16f9291ceSJung-uk Kim /*
2aa795734SPierre Pronchery * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
33b4e3dcbSSimon L. B. Nielsen *
4b077aed3SPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use
5e71b7053SJung-uk Kim * this file except in compliance with the License. You can obtain a copy
6e71b7053SJung-uk Kim * in the file LICENSE in the source distribution or at
7e71b7053SJung-uk Kim * https://www.openssl.org/source/license.html
83b4e3dcbSSimon L. B. Nielsen */
93b4e3dcbSSimon L. B. Nielsen
103b4e3dcbSSimon L. B. Nielsen #include <stdio.h>
113b4e3dcbSSimon L. B. Nielsen
12e71b7053SJung-uk Kim #include "internal/cryptlib.h"
133b4e3dcbSSimon L. B. Nielsen #include <openssl/crypto.h>
143b4e3dcbSSimon L. B. Nielsen #include <openssl/buffer.h>
153b4e3dcbSSimon L. B. Nielsen #include <openssl/x509.h>
163b4e3dcbSSimon L. B. Nielsen #include <openssl/x509v3.h>
1717f01e99SJung-uk Kim #include "crypto/x509.h"
183b4e3dcbSSimon L. B. Nielsen
1917f01e99SJung-uk Kim #include "x509_local.h"
207bded2dbSJung-uk Kim
213b4e3dcbSSimon L. B. Nielsen /* X509_VERIFY_PARAM functions */
223b4e3dcbSSimon L. B. Nielsen
237bded2dbSJung-uk Kim #define SET_HOST 0
247bded2dbSJung-uk Kim #define ADD_HOST 1
257bded2dbSJung-uk Kim
str_copy(const char * s)267bded2dbSJung-uk Kim static char *str_copy(const char *s)
277bded2dbSJung-uk Kim {
287bded2dbSJung-uk Kim return OPENSSL_strdup(s);
297bded2dbSJung-uk Kim }
307bded2dbSJung-uk Kim
str_free(char * s)317bded2dbSJung-uk Kim static void str_free(char *s)
327bded2dbSJung-uk Kim {
337bded2dbSJung-uk Kim OPENSSL_free(s);
347bded2dbSJung-uk Kim }
357bded2dbSJung-uk Kim
int_x509_param_set_hosts(X509_VERIFY_PARAM * vpm,int mode,const char * name,size_t namelen)36e71b7053SJung-uk Kim static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
377bded2dbSJung-uk Kim const char *name, size_t namelen)
387bded2dbSJung-uk Kim {
397bded2dbSJung-uk Kim char *copy;
407bded2dbSJung-uk Kim
417bded2dbSJung-uk Kim /*
427bded2dbSJung-uk Kim * Refuse names with embedded NUL bytes, except perhaps as final byte.
437bded2dbSJung-uk Kim * XXX: Do we need to push an error onto the error stack?
447bded2dbSJung-uk Kim */
458180e704SJung-uk Kim if (namelen == 0 || name == NULL)
467bded2dbSJung-uk Kim namelen = name ? strlen(name) : 0;
47b077aed3SPierre Pronchery else if (name != NULL
48b077aed3SPierre Pronchery && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen) != NULL)
497bded2dbSJung-uk Kim return 0;
508180e704SJung-uk Kim if (namelen > 0 && name[namelen - 1] == '\0')
517bded2dbSJung-uk Kim --namelen;
527bded2dbSJung-uk Kim
53e71b7053SJung-uk Kim if (mode == SET_HOST) {
54e71b7053SJung-uk Kim sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free);
55e71b7053SJung-uk Kim vpm->hosts = NULL;
567bded2dbSJung-uk Kim }
577bded2dbSJung-uk Kim if (name == NULL || namelen == 0)
587bded2dbSJung-uk Kim return 1;
597bded2dbSJung-uk Kim
60e71b7053SJung-uk Kim copy = OPENSSL_strndup(name, namelen);
617bded2dbSJung-uk Kim if (copy == NULL)
627bded2dbSJung-uk Kim return 0;
637bded2dbSJung-uk Kim
64e71b7053SJung-uk Kim if (vpm->hosts == NULL &&
65e71b7053SJung-uk Kim (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
667bded2dbSJung-uk Kim OPENSSL_free(copy);
677bded2dbSJung-uk Kim return 0;
687bded2dbSJung-uk Kim }
697bded2dbSJung-uk Kim
70e71b7053SJung-uk Kim if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) {
717bded2dbSJung-uk Kim OPENSSL_free(copy);
72e71b7053SJung-uk Kim if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) {
73e71b7053SJung-uk Kim sk_OPENSSL_STRING_free(vpm->hosts);
74e71b7053SJung-uk Kim vpm->hosts = NULL;
757bded2dbSJung-uk Kim }
767bded2dbSJung-uk Kim return 0;
777bded2dbSJung-uk Kim }
787bded2dbSJung-uk Kim
797bded2dbSJung-uk Kim return 1;
807bded2dbSJung-uk Kim }
817bded2dbSJung-uk Kim
X509_VERIFY_PARAM_new(void)823b4e3dcbSSimon L. B. Nielsen X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
833b4e3dcbSSimon L. B. Nielsen {
843b4e3dcbSSimon L. B. Nielsen X509_VERIFY_PARAM *param;
857bded2dbSJung-uk Kim
86e71b7053SJung-uk Kim param = OPENSSL_zalloc(sizeof(*param));
87e71b7053SJung-uk Kim if (param == NULL) {
88b077aed3SPierre Pronchery ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
897bded2dbSJung-uk Kim return NULL;
907bded2dbSJung-uk Kim }
91e71b7053SJung-uk Kim param->trust = X509_TRUST_DEFAULT;
92e71b7053SJung-uk Kim /* param->inh_flags = X509_VP_FLAG_DEFAULT; */
93e71b7053SJung-uk Kim param->depth = -1;
94e71b7053SJung-uk Kim param->auth_level = -1; /* -1 means unset, 0 is explicit */
953b4e3dcbSSimon L. B. Nielsen return param;
963b4e3dcbSSimon L. B. Nielsen }
973b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_free(X509_VERIFY_PARAM * param)983b4e3dcbSSimon L. B. Nielsen void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
993b4e3dcbSSimon L. B. Nielsen {
100ed6b93beSJung-uk Kim if (param == NULL)
101ed6b93beSJung-uk Kim return;
102e71b7053SJung-uk Kim sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
103e71b7053SJung-uk Kim sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
104e71b7053SJung-uk Kim OPENSSL_free(param->peername);
105e71b7053SJung-uk Kim OPENSSL_free(param->email);
106e71b7053SJung-uk Kim OPENSSL_free(param->ip);
1073b4e3dcbSSimon L. B. Nielsen OPENSSL_free(param);
1083b4e3dcbSSimon L. B. Nielsen }
1093b4e3dcbSSimon L. B. Nielsen
1106f9291ceSJung-uk Kim /*-
1116f9291ceSJung-uk Kim * This function determines how parameters are "inherited" from one structure
1123b4e3dcbSSimon L. B. Nielsen * to another. There are several different ways this can happen.
1133b4e3dcbSSimon L. B. Nielsen *
1143b4e3dcbSSimon L. B. Nielsen * 1. If a child structure needs to have its values initialized from a parent
1153b4e3dcbSSimon L. B. Nielsen * they are simply copied across. For example SSL_CTX copied to SSL.
1163b4e3dcbSSimon L. B. Nielsen * 2. If the structure should take on values only if they are currently unset.
1173b4e3dcbSSimon L. B. Nielsen * For example the values in an SSL structure will take appropriate value
1183b4e3dcbSSimon L. B. Nielsen * for SSL servers or clients but only if the application has not set new
1193b4e3dcbSSimon L. B. Nielsen * ones.
1203b4e3dcbSSimon L. B. Nielsen *
1213b4e3dcbSSimon L. B. Nielsen * The "inh_flags" field determines how this function behaves.
1223b4e3dcbSSimon L. B. Nielsen *
1233b4e3dcbSSimon L. B. Nielsen * Normally any values which are set in the default are not copied from the
1243b4e3dcbSSimon L. B. Nielsen * destination and verify flags are ORed together.
1253b4e3dcbSSimon L. B. Nielsen *
1263b4e3dcbSSimon L. B. Nielsen * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
1273b4e3dcbSSimon L. B. Nielsen * to the destination. Effectively the values in "to" become default values
1283b4e3dcbSSimon L. B. Nielsen * which will be used only if nothing new is set in "from".
1293b4e3dcbSSimon L. B. Nielsen *
1303b4e3dcbSSimon L. B. Nielsen * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
1313b4e3dcbSSimon L. B. Nielsen * they are set or not. Flags is still Ored though.
1323b4e3dcbSSimon L. B. Nielsen *
1333b4e3dcbSSimon L. B. Nielsen * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
1343b4e3dcbSSimon L. B. Nielsen * of ORed.
1353b4e3dcbSSimon L. B. Nielsen *
1363b4e3dcbSSimon L. B. Nielsen * If X509_VP_FLAG_LOCKED is set then no values are copied.
1373b4e3dcbSSimon L. B. Nielsen *
1383b4e3dcbSSimon L. B. Nielsen * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
1393b4e3dcbSSimon L. B. Nielsen * after the next call.
1403b4e3dcbSSimon L. B. Nielsen */
1413b4e3dcbSSimon L. B. Nielsen
1423b4e3dcbSSimon L. B. Nielsen /* Macro to test if a field should be copied from src to dest */
1433b4e3dcbSSimon L. B. Nielsen
1443b4e3dcbSSimon L. B. Nielsen #define test_x509_verify_param_copy(field, def) \
145b077aed3SPierre Pronchery (to_overwrite || (src->field != def && (to_default || dest->field == def)))
1463b4e3dcbSSimon L. B. Nielsen
1473b4e3dcbSSimon L. B. Nielsen /* Macro to test and copy a field if necessary */
1483b4e3dcbSSimon L. B. Nielsen
1493b4e3dcbSSimon L. B. Nielsen #define x509_verify_param_copy(field, def) \
1503b4e3dcbSSimon L. B. Nielsen if (test_x509_verify_param_copy(field, def)) \
151b077aed3SPierre Pronchery dest->field = src->field;
1523b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM * dest,const X509_VERIFY_PARAM * src)1533b4e3dcbSSimon L. B. Nielsen int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
1543b4e3dcbSSimon L. B. Nielsen const X509_VERIFY_PARAM *src)
1553b4e3dcbSSimon L. B. Nielsen {
1563b4e3dcbSSimon L. B. Nielsen unsigned long inh_flags;
1573b4e3dcbSSimon L. B. Nielsen int to_default, to_overwrite;
158b077aed3SPierre Pronchery
159b077aed3SPierre Pronchery if (src == NULL)
1603b4e3dcbSSimon L. B. Nielsen return 1;
1613b4e3dcbSSimon L. B. Nielsen inh_flags = dest->inh_flags | src->inh_flags;
1623b4e3dcbSSimon L. B. Nielsen
163b077aed3SPierre Pronchery if ((inh_flags & X509_VP_FLAG_ONCE) != 0)
1643b4e3dcbSSimon L. B. Nielsen dest->inh_flags = 0;
1653b4e3dcbSSimon L. B. Nielsen
166b077aed3SPierre Pronchery if ((inh_flags & X509_VP_FLAG_LOCKED) != 0)
1673b4e3dcbSSimon L. B. Nielsen return 1;
1683b4e3dcbSSimon L. B. Nielsen
169b077aed3SPierre Pronchery to_default = (inh_flags & X509_VP_FLAG_DEFAULT) != 0;
170b077aed3SPierre Pronchery to_overwrite = (inh_flags & X509_VP_FLAG_OVERWRITE) != 0;
1713b4e3dcbSSimon L. B. Nielsen
1723b4e3dcbSSimon L. B. Nielsen x509_verify_param_copy(purpose, 0);
173e71b7053SJung-uk Kim x509_verify_param_copy(trust, X509_TRUST_DEFAULT);
1743b4e3dcbSSimon L. B. Nielsen x509_verify_param_copy(depth, -1);
175e71b7053SJung-uk Kim x509_verify_param_copy(auth_level, -1);
1763b4e3dcbSSimon L. B. Nielsen
1773b4e3dcbSSimon L. B. Nielsen /* If overwrite or check time not set, copy across */
1783b4e3dcbSSimon L. B. Nielsen
179b077aed3SPierre Pronchery if (to_overwrite || (dest->flags & X509_V_FLAG_USE_CHECK_TIME) == 0) {
1803b4e3dcbSSimon L. B. Nielsen dest->check_time = src->check_time;
1813b4e3dcbSSimon L. B. Nielsen dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
1823b4e3dcbSSimon L. B. Nielsen /* Don't need to copy flag: that is done below */
1833b4e3dcbSSimon L. B. Nielsen }
1843b4e3dcbSSimon L. B. Nielsen
185b077aed3SPierre Pronchery if ((inh_flags & X509_VP_FLAG_RESET_FLAGS) != 0)
1863b4e3dcbSSimon L. B. Nielsen dest->flags = 0;
1873b4e3dcbSSimon L. B. Nielsen
1883b4e3dcbSSimon L. B. Nielsen dest->flags |= src->flags;
1893b4e3dcbSSimon L. B. Nielsen
1906f9291ceSJung-uk Kim if (test_x509_verify_param_copy(policies, NULL)) {
1913b4e3dcbSSimon L. B. Nielsen if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
1923b4e3dcbSSimon L. B. Nielsen return 0;
1933b4e3dcbSSimon L. B. Nielsen }
1943b4e3dcbSSimon L. B. Nielsen
1959a3ae0cdSJung-uk Kim x509_verify_param_copy(hostflags, 0);
1969a3ae0cdSJung-uk Kim
197e71b7053SJung-uk Kim if (test_x509_verify_param_copy(hosts, NULL)) {
198e71b7053SJung-uk Kim sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
199e71b7053SJung-uk Kim dest->hosts = NULL;
200b077aed3SPierre Pronchery if (src->hosts != NULL) {
201e71b7053SJung-uk Kim dest->hosts =
202e71b7053SJung-uk Kim sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
203e71b7053SJung-uk Kim if (dest->hosts == NULL)
2047bded2dbSJung-uk Kim return 0;
2057bded2dbSJung-uk Kim }
2067bded2dbSJung-uk Kim }
2077bded2dbSJung-uk Kim
208e71b7053SJung-uk Kim if (test_x509_verify_param_copy(email, NULL)) {
209e71b7053SJung-uk Kim if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
2107bded2dbSJung-uk Kim return 0;
2117bded2dbSJung-uk Kim }
2127bded2dbSJung-uk Kim
213e71b7053SJung-uk Kim if (test_x509_verify_param_copy(ip, NULL)) {
214e71b7053SJung-uk Kim if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
2157bded2dbSJung-uk Kim return 0;
2167bded2dbSJung-uk Kim }
2177bded2dbSJung-uk Kim
2183b4e3dcbSSimon L. B. Nielsen return 1;
2193b4e3dcbSSimon L. B. Nielsen }
2203b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM * to,const X509_VERIFY_PARAM * from)2213b4e3dcbSSimon L. B. Nielsen int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
2223b4e3dcbSSimon L. B. Nielsen const X509_VERIFY_PARAM *from)
2233b4e3dcbSSimon L. B. Nielsen {
224b077aed3SPierre Pronchery unsigned long save_flags;
2256a599222SSimon L. B. Nielsen int ret;
226b077aed3SPierre Pronchery
227b077aed3SPierre Pronchery if (to == NULL) {
228b077aed3SPierre Pronchery ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
229b077aed3SPierre Pronchery return 0;
230b077aed3SPierre Pronchery }
231b077aed3SPierre Pronchery save_flags = to->inh_flags;
2323b4e3dcbSSimon L. B. Nielsen to->inh_flags |= X509_VP_FLAG_DEFAULT;
2336a599222SSimon L. B. Nielsen ret = X509_VERIFY_PARAM_inherit(to, from);
2346a599222SSimon L. B. Nielsen to->inh_flags = save_flags;
2356a599222SSimon L. B. Nielsen return ret;
2363b4e3dcbSSimon L. B. Nielsen }
2373b4e3dcbSSimon L. B. Nielsen
int_x509_param_set1(char ** pdest,size_t * pdestlen,const char * src,size_t srclen)2387bded2dbSJung-uk Kim static int int_x509_param_set1(char **pdest, size_t *pdestlen,
2397bded2dbSJung-uk Kim const char *src, size_t srclen)
2407bded2dbSJung-uk Kim {
241b077aed3SPierre Pronchery char *tmp;
242b077aed3SPierre Pronchery
243b077aed3SPierre Pronchery if (src != NULL) {
244e71b7053SJung-uk Kim if (srclen == 0)
2457bded2dbSJung-uk Kim srclen = strlen(src);
246e71b7053SJung-uk Kim
247b077aed3SPierre Pronchery tmp = OPENSSL_malloc(srclen + 1);
248e71b7053SJung-uk Kim if (tmp == NULL)
2497bded2dbSJung-uk Kim return 0;
250b077aed3SPierre Pronchery memcpy(tmp, src, srclen);
251b077aed3SPierre Pronchery tmp[srclen] = '\0'; /* enforce NUL termination */
2527bded2dbSJung-uk Kim } else {
2537bded2dbSJung-uk Kim tmp = NULL;
2547bded2dbSJung-uk Kim srclen = 0;
2557bded2dbSJung-uk Kim }
2567bded2dbSJung-uk Kim OPENSSL_free(*pdest);
2577bded2dbSJung-uk Kim *pdest = tmp;
258e71b7053SJung-uk Kim if (pdestlen != NULL)
2597bded2dbSJung-uk Kim *pdestlen = srclen;
2607bded2dbSJung-uk Kim return 1;
2617bded2dbSJung-uk Kim }
2627bded2dbSJung-uk Kim
X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM * param,const char * name)2633b4e3dcbSSimon L. B. Nielsen int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
2643b4e3dcbSSimon L. B. Nielsen {
2653b4e3dcbSSimon L. B. Nielsen OPENSSL_free(param->name);
266e71b7053SJung-uk Kim param->name = OPENSSL_strdup(name);
267b077aed3SPierre Pronchery return param->name != NULL;
2683b4e3dcbSSimon L. B. Nielsen }
2693b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM * param,unsigned long flags)2703b4e3dcbSSimon L. B. Nielsen int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
2713b4e3dcbSSimon L. B. Nielsen {
2723b4e3dcbSSimon L. B. Nielsen param->flags |= flags;
273b077aed3SPierre Pronchery if ((flags & X509_V_FLAG_POLICY_MASK) != 0)
2743b4e3dcbSSimon L. B. Nielsen param->flags |= X509_V_FLAG_POLICY_CHECK;
2753b4e3dcbSSimon L. B. Nielsen return 1;
2763b4e3dcbSSimon L. B. Nielsen }
2773b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM * param,unsigned long flags)2786f9291ceSJung-uk Kim int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
2796f9291ceSJung-uk Kim unsigned long flags)
2803b4e3dcbSSimon L. B. Nielsen {
2813b4e3dcbSSimon L. B. Nielsen param->flags &= ~flags;
2823b4e3dcbSSimon L. B. Nielsen return 1;
2833b4e3dcbSSimon L. B. Nielsen }
2843b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM * param)285b077aed3SPierre Pronchery unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param)
2863b4e3dcbSSimon L. B. Nielsen {
2873b4e3dcbSSimon L. B. Nielsen return param->flags;
2883b4e3dcbSSimon L. B. Nielsen }
2893b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM * param)290e71b7053SJung-uk Kim uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param)
291e71b7053SJung-uk Kim {
292e71b7053SJung-uk Kim return param->inh_flags;
293e71b7053SJung-uk Kim }
294e71b7053SJung-uk Kim
X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM * param,uint32_t flags)295e71b7053SJung-uk Kim int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags)
296e71b7053SJung-uk Kim {
297e71b7053SJung-uk Kim param->inh_flags = flags;
298e71b7053SJung-uk Kim return 1;
299e71b7053SJung-uk Kim }
300e71b7053SJung-uk Kim
X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM * param,int purpose)3013b4e3dcbSSimon L. B. Nielsen int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
3023b4e3dcbSSimon L. B. Nielsen {
3033b4e3dcbSSimon L. B. Nielsen return X509_PURPOSE_set(¶m->purpose, purpose);
3043b4e3dcbSSimon L. B. Nielsen }
3053b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM * param,int trust)3063b4e3dcbSSimon L. B. Nielsen int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
3073b4e3dcbSSimon L. B. Nielsen {
3083b4e3dcbSSimon L. B. Nielsen return X509_TRUST_set(¶m->trust, trust);
3093b4e3dcbSSimon L. B. Nielsen }
3103b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM * param,int depth)3113b4e3dcbSSimon L. B. Nielsen void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
3123b4e3dcbSSimon L. B. Nielsen {
3133b4e3dcbSSimon L. B. Nielsen param->depth = depth;
3143b4e3dcbSSimon L. B. Nielsen }
3153b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM * param,int auth_level)316e71b7053SJung-uk Kim void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level)
317e71b7053SJung-uk Kim {
318e71b7053SJung-uk Kim param->auth_level = auth_level;
319e71b7053SJung-uk Kim }
320e71b7053SJung-uk Kim
X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM * param)321e71b7053SJung-uk Kim time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param)
322e71b7053SJung-uk Kim {
323e71b7053SJung-uk Kim return param->check_time;
324e71b7053SJung-uk Kim }
325e71b7053SJung-uk Kim
X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM * param,time_t t)3263b4e3dcbSSimon L. B. Nielsen void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
3273b4e3dcbSSimon L. B. Nielsen {
3283b4e3dcbSSimon L. B. Nielsen param->check_time = t;
3293b4e3dcbSSimon L. B. Nielsen param->flags |= X509_V_FLAG_USE_CHECK_TIME;
3303b4e3dcbSSimon L. B. Nielsen }
3313b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM * param,ASN1_OBJECT * policy)3326f9291ceSJung-uk Kim int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
3336f9291ceSJung-uk Kim ASN1_OBJECT *policy)
3343b4e3dcbSSimon L. B. Nielsen {
335b077aed3SPierre Pronchery if (param->policies == NULL) {
3363b4e3dcbSSimon L. B. Nielsen param->policies = sk_ASN1_OBJECT_new_null();
337b077aed3SPierre Pronchery if (param->policies == NULL)
3383b4e3dcbSSimon L. B. Nielsen return 0;
3393b4e3dcbSSimon L. B. Nielsen }
340aa795734SPierre Pronchery
341aa795734SPierre Pronchery if (sk_ASN1_OBJECT_push(param->policies, policy) <= 0)
342aa795734SPierre Pronchery return 0;
343aa795734SPierre Pronchery return 1;
3443b4e3dcbSSimon L. B. Nielsen }
3453b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM * param,STACK_OF (ASN1_OBJECT)* policies)3463b4e3dcbSSimon L. B. Nielsen int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
3473b4e3dcbSSimon L. B. Nielsen STACK_OF(ASN1_OBJECT) *policies)
3483b4e3dcbSSimon L. B. Nielsen {
3493b4e3dcbSSimon L. B. Nielsen int i;
3503b4e3dcbSSimon L. B. Nielsen ASN1_OBJECT *oid, *doid;
351e71b7053SJung-uk Kim
352b077aed3SPierre Pronchery if (param == NULL) {
353b077aed3SPierre Pronchery ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
3543b4e3dcbSSimon L. B. Nielsen return 0;
355b077aed3SPierre Pronchery }
3563b4e3dcbSSimon L. B. Nielsen sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
3573b4e3dcbSSimon L. B. Nielsen
358b077aed3SPierre Pronchery if (policies == NULL) {
3593b4e3dcbSSimon L. B. Nielsen param->policies = NULL;
3603b4e3dcbSSimon L. B. Nielsen return 1;
3613b4e3dcbSSimon L. B. Nielsen }
3623b4e3dcbSSimon L. B. Nielsen
3633b4e3dcbSSimon L. B. Nielsen param->policies = sk_ASN1_OBJECT_new_null();
364b077aed3SPierre Pronchery if (param->policies == NULL)
3653b4e3dcbSSimon L. B. Nielsen return 0;
3663b4e3dcbSSimon L. B. Nielsen
3676f9291ceSJung-uk Kim for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
3683b4e3dcbSSimon L. B. Nielsen oid = sk_ASN1_OBJECT_value(policies, i);
3693b4e3dcbSSimon L. B. Nielsen doid = OBJ_dup(oid);
370b077aed3SPierre Pronchery if (doid == NULL)
3713b4e3dcbSSimon L. B. Nielsen return 0;
3726f9291ceSJung-uk Kim if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
3733b4e3dcbSSimon L. B. Nielsen ASN1_OBJECT_free(doid);
3743b4e3dcbSSimon L. B. Nielsen return 0;
3753b4e3dcbSSimon L. B. Nielsen }
3763b4e3dcbSSimon L. B. Nielsen }
3773b4e3dcbSSimon L. B. Nielsen param->flags |= X509_V_FLAG_POLICY_CHECK;
3783b4e3dcbSSimon L. B. Nielsen return 1;
3793b4e3dcbSSimon L. B. Nielsen }
3803b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_get0_host(X509_VERIFY_PARAM * param,int idx)381b077aed3SPierre Pronchery char *X509_VERIFY_PARAM_get0_host(X509_VERIFY_PARAM *param, int idx)
382b077aed3SPierre Pronchery {
383b077aed3SPierre Pronchery return sk_OPENSSL_STRING_value(param->hosts, idx);
384b077aed3SPierre Pronchery }
385b077aed3SPierre Pronchery
X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM * param,const char * name,size_t namelen)3867bded2dbSJung-uk Kim int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
3877bded2dbSJung-uk Kim const char *name, size_t namelen)
3887bded2dbSJung-uk Kim {
389e71b7053SJung-uk Kim return int_x509_param_set_hosts(param, SET_HOST, name, namelen);
3907bded2dbSJung-uk Kim }
3917bded2dbSJung-uk Kim
X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM * param,const char * name,size_t namelen)3927bded2dbSJung-uk Kim int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
3937bded2dbSJung-uk Kim const char *name, size_t namelen)
3947bded2dbSJung-uk Kim {
395e71b7053SJung-uk Kim return int_x509_param_set_hosts(param, ADD_HOST, name, namelen);
3967bded2dbSJung-uk Kim }
3977bded2dbSJung-uk Kim
X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM * param,unsigned int flags)3987bded2dbSJung-uk Kim void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
3997bded2dbSJung-uk Kim unsigned int flags)
4007bded2dbSJung-uk Kim {
401e71b7053SJung-uk Kim param->hostflags = flags;
402e71b7053SJung-uk Kim }
403e71b7053SJung-uk Kim
X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM * param)404e71b7053SJung-uk Kim unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param)
405e71b7053SJung-uk Kim {
406e71b7053SJung-uk Kim return param->hostflags;
4077bded2dbSJung-uk Kim }
4087bded2dbSJung-uk Kim
X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM * param)409b077aed3SPierre Pronchery char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param)
4107bded2dbSJung-uk Kim {
411e71b7053SJung-uk Kim return param->peername;
412e71b7053SJung-uk Kim }
413e71b7053SJung-uk Kim
414e71b7053SJung-uk Kim /*
415e71b7053SJung-uk Kim * Move peername from one param structure to another, freeing any name present
416e71b7053SJung-uk Kim * at the target. If the source is a NULL parameter structure, free and zero
417e71b7053SJung-uk Kim * the target peername.
418e71b7053SJung-uk Kim */
X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM * to,X509_VERIFY_PARAM * from)419e71b7053SJung-uk Kim void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to,
420e71b7053SJung-uk Kim X509_VERIFY_PARAM *from)
421e71b7053SJung-uk Kim {
422e71b7053SJung-uk Kim char *peername = (from != NULL) ? from->peername : NULL;
423e71b7053SJung-uk Kim
424e71b7053SJung-uk Kim if (to->peername != peername) {
425e71b7053SJung-uk Kim OPENSSL_free(to->peername);
426e71b7053SJung-uk Kim to->peername = peername;
427e71b7053SJung-uk Kim }
428b077aed3SPierre Pronchery if (from != NULL)
429e71b7053SJung-uk Kim from->peername = NULL;
4307bded2dbSJung-uk Kim }
4317bded2dbSJung-uk Kim
X509_VERIFY_PARAM_get0_email(X509_VERIFY_PARAM * param)432b077aed3SPierre Pronchery char *X509_VERIFY_PARAM_get0_email(X509_VERIFY_PARAM *param)
433b077aed3SPierre Pronchery {
434b077aed3SPierre Pronchery return param->email;
435b077aed3SPierre Pronchery }
436b077aed3SPierre Pronchery
X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM * param,const char * email,size_t emaillen)4377bded2dbSJung-uk Kim int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
4387bded2dbSJung-uk Kim const char *email, size_t emaillen)
4397bded2dbSJung-uk Kim {
440e71b7053SJung-uk Kim return int_x509_param_set1(¶m->email, ¶m->emaillen,
4417bded2dbSJung-uk Kim email, emaillen);
4427bded2dbSJung-uk Kim }
4437bded2dbSJung-uk Kim
444b077aed3SPierre Pronchery static unsigned char
int_X509_VERIFY_PARAM_get0_ip(X509_VERIFY_PARAM * param,size_t * plen)445b077aed3SPierre Pronchery *int_X509_VERIFY_PARAM_get0_ip(X509_VERIFY_PARAM *param, size_t *plen)
446b077aed3SPierre Pronchery {
447b077aed3SPierre Pronchery if (param == NULL || param->ip == NULL) {
448b077aed3SPierre Pronchery ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
449b077aed3SPierre Pronchery return NULL;
450b077aed3SPierre Pronchery }
451b077aed3SPierre Pronchery if (plen != NULL)
452b077aed3SPierre Pronchery *plen = param->iplen;
453b077aed3SPierre Pronchery return param->ip;
454b077aed3SPierre Pronchery }
455b077aed3SPierre Pronchery
X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM * param)456b077aed3SPierre Pronchery char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param)
457b077aed3SPierre Pronchery {
458b077aed3SPierre Pronchery size_t iplen;
459b077aed3SPierre Pronchery unsigned char *ip = int_X509_VERIFY_PARAM_get0_ip(param, &iplen);
460b077aed3SPierre Pronchery
461b077aed3SPierre Pronchery return ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, iplen);
462b077aed3SPierre Pronchery }
463b077aed3SPierre Pronchery
X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM * param,const unsigned char * ip,size_t iplen)4647bded2dbSJung-uk Kim int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
4657bded2dbSJung-uk Kim const unsigned char *ip, size_t iplen)
4667bded2dbSJung-uk Kim {
467b077aed3SPierre Pronchery if (iplen != 0 && iplen != 4 && iplen != 16) {
468b077aed3SPierre Pronchery ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
4697bded2dbSJung-uk Kim return 0;
470b077aed3SPierre Pronchery }
471e71b7053SJung-uk Kim return int_x509_param_set1((char **)¶m->ip, ¶m->iplen,
4727bded2dbSJung-uk Kim (char *)ip, iplen);
4737bded2dbSJung-uk Kim }
4747bded2dbSJung-uk Kim
X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM * param,const char * ipasc)4757bded2dbSJung-uk Kim int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
4767bded2dbSJung-uk Kim {
4777bded2dbSJung-uk Kim unsigned char ipout[16];
478b077aed3SPierre Pronchery size_t iplen = (size_t)ossl_a2i_ipadd(ipout, ipasc);
4797bded2dbSJung-uk Kim
4807bded2dbSJung-uk Kim if (iplen == 0)
4817bded2dbSJung-uk Kim return 0;
4827bded2dbSJung-uk Kim return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
4837bded2dbSJung-uk Kim }
4847bded2dbSJung-uk Kim
X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM * param)4853b4e3dcbSSimon L. B. Nielsen int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
4863b4e3dcbSSimon L. B. Nielsen {
4873b4e3dcbSSimon L. B. Nielsen return param->depth;
4883b4e3dcbSSimon L. B. Nielsen }
4893b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM * param)490e71b7053SJung-uk Kim int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param)
491e71b7053SJung-uk Kim {
492e71b7053SJung-uk Kim return param->auth_level;
493e71b7053SJung-uk Kim }
494e71b7053SJung-uk Kim
X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM * param)4957bded2dbSJung-uk Kim const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
4967bded2dbSJung-uk Kim {
4977bded2dbSJung-uk Kim return param->name;
4987bded2dbSJung-uk Kim }
4997bded2dbSJung-uk Kim
500e71b7053SJung-uk Kim #define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0
5017bded2dbSJung-uk Kim
5026f9291ceSJung-uk Kim /*
5036f9291ceSJung-uk Kim * Default verify parameters: these are used for various applications and can
5046f9291ceSJung-uk Kim * be overridden by the user specified table. NB: the 'name' field *must* be
5056f9291ceSJung-uk Kim * in alphabetical order because it will be searched using OBJ_search.
5063b4e3dcbSSimon L. B. Nielsen */
5073b4e3dcbSSimon L. B. Nielsen
5083b4e3dcbSSimon L. B. Nielsen static const X509_VERIFY_PARAM default_table[] = {
5093b4e3dcbSSimon L. B. Nielsen {
5103b4e3dcbSSimon L. B. Nielsen "default", /* X509 default parameters */
511b077aed3SPierre Pronchery 0, /* check time to use */
512b077aed3SPierre Pronchery 0, /* inheritance flags */
513e71b7053SJung-uk Kim X509_V_FLAG_TRUSTED_FIRST, /* flags */
5143b4e3dcbSSimon L. B. Nielsen 0, /* purpose */
5153b4e3dcbSSimon L. B. Nielsen 0, /* trust */
516db522d3aSSimon L. B. Nielsen 100, /* depth */
517e71b7053SJung-uk Kim -1, /* auth_level */
5187bded2dbSJung-uk Kim NULL, /* policies */
5197bded2dbSJung-uk Kim vpm_empty_id},
5203b4e3dcbSSimon L. B. Nielsen {
5211f13597dSJung-uk Kim "pkcs7", /* S/MIME sign parameters */
522b077aed3SPierre Pronchery 0, /* check time to use */
523b077aed3SPierre Pronchery 0, /* inheritance flags */
524db522d3aSSimon L. B. Nielsen 0, /* flags */
525db522d3aSSimon L. B. Nielsen X509_PURPOSE_SMIME_SIGN, /* purpose */
526db522d3aSSimon L. B. Nielsen X509_TRUST_EMAIL, /* trust */
527db522d3aSSimon L. B. Nielsen -1, /* depth */
528e71b7053SJung-uk Kim -1, /* auth_level */
5297bded2dbSJung-uk Kim NULL, /* policies */
5307bded2dbSJung-uk Kim vpm_empty_id},
531db522d3aSSimon L. B. Nielsen {
5321f13597dSJung-uk Kim "smime_sign", /* S/MIME sign parameters */
533b077aed3SPierre Pronchery 0, /* check time to use */
534b077aed3SPierre Pronchery 0, /* inheritance flags */
5353b4e3dcbSSimon L. B. Nielsen 0, /* flags */
5363b4e3dcbSSimon L. B. Nielsen X509_PURPOSE_SMIME_SIGN, /* purpose */
5373b4e3dcbSSimon L. B. Nielsen X509_TRUST_EMAIL, /* trust */
5383b4e3dcbSSimon L. B. Nielsen -1, /* depth */
539e71b7053SJung-uk Kim -1, /* auth_level */
5407bded2dbSJung-uk Kim NULL, /* policies */
5417bded2dbSJung-uk Kim vpm_empty_id},
5423b4e3dcbSSimon L. B. Nielsen {
5433b4e3dcbSSimon L. B. Nielsen "ssl_client", /* SSL/TLS client parameters */
544b077aed3SPierre Pronchery 0, /* check time to use */
545b077aed3SPierre Pronchery 0, /* inheritance flags */
5463b4e3dcbSSimon L. B. Nielsen 0, /* flags */
5473b4e3dcbSSimon L. B. Nielsen X509_PURPOSE_SSL_CLIENT, /* purpose */
5483b4e3dcbSSimon L. B. Nielsen X509_TRUST_SSL_CLIENT, /* trust */
5493b4e3dcbSSimon L. B. Nielsen -1, /* depth */
550e71b7053SJung-uk Kim -1, /* auth_level */
5517bded2dbSJung-uk Kim NULL, /* policies */
5527bded2dbSJung-uk Kim vpm_empty_id},
5533b4e3dcbSSimon L. B. Nielsen {
5543b4e3dcbSSimon L. B. Nielsen "ssl_server", /* SSL/TLS server parameters */
555b077aed3SPierre Pronchery 0, /* check time to use */
556b077aed3SPierre Pronchery 0, /* inheritance flags */
5573b4e3dcbSSimon L. B. Nielsen 0, /* flags */
5583b4e3dcbSSimon L. B. Nielsen X509_PURPOSE_SSL_SERVER, /* purpose */
5593b4e3dcbSSimon L. B. Nielsen X509_TRUST_SSL_SERVER, /* trust */
5603b4e3dcbSSimon L. B. Nielsen -1, /* depth */
561e71b7053SJung-uk Kim -1, /* auth_level */
5627bded2dbSJung-uk Kim NULL, /* policies */
5637bded2dbSJung-uk Kim vpm_empty_id}
5646f9291ceSJung-uk Kim };
5653b4e3dcbSSimon L. B. Nielsen
5663b4e3dcbSSimon L. B. Nielsen static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
5673b4e3dcbSSimon L. B. Nielsen
table_cmp(const X509_VERIFY_PARAM * a,const X509_VERIFY_PARAM * b)5681f13597dSJung-uk Kim static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
5693b4e3dcbSSimon L. B. Nielsen {
5703b4e3dcbSSimon L. B. Nielsen return strcmp(a->name, b->name);
5713b4e3dcbSSimon L. B. Nielsen }
5723b4e3dcbSSimon L. B. Nielsen
5736f9291ceSJung-uk Kim DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
5746f9291ceSJung-uk Kim IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
5751f13597dSJung-uk Kim
param_cmp(const X509_VERIFY_PARAM * const * a,const X509_VERIFY_PARAM * const * b)5763b4e3dcbSSimon L. B. Nielsen static int param_cmp(const X509_VERIFY_PARAM *const *a,
5773b4e3dcbSSimon L. B. Nielsen const X509_VERIFY_PARAM *const *b)
5783b4e3dcbSSimon L. B. Nielsen {
5793b4e3dcbSSimon L. B. Nielsen return strcmp((*a)->name, (*b)->name);
5803b4e3dcbSSimon L. B. Nielsen }
5813b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM * param)5823b4e3dcbSSimon L. B. Nielsen int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
5833b4e3dcbSSimon L. B. Nielsen {
5843b4e3dcbSSimon L. B. Nielsen int idx;
5853b4e3dcbSSimon L. B. Nielsen X509_VERIFY_PARAM *ptmp;
586b077aed3SPierre Pronchery
587e71b7053SJung-uk Kim if (param_table == NULL) {
5883b4e3dcbSSimon L. B. Nielsen param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
589e71b7053SJung-uk Kim if (param_table == NULL)
5903b4e3dcbSSimon L. B. Nielsen return 0;
5916f9291ceSJung-uk Kim } else {
5923b4e3dcbSSimon L. B. Nielsen idx = sk_X509_VERIFY_PARAM_find(param_table, param);
593e71b7053SJung-uk Kim if (idx >= 0) {
594e71b7053SJung-uk Kim ptmp = sk_X509_VERIFY_PARAM_delete(param_table, idx);
5953b4e3dcbSSimon L. B. Nielsen X509_VERIFY_PARAM_free(ptmp);
5963b4e3dcbSSimon L. B. Nielsen }
5973b4e3dcbSSimon L. B. Nielsen }
598aa795734SPierre Pronchery
599aa795734SPierre Pronchery if (sk_X509_VERIFY_PARAM_push(param_table, param) <= 0)
600aa795734SPierre Pronchery return 0;
601aa795734SPierre Pronchery return 1;
6023b4e3dcbSSimon L. B. Nielsen }
6033b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_get_count(void)6047bded2dbSJung-uk Kim int X509_VERIFY_PARAM_get_count(void)
6057bded2dbSJung-uk Kim {
606e71b7053SJung-uk Kim int num = OSSL_NELEM(default_table);
607b077aed3SPierre Pronchery
608b077aed3SPierre Pronchery if (param_table != NULL)
6097bded2dbSJung-uk Kim num += sk_X509_VERIFY_PARAM_num(param_table);
6107bded2dbSJung-uk Kim return num;
6117bded2dbSJung-uk Kim }
6127bded2dbSJung-uk Kim
X509_VERIFY_PARAM_get0(int id)6137bded2dbSJung-uk Kim const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
6147bded2dbSJung-uk Kim {
615e71b7053SJung-uk Kim int num = OSSL_NELEM(default_table);
616b077aed3SPierre Pronchery
6177bded2dbSJung-uk Kim if (id < num)
6187bded2dbSJung-uk Kim return default_table + id;
6197bded2dbSJung-uk Kim return sk_X509_VERIFY_PARAM_value(param_table, id - num);
6207bded2dbSJung-uk Kim }
6217bded2dbSJung-uk Kim
X509_VERIFY_PARAM_lookup(const char * name)6223b4e3dcbSSimon L. B. Nielsen const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
6233b4e3dcbSSimon L. B. Nielsen {
6243b4e3dcbSSimon L. B. Nielsen int idx;
6253b4e3dcbSSimon L. B. Nielsen X509_VERIFY_PARAM pm;
6261f13597dSJung-uk Kim
6273b4e3dcbSSimon L. B. Nielsen pm.name = (char *)name;
628e71b7053SJung-uk Kim if (param_table != NULL) {
6293b4e3dcbSSimon L. B. Nielsen idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
630e71b7053SJung-uk Kim if (idx >= 0)
6313b4e3dcbSSimon L. B. Nielsen return sk_X509_VERIFY_PARAM_value(param_table, idx);
6323b4e3dcbSSimon L. B. Nielsen }
633e71b7053SJung-uk Kim return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table));
6343b4e3dcbSSimon L. B. Nielsen }
6353b4e3dcbSSimon L. B. Nielsen
X509_VERIFY_PARAM_table_cleanup(void)6363b4e3dcbSSimon L. B. Nielsen void X509_VERIFY_PARAM_table_cleanup(void)
6373b4e3dcbSSimon L. B. Nielsen {
6386f9291ceSJung-uk Kim sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
6393b4e3dcbSSimon L. B. Nielsen param_table = NULL;
6403b4e3dcbSSimon L. B. Nielsen }
641