1
/*
2
 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4
 *
5
 * Licensed under the Apache License 2.0 (the "License").  You may not use
6
 * this file except in compliance with the License.  You can obtain a copy
7
 * in the file LICENSE in the source distribution or at
8
 * https://www.openssl.org/source/license.html
9
 */
10

11
#include "internal/e_os.h"
12

13
#include <stdio.h>
14
#include <sys/types.h>
15

16
#include "internal/nelem.h"
17
#include "internal/o_dir.h"
18
#include <openssl/bio.h>
19
#include <openssl/pem.h>
20
#include <openssl/store.h>
21
#include <openssl/x509v3.h>
22
#include <openssl/dh.h>
23
#include <openssl/bn.h>
24
#include <openssl/crypto.h>
25
#include "internal/refcount.h"
26
#include "ssl_local.h"
27
#include "ssl_cert_table.h"
28
#include "internal/thread_once.h"
29
#include "internal/ssl_unwrap.h"
30
#ifndef OPENSSL_NO_POSIX_IO
31
#include <sys/stat.h>
32
#ifdef _WIN32
33
#define stat _stat
34
#endif
35
#ifndef S_ISDIR
36
#define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
37
#endif
38
#endif
39

40
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
41
    int op, int bits, int nid, void *other,
42
    void *ex);
43

44
static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
45
static volatile int ssl_x509_store_ctx_idx = -1;
46

47
DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
48
{
49
    ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
50
        "SSL for verify callback",
51
        NULL, NULL, NULL);
52
    return ssl_x509_store_ctx_idx >= 0;
53
}
54

55
int SSL_get_ex_data_X509_STORE_CTX_idx(void)
56
{
57

58
    if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))
59
        return -1;
60
    return ssl_x509_store_ctx_idx;
61
}
62

63
CERT *ssl_cert_new(size_t ssl_pkey_num)
64
{
65
    CERT *ret = NULL;
66

67
    /* Should never happen */
68
    if (!ossl_assert(ssl_pkey_num >= SSL_PKEY_NUM))
69
        return NULL;
70

71
    ret = OPENSSL_zalloc(sizeof(*ret));
72
    if (ret == NULL)
73
        return NULL;
74

75
    ret->ssl_pkey_num = ssl_pkey_num;
76
    ret->pkeys = OPENSSL_zalloc(ret->ssl_pkey_num * sizeof(CERT_PKEY));
77
    if (ret->pkeys == NULL) {
78
        OPENSSL_free(ret);
79
        return NULL;
80
    }
81

82
    ret->key = &(ret->pkeys[SSL_PKEY_RSA]);
83
    ret->sec_cb = ssl_security_default_callback;
84
    ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL;
85
    ret->sec_ex = NULL;
86
    if (!CRYPTO_NEW_REF(&ret->references, 1)) {
87
        OPENSSL_free(ret->pkeys);
88
        OPENSSL_free(ret);
89
        return NULL;
90
    }
91

92
    return ret;
93
}
94

95
CERT *ssl_cert_dup(CERT *cert)
96
{
97
    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
98
    size_t i;
99
#ifndef OPENSSL_NO_COMP_ALG
100
    int j;
101
#endif
102

103
    if (ret == NULL)
104
        return NULL;
105

106
    ret->ssl_pkey_num = cert->ssl_pkey_num;
107
    ret->pkeys = OPENSSL_zalloc(ret->ssl_pkey_num * sizeof(CERT_PKEY));
108
    if (ret->pkeys == NULL) {
109
        OPENSSL_free(ret);
110
        return NULL;
111
    }
112

113
    ret->key = &ret->pkeys[cert->key - cert->pkeys];
114
    if (!CRYPTO_NEW_REF(&ret->references, 1)) {
115
        OPENSSL_free(ret->pkeys);
116
        OPENSSL_free(ret);
117
        return NULL;
118
    }
119

120
    if (cert->dh_tmp != NULL) {
121
        if (!EVP_PKEY_up_ref(cert->dh_tmp))
122
            goto err;
123
        ret->dh_tmp = cert->dh_tmp;
124
    }
125

126
    ret->dh_tmp_cb = cert->dh_tmp_cb;
127
    ret->dh_tmp_auto = cert->dh_tmp_auto;
128

129
    for (i = 0; i < ret->ssl_pkey_num; i++) {
130
        CERT_PKEY *cpk = cert->pkeys + i;
131
        CERT_PKEY *rpk = ret->pkeys + i;
132

133
        if (cpk->x509 != NULL) {
134
            if (!X509_up_ref(cpk->x509))
135
                goto err;
136
            rpk->x509 = cpk->x509;
137
        }
138

139
        if (cpk->privatekey != NULL) {
140
            if (!EVP_PKEY_up_ref(cpk->privatekey))
141
                goto err;
142
            rpk->privatekey = cpk->privatekey;
143
        }
144

145
        if (cpk->chain) {
146
            rpk->chain = X509_chain_up_ref(cpk->chain);
147
            if (!rpk->chain) {
148
                ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
149
                goto err;
150
            }
151
        }
152
        if (cpk->serverinfo != NULL) {
153
            /* Just copy everything. */
154
            rpk->serverinfo = OPENSSL_memdup(cpk->serverinfo, cpk->serverinfo_length);
155
            if (rpk->serverinfo == NULL)
156
                goto err;
157
            rpk->serverinfo_length = cpk->serverinfo_length;
158
        }
159
#ifndef OPENSSL_NO_COMP_ALG
160
        for (j = TLSEXT_comp_cert_none; j < TLSEXT_comp_cert_limit; j++) {
161
            if (cpk->comp_cert[j] != NULL) {
162
                if (!OSSL_COMP_CERT_up_ref(cpk->comp_cert[j]))
163
                    goto err;
164
                rpk->comp_cert[j] = cpk->comp_cert[j];
165
            }
166
        }
167
#endif
168
    }
169

170
    /* Configured sigalgs copied across */
171
    if (cert->conf_sigalgs) {
172
        ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
173
            * sizeof(*cert->conf_sigalgs));
174
        if (ret->conf_sigalgs == NULL)
175
            goto err;
176
        memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
177
            cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs));
178
        ret->conf_sigalgslen = cert->conf_sigalgslen;
179
    } else
180
        ret->conf_sigalgs = NULL;
181

182
    if (cert->client_sigalgs) {
183
        ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen
184
            * sizeof(*cert->client_sigalgs));
185
        if (ret->client_sigalgs == NULL)
186
            goto err;
187
        memcpy(ret->client_sigalgs, cert->client_sigalgs,
188
            cert->client_sigalgslen * sizeof(*cert->client_sigalgs));
189
        ret->client_sigalgslen = cert->client_sigalgslen;
190
    } else
191
        ret->client_sigalgs = NULL;
192
    /* Copy any custom client certificate types */
193
    if (cert->ctype) {
194
        ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len);
195
        if (ret->ctype == NULL)
196
            goto err;
197
        ret->ctype_len = cert->ctype_len;
198
    }
199

200
    ret->cert_flags = cert->cert_flags;
201

202
    ret->cert_cb = cert->cert_cb;
203
    ret->cert_cb_arg = cert->cert_cb_arg;
204

205
    if (cert->verify_store) {
206
        if (!X509_STORE_up_ref(cert->verify_store))
207
            goto err;
208
        ret->verify_store = cert->verify_store;
209
    }
210

211
    if (cert->chain_store) {
212
        if (!X509_STORE_up_ref(cert->chain_store))
213
            goto err;
214
        ret->chain_store = cert->chain_store;
215
    }
216

217
    ret->sec_cb = cert->sec_cb;
218
    ret->sec_level = cert->sec_level;
219
    ret->sec_ex = cert->sec_ex;
220

221
    if (!custom_exts_copy(&ret->custext, &cert->custext))
222
        goto err;
223
#ifndef OPENSSL_NO_PSK
224
    if (cert->psk_identity_hint) {
225
        ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint);
226
        if (ret->psk_identity_hint == NULL)
227
            goto err;
228
    }
229
#endif
230
    return ret;
231

232
err:
233
    ssl_cert_free(ret);
234

235
    return NULL;
236
}
237

238
/* Free up and clear all certificates and chains */
239

240
void ssl_cert_clear_certs(CERT *c)
241
{
242
    size_t i;
243
#ifndef OPENSSL_NO_COMP_ALG
244
    int j;
245
#endif
246

247
    if (c == NULL)
248
        return;
249
    for (i = 0; i < c->ssl_pkey_num; i++) {
250
        CERT_PKEY *cpk = c->pkeys + i;
251
        X509_free(cpk->x509);
252
        cpk->x509 = NULL;
253
        EVP_PKEY_free(cpk->privatekey);
254
        cpk->privatekey = NULL;
255
        OSSL_STACK_OF_X509_free(cpk->chain);
256
        cpk->chain = NULL;
257
        OPENSSL_free(cpk->serverinfo);
258
        cpk->serverinfo = NULL;
259
        cpk->serverinfo_length = 0;
260
#ifndef OPENSSL_NO_COMP_ALG
261
        for (j = 0; j < TLSEXT_comp_cert_limit; j++) {
262
            OSSL_COMP_CERT_free(cpk->comp_cert[j]);
263
            cpk->comp_cert[j] = NULL;
264
            cpk->cert_comp_used = 0;
265
        }
266
#endif
267
    }
268
}
269

270
void ssl_cert_free(CERT *c)
271
{
272
    int i;
273

274
    if (c == NULL)
275
        return;
276
    CRYPTO_DOWN_REF(&c->references, &i);
277
    REF_PRINT_COUNT("CERT", i, c);
278
    if (i > 0)
279
        return;
280
    REF_ASSERT_ISNT(i < 0);
281

282
    EVP_PKEY_free(c->dh_tmp);
283

284
    ssl_cert_clear_certs(c);
285
    OPENSSL_free(c->conf_sigalgs);
286
    OPENSSL_free(c->client_sigalgs);
287
    OPENSSL_free(c->ctype);
288
    X509_STORE_free(c->verify_store);
289
    X509_STORE_free(c->chain_store);
290
    custom_exts_free(&c->custext);
291
#ifndef OPENSSL_NO_PSK
292
    OPENSSL_free(c->psk_identity_hint);
293
#endif
294
    OPENSSL_free(c->pkeys);
295
    CRYPTO_FREE_REF(&c->references);
296
    OPENSSL_free(c);
297
}
298

299
int ssl_cert_set0_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
300
{
301
    int i, r;
302
    CERT_PKEY *cpk = s != NULL ? s->cert->key : ctx->cert->key;
303

304
    if (!cpk)
305
        return 0;
306
    for (i = 0; i < sk_X509_num(chain); i++) {
307
        X509 *x = sk_X509_value(chain, i);
308

309
        r = ssl_security_cert(s, ctx, x, 0, 0);
310
        if (r != 1) {
311
            ERR_raise(ERR_LIB_SSL, r);
312
            return 0;
313
        }
314
    }
315
    OSSL_STACK_OF_X509_free(cpk->chain);
316
    cpk->chain = chain;
317
    return 1;
318
}
319

320
int ssl_cert_set1_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
321
{
322
    STACK_OF(X509) *dchain;
323

324
    if (!chain)
325
        return ssl_cert_set0_chain(s, ctx, NULL);
326
    dchain = X509_chain_up_ref(chain);
327
    if (!dchain)
328
        return 0;
329
    if (!ssl_cert_set0_chain(s, ctx, dchain)) {
330
        OSSL_STACK_OF_X509_free(dchain);
331
        return 0;
332
    }
333
    return 1;
334
}
335

336
int ssl_cert_add0_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
337
{
338
    int r;
339
    CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
340

341
    if (!cpk)
342
        return 0;
343
    r = ssl_security_cert(s, ctx, x, 0, 0);
344
    if (r != 1) {
345
        ERR_raise(ERR_LIB_SSL, r);
346
        return 0;
347
    }
348
    if (!cpk->chain)
349
        cpk->chain = sk_X509_new_null();
350
    if (!cpk->chain || !sk_X509_push(cpk->chain, x))
351
        return 0;
352
    return 1;
353
}
354

355
int ssl_cert_add1_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
356
{
357
    if (!X509_up_ref(x))
358
        return 0;
359
    if (!ssl_cert_add0_chain_cert(s, ctx, x)) {
360
        X509_free(x);
361
        return 0;
362
    }
363
    return 1;
364
}
365

366
int ssl_cert_select_current(CERT *c, X509 *x)
367
{
368
    size_t i;
369

370
    if (x == NULL)
371
        return 0;
372
    for (i = 0; i < c->ssl_pkey_num; i++) {
373
        CERT_PKEY *cpk = c->pkeys + i;
374
        if (cpk->x509 == x && cpk->privatekey) {
375
            c->key = cpk;
376
            return 1;
377
        }
378
    }
379

380
    for (i = 0; i < c->ssl_pkey_num; i++) {
381
        CERT_PKEY *cpk = c->pkeys + i;
382
        if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x)) {
383
            c->key = cpk;
384
            return 1;
385
        }
386
    }
387
    return 0;
388
}
389

390
int ssl_cert_set_current(CERT *c, long op)
391
{
392
    size_t i, idx;
393

394
    if (!c)
395
        return 0;
396
    if (op == SSL_CERT_SET_FIRST)
397
        idx = 0;
398
    else if (op == SSL_CERT_SET_NEXT) {
399
        idx = (size_t)(c->key - c->pkeys + 1);
400
        if (idx >= c->ssl_pkey_num)
401
            return 0;
402
    } else
403
        return 0;
404
    for (i = idx; i < c->ssl_pkey_num; i++) {
405
        CERT_PKEY *cpk = c->pkeys + i;
406
        if (cpk->x509 && cpk->privatekey) {
407
            c->key = cpk;
408
            return 1;
409
        }
410
    }
411
    return 0;
412
}
413

414
void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg)
415
{
416
    c->cert_cb = cb;
417
    c->cert_cb_arg = arg;
418
}
419

420
/*
421
 * Verify a certificate chain/raw public key
422
 * Return codes:
423
 *  1: Verify success
424
 *  0: Verify failure or error
425
 * -1: Retry required
426
 */
427
static int ssl_verify_internal(SSL_CONNECTION *s, STACK_OF(X509) *sk, EVP_PKEY *rpk)
428
{
429
    X509 *x;
430
    int i = 0;
431
    X509_STORE *verify_store;
432
    X509_STORE_CTX *ctx = NULL;
433
    X509_VERIFY_PARAM *param;
434
    SSL_CTX *sctx;
435

436
    /* Something must be passed in */
437
    if ((sk == NULL || sk_X509_num(sk) == 0) && rpk == NULL)
438
        return 0;
439

440
    /* Only one can be set */
441
    if (sk != NULL && rpk != NULL)
442
        return 0;
443

444
    sctx = SSL_CONNECTION_GET_CTX(s);
445
    if (s->cert->verify_store)
446
        verify_store = s->cert->verify_store;
447
    else
448
        verify_store = sctx->cert_store;
449

450
    ctx = X509_STORE_CTX_new_ex(sctx->libctx, sctx->propq);
451
    if (ctx == NULL) {
452
        ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
453
        return 0;
454
    }
455

456
    if (sk != NULL) {
457
        x = sk_X509_value(sk, 0);
458
        if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {
459
            ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
460
            goto end;
461
        }
462
    } else {
463
        if (!X509_STORE_CTX_init_rpk(ctx, verify_store, rpk)) {
464
            ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
465
            goto end;
466
        }
467
    }
468
    param = X509_STORE_CTX_get0_param(ctx);
469
    /*
470
     * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some
471
     * point, for now a single @SECLEVEL sets the same policy for TLS crypto
472
     * and PKI authentication.
473
     */
474
    X509_VERIFY_PARAM_set_auth_level(param,
475
        SSL_get_security_level(SSL_CONNECTION_GET_SSL(s)));
476

477
    /* Set suite B flags if needed */
478
    X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
479
    if (!X509_STORE_CTX_set_ex_data(ctx,
480
            SSL_get_ex_data_X509_STORE_CTX_idx(),
481
            SSL_CONNECTION_GET_USER_SSL(s)))
482
        goto end;
483

484
    /* Verify via DANE if enabled */
485
    if (DANETLS_ENABLED(&s->dane))
486
        X509_STORE_CTX_set0_dane(ctx, &s->dane);
487

488
    /*
489
     * We need to inherit the verify parameters. These can be determined by
490
     * the context: if its a server it will verify SSL client certificates or
491
     * vice versa.
492
     */
493

494
    X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server");
495
    /*
496
     * Anything non-default in "s->param" should overwrite anything in the ctx.
497
     */
498
    X509_VERIFY_PARAM_set1(param, s->param);
499

500
    if (s->verify_callback)
501
        X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
502

503
    if (sctx->app_verify_callback != NULL) {
504
        i = sctx->app_verify_callback(ctx, sctx->app_verify_arg);
505
    } else {
506
        i = X509_verify_cert(ctx);
507
        /* We treat an error in the same way as a failure to verify */
508
        if (i < 0)
509
            i = 0;
510
    }
511

512
    s->verify_result = X509_STORE_CTX_get_error(ctx);
513
    OSSL_STACK_OF_X509_free(s->verified_chain);
514
    s->verified_chain = NULL;
515

516
    if (sk != NULL && X509_STORE_CTX_get0_chain(ctx) != NULL) {
517
        s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
518
        if (s->verified_chain == NULL) {
519
            ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
520
            i = 0;
521
        }
522
    }
523

524
    /* Move peername from the store context params to the SSL handle's */
525
    X509_VERIFY_PARAM_move_peername(s->param, param);
526

527
end:
528
    X509_STORE_CTX_free(ctx);
529
    return i;
530
}
531

532
/*
533
 * Verify a raw public key
534
 * Return codes:
535
 *  1: Verify success
536
 *  0: Verify failure or error
537
 * -1: Retry required
538
 */
539
int ssl_verify_rpk(SSL_CONNECTION *s, EVP_PKEY *rpk)
540
{
541
    return ssl_verify_internal(s, NULL, rpk);
542
}
543

544
/*
545
 * Verify a certificate chain
546
 * Return codes:
547
 *  1: Verify success
548
 *  0: Verify failure or error
549
 * -1: Retry required
550
 */
551
int ssl_verify_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk)
552
{
553
    return ssl_verify_internal(s, sk, NULL);
554
}
555

556
static void set0_CA_list(STACK_OF(X509_NAME) **ca_list,
557
    STACK_OF(X509_NAME) *name_list)
558
{
559
    sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
560
    *ca_list = name_list;
561
}
562

563
STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
564
{
565
    int i;
566
    const int num = sk_X509_NAME_num(sk);
567
    STACK_OF(X509_NAME) *ret;
568
    X509_NAME *name;
569

570
    ret = sk_X509_NAME_new_reserve(NULL, num);
571
    if (ret == NULL) {
572
        ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
573
        return NULL;
574
    }
575
    for (i = 0; i < num; i++) {
576
        name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
577
        if (name == NULL) {
578
            ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
579
            sk_X509_NAME_pop_free(ret, X509_NAME_free);
580
            return NULL;
581
        }
582
        sk_X509_NAME_push(ret, name); /* Cannot fail after reserve call */
583
    }
584
    return ret;
585
}
586

587
void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
588
{
589
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
590

591
    if (sc == NULL)
592
        return;
593

594
    set0_CA_list(&sc->ca_names, name_list);
595
}
596

597
void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
598
{
599
    set0_CA_list(&ctx->ca_names, name_list);
600
}
601

602
const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx)
603
{
604
    return ctx->ca_names;
605
}
606

607
const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s)
608
{
609
    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
610

611
    if (sc == NULL)
612
        return NULL;
613

614
    return sc->ca_names != NULL ? sc->ca_names : s->ctx->ca_names;
615
}
616

617
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
618
{
619
    set0_CA_list(&ctx->client_ca_names, name_list);
620
}
621

622
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
623
{
624
    return ctx->client_ca_names;
625
}
626

627
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
628
{
629
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
630

631
    if (sc == NULL)
632
        return;
633

634
    set0_CA_list(&sc->client_ca_names, name_list);
635
}
636

637
const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
638
{
639
    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
640

641
    if (sc == NULL)
642
        return NULL;
643

644
    return sc->s3.tmp.peer_ca_names;
645
}
646

647
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
648
{
649
    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
650

651
    if (sc == NULL)
652
        return NULL;
653

654
    if (!sc->server)
655
        return sc->s3.tmp.peer_ca_names;
656
    return sc->client_ca_names != NULL ? sc->client_ca_names
657
                                       : s->ctx->client_ca_names;
658
}
659

660
static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
661
{
662
    X509_NAME *name;
663

664
    if (x == NULL)
665
        return 0;
666
    if (*sk == NULL && ((*sk = sk_X509_NAME_new_null()) == NULL))
667
        return 0;
668

669
    if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
670
        return 0;
671

672
    if (!sk_X509_NAME_push(*sk, name)) {
673
        X509_NAME_free(name);
674
        return 0;
675
    }
676
    return 1;
677
}
678

679
int SSL_add1_to_CA_list(SSL *ssl, const X509 *x)
680
{
681
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
682

683
    if (sc == NULL)
684
        return 0;
685

686
    return add_ca_name(&sc->ca_names, x);
687
}
688

689
int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
690
{
691
    return add_ca_name(&ctx->ca_names, x);
692
}
693

694
/*
695
 * The following two are older names are to be replaced with
696
 * SSL(_CTX)_add1_to_CA_list
697
 */
698
int SSL_add_client_CA(SSL *ssl, X509 *x)
699
{
700
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
701

702
    if (sc == NULL)
703
        return 0;
704

705
    return add_ca_name(&sc->client_ca_names, x);
706
}
707

708
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
709
{
710
    return add_ca_name(&ctx->client_ca_names, x);
711
}
712

713
static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
714
{
715
    unsigned char *abuf = NULL, *bbuf = NULL;
716
    int alen, blen, ret;
717

718
    /* X509_NAME_cmp() itself casts away constness in this way, so
719
     * assume it's safe:
720
     */
721
    alen = i2d_X509_NAME((X509_NAME *)a, &abuf);
722
    blen = i2d_X509_NAME((X509_NAME *)b, &bbuf);
723

724
    if (alen < 0 || blen < 0)
725
        ret = -2;
726
    else if (alen != blen)
727
        ret = alen - blen;
728
    else /* alen == blen */
729
        ret = memcmp(abuf, bbuf, alen);
730

731
    OPENSSL_free(abuf);
732
    OPENSSL_free(bbuf);
733

734
    return ret;
735
}
736

737
static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
738
{
739
    return xname_cmp(*a, *b);
740
}
741

742
static unsigned long xname_hash(const X509_NAME *a)
743
{
744
    /* This returns 0 also if SHA1 is not available */
745
    return X509_NAME_hash_ex((X509_NAME *)a, NULL, NULL, NULL);
746
}
747

748
STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
749
    OSSL_LIB_CTX *libctx,
750
    const char *propq)
751
{
752
    BIO *in = BIO_new(BIO_s_file());
753
    X509 *x = NULL;
754
    X509_NAME *xn = NULL;
755
    STACK_OF(X509_NAME) *ret = NULL;
756
    LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
757
    OSSL_LIB_CTX *prev_libctx = NULL;
758

759
    if (file == NULL) {
760
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
761
        goto err;
762
    }
763
    if (name_hash == NULL) {
764
        ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
765
        goto err;
766
    }
767
    if (in == NULL) {
768
        ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);
769
        goto err;
770
    }
771

772
    x = X509_new_ex(libctx, propq);
773
    if (x == NULL) {
774
        ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
775
        goto err;
776
    }
777
    if (BIO_read_filename(in, file) <= 0)
778
        goto err;
779

780
    /* Internally lh_X509_NAME_retrieve() needs the libctx to retrieve SHA1 */
781
    prev_libctx = OSSL_LIB_CTX_set0_default(libctx);
782
    for (;;) {
783
        if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
784
            break;
785
        if (ret == NULL) {
786
            ret = sk_X509_NAME_new_null();
787
            if (ret == NULL) {
788
                ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
789
                goto err;
790
            }
791
        }
792
        if ((xn = X509_get_subject_name(x)) == NULL)
793
            goto err;
794
        /* check for duplicates */
795
        xn = X509_NAME_dup(xn);
796
        if (xn == NULL)
797
            goto err;
798
        if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
799
            /* Duplicate. */
800
            X509_NAME_free(xn);
801
            xn = NULL;
802
        } else {
803
            lh_X509_NAME_insert(name_hash, xn);
804
            if (!sk_X509_NAME_push(ret, xn))
805
                goto err;
806
        }
807
    }
808
    goto done;
809

810
err:
811
    X509_NAME_free(xn);
812
    sk_X509_NAME_pop_free(ret, X509_NAME_free);
813
    ret = NULL;
814
done:
815
    /* restore the old libctx */
816
    OSSL_LIB_CTX_set0_default(prev_libctx);
817
    BIO_free(in);
818
    X509_free(x);
819
    lh_X509_NAME_free(name_hash);
820
    if (ret != NULL)
821
        ERR_clear_error();
822
    return ret;
823
}
824

825
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
826
{
827
    return SSL_load_client_CA_file_ex(file, NULL, NULL);
828
}
829

830
static int add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
831
    const char *file,
832
    LHASH_OF(X509_NAME) *name_hash)
833
{
834
    BIO *in;
835
    X509 *x = NULL;
836
    X509_NAME *xn = NULL;
837
    int ret = 1;
838

839
    in = BIO_new(BIO_s_file());
840

841
    if (in == NULL) {
842
        ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);
843
        goto err;
844
    }
845

846
    if (BIO_read_filename(in, file) <= 0)
847
        goto err;
848

849
    for (;;) {
850
        if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
851
            break;
852
        if ((xn = X509_get_subject_name(x)) == NULL)
853
            goto err;
854
        xn = X509_NAME_dup(xn);
855
        if (xn == NULL)
856
            goto err;
857
        if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
858
            /* Duplicate. */
859
            X509_NAME_free(xn);
860
        } else if (!sk_X509_NAME_push(stack, xn)) {
861
            X509_NAME_free(xn);
862
            goto err;
863
        } else {
864
            /* Successful insert, add to hash table */
865
            lh_X509_NAME_insert(name_hash, xn);
866
        }
867
    }
868

869
    ERR_clear_error();
870
    goto done;
871

872
err:
873
    ret = 0;
874
done:
875
    BIO_free(in);
876
    X509_free(x);
877
    return ret;
878
}
879

880
int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
881
    const char *file)
882
{
883
    X509_NAME *xn = NULL;
884
    int ret = 1;
885
    int idx = 0;
886
    int num = 0;
887
    LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
888

889
    if (file == NULL) {
890
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
891
        goto err;
892
    }
893

894
    if (name_hash == NULL) {
895
        ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
896
        goto err;
897
    }
898

899
    /*
900
     * Pre-populate the lhash with the existing entries of the stack, since
901
     * using the LHASH_OF is much faster for duplicate checking. That's because
902
     * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
903
     * for every single invocation of the comparison function.
904
     */
905
    num = sk_X509_NAME_num(stack);
906
    for (idx = 0; idx < num; idx++) {
907
        xn = sk_X509_NAME_value(stack, idx);
908
        lh_X509_NAME_insert(name_hash, xn);
909
    }
910

911
    ret = add_file_cert_subjects_to_stack(stack, file, name_hash);
912
    goto done;
913

914
err:
915
    ret = 0;
916
done:
917
    lh_X509_NAME_free(name_hash);
918
    return ret;
919
}
920

921
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
922
    const char *dir)
923
{
924
    OPENSSL_DIR_CTX *d = NULL;
925
    const char *filename;
926
    int ret = 0;
927
    X509_NAME *xn = NULL;
928
    int idx = 0;
929
    int num = 0;
930
    LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
931

932
    if (name_hash == NULL) {
933
        ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
934
        goto err;
935
    }
936

937
    /*
938
     * Pre-populate the lhash with the existing entries of the stack, since
939
     * using the LHASH_OF is much faster for duplicate checking. That's because
940
     * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
941
     * for every single invocation of the comparison function.
942
     */
943
    num = sk_X509_NAME_num(stack);
944
    for (idx = 0; idx < num; idx++) {
945
        xn = sk_X509_NAME_value(stack, idx);
946
        lh_X509_NAME_insert(name_hash, xn);
947
    }
948

949
    while ((filename = OPENSSL_DIR_read(&d, dir))) {
950
        char buf[1024];
951
        int r;
952
#ifndef OPENSSL_NO_POSIX_IO
953
        struct stat st;
954

955
#else
956
        /* Cannot use stat so just skip current and parent directories */
957
        if (strcmp(filename, ".") == 0 || strcmp(filename, "..") == 0)
958
            continue;
959
#endif
960
        if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {
961
            ERR_raise(ERR_LIB_SSL, SSL_R_PATH_TOO_LONG);
962
            goto err;
963
        }
964
#ifdef OPENSSL_SYS_VMS
965
        r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename);
966
#else
967
        r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename);
968
#endif
969
#ifndef OPENSSL_NO_POSIX_IO
970
        /* Skip subdirectories */
971
        if (!stat(buf, &st) && S_ISDIR(st.st_mode))
972
            continue;
973
#endif
974
        if (r <= 0 || r >= (int)sizeof(buf))
975
            goto err;
976
        if (!add_file_cert_subjects_to_stack(stack, buf, name_hash))
977
            goto err;
978
    }
979

980
    if (errno) {
981
        ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
982
            "calling OPENSSL_dir_read(%s)", dir);
983
        ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
984
        goto err;
985
    }
986

987
    ret = 1;
988

989
err:
990
    if (d)
991
        OPENSSL_DIR_end(&d);
992
    lh_X509_NAME_free(name_hash);
993

994
    return ret;
995
}
996

997
static int add_uris_recursive(STACK_OF(X509_NAME) *stack,
998
    const char *uri, int depth)
999
{
1000
    int ok = 1;
1001
    OSSL_STORE_CTX *ctx = NULL;
1002
    X509 *x = NULL;
1003
    X509_NAME *xn = NULL;
1004
    OSSL_STORE_INFO *info = NULL;
1005

1006
    if ((ctx = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL)) == NULL)
1007
        goto err;
1008

1009
    while (!OSSL_STORE_eof(ctx) && !OSSL_STORE_error(ctx)) {
1010
        int infotype;
1011

1012
        if ((info = OSSL_STORE_load(ctx)) == NULL)
1013
            continue;
1014
        infotype = OSSL_STORE_INFO_get_type(info);
1015

1016
        if (infotype == OSSL_STORE_INFO_NAME) {
1017
            /*
1018
             * This is an entry in the "directory" represented by the current
1019
             * uri.  if |depth| allows, dive into it.
1020
             */
1021
            if (depth > 0)
1022
                ok = add_uris_recursive(stack, OSSL_STORE_INFO_get0_NAME(info),
1023
                    depth - 1);
1024
        } else if (infotype == OSSL_STORE_INFO_CERT) {
1025
            if ((x = OSSL_STORE_INFO_get0_CERT(info)) == NULL
1026
                || (xn = X509_get_subject_name(x)) == NULL
1027
                || (xn = X509_NAME_dup(xn)) == NULL)
1028
                goto err;
1029
            if (sk_X509_NAME_find(stack, xn) >= 0) {
1030
                /* Duplicate. */
1031
                X509_NAME_free(xn);
1032
            } else if (!sk_X509_NAME_push(stack, xn)) {
1033
                X509_NAME_free(xn);
1034
                goto err;
1035
            }
1036
        }
1037

1038
        OSSL_STORE_INFO_free(info);
1039
        info = NULL;
1040
    }
1041

1042
    ERR_clear_error();
1043
    goto done;
1044

1045
err:
1046
    ok = 0;
1047
    OSSL_STORE_INFO_free(info);
1048
done:
1049
    OSSL_STORE_close(ctx);
1050

1051
    return ok;
1052
}
1053

1054
int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
1055
    const char *store)
1056
{
1057
    int (*oldcmp)(const X509_NAME *const *a, const X509_NAME *const *b)
1058
        = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
1059
    int ret = add_uris_recursive(stack, store, 1);
1060

1061
    (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
1062
    return ret;
1063
}
1064

1065
/* Build a certificate chain for current certificate */
1066
int ssl_build_cert_chain(SSL_CONNECTION *s, SSL_CTX *ctx, int flags)
1067
{
1068
    CERT *c = s != NULL ? s->cert : ctx->cert;
1069
    CERT_PKEY *cpk = c->key;
1070
    X509_STORE *chain_store = NULL;
1071
    X509_STORE_CTX *xs_ctx = NULL;
1072
    STACK_OF(X509) *chain = NULL, *untrusted = NULL;
1073
    X509 *x;
1074
    SSL_CTX *real_ctx = (s == NULL) ? ctx : SSL_CONNECTION_GET_CTX(s);
1075
    int i, rv = 0;
1076

1077
    if (cpk->x509 == NULL) {
1078
        ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_SET);
1079
        goto err;
1080
    }
1081
    /* Rearranging and check the chain: add everything to a store */
1082
    if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) {
1083
        chain_store = X509_STORE_new();
1084
        if (chain_store == NULL)
1085
            goto err;
1086
        for (i = 0; i < sk_X509_num(cpk->chain); i++) {
1087
            x = sk_X509_value(cpk->chain, i);
1088
            if (!X509_STORE_add_cert(chain_store, x))
1089
                goto err;
1090
        }
1091
        /* Add EE cert too: it might be self signed */
1092
        if (!X509_STORE_add_cert(chain_store, cpk->x509))
1093
            goto err;
1094
    } else {
1095
        if (c->chain_store != NULL)
1096
            chain_store = c->chain_store;
1097
        else
1098
            chain_store = real_ctx->cert_store;
1099

1100
        if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
1101
            untrusted = cpk->chain;
1102
    }
1103

1104
    xs_ctx = X509_STORE_CTX_new_ex(real_ctx->libctx, real_ctx->propq);
1105
    if (xs_ctx == NULL) {
1106
        ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
1107
        goto err;
1108
    }
1109
    if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) {
1110
        ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
1111
        goto err;
1112
    }
1113
    /* Set suite B flags if needed */
1114
    X509_STORE_CTX_set_flags(xs_ctx,
1115
        c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
1116

1117
    i = X509_verify_cert(xs_ctx);
1118
    if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) {
1119
        if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)
1120
            ERR_clear_error();
1121
        i = 1;
1122
        rv = 2;
1123
    }
1124
    if (i > 0)
1125
        chain = X509_STORE_CTX_get1_chain(xs_ctx);
1126
    if (i <= 0) {
1127
        i = X509_STORE_CTX_get_error(xs_ctx);
1128
        ERR_raise_data(ERR_LIB_SSL, SSL_R_CERTIFICATE_VERIFY_FAILED,
1129
            "Verify error:%s", X509_verify_cert_error_string(i));
1130

1131
        goto err;
1132
    }
1133
    /* Remove EE certificate from chain */
1134
    x = sk_X509_shift(chain);
1135
    X509_free(x);
1136
    if (flags & SSL_BUILD_CHAIN_FLAG_NO_ROOT) {
1137
        if (sk_X509_num(chain) > 0) {
1138
            /* See if last cert is self signed */
1139
            x = sk_X509_value(chain, sk_X509_num(chain) - 1);
1140
            if (X509_get_extension_flags(x) & EXFLAG_SS) {
1141
                x = sk_X509_pop(chain);
1142
                X509_free(x);
1143
            }
1144
        }
1145
    }
1146
    /*
1147
     * Check security level of all CA certificates: EE will have been checked
1148
     * already.
1149
     */
1150
    for (i = 0; i < sk_X509_num(chain); i++) {
1151
        x = sk_X509_value(chain, i);
1152
        rv = ssl_security_cert(s, ctx, x, 0, 0);
1153
        if (rv != 1) {
1154
            ERR_raise(ERR_LIB_SSL, rv);
1155
            OSSL_STACK_OF_X509_free(chain);
1156
            rv = 0;
1157
            goto err;
1158
        }
1159
    }
1160
    OSSL_STACK_OF_X509_free(cpk->chain);
1161
    cpk->chain = chain;
1162
    if (rv == 0)
1163
        rv = 1;
1164
err:
1165
    if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
1166
        X509_STORE_free(chain_store);
1167
    X509_STORE_CTX_free(xs_ctx);
1168

1169
    return rv;
1170
}
1171

1172
int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
1173
{
1174
    X509_STORE **pstore;
1175

1176
    if (ref && store && !X509_STORE_up_ref(store))
1177
        return 0;
1178

1179
    if (chain)
1180
        pstore = &c->chain_store;
1181
    else
1182
        pstore = &c->verify_store;
1183
    X509_STORE_free(*pstore);
1184
    *pstore = store;
1185

1186
    return 1;
1187
}
1188

1189
int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain)
1190
{
1191
    *pstore = (chain ? c->chain_store : c->verify_store);
1192
    return 1;
1193
}
1194

1195
int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
1196
{
1197
    int level;
1198
    /*
1199
     * note that there's a corresponding minbits_table
1200
     * in crypto/x509/x509_vfy.c that's used for checking the security level
1201
     * of RSA and DSA keys
1202
     */
1203
    static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 };
1204

1205
    if (ctx != NULL)
1206
        level = SSL_CTX_get_security_level(ctx);
1207
    else
1208
        level = SSL_get_security_level(s);
1209

1210
    if (level > 5)
1211
        level = 5;
1212
    else if (level < 0)
1213
        level = 0;
1214

1215
    if (levelp != NULL)
1216
        *levelp = level;
1217

1218
    return minbits_table[level];
1219
}
1220

1221
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
1222
    int op, int bits, int nid, void *other,
1223
    void *ex)
1224
{
1225
    int level, minbits, pfs_mask;
1226
    const SSL_CONNECTION *sc;
1227

1228
    minbits = ssl_get_security_level_bits(s, ctx, &level);
1229

1230
    if (level == 0) {
1231
        /*
1232
         * No EDH keys weaker than 1024-bits even at level 0, otherwise,
1233
         * anything goes.
1234
         */
1235
        if (op == SSL_SECOP_TMP_DH && bits < 80)
1236
            return 0;
1237
        return 1;
1238
    }
1239
    switch (op) {
1240
    case SSL_SECOP_CIPHER_SUPPORTED:
1241
    case SSL_SECOP_CIPHER_SHARED:
1242
    case SSL_SECOP_CIPHER_CHECK: {
1243
        const SSL_CIPHER *c = other;
1244
        /* No ciphers below security level */
1245
        if (bits < minbits)
1246
            return 0;
1247
        /* No unauthenticated ciphersuites */
1248
        if (c->algorithm_auth & SSL_aNULL)
1249
            return 0;
1250
        /* No MD5 mac ciphersuites */
1251
        if (c->algorithm_mac & SSL_MD5)
1252
            return 0;
1253
        /* SHA1 HMAC is 160 bits of security */
1254
        if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
1255
            return 0;
1256
        /* Level 3: forward secure ciphersuites only */
1257
        pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK;
1258
        if (level >= 3 && c->min_tls != TLS1_3_VERSION && !(c->algorithm_mkey & pfs_mask))
1259
            return 0;
1260
        break;
1261
    }
1262
    case SSL_SECOP_VERSION:
1263
        if ((sc = SSL_CONNECTION_FROM_CONST_SSL(s)) == NULL)
1264
            return 0;
1265
        if (!SSL_CONNECTION_IS_DTLS(sc)) {
1266
            /* SSLv3, TLS v1.0 and TLS v1.1 only allowed at level 0 */
1267
            if (nid <= TLS1_1_VERSION && level > 0)
1268
                return 0;
1269
        } else {
1270
            /* DTLS v1.0 only allowed at level 0 */
1271
            if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level > 0)
1272
                return 0;
1273
        }
1274
        break;
1275

1276
    case SSL_SECOP_COMPRESSION:
1277
        if (level >= 2)
1278
            return 0;
1279
        break;
1280
    case SSL_SECOP_TICKET:
1281
        if (level >= 3)
1282
            return 0;
1283
        break;
1284
    default:
1285
        if (bits < minbits)
1286
            return 0;
1287
    }
1288
    return 1;
1289
}
1290

1291
int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid, void *other)
1292
{
1293
    return s->cert->sec_cb(SSL_CONNECTION_GET_USER_SSL(s), NULL, op, bits, nid,
1294
        other, s->cert->sec_ex);
1295
}
1296

1297
int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
1298
{
1299
    return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
1300
        ctx->cert->sec_ex);
1301
}
1302

1303
int ssl_cert_lookup_by_nid(int nid, size_t *pidx, SSL_CTX *ctx)
1304
{
1305
    size_t i;
1306

1307
    for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
1308
        if (ssl_cert_info[i].pkey_nid == nid) {
1309
            *pidx = i;
1310
            return 1;
1311
        }
1312
    }
1313
    for (i = 0; i < ctx->sigalg_list_len; i++) {
1314
        if (ctx->ssl_cert_info[i].pkey_nid == nid) {
1315
            *pidx = SSL_PKEY_NUM + i;
1316
            return 1;
1317
        }
1318
    }
1319
    return 0;
1320
}
1321

1322
const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx, SSL_CTX *ctx)
1323
{
1324
    size_t i;
1325

1326
    /* check classic pk types */
1327
    for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
1328
        const SSL_CERT_LOOKUP *tmp_lu = &ssl_cert_info[i];
1329

1330
        if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->pkey_nid))
1331
            || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->pkey_nid))) {
1332
            if (pidx != NULL)
1333
                *pidx = i;
1334
            return tmp_lu;
1335
        }
1336
    }
1337
    /* check provider-loaded pk types */
1338
    for (i = 0; i < ctx->sigalg_list_len; i++) {
1339
        SSL_CERT_LOOKUP *tmp_lu = &(ctx->ssl_cert_info[i]);
1340

1341
        if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->pkey_nid))
1342
            || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->pkey_nid))) {
1343
            if (pidx != NULL)
1344
                *pidx = SSL_PKEY_NUM + i;
1345
            return &ctx->ssl_cert_info[i];
1346
        }
1347
    }
1348

1349
    return NULL;
1350
}
1351

1352
const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx, SSL_CTX *ctx)
1353
{
1354
    if (idx >= (OSSL_NELEM(ssl_cert_info) + ctx->sigalg_list_len))
1355
        return NULL;
1356
    else if (idx >= (OSSL_NELEM(ssl_cert_info)))
1357
        return &(ctx->ssl_cert_info[idx - SSL_PKEY_NUM]);
1358
    return &ssl_cert_info[idx];
1359
}
1360

1361