sync code with last improvements from OpenBSD

This commit is contained in:
purplerain 2023-11-11 01:29:48 +00:00
parent 5903cbe575
commit 62d64fa864
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
841 changed files with 83929 additions and 40755 deletions

View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509.h,v 1.101 2023/07/28 15:50:33 tb Exp $ */
/* $OpenBSD: x509.h,v 1.103 2023/11/02 20:25:48 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -527,7 +527,9 @@ X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval,
const X509_ALGOR *algor);
#ifndef LIBRESSL_INTERNAL
void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
#endif
int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
X509_NAME *X509_NAME_dup(X509_NAME *xn);
@ -1081,13 +1083,10 @@ const STACK_OF(X509_ATTRIBUTE) *PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO
int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
const unsigned char *bytes, int len);
int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
int ptype, void *pval,
unsigned char *penc, int penclen);
int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
const unsigned char **pk, int *ppklen,
X509_ALGOR **pa,
X509_PUBKEY *pub);
int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype,
void *pval, unsigned char *penc, int penclen);
int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk,
int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub);
int X509_check_trust(X509 *x, int id, int flags);
int X509_TRUST_get_count(void);

View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_addr.c,v 1.90 2023/09/27 11:29:22 tb Exp $ */
/* $OpenBSD: x509_addr.c,v 1.91 2023/10/29 13:22:37 tb Exp $ */
/*
* Contributed to the OpenSSL Project by the American Registry for
* Internet Numbers ("ARIN").
@ -1886,8 +1886,11 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
if (ext == NULL) {
depth = 0;
cert = sk_X509_value(chain, depth);
if ((X509_get_extension_flags(cert) & EXFLAG_INVALID) != 0)
goto done;
if ((X509_get_extension_flags(cert) & EXFLAG_INVALID) != 0) {
if ((ret = verify_error(ctx, cert,
X509_V_ERR_INVALID_EXTENSION, depth)) == 0)
goto done;
}
if ((ext = cert->rfc3779_addr) == NULL)
goto done;
} else if (!X509v3_addr_is_canonical(ext)) {

View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_local.h,v 1.10 2023/10/11 13:05:18 tb Exp $ */
/* $OpenBSD: x509_local.h,v 1.11 2023/11/01 20:37:42 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2013.
*/
@ -380,6 +380,8 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);
int name_cmp(const char *name, const char *cmp);
int X509_ALGOR_set_evp_md(X509_ALGOR *alg, const EVP_MD *md);
int X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type,
void *parameter_value);
int X509_policy_check(const STACK_OF(X509) *certs,
const STACK_OF(ASN1_OBJECT) *user_policies, unsigned long flags,