sync with OpenBSD -current

lib/libcrypto/man/X509V3_EXT_get_nid.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509V3_EXT_get_nid.3,v 1.3 2024/05/12 15:26:46 tb Exp $
+.\" $OpenBSD: X509V3_EXT_get_nid.3,v 1.4 2024/05/14 06:57:10 tb Exp $
 .\"
 .\" Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: May 12 2024 $
+.Dd $Mdocdate: May 14 2024 $
 .Dt X509V3_EXT_GET_NID 3
 .Os
 .Sh NAME
@@ -88,5 +88,4 @@ Other implementations have incomplete support for custom extension methods,
 whose API is not threadsafe, does not affect the behavior of
 .Xr X509_verify_cert 3 ,
 and has various other surprising quirks.
-If custom extensions were added, both functions will prefer them
-over built-in methods.
+Both functions prefer built-in methods over custom methods with the same OID.

lib/libcrypto/x509/x509_ext.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_ext.c,v 1.16 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: x509_ext.c,v 1.18 2024/05/14 07:39:43 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,10 +58,6 @@
 
 #include <stdio.h>
 
-#include <openssl/asn1.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/stack.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
@@ -70,42 +66,42 @@
 int
 X509_CRL_get_ext_count(const X509_CRL *x)
 {
-	return (X509v3_get_ext_count(x->crl->extensions));
+	return X509v3_get_ext_count(x->crl->extensions);
 }
 LCRYPTO_ALIAS(X509_CRL_get_ext_count);
 
 int
 X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos)
 {
-	return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos));
+	return X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos);
 }
 LCRYPTO_ALIAS(X509_CRL_get_ext_by_NID);
 
 int
 X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos)
 {
-	return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos));
+	return X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos);
 }
 LCRYPTO_ALIAS(X509_CRL_get_ext_by_OBJ);
 
 int
 X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos)
 {
-	return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos));
+	return X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos);
 }
 LCRYPTO_ALIAS(X509_CRL_get_ext_by_critical);
 
 X509_EXTENSION *
 X509_CRL_get_ext(const X509_CRL *x, int loc)
 {
-	return (X509v3_get_ext(x->crl->extensions, loc));
+	return X509v3_get_ext(x->crl->extensions, loc);
 }
 LCRYPTO_ALIAS(X509_CRL_get_ext);
 
 X509_EXTENSION *
 X509_CRL_delete_ext(X509_CRL *x, int loc)
 {
-	return (X509v3_delete_ext(x->crl->extensions, loc));
+	return X509v3_delete_ext(x->crl->extensions, loc);
 }
 LCRYPTO_ALIAS(X509_CRL_delete_ext);
 
@@ -127,57 +123,57 @@ LCRYPTO_ALIAS(X509_CRL_add1_ext_i2d);
 int
 X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
 {
-	return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL);
+	return X509v3_add_ext(&x->crl->extensions, ex, loc) != NULL;
 }
 LCRYPTO_ALIAS(X509_CRL_add_ext);
 
 int
 X509_get_ext_count(const X509 *x)
 {
-	return (X509v3_get_ext_count(x->cert_info->extensions));
+	return X509v3_get_ext_count(x->cert_info->extensions);
 }
 LCRYPTO_ALIAS(X509_get_ext_count);
 
 int
 X509_get_ext_by_NID(const X509 *x, int nid, int lastpos)
 {
-	return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos));
+	return X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos);
 }
 LCRYPTO_ALIAS(X509_get_ext_by_NID);
 
 int
 X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos)
 {
-	return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos));
+	return X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos);
 }
 LCRYPTO_ALIAS(X509_get_ext_by_OBJ);
 
 int
 X509_get_ext_by_critical(const X509 *x, int crit, int lastpos)
 {
-	return (X509v3_get_ext_by_critical(x->cert_info->extensions, crit,
-	    lastpos));
+	return X509v3_get_ext_by_critical(x->cert_info->extensions, crit,
+	    lastpos);
 }
 LCRYPTO_ALIAS(X509_get_ext_by_critical);
 
 X509_EXTENSION *
 X509_get_ext(const X509 *x, int loc)
 {
-	return (X509v3_get_ext(x->cert_info->extensions, loc));
+	return X509v3_get_ext(x->cert_info->extensions, loc);
 }
 LCRYPTO_ALIAS(X509_get_ext);
 
 X509_EXTENSION *
 X509_delete_ext(X509 *x, int loc)
 {
-	return (X509v3_delete_ext(x->cert_info->extensions, loc));
+	return X509v3_delete_ext(x->cert_info->extensions, loc);
 }
 LCRYPTO_ALIAS(X509_delete_ext);
 
 int
 X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
 {
-	return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL);
+	return X509v3_add_ext(&x->cert_info->extensions, ex, loc) != NULL;
 }
 LCRYPTO_ALIAS(X509_add_ext);
 
@@ -199,14 +195,14 @@ LCRYPTO_ALIAS(X509_add1_ext_i2d);
 int
 X509_REVOKED_get_ext_count(const X509_REVOKED *x)
 {
-	return (X509v3_get_ext_count(x->extensions));
+	return X509v3_get_ext_count(x->extensions);
 }
 LCRYPTO_ALIAS(X509_REVOKED_get_ext_count);
 
 int
 X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos)
 {
-	return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos));
+	return X509v3_get_ext_by_NID(x->extensions, nid, lastpos);
 }
 LCRYPTO_ALIAS(X509_REVOKED_get_ext_by_NID);
 
@@ -214,35 +210,35 @@ int
 X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
     int lastpos)
 {
-	return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos));
+	return X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos);
 }
 LCRYPTO_ALIAS(X509_REVOKED_get_ext_by_OBJ);
 
 int
 X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos)
 {
-	return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos));
+	return X509v3_get_ext_by_critical(x->extensions, crit, lastpos);
 }
 LCRYPTO_ALIAS(X509_REVOKED_get_ext_by_critical);
 
 X509_EXTENSION *
 X509_REVOKED_get_ext(const X509_REVOKED *x, int loc)
 {
-	return (X509v3_get_ext(x->extensions, loc));
+	return X509v3_get_ext(x->extensions, loc);
 }
 LCRYPTO_ALIAS(X509_REVOKED_get_ext);
 
 X509_EXTENSION *
 X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
 {
-	return (X509v3_delete_ext(x->extensions, loc));
+	return X509v3_delete_ext(x->extensions, loc);
 }
 LCRYPTO_ALIAS(X509_REVOKED_delete_ext);
 
 int
 X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
 {
-	return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
+	return X509v3_add_ext(&x->extensions, ex, loc) != NULL;
 }
 LCRYPTO_ALIAS(X509_REVOKED_add_ext);
 

lib/libcrypto/x509/x509_purp.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.41 2024/04/09 15:00:44 tb Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.42 2024/05/15 18:10:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -858,7 +858,7 @@ X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
 
 	/* Check key ids (if present) */
 	if (akid->keyid && issuer->skid &&
-	    ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid) )
+	    ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid))
 		return X509_V_ERR_AKID_SKID_MISMATCH;
 	/* Check serial number */
 	if (akid->serial &&