summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_vpm.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509/x509_vpm.c')
-rw-r--r--src/lib/libcrypto/x509/x509_vpm.c135
1 files changed, 62 insertions, 73 deletions
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c
index 5e3eba4029..7f0824f75e 100644
--- a/src/lib/libcrypto/x509/x509_vpm.c
+++ b/src/lib/libcrypto/x509/x509_vpm.c
@@ -68,7 +68,7 @@
68/* X509_VERIFY_PARAM functions */ 68/* X509_VERIFY_PARAM functions */
69 69
70static void x509_verify_param_zero(X509_VERIFY_PARAM *param) 70static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
71 { 71{
72 if (!param) 72 if (!param)
73 return; 73 return;
74 param->name = NULL; 74 param->name = NULL;
@@ -78,27 +78,26 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
78 param->inh_flags = 0; 78 param->inh_flags = 0;
79 param->flags = 0; 79 param->flags = 0;
80 param->depth = -1; 80 param->depth = -1;
81 if (param->policies) 81 if (param->policies) {
82 {
83 sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); 82 sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
84 param->policies = NULL; 83 param->policies = NULL;
85 }
86 } 84 }
85}
87 86
88X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) 87X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
89 { 88{
90 X509_VERIFY_PARAM *param; 89 X509_VERIFY_PARAM *param;
91 param = malloc(sizeof(X509_VERIFY_PARAM)); 90 param = malloc(sizeof(X509_VERIFY_PARAM));
92 memset(param, 0, sizeof(X509_VERIFY_PARAM)); 91 memset(param, 0, sizeof(X509_VERIFY_PARAM));
93 x509_verify_param_zero(param); 92 x509_verify_param_zero(param);
94 return param; 93 return param;
95 } 94}
96 95
97void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) 96void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
98 { 97{
99 x509_verify_param_zero(param); 98 x509_verify_param_zero(param);
100 free(param); 99 free(param);
101 } 100}
102 101
103/* This function determines how parameters are "inherited" from one structure 102/* This function determines how parameters are "inherited" from one structure
104 * to another. There are several different ways this can happen. 103 * to another. There are several different ways this can happen.
@@ -146,7 +145,7 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
146 145
147int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, 146int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
148 const X509_VERIFY_PARAM *src) 147 const X509_VERIFY_PARAM *src)
149 { 148{
150 unsigned long inh_flags; 149 unsigned long inh_flags;
151 int to_default, to_overwrite; 150 int to_default, to_overwrite;
152 if (!src) 151 if (!src)
@@ -175,104 +174,101 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
175 174
176 /* If overwrite or check time not set, copy across */ 175 /* If overwrite or check time not set, copy across */
177 176
178 if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) 177 if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
179 {
180 dest->check_time = src->check_time; 178 dest->check_time = src->check_time;
181 dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; 179 dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
182 /* Don't need to copy flag: that is done below */ 180 /* Don't need to copy flag: that is done below */
183 } 181 }
184 182
185 if (inh_flags & X509_VP_FLAG_RESET_FLAGS) 183 if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
186 dest->flags = 0; 184 dest->flags = 0;
187 185
188 dest->flags |= src->flags; 186 dest->flags |= src->flags;
189 187
190 if (test_x509_verify_param_copy(policies, NULL)) 188 if (test_x509_verify_param_copy(policies, NULL)) {
191 {
192 if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) 189 if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
193 return 0; 190 return 0;
194 } 191 }
195 192
196 return 1; 193 return 1;
197 } 194}
198 195
199int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, 196int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
200 const X509_VERIFY_PARAM *from) 197 const X509_VERIFY_PARAM *from)
201 { 198{
202 unsigned long save_flags = to->inh_flags; 199 unsigned long save_flags = to->inh_flags;
203 int ret; 200 int ret;
204 to->inh_flags |= X509_VP_FLAG_DEFAULT; 201 to->inh_flags |= X509_VP_FLAG_DEFAULT;
205 ret = X509_VERIFY_PARAM_inherit(to, from); 202 ret = X509_VERIFY_PARAM_inherit(to, from);
206 to->inh_flags = save_flags; 203 to->inh_flags = save_flags;
207 return ret; 204 return ret;
208 } 205}
209 206
210int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) 207int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
211 { 208{
212 if (param->name) 209 if (param->name)
213 free(param->name); 210 free(param->name);
214 param->name = BUF_strdup(name); 211 param->name = BUF_strdup(name);
215 if (param->name) 212 if (param->name)
216 return 1; 213 return 1;
217 return 0; 214 return 0;
218 } 215}
219 216
220int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) 217int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
221 { 218{
222 param->flags |= flags; 219 param->flags |= flags;
223 if (flags & X509_V_FLAG_POLICY_MASK) 220 if (flags & X509_V_FLAG_POLICY_MASK)
224 param->flags |= X509_V_FLAG_POLICY_CHECK; 221 param->flags |= X509_V_FLAG_POLICY_CHECK;
225 return 1; 222 return 1;
226 } 223}
227 224
228int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags) 225int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags)
229 { 226{
230 param->flags &= ~flags; 227 param->flags &= ~flags;
231 return 1; 228 return 1;
232 } 229}
233 230
234unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) 231unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
235 { 232{
236 return param->flags; 233 return param->flags;
237 } 234}
238 235
239int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) 236int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
240 { 237{
241 return X509_PURPOSE_set(&param->purpose, purpose); 238 return X509_PURPOSE_set(&param->purpose, purpose);
242 } 239}
243 240
244int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) 241int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
245 { 242{
246 return X509_TRUST_set(&param->trust, trust); 243 return X509_TRUST_set(&param->trust, trust);
247 } 244}
248 245
249void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) 246void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
250 { 247{
251 param->depth = depth; 248 param->depth = depth;
252 } 249}
253 250
254void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) 251void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
255 { 252{
256 param->check_time = t; 253 param->check_time = t;
257 param->flags |= X509_V_FLAG_USE_CHECK_TIME; 254 param->flags |= X509_V_FLAG_USE_CHECK_TIME;
258 } 255}
259 256
260int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy) 257int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy)
261 { 258{
262 if (!param->policies) 259 if (!param->policies) {
263 {
264 param->policies = sk_ASN1_OBJECT_new_null(); 260 param->policies = sk_ASN1_OBJECT_new_null();
265 if (!param->policies) 261 if (!param->policies)
266 return 0; 262 return 0;
267 } 263 }
268 if (!sk_ASN1_OBJECT_push(param->policies, policy)) 264 if (!sk_ASN1_OBJECT_push(param->policies, policy))
269 return 0; 265 return 0;
270 return 1; 266 return 1;
271 } 267}
272 268
273int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 269int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
274 STACK_OF(ASN1_OBJECT) *policies) 270 STACK_OF(ASN1_OBJECT) *policies)
275 { 271{
276 int i; 272 int i;
277 ASN1_OBJECT *oid, *doid; 273 ASN1_OBJECT *oid, *doid;
278 if (!param) 274 if (!param)
@@ -280,36 +276,33 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
280 if (param->policies) 276 if (param->policies)
281 sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); 277 sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
282 278
283 if (!policies) 279 if (!policies) {
284 {
285 param->policies = NULL; 280 param->policies = NULL;
286 return 1; 281 return 1;
287 } 282 }
288 283
289 param->policies = sk_ASN1_OBJECT_new_null(); 284 param->policies = sk_ASN1_OBJECT_new_null();
290 if (!param->policies) 285 if (!param->policies)
291 return 0; 286 return 0;
292 287
293 for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) 288 for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
294 {
295 oid = sk_ASN1_OBJECT_value(policies, i); 289 oid = sk_ASN1_OBJECT_value(policies, i);
296 doid = OBJ_dup(oid); 290 doid = OBJ_dup(oid);
297 if (!doid) 291 if (!doid)
298 return 0; 292 return 0;
299 if (!sk_ASN1_OBJECT_push(param->policies, doid)) 293 if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
300 {
301 ASN1_OBJECT_free(doid); 294 ASN1_OBJECT_free(doid);
302 return 0; 295 return 0;
303 }
304 } 296 }
297 }
305 param->flags |= X509_V_FLAG_POLICY_CHECK; 298 param->flags |= X509_V_FLAG_POLICY_CHECK;
306 return 1; 299 return 1;
307 } 300}
308 301
309int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) 302int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
310 { 303{
311 return param->depth; 304 return param->depth;
312 } 305}
313 306
314/* Default verify parameters: these are used for various 307/* Default verify parameters: these are used for various
315 * applications and can be overridden by the user specified table. 308 * applications and can be overridden by the user specified table.
@@ -367,15 +360,16 @@ static const X509_VERIFY_PARAM default_table[] = {
367 X509_TRUST_SSL_SERVER, /* trust */ 360 X509_TRUST_SSL_SERVER, /* trust */
368 -1, /* depth */ 361 -1, /* depth */
369 NULL /* policies */ 362 NULL /* policies */
370 }}; 363 }
364};
371 365
372static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; 366static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
373 367
374static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b) 368static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
375 369
376 { 370{
377 return strcmp(a->name, b->name); 371 return strcmp(a->name, b->name);
378 } 372}
379 373
380DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, 374DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM,
381 table); 375 table);
@@ -384,55 +378,50 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM,
384 378
385static int param_cmp(const X509_VERIFY_PARAM * const *a, 379static int param_cmp(const X509_VERIFY_PARAM * const *a,
386 const X509_VERIFY_PARAM * const *b) 380 const X509_VERIFY_PARAM * const *b)
387 { 381{
388 return strcmp((*a)->name, (*b)->name); 382 return strcmp((*a)->name, (*b)->name);
389 } 383}
390 384
391int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) 385int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
392 { 386{
393 int idx; 387 int idx;
394 X509_VERIFY_PARAM *ptmp; 388 X509_VERIFY_PARAM *ptmp;
395 if (!param_table) 389 if (!param_table) {
396 {
397 param_table = sk_X509_VERIFY_PARAM_new(param_cmp); 390 param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
398 if (!param_table) 391 if (!param_table)
399 return 0; 392 return 0;
400 } 393 } else {
401 else
402 {
403 idx = sk_X509_VERIFY_PARAM_find(param_table, param); 394 idx = sk_X509_VERIFY_PARAM_find(param_table, param);
404 if (idx != -1) 395 if (idx != -1) {
405 {
406 ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx); 396 ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
407 X509_VERIFY_PARAM_free(ptmp); 397 X509_VERIFY_PARAM_free(ptmp);
408 (void)sk_X509_VERIFY_PARAM_delete(param_table, idx); 398 (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
409 }
410 } 399 }
400 }
411 if (!sk_X509_VERIFY_PARAM_push(param_table, param)) 401 if (!sk_X509_VERIFY_PARAM_push(param_table, param))
412 return 0; 402 return 0;
413 return 1; 403 return 1;
414 } 404}
415 405
416const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) 406const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
417 { 407{
418 int idx; 408 int idx;
419 X509_VERIFY_PARAM pm; 409 X509_VERIFY_PARAM pm;
420 410
421 pm.name = (char *)name; 411 pm.name = (char *)name;
422 if (param_table) 412 if (param_table) {
423 {
424 idx = sk_X509_VERIFY_PARAM_find(param_table, &pm); 413 idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
425 if (idx != -1) 414 if (idx != -1)
426 return sk_X509_VERIFY_PARAM_value(param_table, idx); 415 return sk_X509_VERIFY_PARAM_value(param_table, idx);
427 } 416 }
428 return OBJ_bsearch_table(&pm, default_table, 417 return OBJ_bsearch_table(&pm, default_table,
429 sizeof(default_table)/sizeof(X509_VERIFY_PARAM)); 418 sizeof(default_table)/sizeof(X509_VERIFY_PARAM));
430 } 419}
431 420
432void X509_VERIFY_PARAM_table_cleanup(void) 421void X509_VERIFY_PARAM_table_cleanup(void)
433 { 422{
434 if (param_table) 423 if (param_table)
435 sk_X509_VERIFY_PARAM_pop_free(param_table, 424 sk_X509_VERIFY_PARAM_pop_free(param_table,
436 X509_VERIFY_PARAM_free); 425 X509_VERIFY_PARAM_free);
437 param_table = NULL; 426 param_table = NULL;
438 } 427}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-28 10:58:28 +0000