Coverage Report

Created: 2025-06-13 06:57

/src/openssl/crypto/x509/x509_vpm.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 2004-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include <stdio.h>
11
12
#include "internal/cryptlib.h"
13
#include <openssl/crypto.h>
14
#include <openssl/buffer.h>
15
#include <openssl/x509.h>
16
#include <openssl/x509v3.h>
17
#include "crypto/x509.h"
18
19
#include "x509_local.h"
20
21
/* X509_VERIFY_PARAM functions */
22
23
0
#define SET_HOST 0
24
0
#define ADD_HOST 1
25
26
static char *str_copy(const char *s)
27
0
{
28
0
    return OPENSSL_strdup(s);
29
0
}
30
31
static void str_free(char *s)
32
0
{
33
0
    OPENSSL_free(s);
34
0
}
35
36
static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
37
                                    const char *name, size_t namelen)
38
0
{
39
0
    char *copy;
40
41
    /*
42
     * Refuse names with embedded NUL bytes, except perhaps as final byte.
43
     * XXX: Do we need to push an error onto the error stack?
44
     */
45
0
    if (namelen == 0 || name == NULL)
46
0
        namelen = name ? strlen(name) : 0;
47
0
    else if (name != NULL
48
0
             && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen) != NULL)
49
0
        return 0;
50
0
    if (namelen > 0 && name[namelen - 1] == '\0')
51
0
        --namelen;
52
53
0
    if (mode == SET_HOST) {
54
0
        sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free);
55
0
        vpm->hosts = NULL;
56
0
    }
57
0
    if (name == NULL || namelen == 0)
58
0
        return 1;
59
60
0
    copy = OPENSSL_strndup(name, namelen);
61
0
    if (copy == NULL)
62
0
        return 0;
63
64
0
    if (vpm->hosts == NULL &&
65
0
        (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
66
0
        OPENSSL_free(copy);
67
0
        return 0;
68
0
    }
69
70
0
    if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) {
71
0
        OPENSSL_free(copy);
72
0
        if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) {
73
0
            sk_OPENSSL_STRING_free(vpm->hosts);
74
0
            vpm->hosts = NULL;
75
0
        }
76
0
        return 0;
77
0
    }
78
79
0
    return 1;
80
0
}
81
82
X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
83
0
{
84
0
    X509_VERIFY_PARAM *param;
85
86
0
    param = OPENSSL_zalloc(sizeof(*param));
87
0
    if (param == NULL)
88
0
        return NULL;
89
0
    param->trust = X509_TRUST_DEFAULT;
90
    /* param->inh_flags = X509_VP_FLAG_DEFAULT; */
91
0
    param->depth = -1;
92
0
    param->auth_level = -1; /* -1 means unset, 0 is explicit */
93
0
    return param;
94
0
}
95
96
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
97
0
{
98
0
    if (param == NULL)
99
0
        return;
100
0
    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
101
0
    sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
102
0
    OPENSSL_free(param->peername);
103
0
    OPENSSL_free(param->email);
104
0
    OPENSSL_free(param->ip);
105
0
    OPENSSL_free(param);
106
0
}
107
108
/*-
109
 * This function determines how parameters are "inherited" from one structure
110
 * to another. There are several different ways this can happen.
111
 *
112
 * 1. If a child structure needs to have its values initialized from a parent
113
 *    they are simply copied across. For example SSL_CTX copied to SSL.
114
 * 2. If the structure should take on values only if they are currently unset.
115
 *    For example the values in an SSL structure will take appropriate value
116
 *    for SSL servers or clients but only if the application has not set new
117
 *    ones.
118
 *
119
 * The "inh_flags" field determines how this function behaves.
120
 *
121
 * Normally any values which are set in the default are not copied from the
122
 * destination and verify flags are ORed together.
123
 *
124
 * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
125
 * to the destination. Effectively the values in "to" become default values
126
 * which will be used only if nothing new is set in "from".
127
 *
128
 * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
129
 * they are set or not. Flags is still Ored though.
130
 *
131
 * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
132
 * of ORed.
133
 *
134
 * If X509_VP_FLAG_LOCKED is set then no values are copied.
135
 *
136
 * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
137
 * after the next call.
138
 */
139
140
/* Macro to test if a field should be copied from src to dest */
141
142
#define test_x509_verify_param_copy(field, def) \
143
0
    (to_overwrite || (src->field != def && (to_default || dest->field == def)))
144
145
/* Macro to test and copy a field if necessary */
146
147
#define x509_verify_param_copy(field, def) \
148
0
    if (test_x509_verify_param_copy(field, def)) \
149
0
        dest->field = src->field;
150
151
int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
152
                              const X509_VERIFY_PARAM *src)
153
0
{
154
0
    unsigned long inh_flags;
155
0
    int to_default, to_overwrite;
156
157
0
    if (src == NULL)
158
0
        return 1;
159
0
    inh_flags = dest->inh_flags | src->inh_flags;
160
161
0
    if ((inh_flags & X509_VP_FLAG_ONCE) != 0)
162
0
        dest->inh_flags = 0;
163
164
0
    if ((inh_flags & X509_VP_FLAG_LOCKED) != 0)
165
0
        return 1;
166
167
0
    to_default = (inh_flags & X509_VP_FLAG_DEFAULT) != 0;
168
0
    to_overwrite = (inh_flags & X509_VP_FLAG_OVERWRITE) != 0;
169
170
0
    x509_verify_param_copy(purpose, 0);
171
0
    x509_verify_param_copy(trust, X509_TRUST_DEFAULT);
172
0
    x509_verify_param_copy(depth, -1);
173
0
    x509_verify_param_copy(auth_level, -1);
174
175
    /* If overwrite or check time not set, copy across */
176
177
0
    if (to_overwrite || (dest->flags & X509_V_FLAG_USE_CHECK_TIME) == 0) {
178
0
        dest->check_time = src->check_time;
179
0
        dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
180
        /* Don't need to copy flag: that is done below */
181
0
    }
182
183
0
    if ((inh_flags & X509_VP_FLAG_RESET_FLAGS) != 0)
184
0
        dest->flags = 0;
185
186
0
    dest->flags |= src->flags;
187
188
0
    if (test_x509_verify_param_copy(policies, NULL)) {
189
0
        if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
190
0
            return 0;
191
0
    }
192
193
0
    x509_verify_param_copy(hostflags, 0);
194
195
0
    if (test_x509_verify_param_copy(hosts, NULL)) {
196
0
        sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
197
0
        dest->hosts = NULL;
198
0
        if (src->hosts != NULL) {
199
0
            dest->hosts =
200
0
                sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
201
0
            if (dest->hosts == NULL)
202
0
                return 0;
203
0
        }
204
0
    }
205
206
0
    if (test_x509_verify_param_copy(email, NULL)) {
207
0
        if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
208
0
            return 0;
209
0
    }
210
211
0
    if (test_x509_verify_param_copy(ip, NULL)) {
212
0
        if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
213
0
            return 0;
214
0
    }
215
216
0
    return 1;
217
0
}
218
219
int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
220
                           const X509_VERIFY_PARAM *from)
221
0
{
222
0
    unsigned long save_flags;
223
0
    int ret;
224
225
0
    if (to == NULL) {
226
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
227
0
        return 0;
228
0
    }
229
0
    save_flags = to->inh_flags;
230
0
    to->inh_flags |= X509_VP_FLAG_DEFAULT;
231
0
    ret = X509_VERIFY_PARAM_inherit(to, from);
232
0
    to->inh_flags = save_flags;
233
0
    return ret;
234
0
}
235
236
static int int_x509_param_set1(char **pdest, size_t *pdestlen,
237
                               const char *src, size_t srclen)
238
0
{
239
0
    char *tmp;
240
241
0
    if (src != NULL) {
242
0
        if (srclen == 0)
243
0
            srclen = strlen(src);
244
245
0
        tmp = OPENSSL_malloc(srclen + 1);
246
0
        if (tmp == NULL)
247
0
            return 0;
248
0
        memcpy(tmp, src, srclen);
249
0
        tmp[srclen] = '\0'; /* enforce NUL termination */
250
0
    } else {
251
0
        tmp = NULL;
252
0
        srclen = 0;
253
0
    }
254
0
    OPENSSL_free(*pdest);
255
0
    *pdest = tmp;
256
0
    if (pdestlen != NULL)
257
0
        *pdestlen = srclen;
258
0
    return 1;
259
0
}
260
261
int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
262
0
{
263
0
    OPENSSL_free(param->name);
264
0
    param->name = OPENSSL_strdup(name);
265
0
    return param->name != NULL;
266
0
}
267
268
int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
269
0
{
270
0
    param->flags |= flags;
271
0
    if ((flags & X509_V_FLAG_POLICY_MASK) != 0)
272
0
        param->flags |= X509_V_FLAG_POLICY_CHECK;
273
0
    return 1;
274
0
}
275
276
int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
277
                                  unsigned long flags)
278
0
{
279
0
    param->flags &= ~flags;
280
0
    return 1;
281
0
}
282
283
unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param)
284
0
{
285
0
    return param->flags;
286
0
}
287
288
uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param)
289
0
{
290
0
    return param->inh_flags;
291
0
}
292
293
int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags)
294
0
{
295
0
    param->inh_flags = flags;
296
0
    return 1;
297
0
}
298
299
/* resets to default (any) purpose if |purpose| == X509_PURPOSE_DEFAULT_ANY */
300
int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
301
0
{
302
0
    return X509_PURPOSE_set(&param->purpose, purpose);
303
0
}
304
305
int X509_VERIFY_PARAM_get_purpose(const X509_VERIFY_PARAM *param)
306
0
{
307
0
    return param->purpose;
308
0
}
309
310
int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
311
0
{
312
0
    return X509_TRUST_set(&param->trust, trust);
313
0
}
314
315
void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
316
0
{
317
0
    param->depth = depth;
318
0
}
319
320
void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level)
321
0
{
322
0
    param->auth_level = auth_level;
323
0
}
324
325
time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param)
326
0
{
327
0
    return param->check_time;
328
0
}
329
330
void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
331
0
{
332
0
    param->check_time = t;
333
0
    param->flags |= X509_V_FLAG_USE_CHECK_TIME;
334
0
}
335
336
int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
337
                                  ASN1_OBJECT *policy)
338
0
{
339
0
    if (param->policies == NULL) {
340
0
        param->policies = sk_ASN1_OBJECT_new_null();
341
0
        if (param->policies == NULL)
342
0
            return 0;
343
0
    }
344
345
0
    if (sk_ASN1_OBJECT_push(param->policies, policy) <= 0)
346
0
        return 0;
347
0
    return 1;
348
0
}
349
350
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
351
                                    STACK_OF(ASN1_OBJECT) *policies)
352
0
{
353
0
    int i;
354
0
    ASN1_OBJECT *oid, *doid;
355
356
0
    if (param == NULL) {
357
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
358
0
        return 0;
359
0
    }
360
0
    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
361
362
0
    if (policies == NULL) {
363
0
        param->policies = NULL;
364
0
        return 1;
365
0
    }
366
367
0
    param->policies = sk_ASN1_OBJECT_new_null();
368
0
    if (param->policies == NULL)
369
0
        return 0;
370
371
0
    for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
372
0
        oid = sk_ASN1_OBJECT_value(policies, i);
373
0
        doid = OBJ_dup(oid);
374
0
        if (doid == NULL)
375
0
            return 0;
376
0
        if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
377
0
            ASN1_OBJECT_free(doid);
378
0
            return 0;
379
0
        }
380
0
    }
381
0
    param->flags |= X509_V_FLAG_POLICY_CHECK;
382
0
    return 1;
383
0
}
384
385
char *X509_VERIFY_PARAM_get0_host(X509_VERIFY_PARAM *param, int idx)
386
0
{
387
0
    return sk_OPENSSL_STRING_value(param->hosts, idx);
388
0
}
389
390
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
391
                                const char *name, size_t namelen)
392
0
{
393
0
    return int_x509_param_set_hosts(param, SET_HOST, name, namelen);
394
0
}
395
396
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
397
                                const char *name, size_t namelen)
398
0
{
399
0
    return int_x509_param_set_hosts(param, ADD_HOST, name, namelen);
400
0
}
401
402
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
403
                                     unsigned int flags)
404
0
{
405
0
    param->hostflags = flags;
406
0
}
407
408
unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param)
409
0
{
410
0
    return param->hostflags;
411
0
}
412
413
char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param)
414
0
{
415
0
    return param->peername;
416
0
}
417
418
/*
419
 * Move peername from one param structure to another, freeing any name present
420
 * at the target.  If the source is a NULL parameter structure, free and zero
421
 * the target peername.
422
 */
423
void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to,
424
                                     X509_VERIFY_PARAM *from)
425
0
{
426
0
    char *peername = (from != NULL) ? from->peername : NULL;
427
428
0
    if (to->peername != peername) {
429
0
        OPENSSL_free(to->peername);
430
0
        to->peername = peername;
431
0
    }
432
0
    if (from != NULL)
433
0
        from->peername = NULL;
434
0
}
435
436
char *X509_VERIFY_PARAM_get0_email(X509_VERIFY_PARAM *param)
437
0
{
438
0
    return param->email;
439
0
}
440
441
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
442
                                 const char *email, size_t emaillen)
443
0
{
444
0
    return int_x509_param_set1(&param->email, &param->emaillen,
445
0
                               email, emaillen);
446
0
}
447
448
static unsigned char
449
*int_X509_VERIFY_PARAM_get0_ip(X509_VERIFY_PARAM *param, size_t *plen)
450
0
{
451
0
    if (param == NULL || param->ip == NULL) {
452
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
453
0
        return NULL;
454
0
    }
455
0
    if (plen != NULL)
456
0
        *plen = param->iplen;
457
0
    return param->ip;
458
0
}
459
460
char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param)
461
0
{
462
0
    size_t iplen;
463
0
    unsigned char *ip = int_X509_VERIFY_PARAM_get0_ip(param, &iplen);
464
465
0
    return ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, iplen);
466
0
}
467
468
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
469
                              const unsigned char *ip, size_t iplen)
470
0
{
471
0
    if (iplen != 0 && iplen != 4 && iplen != 16) {
472
0
        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
473
0
        return 0;
474
0
    }
475
0
    return int_x509_param_set1((char **)&param->ip, &param->iplen,
476
0
                               (char *)ip, iplen);
477
0
}
478
479
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
480
0
{
481
0
    unsigned char ipout[16];
482
0
    size_t iplen = (size_t)ossl_a2i_ipadd(ipout, ipasc);
483
484
0
    if (iplen == 0)
485
0
        return 0;
486
0
    return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
487
0
}
488
489
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
490
0
{
491
0
    return param->depth;
492
0
}
493
494
int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param)
495
0
{
496
0
    return param->auth_level;
497
0
}
498
499
const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
500
0
{
501
0
    return param->name;
502
0
}
503
504
#define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0
505
506
/*
507
 * Default verify parameters: these are used for various applications and can
508
 * be overridden by the user specified table. NB: the 'name' field *must* be
509
 * in alphabetical order because it will be searched using OBJ_search.
510
 */
511
512
static const X509_VERIFY_PARAM default_table[] = {
513
    {
514
     "code_sign",               /* Code sign parameters */
515
     0,                         /* check time to use */
516
     0,                         /* inheritance flags */
517
     0,                         /* flags */
518
     X509_PURPOSE_CODE_SIGN,    /* purpose */
519
     X509_TRUST_OBJECT_SIGN,    /* trust */
520
     -1,                        /* depth */
521
     -1,                        /* auth_level */
522
     NULL,                      /* policies */
523
     vpm_empty_id
524
    },
525
    {
526
     "default",                 /* X509 default parameters */
527
     0,                         /* check time to use */
528
     0,                         /* inheritance flags */
529
     X509_V_FLAG_TRUSTED_FIRST, /* flags */
530
     0,                         /* purpose */
531
     0,                         /* trust */
532
     100,                       /* depth */
533
     -1,                        /* auth_level */
534
     NULL,                      /* policies */
535
     vpm_empty_id
536
    },
537
    {
538
     "pkcs7",                   /* S/MIME sign parameters */
539
     0,                         /* check time to use */
540
     0,                         /* inheritance flags */
541
     0,                         /* flags */
542
     X509_PURPOSE_SMIME_SIGN,   /* purpose */
543
     X509_TRUST_EMAIL,          /* trust */
544
     -1,                        /* depth */
545
     -1,                        /* auth_level */
546
     NULL,                      /* policies */
547
     vpm_empty_id
548
    },
549
    {
550
     "smime_sign",              /* S/MIME sign parameters */
551
     0,                         /* check time to use */
552
     0,                         /* inheritance flags */
553
     0,                         /* flags */
554
     X509_PURPOSE_SMIME_SIGN,   /* purpose */
555
     X509_TRUST_EMAIL,          /* trust */
556
     -1,                        /* depth */
557
     -1,                        /* auth_level */
558
     NULL,                      /* policies */
559
     vpm_empty_id
560
    },
561
    {
562
     "ssl_client",              /* SSL/TLS client parameters */
563
     0,                         /* check time to use */
564
     0,                         /* inheritance flags */
565
     0,                         /* flags */
566
     X509_PURPOSE_SSL_CLIENT,   /* purpose */
567
     X509_TRUST_SSL_CLIENT,     /* trust */
568
     -1,                        /* depth */
569
     -1,                        /* auth_level */
570
     NULL,                      /* policies */
571
     vpm_empty_id
572
    },
573
    {
574
     "ssl_server",              /* SSL/TLS server parameters */
575
     0,                         /* check time to use */
576
     0,                         /* inheritance flags */
577
     0,                         /* flags */
578
     X509_PURPOSE_SSL_SERVER,   /* purpose */
579
     X509_TRUST_SSL_SERVER,     /* trust */
580
     -1,                        /* depth */
581
     -1,                        /* auth_level */
582
     NULL,                      /* policies */
583
     vpm_empty_id
584
    }
585
};
586
587
static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
588
589
static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
590
0
{
591
0
    return strcmp(a->name, b->name);
592
0
}
593
594
DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
595
IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
596
597
static int param_cmp(const X509_VERIFY_PARAM *const *a,
598
                     const X509_VERIFY_PARAM *const *b)
599
0
{
600
0
    return strcmp((*a)->name, (*b)->name);
601
0
}
602
603
int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
604
0
{
605
0
    int idx;
606
0
    X509_VERIFY_PARAM *ptmp;
607
608
0
    if (param_table == NULL) {
609
0
        param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
610
0
        if (param_table == NULL)
611
0
            return 0;
612
0
    } else {
613
0
        idx = sk_X509_VERIFY_PARAM_find(param_table, param);
614
0
        if (idx >= 0) {
615
0
            ptmp = sk_X509_VERIFY_PARAM_delete(param_table, idx);
616
0
            X509_VERIFY_PARAM_free(ptmp);
617
0
        }
618
0
    }
619
620
0
    if (sk_X509_VERIFY_PARAM_push(param_table, param) <= 0)
621
0
        return 0;
622
0
    return 1;
623
0
}
624
625
int X509_VERIFY_PARAM_get_count(void)
626
0
{
627
0
    int num = OSSL_NELEM(default_table);
628
629
0
    if (param_table != NULL)
630
0
        num += sk_X509_VERIFY_PARAM_num(param_table);
631
0
    return num;
632
0
}
633
634
const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
635
0
{
636
0
    int num = OSSL_NELEM(default_table);
637
638
0
    if (id < num)
639
0
        return default_table + id;
640
0
    return sk_X509_VERIFY_PARAM_value(param_table, id - num);
641
0
}
642
643
const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
644
0
{
645
0
    int idx;
646
0
    X509_VERIFY_PARAM pm;
647
648
0
    pm.name = (char *)name;
649
0
    if (param_table != NULL) {
650
        /* Ideally, this would be done under a lock */
651
0
        sk_X509_VERIFY_PARAM_sort(param_table);
652
0
        idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
653
0
        if (idx >= 0)
654
0
            return sk_X509_VERIFY_PARAM_value(param_table, idx);
655
0
    }
656
0
    return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table));
657
0
}
658
659
void X509_VERIFY_PARAM_table_cleanup(void)
660
0
{
661
0
    sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
662
0
    param_table = NULL;
663
0
}