Coverage Report

Created: 2023-06-08 06:41

/src/openssl30/crypto/x509/x509_vpm.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include <stdio.h>
11
12
#include "internal/cryptlib.h"
13
#include <openssl/crypto.h>
14
#include <openssl/buffer.h>
15
#include <openssl/x509.h>
16
#include <openssl/x509v3.h>
17
#include "crypto/x509.h"
18
19
#include "x509_local.h"
20
21
/* X509_VERIFY_PARAM functions */
22
23
0
#define SET_HOST 0
24
0
#define ADD_HOST 1
25
26
static char *str_copy(const char *s)
27
0
{
28
0
    return OPENSSL_strdup(s);
29
0
}
30
31
static void str_free(char *s)
32
0
{
33
0
    OPENSSL_free(s);
34
0
}
35
36
static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
37
                                    const char *name, size_t namelen)
38
0
{
39
0
    char *copy;
40
41
    /*
42
     * Refuse names with embedded NUL bytes, except perhaps as final byte.
43
     * XXX: Do we need to push an error onto the error stack?
44
     */
45
0
    if (namelen == 0 || name == NULL)
46
0
        namelen = name ? strlen(name) : 0;
47
0
    else if (name != NULL
48
0
             && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen) != NULL)
49
0
        return 0;
50
0
    if (namelen > 0 && name[namelen - 1] == '\0')
51
0
        --namelen;
52
53
0
    if (mode == SET_HOST) {
54
0
        sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free);
55
0
        vpm->hosts = NULL;
56
0
    }
57
0
    if (name == NULL || namelen == 0)
58
0
        return 1;
59
60
0
    copy = OPENSSL_strndup(name, namelen);
61
0
    if (copy == NULL)
62
0
        return 0;
63
64
0
    if (vpm->hosts == NULL &&
65
0
        (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
66
0
        OPENSSL_free(copy);
67
0
        return 0;
68
0
    }
69
70
0
    if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) {
71
0
        OPENSSL_free(copy);
72
0
        if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) {
73
0
            sk_OPENSSL_STRING_free(vpm->hosts);
74
0
            vpm->hosts = NULL;
75
0
        }
76
0
        return 0;
77
0
    }
78
79
0
    return 1;
80
0
}
81
82
X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
83
23.8k
{
84
23.8k
    X509_VERIFY_PARAM *param;
85
86
23.8k
    param = OPENSSL_zalloc(sizeof(*param));
87
23.8k
    if (param == NULL) {
88
0
        ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
89
0
        return NULL;
90
0
    }
91
23.8k
    param->trust = X509_TRUST_DEFAULT;
92
    /* param->inh_flags = X509_VP_FLAG_DEFAULT; */
93
23.8k
    param->depth = -1;
94
23.8k
    param->auth_level = -1; /* -1 means unset, 0 is explicit */
95
23.8k
    return param;
96
23.8k
}
97
98
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
99
23.8k
{
100
23.8k
    if (param == NULL)
101
0
        return;
102
23.8k
    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
103
23.8k
    sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
104
23.8k
    OPENSSL_free(param->peername);
105
23.8k
    OPENSSL_free(param->email);
106
23.8k
    OPENSSL_free(param->ip);
107
23.8k
    OPENSSL_free(param);
108
23.8k
}
109
110
/*-
111
 * This function determines how parameters are "inherited" from one structure
112
 * to another. There are several different ways this can happen.
113
 *
114
 * 1. If a child structure needs to have its values initialized from a parent
115
 *    they are simply copied across. For example SSL_CTX copied to SSL.
116
 * 2. If the structure should take on values only if they are currently unset.
117
 *    For example the values in an SSL structure will take appropriate value
118
 *    for SSL servers or clients but only if the application has not set new
119
 *    ones.
120
 *
121
 * The "inh_flags" field determines how this function behaves.
122
 *
123
 * Normally any values which are set in the default are not copied from the
124
 * destination and verify flags are ORed together.
125
 *
126
 * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
127
 * to the destination. Effectively the values in "to" become default values
128
 * which will be used only if nothing new is set in "from".
129
 *
130
 * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
131
 * they are set or not. Flags is still Ored though.
132
 *
133
 * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
134
 * of ORed.
135
 *
136
 * If X509_VP_FLAG_LOCKED is set then no values are copied.
137
 *
138
 * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
139
 * after the next call.
140
 */
141
142
/* Macro to test if a field should be copied from src to dest */
143
144
#define test_x509_verify_param_copy(field, def) \
145
145k
    (to_overwrite || (src->field != def && (to_default || dest->field == def)))
146
147
/* Macro to test and copy a field if necessary */
148
149
#define x509_verify_param_copy(field, def) \
150
80.8k
    if (test_x509_verify_param_copy(field, def)) \
151
80.8k
        dest->field = src->field;
152
153
int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
154
                              const X509_VERIFY_PARAM *src)
155
16.1k
{
156
16.1k
    unsigned long inh_flags;
157
16.1k
    int to_default, to_overwrite;
158
159
16.1k
    if (src == NULL)
160
0
        return 1;
161
16.1k
    inh_flags = dest->inh_flags | src->inh_flags;
162
163
16.1k
    if ((inh_flags & X509_VP_FLAG_ONCE) != 0)
164
0
        dest->inh_flags = 0;
165
166
16.1k
    if ((inh_flags & X509_VP_FLAG_LOCKED) != 0)
167
0
        return 1;
168
169
16.1k
    to_default = (inh_flags & X509_VP_FLAG_DEFAULT) != 0;
170
16.1k
    to_overwrite = (inh_flags & X509_VP_FLAG_OVERWRITE) != 0;
171
172
16.1k
    x509_verify_param_copy(purpose, 0);
173
16.1k
    x509_verify_param_copy(trust, X509_TRUST_DEFAULT);
174
16.1k
    x509_verify_param_copy(depth, -1);
175
16.1k
    x509_verify_param_copy(auth_level, -1);
176
177
    /* If overwrite or check time not set, copy across */
178
179
16.1k
    if (to_overwrite || (dest->flags & X509_V_FLAG_USE_CHECK_TIME) == 0) {
180
16.1k
        dest->check_time = src->check_time;
181
16.1k
        dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
182
        /* Don't need to copy flag: that is done below */
183
16.1k
    }
184
185
16.1k
    if ((inh_flags & X509_VP_FLAG_RESET_FLAGS) != 0)
186
0
        dest->flags = 0;
187
188
16.1k
    dest->flags |= src->flags;
189
190
16.1k
    if (test_x509_verify_param_copy(policies, NULL)) {
191
0
        if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
192
0
            return 0;
193
0
    }
194
195
16.1k
    x509_verify_param_copy(hostflags, 0);
196
197
16.1k
    if (test_x509_verify_param_copy(hosts, NULL)) {
198
0
        sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
199
0
        dest->hosts = NULL;
200
0
        if (src->hosts != NULL) {
201
0
            dest->hosts =
202
0
                sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
203
0
            if (dest->hosts == NULL)
204
0
                return 0;
205
0
        }
206
0
    }
207
208
16.1k
    if (test_x509_verify_param_copy(email, NULL)) {
209
0
        if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
210
0
            return 0;
211
0
    }
212
213
16.1k
    if (test_x509_verify_param_copy(ip, NULL)) {
214
0
        if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
215
0
            return 0;
216
0
    }
217
218
16.1k
    return 1;
219
16.1k
}
220
221
int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
222
                           const X509_VERIFY_PARAM *from)
223
2.24k
{
224
2.24k
    unsigned long save_flags;
225
2.24k
    int ret;
226
227
2.24k
    if (to == NULL) {
228
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
229
0
        return 0;
230
0
    }
231
2.24k
    save_flags = to->inh_flags;
232
2.24k
    to->inh_flags |= X509_VP_FLAG_DEFAULT;
233
2.24k
    ret = X509_VERIFY_PARAM_inherit(to, from);
234
2.24k
    to->inh_flags = save_flags;
235
2.24k
    return ret;
236
2.24k
}
237
238
static int int_x509_param_set1(char **pdest, size_t *pdestlen,
239
                               const char *src, size_t srclen)
240
0
{
241
0
    char *tmp;
242
243
0
    if (src != NULL) {
244
0
        if (srclen == 0)
245
0
            srclen = strlen(src);
246
247
0
        tmp = OPENSSL_malloc(srclen + 1);
248
0
        if (tmp == NULL)
249
0
            return 0;
250
0
        memcpy(tmp, src, srclen);
251
0
        tmp[srclen] = '\0'; /* enforce NUL termination */
252
0
    } else {
253
0
        tmp = NULL;
254
0
        srclen = 0;
255
0
    }
256
0
    OPENSSL_free(*pdest);
257
0
    *pdest = tmp;
258
0
    if (pdestlen != NULL)
259
0
        *pdestlen = srclen;
260
0
    return 1;
261
0
}
262
263
int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
264
0
{
265
0
    OPENSSL_free(param->name);
266
0
    param->name = OPENSSL_strdup(name);
267
0
    return param->name != NULL;
268
0
}
269
270
int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
271
2.24k
{
272
2.24k
    param->flags |= flags;
273
2.24k
    if ((flags & X509_V_FLAG_POLICY_MASK) != 0)
274
0
        param->flags |= X509_V_FLAG_POLICY_CHECK;
275
2.24k
    return 1;
276
2.24k
}
277
278
int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
279
                                  unsigned long flags)
280
0
{
281
0
    param->flags &= ~flags;
282
0
    return 1;
283
0
}
284
285
unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param)
286
0
{
287
0
    return param->flags;
288
0
}
289
290
uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param)
291
0
{
292
0
    return param->inh_flags;
293
0
}
294
295
int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags)
296
0
{
297
0
    param->inh_flags = flags;
298
0
    return 1;
299
0
}
300
301
int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
302
0
{
303
0
    return X509_PURPOSE_set(&param->purpose, purpose);
304
0
}
305
306
int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
307
0
{
308
0
    return X509_TRUST_set(&param->trust, trust);
309
0
}
310
311
void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
312
0
{
313
0
    param->depth = depth;
314
0
}
315
316
void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level)
317
2.24k
{
318
2.24k
    param->auth_level = auth_level;
319
2.24k
}
320
321
time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param)
322
0
{
323
0
    return param->check_time;
324
0
}
325
326
void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
327
0
{
328
0
    param->check_time = t;
329
0
    param->flags |= X509_V_FLAG_USE_CHECK_TIME;
330
0
}
331
332
int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
333
                                  ASN1_OBJECT *policy)
334
0
{
335
0
    if (param->policies == NULL) {
336
0
        param->policies = sk_ASN1_OBJECT_new_null();
337
0
        if (param->policies == NULL)
338
0
            return 0;
339
0
    }
340
0
    return sk_ASN1_OBJECT_push(param->policies, policy);
341
0
}
342
343
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
344
                                    STACK_OF(ASN1_OBJECT) *policies)
345
0
{
346
0
    int i;
347
0
    ASN1_OBJECT *oid, *doid;
348
349
0
    if (param == NULL) {
350
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
351
0
        return 0;
352
0
    }
353
0
    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
354
355
0
    if (policies == NULL) {
356
0
        param->policies = NULL;
357
0
        return 1;
358
0
    }
359
360
0
    param->policies = sk_ASN1_OBJECT_new_null();
361
0
    if (param->policies == NULL)
362
0
        return 0;
363
364
0
    for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
365
0
        oid = sk_ASN1_OBJECT_value(policies, i);
366
0
        doid = OBJ_dup(oid);
367
0
        if (doid == NULL)
368
0
            return 0;
369
0
        if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
370
0
            ASN1_OBJECT_free(doid);
371
0
            return 0;
372
0
        }
373
0
    }
374
0
    param->flags |= X509_V_FLAG_POLICY_CHECK;
375
0
    return 1;
376
0
}
377
378
char *X509_VERIFY_PARAM_get0_host(X509_VERIFY_PARAM *param, int idx)
379
0
{
380
0
    return sk_OPENSSL_STRING_value(param->hosts, idx);
381
0
}
382
383
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
384
                                const char *name, size_t namelen)
385
0
{
386
0
    return int_x509_param_set_hosts(param, SET_HOST, name, namelen);
387
0
}
388
389
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
390
                                const char *name, size_t namelen)
391
0
{
392
0
    return int_x509_param_set_hosts(param, ADD_HOST, name, namelen);
393
0
}
394
395
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
396
                                     unsigned int flags)
397
0
{
398
0
    param->hostflags = flags;
399
0
}
400
401
unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param)
402
0
{
403
0
    return param->hostflags;
404
0
}
405
406
char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param)
407
0
{
408
0
    return param->peername;
409
0
}
410
411
/*
412
 * Move peername from one param structure to another, freeing any name present
413
 * at the target.  If the source is a NULL parameter structure, free and zero
414
 * the target peername.
415
 */
416
void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to,
417
                                     X509_VERIFY_PARAM *from)
418
16.6k
{
419
16.6k
    char *peername = (from != NULL) ? from->peername : NULL;
420
421
16.6k
    if (to->peername != peername) {
422
0
        OPENSSL_free(to->peername);
423
0
        to->peername = peername;
424
0
    }
425
16.6k
    if (from != NULL)
426
2.24k
        from->peername = NULL;
427
16.6k
}
428
429
char *X509_VERIFY_PARAM_get0_email(X509_VERIFY_PARAM *param)
430
0
{
431
0
    return param->email;
432
0
}
433
434
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
435
                                 const char *email, size_t emaillen)
436
0
{
437
0
    return int_x509_param_set1(&param->email, &param->emaillen,
438
0
                               email, emaillen);
439
0
}
440
441
static unsigned char
442
*int_X509_VERIFY_PARAM_get0_ip(X509_VERIFY_PARAM *param, size_t *plen)
443
0
{
444
0
    if (param == NULL || param->ip == NULL) {
445
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
446
0
        return NULL;
447
0
    }
448
0
    if (plen != NULL)
449
0
        *plen = param->iplen;
450
0
    return param->ip;
451
0
}
452
453
char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param)
454
0
{
455
0
    size_t iplen;
456
0
    unsigned char *ip = int_X509_VERIFY_PARAM_get0_ip(param, &iplen);
457
458
0
    return ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, iplen);
459
0
}
460
461
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
462
                              const unsigned char *ip, size_t iplen)
463
0
{
464
0
    if (iplen != 0 && iplen != 4 && iplen != 16) {
465
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
466
0
        return 0;
467
0
    }
468
0
    return int_x509_param_set1((char **)&param->ip, &param->iplen,
469
0
                               (char *)ip, iplen);
470
0
}
471
472
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
473
0
{
474
0
    unsigned char ipout[16];
475
0
    size_t iplen = (size_t)ossl_a2i_ipadd(ipout, ipasc);
476
477
0
    if (iplen == 0)
478
0
        return 0;
479
0
    return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
480
0
}
481
482
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
483
0
{
484
0
    return param->depth;
485
0
}
486
487
int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param)
488
0
{
489
0
    return param->auth_level;
490
0
}
491
492
const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
493
0
{
494
0
    return param->name;
495
0
}
496
497
#define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0
498
499
/*
500
 * Default verify parameters: these are used for various applications and can
501
 * be overridden by the user specified table. NB: the 'name' field *must* be
502
 * in alphabetical order because it will be searched using OBJ_search.
503
 */
504
505
static const X509_VERIFY_PARAM default_table[] = {
506
    {
507
     "default",                 /* X509 default parameters */
508
     0,                         /* check time to use */
509
     0,                         /* inheritance flags */
510
     X509_V_FLAG_TRUSTED_FIRST, /* flags */
511
     0,                         /* purpose */
512
     0,                         /* trust */
513
     100,                       /* depth */
514
     -1,                        /* auth_level */
515
     NULL,                      /* policies */
516
     vpm_empty_id},
517
    {
518
     "pkcs7",                   /* S/MIME sign parameters */
519
     0,                         /* check time to use */
520
     0,                         /* inheritance flags */
521
     0,                         /* flags */
522
     X509_PURPOSE_SMIME_SIGN,   /* purpose */
523
     X509_TRUST_EMAIL,          /* trust */
524
     -1,                        /* depth */
525
     -1,                        /* auth_level */
526
     NULL,                      /* policies */
527
     vpm_empty_id},
528
    {
529
     "smime_sign",              /* S/MIME sign parameters */
530
     0,                         /* check time to use */
531
     0,                         /* inheritance flags */
532
     0,                         /* flags */
533
     X509_PURPOSE_SMIME_SIGN,   /* purpose */
534
     X509_TRUST_EMAIL,          /* trust */
535
     -1,                        /* depth */
536
     -1,                        /* auth_level */
537
     NULL,                      /* policies */
538
     vpm_empty_id},
539
    {
540
     "ssl_client",              /* SSL/TLS client parameters */
541
     0,                         /* check time to use */
542
     0,                         /* inheritance flags */
543
     0,                         /* flags */
544
     X509_PURPOSE_SSL_CLIENT,   /* purpose */
545
     X509_TRUST_SSL_CLIENT,     /* trust */
546
     -1,                        /* depth */
547
     -1,                        /* auth_level */
548
     NULL,                      /* policies */
549
     vpm_empty_id},
550
    {
551
     "ssl_server",              /* SSL/TLS server parameters */
552
     0,                         /* check time to use */
553
     0,                         /* inheritance flags */
554
     0,                         /* flags */
555
     X509_PURPOSE_SSL_SERVER,   /* purpose */
556
     X509_TRUST_SSL_SERVER,     /* trust */
557
     -1,                        /* depth */
558
     -1,                        /* auth_level */
559
     NULL,                      /* policies */
560
     vpm_empty_id}
561
};
562
563
static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
564
565
static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
566
11.2k
{
567
11.2k
    return strcmp(a->name, b->name);
568
11.2k
}
569
570
DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
571
IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
572
573
static int param_cmp(const X509_VERIFY_PARAM *const *a,
574
                     const X509_VERIFY_PARAM *const *b)
575
0
{
576
0
    return strcmp((*a)->name, (*b)->name);
577
0
}
578
579
int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
580
0
{
581
0
    int idx;
582
0
    X509_VERIFY_PARAM *ptmp;
583
584
0
    if (param_table == NULL) {
585
0
        param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
586
0
        if (param_table == NULL)
587
0
            return 0;
588
0
    } else {
589
0
        idx = sk_X509_VERIFY_PARAM_find(param_table, param);
590
0
        if (idx >= 0) {
591
0
            ptmp = sk_X509_VERIFY_PARAM_delete(param_table, idx);
592
0
            X509_VERIFY_PARAM_free(ptmp);
593
0
        }
594
0
    }
595
0
    return sk_X509_VERIFY_PARAM_push(param_table, param);
596
0
}
597
598
int X509_VERIFY_PARAM_get_count(void)
599
0
{
600
0
    int num = OSSL_NELEM(default_table);
601
602
0
    if (param_table != NULL)
603
0
        num += sk_X509_VERIFY_PARAM_num(param_table);
604
0
    return num;
605
0
}
606
607
const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
608
0
{
609
0
    int num = OSSL_NELEM(default_table);
610
611
0
    if (id < num)
612
0
        return default_table + id;
613
0
    return sk_X509_VERIFY_PARAM_value(param_table, id - num);
614
0
}
615
616
const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
617
4.48k
{
618
4.48k
    int idx;
619
4.48k
    X509_VERIFY_PARAM pm;
620
621
4.48k
    pm.name = (char *)name;
622
4.48k
    if (param_table != NULL) {
623
0
        idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
624
0
        if (idx >= 0)
625
0
            return sk_X509_VERIFY_PARAM_value(param_table, idx);
626
0
    }
627
4.48k
    return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table));
628
4.48k
}
629
630
void X509_VERIFY_PARAM_table_cleanup(void)
631
0
{
632
0
    sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
633
0
    param_table = NULL;
634
0
}