Ana Sayfa Keşfet Yardım
Giriş Yap
OWEALs
/
wolfssl
şunun yansıması https://github.com/wolfSSL/wolfssl.git
2
0
Çatalla 0
Dosyalar Sorunlar 8 Wiki
Ağaç: ef14176b7f
Dallar Biçim İmleri
wolfssl
/
src
/
x509_str.c

x509_str.c 39 KB
Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338 
  1. /* x509_str.c
    2. 

  2.  *
    3. 

  3.  * Copyright (C) 2006-2023 wolfSSL Inc.
    4. 

  4.  *
    5. 

  5.  * This file is part of wolfSSL.
    6. 

  6.  *
    7. 

  7.  * wolfSSL is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU General Public License as published by
    9. 

  9.  * the Free Software Foundation; either version 2 of the License, or
    10. 

  10.  * (at your option) any later version.
    11. 

  11.  *
    12. 

  12.  * wolfSSL is distributed in the hope that it will be useful,
    13. 

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.  * GNU General Public License for more details.
    16. 

  16.  *
    17. 

  17.  * You should have received a copy of the GNU General Public License
    18. 

  18.  * along with this program; if not, write to the Free Software
    19. 

  19.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
    20. 

  20.  */
    21. 

  21. 

  22. 

  23. #ifdef HAVE_CONFIG_H
    24. 

  24.     #include <config.h>
    25. 

  25. #endif
    26. 

  26. 

  27. #include <wolfssl/wolfcrypt/settings.h>
    28. 

  28. 

  29. #if !defined(WOLFSSL_X509_STORE_INCLUDED)
    30. 

  30.     #ifndef WOLFSSL_IGNORE_FILE_WARN
    31. 

  31.         #warning x509_str.c does not need to be compiled separately from ssl.c
    32. 

  32.     #endif
    33. 

  33. #else
    34. 

  34. 

  35. #ifndef WOLFCRYPT_ONLY
    36. 

  36. 

  37. #ifndef NO_CERTS
    38. 

  38. 

  39. /*******************************************************************************
    40. 

  40.  * START OF X509_STORE_CTX APIs
    41. 

  41.  ******************************************************************************/
    42. 

  42. 

  43. #ifdef OPENSSL_EXTRA
    44. 

  44. 

  45. WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)
    46. 

  46. {
    47. 

  47.     WOLFSSL_X509_STORE_CTX* ctx;
    48. 

  48.     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_new");
    49. 

  49. 

  50.     ctx = (WOLFSSL_X509_STORE_CTX*)XMALLOC(sizeof(WOLFSSL_X509_STORE_CTX), NULL,
    51. 

  51.                                     DYNAMIC_TYPE_X509_CTX);
    52. 

  52.     if (ctx != NULL) {
    53. 

  53.         ctx->param = NULL;
    54. 

  54.         if (wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) !=
    55. 

  55.                 WOLFSSL_SUCCESS) {
    56. 

  56.             XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX);
    57. 

  57.             ctx = NULL;
    58. 

  58.         }
    59. 

  59.     }
    60. 

  60. 

  61.     return ctx;
    62. 

  62. }
    63. 

  63. 

  64. 

  65. int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
    66. 

  66.      WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)* sk)
    67. 

  67. {
    68. 

  68.     int ret = 0;
    69. 

  69.     (void)sk;
    70. 

  70.     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init");
    71. 

  71. 

  72.     if (ctx != NULL) {
    73. 

  73.         ctx->store = store;
    74. 

  74.         #ifndef WOLFSSL_X509_STORE_CERTS
    75. 

  75.         ctx->current_cert = x509;
    76. 

  76.         #else
    77. 

  77.         if(x509 != NULL){
    78. 

  78.             ctx->current_cert = wolfSSL_X509_d2i(NULL, x509->derCert->buffer,
    79. 

  79.                     x509->derCert->length);
    80. 

  80.             if(ctx->current_cert == NULL)
    81. 

  81.                 return WOLFSSL_FAILURE;
    82. 

  82.         } else
    83. 

  83.             ctx->current_cert = NULL;
    84. 

  84.         #endif
    85. 

  85. 

  86.         ctx->chain  = sk;
    87. 

  87.         /* Add intermediate certs, that verify to a loaded CA, to the store */
    88. 

  88.         if (sk != NULL) {
    89. 

  89.             byte addedAtLeastOne = 1;
    90. 

  90.             WOLF_STACK_OF(WOLFSSL_X509)* head = wolfSSL_shallow_sk_dup(sk);
    91. 

  91.             if (head == NULL)
    92. 

  92.                 return WOLFSSL_FAILURE;
    93. 

  93.             while (addedAtLeastOne) {
    94. 

  94.                 WOLF_STACK_OF(WOLFSSL_X509)* cur = head;
    95. 

  95.                 WOLF_STACK_OF(WOLFSSL_X509)** prev = &head;
    96. 

  96.                 addedAtLeastOne = 0;
    97. 

  97.                 while (cur) {
    98. 

  98.                     WOLFSSL_X509* cert = cur->data.x509;
    99. 

  99.                     if (cert != NULL && cert->derCert != NULL &&
    100. 

  100.                             wolfSSL_CertManagerVerifyBuffer(store->cm,
    101. 

  101.                                     cert->derCert->buffer,
    102. 

  102.                                     cert->derCert->length,
    103. 

  103.                                     WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) {
    104. 

  104.                         ret = wolfSSL_X509_STORE_add_cert(store, cert);
    105. 

  105.                         if (ret < 0) {
    106. 

  106.                             wolfSSL_sk_free(head);
    107. 

  107.                             return WOLFSSL_FAILURE;
    108. 

  108.                         }
    109. 

  109.                         addedAtLeastOne = 1;
    110. 

  110.                         *prev = cur->next;
    111. 

  111.                         wolfSSL_sk_free_node(cur);
    112. 

  112.                         cur = *prev;
    113. 

  113.                     }
    114. 

  114.                     else {
    115. 

  115.                         prev = &cur->next;
    116. 

  116.                         cur = cur->next;
    117. 

  117.                     }
    118. 

  118.                 }
    119. 

  119.             }
    120. 

  120.             wolfSSL_sk_free(head);
    121. 

  121.         }
    122. 

  122. 

  123.         ctx->sesChain = NULL;
    124. 

  124.         ctx->domain = NULL;
    125. 

  125. #ifdef HAVE_EX_DATA
    126. 

  126.         XMEMSET(&ctx->ex_data, 0, sizeof(ctx->ex_data));
    127. 

  127. #endif
    128. 

  128.         ctx->userCtx = NULL;
    129. 

  129.         ctx->error = 0;
    130. 

  130.         ctx->error_depth = 0;
    131. 

  131.         ctx->discardSessionCerts = 0;
    132. 

  132. 

  133.         if (ctx->param == NULL) {
    134. 

  134.             ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
    135. 

  135.                            sizeof(WOLFSSL_X509_VERIFY_PARAM),
    136. 

  136.                            NULL, DYNAMIC_TYPE_OPENSSL);
    137. 

  137.             if (ctx->param == NULL){
    138. 

  138.                 WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init failed");
    139. 

  139.                 return WOLFSSL_FAILURE;
    140. 

  140.             }
    141. 

  141.         }
    142. 

  142. 

  143.         return WOLFSSL_SUCCESS;
    144. 

  144.     }
    145. 

  145.     return WOLFSSL_FAILURE;
    146. 

  146. }
    147. 

  147. 

  148. 

  149. /* free's extra data */
    150. 

  150. void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
    151. 

  151. {
    152. 

  152.     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_free");
    153. 

  153.     if (ctx != NULL) {
    154. 

  154. #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
    155. 

  155.         wolfSSL_CRYPTO_cleanup_ex_data(&ctx->ex_data);
    156. 

  156. #endif
    157. 

  157. 

  158.         if (ctx->param != NULL) {
    159. 

  159.             XFREE(ctx->param, NULL, DYNAMIC_TYPE_OPENSSL);
    160. 

  160.             ctx->param = NULL;
    161. 

  161.         }
    162. 

  162. 

  163.         XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX);
    164. 

  164.     }
    165. 

  165. }
    166. 

  166. 

  167. /* Its recommended to use a full free -> init cycle of all the objects
    168. 

  168.  * because wolfSSL_X509_STORE_CTX_init may modify the store too which doesn't
    169. 

  169.  * get reset here. */
    170. 

  170. void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx)
    171. 

  171. {
    172. 

  172.     if (ctx != NULL) {
    173. 

  173. 

  174.         if (ctx->param != NULL) {
    175. 

  175.             XFREE(ctx->param, NULL, DYNAMIC_TYPE_OPENSSL);
    176. 

  176.             ctx->param = NULL;
    177. 

  177.         }
    178. 

  178. 

  179.         wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
    180. 

  180.     }
    181. 

  181. }
    182. 

  182. 

  183. 

  184. void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, WOLF_STACK_OF(WOLFSSL_X509) *sk)
    185. 

  185. {
    186. 

  186.     if (ctx != NULL) {
    187. 

  187.         ctx->chain = sk;
    188. 

  188.     }
    189. 

  189. }
    190. 

  190. 

  191. 

  192. /* Returns corresponding X509 error from internal ASN error <e> */
    193. 

  193. int GetX509Error(int e)
    194. 

  194. {
    195. 

  195.     switch (e) {
    196. 

  196.         case ASN_BEFORE_DATE_E:
    197. 

  197.             return WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID;
    198. 

  198.         case ASN_AFTER_DATE_E:
    199. 

  199.             return WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED;
    200. 

  200.         case ASN_NO_SIGNER_E: /* get issuer error if no CA found locally */
    201. 

  201.             return WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
    202. 

  202.         case ASN_SELF_SIGNED_E:
    203. 

  203.             return WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
    204. 

  204.         case ASN_PATHLEN_INV_E:
    205. 

  205.         case ASN_PATHLEN_SIZE_E:
    206. 

  206.             return WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED;
    207. 

  207.         case ASN_SIG_OID_E:
    208. 

  208.         case ASN_SIG_CONFIRM_E:
    209. 

  209.         case ASN_SIG_HASH_E:
    210. 

  210.         case ASN_SIG_KEY_E:
    211. 

  211.             return WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE;
    212. 

  212.         case CRL_CERT_REVOKED:
    213. 

  213.             return WOLFSSL_X509_V_ERR_CERT_REVOKED;
    214. 

  214.         case 0:
    215. 

  215.         case 1:
    216. 

  216.             return 0;
    217. 

  217.         default:
    218. 

  218. #ifdef HAVE_WOLFSSL_MSG_EX
    219. 

  219.             WOLFSSL_MSG_EX("Error not configured or implemented yet: %d", e);
    220. 

  220. #else
    221. 

  221.             WOLFSSL_MSG("Error not configured or implemented yet");
    222. 

  222. #endif
    223. 

  223.             return e;
    224. 

  224.     }
    225. 

  225. }
    226. 

  226. 

  227. static void SetupStoreCtxError(WOLFSSL_X509_STORE_CTX* ctx, int ret)
    228. 

  228. {
    229. 

  229.     int depth = 0;
    230. 

  230.     int error = GetX509Error(ret);
    231. 

  231. 

  232.     /* Set error depth */
    233. 

  233.     if (ctx->chain)
    234. 

  234.         depth = (int)ctx->chain->num;
    235. 

  235. 

  236.     wolfSSL_X509_STORE_CTX_set_error(ctx, error);
    237. 

  237.     wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth);
    238. 

  238. }
    239. 

  239. 

  240. /* Verifies certificate chain using WOLFSSL_X509_STORE_CTX
    241. 

  241.  * returns 0 on success or < 0 on failure.
    242. 

  242.  */
    243. 

  243. int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
    244. 

  244. {
    245. 

  245.     WOLFSSL_ENTER("wolfSSL_X509_verify_cert");
    246. 

  246. 

  247.     if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
    248. 

  248.          && ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) {
    249. 

  249.         int ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm,
    250. 

  250.                 ctx->current_cert->derCert->buffer,
    251. 

  251.                 ctx->current_cert->derCert->length,
    252. 

  252.                 WOLFSSL_FILETYPE_ASN1);
    253. 

  253.         SetupStoreCtxError(ctx, ret);
    254. 

  254. 

  255.     #ifndef NO_ASN_TIME
    256. 

  256.         if (ret != ASN_BEFORE_DATE_E && ret != ASN_AFTER_DATE_E) {
    257. 

  257.             /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or
    258. 

  258.              ASN_BEFORE_DATE_E if there are no additional errors found in the
    259. 

  259.              cert. Therefore, check if the cert is expired or not yet valid
    260. 

  260.              in order to return the correct expected error. */
    261. 

  261.             byte *afterDate = ctx->current_cert->notAfter.data;
    262. 

  262.             byte *beforeDate = ctx->current_cert->notBefore.data;
    263. 

  263. 

  264.             if (XVALIDATE_DATE(afterDate,
    265. 

  265.                         (byte)ctx->current_cert->notAfter.type, AFTER) < 1) {
    266. 

  266.                 ret = ASN_AFTER_DATE_E;
    267. 

  267.             }
    268. 

  268.             else if (XVALIDATE_DATE(beforeDate,
    269. 

  269.                         (byte)ctx->current_cert->notBefore.type, BEFORE) < 1) {
    270. 

  270.                 ret = ASN_BEFORE_DATE_E;
    271. 

  271.             }
    272. 

  272.             SetupStoreCtxError(ctx, ret);
    273. 

  273.         }
    274. 

  274.     #endif
    275. 

  275. 

  276.     #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
    277. 

  277.         if (ctx->store && ctx->store->verify_cb)
    278. 

  278.             ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : -1;
    279. 

  279.     #endif
    280. 

  280. 

  281.         return ret >= 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
    282. 

  282.     }
    283. 

  283.     return WOLFSSL_FATAL_ERROR;
    284. 

  284. }
    285. 

  285. 

  286. #endif /* OPENSSL_EXTRA */
    287. 

  287. 

  288. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
    289. 

  289.     WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
    290. 

  290.                                                     WOLFSSL_X509_STORE_CTX* ctx)
    291. 

  291.     {
    292. 

  292.         WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert");
    293. 

  293.         if (ctx)
    294. 

  294.             return ctx->current_cert;
    295. 

  295.         return NULL;
    296. 

  296.     }
    297. 

  297. 

  298. 

  299.     int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx)
    300. 

  300.     {
    301. 

  301.         WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error");
    302. 

  302.         if (ctx != NULL)
    303. 

  303.             return ctx->error;
    304. 

  304.         return 0;
    305. 

  305.     }
    306. 

  306. 

  307. 

  308.     int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx)
    309. 

  309.     {
    310. 

  310.         WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error_depth");
    311. 

  311.         if(ctx)
    312. 

  312.             return ctx->error_depth;
    313. 

  313.         return WOLFSSL_FATAL_ERROR;
    314. 

  314.     }
    315. 

  315. 

  316. /* get X509_STORE_CTX ex_data, max idx is MAX_EX_DATA */
    317. 

  317. void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
    318. 

  318. {
    319. 

  319.     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_ex_data");
    320. 

  320. #ifdef HAVE_EX_DATA
    321. 

  321.     if (ctx != NULL) {
    322. 

  322.         return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx);
    323. 

  323.     }
    324. 

  324. #else
    325. 

  325.     (void)ctx;
    326. 

  326.     (void)idx;
    327. 

  327. #endif
    328. 

  328.     return NULL;
    329. 

  329. }
    330. 

  330. #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
    331. 

  331. 

  332. #ifdef OPENSSL_EXTRA
    333. 

  333.     void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx,
    334. 

  334.                                   WOLFSSL_X509_STORE_CTX_verify_cb verify_cb)
    335. 

  335.     {
    336. 

  336.         WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_verify_cb");
    337. 

  337.         if(ctx == NULL)
    338. 

  338.             return;
    339. 

  339.         ctx->verify_cb = verify_cb;
    340. 

  340.     }
    341. 

  341. 

  342. /* Gets pointer to X509_STORE that was used to create context.
    343. 

  343.  *
    344. 

  344.  * Return valid pointer on success, NULL if ctx was NULL or not initialized
    345. 

  345.  */
    346. 

  346. WOLFSSL_X509_STORE* wolfSSL_X509_STORE_CTX_get0_store(
    347. 

  347.         WOLFSSL_X509_STORE_CTX* ctx)
    348. 

  348. {
    349. 

  349.     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get0_store");
    350. 

  350. 

  351.     if (ctx == NULL)
    352. 

  352.         return NULL;
    353. 

  353. 

  354.     return ctx->store;
    355. 

  355. }
    356. 

  356. 

  357. WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_cert(WOLFSSL_X509_STORE_CTX* ctx)
    358. 

  358. {
    359. 

  359.     if (ctx == NULL)
    360. 

  360.         return NULL;
    361. 

  361. 

  362.     return ctx->current_cert;
    363. 

  363. }
    364. 

  364. 

  365. void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx,
    366. 

  366.                                     unsigned long flags,
    367. 

  367.                                     time_t t)
    368. 

  368. {
    369. 

  369.     (void)flags;
    370. 

  370. 

  371.     if (ctx == NULL || ctx->param == NULL)
    372. 

  372.         return;
    373. 

  373. 

  374.     ctx->param->check_time = t;
    375. 

  375.     ctx->param->flags |= WOLFSSL_USE_CHECK_TIME;
    376. 

  376. }
    377. 

  377. 

  378. #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
    379. 

  379. #ifndef NO_WOLFSSL_STUB
    380. 

  380. int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx,
    381. 

  381.                                        int purpose)
    382. 

  382. {
    383. 

  383.     (void)ctx;
    384. 

  384.     (void)purpose;
    385. 

  385.     WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_purpose (not implemented)");
    386. 

  386.     return 0;
    387. 

  387. }
    388. 

  388. 

  389. void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
    390. 

  390.         unsigned long flags)
    391. 

  391. {
    392. 

  392.     (void)ctx;
    393. 

  393.     (void)flags;
    394. 

  394.     WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_flags (not implemented)");
    395. 

  395. }
    396. 

  396. #endif /* !NO_WOLFSSL_STUB */
    397. 

  397. 

  398. #endif /* WOLFSSL_QT || OPENSSL_ALL */
    399. 

  399. #endif /* OPENSSL_EXTRA */
    400. 

  400. 

  401. #ifdef OPENSSL_EXTRA
    402. 

  402. 

  403. /* set X509_STORE_CTX ex_data, max idx is MAX_EX_DATA. Return WOLFSSL_SUCCESS
    404. 

  404.  * on success, WOLFSSL_FAILURE on error. */
    405. 

  405. int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx,
    406. 

  406.                                        void *data)
    407. 

  407. {
    408. 

  408.     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_ex_data");
    409. 

  409. #ifdef HAVE_EX_DATA
    410. 

  410.     if (ctx != NULL)
    411. 

  411.     {
    412. 

  412.         return wolfSSL_CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
    413. 

  413.     }
    414. 

  414. #else
    415. 

  415.     (void)ctx;
    416. 

  416.     (void)idx;
    417. 

  417.     (void)data;
    418. 

  418. #endif
    419. 

  419.     return WOLFSSL_FAILURE;
    420. 

  420. }
    421. 

  421. 

  422. #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
    423. 

  423. /* set X509_STORE_CTX ex_data, max idx is MAX_EX_DATA. Return WOLFSSL_SUCCESS
    424. 

  424.  * on success, WOLFSSL_FAILURE on error. */
    425. 

  425. int wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup(
    426. 

  426.     WOLFSSL_X509_STORE_CTX* ctx,
    427. 

  427.     int idx,
    428. 

  428.     void *data,
    429. 

  429.     wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
    430. 

  430. {
    431. 

  431.     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup");
    432. 

  432.     if (ctx != NULL)
    433. 

  433.     {
    434. 

  434.         return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data,
    435. 

  435.                                                        cleanup_routine);
    436. 

  436.     }
    437. 

  437.     return WOLFSSL_FAILURE;
    438. 

  438. }
    439. 

  439. #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
    440. 

  440. 

  441. #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL)
    442. 

  442. void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx, int depth)
    443. 

  443. {
    444. 

  444.     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_depth");
    445. 

  445.     if (ctx)
    446. 

  446.         ctx->depth = depth;
    447. 

  447. }
    448. 

  448. #endif
    449. 

  449. 

  450. 

  451. WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer(
    452. 

  452.         WOLFSSL_X509_STORE_CTX* ctx)
    453. 

  453. {
    454. 

  454.     int ret;
    455. 

  455.     WOLFSSL_X509* issuer;
    456. 

  456. 

  457.     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get0_current_issuer");
    458. 

  458. 

  459.     if (ctx == NULL) {
    460. 

  460.         return NULL;
    461. 

  461.     }
    462. 

  462. 

  463.     ret = wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, ctx->current_cert);
    464. 

  464.     if (ret == WOLFSSL_SUCCESS) {
    465. 

  465.         return issuer;
    466. 

  466.     }
    467. 

  467. 

  468.     return NULL;
    469. 

  469. }
    470. 

  470. 

  471. /* Set an error stat in the X509 STORE CTX
    472. 

  472.  *
    473. 

  473.  */
    474. 

  474. void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int er)
    475. 

  475. {
    476. 

  476.     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_error");
    477. 

  477. 

  478.     if (ctx != NULL) {
    479. 

  479.         ctx->error = er;
    480. 

  480.     }
    481. 

  481. }
    482. 

  482. 

  483. /* Set the error depth in the X509 STORE CTX */
    484. 

  484. void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx,
    485. 

  485.                                                                       int depth)
    486. 

  486. {
    487. 

  487.     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_error_depth");
    488. 

  488. 

  489.     if (ctx != NULL) {
    490. 

  490.         ctx->error_depth = depth;
    491. 

  491.     }
    492. 

  492. }
    493. 

  493. 

  494. WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
    495. 

  495. {
    496. 

  496.     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_chain");
    497. 

  497. 

  498.     if (ctx == NULL) {
    499. 

  499.         return NULL;
    500. 

  500.     }
    501. 

  501. 

  502. #ifdef SESSION_CERTS
    503. 

  503.     /* if chain is null but sesChain is available then populate stack */
    504. 

  504.     if (ctx->chain == NULL && ctx->sesChain != NULL) {
    505. 

  505.         int i;
    506. 

  506.         WOLFSSL_X509_CHAIN* c = ctx->sesChain;
    507. 

  507.         WOLFSSL_STACK*     sk = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK),
    508. 

  508.                                     NULL, DYNAMIC_TYPE_X509);
    509. 

  509. 

  510.         if (sk == NULL) {
    511. 

  511.             return NULL;
    512. 

  512.         }
    513. 

  513. 

  514.         XMEMSET(sk, 0, sizeof(WOLFSSL_STACK));
    515. 

  515. 

  516.         for (i = 0; i < c->count && i < MAX_CHAIN_DEPTH; i++) {
    517. 

  517.             WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i);
    518. 

  518. 

  519.             if (x509 == NULL) {
    520. 

  520.                 WOLFSSL_MSG("Unable to get x509 from chain");
    521. 

  521.                 wolfSSL_sk_X509_pop_free(sk, NULL);
    522. 

  522.                 return NULL;
    523. 

  523.             }
    524. 

  524. 

  525.             if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
    526. 

  526.                 WOLFSSL_MSG("Unable to load x509 into stack");
    527. 

  527.                 wolfSSL_sk_X509_pop_free(sk, NULL);
    528. 

  528.                 wolfSSL_X509_free(x509);
    529. 

  529.                 return NULL;
    530. 

  530.             }
    531. 

  531.         }
    532. 

  532. 

  533. #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
    534. 

  534.         /* add CA used to verify top of chain to the list */
    535. 

  535.         if (c->count > 0) {
    536. 

  536.             WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, c->count - 1);
    537. 

  537.             if (x509 != NULL) {
    538. 

  538.                 WOLFSSL_X509* issuer = NULL;
    539. 

  539.                 if (wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, x509)
    540. 

  540.                         == WOLFSSL_SUCCESS) {
    541. 

  541.                     /* check that the certificate being looked up is not self
    542. 

  542.                      * signed and that a issuer was found */
    543. 

  543.                     if (issuer != NULL && wolfSSL_X509_NAME_cmp(&x509->issuer,
    544. 

  544.                                 &x509->subject) != 0) {
    545. 

  545.                         if (wolfSSL_sk_X509_push(sk, issuer) != WOLFSSL_SUCCESS) {
    546. 

  546.                             WOLFSSL_MSG("Unable to load CA x509 into stack");
    547. 

  547.                             wolfSSL_sk_X509_pop_free(sk, NULL);
    548. 

  548.                             wolfSSL_X509_free(issuer);
    549. 

  549.                             return NULL;
    550. 

  550.                         }
    551. 

  551.                     }
    552. 

  552.                     else {
    553. 

  553.                         WOLFSSL_MSG("Certificate is self signed");
    554. 

  554.                         if (issuer != NULL)
    555. 

  555.                             wolfSSL_X509_free(issuer);
    556. 

  556.                     }
    557. 

  557.                 }
    558. 

  558.                 else {
    559. 

  559.                     WOLFSSL_MSG("Could not find CA for certificate");
    560. 

  560.                 }
    561. 

  561.             }
    562. 

  562.         }
    563. 

  563. #endif
    564. 

  564.         ctx->chain = sk;
    565. 

  565.     }
    566. 

  566. #endif /* SESSION_CERTS */
    567. 

  567. 

  568.     return ctx->chain;
    569. 

  569. }
    570. 

  570. 

  571. /* like X509_STORE_CTX_get_chain(), but return a copy with data reference
    572. 

  572.    counts increased */
    573. 

  573. WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain(WOLFSSL_X509_STORE_CTX* ctx)
    574. 

  574. {
    575. 

  575.     WOLFSSL_STACK* ref;
    576. 

  576. 

  577.     if (ctx == NULL) {
    578. 

  578.         return NULL;
    579. 

  579.     }
    580. 

  580. 

  581.     /* get chain in ctx */
    582. 

  582.     ref = wolfSSL_X509_STORE_CTX_get_chain(ctx);
    583. 

  583.     if (ref == NULL) {
    584. 

  584.         return ref;
    585. 

  585.     }
    586. 

  586. 

  587.     /* create duplicate of ctx chain */
    588. 

  588.     return wolfSSL_sk_dup(ref);
    589. 

  589. }
    590. 

  590. 

  591. #ifndef NO_WOLFSSL_STUB
    592. 

  592. WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx(
    593. 

  593.                                                    WOLFSSL_X509_STORE_CTX *ctx)
    594. 

  594. {
    595. 

  595.     (void)ctx;
    596. 

  596.     WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_get0_parent_ctx");
    597. 

  597.     return NULL;
    598. 

  598. }
    599. 

  599. 

  600. int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, int idx,
    601. 

  601.                             WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj)
    602. 

  602. {
    603. 

  603.     (void)ctx;
    604. 

  604.     (void)idx;
    605. 

  605.     (void)name;
    606. 

  606.     (void)obj;
    607. 

  607.     WOLFSSL_STUB("X509_STORE_get_by_subject");
    608. 

  608.     return 0;
    609. 

  609. }
    610. 

  610. #endif
    611. 

  611. 

  612. 

  613. #endif /* OPENSSL_EXTRA */
    614. 

  614. 

  615. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
    616. 

  616. #if defined(WOLFSSL_SIGNER_DER_CERT)
    617. 

  617. WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
    618. 

  618.     WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_NAME* name)
    619. 

  619. {
    620. 

  620.     WOLF_STACK_OF(WOLFSSL_X509)* ret = NULL;
    621. 

  621.     int err = 0;
    622. 

  622.     WOLFSSL_X509_STORE* store = NULL;
    623. 

  623.     WOLFSSL_STACK* sk = NULL;
    624. 

  624.     WOLFSSL_STACK* certToFilter = NULL;
    625. 

  625.     WOLFSSL_X509_NAME* certToFilterName = NULL;
    626. 

  626.     WOLF_STACK_OF(WOLFSSL_X509)* filteredCerts = NULL;
    627. 

  627.     WOLFSSL_X509* filteredCert = NULL;
    628. 

  628. 

  629.     WOLFSSL_ENTER("wolfSSL_X509_STORE_get1_certs");
    630. 

  630. 

  631.     if (name == NULL) {
    632. 

  632.         err = 1;
    633. 

  633.     }
    634. 

  634. 

  635.     if (err == 0) {
    636. 

  636.         store = wolfSSL_X509_STORE_CTX_get0_store(ctx);
    637. 

  637.         if (store == NULL) {
    638. 

  638.             err = 1;
    639. 

  639.         }
    640. 

  640.     }
    641. 

  641. 

  642.     if (err == 0) {
    643. 

  643.         filteredCerts = wolfSSL_sk_X509_new_null();
    644. 

  644.         if (filteredCerts == NULL) {
    645. 

  645.             err = 1;
    646. 

  646.         }
    647. 

  647.     }
    648. 

  648. 

  649.     if (err == 0) {
    650. 

  650.         sk = wolfSSL_CertManagerGetCerts(store->cm);
    651. 

  651.         if (sk == NULL) {
    652. 

  652.             err = 1;
    653. 

  653.         }
    654. 

  654.     }
    655. 

  655. 

  656.     if (err == 0) {
    657. 

  657.         certToFilter = sk;
    658. 

  658.         while (certToFilter != NULL) {
    659. 

  659.             certToFilterName = wolfSSL_X509_get_subject_name(
    660. 

  660.                                     certToFilter->data.x509);
    661. 

  661.             if (certToFilterName != NULL) {
    662. 

  662.                 if (wolfSSL_X509_NAME_cmp(certToFilterName, name) == 0) {
    663. 

  663.                     filteredCert = wolfSSL_X509_dup(certToFilter->data.x509);
    664. 

  664.                     if (filteredCert == NULL) {
    665. 

  665.                         err = 1;
    666. 

  666.                         break;
    667. 

  667.                     }
    668. 

  668.                     else {
    669. 

  669.                         wolfSSL_sk_X509_push(filteredCerts, filteredCert);
    670. 

  670.                     }
    671. 

  671.                 }
    672. 

  672.             }
    673. 

  673.             certToFilter = certToFilter->next;
    674. 

  674.         }
    675. 

  675.     }
    676. 

  676. 

  677.     if (err == 1) {
    678. 

  678.         if (filteredCerts != NULL) {
    679. 

  679.             wolfSSL_sk_X509_pop_free(filteredCerts, NULL);
    680. 

  680.         }
    681. 

  681.         ret = NULL;
    682. 

  682.     }
    683. 

  683.     else {
    684. 

  684.         ret = filteredCerts;
    685. 

  685.     }
    686. 

  686. 

  687.     if (sk != NULL) {
    688. 

  688.         wolfSSL_sk_X509_pop_free(sk, NULL);
    689. 

  689.     }
    690. 

  690. 

  691.     return ret;
    692. 

  692. }
    693. 

  693. #endif /* WOLFSSL_SIGNER_DER_CERT */
    694. 

  694. 

  695. #endif /* OPENSSL_EXTRA && !NO_FILESYSTEM */
    696. 

  696. 

  697. #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
    698. 

  698.     defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
    699. 

  699. int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
    700. 

  700.     WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x)
    701. 

  701. {
    702. 

  702.     WOLFSSL_STACK* node;
    703. 

  703. 

  704.     if (issuer == NULL || ctx == NULL || x == NULL)
    705. 

  705.         return WOLFSSL_FATAL_ERROR;
    706. 

  706. 

  707.     if (ctx->chain != NULL) {
    708. 

  708.         for (node = ctx->chain; node != NULL; node = node->next) {
    709. 

  709.             if (wolfSSL_X509_check_issued(node->data.x509, x) ==
    710. 

  710.                                                             WOLFSSL_X509_V_OK) {
    711. 

  711.                 *issuer = x;
    712. 

  712.                 return WOLFSSL_SUCCESS;
    713. 

  713.             }
    714. 

  714.         }
    715. 

  715.     }
    716. 

  716. 

  717.     /* Result is ignored when passed to wolfSSL_OCSP_cert_to_id(). */
    718. 

  718. 

  719.     return x509GetIssuerFromCM(issuer, ctx->store->cm, x);
    720. 

  720. }
    721. 

  721. #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
    722. 

  722. 

  723. /*******************************************************************************
    724. 

  724.  * END OF X509_STORE_CTX APIs
    725. 

  725.  ******************************************************************************/
    726. 

  726. 

  727. /*******************************************************************************
    728. 

  728.  * START OF X509_STORE APIs
    729. 

  729.  ******************************************************************************/
    730. 

  730. 

  731. #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
    732. 

  732.     defined(WOLFSSL_WPAS_SMALL)
    733. 

  733. WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
    734. 

  734. {
    735. 

  735.     int ret;
    736. 

  736.     WOLFSSL_X509_STORE* store = NULL;
    737. 

  737.     WOLFSSL_ENTER("wolfSSL_X509_STORE_new");
    738. 

  738. 

  739.     if ((store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL,
    740. 

  740.                                     DYNAMIC_TYPE_X509_STORE)) == NULL)
    741. 

  741.         goto err_exit;
    742. 

  742. 

  743.     XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE));
    744. 

  744.     store->isDynamic = 1;
    745. 

  745. 

  746.     wolfSSL_RefInit(&store->ref, &ret);
    747. 

  747. #ifdef WOLFSSL_REFCNT_ERROR_RETURN
    748. 

  748.     if (ret != 0)
    749. 

  749.         goto err_exit;
    750. 

  750. #else
    751. 

  751.     (void)ret;
    752. 

  752. #endif
    753. 

  753. 

  754.     if ((store->cm = wolfSSL_CertManagerNew()) == NULL)
    755. 

  755.         goto err_exit;
    756. 

  756. 

  757. #ifdef HAVE_CRL
    758. 

  758.     store->crl = store->cm->crl;
    759. 

  759. #endif
    760. 

  760. 

  761. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
    762. 

  762. 

  763.     /* Link store's new Certificate Manager to self by default */
    764. 

  764.     store->cm->x509_store_p = store;
    765. 

  765. 

  766.     if ((store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
    767. 

  767.                            sizeof(WOLFSSL_X509_VERIFY_PARAM),
    768. 

  768.                            NULL, DYNAMIC_TYPE_OPENSSL)) == NULL) {
    769. 

  769.         goto err_exit;
    770. 

  770.     }
    771. 

  771.     XMEMSET(store->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
    772. 

  772.     if ((store->lookup.dirs = (WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR),
    773. 

  773.                            NULL, DYNAMIC_TYPE_OPENSSL)) == NULL) {
    774. 

  774.         WOLFSSL_MSG("store->lookup.dir memory allocation error");
    775. 

  775.         goto err_exit;
    776. 

  776.     }
    777. 

  777.     XMEMSET(store->lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR));
    778. 

  778.     if (wc_InitMutex(&store->lookup.dirs->lock) != 0) {
    779. 

  779.             WOLFSSL_MSG("Bad mutex init");
    780. 

  780.             goto err_exit;
    781. 

  781.     }
    782. 

  782. #endif
    783. 

  783. 

  784.     return store;
    785. 

  785. 

  786. err_exit:
    787. 

  787.     if (store == NULL)
    788. 

  788.         return NULL;
    789. 

  789. 

  790.     wolfSSL_X509_STORE_free(store);
    791. 

  791. 

  792.     return NULL;
    793. 

  793. }
    794. 

  794. 

  795. void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
    796. 

  796. {
    797. 

  797.     int doFree = 0;
    798. 

  798.     if (store != NULL && store->isDynamic) {
    799. 

  799.         int ret;
    800. 

  800.         wolfSSL_RefDec(&store->ref, &doFree, &ret);
    801. 

  801.     #ifdef WOLFSSL_REFCNT_ERROR_RETURN
    802. 

  802.         if (ret != 0) {
    803. 

  803.             WOLFSSL_MSG("Couldn't lock store mutex");
    804. 

  804.         }
    805. 

  805.     #else
    806. 

  806.         (void)ret;
    807. 

  807.     #endif
    808. 

  808. 

  809.         if (doFree) {
    810. 

  810. #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
    811. 

  811.             wolfSSL_CRYPTO_cleanup_ex_data(&store->ex_data);
    812. 

  812. #endif
    813. 

  813.             if (store->cm != NULL) {
    814. 

  814.                 wolfSSL_CertManagerFree(store->cm);
    815. 

  815.                 store->cm = NULL;
    816. 

  816.             }
    817. 

  817. #ifdef OPENSSL_ALL
    818. 

  818.             if (store->objs != NULL) {
    819. 

  819.                 wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL);
    820. 

  820.             }
    821. 

  821. #endif
    822. 

  822. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
    823. 

  823.             if (store->param != NULL) {
    824. 

  824.                 XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL);
    825. 

  825.                 store->param = NULL;
    826. 

  826.             }
    827. 

  827. 

  828.             if (store->lookup.dirs != NULL) {
    829. 

  829. #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
    830. 

  830.                 if (store->lookup.dirs->dir_entry) {
    831. 

  831.                     wolfSSL_sk_BY_DIR_entry_free(store->lookup.dirs->dir_entry);
    832. 

  832.                 }
    833. 

  833. #endif
    834. 

  834.                 wc_FreeMutex(&store->lookup.dirs->lock);
    835. 

  835.                 XFREE(store->lookup.dirs, NULL, DYNAMIC_TYPE_OPENSSL);
    836. 

  836.                 store->lookup.dirs = NULL;
    837. 

  837.             }
    838. 

  838. #endif
    839. 

  839.             XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
    840. 

  840.         }
    841. 

  841.     }
    842. 

  842. }
    843. 

  843. 

  844. /**
    845. 

  845.  * Get ex_data in WOLFSSL_STORE at given index
    846. 

  846.  * @param store a pointer to WOLFSSL_X509_STORE structure
    847. 

  847.  * @param idx   Index of ex_data to get data from
    848. 

  848.  * @return void pointer to ex_data on success or NULL on failure
    849. 

  849.  */
    850. 

  850. void* wolfSSL_X509_STORE_get_ex_data(WOLFSSL_X509_STORE* store, int idx)
    851. 

  851. {
    852. 

  852.     WOLFSSL_ENTER("wolfSSL_X509_STORE_get_ex_data");
    853. 

  853. #ifdef HAVE_EX_DATA
    854. 

  854.     if (store != NULL && idx < MAX_EX_DATA && idx >= 0) {
    855. 

  855.         return wolfSSL_CRYPTO_get_ex_data(&store->ex_data, idx);
    856. 

  856.     }
    857. 

  857. #else
    858. 

  858.     (void)store;
    859. 

  859.     (void)idx;
    860. 

  860. #endif
    861. 

  861.     return NULL;
    862. 

  862. }
    863. 

  863. 

  864. int wolfSSL_X509_STORE_up_ref(WOLFSSL_X509_STORE* store)
    865. 

  865. {
    866. 

  866.     if (store) {
    867. 

  867.         int ret;
    868. 

  868.         wolfSSL_RefInc(&store->ref, &ret);
    869. 

  869.     #ifdef WOLFSSL_REFCNT_ERROR_RETURN
    870. 

  870.         if (ret != 0) {
    871. 

  871.             WOLFSSL_MSG("Failed to lock store mutex");
    872. 

  872.             return WOLFSSL_FAILURE;
    873. 

  873.         }
    874. 

  874.     #else
    875. 

  875.         (void)ret;
    876. 

  876.     #endif
    877. 

  877. 

  878.         return WOLFSSL_SUCCESS;
    879. 

  879.     }
    880. 

  880. 

  881.     return WOLFSSL_FAILURE;
    882. 

  882. }
    883. 

  883. 

  884. /**
    885. 

  885.  * Set ex_data for WOLFSSL_STORE
    886. 

  886.  * @param store a pointer to WOLFSSL_X509_STORE structure
    887. 

  887.  * @param idx   Index of ex data to set
    888. 

  888.  * @param data  Data to set in ex data
    889. 

  889.  * @return WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure
    890. 

  890.  */
    891. 

  891. int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store, int idx,
    892. 

  892.                                                                      void *data)
    893. 

  893. {
    894. 

  894.     WOLFSSL_ENTER("wolfSSL_X509_STORE_set_ex_data");
    895. 

  895. #ifdef HAVE_EX_DATA
    896. 

  896.     if (store != NULL && idx < MAX_EX_DATA) {
    897. 

  897.         return wolfSSL_CRYPTO_set_ex_data(&store->ex_data, idx, data);
    898. 

  898.     }
    899. 

  899. #else
    900. 

  900.     (void)store;
    901. 

  901.     (void)idx;
    902. 

  902.     (void)data;
    903. 

  903. #endif
    904. 

  904.     return WOLFSSL_FAILURE;
    905. 

  905. }
    906. 

  906. 

  907. #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
    908. 

  908. /**
    909. 

  909.  * Set ex_data for WOLFSSL_STORE
    910. 

  910.  * @param store a pointer to WOLFSSL_X509_STORE structure
    911. 

  911.  * @param idx   Index of ex data to set
    912. 

  912.  * @param data  Data to set in ex data
    913. 

  913.  * @return WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure
    914. 

  914.  */
    915. 

  915. int wolfSSL_X509_STORE_set_ex_data_with_cleanup(
    916. 

  916.     WOLFSSL_X509_STORE* store,
    917. 

  917.     int idx,
    918. 

  918.     void *data,
    919. 

  919.     wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
    920. 

  920. {
    921. 

  921.     WOLFSSL_ENTER("wolfSSL_X509_STORE_set_ex_data_with_cleanup");
    922. 

  922.     if (store != NULL && idx < MAX_EX_DATA) {
    923. 

  923.         return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&store->ex_data, idx,
    924. 

  924.                                                        data, cleanup_routine);
    925. 

  925.     }
    926. 

  926.     return WOLFSSL_FAILURE;
    927. 

  927. }
    928. 

  928. 

  929. #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
    930. 

  930. 

  931. #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER || WOLFSSL_WPAS_SMALL */
    932. 

  932. 

  933. #ifdef OPENSSL_EXTRA
    934. 

  934. 

  935. #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
    936. 

  936.     void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
    937. 

  937.                                  WOLFSSL_X509_STORE_CTX_verify_cb verify_cb)
    938. 

  938.     {
    939. 

  939.         WOLFSSL_ENTER("wolfSSL_X509_STORE_set_verify_cb");
    940. 

  940.         if (st != NULL) {
    941. 

  941.             st->verify_cb = verify_cb;
    942. 

  942.         }
    943. 

  943.     }
    944. 

  944. #endif /* WOLFSSL_QT || OPENSSL_ALL */
    945. 

  945. 

  946. WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
    947. 

  947.                                                WOLFSSL_X509_LOOKUP_METHOD* m)
    948. 

  948. {
    949. 

  949.     WOLFSSL_ENTER("wolfSSL_X509_STORE_add_lookup");
    950. 

  950.     if (store == NULL || m == NULL)
    951. 

  951.         return NULL;
    952. 

  952. 

  953.     /* Make sure the lookup has a back reference to the store. */
    954. 

  954.     store->lookup.store = store;
    955. 

  955.     /* store a type to know which method wants to be used for */
    956. 

  956.     store->lookup.type = m->type;
    957. 

  957.     return &store->lookup;
    958. 

  958. }
    959. 

  959. 

  960. int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
    961. 

  961. {
    962. 

  962.     int result = WOLFSSL_FATAL_ERROR;
    963. 

  963. 

  964.     WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert");
    965. 

  965.     if (store != NULL && store->cm != NULL && x509 != NULL
    966. 

  966.                                                 && x509->derCert != NULL) {
    967. 

  967.         DerBuffer* derCert = NULL;
    968. 

  968. 

  969.         result = AllocDer(&derCert, x509->derCert->length,
    970. 

  970.             x509->derCert->type, NULL);
    971. 

  971.         if (result == 0) {
    972. 

  972.             /* AddCA() frees the buffer. */
    973. 

  973.             XMEMCPY(derCert->buffer,
    974. 

  974.                             x509->derCert->buffer, x509->derCert->length);
    975. 

  975.             result = AddCA(store->cm, &derCert, WOLFSSL_USER_CA, VERIFY);
    976. 

  976.         }
    977. 

  977.     }
    978. 

  978. 

  979.     WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_cert", result);
    980. 

  980. 

  981.     if (result != WOLFSSL_SUCCESS) {
    982. 

  982.         result = WOLFSSL_FATAL_ERROR;
    983. 

  983.     }
    984. 

  984. 

  985.     return result;
    986. 

  986. }
    987. 

  987. 

  988. int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag)
    989. 

  989. {
    990. 

  990.     int ret = WOLFSSL_SUCCESS;
    991. 

  991. 

  992.     WOLFSSL_ENTER("wolfSSL_X509_STORE_set_flags");
    993. 

  993. 

  994.     if (store == NULL)
    995. 

  995.         return WOLFSSL_FAILURE;
    996. 

  996. 

  997.     if ((flag & WOLFSSL_CRL_CHECKALL) || (flag & WOLFSSL_CRL_CHECK)) {
    998. 

  998.         ret = wolfSSL_CertManagerEnableCRL(store->cm, (int)flag);
    999. 

  999.     }
    1000. 

  1000. #if defined(OPENSSL_COMPATIBLE_DEFAULTS)
    1001. 

  1001.     else if (flag == 0) {
    1002. 

  1002.         ret = wolfSSL_CertManagerDisableCRL(store->cm);
    1003. 

  1003.     }
    1004. 

  1004. #endif
    1005. 

  1005.     return ret;
    1006. 

  1006. }
    1007. 

  1007. 

  1008. 

  1009. int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store)
    1010. 

  1010. {
    1011. 

  1011.     (void)store;
    1012. 

  1012.     return WOLFSSL_SUCCESS;
    1013. 

  1013. }
    1014. 

  1014. 

  1015. #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
    1016. 

  1016. /* Loads certificate(s) files in pem format into X509_STORE struct from either
    1017. 

  1017.  * a file or directory.
    1018. 

  1018.  * Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE if an error occurs.
    1019. 

  1019.  */
    1020. 

  1020. WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
    1021. 

  1021.                                               const char *file, const char *dir)
    1022. 

  1022. {
    1023. 

  1023.     WOLFSSL_CTX* ctx;
    1024. 

  1024.     char *name = NULL;
    1025. 

  1025.     int ret = WOLFSSL_SUCCESS;
    1026. 

  1026. #ifdef WOLFSSL_SMALL_STACK
    1027. 

  1027.     ReadDirCtx* readCtx = NULL;
    1028. 

  1028. #else
    1029. 

  1029.     ReadDirCtx  readCtx[1];
    1030. 

  1030. #endif
    1031. 

  1031. 

  1032.     WOLFSSL_ENTER("wolfSSL_X509_STORE_load_locations");
    1033. 

  1033. 

  1034.     if (str == NULL || str->cm == NULL || (file == NULL  && dir == NULL))
    1035. 

  1035.         return WOLFSSL_FAILURE;
    1036. 

  1036. 

  1037.     /* tmp ctx for setting our cert manager */
    1038. 

  1038.     ctx = wolfSSL_CTX_new(cm_pick_method());
    1039. 

  1039.     if (ctx == NULL)
    1040. 

  1040.         return WOLFSSL_FAILURE;
    1041. 

  1041. 

  1042.     wolfSSL_CertManagerFree(ctx->cm);
    1043. 

  1043.     ctx->cm = str->cm;
    1044. 

  1044. 

  1045. #ifdef HAVE_CRL
    1046. 

  1046.     if (str->cm->crl == NULL) {
    1047. 

  1047.         /* Workaround to allocate the internals to load CRL's but don't enable
    1048. 

  1048.          * CRL checking by default */
    1049. 

  1049.         if (wolfSSL_CertManagerEnableCRL(str->cm, WOLFSSL_CRL_CHECK)
    1050. 

  1050.                 != WOLFSSL_SUCCESS ||
    1051. 

  1051.                 wolfSSL_CertManagerDisableCRL(str->cm) != WOLFSSL_SUCCESS) {
    1052. 

  1052.             WOLFSSL_MSG("Enable CRL failed");
    1053. 

  1053.             wolfSSL_CTX_free(ctx);
    1054. 

  1054.             return WOLFSSL_FAILURE;
    1055. 

  1055.         }
    1056. 

  1056.     }
    1057. 

  1057. #endif
    1058. 

  1058. 

  1059.     /* Load individual file */
    1060. 

  1060.     if (file) {
    1061. 

  1061.         /* Try to process file with type DETECT_CERT_TYPE to parse the
    1062. 

  1062.            correct certificate header and footer type */
    1063. 

  1063.         ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE,
    1064. 

  1064.                                                       NULL, 0, str->cm->crl, 0);
    1065. 

  1065.         if (ret != WOLFSSL_SUCCESS) {
    1066. 

  1066.             WOLFSSL_MSG("Failed to load file");
    1067. 

  1067.             ret = WOLFSSL_FAILURE;
    1068. 

  1068.         }
    1069. 

  1069.     }
    1070. 

  1070. 

  1071.     /* Load files in dir */
    1072. 

  1072.     if (dir && ret == WOLFSSL_SUCCESS) {
    1073. 

  1073.         int successes = 0;
    1074. 

  1074. 

  1075.         #ifdef WOLFSSL_SMALL_STACK
    1076. 

  1076.             readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
    1077. 

  1077.                                                        DYNAMIC_TYPE_TMP_BUFFER);
    1078. 

  1078.             if (readCtx == NULL) {
    1079. 

  1079.                 WOLFSSL_MSG("Memory error");
    1080. 

  1080.                 wolfSSL_CTX_free(ctx);
    1081. 

  1081.                 return WOLFSSL_FAILURE;
    1082. 

  1082.             }
    1083. 

  1083.         #endif
    1084. 

  1084. 

  1085.         /* try to load each regular file in dir */
    1086. 

  1086.         ret = wc_ReadDirFirst(readCtx, dir, &name);
    1087. 

  1087.         while (ret == 0 && name) {
    1088. 

  1088.             WOLFSSL_MSG(name);
    1089. 

  1089.             /* Try to process file with type DETECT_CERT_TYPE to parse the
    1090. 

  1090.                correct certificate header and footer type */
    1091. 

  1091.             ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE,
    1092. 

  1092.                                                       NULL, 0, str->cm->crl, 0);
    1093. 

  1093.             /* Not failing on load errors */
    1094. 

  1094.             if (ret != WOLFSSL_SUCCESS)
    1095. 

  1095.                 WOLFSSL_MSG("Failed to load file in path, continuing");
    1096. 

  1096.             else
    1097. 

  1097.                 successes++;
    1098. 

  1098. 

  1099.             ret = wc_ReadDirNext(readCtx, dir, &name);
    1100. 

  1100.         }
    1101. 

  1101.         wc_ReadDirClose(readCtx);
    1102. 

  1102. 

  1103.         /* Success if at least one file in dir was loaded */
    1104. 

  1104.         if (successes > 0)
    1105. 

  1105.             ret = WOLFSSL_SUCCESS;
    1106. 

  1106.         else {
    1107. 

  1107.             WOLFSSL_ERROR(ret);
    1108. 

  1108.             ret = WOLFSSL_FAILURE;
    1109. 

  1109.         }
    1110. 

  1110. 

  1111.         #ifdef WOLFSSL_SMALL_STACK
    1112. 

  1112.             XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
    1113. 

  1113.         #endif
    1114. 

  1114.     }
    1115. 

  1115. 

  1116.     ctx->cm = NULL;
    1117. 

  1117.     wolfSSL_CTX_free(ctx);
    1118. 

  1118. 

  1119.     return ret;
    1120. 

  1120. }
    1121. 

  1121. #endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
    1122. 

  1122. 

  1123. int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store)
    1124. 

  1124. {
    1125. 

  1125.     int cnt_ret = 0;
    1126. 

  1126.     Signer **table;
    1127. 

  1127. 

  1128.     WOLFSSL_ENTER("wolfSSL_X509_CA_num");
    1129. 

  1129.     if (store == NULL || store->cm == NULL){
    1130. 

  1130.         WOLFSSL_MSG("invalid parameter");
    1131. 

  1131.         return WOLFSSL_FAILURE;
    1132. 

  1132.     }
    1133. 

  1133. 

  1134.     table = store->cm->caTable;
    1135. 

  1135.     if (table){
    1136. 

  1136.         if (wc_LockMutex(&store->cm->caLock) == 0){
    1137. 

  1137.             int i = 0;
    1138. 

  1138.             for (i = 0; i < CA_TABLE_SIZE; i++) {
    1139. 

  1139.                 Signer* signer = table[i];
    1140. 

  1140.                 while (signer) {
    1141. 

  1141.                     Signer* next = signer->next;
    1142. 

  1142.                     cnt_ret++;
    1143. 

  1143.                     signer = next;
    1144. 

  1144.                 }
    1145. 

  1145.             }
    1146. 

  1146.             wc_UnLockMutex(&store->cm->caLock);
    1147. 

  1147.         }
    1148. 

  1148.     }
    1149. 

  1149. 

  1150.     return cnt_ret;
    1151. 

  1151. }
    1152. 

  1152. 

  1153. /******************************************************************************
    1154. 

  1154. * wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate store ctx
    1155. 

  1155. *
    1156. 

  1156. * This API can be used in SSL verify callback function to view cert chain
    1157. 

  1157. * See examples/client/client.c and myVerify() function in test.h
    1158. 

  1158. *
    1159. 

  1159. * RETURNS:
    1160. 

  1160. * returns stack of X509 certs on success, otherwise returns a NULL.
    1161. 

  1161. */
    1162. 

  1162. WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
    1163. 

  1163. {
    1164. 

  1164.     int  certIdx = 0;
    1165. 

  1165.     WOLFSSL_BUFFER_INFO* cert = NULL;
    1166. 

  1166.     DecodedCert* dCert = NULL;
    1167. 

  1167.     WOLFSSL_X509* x509 = NULL;
    1168. 

  1168.     WOLFSSL_STACK* sk = NULL;
    1169. 

  1169.     int found = 0;
    1170. 

  1170. 

  1171.     if (s == NULL) {
    1172. 

  1172.         return NULL;
    1173. 

  1173.     }
    1174. 

  1174. 

  1175.     sk = wolfSSL_sk_X509_new_null();
    1176. 

  1176. 

  1177.     if (sk == NULL) {
    1178. 

  1178.         return NULL;
    1179. 

  1179.     }
    1180. 

  1180. 

  1181.     for (certIdx = s->totalCerts - 1; certIdx >= 0; certIdx--) {
    1182. 

  1182.         /* get certificate buffer */
    1183. 

  1183.         cert = &s->certs[certIdx];
    1184. 

  1184. 

  1185.         dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
    1186. 

  1186. 

  1187.         if (dCert == NULL) {
    1188. 

  1188.             goto error;
    1189. 

  1189.         }
    1190. 

  1190.         XMEMSET(dCert, 0, sizeof(DecodedCert));
    1191. 

  1191. 

  1192.         InitDecodedCert(dCert, cert->buffer, cert->length, NULL);
    1193. 

  1193. 

  1194.         /* Parse Certificate */
    1195. 

  1195.         if (ParseCert(dCert, CERT_TYPE, NO_VERIFY, NULL)){
    1196. 

  1196.             goto error;
    1197. 

  1197.         }
    1198. 

  1198.         x509 = wolfSSL_X509_new();
    1199. 

  1199. 

  1200.         if (x509 == NULL) {
    1201. 

  1201.             goto error;
    1202. 

  1202.         }
    1203. 

  1203.         InitX509(x509, 1, NULL);
    1204. 

  1204. 

  1205.         if (CopyDecodedToX509(x509, dCert) == 0) {
    1206. 

  1206. 

  1207.             if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
    1208. 

  1208.                 WOLFSSL_MSG("Unable to load x509 into stack");
    1209. 

  1209.                 wolfSSL_X509_free(x509);
    1210. 

  1210.                 goto error;
    1211. 

  1211.             }
    1212. 

  1212.         }
    1213. 

  1213.         else {
    1214. 

  1214.             goto error;
    1215. 

  1215.         }
    1216. 

  1216.         found = 1;
    1217. 

  1217. 

  1218.         FreeDecodedCert(dCert);
    1219. 

  1219.         XFREE(dCert, NULL, DYNAMIC_TYPE_DCERT);
    1220. 

  1220.         dCert = NULL;
    1221. 

  1221.     }
    1222. 

  1222. 

  1223.     if (!found) {
    1224. 

  1224.         wolfSSL_sk_X509_pop_free(sk, NULL);
    1225. 

  1225.         sk = NULL;
    1226. 

  1226.     }
    1227. 

  1227.     return sk;
    1228. 

  1228. 

  1229. error:
    1230. 

  1230.     if (dCert) {
    1231. 

  1231.         FreeDecodedCert(dCert);
    1232. 

  1232.         XFREE(dCert, NULL, DYNAMIC_TYPE_DCERT);
    1233. 

  1233.     }
    1234. 

  1234. 

  1235.     if (sk)
    1236. 

  1236.         wolfSSL_sk_X509_pop_free(sk, NULL);
    1237. 

  1237. 

  1238.     return NULL;
    1239. 

  1239. }
    1240. 

  1240. #endif /* OPENSSL_EXTRA */
    1241. 

  1241. 

  1242. #ifdef OPENSSL_ALL
    1243. 

  1243. WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
    1244. 

  1244.     WOLFSSL_X509_STORE* store)
    1245. 

  1245. {
    1246. 

  1246.     WOLFSSL_STACK* ret = NULL;
    1247. 

  1247.     WOLFSSL_STACK* cert_stack = NULL;
    1248. 

  1248.     WOLFSSL_X509* x509 = NULL;
    1249. 

  1249.     WOLFSSL_ENTER("wolfSSL_X509_STORE_get0_objects");
    1250. 

  1250. 

  1251.     if (store == NULL || store->cm == NULL) {
    1252. 

  1252.         WOLFSSL_MSG("Missing or empty store");
    1253. 

  1253.         return NULL;
    1254. 

  1254.     }
    1255. 

  1255. 

  1256.     if (store->objs != NULL) {
    1257. 

  1257. #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
    1258. 

  1258.         /* want to update objs stack by cm stack again before returning it*/
    1259. 

  1259.         wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL);
    1260. 

  1260.         store->objs = NULL;
    1261. 

  1261. #else
    1262. 

  1262.         if (wolfSSL_sk_X509_OBJECT_num(store->objs) == 0) {
    1263. 

  1263.             /* Let's try generating the stack again */
    1264. 

  1264.             wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL);
    1265. 

  1265.             store->objs = NULL;
    1266. 

  1266.         }
    1267. 

  1267.         else
    1268. 

  1268.             return store->objs;
    1269. 

  1269. #endif
    1270. 

  1270.     }
    1271. 

  1271. 

  1272.     if ((ret = wolfSSL_sk_X509_OBJECT_new()) == NULL) {
    1273. 

  1273.         WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_new error");
    1274. 

  1274.         goto err_cleanup;
    1275. 

  1275.     }
    1276. 

  1276. 

  1277. #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
    1278. 

  1278.     cert_stack = wolfSSL_CertManagerGetCerts(store->cm);
    1279. 

  1279.     /* wolfSSL_sk_X509_pop checks for NULL */
    1280. 

  1280.     while ((x509 = wolfSSL_sk_X509_pop(cert_stack)) != NULL) {
    1281. 

  1281.         WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new();
    1282. 

  1282.         if (obj == NULL) {
    1283. 

  1283.             WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
    1284. 

  1284.             goto err_cleanup;
    1285. 

  1285.         }
    1286. 

  1286.         if (wolfSSL_sk_X509_OBJECT_push(ret, obj) != WOLFSSL_SUCCESS) {
    1287. 

  1287.             WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_push error");
    1288. 

  1288.             wolfSSL_X509_OBJECT_free(obj);
    1289. 

  1289.             goto err_cleanup;
    1290. 

  1290.         }
    1291. 

  1291.         obj->type = WOLFSSL_X509_LU_X509;
    1292. 

  1292.         obj->data.x509 = x509;
    1293. 

  1293.         x509 = NULL;
    1294. 

  1294.     }
    1295. 

  1295. #endif
    1296. 

  1296. 

  1297. #ifdef HAVE_CRL
    1298. 

  1298.     if (store->cm->crl != NULL) {
    1299. 

  1299.         WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new();
    1300. 

  1300.         if (obj == NULL) {
    1301. 

  1301.             WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
    1302. 

  1302.             goto err_cleanup;
    1303. 

  1303.         }
    1304. 

  1304.         if (wolfSSL_sk_X509_OBJECT_push(ret, obj) != WOLFSSL_SUCCESS) {
    1305. 

  1305.             WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_push error");
    1306. 

  1306.             wolfSSL_X509_OBJECT_free(obj);
    1307. 

  1307.             goto err_cleanup;
    1308. 

  1308.         }
    1309. 

  1309.         obj->type = WOLFSSL_X509_LU_CRL;
    1310. 

  1310.         obj->data.crl = store->cm->crl;
    1311. 

  1311.     }
    1312. 

  1312. #endif
    1313. 

  1313. 

  1314.     if (cert_stack)
    1315. 

  1315.         wolfSSL_sk_X509_pop_free(cert_stack, NULL);
    1316. 

  1316.     store->objs = ret;
    1317. 

  1317.     return ret;
    1318. 

  1318. err_cleanup:
    1319. 

  1319.     if (ret != NULL)
    1320. 

  1320.         wolfSSL_sk_X509_OBJECT_pop_free(ret, NULL);
    1321. 

  1321.     if (cert_stack != NULL)
    1322. 

  1322.         wolfSSL_sk_X509_pop_free(cert_stack, NULL);
    1323. 

  1323.     if (x509 != NULL)
    1324. 

  1324.         wolfSSL_X509_free(x509);
    1325. 

  1325.     return NULL;
    1326. 

  1326. }
    1327. 

  1327. #endif /* OPENSSL_ALL */
    1328. 

  1328. 

  1329. /*******************************************************************************
    1330. 

  1330.  * END OF X509_STORE APIs
    1331. 

  1331.  ******************************************************************************/
    1332. 

  1332. 

  1333. #endif /* NO_CERTS */
    1334. 

  1334. 

  1335. #endif /* !WOLFCRYPT_ONLY */
    1336. 

  1336. 

  1337. #endif /* !WOLFSSL_X509_STORE_INCLUDED */
    1338. 

  1338.