sync

lib/libcrypto/x509/x509_purp.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.27 2023/06/25 13:52:27 tb Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.28 2023/07/02 17:12:17 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -99,18 +99,72 @@ static int xp_cmp(const X509_PURPOSE * const *a, const X509_PURPOSE * const *b);
 static void xptable_free(X509_PURPOSE *p);
 
 static X509_PURPOSE xstandard[] = {
-	{X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
-	{X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
-	{X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
-	{X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
-	{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
-	{X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
-	{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
-	{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
-	{X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL},
+	{
+		.purpose = X509_PURPOSE_SSL_CLIENT,
+		.trust = X509_TRUST_SSL_CLIENT,
+		.check_purpose = check_purpose_ssl_client,
+		.name = "SSL client",
+		.sname = "sslclient",
+	},
+	{
+		.purpose = X509_PURPOSE_SSL_SERVER,
+		.trust = X509_TRUST_SSL_SERVER,
+		.check_purpose = check_purpose_ssl_server,
+		.name = "SSL server",
+		.sname = "sslserver",
+	},
+	{
+		.purpose = X509_PURPOSE_NS_SSL_SERVER,
+		.trust = X509_TRUST_SSL_SERVER,
+		.check_purpose = check_purpose_ns_ssl_server,
+		.name = "Netscape SSL server",
+		.sname = "nssslserver",
+	},
+	{
+		.purpose = X509_PURPOSE_SMIME_SIGN,
+		.trust = X509_TRUST_EMAIL,
+		.check_purpose = check_purpose_smime_sign,
+		.name = "S/MIME signing",
+		.sname = "smimesign",
+	},
+	{
+		.purpose = X509_PURPOSE_SMIME_ENCRYPT,
+		.trust = X509_TRUST_EMAIL,
+		.check_purpose = check_purpose_smime_encrypt,
+		.name = "S/MIME encryption",
+		.sname = "smimeencrypt",
+	},
+	{
+		.purpose = X509_PURPOSE_CRL_SIGN,
+		.trust = X509_TRUST_COMPAT,
+		.check_purpose = check_purpose_crl_sign,
+		.name = "CRL signing",
+		.sname = "crlsign",
+	},
+	{
+		.purpose = X509_PURPOSE_ANY,
+		.trust = X509_TRUST_DEFAULT,
+		.check_purpose = no_check,
+		.name = "Any Purpose",
+		.sname = "any",
+	},
+	{
+		.purpose = X509_PURPOSE_OCSP_HELPER,
+		.trust = X509_TRUST_COMPAT,
+		.check_purpose = ocsp_helper,
+		.name = "OCSP helper",
+		.sname = "ocsphelper",
+	},
+	{
+		.purpose = X509_PURPOSE_TIMESTAMP_SIGN,
+		.trust = X509_TRUST_TSA,
+		.check_purpose = check_purpose_timestamp_sign,
+		.name = "Time Stamp signing",
+		.sname = "timestampsign",
+	},
 };
 
-#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
+#define X509_PURPOSE_COUNT (sizeof(xstandard) / sizeof(xstandard[0]))
 
 static STACK_OF(X509_PURPOSE) *xptable = NULL;
 

lib/libcrypto/x509/x509_trs.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.31 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.32 2023/07/02 17:12:17 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -80,17 +80,56 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
  */
 
 static X509_TRUST trstandard[] = {
-	{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
-	{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
-	{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
-	{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
-	{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
-	{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
-	{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL},
-	{X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
+	{
+		.trust = X509_TRUST_COMPAT,
+		.check_trust = trust_compat,
+		.name = "compatible",
+	},
+	{
+		.trust = X509_TRUST_SSL_CLIENT,
+		.check_trust = trust_1oidany,
+		.name = "SSL Client",
+		.arg1 = NID_client_auth,
+	},
+	{
+		.trust = X509_TRUST_SSL_SERVER,
+		.check_trust = trust_1oidany,
+		.name = "SSL Server",
+		.arg1 = NID_server_auth,
+	},
+	{
+		.trust = X509_TRUST_EMAIL,
+		.check_trust = trust_1oidany,
+		.name = "S/MIME email",
+		.arg1 = NID_email_protect,
+	},
+	{
+		.trust = X509_TRUST_OBJECT_SIGN,
+		.check_trust = trust_1oidany,
+		.name = "Object Signer",
+		.arg1 = NID_code_sign,
+	},
+	{
+		.trust = X509_TRUST_OCSP_SIGN,
+		.check_trust = trust_1oid,
+		.name = "OCSP responder",
+		.arg1 = NID_OCSP_sign,
+	},
+	{
+		.trust = X509_TRUST_OCSP_REQUEST,
+		.check_trust = trust_1oid,
+		.name = "OCSP request",
+		.arg1 = NID_ad_OCSP,
+	},
+	{
+		.trust = X509_TRUST_TSA,
+		.check_trust = trust_1oidany,
+		.name = "TSA server",
+		.arg1 = NID_time_stamp,
+	},
 };
 
-#define X509_TRUST_COUNT	(sizeof(trstandard)/sizeof(X509_TRUST))
+#define X509_TRUST_COUNT	(sizeof(trstandard) / sizeof(trstandard[0]))
 
 static STACK_OF(X509_TRUST) *trtable = NULL;