diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-12-02 02:33:56 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-12-02 02:33:56 +0000 |
commit | dd4134101fb41261b20fe47fdf9068c84e923102 (patch) | |
tree | 322439de2b7206640b18faa7eaa3a67943b18bf9 /crypto | |
parent | 08cba61011cdf8519a1c7d1316fb27fc724b6945 (diff) | |
download | openssl-dd4134101fb41261b20fe47fdf9068c84e923102.tar.gz |
Change the trust and purpose code so it doesn't need init
either and has a static and dynamic mix.
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/a_strnid.c | 54 | ||||
-rw-r--r-- | crypto/asn1/asn1.h | 4 | ||||
-rw-r--r-- | crypto/asn1/asn1_err.c | 1 | ||||
-rw-r--r-- | crypto/x509/x509.h | 19 | ||||
-rw-r--r-- | crypto/x509/x509_trs.c | 109 | ||||
-rw-r--r-- | crypto/x509/x509_v3.c | 21 | ||||
-rw-r--r-- | crypto/x509v3/Makefile.ssl | 2 | ||||
-rw-r--r-- | crypto/x509v3/ext_dat.h | 4 | ||||
-rw-r--r-- | crypto/x509v3/v3_purp.c | 91 | ||||
-rw-r--r-- | crypto/x509v3/x509v3.h | 7 |
10 files changed, 178 insertions, 134 deletions
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index e2e100e2eb..2f9c09b705 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -66,6 +66,7 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; static void st_free(ASN1_STRING_TABLE *tbl); static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b); +static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b); /* The following function generates an ASN1_STRING based on limits in a table. * Frequently the types and length of an ASN1_STRING are restricted by a @@ -79,7 +80,6 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, ASN1_STRING *str = NULL; int ret; if(!out) out = &str; - if(!stable) ASN1_STRING_TABLE_add_standard(); tbl = ASN1_STRING_TABLE_get(nid); if(tbl) ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask, tbl->minsize, tbl->maxsize); @@ -102,53 +102,45 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, #define ub_title 64 #define ub_email_address 128 +/* This table must be kept in NID order */ + static ASN1_STRING_TABLE tbl_standard[] = { -{NID_name, 1, ub_name, 0, 0}, -{NID_surname, 1, ub_name, 0, 0}, -{NID_givenName, 1, ub_name, 0, 0}, -{NID_initials, 1, ub_name, 0, 0}, {NID_commonName, 1, ub_common_name, 0, 0}, +{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, 0}, {NID_localityName, 1, ub_locality_name, 0, 0}, {NID_stateOrProvinceName, 1, ub_state_name, 0, 0}, {NID_organizationName, 1, ub_organization_name, 0, 0}, {NID_organizationalUnitName, 1, ub_organization_unit_name, 0, 0}, -{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, 0}, -{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, 0}, {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, 0}, -{NID_undef, 0, 0, 0, 0} +{NID_givenName, 1, ub_name, 0, 0}, +{NID_surname, 1, ub_name, 0, 0}, +{NID_initials, 1, ub_name, 0, 0}, +{NID_name, 1, ub_name, 0, 0}, +{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, 0}, }; -int ASN1_STRING_TABLE_add_standard(void) +static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b) { - static int done = 0; - ASN1_STRING_TABLE *tmp; - if(done) return 1; - if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); - if(!stable) { - ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD, - ERR_R_MALLOC_FAILURE); - return 0; - } - for(tmp = tbl_standard; tmp->nid != NID_undef; tmp++) { - if(!sk_ASN1_STRING_TABLE_push(stable, tmp)) { - ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD, - ERR_R_MALLOC_FAILURE); - return 0; - } - } - return 1; + return (*a)->nid - (*b)->nid; } -static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b) +static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b) { - return (*a)->nid - (*b)->nid; + return a->nid - b->nid; } ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) { int idx; + ASN1_STRING_TABLE *ttmp; ASN1_STRING_TABLE fnd; fnd.nid = nid; + ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd, + (char *)tbl_standard, + sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), + sizeof(ASN1_STRING_TABLE), (int(*)())table_cmp); + if(ttmp) return ttmp; + if(!stable) return NULL; idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); if(idx < 0) return NULL; return sk_ASN1_STRING_TABLE_value(stable, idx); @@ -160,6 +152,7 @@ int ASN1_STRING_TABLE_add(int nid, { ASN1_STRING_TABLE *tmp; char new_nid = 0; + flags &= ~STABLE_FLAGS_MALLOC; if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); if(!stable) { ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); @@ -172,14 +165,13 @@ int ASN1_STRING_TABLE_add(int nid, ERR_R_MALLOC_FAILURE); return 0; } - tmp->flags = STABLE_FLAGS_MALLOC; + tmp->flags = flags | STABLE_FLAGS_MALLOC; tmp->nid = nid; new_nid = 1; - } + } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; if(minsize != -1) tmp->minsize = minsize; if(maxsize != -1) tmp->maxsize = maxsize; tmp->mask = mask; - tmp->flags = flags & ~STABLE_FLAGS_MALLOC; if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp); return 1; } diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index d36e868e90..e54a61f6db 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -773,7 +773,6 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen, int inform, int nid); -int ASN1_STRING_TABLE_add_standard(void); ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); void ASN1_STRING_TABLE_cleanup(void); @@ -812,7 +811,6 @@ void ASN1_STRING_TABLE_cleanup(void); #define ASN1_F_ASN1_SIGN 114 #define ASN1_F_ASN1_STRING_NEW 115 #define ASN1_F_ASN1_STRING_TABLE_ADD 283 -#define ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD 284 #define ASN1_F_ASN1_STRING_TYPE_NEW 116 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 117 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 118 @@ -824,7 +822,7 @@ void ASN1_STRING_TABLE_cleanup(void); #define ASN1_F_BASIC_CONSTRAINTS_NEW 226 #define ASN1_F_BN_TO_ASN1_ENUMERATED 234 #define ASN1_F_BN_TO_ASN1_INTEGER 122 -#define ASN1_F_D2I_ACCESS_DESCRIPTION 292 +#define ASN1_F_D2I_ACCESS_DESCRIPTION 284 #define ASN1_F_D2I_ASN1_BIT_STRING 123 #define ASN1_F_D2I_ASN1_BMPSTRING 124 #define ASN1_F_D2I_ASN1_BOOLEAN 125 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index c322d643ef..063750607d 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -92,7 +92,6 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"}, {ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0), "ASN1_STRING_new"}, {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_ADD"}, -{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD_STANDARD,0), "ASN1_STRING_TABLE_add_standard"}, {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index ed95058a74..5e4da0f7c4 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -280,10 +280,10 @@ DECLARE_ASN1_SET_OF(X509) /* This is used for a table of trust checking functions */ typedef struct x509_trust_st { - int trust_id; - int trust_flags; + int trust; + int flags; int (*check_trust)(struct x509_trust_st *, X509 *, int); - char *trust_name; + char *name; int arg1; void *arg2; } X509_TRUST; @@ -298,6 +298,11 @@ DECLARE_STACK_OF(X509_TRUST) #define X509_TRUST_EMAIL 4 #define X509_TRUST_OBJECT_SIGN 5 +/* Keep these up to date! */ +#define X509_TRUST_MIN 1 +#define X509_TRUST_MAX 5 + + /* trust_flags values */ #define X509_TRUST_DYNAMIC 1 #define X509_TRUST_DYNAMIC_NAME 2 @@ -1015,8 +1020,6 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); int X509_EXTENSION_get_critical(X509_EXTENSION *ex); -void X509_init(void); -void X509_cleanup(void); int X509_verify_cert(X509_STORE_CTX *ctx); @@ -1059,10 +1062,10 @@ int X509_check_trust(X509 *x, int id, int flags); int X509_TRUST_get_count(void); X509_TRUST * X509_TRUST_iget(int idx); int X509_TRUST_get_by_id(int id); -int X509_TRUST_add(X509_TRUST *xp); +int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), + char *name, int arg1, void *arg2); void X509_TRUST_cleanup(void); -void X509_TRUST_add_standard(void); -int X509_TRUST_get_id(X509_TRUST *xp); +int X509_TRUST_get_flags(X509_TRUST *xp); char *X509_TRUST_iget_name(X509_TRUST *xp); int X509_TRUST_get_trust(X509_TRUST *xp); diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 94c64a1bcf..f96f5f9b26 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -67,72 +67,110 @@ static void trtable_free(X509_TRUST *p); static int trust_1bit(X509_TRUST *trust, X509 *x, int flags); static int trust_any(X509_TRUST *trust, X509 *x, int flags); +/* WARNING: the following table should be kept in order of trust + * and without any gaps so we can just subtract the minimum trust + * value to get an index into the table + */ + static X509_TRUST trstandard[] = { {X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL}, {X509_TRUST_SSL_CLIENT, 0, trust_1bit, "SSL Client", X509_TRUST_BIT_SSL_CLIENT, NULL}, {X509_TRUST_SSL_SERVER, 0, trust_1bit, "SSL Client", X509_TRUST_BIT_SSL_SERVER, NULL}, {X509_TRUST_EMAIL, 0, trust_1bit, "S/MIME email", X509_TRUST_BIT_EMAIL, NULL}, {X509_TRUST_OBJECT_SIGN, 0, trust_1bit, "Object Signing", X509_TRUST_BIT_OBJECT_SIGN, NULL}, -{0, 0, NULL, NULL, 0, NULL} }; +#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) + IMPLEMENT_STACK_OF(X509_TRUST) static STACK_OF(X509_TRUST) *trtable = NULL; static int tr_cmp(X509_TRUST **a, X509_TRUST **b) { - return (*a)->trust_id - (*b)->trust_id; + return (*a)->trust - (*b)->trust; } int X509_check_trust(X509 *x, int id, int flags) { - int idx; X509_TRUST *pt; + int idx; if(id == -1) return 1; - idx = X509_TRUST_get_by_id(id); - if(idx == -1) return -1; - pt = sk_X509_TRUST_value(trtable, idx); + if(!(idx = X509_TRUST_get_by_id(id))) return 0; + pt = X509_TRUST_iget(idx); return pt->check_trust(pt, x, flags); } int X509_TRUST_get_count(void) { - return sk_X509_TRUST_num(trtable); + if(!trtable) return X509_TRUST_COUNT; + return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT; } X509_TRUST * X509_TRUST_iget(int idx) { - return sk_X509_TRUST_value(trtable, idx); + if(idx < 0) return NULL; + if(idx < X509_TRUST_COUNT) return trstandard + idx; + return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); } int X509_TRUST_get_by_id(int id) { X509_TRUST tmp; - tmp.trust_id = id; + int idx; + if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) + return id - X509_TRUST_MIN; + tmp.trust = id; if(!trtable) return -1; - return sk_X509_TRUST_find(trtable, &tmp); + idx = sk_X509_TRUST_find(trtable, &tmp); + if(idx == -1) return -1; + return idx + X509_TRUST_COUNT; } -int X509_TRUST_add(X509_TRUST *xp) +int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), + char *name, int arg1, void *arg2) { int idx; - if(!trtable) - { - trtable = sk_X509_TRUST_new(tr_cmp); - if (!trtable) - { + X509_TRUST *trtmp; + /* This is set according to what we change: application can't set it */ + flags &= ~X509_TRUST_DYNAMIC; + /* This will always be set for application modified trust entries */ + flags |= X509_TRUST_DYNAMIC_NAME; + /* Get existing entry if any */ + idx = X509_TRUST_get_by_id(id); + /* Need a new entry */ + if(idx == -1) { + if(!(trtmp = Malloc(sizeof(X509_TRUST)))) { X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); return 0; - } } - - idx = X509_TRUST_get_by_id(xp->trust_id); - if(idx != -1) { - trtable_free(sk_X509_TRUST_value(trtable, idx)); - sk_X509_TRUST_set(trtable, idx, xp); - } else { - if (!sk_X509_TRUST_push(trtable, xp)) { + trtmp->flags = X509_TRUST_DYNAMIC; + } else trtmp = X509_TRUST_iget(idx); + + /* Free existing name if dynamic */ + if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name); + /* dup supplied name */ + if(!(trtmp->name = BUF_strdup(name))) { + X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + /* Keep the dynamic flag of existing entry */ + trtmp->flags &= X509_TRUST_DYNAMIC; + /* Set all other flags */ + trtmp->flags |= flags; + + trtmp->trust = id; + trtmp->check_trust = ck; + trtmp->arg1 = arg1; + trtmp->arg2 = arg2; + + /* If its a new entry manage the dynamic table */ + if(idx == -1) { + if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { + X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + if (!sk_X509_TRUST_push(trtable, trtmp)) { X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); return 0; } @@ -143,40 +181,35 @@ int X509_TRUST_add(X509_TRUST *xp) static void trtable_free(X509_TRUST *p) { if(!p) return; - if (p->trust_flags & X509_TRUST_DYNAMIC) + if (p->flags & X509_TRUST_DYNAMIC) { - if (p->trust_flags & X509_TRUST_DYNAMIC_NAME) - Free(p->trust_name); + if (p->flags & X509_TRUST_DYNAMIC_NAME) + Free(p->name); Free(p); } } void X509_TRUST_cleanup(void) { + int i; + for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i); sk_X509_TRUST_pop_free(trtable, trtable_free); trtable = NULL; } -void X509_TRUST_add_standard(void) -{ - X509_TRUST *xp; - for(xp = trstandard; xp->trust_name; xp++) - X509_TRUST_add(xp); -} - -int X509_TRUST_get_id(X509_TRUST *xp) +int X509_TRUST_get_flags(X509_TRUST *xp) { - return xp->trust_id; + return xp->flags; } char *X509_TRUST_iget_name(X509_TRUST *xp) { - return xp->trust_name; + return xp->name; } int X509_TRUST_get_trust(X509_TRUST *xp) { - return xp->trust_id; + return xp->trust; } static int trust_1bit(X509_TRUST *trust, X509 *x, int flags) diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index 100b08773c..52887986fe 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -265,24 +265,3 @@ int X509_EXTENSION_get_critical(X509_EXTENSION *ex) if (ex == NULL) return(0); return(ex->critical); } - -/* Initialisation routine: used to initialise the X509 and X509v3 tables */ - -static int init_done = 0; - -void X509_init(void) -{ - if(init_done) return; - X509V3_add_standard_extensions(); - X509_PURPOSE_add_standard(); - X509_TRUST_add_standard(); - init_done = 1; -} - -void X509_cleanup(void) -{ - X509V3_EXT_cleanup(); - X509_PURPOSE_cleanup(); - X509_TRUST_cleanup(); - init_done = 0; -} diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 83bd70e313..8cf90be132 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -339,7 +339,7 @@ v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index c81f9a18b0..801a585a52 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -91,7 +91,7 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_info, }; -/* Number of standard extensions: keep up to date */ +/* Number of standard extensions */ -#define STANDARD_EXTENSION_COUNT 22 +#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index e350c8158b..5e7b4c3ab9 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -82,9 +82,10 @@ static X509_PURPOSE xstandard[] = { {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL}, {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, {X509_PURPOSE_CRL_SIGN, X509_TRUST_ANY, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, - {-1, 0, 0, NULL, NULL, NULL, NULL} }; +#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) + IMPLEMENT_STACK_OF(X509_PURPOSE) static STACK_OF(X509_PURPOSE) *xptable = NULL; @@ -100,7 +101,6 @@ int X509_check_purpose(X509 *x, int id, int ca) X509_PURPOSE *pt; if(!(x->ex_flags & EXFLAG_SET)) { CRYPTO_w_lock(CRYPTO_LOCK_X509); - X509_init(); x509v3_cache_extensions(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); } @@ -108,25 +108,28 @@ int X509_check_purpose(X509 *x, int id, int ca) idx = X509_PURPOSE_get_by_id(id); if(idx == -1) return -1; pt = sk_X509_PURPOSE_value(xptable, idx); - return pt->check_purpose(pt, x,ca); + return pt->check_purpose(pt, x, ca); } int X509_PURPOSE_get_count(void) { - return sk_X509_PURPOSE_num(xptable); + if(!xptable) return X509_PURPOSE_COUNT; + return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; } X509_PURPOSE * X509_PURPOSE_iget(int idx) { - return sk_X509_PURPOSE_value(xptable, idx); + if(idx < 0) return NULL; + if(idx < X509_PURPOSE_COUNT) return xstandard + idx; + return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); } int X509_PURPOSE_get_by_sname(char *sname) { int i; X509_PURPOSE *xptmp; - for(i = 0; i < sk_X509_PURPOSE_num(xptable); i++) { - xptmp = sk_X509_PURPOSE_value(xptable, i); + for(i = 0; i < X509_PURPOSE_get_count(); i++) { + xptmp = X509_PURPOSE_iget(i); if(!strcmp(xptmp->sname, sname)) return i; } return -1; @@ -136,30 +139,66 @@ int X509_PURPOSE_get_by_sname(char *sname) int X509_PURPOSE_get_by_id(int purpose) { X509_PURPOSE tmp; + int idx; + if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) + return purpose - X509_PURPOSE_MIN; tmp.purpose = purpose; if(!xptable) return -1; - return sk_X509_PURPOSE_find(xptable, &tmp); + idx = sk_X509_PURPOSE_find(xptable, &tmp); + if(idx == -1) return -1; + return idx + X509_PURPOSE_COUNT; } -int X509_PURPOSE_add(X509_PURPOSE *xp) +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck)(X509_PURPOSE *, X509 *, int), + char *name, char *sname, void *arg) { int idx; - if(!xptable) - { - xptable = sk_X509_PURPOSE_new(xp_cmp); - if (!xptable) - { + X509_PURPOSE *ptmp; + /* This is set according to what we change: application can't set it */ + flags &= ~X509_PURPOSE_DYNAMIC; + /* This will always be set for application modified trust entries */ + flags |= X509_PURPOSE_DYNAMIC_NAME; + /* Get existing entry if any */ + idx = X509_PURPOSE_get_by_id(id); + /* Need a new entry */ + if(idx == -1) { + if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) { X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); return 0; - } } - - idx = X509_PURPOSE_get_by_id(xp->purpose); - if(idx != -1) { - xptable_free(sk_X509_PURPOSE_value(xptable, idx)); - sk_X509_PURPOSE_set(xptable, idx, xp); - } else { - if (!sk_X509_PURPOSE_push(xptable, xp)) { + ptmp->flags = X509_PURPOSE_DYNAMIC; + } else ptmp = X509_PURPOSE_iget(idx); + + /* Free existing name if dynamic */ + if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { + Free(ptmp->name); + Free(ptmp->sname); + } + /* dup supplied name */ + ptmp->name = BUF_strdup(name); + ptmp->sname = BUF_strdup(sname); + if(!ptmp->name || !ptmp->sname) { + X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + /* Keep the dynamic flag of existing entry */ + ptmp->flags &= X509_PURPOSE_DYNAMIC; + /* Set all other flags */ + ptmp->flags |= flags; + + ptmp->purpose = id; + ptmp->trust = trust; + ptmp->check_purpose = ck; + ptmp->usr_data = arg; + + /* If its a new entry manage the dynamic table */ + if(idx == -1) { + if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { + X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + if (!sk_X509_PURPOSE_push(xptable, ptmp)) { X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); return 0; } @@ -182,16 +221,12 @@ static void xptable_free(X509_PURPOSE *p) void X509_PURPOSE_cleanup(void) { + int i; sk_X509_PURPOSE_pop_free(xptable, xptable_free); + for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); xptable = NULL; } -void X509_PURPOSE_add_standard(void) -{ - X509_PURPOSE *xp; - for(xp = xstandard; xp->name; xp++) X509_PURPOSE_add(xp); -} - int X509_PURPOSE_get_id(X509_PURPOSE *xp) { return xp->purpose; diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index bee56ab2d2..5e988a98b8 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -345,6 +345,9 @@ typedef struct x509_purpose_st { #define X509_PURPOSE_SMIME_ENCRYPT 5 #define X509_PURPOSE_CRL_SIGN 6 +#define X509_PURPOSE_MIN 1 +#define X509_PURPOSE_MAX 6 + DECLARE_STACK_OF(X509_PURPOSE) void ERR_load_X509V3_strings(void); @@ -532,7 +535,9 @@ int X509_PURPOSE_get_count(void); X509_PURPOSE * X509_PURPOSE_iget(int idx); int X509_PURPOSE_get_by_sname(char *sname); int X509_PURPOSE_get_by_id(int id); -int X509_PURPOSE_add(X509_PURPOSE *xp); +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck)(X509_PURPOSE *, X509 *, int), + char *name, char *sname, void *arg); char *X509_PURPOSE_iget_name(X509_PURPOSE *xp); char *X509_PURPOSE_iget_sname(X509_PURPOSE *xp); int X509_PURPOSE_get_trust(X509_PURPOSE *xp); |