Convert some tables to C99 initializers

ok & "happy pirate day" beck
author: tb <> 2023-07-02 17:12:17 +0000
committer: tb <> 2023-07-02 17:12:17 +0000
commit: 025f3b8ef1e0ff3017dd0079925fbf85f15a6d22 (patch)
tree: 02b5e381e06b67a88ed3379762255783a6c17d8a
parent: 38cd396b800dc18b749806d8b297284deb76ca61 (diff)
download: openbsd-025f3b8ef1e0ff3017dd0079925fbf85f15a6d22.tar.gz
openbsd-025f3b8ef1e0ff3017dd0079925fbf85f15a6d22.tar.bz2
openbsd-025f3b8ef1e0ff3017dd0079925fbf85f15a6d22.zip
3 files changed, 249 insertions, 42 deletions
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
index 034c4d72c3..5d4e5ef8a0 100644
--- a/src/lib/libcrypto/asn1/a_strnid.c
+++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_strnid.c,v 1.25 2021/12/13 17:55:53 schwarze Exp $ */
+/* $OpenBSD: a_strnid.c,v 1.26 2023/07/02 17:12:17 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -187,25 +187,139 @@ ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen,
 /* This table must be kept in NID order */
 static const ASN1_STRING_TABLE tbl_standard[] = {
-        {NID_commonName,                1, ub_common_name, DIRSTRING_TYPE, 0},
+        {
-        {NID_countryName,               2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+                .nid = NID_commonName,
-        {NID_localityName,              1, ub_locality_name, DIRSTRING_TYPE, 0},
+                .minsize = 1,
-        {NID_stateOrProvinceName,       1, ub_state_name, DIRSTRING_TYPE, 0},
+                .maxsize = ub_common_name,
-        {NID_organizationName,          1, ub_organization_name, DIRSTRING_TYPE, 0},
+                .mask = DIRSTRING_TYPE,
-        {NID_organizationalUnitName,    1, ub_organization_unit_name, DIRSTRING_TYPE, 0},
+                .flags = 0,
-        {NID_pkcs9_emailAddress,        1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK},
+        },
-        {NID_pkcs9_unstructuredName,    1, -1, PKCS9STRING_TYPE, 0},
+        {
-        {NID_pkcs9_challengePassword,   1, -1, PKCS9STRING_TYPE, 0},
+                .nid = NID_countryName,
-        {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
+                .minsize = 2,
-        {NID_givenName,                 1, ub_name, DIRSTRING_TYPE, 0},
+                .maxsize = 2,
-        {NID_surname,                   1, ub_name, DIRSTRING_TYPE, 0},
+                .mask = B_ASN1_PRINTABLESTRING,
-        {NID_initials,                  1, ub_name, DIRSTRING_TYPE, 0},
+                .flags = STABLE_NO_MASK,
-        {NID_serialNumber,              1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+        },
-        {NID_friendlyName,              -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+        {
-        {NID_name,                      1, ub_name, DIRSTRING_TYPE, 0},
+                .nid = NID_localityName,
-        {NID_dnQualifier,               -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+                .minsize = 1,
-        {NID_domainComponent,           1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
+                .maxsize = ub_locality_name,
-        {NID_ms_csp_name,               -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
+                .mask = DIRSTRING_TYPE,
+                .flags = 0,
+        },
+        {
+                .nid = NID_stateOrProvinceName,
+                .minsize = 1,
+                .maxsize = ub_state_name,
+                .mask = DIRSTRING_TYPE,
+                .flags = 0,
+        },
+        {
+                .nid = NID_organizationName,
+                .minsize = 1,
+                .maxsize = ub_organization_name,
+                .mask = DIRSTRING_TYPE,
+                .flags = 0,
+        },
+        {
+                .nid = NID_organizationalUnitName,
+                .minsize = 1,
+                .maxsize = ub_organization_unit_name,
+                .mask = DIRSTRING_TYPE,
+                .flags = 0,
+        },
+        {
+                .nid = NID_pkcs9_emailAddress,
+                .minsize = 1,
+                .maxsize = ub_email_address,
+                .mask = B_ASN1_IA5STRING,
+                .flags = STABLE_NO_MASK,
+        },
+        {
+                .nid = NID_pkcs9_unstructuredName,
+                .minsize = 1,
+                .maxsize = -1,
+                .mask = PKCS9STRING_TYPE,
+                .flags = 0,
+        },
+        {
+                .nid = NID_pkcs9_challengePassword,
+                .minsize = 1,
+                .maxsize = -1,
+                .mask = PKCS9STRING_TYPE,
+                .flags = 0,
+        },
+        {
+                .nid = NID_pkcs9_unstructuredAddress,
+                .minsize = 1,
+                .maxsize = -1,
+                .mask = DIRSTRING_TYPE,
+                .flags = 0,
+        },
+        {
+                .nid = NID_givenName,
+                .minsize = 1,
+                .maxsize = ub_name,
+                .mask = DIRSTRING_TYPE,
+                .flags = 0,
+        },
+        {
+                .nid = NID_surname,
+                .minsize = 1,
+                .maxsize = ub_name,
+                .mask = DIRSTRING_TYPE,
+                .flags = 0,
+        },
+        {
+                .nid = NID_initials,
+                .minsize = 1,
+                .maxsize = ub_name,
+                .mask = DIRSTRING_TYPE,
+                .flags = 0,
+        },
+        {
+                .nid = NID_serialNumber,
+                .minsize = 1,
+                .maxsize = ub_serial_number,
+                .mask = B_ASN1_PRINTABLESTRING,
+                .flags = STABLE_NO_MASK,
+        },
+        {
+                .nid = NID_friendlyName,
+                .minsize = -1,
+                .maxsize = -1,
+                .mask = B_ASN1_BMPSTRING,
+                .flags = STABLE_NO_MASK,
+        },
+        {
+                .nid = NID_name,
+                .minsize = 1,
+                .maxsize = ub_name,
+                .mask = DIRSTRING_TYPE,
+                .flags = 0,
+        },
+        {
+                .nid = NID_dnQualifier,
+                .minsize = -1,
+                .maxsize = -1,
+                .mask = B_ASN1_PRINTABLESTRING,
+                .flags = STABLE_NO_MASK,
+        },
+        {
+                .nid = NID_domainComponent,
+                .minsize = 1,
+                .maxsize = -1,
+                .mask = B_ASN1_IA5STRING,
+                .flags = STABLE_NO_MASK,
+        },
+        {
+                .nid = NID_ms_csp_name,
+                .minsize = -1,
+                .maxsize = -1,
+                .mask = B_ASN1_BMPSTRING,
+                .flags = STABLE_NO_MASK,
+        },
 };
 static int
@@ -254,7 +368,7 @@ ASN1_STRING_TABLE_get(int nid)
                        return sk_ASN1_STRING_TABLE_value(stable, idx);
        }
        return OBJ_bsearch_table(&fnd, tbl_standard,
-            sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE));
+            sizeof(tbl_standard) / sizeof(tbl_standard[0]));
 }
 /*
diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c
index f7bc7ea538..f2c4f1dd57 100644
--- a/src/lib/libcrypto/x509/x509_purp.c
+++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.27 2023/06/25 13:52:27 tb Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.28 2023/07/02 17:12:17 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
@@ -99,18 +99,72 @@ static int xp_cmp(const X509_PURPOSE * const *a, const X509_PURPOSE * const *b);
 static void xptable_free(X509_PURPOSE *p);
 static X509_PURPOSE xstandard[] = {
-        {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
+        {
-        {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
+                .purpose = X509_PURPOSE_SSL_CLIENT,
-        {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
+                .trust = X509_TRUST_SSL_CLIENT,
-        {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
+                .check_purpose = check_purpose_ssl_client,
-        {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
+                .name = "SSL client",
-        {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
+                .sname = "sslclient",
-        {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
+        },
-        {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
+        {
-        {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL},
+                .purpose = X509_PURPOSE_SSL_SERVER,
+                .trust = X509_TRUST_SSL_SERVER,
+                .check_purpose = check_purpose_ssl_server,
+                .name = "SSL server",
+                .sname = "sslserver",
+        },
+        {
+                .purpose = X509_PURPOSE_NS_SSL_SERVER,
+                .trust = X509_TRUST_SSL_SERVER,
+                .check_purpose = check_purpose_ns_ssl_server,
+                .name = "Netscape SSL server",
+                .sname = "nssslserver",
+        },
+        {
+                .purpose = X509_PURPOSE_SMIME_SIGN,
+                .trust = X509_TRUST_EMAIL,
+                .check_purpose = check_purpose_smime_sign,
+                .name = "S/MIME signing",
+                .sname = "smimesign",
+        },
+        {
+                .purpose = X509_PURPOSE_SMIME_ENCRYPT,
+                .trust = X509_TRUST_EMAIL,
+                .check_purpose = check_purpose_smime_encrypt,
+                .name = "S/MIME encryption",
+                .sname = "smimeencrypt",
+        },
+        {
+                .purpose = X509_PURPOSE_CRL_SIGN,
+                .trust = X509_TRUST_COMPAT,
+                .check_purpose = check_purpose_crl_sign,
+                .name = "CRL signing",
+                .sname = "crlsign",
+        },
+        {
+                .purpose = X509_PURPOSE_ANY,
+                .trust = X509_TRUST_DEFAULT,
+                .check_purpose = no_check,
+                .name = "Any Purpose",
+                .sname = "any",
+        },
+        {
+                .purpose = X509_PURPOSE_OCSP_HELPER,
+                .trust = X509_TRUST_COMPAT,
+                .check_purpose = ocsp_helper,
+                .name = "OCSP helper",
+                .sname = "ocsphelper",
+        },
+        {
+                .purpose = X509_PURPOSE_TIMESTAMP_SIGN,
+                .trust = X509_TRUST_TSA,
+                .check_purpose = check_purpose_timestamp_sign,
+                .name = "Time Stamp signing",
+                .sname = "timestampsign",
+        },
 };
-#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
+#define X509_PURPOSE_COUNT (sizeof(xstandard) / sizeof(xstandard[0]))
 static STACK_OF(X509_PURPOSE) *xptable = NULL;
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index e3265918a4..6b935f8bee 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.31 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.32 2023/07/02 17:12:17 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -80,17 +80,56 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
 */
 static X509_TRUST trstandard[] = {
-        {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
+        {
-        {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
+                .trust = X509_TRUST_COMPAT,
-        {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
+                .check_trust = trust_compat,
-        {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
+                .name = "compatible",
-        {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
+        },
-        {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
+        {
-        {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL},
+                .trust = X509_TRUST_SSL_CLIENT,
-        {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
+                .check_trust = trust_1oidany,
+                .name = "SSL Client",
+                .arg1 = NID_client_auth,
+        },
+        {
+                .trust = X509_TRUST_SSL_SERVER,
+                .check_trust = trust_1oidany,
+                .name = "SSL Server",
+                .arg1 = NID_server_auth,
+        },
+        {
+                .trust = X509_TRUST_EMAIL,
+                .check_trust = trust_1oidany,
+                .name = "S/MIME email",
+                .arg1 = NID_email_protect,
+        },
+        {
+                .trust = X509_TRUST_OBJECT_SIGN,
+                .check_trust = trust_1oidany,
+                .name = "Object Signer",
+                .arg1 = NID_code_sign,
+        },
+        {
+                .trust = X509_TRUST_OCSP_SIGN,
+                .check_trust = trust_1oid,
+                .name = "OCSP responder",
+                .arg1 = NID_OCSP_sign,
+        },
+        {
+                .trust = X509_TRUST_OCSP_REQUEST,
+                .check_trust = trust_1oid,
+                .name = "OCSP request",
+                .arg1 = NID_ad_OCSP,
+        },
+        {
+                .trust = X509_TRUST_TSA,
+                .check_trust = trust_1oidany,
+                .name = "TSA server",
+                .arg1 = NID_time_stamp,
+        },
 };
-#define X509_TRUST_COUNT        (sizeof(trstandard)/sizeof(X509_TRUST))
+#define X509_TRUST_COUNT        (sizeof(trstandard) / sizeof(trstandard[0]))
 static STACK_OF(X509_TRUST) *trtable = NULL;
author	tb <>	2023-07-02 17:12:17 +0000
committer	tb <>	2023-07-02 17:12:17 +0000
commit	025f3b8ef1e0ff3017dd0079925fbf85f15a6d22 (patch)
tree	02b5e381e06b67a88ed3379762255783a6c17d8a
parent	38cd396b800dc18b749806d8b297284deb76ca61 (diff)
download	openbsd-025f3b8ef1e0ff3017dd0079925fbf85f15a6d22.tar.gz openbsd-025f3b8ef1e0ff3017dd0079925fbf85f15a6d22.tar.bz2 openbsd-025f3b8ef1e0ff3017dd0079925fbf85f15a6d22.zip

diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c index 034c4d72c3..5d4e5ef8a0 100644 --- a/src/lib/libcrypto/asn1/a_strnid.c +++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: a_strnid.c,v 1.25 2021/12/13 17:55:53 schwarze Exp $ */	1	/* $OpenBSD: a_strnid.c,v 1.26 2023/07/02 17:12:17 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -187,25 +187,139 @@ ASN1_STRING_set_by_NID(ASN1_STRING *out, const unsigned char in, int inlen,
187	/* This table must be kept in NID order */	187	/* This table must be kept in NID order */
188		188
189	static const ASN1_STRING_TABLE tbl_standard[] = {	189	static const ASN1_STRING_TABLE tbl_standard[] = {
190	{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},	190	{
191	{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},	191	.nid = NID_commonName,
192	{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},	192	.minsize = 1,
193	{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},	193	.maxsize = ub_common_name,
194	{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},	194	.mask = DIRSTRING_TYPE,
195	{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0},	195	.flags = 0,
196	{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK},	196	},
197	{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},	197	{
198	{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},	198	.nid = NID_countryName,
199	{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},	199	.minsize = 2,
200	{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},	200	.maxsize = 2,
201	{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},	201	.mask = B_ASN1_PRINTABLESTRING,
202	{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},	202	.flags = STABLE_NO_MASK,
203	{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},	203	},
204	{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},	204	{
205	{NID_name, 1, ub_name, DIRSTRING_TYPE, 0},	205	.nid = NID_localityName,
206	{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},	206	.minsize = 1,
207	{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},	207	.maxsize = ub_locality_name,
208	{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}	208	.mask = DIRSTRING_TYPE,
		209	.flags = 0,
		210	},
		211	{
		212	.nid = NID_stateOrProvinceName,
		213	.minsize = 1,
		214	.maxsize = ub_state_name,
		215	.mask = DIRSTRING_TYPE,
		216	.flags = 0,
		217	},
		218	{
		219	.nid = NID_organizationName,
		220	.minsize = 1,
		221	.maxsize = ub_organization_name,
		222	.mask = DIRSTRING_TYPE,
		223	.flags = 0,
		224	},
		225	{
		226	.nid = NID_organizationalUnitName,
		227	.minsize = 1,
		228	.maxsize = ub_organization_unit_name,
		229	.mask = DIRSTRING_TYPE,
		230	.flags = 0,
		231	},
		232	{
		233	.nid = NID_pkcs9_emailAddress,
		234	.minsize = 1,
		235	.maxsize = ub_email_address,
		236	.mask = B_ASN1_IA5STRING,
		237	.flags = STABLE_NO_MASK,
		238	},
		239	{
		240	.nid = NID_pkcs9_unstructuredName,
		241	.minsize = 1,
		242	.maxsize = -1,
		243	.mask = PKCS9STRING_TYPE,
		244	.flags = 0,
		245	},
		246	{
		247	.nid = NID_pkcs9_challengePassword,
		248	.minsize = 1,
		249	.maxsize = -1,
		250	.mask = PKCS9STRING_TYPE,
		251	.flags = 0,
		252	},
		253	{
		254	.nid = NID_pkcs9_unstructuredAddress,
		255	.minsize = 1,
		256	.maxsize = -1,
		257	.mask = DIRSTRING_TYPE,
		258	.flags = 0,
		259	},
		260	{
		261	.nid = NID_givenName,
		262	.minsize = 1,
		263	.maxsize = ub_name,
		264	.mask = DIRSTRING_TYPE,
		265	.flags = 0,
		266	},
		267	{
		268	.nid = NID_surname,
		269	.minsize = 1,
		270	.maxsize = ub_name,
		271	.mask = DIRSTRING_TYPE,
		272	.flags = 0,
		273	},
		274	{
		275	.nid = NID_initials,
		276	.minsize = 1,
		277	.maxsize = ub_name,
		278	.mask = DIRSTRING_TYPE,
		279	.flags = 0,
		280	},
		281	{
		282	.nid = NID_serialNumber,
		283	.minsize = 1,
		284	.maxsize = ub_serial_number,
		285	.mask = B_ASN1_PRINTABLESTRING,
		286	.flags = STABLE_NO_MASK,
		287	},
		288	{
		289	.nid = NID_friendlyName,
		290	.minsize = -1,
		291	.maxsize = -1,
		292	.mask = B_ASN1_BMPSTRING,
		293	.flags = STABLE_NO_MASK,
		294	},
		295	{
		296	.nid = NID_name,
		297	.minsize = 1,
		298	.maxsize = ub_name,
		299	.mask = DIRSTRING_TYPE,
		300	.flags = 0,
		301	},
		302	{
		303	.nid = NID_dnQualifier,
		304	.minsize = -1,
		305	.maxsize = -1,
		306	.mask = B_ASN1_PRINTABLESTRING,
		307	.flags = STABLE_NO_MASK,
		308	},
		309	{
		310	.nid = NID_domainComponent,
		311	.minsize = 1,
		312	.maxsize = -1,
		313	.mask = B_ASN1_IA5STRING,
		314	.flags = STABLE_NO_MASK,
		315	},
		316	{
		317	.nid = NID_ms_csp_name,
		318	.minsize = -1,
		319	.maxsize = -1,
		320	.mask = B_ASN1_BMPSTRING,
		321	.flags = STABLE_NO_MASK,
		322	},
209	};	323	};
210		324
211	static int	325	static int
@@ -254,7 +368,7 @@ ASN1_STRING_TABLE_get(int nid)
254	return sk_ASN1_STRING_TABLE_value(stable, idx);	368	return sk_ASN1_STRING_TABLE_value(stable, idx);
255	}	369	}
256	return OBJ_bsearch_table(&fnd, tbl_standard,	370	return OBJ_bsearch_table(&fnd, tbl_standard,
257	sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE));	371	sizeof(tbl_standard) / sizeof(tbl_standard[0]));
258	}	372	}
259		373
260	/*	374	/*


diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c index f7bc7ea538..f2c4f1dd57 100644 --- a/src/lib/libcrypto/x509/x509_purp.c +++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_purp.c,v 1.27 2023/06/25 13:52:27 tb Exp $ */	1	/* $OpenBSD: x509_purp.c,v 1.28 2023/07/02 17:12:17 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2001.	3	* project 2001.
4	*/	4	*/
@@ -99,18 +99,72 @@ static int xp_cmp(const X509_PURPOSE * const a, const X509_PURPOSE const *b);
99	static void xptable_free(X509_PURPOSE *p);	99	static void xptable_free(X509_PURPOSE *p);
100		100
101	static X509_PURPOSE xstandard[] = {	101	static X509_PURPOSE xstandard[] = {
102	{X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},	102	{
103	{X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},	103	.purpose = X509_PURPOSE_SSL_CLIENT,
104	{X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},	104	.trust = X509_TRUST_SSL_CLIENT,
105	{X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},	105	.check_purpose = check_purpose_ssl_client,
106	{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},	106	.name = "SSL client",
107	{X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},	107	.sname = "sslclient",
108	{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},	108	},
109	{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},	109	{
110	{X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL},	110	.purpose = X509_PURPOSE_SSL_SERVER,
		111	.trust = X509_TRUST_SSL_SERVER,
		112	.check_purpose = check_purpose_ssl_server,
		113	.name = "SSL server",
		114	.sname = "sslserver",
		115	},
		116	{
		117	.purpose = X509_PURPOSE_NS_SSL_SERVER,
		118	.trust = X509_TRUST_SSL_SERVER,
		119	.check_purpose = check_purpose_ns_ssl_server,
		120	.name = "Netscape SSL server",
		121	.sname = "nssslserver",
		122	},
		123	{
		124	.purpose = X509_PURPOSE_SMIME_SIGN,
		125	.trust = X509_TRUST_EMAIL,
		126	.check_purpose = check_purpose_smime_sign,
		127	.name = "S/MIME signing",
		128	.sname = "smimesign",
		129	},
		130	{
		131	.purpose = X509_PURPOSE_SMIME_ENCRYPT,
		132	.trust = X509_TRUST_EMAIL,
		133	.check_purpose = check_purpose_smime_encrypt,
		134	.name = "S/MIME encryption",
		135	.sname = "smimeencrypt",
		136	},
		137	{
		138	.purpose = X509_PURPOSE_CRL_SIGN,
		139	.trust = X509_TRUST_COMPAT,
		140	.check_purpose = check_purpose_crl_sign,
		141	.name = "CRL signing",
		142	.sname = "crlsign",
		143	},
		144	{
		145	.purpose = X509_PURPOSE_ANY,
		146	.trust = X509_TRUST_DEFAULT,
		147	.check_purpose = no_check,
		148	.name = "Any Purpose",
		149	.sname = "any",
		150	},
		151	{
		152	.purpose = X509_PURPOSE_OCSP_HELPER,
		153	.trust = X509_TRUST_COMPAT,
		154	.check_purpose = ocsp_helper,
		155	.name = "OCSP helper",
		156	.sname = "ocsphelper",
		157	},
		158	{
		159	.purpose = X509_PURPOSE_TIMESTAMP_SIGN,
		160	.trust = X509_TRUST_TSA,
		161	.check_purpose = check_purpose_timestamp_sign,
		162	.name = "Time Stamp signing",
		163	.sname = "timestampsign",
		164	},
111	};	165	};
112		166
113	#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))	167	#define X509_PURPOSE_COUNT (sizeof(xstandard) / sizeof(xstandard[0]))
114		168
115	static STACK_OF(X509_PURPOSE) *xptable = NULL;	169	static STACK_OF(X509_PURPOSE) *xptable = NULL;
116		170


diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index e3265918a4..6b935f8bee 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_trs.c,v 1.31 2023/02/16 08:38:17 tb Exp $ */	1	/* $OpenBSD: x509_trs.c,v 1.32 2023/07/02 17:12:17 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -80,17 +80,56 @@ static int (default_trust)(int id, X509 x, int flags) = obj_trust;
80	*/	80	*/
81		81
82	static X509_TRUST trstandard[] = {	82	static X509_TRUST trstandard[] = {
83	{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},	83	{
84	{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},	84	.trust = X509_TRUST_COMPAT,
85	{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},	85	.check_trust = trust_compat,
86	{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},	86	.name = "compatible",
87	{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},	87	},
88	{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},	88	{
89	{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL},	89	.trust = X509_TRUST_SSL_CLIENT,
90	{X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}	90	.check_trust = trust_1oidany,
		91	.name = "SSL Client",
		92	.arg1 = NID_client_auth,
		93	},
		94	{
		95	.trust = X509_TRUST_SSL_SERVER,
		96	.check_trust = trust_1oidany,
		97	.name = "SSL Server",
		98	.arg1 = NID_server_auth,
		99	},
		100	{
		101	.trust = X509_TRUST_EMAIL,
		102	.check_trust = trust_1oidany,
		103	.name = "S/MIME email",
		104	.arg1 = NID_email_protect,
		105	},
		106	{
		107	.trust = X509_TRUST_OBJECT_SIGN,
		108	.check_trust = trust_1oidany,
		109	.name = "Object Signer",
		110	.arg1 = NID_code_sign,
		111	},
		112	{
		113	.trust = X509_TRUST_OCSP_SIGN,
		114	.check_trust = trust_1oid,
		115	.name = "OCSP responder",
		116	.arg1 = NID_OCSP_sign,
		117	},
		118	{
		119	.trust = X509_TRUST_OCSP_REQUEST,
		120	.check_trust = trust_1oid,
		121	.name = "OCSP request",
		122	.arg1 = NID_ad_OCSP,
		123	},
		124	{
		125	.trust = X509_TRUST_TSA,
		126	.check_trust = trust_1oidany,
		127	.name = "TSA server",
		128	.arg1 = NID_time_stamp,
		129	},
91	};	130	};
92		131
93	#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))	132	#define X509_TRUST_COUNT (sizeof(trstandard) / sizeof(trstandard[0]))
94		133
95	static STACK_OF(X509_TRUST) *trtable = NULL;	134	static STACK_OF(X509_TRUST) *trtable = NULL;
96		135