmp;
433 X509 x509_s; 409 X509 x509_s;
434 X509_CINF cinf_s; 410 X509_CINF cinf_s;
@@ -437,8 +413,7 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
437 int idx; 413 int idx;
438 414
439 stmp.type=type; 415 stmp.type=type;
440 switch (type) 416 switch (type) {
441 {
442 case X509_LU_X509: 417 case X509_LU_X509:
443 stmp.data.x509= &x509_s; 418 stmp.data.x509= &x509_s;
444 x509_s.cert_info= &cinf_s; 419 x509_s.cert_info= &cinf_s;
@@ -452,44 +427,42 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
452 default: 427 default:
453 /* abort(); */ 428 /* abort(); */
454 return -1; 429 return -1;
455 } 430 }
456 431
457 idx = sk_X509_OBJECT_find(h,&stmp); 432 idx = sk_X509_OBJECT_find(h,&stmp);
458 if (idx >= 0 && pnmatch) 433 if (idx >= 0 && pnmatch) {
459 {
460 int tidx; 434 int tidx;
461 const X509_OBJECT *tobj, *pstmp; 435 const X509_OBJECT *tobj, *pstmp;
462 *pnmatch = 1; 436 *pnmatch = 1;
463 pstmp = &stmp; 437 pstmp = &stmp;
464 for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++) 438 for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++) {
465 {
466 tobj = sk_X509_OBJECT_value(h, tidx); 439 tobj = sk_X509_OBJECT_value(h, tidx);
467 if (x509_object_cmp(&tobj, &pstmp)) 440 if (x509_object_cmp(&tobj, &pstmp))
468 break; 441 break;
469 (*pnmatch)++; 442 (*pnmatch)++;
470 }
471 } 443 }
472 return idx;
473 } 444 }
445 return idx;
446}
474 447
475 448
476int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, 449int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
477 X509_NAME *name) 450 X509_NAME *name)
478 { 451{
479 return x509_object_idx_cnt(h, type, name, NULL); 452 return x509_object_idx_cnt(h, type, name, NULL);
480 } 453}
481 454
482X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, 455X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
483 X509_NAME *name) 456 X509_NAME *name)
484 { 457{
485 int idx; 458 int idx;
486 idx = X509_OBJECT_idx_by_subject(h, type, name); 459 idx = X509_OBJECT_idx_by_subject(h, type, name);
487 if (idx==-1) return NULL; 460 if (idx==-1) return NULL;
488 return sk_X509_OBJECT_value(h, idx); 461 return sk_X509_OBJECT_value(h, idx);
489 } 462}
490 463
491STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) 464STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
492 { 465{
493 int i, idx, cnt; 466 int i, idx, cnt;
494 STACK_OF(X509) *sk; 467 STACK_OF(X509) *sk;
495 X509 *x; 468 X509 *x;
@@ -497,48 +470,43 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
497 sk = sk_X509_new_null(); 470 sk = sk_X509_new_null();
498 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 471 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
499 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); 472 idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
500 if (idx < 0) 473 if (idx < 0) {
501 {
502 /* Nothing found in cache: do lookup to possibly add new 474 /* Nothing found in cache: do lookup to possibly add new
503 * objects to cache 475 * objects to cache
504 */ 476 */
505 X509_OBJECT xobj; 477 X509_OBJECT xobj;
506 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 478 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
507 if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) 479 if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) {
508 {
509 sk_X509_free(sk); 480 sk_X509_free(sk);
510 return NULL; 481 return NULL;
511 } 482 }
512 X509_OBJECT_free_contents(&xobj); 483 X509_OBJECT_free_contents(&xobj);
513 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 484 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
514 idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt); 485 idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt);
515 if (idx < 0) 486 if (idx < 0) {
516 {
517 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 487 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
518 sk_X509_free(sk); 488 sk_X509_free(sk);
519 return NULL; 489 return NULL;
520 }
521 } 490 }
522 for (i = 0; i < cnt; i++, idx++) 491 }
523 { 492 for (i = 0; i < cnt; i++, idx++) {
524 obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); 493 obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
525 x = obj->data.x509; 494 x = obj->data.x509;
526 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 495 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
527 if (!sk_X509_push(sk, x)) 496 if (!sk_X509_push(sk, x)) {
528 {
529 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 497 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
530 X509_free(x); 498 X509_free(x);
531 sk_X509_pop_free(sk, X509_free); 499 sk_X509_pop_free(sk, X509_free);
532 return NULL; 500 return NULL;
533 }
534 } 501 }
502 }
535 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 503 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
536 return sk; 504 return sk;
537 505
538 } 506}
539 507
540STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) 508STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
541 { 509{
542 int i, idx, cnt; 510 int i, idx, cnt;
543 STACK_OF(X509_CRL) *sk; 511 STACK_OF(X509_CRL) *sk;
544 X509_CRL *x; 512 X509_CRL *x;
@@ -551,66 +519,57 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
551 /* Always do lookup to possibly add new CRLs to cache 519 /* Always do lookup to possibly add new CRLs to cache
552 */ 520 */
553 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 521 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
554 if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) 522 if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) {
555 {
556 sk_X509_CRL_free(sk); 523 sk_X509_CRL_free(sk);
557 return NULL; 524 return NULL;
558 } 525 }
559 X509_OBJECT_free_contents(&xobj); 526 X509_OBJECT_free_contents(&xobj);
560 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 527 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
561 idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt); 528 idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt);
562 if (idx < 0) 529 if (idx < 0) {
563 {
564 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 530 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
565 sk_X509_CRL_free(sk); 531 sk_X509_CRL_free(sk);
566 return NULL; 532 return NULL;
567 } 533 }
568 534
569 for (i = 0; i < cnt; i++, idx++) 535 for (i = 0; i < cnt; i++, idx++) {
570 {
571 obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); 536 obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
572 x = obj->data.crl; 537 x = obj->data.crl;
573 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); 538 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
574 if (!sk_X509_CRL_push(sk, x)) 539 if (!sk_X509_CRL_push(sk, x)) {
575 {
576 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 540 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
577 X509_CRL_free(x); 541 X509_CRL_free(x);
578 sk_X509_CRL_pop_free(sk, X509_CRL_free); 542 sk_X509_CRL_pop_free(sk, X509_CRL_free);
579 return NULL; 543 return NULL;
580 }
581 } 544 }
545 }
582 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 546 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
583 return sk; 547 return sk;
584 } 548}
585 549
586X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) 550X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
587 { 551{
588 int idx, i; 552 int idx, i;
589 X509_OBJECT *obj; 553 X509_OBJECT *obj;
590 idx = sk_X509_OBJECT_find(h, x); 554 idx = sk_X509_OBJECT_find(h, x);
591 if (idx == -1) return NULL; 555 if (idx == -1) return NULL;
592 if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) 556 if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
593 return sk_X509_OBJECT_value(h, idx); 557 return sk_X509_OBJECT_value(h, idx);
594 for (i = idx; i < sk_X509_OBJECT_num(h); i++) 558 for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
595 {
596 obj = sk_X509_OBJECT_value(h, i); 559 obj = sk_X509_OBJECT_value(h, i);
597 if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) 560 if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
598 return NULL; 561 return NULL;
599 if (x->type == X509_LU_X509) 562 if (x->type == X509_LU_X509) {
600 {
601 if (!X509_cmp(obj->data.x509, x->data.x509)) 563 if (!X509_cmp(obj->data.x509, x->data.x509))
602 return obj; 564 return obj;
603 } 565 } else if (x->type == X509_LU_CRL) {
604 else if (x->type == X509_LU_CRL)
605 {
606 if (!X509_CRL_match(obj->data.crl, x->data.crl)) 566 if (!X509_CRL_match(obj->data.crl, x->data.crl))
607 return obj; 567 return obj;
608 } 568 } else
609 else
610 return obj; 569 return obj;
611 }
612 return NULL;
613 } 570 }
571 return NULL;
572}
614 573
615 574
616/* Try to get issuer certificate from store. Due to limitations 575/* Try to get issuer certificate from store. Due to limitations
@@ -625,95 +584,87 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x
625 * -1 some other error. 584 * -1 some other error.
626 */ 585 */
627int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 586int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
628 { 587{
629 X509_NAME *xn; 588 X509_NAME *xn;
630 X509_OBJECT obj, *pobj; 589 X509_OBJECT obj, *pobj;
631 int i, ok, idx, ret; 590 int i, ok, idx, ret;
632 xn=X509_get_issuer_name(x); 591 xn=X509_get_issuer_name(x);
633 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); 592 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
634 if (ok != X509_LU_X509) 593 if (ok != X509_LU_X509) {
635 { 594 if (ok == X509_LU_RETRY) {
636 if (ok == X509_LU_RETRY)
637 {
638 X509_OBJECT_free_contents(&obj); 595 X509_OBJECT_free_contents(&obj);
639 X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY); 596 X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY);
640 return -1; 597 return -1;
641 } 598 } else if (ok != X509_LU_FAIL) {
642 else if (ok != X509_LU_FAIL)
643 {
644 X509_OBJECT_free_contents(&obj); 599 X509_OBJECT_free_contents(&obj);
645 /* not good :-(, break anyway */ 600 /* not good :-(, break anyway */
646 return -1; 601 return -1;
647 }
648 return 0;
649 } 602 }
603 return 0;
604 }
650 /* If certificate matches all OK */ 605 /* If certificate matches all OK */
651 if (ctx->check_issued(ctx, x, obj.data.x509)) 606 if (ctx->check_issued(ctx, x, obj.data.x509)) {
652 {
653 *issuer = obj.data.x509; 607 *issuer = obj.data.x509;
654 return 1; 608 return 1;
655 } 609 }
656 X509_OBJECT_free_contents(&obj); 610 X509_OBJECT_free_contents(&obj);
657 611
658 /* Else find index of first cert accepted by 'check_issued' */ 612 /* Else find index of first cert accepted by 'check_issued' */
659 ret = 0; 613 ret = 0;
660 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 614 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
661 idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); 615 idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
662 if (idx != -1) /* should be true as we've had at least one match */ 616 if (idx != -1) /* should be true as we've had at least one match */ {
663 {
664 /* Look through all matching certs for suitable issuer */ 617 /* Look through all matching certs for suitable issuer */
665 for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) 618 for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) {
666 {
667 pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); 619 pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
668 /* See if we've run past the matches */ 620 /* See if we've run past the matches */
669 if (pobj->type != X509_LU_X509) 621 if (pobj->type != X509_LU_X509)
670 break; 622 break;
671 if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) 623 if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
672 break; 624 break;
673 if (ctx->check_issued(ctx, x, pobj->data.x509)) 625 if (ctx->check_issued(ctx, x, pobj->data.x509)) {
674 {
675 *issuer = pobj->data.x509; 626 *issuer = pobj->data.x509;
676 X509_OBJECT_up_ref_count(pobj); 627 X509_OBJECT_up_ref_count(pobj);
677 ret = 1; 628 ret = 1;
678 break; 629 break;
679 }
680 } 630 }
681 } 631 }
632 }
682 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 633 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
683 return ret; 634 return ret;
684 } 635}
685 636
686int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) 637int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
687 { 638{
688 return X509_VERIFY_PARAM_set_flags(ctx->param, flags); 639 return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
689 } 640}
690 641
691int X509_STORE_set_depth(X509_STORE *ctx, int depth) 642int X509_STORE_set_depth(X509_STORE *ctx, int depth)
692 { 643{
693 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 644 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
694 return 1; 645 return 1;
695 } 646}
696 647
697int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) 648int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
698 { 649{
699 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); 650 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
700 } 651}
701 652
702int X509_STORE_set_trust(X509_STORE *ctx, int trust) 653int X509_STORE_set_trust(X509_STORE *ctx, int trust)
703 { 654{
704 return X509_VERIFY_PARAM_set_trust(ctx->param, trust); 655 return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
705 } 656}
706 657
707int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) 658int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
708 { 659{
709 return X509_VERIFY_PARAM_set1(ctx->param, param); 660 return X509_VERIFY_PARAM_set1(ctx->param, param);
710 } 661}
711 662
712void X509_STORE_set_verify_cb(X509_STORE *ctx, 663void X509_STORE_set_verify_cb(X509_STORE *ctx,
713 int (*verify_cb)(int, X509_STORE_CTX *)) 664 int (*verify_cb)(int, X509_STORE_CTX *))
714 { 665{
715 ctx->verify_cb = verify_cb; 666 ctx->verify_cb = verify_cb;
716 } 667}
717 668
718IMPLEMENT_STACK_OF(X509_LOOKUP) 669IMPLEMENT_STACK_OF(X509_LOOKUP)
719IMPLEMENT_STACK_OF(X509_OBJECT) 670IMPLEMENT_STACK_OF(X509_OBJECT)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 20:37:29 +0000