/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
{
- X509_LOOKUP *ret;
+ X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(*ret));
- ret = OPENSSL_zalloc(sizeof(*ret));
- if (ret == NULL)
+ if (ret == NULL) {
+ X509err(X509_F_X509_LOOKUP_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
+ }
ret->method = method;
- if ((method->new_item != NULL) && !method->new_item(ret)) {
+ if (method->new_item != NULL && method->new_item(ret) == 0) {
OPENSSL_free(ret);
return NULL;
}
return ctx->method->get_by_alias(ctx, type, str, len, ret);
}
+int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data)
+{
+ ctx->method_data = data;
+ return 1;
+}
+
+void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx)
+{
+ return ctx->method_data;
+}
+
+X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx)
+{
+ return ctx->store_ctx;
+}
+
+
static int x509_object_cmp(const X509_OBJECT *const *a,
const X509_OBJECT *const *b)
{
X509_STORE *X509_STORE_new(void)
{
- X509_STORE *ret;
+ X509_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+ if (ret == NULL) {
+ X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
- if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL)
+ }
+ if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) {
+ X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
goto err;
+ }
ret->cache = 1;
- if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL)
+ if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) {
+ X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
goto err;
+ }
- if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
+ if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) {
+ X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
goto err;
-
- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
+ }
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) {
+ X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
goto err;
+ }
ret->lock = CRYPTO_THREAD_lock_new();
- if (ret->lock == NULL)
+ if (ret->lock == NULL) {
+ X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
goto err;
+ }
ret->references = 1;
return ret;
if (CRYPTO_UP_REF(&vfy->references, &i, vfy->lock) <= 0)
return 0;
- REF_PRINT_COUNT("X509_STORE", a);
+ REF_PRINT_COUNT("X509_STORE", vfy);
REF_ASSERT_ISNT(i < 2);
return ((i > 1) ? 1 : 0);
}
}
/* a new one */
lu = X509_LOOKUP_new(m);
- if (lu == NULL)
+ if (lu == NULL) {
+ X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
return NULL;
- else {
- lu->store_ctx = v;
- if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
- return lu;
- else {
- X509_LOOKUP_free(lu);
- return NULL;
- }
}
+
+ lu->store_ctx = v;
+ if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
+ return lu;
+ /* malloc failed */
+ X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
+ X509_LOOKUP_free(lu);
+ return NULL;
}
X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
X509_OBJECT stmp, *tmp;
int i, j;
+ if (ctx == NULL)
+ return 0;
+
CRYPTO_THREAD_write_lock(ctx->lock);
tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
CRYPTO_THREAD_unlock(ctx->lock);
return a->type;
}
-X509_OBJECT *X509_OBJECT_new()
+X509_OBJECT *X509_OBJECT_new(void)
{
X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret));
return ret;
}
-
-void X509_OBJECT_free(X509_OBJECT *a)
+static void x509_object_free_internal(X509_OBJECT *a)
{
if (a == NULL)
return;
X509_CRL_free(a->data.crl);
break;
}
+}
+
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj)
+{
+ if (a == NULL || !X509_up_ref(obj))
+ return 0;
+
+ x509_object_free_internal(a);
+ a->type = X509_LU_X509;
+ a->data.x509 = obj;
+ return 1;
+}
+
+int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj)
+{
+ if (a == NULL || !X509_CRL_up_ref(obj))
+ return 0;
+
+ x509_object_free_internal(a);
+ a->type = X509_LU_CRL;
+ a->data.crl = obj;
+ return 1;
+}
+
+void X509_OBJECT_free(X509_OBJECT *a)
+{
+ x509_object_free_internal(a);
OPENSSL_free(a);
}
X509 *x;
X509_OBJECT *obj;
+ if (ctx->ctx == NULL)
+ return NULL;
+
CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
if (idx < 0) {
X509_OBJECT *obj, *xobj = X509_OBJECT_new();
/* Always do lookup to possibly add new CRLs to cache */
- if (sk == NULL || xobj == NULL ||
- !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) {
+ if (sk == NULL
+ || xobj == NULL
+ || ctx->ctx == NULL
+ || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) {
X509_OBJECT_free(xobj);
sk_X509_CRL_free(sk);
return NULL;
X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
X509_OBJECT *x)
{
- int idx, i;
+ int idx, i, num;
X509_OBJECT *obj;
+
idx = sk_X509_OBJECT_find(h, x);
- if (idx == -1)
+ if (idx < 0)
return NULL;
if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
return sk_X509_OBJECT_value(h, idx);
- for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
+ for (i = idx, num = sk_X509_OBJECT_num(h); i < num; i++) {
obj = sk_X509_OBJECT_value(h, i);
- if (x509_object_cmp
- ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+ if (x509_object_cmp((const X509_OBJECT **)&obj,
+ (const X509_OBJECT **)&x))
return NULL;
if (x->type == X509_LU_X509) {
if (!X509_cmp(obj->data.x509, x->data.x509))
}
X509_OBJECT_free(obj);
+ if (ctx->ctx == NULL)
+ return 0;
+
/* Else find index of first cert accepted by 'check_issued' */
ret = 0;
CRYPTO_THREAD_write_lock(ctx->ctx->lock);