/src/boringssl/crypto/x509/x509_vpm.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project |
3 | | * 2004. |
4 | | */ |
5 | | /* ==================================================================== |
6 | | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. |
7 | | * |
8 | | * Redistribution and use in source and binary forms, with or without |
9 | | * modification, are permitted provided that the following conditions |
10 | | * are met: |
11 | | * |
12 | | * 1. Redistributions of source code must retain the above copyright |
13 | | * notice, this list of conditions and the following disclaimer. |
14 | | * |
15 | | * 2. Redistributions in binary form must reproduce the above copyright |
16 | | * notice, this list of conditions and the following disclaimer in |
17 | | * the documentation and/or other materials provided with the |
18 | | * distribution. |
19 | | * |
20 | | * 3. All advertising materials mentioning features or use of this |
21 | | * software must display the following acknowledgment: |
22 | | * "This product includes software developed by the OpenSSL Project |
23 | | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
24 | | * |
25 | | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
26 | | * endorse or promote products derived from this software without |
27 | | * prior written permission. For written permission, please contact |
28 | | * licensing@OpenSSL.org. |
29 | | * |
30 | | * 5. Products derived from this software may not be called "OpenSSL" |
31 | | * nor may "OpenSSL" appear in their names without prior written |
32 | | * permission of the OpenSSL Project. |
33 | | * |
34 | | * 6. Redistributions of any form whatsoever must retain the following |
35 | | * acknowledgment: |
36 | | * "This product includes software developed by the OpenSSL Project |
37 | | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
38 | | * |
39 | | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
40 | | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
41 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
42 | | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
43 | | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
44 | | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
45 | | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
46 | | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
47 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
48 | | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
49 | | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
50 | | * OF THE POSSIBILITY OF SUCH DAMAGE. |
51 | | * ==================================================================== |
52 | | * |
53 | | * This product includes cryptographic software written by Eric Young |
54 | | * (eay@cryptsoft.com). This product includes software written by Tim |
55 | | * Hudson (tjh@cryptsoft.com). */ |
56 | | |
57 | | #include <string.h> |
58 | | |
59 | | #include <openssl/mem.h> |
60 | | #include <openssl/obj.h> |
61 | | #include <openssl/stack.h> |
62 | | #include <openssl/x509.h> |
63 | | #include <openssl/x509v3.h> |
64 | | |
65 | | #include "../internal.h" |
66 | | #include "../x509v3/internal.h" |
67 | | #include "internal.h" |
68 | | |
69 | | |
70 | | // X509_VERIFY_PARAM functions |
71 | | |
72 | 0 | #define SET_HOST 0 |
73 | 0 | #define ADD_HOST 1 |
74 | | |
75 | 0 | static void str_free(char *s) { OPENSSL_free(s); } |
76 | | |
77 | 0 | #define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free) |
78 | | |
79 | | static int int_x509_param_set_hosts(X509_VERIFY_PARAM *param, int mode, |
80 | 0 | const char *name, size_t namelen) { |
81 | 0 | char *copy; |
82 | |
|
83 | 0 | if (name == NULL || namelen == 0) { |
84 | | // Unlike OpenSSL, we reject trying to set or add an empty name. |
85 | 0 | return 0; |
86 | 0 | } |
87 | | |
88 | | // Refuse names with embedded NUL bytes. |
89 | | // XXX: Do we need to push an error onto the error stack? |
90 | 0 | if (name && OPENSSL_memchr(name, '\0', namelen)) { |
91 | 0 | return 0; |
92 | 0 | } |
93 | | |
94 | 0 | if (mode == SET_HOST && param->hosts) { |
95 | 0 | string_stack_free(param->hosts); |
96 | 0 | param->hosts = NULL; |
97 | 0 | } |
98 | |
|
99 | 0 | copy = OPENSSL_strndup(name, namelen); |
100 | 0 | if (copy == NULL) { |
101 | 0 | return 0; |
102 | 0 | } |
103 | | |
104 | 0 | if (param->hosts == NULL && |
105 | 0 | (param->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { |
106 | 0 | OPENSSL_free(copy); |
107 | 0 | return 0; |
108 | 0 | } |
109 | | |
110 | 0 | if (!sk_OPENSSL_STRING_push(param->hosts, copy)) { |
111 | 0 | OPENSSL_free(copy); |
112 | 0 | if (sk_OPENSSL_STRING_num(param->hosts) == 0) { |
113 | 0 | sk_OPENSSL_STRING_free(param->hosts); |
114 | 0 | param->hosts = NULL; |
115 | 0 | } |
116 | 0 | return 0; |
117 | 0 | } |
118 | | |
119 | 0 | return 1; |
120 | 0 | } |
121 | | |
122 | 175k | static void x509_verify_param_zero(X509_VERIFY_PARAM *param) { |
123 | 175k | if (!param) { |
124 | 0 | return; |
125 | 0 | } |
126 | 175k | param->name = NULL; |
127 | 175k | param->purpose = 0; |
128 | 175k | param->trust = 0; |
129 | | // param->inh_flags = X509_VP_FLAG_DEFAULT; |
130 | 175k | param->inh_flags = 0; |
131 | 175k | param->flags = 0; |
132 | 175k | param->depth = -1; |
133 | 175k | if (param->policies) { |
134 | 0 | sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); |
135 | 0 | param->policies = NULL; |
136 | 0 | } |
137 | 175k | if (param->hosts) { |
138 | 0 | string_stack_free(param->hosts); |
139 | 0 | param->hosts = NULL; |
140 | 0 | } |
141 | 175k | if (param->peername) { |
142 | 0 | OPENSSL_free(param->peername); |
143 | 0 | param->peername = NULL; |
144 | 0 | } |
145 | 175k | if (param->email) { |
146 | 0 | OPENSSL_free(param->email); |
147 | 0 | param->email = NULL; |
148 | 0 | param->emaillen = 0; |
149 | 0 | } |
150 | 175k | if (param->ip) { |
151 | 0 | OPENSSL_free(param->ip); |
152 | 0 | param->ip = NULL; |
153 | 0 | param->iplen = 0; |
154 | 0 | } |
155 | 175k | param->poison = 0; |
156 | 175k | } |
157 | | |
158 | 87.7k | X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) { |
159 | 87.7k | X509_VERIFY_PARAM *param; |
160 | 87.7k | param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); |
161 | 87.7k | if (!param) { |
162 | 0 | return NULL; |
163 | 0 | } |
164 | 87.7k | OPENSSL_memset(param, 0, sizeof(X509_VERIFY_PARAM)); |
165 | 87.7k | x509_verify_param_zero(param); |
166 | 87.7k | return param; |
167 | 87.7k | } |
168 | | |
169 | 87.6k | void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) { |
170 | 87.6k | if (param == NULL) { |
171 | 0 | return; |
172 | 0 | } |
173 | 87.6k | x509_verify_param_zero(param); |
174 | 87.6k | OPENSSL_free(param); |
175 | 87.6k | } |
176 | | |
177 | | //- |
178 | | // This function determines how parameters are "inherited" from one structure |
179 | | // to another. There are several different ways this can happen. |
180 | | // |
181 | | // 1. If a child structure needs to have its values initialized from a parent |
182 | | // they are simply copied across. For example SSL_CTX copied to SSL. |
183 | | // 2. If the structure should take on values only if they are currently unset. |
184 | | // For example the values in an SSL structure will take appropriate value |
185 | | // for SSL servers or clients but only if the application has not set new |
186 | | // ones. |
187 | | // |
188 | | // The "inh_flags" field determines how this function behaves. |
189 | | // |
190 | | // Normally any values which are set in the default are not copied from the |
191 | | // destination and verify flags are ORed together. |
192 | | // |
193 | | // If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied |
194 | | // to the destination. Effectively the values in "to" become default values |
195 | | // which will be used only if nothing new is set in "from". |
196 | | // |
197 | | // If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether |
198 | | // they are set or not. Flags is still Ored though. |
199 | | // |
200 | | // If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead |
201 | | // of ORed. |
202 | | // |
203 | | // If X509_VP_FLAG_LOCKED is set then no values are copied. |
204 | | // |
205 | | // If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed |
206 | | // after the next call. |
207 | | |
208 | | // Macro to test if a field should be copied from src to dest |
209 | | |
210 | | #define test_x509_verify_param_copy(field, def) \ |
211 | 674k | (to_overwrite || \ |
212 | 674k | ((src->field != (def)) && (to_default || (dest->field == (def))))) |
213 | | |
214 | | // Macro to test and copy a field if necessary |
215 | | |
216 | | #define x509_verify_param_copy(field, def) \ |
217 | 289k | if (test_x509_verify_param_copy(field, def)) \ |
218 | 289k | dest->field = src->field |
219 | | |
220 | | int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, |
221 | 96.4k | const X509_VERIFY_PARAM *src) { |
222 | 96.4k | unsigned long inh_flags; |
223 | 96.4k | int to_default, to_overwrite; |
224 | 96.4k | if (!src) { |
225 | 0 | return 1; |
226 | 0 | } |
227 | 96.4k | inh_flags = dest->inh_flags | src->inh_flags; |
228 | | |
229 | 96.4k | if (inh_flags & X509_VP_FLAG_ONCE) { |
230 | 0 | dest->inh_flags = 0; |
231 | 0 | } |
232 | | |
233 | 96.4k | if (inh_flags & X509_VP_FLAG_LOCKED) { |
234 | 0 | return 1; |
235 | 0 | } |
236 | | |
237 | 96.4k | if (inh_flags & X509_VP_FLAG_DEFAULT) { |
238 | 6.17k | to_default = 1; |
239 | 90.2k | } else { |
240 | 90.2k | to_default = 0; |
241 | 90.2k | } |
242 | | |
243 | 96.4k | if (inh_flags & X509_VP_FLAG_OVERWRITE) { |
244 | 0 | to_overwrite = 1; |
245 | 96.4k | } else { |
246 | 96.4k | to_overwrite = 0; |
247 | 96.4k | } |
248 | | |
249 | 96.4k | x509_verify_param_copy(purpose, 0); |
250 | 96.4k | x509_verify_param_copy(trust, 0); |
251 | 96.4k | x509_verify_param_copy(depth, -1); |
252 | | |
253 | | // If overwrite or check time not set, copy across |
254 | | |
255 | 96.4k | if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) { |
256 | 96.4k | dest->check_time = src->check_time; |
257 | 96.4k | dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; |
258 | | // Don't need to copy flag: that is done below |
259 | 96.4k | } |
260 | | |
261 | 96.4k | if (inh_flags & X509_VP_FLAG_RESET_FLAGS) { |
262 | 0 | dest->flags = 0; |
263 | 0 | } |
264 | | |
265 | 96.4k | dest->flags |= src->flags; |
266 | | |
267 | 96.4k | if (test_x509_verify_param_copy(policies, NULL)) { |
268 | 0 | if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) { |
269 | 0 | return 0; |
270 | 0 | } |
271 | 0 | } |
272 | | |
273 | | // Copy the host flags if and only if we're copying the host list |
274 | 96.4k | if (test_x509_verify_param_copy(hosts, NULL)) { |
275 | 0 | if (dest->hosts) { |
276 | 0 | string_stack_free(dest->hosts); |
277 | 0 | dest->hosts = NULL; |
278 | 0 | } |
279 | 0 | if (src->hosts) { |
280 | 0 | dest->hosts = |
281 | 0 | sk_OPENSSL_STRING_deep_copy(src->hosts, OPENSSL_strdup, str_free); |
282 | 0 | if (dest->hosts == NULL) { |
283 | 0 | return 0; |
284 | 0 | } |
285 | 0 | dest->hostflags = src->hostflags; |
286 | 0 | } |
287 | 0 | } |
288 | | |
289 | 96.4k | if (test_x509_verify_param_copy(email, NULL)) { |
290 | 0 | if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen)) { |
291 | 0 | return 0; |
292 | 0 | } |
293 | 0 | } |
294 | | |
295 | 96.4k | if (test_x509_verify_param_copy(ip, NULL)) { |
296 | 0 | if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen)) { |
297 | 0 | return 0; |
298 | 0 | } |
299 | 0 | } |
300 | | |
301 | 96.4k | dest->poison = src->poison; |
302 | | |
303 | 96.4k | return 1; |
304 | 96.4k | } |
305 | | |
306 | | int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, |
307 | 6.17k | const X509_VERIFY_PARAM *from) { |
308 | 6.17k | unsigned long save_flags = to->inh_flags; |
309 | 6.17k | int ret; |
310 | 6.17k | to->inh_flags |= X509_VP_FLAG_DEFAULT; |
311 | 6.17k | ret = X509_VERIFY_PARAM_inherit(to, from); |
312 | 6.17k | to->inh_flags = save_flags; |
313 | 6.17k | return ret; |
314 | 6.17k | } |
315 | | |
316 | | static int int_x509_param_set1(char **pdest, size_t *pdestlen, const char *src, |
317 | 0 | size_t srclen) { |
318 | 0 | void *tmp; |
319 | 0 | if (src == NULL || srclen == 0) { |
320 | | // Unlike OpenSSL, we do not allow an empty string to disable previously |
321 | | // configured checks. |
322 | 0 | return 0; |
323 | 0 | } |
324 | | |
325 | 0 | tmp = OPENSSL_memdup(src, srclen); |
326 | 0 | if (!tmp) { |
327 | 0 | return 0; |
328 | 0 | } |
329 | | |
330 | 0 | if (*pdest) { |
331 | 0 | OPENSSL_free(*pdest); |
332 | 0 | } |
333 | 0 | *pdest = tmp; |
334 | 0 | if (pdestlen) { |
335 | 0 | *pdestlen = srclen; |
336 | 0 | } |
337 | 0 | return 1; |
338 | 0 | } |
339 | | |
340 | 0 | int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) { |
341 | 0 | if (param->name) { |
342 | 0 | OPENSSL_free(param->name); |
343 | 0 | } |
344 | 0 | param->name = OPENSSL_strdup(name); |
345 | 0 | if (param->name) { |
346 | 0 | return 1; |
347 | 0 | } |
348 | 0 | return 0; |
349 | 0 | } |
350 | | |
351 | 0 | int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) { |
352 | 0 | param->flags |= flags; |
353 | 0 | return 1; |
354 | 0 | } |
355 | | |
356 | | int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, |
357 | 0 | unsigned long flags) { |
358 | 0 | param->flags &= ~flags; |
359 | 0 | return 1; |
360 | 0 | } |
361 | | |
362 | 0 | unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) { |
363 | 0 | return param->flags; |
364 | 0 | } |
365 | | |
366 | 0 | int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) { |
367 | 0 | return X509_PURPOSE_set(¶m->purpose, purpose); |
368 | 0 | } |
369 | | |
370 | 0 | int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) { |
371 | 0 | return X509_TRUST_set(¶m->trust, trust); |
372 | 0 | } |
373 | | |
374 | 0 | void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) { |
375 | 0 | param->depth = depth; |
376 | 0 | } |
377 | | |
378 | 0 | void X509_VERIFY_PARAM_set_time_posix(X509_VERIFY_PARAM *param, int64_t t) { |
379 | 0 | param->check_time = t; |
380 | 0 | param->flags |= X509_V_FLAG_USE_CHECK_TIME; |
381 | 0 | } |
382 | | |
383 | 0 | void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) { |
384 | 0 | X509_VERIFY_PARAM_set_time_posix(param, t); |
385 | 0 | } |
386 | | |
387 | | int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, |
388 | 0 | ASN1_OBJECT *policy) { |
389 | 0 | if (!param->policies) { |
390 | 0 | param->policies = sk_ASN1_OBJECT_new_null(); |
391 | 0 | if (!param->policies) { |
392 | 0 | return 0; |
393 | 0 | } |
394 | 0 | } |
395 | 0 | if (!sk_ASN1_OBJECT_push(param->policies, policy)) { |
396 | 0 | return 0; |
397 | 0 | } |
398 | 0 | return 1; |
399 | 0 | } |
400 | | |
401 | | int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, |
402 | 0 | const STACK_OF(ASN1_OBJECT) *policies) { |
403 | 0 | if (!param) { |
404 | 0 | return 0; |
405 | 0 | } |
406 | | |
407 | 0 | sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); |
408 | 0 | if (!policies) { |
409 | 0 | param->policies = NULL; |
410 | 0 | return 1; |
411 | 0 | } |
412 | | |
413 | 0 | param->policies = |
414 | 0 | sk_ASN1_OBJECT_deep_copy(policies, OBJ_dup, ASN1_OBJECT_free); |
415 | 0 | if (!param->policies) { |
416 | 0 | return 0; |
417 | 0 | } |
418 | | |
419 | 0 | return 1; |
420 | 0 | } |
421 | | |
422 | | int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name, |
423 | 0 | size_t namelen) { |
424 | 0 | if (!int_x509_param_set_hosts(param, SET_HOST, name, namelen)) { |
425 | 0 | param->poison = 1; |
426 | 0 | return 0; |
427 | 0 | } |
428 | 0 | return 1; |
429 | 0 | } |
430 | | |
431 | | int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name, |
432 | 0 | size_t namelen) { |
433 | 0 | if (!int_x509_param_set_hosts(param, ADD_HOST, name, namelen)) { |
434 | 0 | param->poison = 1; |
435 | 0 | return 0; |
436 | 0 | } |
437 | 0 | return 1; |
438 | 0 | } |
439 | | |
440 | | void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, |
441 | 0 | unsigned int flags) { |
442 | 0 | param->hostflags = flags; |
443 | 0 | } |
444 | | |
445 | 0 | char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) { |
446 | 0 | return param->peername; |
447 | 0 | } |
448 | | |
449 | | int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, |
450 | 0 | size_t emaillen) { |
451 | 0 | if (OPENSSL_memchr(email, '\0', emaillen) != NULL || |
452 | 0 | !int_x509_param_set1(¶m->email, ¶m->emaillen, email, emaillen)) { |
453 | 0 | param->poison = 1; |
454 | 0 | return 0; |
455 | 0 | } |
456 | | |
457 | 0 | return 1; |
458 | 0 | } |
459 | | |
460 | | int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, |
461 | 0 | size_t iplen) { |
462 | 0 | if ((iplen != 4 && iplen != 16) || |
463 | 0 | !int_x509_param_set1((char **)¶m->ip, ¶m->iplen, (char *)ip, |
464 | 0 | iplen)) { |
465 | 0 | param->poison = 1; |
466 | 0 | return 0; |
467 | 0 | } |
468 | | |
469 | 0 | return 1; |
470 | 0 | } |
471 | | |
472 | 0 | int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) { |
473 | 0 | unsigned char ipout[16]; |
474 | 0 | size_t iplen; |
475 | |
|
476 | 0 | iplen = (size_t)x509v3_a2i_ipadd(ipout, ipasc); |
477 | 0 | if (iplen == 0) { |
478 | 0 | return 0; |
479 | 0 | } |
480 | 0 | return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen); |
481 | 0 | } |
482 | | |
483 | 0 | int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) { |
484 | 0 | return param->depth; |
485 | 0 | } |
486 | | |
487 | 0 | const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) { |
488 | 0 | return param->name; |
489 | 0 | } |
490 | | |
491 | | #define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0, 0 |
492 | | |
493 | | // Default verify parameters: these are used for various applications and can |
494 | | // be overridden by the user specified table. NB: the 'name' field *must* be |
495 | | // in alphabetical order because it will be searched using OBJ_search. |
496 | | |
497 | | static const X509_VERIFY_PARAM default_table[] = { |
498 | | {(char *)"default", // X509 default parameters |
499 | | 0, // Check time |
500 | | 0, // internal flags |
501 | | X509_V_FLAG_TRUSTED_FIRST, // flags |
502 | | 0, // purpose |
503 | | 0, // trust |
504 | | 100, // depth |
505 | | NULL, // policies |
506 | | vpm_empty_id}, |
507 | | {(char *)"pkcs7", // S/MIME sign parameters |
508 | | 0, // Check time |
509 | | 0, // internal flags |
510 | | 0, // flags |
511 | | X509_PURPOSE_SMIME_SIGN, // purpose |
512 | | X509_TRUST_EMAIL, // trust |
513 | | -1, // depth |
514 | | NULL, // policies |
515 | | vpm_empty_id}, |
516 | | {(char *)"smime_sign", // S/MIME sign parameters |
517 | | 0, // Check time |
518 | | 0, // internal flags |
519 | | 0, // flags |
520 | | X509_PURPOSE_SMIME_SIGN, // purpose |
521 | | X509_TRUST_EMAIL, // trust |
522 | | -1, // depth |
523 | | NULL, // policies |
524 | | vpm_empty_id}, |
525 | | {(char *)"ssl_client", // SSL/TLS client parameters |
526 | | 0, // Check time |
527 | | 0, // internal flags |
528 | | 0, // flags |
529 | | X509_PURPOSE_SSL_CLIENT, // purpose |
530 | | X509_TRUST_SSL_CLIENT, // trust |
531 | | -1, // depth |
532 | | NULL, // policies |
533 | | vpm_empty_id}, |
534 | | {(char *)"ssl_server", // SSL/TLS server parameters |
535 | | 0, // Check time |
536 | | 0, // internal flags |
537 | | 0, // flags |
538 | | X509_PURPOSE_SSL_SERVER, // purpose |
539 | | X509_TRUST_SSL_SERVER, // trust |
540 | | -1, // depth |
541 | | NULL, // policies |
542 | | vpm_empty_id}}; |
543 | | |
544 | 12.3k | const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) { |
545 | 35.5k | for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(default_table); i++) { |
546 | 35.5k | if (strcmp(default_table[i].name, name) == 0) { |
547 | 12.3k | return &default_table[i]; |
548 | 12.3k | } |
549 | 35.5k | } |
550 | 0 | return NULL; |
551 | 12.3k | } |