sync with OpenBSD -current
This commit is contained in:
parent
72a51d0b15
commit
f437ff84be
GPG key ID:
F42C07F07E2E35B7
15 changed files with 633 additions and 114 deletions
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: x509_issuer_cache.c,v 1.4 2022/12/26 07:18:53 jmc Exp $ */
|
||||
/* $OpenBSD: x509_issuer_cache.c,v 1.7 2023/12/30 18:26:13 tb Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
|
||||
*
|
||||
|
|
@ -78,8 +78,8 @@ x509_issuer_cache_set_max(size_t max)
|
|||
* if an entry was successfully freed, 0 otherwise. Must
|
||||
* be called with x509_issuer_tree_mutex held.
|
||||
*/
|
||||
void
|
||||
x509_issuer_cache_free_oldest()
|
||||
static void
|
||||
x509_issuer_cache_free_oldest(void)
|
||||
{
|
||||
struct x509_issuer *old;
|
||||
|
||||
|
|
@ -98,7 +98,7 @@ x509_issuer_cache_free_oldest()
|
|||
* Free the entire issuer cache, discarding all entries.
|
||||
*/
|
||||
void
|
||||
x509_issuer_cache_free()
|
||||
x509_issuer_cache_free(void)
|
||||
{
|
||||
if (pthread_mutex_lock(&x509_issuer_tree_mutex) != 0)
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: x509_issuer_cache.h,v 1.2 2022/09/03 17:47:47 jsing Exp $ */
|
||||
/* $OpenBSD: x509_issuer_cache.h,v 1.3 2023/12/30 18:06:59 tb Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
|
||||
*
|
||||
|
|
@ -41,7 +41,7 @@ int x509_issuer_cache_set_max(size_t max);
|
|||
int x509_issuer_cache_find(unsigned char *parent_md, unsigned char *child_md);
|
||||
void x509_issuer_cache_add(unsigned char *parent_md, unsigned char *child_md,
|
||||
int valid);
|
||||
void x509_issuer_cache_free();
|
||||
void x509_issuer_cache_free(void);
|
||||
|
||||
__END_HIDDEN_DECLS
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: x509_purp.c,v 1.30 2023/11/13 10:33:00 tb Exp $ */
|
||||
/* $OpenBSD: x509_purp.c,v 1.33 2023/12/31 07:19:13 tb Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 2001.
|
||||
*/
|
||||
|
|
@ -386,68 +386,33 @@ X509_PURPOSE_get_trust(const X509_PURPOSE *xp)
|
|||
}
|
||||
LCRYPTO_ALIAS(X509_PURPOSE_get_trust);
|
||||
|
||||
static int
|
||||
nid_cmp(const int *a, const int *b)
|
||||
{
|
||||
return *a - *b;
|
||||
}
|
||||
|
||||
static int nid_cmp_BSEARCH_CMP_FN(const void *, const void *);
|
||||
static int nid_cmp(int const *, int const *);
|
||||
static int *OBJ_bsearch_nid(int *key, int const *base, int num);
|
||||
|
||||
static int
|
||||
nid_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
|
||||
{
|
||||
int const *a = a_;
|
||||
int const *b = b_;
|
||||
return nid_cmp(a, b);
|
||||
}
|
||||
|
||||
static int *
|
||||
OBJ_bsearch_nid(int *key, int const *base, int num)
|
||||
{
|
||||
return (int *)OBJ_bsearch_(key, base, num, sizeof(int),
|
||||
nid_cmp_BSEARCH_CMP_FN);
|
||||
}
|
||||
|
||||
/*
|
||||
* List of NIDs of extensions supported by the verifier. If an extension
|
||||
* is critical and doesn't appear in this list, then the certificate will
|
||||
* normally be rejected.
|
||||
*/
|
||||
int
|
||||
X509_supported_extension(X509_EXTENSION *ex)
|
||||
X509_supported_extension(X509_EXTENSION *ext)
|
||||
{
|
||||
/* This table is a list of the NIDs of supported extensions:
|
||||
* that is those which are used by the verify process. If
|
||||
* an extension is critical and doesn't appear in this list
|
||||
* then the verify process will normally reject the certificate.
|
||||
* The list must be kept in numerical order because it will be
|
||||
* searched using bsearch.
|
||||
*/
|
||||
|
||||
static const int supported_nids[] = {
|
||||
NID_netscape_cert_type, /* 71 */
|
||||
NID_key_usage, /* 83 */
|
||||
NID_subject_alt_name, /* 85 */
|
||||
NID_basic_constraints, /* 87 */
|
||||
NID_certificate_policies, /* 89 */
|
||||
NID_ext_key_usage, /* 126 */
|
||||
switch (OBJ_obj2nid(X509_EXTENSION_get_object(ext))) {
|
||||
case NID_basic_constraints:
|
||||
case NID_certificate_policies:
|
||||
case NID_ext_key_usage:
|
||||
case NID_inhibit_any_policy:
|
||||
case NID_key_usage:
|
||||
case NID_name_constraints:
|
||||
case NID_netscape_cert_type:
|
||||
case NID_policy_constraints:
|
||||
case NID_policy_mappings:
|
||||
#ifndef OPENSSL_NO_RFC3779
|
||||
NID_sbgp_ipAddrBlock, /* 290 */
|
||||
NID_sbgp_autonomousSysNum, /* 291 */
|
||||
case NID_sbgp_ipAddrBlock:
|
||||
case NID_sbgp_autonomousSysNum:
|
||||
#endif
|
||||
NID_policy_constraints, /* 401 */
|
||||
NID_name_constraints, /* 666 */
|
||||
NID_policy_mappings, /* 747 */
|
||||
NID_inhibit_any_policy /* 748 */
|
||||
};
|
||||
|
||||
int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
|
||||
|
||||
if (ex_nid == NID_undef)
|
||||
return 0;
|
||||
|
||||
if (OBJ_bsearch_nid(&ex_nid, supported_nids,
|
||||
sizeof(supported_nids) / sizeof(int)))
|
||||
case NID_subject_alt_name:
|
||||
return 1;
|
||||
return 0;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
LCRYPTO_ALIAS(X509_supported_extension);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue