diff options
| author | tb <> | 2023-05-28 05:25:24 +0000 |
|---|---|---|
| committer | tb <> | 2023-05-28 05:25:24 +0000 |
| commit | a95e36808ea4031670010ec297a8701fa0500aaa (patch) | |
| tree | ec517a3d5252ee6f882377da37f2eed9b56f843c | |
| parent | d4cbaebb201580abb6146f23b603e976b071aa6c (diff) | |
| download | openbsd-a95e36808ea4031670010ec297a8701fa0500aaa.tar.gz openbsd-a95e36808ea4031670010ec297a8701fa0500aaa.tar.bz2 openbsd-a95e36808ea4031670010ec297a8701fa0500aaa.zip | |
Merge X509_VERIFY_PARAM_ID into X509_VERIFY_PARAM
Back in the day when essentially every struct was open to all applications,
X509_VERIFY_PARAM_ID provided a modicum of opacity. This indirection is now
no longer needed with X509_VERIFY_PARAM being opaque itself, so stop using
X509_VERIFY_PARAM_ID and merge it into X509_VERIFY_PARAM. This is a first
small step towards cleaning up the X509_VERIFY_PARAM mess.
ok jsing
| -rw-r--r-- | src/lib/libcrypto/x509/x509_local.h | 22 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 25 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.h | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vpm.c | 132 |
4 files changed, 73 insertions, 110 deletions
diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h index 9ce1b58ed1..f00a55bac8 100644 --- a/src/lib/libcrypto/x509/x509_local.h +++ b/src/lib/libcrypto/x509/x509_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_local.h,v 1.8 2023/05/08 14:51:00 tb Exp $ */ | 1 | /* $OpenBSD: x509_local.h,v 1.9 2023/05/28 05:25:24 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2013. | 3 | * project 2013. |
| 4 | */ | 4 | */ |
| @@ -272,7 +272,14 @@ struct X509_VERIFY_PARAM_st { | |||
| 272 | int depth; /* Verify depth */ | 272 | int depth; /* Verify depth */ |
| 273 | int security_level; /* 'Security level', see SP800-57. */ | 273 | int security_level; /* 'Security level', see SP800-57. */ |
| 274 | STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ | 274 | STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ |
| 275 | X509_VERIFY_PARAM_ID *id; /* opaque ID data */ | 275 | STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ |
| 276 | unsigned int hostflags; /* Flags to control matching features */ | ||
| 277 | char *peername; /* Matching hostname in peer certificate */ | ||
| 278 | char *email; /* If not NULL email address to match */ | ||
| 279 | size_t emaillen; | ||
| 280 | unsigned char *ip; /* If not NULL IP address to match */ | ||
| 281 | size_t iplen; /* Length of IP address */ | ||
| 282 | int poisoned; | ||
| 276 | } /* X509_VERIFY_PARAM */; | 283 | } /* X509_VERIFY_PARAM */; |
| 277 | 284 | ||
| 278 | /* | 285 | /* |
| @@ -368,17 +375,6 @@ struct x509_store_ctx_st { | |||
| 368 | CRYPTO_EX_DATA ex_data; | 375 | CRYPTO_EX_DATA ex_data; |
| 369 | } /* X509_STORE_CTX */; | 376 | } /* X509_STORE_CTX */; |
| 370 | 377 | ||
| 371 | struct X509_VERIFY_PARAM_ID_st { | ||
| 372 | STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ | ||
| 373 | unsigned int hostflags; /* Flags to control matching features */ | ||
| 374 | char *peername; /* Matching hostname in peer certificate */ | ||
| 375 | char *email; /* If not NULL email address to match */ | ||
| 376 | size_t emaillen; | ||
| 377 | unsigned char *ip; /* If not NULL IP address to match */ | ||
| 378 | size_t iplen; /* Length of IP address */ | ||
| 379 | int poisoned; | ||
| 380 | }; | ||
| 381 | |||
| 382 | int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet); | 378 | int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet); |
| 383 | 379 | ||
| 384 | int name_cmp(const char *name, const char *cmp); | 380 | int name_cmp(const char *name, const char *cmp); |
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 6bc06187e1..0c2144752d 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.123 2023/05/14 20:20:40 tb Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.124 2023/05/28 05:25:24 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -177,19 +177,19 @@ check_id_error(X509_STORE_CTX *ctx, int errcode) | |||
| 177 | } | 177 | } |
| 178 | 178 | ||
| 179 | static int | 179 | static int |
| 180 | check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) | 180 | check_hosts(X509 *x, X509_VERIFY_PARAM *vpm) |
| 181 | { | 181 | { |
| 182 | int i, n; | 182 | int i, n; |
| 183 | char *name; | 183 | char *name; |
| 184 | 184 | ||
| 185 | n = sk_OPENSSL_STRING_num(id->hosts); | 185 | n = sk_OPENSSL_STRING_num(vpm->hosts); |
| 186 | free(id->peername); | 186 | free(vpm->peername); |
| 187 | id->peername = NULL; | 187 | vpm->peername = NULL; |
| 188 | 188 | ||
| 189 | for (i = 0; i < n; ++i) { | 189 | for (i = 0; i < n; ++i) { |
| 190 | name = sk_OPENSSL_STRING_value(id->hosts, i); | 190 | name = sk_OPENSSL_STRING_value(vpm->hosts, i); |
| 191 | if (X509_check_host(x, name, strlen(name), id->hostflags, | 191 | if (X509_check_host(x, name, strlen(name), vpm->hostflags, |
| 192 | &id->peername) > 0) | 192 | &vpm->peername) > 0) |
| 193 | return 1; | 193 | return 1; |
| 194 | } | 194 | } |
| 195 | return n == 0; | 195 | return n == 0; |
| @@ -199,19 +199,18 @@ static int | |||
| 199 | check_id(X509_STORE_CTX *ctx) | 199 | check_id(X509_STORE_CTX *ctx) |
| 200 | { | 200 | { |
| 201 | X509_VERIFY_PARAM *vpm = ctx->param; | 201 | X509_VERIFY_PARAM *vpm = ctx->param; |
| 202 | X509_VERIFY_PARAM_ID *id = vpm->id; | ||
| 203 | X509 *x = ctx->cert; | 202 | X509 *x = ctx->cert; |
| 204 | 203 | ||
| 205 | if (id->hosts && check_hosts(x, id) <= 0) { | 204 | if (vpm->hosts && check_hosts(x, vpm) <= 0) { |
| 206 | if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) | 205 | if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) |
| 207 | return 0; | 206 | return 0; |
| 208 | } | 207 | } |
| 209 | if (id->email != NULL && X509_check_email(x, id->email, id->emaillen, 0) | 208 | if (vpm->email != NULL && X509_check_email(x, vpm->email, vpm->emaillen, 0) |
| 210 | <= 0) { | 209 | <= 0) { |
| 211 | if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) | 210 | if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) |
| 212 | return 0; | 211 | return 0; |
| 213 | } | 212 | } |
| 214 | if (id->ip != NULL && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) { | 213 | if (vpm->ip != NULL && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) { |
| 215 | if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) | 214 | if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) |
| 216 | return 0; | 215 | return 0; |
| 217 | } | 216 | } |
| @@ -609,7 +608,7 @@ X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 609 | ctx->error = X509_V_ERR_INVALID_CALL; | 608 | ctx->error = X509_V_ERR_INVALID_CALL; |
| 610 | return -1; | 609 | return -1; |
| 611 | } | 610 | } |
| 612 | if (ctx->param->id->poisoned) { | 611 | if (ctx->param->poisoned) { |
| 613 | /* | 612 | /* |
| 614 | * This X509_STORE_CTX had failures setting | 613 | * This X509_STORE_CTX had failures setting |
| 615 | * up verify parameters. We can not use it. | 614 | * up verify parameters. We can not use it. |
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h index 202cf7438f..1aa29abd3d 100644 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ b/src/lib/libcrypto/x509/x509_vfy.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.h,v 1.63 2023/04/28 16:50:16 beck Exp $ */ | 1 | /* $OpenBSD: x509_vfy.h,v 1.64 2023/05/28 05:25:24 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -105,7 +105,7 @@ DECLARE_STACK_OF(X509_LOOKUP) | |||
| 105 | DECLARE_STACK_OF(X509_OBJECT) | 105 | DECLARE_STACK_OF(X509_OBJECT) |
| 106 | DECLARE_STACK_OF(X509_VERIFY_PARAM) | 106 | DECLARE_STACK_OF(X509_VERIFY_PARAM) |
| 107 | 107 | ||
| 108 | /* unused in OpenSSL */ | 108 | /* XXX - unused in OpenSSL. Can we remove this? */ |
| 109 | typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; | 109 | typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; |
| 110 | 110 | ||
| 111 | 111 | ||
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c index 5c8c09e9fc..4ba697ead4 100644 --- a/src/lib/libcrypto/x509/x509_vpm.c +++ b/src/lib/libcrypto/x509/x509_vpm.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vpm.c,v 1.39 2023/05/24 09:15:14 tb Exp $ */ | 1 | /* $OpenBSD: x509_vpm.c,v 1.40 2023/05/28 05:25:24 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2004. | 3 | * project 2004. |
| 4 | */ | 4 | */ |
| @@ -122,7 +122,7 @@ sk_deep_copy(void *sk_void, void *copy_func_void, void *free_func_void) | |||
| 122 | } | 122 | } |
| 123 | 123 | ||
| 124 | static int | 124 | static int |
| 125 | x509_param_set_hosts_internal(X509_VERIFY_PARAM_ID *id, int mode, | 125 | x509_param_set_hosts_internal(X509_VERIFY_PARAM *vpm, int mode, |
| 126 | const char *name, size_t namelen) | 126 | const char *name, size_t namelen) |
| 127 | { | 127 | { |
| 128 | char *copy; | 128 | char *copy; |
| @@ -135,9 +135,9 @@ x509_param_set_hosts_internal(X509_VERIFY_PARAM_ID *id, int mode, | |||
| 135 | if (name && memchr(name, '\0', namelen)) | 135 | if (name && memchr(name, '\0', namelen)) |
| 136 | return 0; | 136 | return 0; |
| 137 | 137 | ||
| 138 | if (mode == SET_HOST && id->hosts) { | 138 | if (mode == SET_HOST && vpm->hosts) { |
| 139 | sk_OPENSSL_STRING_pop_free(id->hosts, str_free); | 139 | sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free); |
| 140 | id->hosts = NULL; | 140 | vpm->hosts = NULL; |
| 141 | } | 141 | } |
| 142 | if (name == NULL || namelen == 0) | 142 | if (name == NULL || namelen == 0) |
| 143 | return 1; | 143 | return 1; |
| @@ -145,17 +145,17 @@ x509_param_set_hosts_internal(X509_VERIFY_PARAM_ID *id, int mode, | |||
| 145 | if (copy == NULL) | 145 | if (copy == NULL) |
| 146 | return 0; | 146 | return 0; |
| 147 | 147 | ||
| 148 | if (id->hosts == NULL && | 148 | if (vpm->hosts == NULL && |
| 149 | (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { | 149 | (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { |
| 150 | free(copy); | 150 | free(copy); |
| 151 | return 0; | 151 | return 0; |
| 152 | } | 152 | } |
| 153 | 153 | ||
| 154 | if (!sk_OPENSSL_STRING_push(id->hosts, copy)) { | 154 | if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) { |
| 155 | free(copy); | 155 | free(copy); |
| 156 | if (sk_OPENSSL_STRING_num(id->hosts) == 0) { | 156 | if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) { |
| 157 | sk_OPENSSL_STRING_free(id->hosts); | 157 | sk_OPENSSL_STRING_free(vpm->hosts); |
| 158 | id->hosts = NULL; | 158 | vpm->hosts = NULL; |
| 159 | } | 159 | } |
| 160 | return 0; | 160 | return 0; |
| 161 | } | 161 | } |
| @@ -166,9 +166,9 @@ x509_param_set_hosts_internal(X509_VERIFY_PARAM_ID *id, int mode, | |||
| 166 | static void | 166 | static void |
| 167 | x509_verify_param_zero(X509_VERIFY_PARAM *param) | 167 | x509_verify_param_zero(X509_VERIFY_PARAM *param) |
| 168 | { | 168 | { |
| 169 | X509_VERIFY_PARAM_ID *paramid; | ||
| 170 | if (!param) | 169 | if (!param) |
| 171 | return; | 170 | return; |
| 171 | |||
| 172 | free(param->name); | 172 | free(param->name); |
| 173 | param->name = NULL; | 173 | param->name = NULL; |
| 174 | param->purpose = 0; | 174 | param->purpose = 0; |
| @@ -177,40 +177,29 @@ x509_verify_param_zero(X509_VERIFY_PARAM *param) | |||
| 177 | param->inh_flags = 0; | 177 | param->inh_flags = 0; |
| 178 | param->flags = 0; | 178 | param->flags = 0; |
| 179 | param->depth = -1; | 179 | param->depth = -1; |
| 180 | if (param->policies) { | 180 | sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); |
| 181 | sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); | 181 | param->policies = NULL; |
| 182 | param->policies = NULL; | 182 | sk_OPENSSL_STRING_pop_free(param->hosts, str_free); |
| 183 | } | 183 | param->hosts = NULL; |
| 184 | paramid = param->id; | 184 | free(param->peername); |
| 185 | if (paramid->hosts) { | 185 | param->peername = NULL; |
| 186 | sk_OPENSSL_STRING_pop_free(paramid->hosts, str_free); | 186 | free(param->email); |
| 187 | paramid->hosts = NULL; | 187 | param->email = NULL; |
| 188 | } | 188 | param->emaillen = 0; |
| 189 | free(paramid->peername); | 189 | free(param->ip); |
| 190 | paramid->peername = NULL; | 190 | param->ip = NULL; |
| 191 | free(paramid->email); | 191 | param->iplen = 0; |
| 192 | paramid->email = NULL; | 192 | param->poisoned = 0; |
| 193 | paramid->emaillen = 0; | ||
| 194 | free(paramid->ip); | ||
| 195 | paramid->ip = NULL; | ||
| 196 | paramid->iplen = 0; | ||
| 197 | paramid->poisoned = 0; | ||
| 198 | } | 193 | } |
| 199 | 194 | ||
| 200 | X509_VERIFY_PARAM * | 195 | X509_VERIFY_PARAM * |
| 201 | X509_VERIFY_PARAM_new(void) | 196 | X509_VERIFY_PARAM_new(void) |
| 202 | { | 197 | { |
| 203 | X509_VERIFY_PARAM *param; | 198 | X509_VERIFY_PARAM *param; |
| 204 | X509_VERIFY_PARAM_ID *paramid; | 199 | |
| 205 | param = calloc(1, sizeof(X509_VERIFY_PARAM)); | 200 | param = calloc(1, sizeof(X509_VERIFY_PARAM)); |
| 206 | if (param == NULL) | 201 | if (param == NULL) |
| 207 | return NULL; | 202 | return NULL; |
| 208 | paramid = calloc(1, sizeof(X509_VERIFY_PARAM_ID)); | ||
| 209 | if (paramid == NULL) { | ||
| 210 | free(param); | ||
| 211 | return NULL; | ||
| 212 | } | ||
| 213 | param->id = paramid; | ||
| 214 | x509_verify_param_zero(param); | 203 | x509_verify_param_zero(param); |
| 215 | return param; | 204 | return param; |
| 216 | } | 205 | } |
| @@ -222,7 +211,6 @@ X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) | |||
| 222 | if (param == NULL) | 211 | if (param == NULL) |
| 223 | return; | 212 | return; |
| 224 | x509_verify_param_zero(param); | 213 | x509_verify_param_zero(param); |
| 225 | free(param->id); | ||
| 226 | free(param); | 214 | free(param); |
| 227 | } | 215 | } |
| 228 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_free); | 216 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_free); |
| @@ -260,18 +248,11 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_free); | |||
| 260 | */ | 248 | */ |
| 261 | 249 | ||
| 262 | /* Macro to test if a field should be copied from src to dest */ | 250 | /* Macro to test if a field should be copied from src to dest */ |
| 263 | |||
| 264 | #define test_x509_verify_param_copy(field, def) \ | 251 | #define test_x509_verify_param_copy(field, def) \ |
| 265 | (to_overwrite || \ | 252 | (to_overwrite || \ |
| 266 | ((src->field != def) && (to_default || (dest->field == def)))) | 253 | ((src->field != def) && (to_default || (dest->field == def)))) |
| 267 | 254 | ||
| 268 | /* As above but for ID fields */ | ||
| 269 | |||
| 270 | #define test_x509_verify_param_copy_id(idf, def) \ | ||
| 271 | test_x509_verify_param_copy(id->idf, def) | ||
| 272 | |||
| 273 | /* Macro to test and copy a field if necessary */ | 255 | /* Macro to test and copy a field if necessary */ |
| 274 | |||
| 275 | #define x509_verify_param_copy(field, def) \ | 256 | #define x509_verify_param_copy(field, def) \ |
| 276 | if (test_x509_verify_param_copy(field, def)) \ | 257 | if (test_x509_verify_param_copy(field, def)) \ |
| 277 | dest->field = src->field | 258 | dest->field = src->field |
| @@ -281,11 +262,9 @@ X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, const X509_VERIFY_PARAM *src) | |||
| 281 | { | 262 | { |
| 282 | unsigned long inh_flags; | 263 | unsigned long inh_flags; |
| 283 | int to_default, to_overwrite; | 264 | int to_default, to_overwrite; |
| 284 | X509_VERIFY_PARAM_ID *id; | ||
| 285 | 265 | ||
| 286 | if (!src) | 266 | if (!src) |
| 287 | return 1; | 267 | return 1; |
| 288 | id = src->id; | ||
| 289 | inh_flags = dest->inh_flags | src->inh_flags; | 268 | inh_flags = dest->inh_flags | src->inh_flags; |
| 290 | 269 | ||
| 291 | if (inh_flags & X509_VP_FLAG_ONCE) | 270 | if (inh_flags & X509_VP_FLAG_ONCE) |
| @@ -326,30 +305,28 @@ X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, const X509_VERIFY_PARAM *src) | |||
| 326 | return 0; | 305 | return 0; |
| 327 | } | 306 | } |
| 328 | 307 | ||
| 329 | if (test_x509_verify_param_copy_id(hostflags, 0)) | 308 | x509_verify_param_copy(hostflags, 0); |
| 330 | dest->id->hostflags = id->hostflags; | ||
| 331 | 309 | ||
| 332 | if (test_x509_verify_param_copy_id(hosts, NULL)) { | 310 | if (test_x509_verify_param_copy(hosts, NULL)) { |
| 333 | if (dest->id->hosts) { | 311 | if (dest->hosts) { |
| 334 | sk_OPENSSL_STRING_pop_free(dest->id->hosts, str_free); | 312 | sk_OPENSSL_STRING_pop_free(dest->hosts, str_free); |
| 335 | dest->id->hosts = NULL; | 313 | dest->hosts = NULL; |
| 336 | } | 314 | } |
| 337 | if (id->hosts) { | 315 | if (src->hosts) { |
| 338 | dest->id->hosts = | 316 | dest->hosts = sk_deep_copy(src->hosts, strdup, str_free); |
| 339 | sk_deep_copy(id->hosts, strdup, str_free); | 317 | if (dest->hosts == NULL) |
| 340 | if (dest->id->hosts == NULL) | ||
| 341 | return 0; | 318 | return 0; |
| 342 | } | 319 | } |
| 343 | } | 320 | } |
| 344 | 321 | ||
| 345 | if (test_x509_verify_param_copy_id(email, NULL)) { | 322 | if (test_x509_verify_param_copy(email, NULL)) { |
| 346 | if (!X509_VERIFY_PARAM_set1_email(dest, id->email, | 323 | if (!X509_VERIFY_PARAM_set1_email(dest, src->email, |
| 347 | id->emaillen)) | 324 | src->emaillen)) |
| 348 | return 0; | 325 | return 0; |
| 349 | } | 326 | } |
| 350 | 327 | ||
| 351 | if (test_x509_verify_param_copy_id(ip, NULL)) { | 328 | if (test_x509_verify_param_copy(ip, NULL)) { |
| 352 | if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen)) | 329 | if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen)) |
| 353 | return 0; | 330 | return 0; |
| 354 | } | 331 | } |
| 355 | 332 | ||
| @@ -534,9 +511,9 @@ int | |||
| 534 | X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, | 511 | X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, |
| 535 | const char *name, size_t namelen) | 512 | const char *name, size_t namelen) |
| 536 | { | 513 | { |
| 537 | if (x509_param_set_hosts_internal(param->id, SET_HOST, name, namelen)) | 514 | if (x509_param_set_hosts_internal(param, SET_HOST, name, namelen)) |
| 538 | return 1; | 515 | return 1; |
| 539 | param->id->poisoned = 1; | 516 | param->poisoned = 1; |
| 540 | return 0; | 517 | return 0; |
| 541 | } | 518 | } |
| 542 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_set1_host); | 519 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_set1_host); |
| @@ -545,9 +522,9 @@ int | |||
| 545 | X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, | 522 | X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, |
| 546 | const char *name, size_t namelen) | 523 | const char *name, size_t namelen) |
| 547 | { | 524 | { |
| 548 | if (x509_param_set_hosts_internal(param->id, ADD_HOST, name, namelen)) | 525 | if (x509_param_set_hosts_internal(param, ADD_HOST, name, namelen)) |
| 549 | return 1; | 526 | return 1; |
| 550 | param->id->poisoned = 1; | 527 | param->poisoned = 1; |
| 551 | return 0; | 528 | return 0; |
| 552 | } | 529 | } |
| 553 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_add1_host); | 530 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_add1_host); |
| @@ -556,20 +533,20 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_add1_host); | |||
| 556 | unsigned int | 533 | unsigned int |
| 557 | X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param) | 534 | X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param) |
| 558 | { | 535 | { |
| 559 | return param->id->hostflags; | 536 | return param->hostflags; |
| 560 | } | 537 | } |
| 561 | 538 | ||
| 562 | void | 539 | void |
| 563 | X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags) | 540 | X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags) |
| 564 | { | 541 | { |
| 565 | param->id->hostflags = flags; | 542 | param->hostflags = flags; |
| 566 | } | 543 | } |
| 567 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_hostflags); | 544 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_hostflags); |
| 568 | 545 | ||
| 569 | char * | 546 | char * |
| 570 | X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) | 547 | X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) |
| 571 | { | 548 | { |
| 572 | return param->id->peername; | 549 | return param->peername; |
| 573 | } | 550 | } |
| 574 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_get0_peername); | 551 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_get0_peername); |
| 575 | 552 | ||
| @@ -577,10 +554,10 @@ int | |||
| 577 | X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, | 554 | X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, |
| 578 | size_t emaillen) | 555 | size_t emaillen) |
| 579 | { | 556 | { |
| 580 | if (x509_param_set1_internal(¶m->id->email, ¶m->id->emaillen, | 557 | if (x509_param_set1_internal(¶m->email, ¶m->emaillen, |
| 581 | email, emaillen, 1)) | 558 | email, emaillen, 1)) |
| 582 | return 1; | 559 | return 1; |
| 583 | param->id->poisoned = 1; | 560 | param->poisoned = 1; |
| 584 | return 0; | 561 | return 0; |
| 585 | } | 562 | } |
| 586 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_set1_email); | 563 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_set1_email); |
| @@ -591,11 +568,11 @@ X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, | |||
| 591 | { | 568 | { |
| 592 | if (iplen != 4 && iplen != 16) | 569 | if (iplen != 4 && iplen != 16) |
| 593 | goto err; | 570 | goto err; |
| 594 | if (x509_param_set1_internal((char **)¶m->id->ip, ¶m->id->iplen, | 571 | if (x509_param_set1_internal((char **)¶m->ip, ¶m->iplen, |
| 595 | (char *)ip, iplen, 0)) | 572 | (char *)ip, iplen, 0)) |
| 596 | return 1; | 573 | return 1; |
| 597 | err: | 574 | err: |
| 598 | param->id->poisoned = 1; | 575 | param->poisoned = 1; |
| 599 | return 0; | 576 | return 0; |
| 600 | } | 577 | } |
| 601 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_set1_ip); | 578 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_set1_ip); |
| @@ -625,10 +602,6 @@ X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) | |||
| 625 | } | 602 | } |
| 626 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_get0_name); | 603 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_get0_name); |
| 627 | 604 | ||
| 628 | static const X509_VERIFY_PARAM_ID _empty_id = { NULL }; | ||
| 629 | |||
| 630 | #define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id | ||
| 631 | |||
| 632 | /* | 605 | /* |
| 633 | * Default verify parameters: these are used for various applications and can | 606 | * Default verify parameters: these are used for various applications and can |
| 634 | * be overridden by the user specified table. | 607 | * be overridden by the user specified table. |
| @@ -640,35 +613,30 @@ static const X509_VERIFY_PARAM default_table[] = { | |||
| 640 | .flags = X509_V_FLAG_TRUSTED_FIRST, | 613 | .flags = X509_V_FLAG_TRUSTED_FIRST, |
| 641 | .depth = 100, | 614 | .depth = 100, |
| 642 | .trust = 0, /* XXX This is not the default trust value */ | 615 | .trust = 0, /* XXX This is not the default trust value */ |
| 643 | .id = vpm_empty_id | ||
| 644 | }, | 616 | }, |
| 645 | { | 617 | { |
| 646 | .name = "pkcs7", | 618 | .name = "pkcs7", |
| 647 | .purpose = X509_PURPOSE_SMIME_SIGN, | 619 | .purpose = X509_PURPOSE_SMIME_SIGN, |
| 648 | .trust = X509_TRUST_EMAIL, | 620 | .trust = X509_TRUST_EMAIL, |
| 649 | .depth = -1, | 621 | .depth = -1, |
| 650 | .id = vpm_empty_id | ||
| 651 | }, | 622 | }, |
| 652 | { | 623 | { |
| 653 | .name = "smime_sign", | 624 | .name = "smime_sign", |
| 654 | .purpose = X509_PURPOSE_SMIME_SIGN, | 625 | .purpose = X509_PURPOSE_SMIME_SIGN, |
| 655 | .trust = X509_TRUST_EMAIL, | 626 | .trust = X509_TRUST_EMAIL, |
| 656 | .depth = -1, | 627 | .depth = -1, |
| 657 | .id = vpm_empty_id | ||
| 658 | }, | 628 | }, |
| 659 | { | 629 | { |
| 660 | .name = "ssl_client", | 630 | .name = "ssl_client", |
| 661 | .purpose = X509_PURPOSE_SSL_CLIENT, | 631 | .purpose = X509_PURPOSE_SSL_CLIENT, |
| 662 | .trust = X509_TRUST_SSL_CLIENT, | 632 | .trust = X509_TRUST_SSL_CLIENT, |
| 663 | .depth = -1, | 633 | .depth = -1, |
| 664 | .id = vpm_empty_id | ||
| 665 | }, | 634 | }, |
| 666 | { | 635 | { |
| 667 | .name = "ssl_server", | 636 | .name = "ssl_server", |
| 668 | .purpose = X509_PURPOSE_SSL_SERVER, | 637 | .purpose = X509_PURPOSE_SSL_SERVER, |
| 669 | .trust = X509_TRUST_SSL_SERVER, | 638 | .trust = X509_TRUST_SSL_SERVER, |
| 670 | .depth = -1, | 639 | .depth = -1, |
| 671 | .id = vpm_empty_id | ||
| 672 | } | 640 | } |
| 673 | }; | 641 | }; |
| 674 | 642 | ||