1
/*
2
 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4
 *
5
 * Licensed under the Apache License 2.0 (the "License").  You may not use
6
 * this file except in compliance with the License.  You can obtain a copy
7
 * in the file LICENSE in the source distribution or at
8
 * https://www.openssl.org/source/license.html
9
 */
10

11
#include "internal/e_os.h"
12

13
#include <stdio.h>
14
#include <sys/types.h>
15

16
#include "internal/nelem.h"
17
#include "internal/o_dir.h"
18
#include <openssl/bio.h>
19
#include <openssl/pem.h>
20
#include <openssl/store.h>
21
#include <openssl/x509v3.h>
22
#include <openssl/dh.h>
23
#include <openssl/bn.h>
24
#include <openssl/crypto.h>
25
#include "internal/refcount.h"
26
#include "ssl_local.h"
27
#include "ssl_cert_table.h"
28
#include "internal/thread_once.h"
29
#include "internal/ssl_unwrap.h"
30
#ifndef OPENSSL_NO_POSIX_IO
31
# include <sys/stat.h>
32
# ifdef _WIN32
33
#  define stat _stat
34
# endif
35
# ifndef S_ISDIR
36
#  define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
37
# endif
38
#endif
39

40

41
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
42
                                         int op, int bits, int nid, void *other,
43
                                         void *ex);
44

45
static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
46
static volatile int ssl_x509_store_ctx_idx = -1;
47

48
DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
49
{
50
    ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
51
                                                             "SSL for verify callback",
52
                                                             NULL, NULL, NULL);
53
    return ssl_x509_store_ctx_idx >= 0;
54
}
55

56
int SSL_get_ex_data_X509_STORE_CTX_idx(void)
57
{
58

59
    if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))
60
        return -1;
61
    return ssl_x509_store_ctx_idx;
62
}
63

64
CERT *ssl_cert_new(size_t ssl_pkey_num)
65
{
66
    CERT *ret = NULL;
67

68
    /* Should never happen */
69
    if (!ossl_assert(ssl_pkey_num >= SSL_PKEY_NUM))
70
        return NULL;
71

72
    ret = OPENSSL_zalloc(sizeof(*ret));
73
    if (ret == NULL)
74
        return NULL;
75

76
    ret->ssl_pkey_num = ssl_pkey_num;
77
    ret->pkeys = OPENSSL_zalloc(ret->ssl_pkey_num * sizeof(CERT_PKEY));
78
    if (ret->pkeys == NULL) {
79
        OPENSSL_free(ret);
80
        return NULL;
81
    }
82

83
    ret->key = &(ret->pkeys[SSL_PKEY_RSA]);
84
    ret->sec_cb = ssl_security_default_callback;
85
    ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL;
86
    ret->sec_ex = NULL;
87
    if (!CRYPTO_NEW_REF(&ret->references, 1)) {
88
        OPENSSL_free(ret->pkeys);
89
        OPENSSL_free(ret);
90
        return NULL;
91
    }
92

93
    return ret;
94
}
95

96
CERT *ssl_cert_dup(CERT *cert)
97
{
98
    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
99
    size_t i;
100
#ifndef OPENSSL_NO_COMP_ALG
101
    int j;
102
#endif
103

104
    if (ret == NULL)
105
        return NULL;
106

107
    ret->ssl_pkey_num = cert->ssl_pkey_num;
108
    ret->pkeys = OPENSSL_zalloc(ret->ssl_pkey_num * sizeof(CERT_PKEY));
109
    if (ret->pkeys == NULL) {
110
        OPENSSL_free(ret);
111
        return NULL;
112
    }
113

114
    ret->key = &ret->pkeys[cert->key - cert->pkeys];
115
    if (!CRYPTO_NEW_REF(&ret->references, 1)) {
116
        OPENSSL_free(ret->pkeys);
117
        OPENSSL_free(ret);
118
        return NULL;
119
    }
120

121
    if (cert->dh_tmp != NULL) {
122
        if (!EVP_PKEY_up_ref(cert->dh_tmp))
123
            goto err;
124
        ret->dh_tmp = cert->dh_tmp;
125
    }
126

127
    ret->dh_tmp_cb = cert->dh_tmp_cb;
128
    ret->dh_tmp_auto = cert->dh_tmp_auto;
129

130
    for (i = 0; i < ret->ssl_pkey_num; i++) {
131
        CERT_PKEY *cpk = cert->pkeys + i;
132
        CERT_PKEY *rpk = ret->pkeys + i;
133

134
        if (cpk->x509 != NULL) {
135
            if (!X509_up_ref(cpk->x509))
136
                goto err;
137
            rpk->x509 = cpk->x509;
138
        }
139

140
        if (cpk->privatekey != NULL) {
141
            if (!EVP_PKEY_up_ref(cpk->privatekey))
142
                goto err;
143
            rpk->privatekey = cpk->privatekey;
144
        }
145

146
        if (cpk->chain) {
147
            rpk->chain = X509_chain_up_ref(cpk->chain);
148
            if (!rpk->chain) {
149
                ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
150
                goto err;
151
            }
152
        }
153
        if (cpk->serverinfo != NULL) {
154
            /* Just copy everything. */
155
            rpk->serverinfo = OPENSSL_memdup(cpk->serverinfo, cpk->serverinfo_length);
156
            if (rpk->serverinfo == NULL)
157
                goto err;
158
            rpk->serverinfo_length = cpk->serverinfo_length;
159
        }
160
#ifndef OPENSSL_NO_COMP_ALG
161
        for (j = TLSEXT_comp_cert_none; j < TLSEXT_comp_cert_limit; j++) {
162
            if (cpk->comp_cert[j] != NULL) {
163
                if (!OSSL_COMP_CERT_up_ref(cpk->comp_cert[j]))
164
                    goto err;
165
                rpk->comp_cert[j] = cpk->comp_cert[j];
166
            }
167
        }
168
#endif
169
    }
170

171
    /* Configured sigalgs copied across */
172
    if (cert->conf_sigalgs) {
173
        ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
174
                                           * sizeof(*cert->conf_sigalgs));
175
        if (ret->conf_sigalgs == NULL)
176
            goto err;
177
        memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
178
               cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs));
179
        ret->conf_sigalgslen = cert->conf_sigalgslen;
180
    } else
181
        ret->conf_sigalgs = NULL;
182

183
    if (cert->client_sigalgs) {
184
        ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen
185
                                             * sizeof(*cert->client_sigalgs));
186
        if (ret->client_sigalgs == NULL)
187
            goto err;
188
        memcpy(ret->client_sigalgs, cert->client_sigalgs,
189
               cert->client_sigalgslen * sizeof(*cert->client_sigalgs));
190
        ret->client_sigalgslen = cert->client_sigalgslen;
191
    } else
192
        ret->client_sigalgs = NULL;
193
    /* Copy any custom client certificate types */
194
    if (cert->ctype) {
195
        ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len);
196
        if (ret->ctype == NULL)
197
            goto err;
198
        ret->ctype_len = cert->ctype_len;
199
    }
200

201
    ret->cert_flags = cert->cert_flags;
202

203
    ret->cert_cb = cert->cert_cb;
204
    ret->cert_cb_arg = cert->cert_cb_arg;
205

206
    if (cert->verify_store) {
207
        if (!X509_STORE_up_ref(cert->verify_store))
208
            goto err;
209
        ret->verify_store = cert->verify_store;
210
    }
211

212
    if (cert->chain_store) {
213
        if (!X509_STORE_up_ref(cert->chain_store))
214
            goto err;
215
        ret->chain_store = cert->chain_store;
216
    }
217

218
    ret->sec_cb = cert->sec_cb;
219
    ret->sec_level = cert->sec_level;
220
    ret->sec_ex = cert->sec_ex;
221

222
    if (!custom_exts_copy(&ret->custext, &cert->custext))
223
        goto err;
224
#ifndef OPENSSL_NO_PSK
225
    if (cert->psk_identity_hint) {
226
        ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint);
227
        if (ret->psk_identity_hint == NULL)
228
            goto err;
229
    }
230
#endif
231
    return ret;
232

233
 err:
234
    ssl_cert_free(ret);
235

236
    return NULL;
237
}
238

239
/* Free up and clear all certificates and chains */
240

241
void ssl_cert_clear_certs(CERT *c)
242
{
243
    size_t i;
244
#ifndef OPENSSL_NO_COMP_ALG
245
    int j;
246
#endif
247

248
    if (c == NULL)
249
        return;
250
    for (i = 0; i < c->ssl_pkey_num; i++) {
251
        CERT_PKEY *cpk = c->pkeys + i;
252
        X509_free(cpk->x509);
253
        cpk->x509 = NULL;
254
        EVP_PKEY_free(cpk->privatekey);
255
        cpk->privatekey = NULL;
256
        OSSL_STACK_OF_X509_free(cpk->chain);
257
        cpk->chain = NULL;
258
        OPENSSL_free(cpk->serverinfo);
259
        cpk->serverinfo = NULL;
260
        cpk->serverinfo_length = 0;
261
#ifndef OPENSSL_NO_COMP_ALG
262
        for (j = 0; j < TLSEXT_comp_cert_limit; j++) {
263
            OSSL_COMP_CERT_free(cpk->comp_cert[j]);
264
            cpk->comp_cert[j] = NULL;
265
            cpk->cert_comp_used = 0;
266
        }
267
#endif
268
    }
269
}
270

271
void ssl_cert_free(CERT *c)
272
{
273
    int i;
274

275
    if (c == NULL)
276
        return;
277
    CRYPTO_DOWN_REF(&c->references, &i);
278
    REF_PRINT_COUNT("CERT", i, c);
279
    if (i > 0)
280
        return;
281
    REF_ASSERT_ISNT(i < 0);
282

283
    EVP_PKEY_free(c->dh_tmp);
284

285
    ssl_cert_clear_certs(c);
286
    OPENSSL_free(c->conf_sigalgs);
287
    OPENSSL_free(c->client_sigalgs);
288
    OPENSSL_free(c->ctype);
289
    X509_STORE_free(c->verify_store);
290
    X509_STORE_free(c->chain_store);
291
    custom_exts_free(&c->custext);
292
#ifndef OPENSSL_NO_PSK
293
    OPENSSL_free(c->psk_identity_hint);
294
#endif
295
    OPENSSL_free(c->pkeys);
296
    CRYPTO_FREE_REF(&c->references);
297
    OPENSSL_free(c);
298
}
299

300
int ssl_cert_set0_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
301
{
302
    int i, r;
303
    CERT_PKEY *cpk = s != NULL ? s->cert->key : ctx->cert->key;
304

305
    if (!cpk)
306
        return 0;
307
    for (i = 0; i < sk_X509_num(chain); i++) {
308
        X509 *x = sk_X509_value(chain, i);
309

310
        r = ssl_security_cert(s, ctx, x, 0, 0);
311
        if (r != 1) {
312
            ERR_raise(ERR_LIB_SSL, r);
313
            return 0;
314
        }
315
    }
316
    OSSL_STACK_OF_X509_free(cpk->chain);
317
    cpk->chain = chain;
318
    return 1;
319
}
320

321
int ssl_cert_set1_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
322
{
323
    STACK_OF(X509) *dchain;
324

325
    if (!chain)
326
        return ssl_cert_set0_chain(s, ctx, NULL);
327
    dchain = X509_chain_up_ref(chain);
328
    if (!dchain)
329
        return 0;
330
    if (!ssl_cert_set0_chain(s, ctx, dchain)) {
331
        OSSL_STACK_OF_X509_free(dchain);
332
        return 0;
333
    }
334
    return 1;
335
}
336

337
int ssl_cert_add0_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
338
{
339
    int r;
340
    CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
341

342
    if (!cpk)
343
        return 0;
344
    r = ssl_security_cert(s, ctx, x, 0, 0);
345
    if (r != 1) {
346
        ERR_raise(ERR_LIB_SSL, r);
347
        return 0;
348
    }
349
    if (!cpk->chain)
350
        cpk->chain = sk_X509_new_null();
351
    if (!cpk->chain || !sk_X509_push(cpk->chain, x))
352
        return 0;
353
    return 1;
354
}
355

356
int ssl_cert_add1_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
357
{
358
    if (!X509_up_ref(x))
359
        return 0;
360
    if (!ssl_cert_add0_chain_cert(s, ctx, x)) {
361
        X509_free(x);
362
        return 0;
363
    }
364
    return 1;
365
}
366

367
int ssl_cert_select_current(CERT *c, X509 *x)
368
{
369
    size_t i;
370

371
    if (x == NULL)
372
        return 0;
373
    for (i = 0; i < c->ssl_pkey_num; i++) {
374
        CERT_PKEY *cpk = c->pkeys + i;
375
        if (cpk->x509 == x && cpk->privatekey) {
376
            c->key = cpk;
377
            return 1;
378
        }
379
    }
380

381
    for (i = 0; i < c->ssl_pkey_num; i++) {
382
        CERT_PKEY *cpk = c->pkeys + i;
383
        if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x)) {
384
            c->key = cpk;
385
            return 1;
386
        }
387
    }
388
    return 0;
389
}
390

391
int ssl_cert_set_current(CERT *c, long op)
392
{
393
    size_t i, idx;
394

395
    if (!c)
396
        return 0;
397
    if (op == SSL_CERT_SET_FIRST)
398
        idx = 0;
399
    else if (op == SSL_CERT_SET_NEXT) {
400
        idx = (size_t)(c->key - c->pkeys + 1);
401
        if (idx >= c->ssl_pkey_num)
402
            return 0;
403
    } else
404
        return 0;
405
    for (i = idx; i < c->ssl_pkey_num; i++) {
406
        CERT_PKEY *cpk = c->pkeys + i;
407
        if (cpk->x509 && cpk->privatekey) {
408
            c->key = cpk;
409
            return 1;
410
        }
411
    }
412
    return 0;
413
}
414

415
void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg)
416
{
417
    c->cert_cb = cb;
418
    c->cert_cb_arg = arg;
419
}
420

421
/*
422
 * Verify a certificate chain/raw public key
423
 * Return codes:
424
 *  1: Verify success
425
 *  0: Verify failure or error
426
 * -1: Retry required
427
 */
428
static int ssl_verify_internal(SSL_CONNECTION *s, STACK_OF(X509) *sk, EVP_PKEY *rpk)
429
{
430
    X509 *x;
431
    int i = 0;
432
    X509_STORE *verify_store;
433
    X509_STORE_CTX *ctx = NULL;
434
    X509_VERIFY_PARAM *param;
435
    SSL_CTX *sctx;
436

437
    /* Something must be passed in */
438
    if ((sk == NULL || sk_X509_num(sk) == 0) && rpk == NULL)
439
        return 0;
440

441
    /* Only one can be set */
442
    if (sk != NULL && rpk != NULL)
443
        return 0;
444

445
    sctx = SSL_CONNECTION_GET_CTX(s);
446
    if (s->cert->verify_store)
447
        verify_store = s->cert->verify_store;
448
    else
449
        verify_store = sctx->cert_store;
450

451
    ctx = X509_STORE_CTX_new_ex(sctx->libctx, sctx->propq);
452
    if (ctx == NULL) {
453
        ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
454
        return 0;
455
    }
456

457
    if (sk != NULL) {
458
        x = sk_X509_value(sk, 0);
459
        if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {
460
            ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
461
            goto end;
462
        }
463
    } else {
464
        if (!X509_STORE_CTX_init_rpk(ctx, verify_store, rpk)) {
465
            ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
466
            goto end;
467
        }
468
    }
469
    param = X509_STORE_CTX_get0_param(ctx);
470
    /*
471
     * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some
472
     * point, for now a single @SECLEVEL sets the same policy for TLS crypto
473
     * and PKI authentication.
474
     */
475
    X509_VERIFY_PARAM_set_auth_level(param,
476
        SSL_get_security_level(SSL_CONNECTION_GET_SSL(s)));
477

478
    /* Set suite B flags if needed */
479
    X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
480
    if (!X509_STORE_CTX_set_ex_data(ctx,
481
            SSL_get_ex_data_X509_STORE_CTX_idx(),
482
            SSL_CONNECTION_GET_USER_SSL(s)))
483
        goto end;
484

485
    /* Verify via DANE if enabled */
486
    if (DANETLS_ENABLED(&s->dane))
487
        X509_STORE_CTX_set0_dane(ctx, &s->dane);
488

489
    /*
490
     * We need to inherit the verify parameters. These can be determined by
491
     * the context: if its a server it will verify SSL client certificates or
492
     * vice versa.
493
     */
494

495
    X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server");
496
    /*
497
     * Anything non-default in "s->param" should overwrite anything in the ctx.
498
     */
499
    X509_VERIFY_PARAM_set1(param, s->param);
500

501
    if (s->verify_callback)
502
        X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
503

504
    if (sctx->app_verify_callback != NULL) {
505
        i = sctx->app_verify_callback(ctx, sctx->app_verify_arg);
506
    } else {
507
        i = X509_verify_cert(ctx);
508
        /* We treat an error in the same way as a failure to verify */
509
        if (i < 0)
510
            i = 0;
511
    }
512

513
    s->verify_result = X509_STORE_CTX_get_error(ctx);
514
    OSSL_STACK_OF_X509_free(s->verified_chain);
515
    s->verified_chain = NULL;
516

517
    if (sk != NULL && X509_STORE_CTX_get0_chain(ctx) != NULL) {
518
        s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
519
        if (s->verified_chain == NULL) {
520
            ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
521
            i = 0;
522
        }
523
    }
524

525
    /* Move peername from the store context params to the SSL handle's */
526
    X509_VERIFY_PARAM_move_peername(s->param, param);
527

528
 end:
529
    X509_STORE_CTX_free(ctx);
530
    return i;
531
}
532

533
/*
534
 * Verify a raw public key
535
 * Return codes:
536
 *  1: Verify success
537
 *  0: Verify failure or error
538
 * -1: Retry required
539
 */
540
int ssl_verify_rpk(SSL_CONNECTION *s, EVP_PKEY *rpk)
541
{
542
    return ssl_verify_internal(s, NULL, rpk);
543
}
544

545
/*
546
 * Verify a certificate chain
547
 * Return codes:
548
 *  1: Verify success
549
 *  0: Verify failure or error
550
 * -1: Retry required
551
 */
552
int ssl_verify_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk)
553
{
554
    return ssl_verify_internal(s, sk, NULL);
555
}
556

557
static void set0_CA_list(STACK_OF(X509_NAME) **ca_list,
558
                        STACK_OF(X509_NAME) *name_list)
559
{
560
    sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
561
    *ca_list = name_list;
562
}
563

564
STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
565
{
566
    int i;
567
    const int num = sk_X509_NAME_num(sk);
568
    STACK_OF(X509_NAME) *ret;
569
    X509_NAME *name;
570

571
    ret = sk_X509_NAME_new_reserve(NULL, num);
572
    if (ret == NULL) {
573
        ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
574
        return NULL;
575
    }
576
    for (i = 0; i < num; i++) {
577
        name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
578
        if (name == NULL) {
579
            ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
580
            sk_X509_NAME_pop_free(ret, X509_NAME_free);
581
            return NULL;
582
        }
583
        sk_X509_NAME_push(ret, name);   /* Cannot fail after reserve call */
584
    }
585
    return ret;
586
}
587

588
void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
589
{
590
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
591

592
    if (sc == NULL)
593
        return;
594

595
    set0_CA_list(&sc->ca_names, name_list);
596
}
597

598
void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
599
{
600
    set0_CA_list(&ctx->ca_names, name_list);
601
}
602

603
const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx)
604
{
605
    return ctx->ca_names;
606
}
607

608
const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s)
609
{
610
    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
611

612
    if (sc == NULL)
613
        return NULL;
614

615
    return sc->ca_names != NULL ? sc->ca_names : s->ctx->ca_names;
616
}
617

618
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
619
{
620
    set0_CA_list(&ctx->client_ca_names, name_list);
621
}
622

623
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
624
{
625
    return ctx->client_ca_names;
626
}
627

628
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
629
{
630
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
631

632
    if (sc == NULL)
633
        return;
634

635
    set0_CA_list(&sc->client_ca_names, name_list);
636
}
637

638
const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
639
{
640
    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
641

642
    if (sc == NULL)
643
        return NULL;
644

645
    return sc->s3.tmp.peer_ca_names;
646
}
647

648
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
649
{
650
    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
651

652
    if (sc == NULL)
653
        return NULL;
654

655
    if (!sc->server)
656
        return sc->s3.tmp.peer_ca_names;
657
    return sc->client_ca_names != NULL ? sc->client_ca_names
658
                                       : s->ctx->client_ca_names;
659
}
660

661
static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
662
{
663
    X509_NAME *name;
664

665
    if (x == NULL)
666
        return 0;
667
    if (*sk == NULL && ((*sk = sk_X509_NAME_new_null()) == NULL))
668
        return 0;
669

670
    if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
671
        return 0;
672

673
    if (!sk_X509_NAME_push(*sk, name)) {
674
        X509_NAME_free(name);
675
        return 0;
676
    }
677
    return 1;
678
}
679

680
int SSL_add1_to_CA_list(SSL *ssl, const X509 *x)
681
{
682
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
683

684
    if (sc == NULL)
685
        return 0;
686

687
    return add_ca_name(&sc->ca_names, x);
688
}
689

690
int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
691
{
692
    return add_ca_name(&ctx->ca_names, x);
693
}
694

695
/*
696
 * The following two are older names are to be replaced with
697
 * SSL(_CTX)_add1_to_CA_list
698
 */
699
int SSL_add_client_CA(SSL *ssl, X509 *x)
700
{
701
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
702

703
    if (sc == NULL)
704
        return 0;
705

706
    return add_ca_name(&sc->client_ca_names, x);
707
}
708

709
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
710
{
711
    return add_ca_name(&ctx->client_ca_names, x);
712
}
713

714
static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
715
{
716
    unsigned char *abuf = NULL, *bbuf = NULL;
717
    int alen, blen, ret;
718

719
    /* X509_NAME_cmp() itself casts away constness in this way, so
720
     * assume it's safe:
721
     */
722
    alen = i2d_X509_NAME((X509_NAME *)a, &abuf);
723
    blen = i2d_X509_NAME((X509_NAME *)b, &bbuf);
724

725
    if (alen < 0 || blen < 0)
726
        ret = -2;
727
    else if (alen != blen)
728
        ret = alen - blen;
729
    else /* alen == blen */
730
        ret = memcmp(abuf, bbuf, alen);
731

732
    OPENSSL_free(abuf);
733
    OPENSSL_free(bbuf);
734

735
    return ret;
736
}
737

738
static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
739
{
740
    return xname_cmp(*a, *b);
741
}
742

743
static unsigned long xname_hash(const X509_NAME *a)
744
{
745
    /* This returns 0 also if SHA1 is not available */
746
    return X509_NAME_hash_ex((X509_NAME *)a, NULL, NULL, NULL);
747
}
748

749
STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
750
                                                OSSL_LIB_CTX *libctx,
751
                                                const char *propq)
752
{
753
    BIO *in = BIO_new(BIO_s_file());
754
    X509 *x = NULL;
755
    X509_NAME *xn = NULL;
756
    STACK_OF(X509_NAME) *ret = NULL;
757
    LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
758
    OSSL_LIB_CTX *prev_libctx = NULL;
759

760
    if (file == NULL) {
761
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
762
        goto err;
763
    }
764
    if (name_hash == NULL) {
765
        ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
766
        goto err;
767
    }
768
    if (in == NULL) {
769
        ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);
770
        goto err;
771
    }
772

773
    x = X509_new_ex(libctx, propq);
774
    if (x == NULL) {
775
        ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
776
        goto err;
777
    }
778
    if (BIO_read_filename(in, file) <= 0)
779
        goto err;
780

781
    /* Internally lh_X509_NAME_retrieve() needs the libctx to retrieve SHA1 */
782
    prev_libctx = OSSL_LIB_CTX_set0_default(libctx);
783
    for (;;) {
784
        if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
785
            break;
786
        if (ret == NULL) {
787
            ret = sk_X509_NAME_new_null();
788
            if (ret == NULL) {
789
                ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
790
                goto err;
791
            }
792
        }
793
        if ((xn = X509_get_subject_name(x)) == NULL)
794
            goto err;
795
        /* check for duplicates */
796
        xn = X509_NAME_dup(xn);
797
        if (xn == NULL)
798
            goto err;
799
        if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
800
            /* Duplicate. */
801
            X509_NAME_free(xn);
802
            xn = NULL;
803
        } else {
804
            lh_X509_NAME_insert(name_hash, xn);
805
            if (!sk_X509_NAME_push(ret, xn))
806
                goto err;
807
        }
808
    }
809
    goto done;
810

811
 err:
812
    X509_NAME_free(xn);
813
    sk_X509_NAME_pop_free(ret, X509_NAME_free);
814
    ret = NULL;
815
 done:
816
    /* restore the old libctx */
817
    OSSL_LIB_CTX_set0_default(prev_libctx);
818
    BIO_free(in);
819
    X509_free(x);
820
    lh_X509_NAME_free(name_hash);
821
    if (ret != NULL)
822
        ERR_clear_error();
823
    return ret;
824
}
825

826
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
827
{
828
    return SSL_load_client_CA_file_ex(file, NULL, NULL);
829
}
830

831
static int add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
832
                                           const char *file,
833
                                           LHASH_OF(X509_NAME) *name_hash)
834
{
835
    BIO *in;
836
    X509 *x = NULL;
837
    X509_NAME *xn = NULL;
838
    int ret = 1;
839

840
    in = BIO_new(BIO_s_file());
841

842
    if (in == NULL) {
843
        ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);
844
        goto err;
845
    }
846

847
    if (BIO_read_filename(in, file) <= 0)
848
        goto err;
849

850
    for (;;) {
851
        if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
852
            break;
853
        if ((xn = X509_get_subject_name(x)) == NULL)
854
            goto err;
855
        xn = X509_NAME_dup(xn);
856
        if (xn == NULL)
857
            goto err;
858
        if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
859
            /* Duplicate. */
860
            X509_NAME_free(xn);
861
        } else if (!sk_X509_NAME_push(stack, xn)) {
862
            X509_NAME_free(xn);
863
            goto err;
864
        } else {
865
            /* Successful insert, add to hash table */
866
            lh_X509_NAME_insert(name_hash, xn);
867
        }
868
    }
869

870
    ERR_clear_error();
871
    goto done;
872

873
 err:
874
    ret = 0;
875
 done:
876
    BIO_free(in);
877
    X509_free(x);
878
    return ret;
879
}
880

881
int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
882
                                        const char *file)
883
{
884
    X509_NAME *xn = NULL;
885
    int ret = 1;
886
    int idx = 0;
887
    int num = 0;
888
    LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
889

890
    if (file == NULL) {
891
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
892
        goto err;
893
    }
894

895
    if (name_hash == NULL) {
896
        ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
897
        goto err;
898
    }
899

900
    /*
901
     * Pre-populate the lhash with the existing entries of the stack, since
902
     * using the LHASH_OF is much faster for duplicate checking. That's because
903
     * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
904
     * for every single invocation of the comparison function.
905
     */
906
    num = sk_X509_NAME_num(stack);
907
    for (idx = 0; idx < num; idx++) {
908
        xn = sk_X509_NAME_value(stack, idx);
909
        lh_X509_NAME_insert(name_hash, xn);
910
    }
911

912
    ret = add_file_cert_subjects_to_stack(stack, file, name_hash);
913
    goto done;
914

915
 err:
916
    ret = 0;
917
 done:
918
    lh_X509_NAME_free(name_hash);
919
    return ret;
920
}
921

922
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
923
                                       const char *dir)
924
{
925
    OPENSSL_DIR_CTX *d = NULL;
926
    const char *filename;
927
    int ret = 0;
928
    X509_NAME *xn = NULL;
929
    int idx = 0;
930
    int num = 0;
931
    LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
932

933
    if (name_hash == NULL) {
934
        ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
935
        goto err;
936
    }
937

938
    /*
939
     * Pre-populate the lhash with the existing entries of the stack, since
940
     * using the LHASH_OF is much faster for duplicate checking. That's because
941
     * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
942
     * for every single invocation of the comparison function.
943
     */
944
    num = sk_X509_NAME_num(stack);
945
    for (idx = 0; idx < num; idx++) {
946
        xn = sk_X509_NAME_value(stack, idx);
947
        lh_X509_NAME_insert(name_hash, xn);
948
    }
949

950
    while ((filename = OPENSSL_DIR_read(&d, dir))) {
951
        char buf[1024];
952
        int r;
953
#ifndef OPENSSL_NO_POSIX_IO
954
        struct stat st;
955

956
#else
957
        /* Cannot use stat so just skip current and parent directories */
958
        if (strcmp(filename, ".") == 0 || strcmp(filename, "..") == 0)
959
            continue;
960
#endif
961
        if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {
962
            ERR_raise(ERR_LIB_SSL, SSL_R_PATH_TOO_LONG);
963
            goto err;
964
        }
965
#ifdef OPENSSL_SYS_VMS
966
        r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename);
967
#else
968
        r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename);
969
#endif
970
#ifndef OPENSSL_NO_POSIX_IO
971
        /* Skip subdirectories */
972
        if (!stat(buf, &st) && S_ISDIR(st.st_mode))
973
            continue;
974
#endif
975
        if (r <= 0 || r >= (int)sizeof(buf))
976
            goto err;
977
        if (!add_file_cert_subjects_to_stack(stack, buf, name_hash))
978
            goto err;
979
    }
980

981
    if (errno) {
982
        ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
983
                       "calling OPENSSL_dir_read(%s)", dir);
984
        ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
985
        goto err;
986
    }
987

988
    ret = 1;
989

990
 err:
991
    if (d)
992
        OPENSSL_DIR_end(&d);
993
    lh_X509_NAME_free(name_hash);
994

995
    return ret;
996
}
997

998
static int add_uris_recursive(STACK_OF(X509_NAME) *stack,
999
                              const char *uri, int depth)
1000
{
1001
    int ok = 1;
1002
    OSSL_STORE_CTX *ctx = NULL;
1003
    X509 *x = NULL;
1004
    X509_NAME *xn = NULL;
1005
    OSSL_STORE_INFO *info = NULL;
1006

1007
    if ((ctx = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL)) == NULL)
1008
        goto err;
1009

1010
    while (!OSSL_STORE_eof(ctx) && !OSSL_STORE_error(ctx)) {
1011
        int infotype;
1012

1013
        if ((info = OSSL_STORE_load(ctx)) == NULL)
1014
            continue;
1015
        infotype = OSSL_STORE_INFO_get_type(info);
1016

1017
        if (infotype == OSSL_STORE_INFO_NAME) {
1018
            /*
1019
             * This is an entry in the "directory" represented by the current
1020
             * uri.  if |depth| allows, dive into it.
1021
             */
1022
            if (depth > 0)
1023
                ok = add_uris_recursive(stack, OSSL_STORE_INFO_get0_NAME(info),
1024
                                        depth - 1);
1025
        } else if (infotype == OSSL_STORE_INFO_CERT) {
1026
            if ((x = OSSL_STORE_INFO_get0_CERT(info)) == NULL
1027
                || (xn = X509_get_subject_name(x)) == NULL
1028
                || (xn = X509_NAME_dup(xn)) == NULL)
1029
                goto err;
1030
            if (sk_X509_NAME_find(stack, xn) >= 0) {
1031
                /* Duplicate. */
1032
                X509_NAME_free(xn);
1033
            } else if (!sk_X509_NAME_push(stack, xn)) {
1034
                X509_NAME_free(xn);
1035
                goto err;
1036
            }
1037
        }
1038

1039
        OSSL_STORE_INFO_free(info);
1040
        info = NULL;
1041
    }
1042

1043
    ERR_clear_error();
1044
    goto done;
1045

1046
 err:
1047
    ok = 0;
1048
    OSSL_STORE_INFO_free(info);
1049
 done:
1050
    OSSL_STORE_close(ctx);
1051

1052
    return ok;
1053
}
1054

1055
int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
1056
                                         const char *store)
1057
{
1058
    int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b)
1059
        = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
1060
    int ret = add_uris_recursive(stack, store, 1);
1061

1062
    (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
1063
    return ret;
1064
}
1065

1066
/* Build a certificate chain for current certificate */
1067
int ssl_build_cert_chain(SSL_CONNECTION *s, SSL_CTX *ctx, int flags)
1068
{
1069
    CERT *c = s != NULL ? s->cert : ctx->cert;
1070
    CERT_PKEY *cpk = c->key;
1071
    X509_STORE *chain_store = NULL;
1072
    X509_STORE_CTX *xs_ctx = NULL;
1073
    STACK_OF(X509) *chain = NULL, *untrusted = NULL;
1074
    X509 *x;
1075
    SSL_CTX *real_ctx = (s == NULL) ? ctx : SSL_CONNECTION_GET_CTX(s);
1076
    int i, rv = 0;
1077

1078
    if (cpk->x509 == NULL) {
1079
        ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_SET);
1080
        goto err;
1081
    }
1082
    /* Rearranging and check the chain: add everything to a store */
1083
    if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) {
1084
        chain_store = X509_STORE_new();
1085
        if (chain_store == NULL)
1086
            goto err;
1087
        for (i = 0; i < sk_X509_num(cpk->chain); i++) {
1088
            x = sk_X509_value(cpk->chain, i);
1089
            if (!X509_STORE_add_cert(chain_store, x))
1090
                goto err;
1091
        }
1092
        /* Add EE cert too: it might be self signed */
1093
        if (!X509_STORE_add_cert(chain_store, cpk->x509))
1094
            goto err;
1095
    } else {
1096
        if (c->chain_store != NULL)
1097
            chain_store = c->chain_store;
1098
        else
1099
            chain_store = real_ctx->cert_store;
1100

1101
        if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
1102
            untrusted = cpk->chain;
1103
    }
1104

1105
    xs_ctx = X509_STORE_CTX_new_ex(real_ctx->libctx, real_ctx->propq);
1106
    if (xs_ctx == NULL) {
1107
        ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
1108
        goto err;
1109
    }
1110
    if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) {
1111
        ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
1112
        goto err;
1113
    }
1114
    /* Set suite B flags if needed */
1115
    X509_STORE_CTX_set_flags(xs_ctx,
1116
                             c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
1117

1118
    i = X509_verify_cert(xs_ctx);
1119
    if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) {
1120
        if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)
1121
            ERR_clear_error();
1122
        i = 1;
1123
        rv = 2;
1124
    }
1125
    if (i > 0)
1126
        chain = X509_STORE_CTX_get1_chain(xs_ctx);
1127
    if (i <= 0) {
1128
        i = X509_STORE_CTX_get_error(xs_ctx);
1129
        ERR_raise_data(ERR_LIB_SSL, SSL_R_CERTIFICATE_VERIFY_FAILED,
1130
                       "Verify error:%s", X509_verify_cert_error_string(i));
1131

1132
        goto err;
1133
    }
1134
    /* Remove EE certificate from chain */
1135
    x = sk_X509_shift(chain);
1136
    X509_free(x);
1137
    if (flags & SSL_BUILD_CHAIN_FLAG_NO_ROOT) {
1138
        if (sk_X509_num(chain) > 0) {
1139
            /* See if last cert is self signed */
1140
            x = sk_X509_value(chain, sk_X509_num(chain) - 1);
1141
            if (X509_get_extension_flags(x) & EXFLAG_SS) {
1142
                x = sk_X509_pop(chain);
1143
                X509_free(x);
1144
            }
1145
        }
1146
    }
1147
    /*
1148
     * Check security level of all CA certificates: EE will have been checked
1149
     * already.
1150
     */
1151
    for (i = 0; i < sk_X509_num(chain); i++) {
1152
        x = sk_X509_value(chain, i);
1153
        rv = ssl_security_cert(s, ctx, x, 0, 0);
1154
        if (rv != 1) {
1155
            ERR_raise(ERR_LIB_SSL, rv);
1156
            OSSL_STACK_OF_X509_free(chain);
1157
            rv = 0;
1158
            goto err;
1159
        }
1160
    }
1161
    OSSL_STACK_OF_X509_free(cpk->chain);
1162
    cpk->chain = chain;
1163
    if (rv == 0)
1164
        rv = 1;
1165
 err:
1166
    if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
1167
        X509_STORE_free(chain_store);
1168
    X509_STORE_CTX_free(xs_ctx);
1169

1170
    return rv;
1171
}
1172

1173
int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
1174
{
1175
    X509_STORE **pstore;
1176

1177
    if (ref && store && !X509_STORE_up_ref(store))
1178
        return 0;
1179

1180
    if (chain)
1181
        pstore = &c->chain_store;
1182
    else
1183
        pstore = &c->verify_store;
1184
    X509_STORE_free(*pstore);
1185
    *pstore = store;
1186

1187
    return 1;
1188
}
1189

1190
int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain)
1191
{
1192
    *pstore = (chain ? c->chain_store : c->verify_store);
1193
    return 1;
1194
}
1195

1196
int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
1197
{
1198
    int level;
1199
    /*
1200
     * note that there's a corresponding minbits_table
1201
     * in crypto/x509/x509_vfy.c that's used for checking the security level
1202
     * of RSA and DSA keys
1203
     */
1204
    static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 };
1205

1206
    if (ctx != NULL)
1207
        level = SSL_CTX_get_security_level(ctx);
1208
    else
1209
        level = SSL_get_security_level(s);
1210

1211
    if (level > 5)
1212
        level = 5;
1213
    else if (level < 0)
1214
        level = 0;
1215

1216
    if (levelp != NULL)
1217
        *levelp = level;
1218

1219
    return minbits_table[level];
1220
}
1221

1222
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
1223
                                         int op, int bits, int nid, void *other,
1224
                                         void *ex)
1225
{
1226
    int level, minbits, pfs_mask;
1227
    const SSL_CONNECTION *sc;
1228

1229
    minbits = ssl_get_security_level_bits(s, ctx, &level);
1230

1231
    if (level == 0) {
1232
        /*
1233
         * No EDH keys weaker than 1024-bits even at level 0, otherwise,
1234
         * anything goes.
1235
         */
1236
        if (op == SSL_SECOP_TMP_DH && bits < 80)
1237
            return 0;
1238
        return 1;
1239
    }
1240
    switch (op) {
1241
    case SSL_SECOP_CIPHER_SUPPORTED:
1242
    case SSL_SECOP_CIPHER_SHARED:
1243
    case SSL_SECOP_CIPHER_CHECK:
1244
        {
1245
            const SSL_CIPHER *c = other;
1246
            /* No ciphers below security level */
1247
            if (bits < minbits)
1248
                return 0;
1249
            /* No unauthenticated ciphersuites */
1250
            if (c->algorithm_auth & SSL_aNULL)
1251
                return 0;
1252
            /* No MD5 mac ciphersuites */
1253
            if (c->algorithm_mac & SSL_MD5)
1254
                return 0;
1255
            /* SHA1 HMAC is 160 bits of security */
1256
            if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
1257
                return 0;
1258
            /* Level 3: forward secure ciphersuites only */
1259
            pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK;
1260
            if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
1261
                               !(c->algorithm_mkey & pfs_mask))
1262
                return 0;
1263
            break;
1264
        }
1265
    case SSL_SECOP_VERSION:
1266
        if ((sc = SSL_CONNECTION_FROM_CONST_SSL(s)) == NULL)
1267
            return 0;
1268
        if (!SSL_CONNECTION_IS_DTLS(sc)) {
1269
            /* SSLv3, TLS v1.0 and TLS v1.1 only allowed at level 0 */
1270
            if (nid <= TLS1_1_VERSION && level > 0)
1271
                return 0;
1272
        } else {
1273
            /* DTLS v1.0 only allowed at level 0 */
1274
            if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level > 0)
1275
                return 0;
1276
        }
1277
        break;
1278

1279
    case SSL_SECOP_COMPRESSION:
1280
        if (level >= 2)
1281
            return 0;
1282
        break;
1283
    case SSL_SECOP_TICKET:
1284
        if (level >= 3)
1285
            return 0;
1286
        break;
1287
    default:
1288
        if (bits < minbits)
1289
            return 0;
1290
    }
1291
    return 1;
1292
}
1293

1294
int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid, void *other)
1295
{
1296
    return s->cert->sec_cb(SSL_CONNECTION_GET_USER_SSL(s), NULL, op, bits, nid,
1297
                           other, s->cert->sec_ex);
1298
}
1299

1300
int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
1301
{
1302
    return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
1303
                             ctx->cert->sec_ex);
1304
}
1305

1306
int ssl_cert_lookup_by_nid(int nid, size_t *pidx, SSL_CTX *ctx)
1307
{
1308
    size_t i;
1309

1310
    for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
1311
        if (ssl_cert_info[i].nid == nid) {
1312
            *pidx = i;
1313
            return 1;
1314
        }
1315
    }
1316
    for (i = 0; i < ctx->sigalg_list_len; i++) {
1317
        if (ctx->ssl_cert_info[i].nid == nid) {
1318
            *pidx = SSL_PKEY_NUM + i;
1319
            return 1;
1320
        }
1321
    }
1322
    return 0;
1323
}
1324

1325
const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx, SSL_CTX *ctx)
1326
{
1327
    size_t i;
1328

1329
    /* check classic pk types */
1330
    for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
1331
        const SSL_CERT_LOOKUP *tmp_lu = &ssl_cert_info[i];
1332

1333
        if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid))
1334
            || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) {
1335
            if (pidx != NULL)
1336
                *pidx = i;
1337
            return tmp_lu;
1338
        }
1339
    }
1340
    /* check provider-loaded pk types */
1341
    for (i = 0; i < ctx->sigalg_list_len; i++) {
1342
        SSL_CERT_LOOKUP *tmp_lu = &(ctx->ssl_cert_info[i]);
1343

1344
        if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid))
1345
            || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) {
1346
            if (pidx != NULL)
1347
                *pidx = SSL_PKEY_NUM + i;
1348
            return &ctx->ssl_cert_info[i];
1349
        }
1350
    }
1351

1352
    return NULL;
1353
}
1354

1355
const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx, SSL_CTX *ctx)
1356
{
1357
    if (idx >= (OSSL_NELEM(ssl_cert_info) + ctx->sigalg_list_len))
1358
        return NULL;
1359
    else if (idx >= (OSSL_NELEM(ssl_cert_info)))
1360
        return &(ctx->ssl_cert_info[idx - SSL_PKEY_NUM]);
1361
    return &ssl_cert_info[idx];
1362
}
1363

1364