#include "cryptlib.h"
#include <openssl/lhash.h>
#include <openssl/x509.h>
-
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL;
+#include <openssl/x509v3.h>
X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
{
X509_LOOKUP *ret;
ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
- if (ret == NULL) return(NULL);
+ if (ret == NULL) return NULL;
ret->init=0;
ret->skip=0;
if ((method->new_item != NULL) && !method->new_item(ret))
{
OPENSSL_free(ret);
- return(NULL);
+ return NULL;
}
- return(ret);
+ return ret;
}
void X509_LOOKUP_free(X509_LOOKUP *ctx)
int X509_LOOKUP_init(X509_LOOKUP *ctx)
{
- if (ctx->method == NULL) return(0);
+ if (ctx->method == NULL) return 0;
if (ctx->method->init != NULL)
- return(ctx->method->init(ctx));
+ return ctx->method->init(ctx);
else
- return(1);
+ return 1;
}
int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
{
- if (ctx->method == NULL) return(0);
+ if (ctx->method == NULL) return 0;
if (ctx->method->shutdown != NULL)
- return(ctx->method->shutdown(ctx));
+ return ctx->method->shutdown(ctx);
else
- return(1);
+ return 1;
}
int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
char **ret)
{
- if (ctx->method == NULL) return(-1);
+ if (ctx->method == NULL) return -1;
if (ctx->method->ctrl != NULL)
- return(ctx->method->ctrl(ctx,cmd,argc,argl,ret));
+ return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
else
- return(1);
+ return 1;
}
int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
- return(X509_LU_FAIL);
- if (ctx->skip) return(0);
- return(ctx->method->get_by_subject(ctx,type,name,ret));
+ return X509_LU_FAIL;
+ if (ctx->skip) return 0;
+ return ctx->method->get_by_subject(ctx,type,name,ret);
}
int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
{
if ((ctx->method == NULL) ||
(ctx->method->get_by_issuer_serial == NULL))
- return(X509_LU_FAIL);
- return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret));
+ return X509_LU_FAIL;
+ return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
}
int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
unsigned char *bytes, int len, X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
- return(X509_LU_FAIL);
- return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret));
+ return X509_LU_FAIL;
+ return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
}
int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
- return(X509_LU_FAIL);
- return(ctx->method->get_by_alias(ctx,type,str,len,ret));
+ return X509_LU_FAIL;
+ return ctx->method->get_by_alias(ctx,type,str,len,ret);
}
int ret;
ret=((*a)->type - (*b)->type);
- if (ret) return(ret);
+ if (ret) return ret;
switch ((*a)->type)
{
case X509_LU_X509:
/* abort(); */
return 0;
}
- return(ret);
+ return ret;
}
X509_STORE *X509_STORE_new(void)
X509_STORE *ret;
if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
- return(NULL);
+ return NULL;
ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
ret->cache=1;
ret->get_cert_methods=sk_X509_LOOKUP_new_null();
- ret->verify=NULL;
- ret->verify_cb=NULL;
- memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
+ ret->verify=0;
+ ret->verify_cb=0;
+
+ if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
+ return NULL;
+
+ ret->get_issuer = 0;
+ ret->check_issued = 0;
+ ret->check_revocation = 0;
+ ret->get_crl = 0;
+ ret->check_crl = 0;
+ ret->cert_crl = 0;
+ ret->cleanup = 0;
+
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
ret->references=1;
- ret->depth=0;
- return(ret);
+ return ret;
}
static void cleanup(X509_OBJECT *a)
STACK_OF(X509_LOOKUP) *sk;
X509_LOOKUP *lu;
- if(vfy == NULL)
+ if (vfy == NULL)
return;
sk=vfy->get_cert_methods;
sk_X509_LOOKUP_free(sk);
sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
- CRYPTO_free_ex_data(x509_store_meth,vfy,&vfy->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
+ if (vfy->param)
+ X509_VERIFY_PARAM_free(vfy->param);
OPENSSL_free(vfy);
}
lu=sk_X509_LOOKUP_value(sk,i);
if (m == lu->method)
{
- return(lu);
+ return lu;
}
}
/* a new one */
lu=X509_LOOKUP_new(m);
if (lu == NULL)
- return(NULL);
+ return NULL;
else
{
lu->store_ctx=v;
if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
- return(lu);
+ return lu;
else
{
X509_LOOKUP_free(lu);
- return(NULL);
+ return NULL;
}
}
}
if (j < 0)
{
vs->current_method=j;
- return(j);
+ return j;
}
else if (j)
{
}
vs->current_method=0;
if (tmp == NULL)
- return(0);
+ return 0;
}
/* if (ret->data.ptr != NULL)
X509_OBJECT_up_ref_count(ret);
- return(1);
+ return 1;
}
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
X509_OBJECT *obj;
int ret=1;
- if (x == NULL) return(0);
+ if (x == NULL) return 0;
obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
if (obj == NULL)
{
X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
- return(0);
+ return 0;
}
obj->type=X509_LU_X509;
obj->data.x509=x;
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
- return(ret);
+ return ret;
}
int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
X509_OBJECT *obj;
int ret=1;
- if (x == NULL) return(0);
+ if (x == NULL) return 0;
obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
if (obj == NULL)
{
X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
- return(0);
+ return 0;
}
obj->type=X509_LU_CRL;
obj->data.crl=x;
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
- return(ret);
+ return ret;
}
void X509_OBJECT_up_ref_count(X509_OBJECT *a)
{
int idx;
idx = X509_OBJECT_idx_by_subject(h, type, name);
- if(idx==-1) return NULL;
+ if (idx==-1) return NULL;
return sk_X509_OBJECT_value(h, idx);
}
int idx, i;
X509_OBJECT *obj;
idx = sk_X509_OBJECT_find(h, x);
- if(idx == -1) return NULL;
- if(x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
- for(i = idx; i < sk_X509_OBJECT_num(h); i++) {
+ if (idx == -1) return NULL;
+ if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
+ for (i = idx; i < sk_X509_OBJECT_num(h); i++)
+ {
obj = sk_X509_OBJECT_value(h, i);
- if(x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) return NULL;
- if((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509)) return obj;
- }
+ if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+ return NULL;
+ if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
+ return obj;
+ }
return NULL;
}
if (ok == X509_LU_RETRY)
{
X509_OBJECT_free_contents(&obj);
- X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
+ X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY);
return -1;
}
else if (ok != X509_LU_FAIL)
return 0;
}
/* If certificate matches all OK */
- if(ctx->check_issued(ctx, x, obj.data.x509)) {
- *issuer = obj.data.x509;
- return 1;
- }
+ if (ctx->check_issued(ctx, x, obj.data.x509))
+ {
+ *issuer = obj.data.x509;
+ return 1;
+ }
X509_OBJECT_free_contents(&obj);
/* Else find index of first matching cert */
idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
/* This shouldn't normally happen since we already have one match */
- if(idx == -1) return 0;
+ if (idx == -1) return 0;
/* Look through all matching certificates for a suitable issuer */
- for(i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) {
+ for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
+ {
pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
/* See if we've ran out of matches */
- if(pobj->type != X509_LU_X509) return 0;
- if(X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
- if(ctx->check_issued(ctx, x, pobj->data.x509)) {
+ if (pobj->type != X509_LU_X509) return 0;
+ if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
+ if (ctx->check_issued(ctx, x, pobj->data.x509))
+ {
*issuer = pobj->data.x509;
X509_OBJECT_up_ref_count(pobj);
return 1;
+ }
}
- }
return 0;
}
+int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
+ {
+ return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+ }
+
+int X509_STORE_set_depth(X509_STORE *ctx, int depth)
+ {
+ X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+ return 1;
+ }
+
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
+ {
+ return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
+ }
+
+int X509_STORE_set_trust(X509_STORE *ctx, int trust)
+ {
+ return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
+ }
+
+int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
+ {
+ return X509_VERIFY_PARAM_set1(ctx->param, param);
+ }
+
IMPLEMENT_STACK_OF(X509_LOOKUP)
IMPLEMENT_STACK_OF(X509_OBJECT)
projects / openssl.git / blobdiff