static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
{
if (!param)
return;
param->name = NULL;
param->purpose = 0;
param->trust = X509_TRUST_DEFAULT;
/*
* param->inh_flags = X509_VP_FLAG_DEFAULT;
*/
param->inh_flags = 0;
param->flags = 0;
param->depth = -1;
param->auth_level = -1; /* -1 means unset, 0 is explicit */
sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
param->policies = NULL;
sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
param->hosts = NULL;
OPENSSL_free(param->peername);
param->peername = NULL;
OPENSSL_free(param->email);
param->email = NULL;
param->emaillen = 0;
OPENSSL_free(param->ip);
param->ip = NULL;
param->iplen = 0;
}
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
{
if (param == NULL)
return;
sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
OPENSSL_free(param->peername);
OPENSSL_free(param->email);
OPENSSL_free(param->ip);
OPENSSL_free(param);
}
/*
* Because our ex_data element may or may not get allocated depending on
* whether a "first-use" occurs before the ENGINE is freed, we have a memory
* leak problem to solve. We can't declare a "new" handler for the ex_data as
* we don't want a dynamic_data_ctx in *all* ENGINE structures of all types
* (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare
* a "free" handler and that will get called if an ENGINE is being destroyed
* and there was an ex_data element corresponding to our context type.
*/
static void dynamic_data_ctx_free_func(void *parent, void *ptr,
CRYPTO_EX_DATA *ad, int idx, long argl,
void *argp)
{
if (ptr) {
dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
DSO_free(ctx->dynamic_dso);
OPENSSL_free(ctx->DYNAMIC_LIBNAME);
OPENSSL_free(ctx->engine_id);
sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
OPENSSL_free(ctx);
}
}
static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
const char *name, size_t namelen)
{
char *copy;
/*
* Refuse names with embedded NUL bytes, except perhaps as final byte.
* XXX: Do we need to push an error onto the error stack?
*/
if (namelen == 0 || name == NULL)
namelen = name ? strlen(name) : 0;
else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
return 0;
if (namelen > 0 && name[namelen - 1] == '\0')
--namelen;
if (mode == SET_HOST) {
sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free);
vpm->hosts = NULL;
}
if (name == NULL || namelen == 0)
return 1;
copy = OPENSSL_strndup(name, namelen);
if (copy == NULL)
return 0;
if (vpm->hosts == NULL &&
(vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
OPENSSL_free(copy);
return 0;
}
if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) {
OPENSSL_free(copy);
if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) {
sk_OPENSSL_STRING_free(vpm->hosts);
vpm->hosts = NULL;
}
return 0;
}
return 1;
}
int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
const X509_VERIFY_PARAM *src)
{
unsigned long inh_flags;
int to_default, to_overwrite;
if (!src)
return 1;
inh_flags = dest->inh_flags | src->inh_flags;
if (inh_flags & X509_VP_FLAG_ONCE)
dest->inh_flags = 0;
if (inh_flags & X509_VP_FLAG_LOCKED)
return 1;
if (inh_flags & X509_VP_FLAG_DEFAULT)
to_default = 1;
else
to_default = 0;
if (inh_flags & X509_VP_FLAG_OVERWRITE)
to_overwrite = 1;
else
to_overwrite = 0;
x509_verify_param_copy(purpose, 0);
x509_verify_param_copy(trust, X509_TRUST_DEFAULT);
x509_verify_param_copy(depth, -1);
x509_verify_param_copy(auth_level, -1);
/* If overwrite or check time not set, copy across */
if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
dest->check_time = src->check_time;
dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
/* Don't need to copy flag: that is done below */
}
if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
dest->flags = 0;
dest->flags |= src->flags;
if (test_x509_verify_param_copy(policies, NULL)) {
if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
return 0;
}
/* Copy the host flags if and only if we're copying the host list */
if (test_x509_verify_param_copy(hosts, NULL)) {
sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
dest->hosts = NULL;
if (src->hosts) {
dest->hosts =
sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
if (dest->hosts == NULL)
return 0;
dest->hostflags = src->hostflags;
}
}
if (test_x509_verify_param_copy(email, NULL)) {
if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
return 0;
}
if (test_x509_verify_param_copy(ip, NULL)) {
if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
return 0;
}
return 1;
}
static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
{
static const int line_wrap = 78;
int num;
int ret = 0;
char *name = NULL;
char *desc = NULL;
int flags;
int xpos = 0;
STACK_OF(OPENSSL_STRING) *cmds = NULL;
if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
0, NULL, NULL)) <= 0))
{
#if 0
BIO_printf(bio_out, "%s<no control commands>\n", indent);
#endif
return 1;
}
cmds = sk_OPENSSL_STRING_new_null();
if(!cmds)
goto err;
do {
int len;
/* Get the command input flags */
if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
NULL, NULL)) < 0)
goto err;
if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
{
/* Get the command name */
if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
NULL, NULL)) <= 0)
goto err;
if((name = OPENSSL_malloc(len + 1)) == NULL)
goto err;
if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
NULL) <= 0)
goto err;
/* Get the command description */
if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
NULL, NULL)) < 0)
goto err;
if(len > 0)
{
if((desc = OPENSSL_malloc(len + 1)) == NULL)
goto err;
if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
NULL) <= 0)
goto err;
}
/* Now decide on the output */
if(xpos == 0)
/* Do an indent */
xpos = BIO_puts(bio_out, indent);
else
/* Otherwise prepend a ", " */
xpos += BIO_printf(bio_out, ", ");
if(verbose == 1)
{
/* We're just listing names, comma-delimited */
if((xpos > (int)strlen(indent)) &&
(xpos + (int)strlen(name) > line_wrap))
{
BIO_printf(bio_out, "\n");
xpos = BIO_puts(bio_out, indent);
}
xpos += BIO_printf(bio_out, "%s", name);
}
else
{
/* We're listing names plus descriptions */
BIO_printf(bio_out, "%s: %s\n", name,
(desc == NULL) ? "<no description>" : desc);
/* ... and sometimes input flags */
if((verbose >= 3) && !util_flags(bio_out, flags,
indent))
goto err;
xpos = 0;
}
}
OPENSSL_free(name); name = NULL;
if(desc) { OPENSSL_free(desc); desc = NULL; }
/* Move to the next command */
num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
num, NULL, NULL);
} while(num > 0);
if(xpos > 0)
BIO_printf(bio_out, "\n");
ret = 1;
err:
if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity);
if(name) OPENSSL_free(name);
if(desc) OPENSSL_free(desc);
return ret;
}
