195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * project 2004. */ 395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* ==================================================================== 495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Copyright (c) 2004 The OpenSSL Project. All rights reserved. 595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Redistribution and use in source and binary forms, with or without 795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * modification, are permitted provided that the following conditions 895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * are met: 995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1. Redistributions of source code must retain the above copyright 1195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer. 1295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2. Redistributions in binary form must reproduce the above copyright 1495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer in 1595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the documentation and/or other materials provided with the 1695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * distribution. 1795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3. All advertising materials mentioning features or use of this 1995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * software must display the following acknowledgment: 2095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes software developed by the OpenSSL Project 2195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * endorse or promote products derived from this software without 2595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * prior written permission. For written permission, please contact 2695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * licensing@OpenSSL.org. 2795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 5. Products derived from this software may not be called "OpenSSL" 2995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * nor may "OpenSSL" appear in their names without prior written 3095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * permission of the OpenSSL Project. 3195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 6. Redistributions of any form whatsoever must retain the following 3395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * acknowledgment: 3495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes software developed by the OpenSSL Project 3595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 3895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 3995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 4795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 4895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * OF THE POSSIBILITY OF SUCH DAMAGE. 4995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ==================================================================== 5095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 5195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This product includes cryptographic software written by Eric Young 5295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * (eay@cryptsoft.com). This product includes software written by Tim 5395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Hudson (tjh@cryptsoft.com). */ 5495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 5595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/buf.h> 5695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/lhash.h> 5795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/mem.h> 5895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/obj.h> 5995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/x509.h> 6095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/x509v3.h> 6195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 6295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include "vpm_int.h" 6395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 6495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* X509_VERIFY_PARAM functions */ 6595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 6695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic void x509_verify_param_zero(X509_VERIFY_PARAM *param) 6795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 6895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_VERIFY_PARAM_ID *paramid; 6995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!param) 7095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return; 7195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->name = NULL; 7295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->purpose = 0; 7395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->trust = 0; 7495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/ 7595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->inh_flags = 0; 7695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->flags = 0; 7795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->depth = -1; 7895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (param->policies) 7995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 8095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); 8195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->policies = NULL; 8295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 8395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley paramid = param->id; 8495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (paramid->host) 8595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 8695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(paramid->host); 8795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley paramid->host = NULL; 8895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley paramid->hostlen = 0; 8995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 9095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (paramid->email) 9195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 9295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(paramid->email); 9395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley paramid->email = NULL; 9495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley paramid->emaillen = 0; 9595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 9695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (paramid->ip) 9795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 9895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(paramid->ip); 9995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley paramid->ip = NULL; 10095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley paramid->iplen = 0; 10195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 10295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 10395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 10495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 10595c29f3cd1f6c08c6c0927868683392eea727ccAdam LangleyX509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) 10695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 10795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_VERIFY_PARAM *param; 10895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_VERIFY_PARAM_ID *paramid; 10995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); 11095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!param) 11195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return NULL; 112b70da6a246d5da0e67696834bab0094a29954523David Benjamin paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM_ID)); 11395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!paramid) 11495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 11595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(param); 11695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return NULL; 11795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 11895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley memset(param, 0, sizeof(X509_VERIFY_PARAM)); 11995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley memset(paramid, 0, sizeof(X509_VERIFY_PARAM_ID)); 12095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->id = paramid; 12195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley x509_verify_param_zero(param); 12295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return param; 12395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 12495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 12595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) 12695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 12795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley x509_verify_param_zero(param); 12895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(param->id); 12995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(param); 13095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 13195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 13295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* This function determines how parameters are "inherited" from one structure 13395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * to another. There are several different ways this can happen. 13495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 13595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1. If a child structure needs to have its values initialized from a parent 13695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * they are simply copied across. For example SSL_CTX copied to SSL. 13795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2. If the structure should take on values only if they are currently unset. 13895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * For example the values in an SSL structure will take appropriate value 13995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * for SSL servers or clients but only if the application has not set new 14095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ones. 14195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 14295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * The "inh_flags" field determines how this function behaves. 14395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 14495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Normally any values which are set in the default are not copied from the 14595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * destination and verify flags are ORed together. 14695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 14795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied 14895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * to the destination. Effectively the values in "to" become default values 14995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * which will be used only if nothing new is set in "from". 15095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 15195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether 15295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * they are set or not. Flags is still Ored though. 15395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 15495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead 15595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * of ORed. 15695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 15795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * If X509_VP_FLAG_LOCKED is set then no values are copied. 15895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 15995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed 16095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * after the next call. 16195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley */ 16295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 16395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* Macro to test if a field should be copied from src to dest */ 16495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 16595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#define test_x509_verify_param_copy(field, def) \ 16695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley (to_overwrite || \ 16795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ((src->field != def) && (to_default || (dest->field == def)))) 16895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 16995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* As above but for ID fields */ 17095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 17195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#define test_x509_verify_param_copy_id(idf, def) \ 17295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley test_x509_verify_param_copy(id->idf, def) 17395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 17495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* Macro to test and copy a field if necessary */ 17595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 17695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#define x509_verify_param_copy(field, def) \ 17795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (test_x509_verify_param_copy(field, def)) \ 17895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dest->field = src->field 17995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 18095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 18195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, 18295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const X509_VERIFY_PARAM *src) 18395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 18495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned long inh_flags; 18595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int to_default, to_overwrite; 18695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_VERIFY_PARAM_ID *id; 18795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!src) 18895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 18995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley id = src->id; 19095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley inh_flags = dest->inh_flags | src->inh_flags; 19195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 19295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (inh_flags & X509_VP_FLAG_ONCE) 19395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dest->inh_flags = 0; 19495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 19595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (inh_flags & X509_VP_FLAG_LOCKED) 19695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 19795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 19895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (inh_flags & X509_VP_FLAG_DEFAULT) 19995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley to_default = 1; 20095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 20195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley to_default = 0; 20295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 20395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (inh_flags & X509_VP_FLAG_OVERWRITE) 20495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley to_overwrite = 1; 20595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 20695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley to_overwrite = 0; 20795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 20895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley x509_verify_param_copy(purpose, 0); 20995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley x509_verify_param_copy(trust, 0); 21095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley x509_verify_param_copy(depth, -1); 21195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 21295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* If overwrite or check time not set, copy across */ 21395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 21495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) 21595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 21695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dest->check_time = src->check_time; 21795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; 21895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Don't need to copy flag: that is done below */ 21995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 22095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 22195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (inh_flags & X509_VP_FLAG_RESET_FLAGS) 22295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dest->flags = 0; 22395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 22495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley dest->flags |= src->flags; 22595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 22695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (test_x509_verify_param_copy(policies, NULL)) 22795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 22895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) 22995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 23095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 23195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 23295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (test_x509_verify_param_copy_id(host, NULL)) 23395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 23495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!X509_VERIFY_PARAM_set1_host(dest, id->host, id->hostlen)) 23595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 236dc160f84f5d9a552d047241a0b51d87e507f16bcAdam Langley dest->id->hostflags = id->hostflags; 23795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 23895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 23995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (test_x509_verify_param_copy_id(email, NULL)) 24095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 24195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!X509_VERIFY_PARAM_set1_email(dest, id->email, id->emaillen)) 24295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 24395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 24495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 24595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (test_x509_verify_param_copy_id(ip, NULL)) 24695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 24795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen)) 24895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 24995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 25095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 25195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 25295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 25395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 25495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, 25595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const X509_VERIFY_PARAM *from) 25695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 25795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned long save_flags = to->inh_flags; 25895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int ret; 25995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley to->inh_flags |= X509_VP_FLAG_DEFAULT; 26095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret = X509_VERIFY_PARAM_inherit(to, from); 26195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley to->inh_flags = save_flags; 26295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return ret; 26395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 26495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 26595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int int_x509_param_set1(unsigned char **pdest, size_t *pdestlen, 26695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const unsigned char *src, size_t srclen) 26795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 26895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley void *tmp; 26995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (src) 27095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 27195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (srclen == 0) 27295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 27395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley tmp = BUF_strdup((char *)src); 27495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley srclen = strlen((char *)src); 27595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 27695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 27795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley tmp = BUF_memdup(src, srclen); 27895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!tmp) 27995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 28095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 28195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 28295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 28395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley tmp = NULL; 28495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley srclen = 0; 28595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 28695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (*pdest) 28795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(*pdest); 28895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley *pdest = tmp; 28995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (pdestlen) 29095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley *pdestlen = srclen; 29195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 29295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 29395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 29495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) 29595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 29695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (param->name) 29795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(param->name); 29895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->name = BUF_strdup(name); 29995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (param->name) 30095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 30195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 30295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 30395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 30495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) 30595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 30695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->flags |= flags; 30795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (flags & X509_V_FLAG_POLICY_MASK) 30895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->flags |= X509_V_FLAG_POLICY_CHECK; 30995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 31095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 31195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 31295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags) 31395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 31495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->flags &= ~flags; 31595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 31695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 31795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 31895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyunsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) 31995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 32095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return param->flags; 32195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 32295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 32395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) 32495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 32595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return X509_PURPOSE_set(¶m->purpose, purpose); 32695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 32795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 32895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) 32995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 33095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return X509_TRUST_set(¶m->trust, trust); 33195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 33295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 33395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) 33495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 33595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->depth = depth; 33695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 33795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 33895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) 33995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 34095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->check_time = t; 34195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->flags |= X509_V_FLAG_USE_CHECK_TIME; 34295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 34395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 34495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy) 34595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 34695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!param->policies) 34795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 34895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->policies = sk_ASN1_OBJECT_new_null(); 34995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!param->policies) 35095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 35195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 35295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!sk_ASN1_OBJECT_push(param->policies, policy)) 35395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 35495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 35595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 35695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 35795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 35895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley STACK_OF(ASN1_OBJECT) *policies) 35995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 36095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley size_t i; 36195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_OBJECT *oid, *doid; 36295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!param) 36395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 36495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (param->policies) 36595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); 36695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 36795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!policies) 36895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 36995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->policies = NULL; 37095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 37195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 37295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 37395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->policies = sk_ASN1_OBJECT_new_null(); 37495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!param->policies) 37595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 37695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 37795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) 37895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 37995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley oid = sk_ASN1_OBJECT_value(policies, i); 38095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley doid = OBJ_dup(oid); 38195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!doid) 38295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 38395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!sk_ASN1_OBJECT_push(param->policies, doid)) 38495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 38595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ASN1_OBJECT_free(doid); 38695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 38795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 38895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 38995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->flags |= X509_V_FLAG_POLICY_CHECK; 39095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 39195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 39295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 39395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, 39495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const unsigned char *name, size_t namelen) 39595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 39695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return int_x509_param_set1(¶m->id->host, ¶m->id->hostlen, 39795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley name, namelen); 39895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 39995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 400dc160f84f5d9a552d047241a0b51d87e507f16bcAdam Langleyvoid X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, 401dc160f84f5d9a552d047241a0b51d87e507f16bcAdam Langley unsigned int flags) 402dc160f84f5d9a552d047241a0b51d87e507f16bcAdam Langley { 403dc160f84f5d9a552d047241a0b51d87e507f16bcAdam Langley param->id->hostflags = flags; 404dc160f84f5d9a552d047241a0b51d87e507f16bcAdam Langley } 405dc160f84f5d9a552d047241a0b51d87e507f16bcAdam Langley 40695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, 40795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const unsigned char *email, size_t emaillen) 40895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 40995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return int_x509_param_set1(¶m->id->email, ¶m->id->emaillen, 41095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley email, emaillen); 41195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 41295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 41395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, 41495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const unsigned char *ip, size_t iplen) 41595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 41695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (iplen != 0 && iplen != 4 && iplen != 16) 41795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 41895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return int_x509_param_set1(¶m->id->ip, ¶m->id->iplen, ip, iplen); 41995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 42095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 42195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) 42295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 42395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned char ipout[16]; 42495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int iplen; 42595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley iplen = a2i_ipadd(ipout, ipasc); 42695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (iplen == 0) 42795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 42895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return X509_VERIFY_PARAM_set1_ip(param, ipout, (size_t)iplen); 42995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 43095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 43195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) 43295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 43395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return param->depth; 43495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 43595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 43695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyconst char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) 43795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 43895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return param->name; 43995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 44095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 441dc160f84f5d9a552d047241a0b51d87e507f16bcAdam Langleystatic X509_VERIFY_PARAM_ID _empty_id = {NULL, 0, 0U, NULL, 0, NULL, 0}; 44295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 44395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id 44495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 44595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* Default verify parameters: these are used for various 44695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * applications and can be overridden by the user specified table. 44795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * NB: the 'name' field *must* be in alphabetical order because it 44895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * will be searched using OBJ_search. 44995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley */ 45095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 45195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic const X509_VERIFY_PARAM default_table[] = { 45295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 453735107652b0df9941d60f4259e15150962ca34bbAdam Langley (char *) "default", /* X509 default parameters */ 45495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* Check time */ 45595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* internal flags */ 45695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* flags */ 45795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* purpose */ 45895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* trust */ 45995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 100, /* depth */ 46095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley NULL, /* policies */ 46195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley vpm_empty_id 46295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley }, 46395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 464735107652b0df9941d60f4259e15150962ca34bbAdam Langley (char *) "pkcs7", /* S/MIME sign parameters */ 46595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* Check time */ 46695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* internal flags */ 46795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* flags */ 46895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_PURPOSE_SMIME_SIGN, /* purpose */ 46995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_TRUST_EMAIL, /* trust */ 47095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley -1, /* depth */ 47195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley NULL, /* policies */ 47295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley vpm_empty_id 47395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley }, 47495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 475735107652b0df9941d60f4259e15150962ca34bbAdam Langley (char *) "smime_sign", /* S/MIME sign parameters */ 47695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* Check time */ 47795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* internal flags */ 47895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* flags */ 47995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_PURPOSE_SMIME_SIGN, /* purpose */ 48095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_TRUST_EMAIL, /* trust */ 48195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley -1, /* depth */ 48295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley NULL, /* policies */ 48395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley vpm_empty_id 48495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley }, 48595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 486735107652b0df9941d60f4259e15150962ca34bbAdam Langley (char *) "ssl_client", /* SSL/TLS client parameters */ 48795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* Check time */ 48895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* internal flags */ 48995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* flags */ 49095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_PURPOSE_SSL_CLIENT, /* purpose */ 49195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_TRUST_SSL_CLIENT, /* trust */ 49295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley -1, /* depth */ 49395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley NULL, /* policies */ 49495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley vpm_empty_id 49595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley }, 49695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 497735107652b0df9941d60f4259e15150962ca34bbAdam Langley (char *) "ssl_server", /* SSL/TLS server parameters */ 49895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* Check time */ 49995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* internal flags */ 50095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 0, /* flags */ 50195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_PURPOSE_SSL_SERVER, /* purpose */ 50295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_TRUST_SSL_SERVER, /* trust */ 50395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley -1, /* depth */ 50495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley NULL, /* policies */ 50595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley vpm_empty_id 50695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley }}; 50795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 50895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; 50995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 51095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int param_cmp(const X509_VERIFY_PARAM **a, 51195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const X509_VERIFY_PARAM **b) 51295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 51395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return strcmp((*a)->name, (*b)->name); 51495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 51595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 51695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) 51795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 51895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_VERIFY_PARAM *ptmp; 51995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!param_table) 52095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 52195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param_table = sk_X509_VERIFY_PARAM_new(param_cmp); 52295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!param_table) 52395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 52495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 52595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 52695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 52795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley size_t idx; 52895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 52995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (sk_X509_VERIFY_PARAM_find(param_table, &idx, param)) 53095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 53195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx); 53295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_VERIFY_PARAM_free(ptmp); 53395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley (void)sk_X509_VERIFY_PARAM_delete(param_table, idx); 53495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 53595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 53695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!sk_X509_VERIFY_PARAM_push(param_table, param)) 53795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 53895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 53995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 54095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 54195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint X509_VERIFY_PARAM_get_count(void) 54295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 54395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int num = sizeof(default_table)/sizeof(X509_VERIFY_PARAM); 54495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (param_table) 54595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley num += sk_X509_VERIFY_PARAM_num(param_table); 54695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return num; 54795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 54895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 54995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyconst X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) 55095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 55195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int num = sizeof(default_table)/sizeof(X509_VERIFY_PARAM); 55295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (id < num) 55395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return default_table + id; 55495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return sk_X509_VERIFY_PARAM_value(param_table, id - num); 55595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 55695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 55795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyconst X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) 55895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 55995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_VERIFY_PARAM pm; 56095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned i, limit; 56195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 56295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley pm.name = (char *)name; 56395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (param_table) 56495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 56595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley size_t idx; 56695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (sk_X509_VERIFY_PARAM_find(param_table, &idx, &pm)) 56795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return sk_X509_VERIFY_PARAM_value(param_table, idx); 56895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 56995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 57095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley limit = sizeof(default_table)/sizeof(X509_VERIFY_PARAM); 57195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley for (i = 0; i < limit; i++) { 57295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (strcmp(default_table[i].name, name) == 0) { 57395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return &default_table[i]; 57495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 57595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 57695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return NULL; 57795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 57895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 57995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid X509_VERIFY_PARAM_table_cleanup(void) 58095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 58195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (param_table) 58295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley sk_X509_VERIFY_PARAM_pop_free(param_table, 58395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley X509_VERIFY_PARAM_free); 58495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param_table = NULL; 58595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 586