summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
authorbeck <>2000-04-15 06:18:51 +0000
committerbeck <>2000-04-15 06:18:51 +0000
commitb608c7f2b175e121f2c22d53341a317153afdc8e (patch)
treee94b160b3fcd8180df79e4251d68d24d665f0195 /src/lib/libcrypto/x509
parentc8d6701c396cebdcd0d45eac73b762e9498f6b01 (diff)
downloadopenbsd-b608c7f2b175e121f2c22d53341a317153afdc8e.tar.gz
openbsd-b608c7f2b175e121f2c22d53341a317153afdc8e.tar.bz2
openbsd-b608c7f2b175e121f2c22d53341a317153afdc8e.zip
OpenSSL 0.9.5a merge
Diffstat (limited to 'src/lib/libcrypto/x509')
-rw-r--r--src/lib/libcrypto/x509/x509.h4
-rw-r--r--src/lib/libcrypto/x509/x509_err.c3
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c17
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c22
-rw-r--r--src/lib/libcrypto/x509/x509name.c2
5 files changed, 31 insertions, 17 deletions
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index d3336d9ceb..0192272e7c 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -284,7 +284,9 @@ DECLARE_STACK_OF(X509_TRUST)
284 284
285/* standard trust ids */ 285/* standard trust ids */
286 286
287#define X509_TRUST_ANY 1 287#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */
288
289#define X509_TRUST_COMPAT 1
288#define X509_TRUST_SSL_CLIENT 2 290#define X509_TRUST_SSL_CLIENT 2
289#define X509_TRUST_SSL_SERVER 3 291#define X509_TRUST_SSL_SERVER 3
290#define X509_TRUST_EMAIL 4 292#define X509_TRUST_EMAIL 4
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
index fdedbdac34..848add56e9 100644
--- a/src/lib/libcrypto/x509/x509_err.c
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -54,7 +54,8 @@
54 */ 54 */
55 55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes 56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file. 57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
58 */ 59 */
59 60
60#include <stdio.h> 61#include <stdio.h>
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index 9f7d67952d..c779aaf94d 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -65,7 +65,7 @@ static int tr_cmp(X509_TRUST **a, X509_TRUST **b);
65static void trtable_free(X509_TRUST *p); 65static void trtable_free(X509_TRUST *p);
66 66
67static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); 67static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
68static int trust_any(X509_TRUST *trust, X509 *x, int flags); 68static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
69 69
70static int obj_trust(int id, X509 *x, int flags); 70static int obj_trust(int id, X509 *x, int flags);
71static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; 71static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
@@ -76,7 +76,7 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
76 */ 76 */
77 77
78static X509_TRUST trstandard[] = { 78static X509_TRUST trstandard[] = {
79{X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL}, 79{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
80{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, 80{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
81{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL}, 81{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL},
82{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, 82{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
@@ -107,8 +107,8 @@ int X509_check_trust(X509 *x, int id, int flags)
107 X509_TRUST *pt; 107 X509_TRUST *pt;
108 int idx; 108 int idx;
109 if(id == -1) return 1; 109 if(id == -1) return 1;
110 if(!(idx = X509_TRUST_get_by_id(id))) 110 idx = X509_TRUST_get_by_id(id);
111 return default_trust(id, x, flags); 111 if(idx == -1) return default_trust(id, x, flags);
112 pt = X509_TRUST_get0(idx); 112 pt = X509_TRUST_get0(idx);
113 return pt->check_trust(pt, x, flags); 113 return pt->check_trust(pt, x, flags);
114} 114}
@@ -230,6 +230,11 @@ static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
230 /* we don't have any trust settings: for compatibility 230 /* we don't have any trust settings: for compatibility
231 * we return trusted if it is self signed 231 * we return trusted if it is self signed
232 */ 232 */
233 return trust_compat(trust, x, flags);
234}
235
236static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
237{
233 X509_check_purpose(x, -1, 0); 238 X509_check_purpose(x, -1, 0);
234 if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; 239 if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
235 else return X509_TRUST_UNTRUSTED; 240 else return X509_TRUST_UNTRUSTED;
@@ -257,7 +262,3 @@ static int obj_trust(int id, X509 *x, int flags)
257 return X509_TRUST_UNTRUSTED; 262 return X509_TRUST_UNTRUSTED;
258} 263}
259 264
260static int trust_any(X509_TRUST *trust, X509 *x, int flags)
261{
262 return X509_TRUST_TRUSTED;
263}
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 4fdff54124..3ddb2303d3 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -436,11 +436,14 @@ static int internal_verify(X509_STORE_CTX *ctx)
436 } 436 }
437 if (X509_verify(xs,pkey) <= 0) 437 if (X509_verify(xs,pkey) <= 0)
438 { 438 {
439 EVP_PKEY_free(pkey);
440 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; 439 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
441 ctx->current_cert=xs; 440 ctx->current_cert=xs;
442 ok=(*cb)(0,ctx); 441 ok=(*cb)(0,ctx);
443 if (!ok) goto end; 442 if (!ok)
443 {
444 EVP_PKEY_free(pkey);
445 goto end;
446 }
444 } 447 }
445 EVP_PKEY_free(pkey); 448 EVP_PKEY_free(pkey);
446 pkey=NULL; 449 pkey=NULL;
@@ -768,18 +771,25 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
768 if(!purpose) purpose = def_purpose; 771 if(!purpose) purpose = def_purpose;
769 /* If we have a purpose then check it is valid */ 772 /* If we have a purpose then check it is valid */
770 if(purpose) { 773 if(purpose) {
774 X509_PURPOSE *ptmp;
771 idx = X509_PURPOSE_get_by_id(purpose); 775 idx = X509_PURPOSE_get_by_id(purpose);
772 if(idx == -1) { 776 if(idx == -1) {
773 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 777 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
774 X509_R_UNKNOWN_PURPOSE_ID); 778 X509_R_UNKNOWN_PURPOSE_ID);
775 return 0; 779 return 0;
776 } 780 }
777 /* If trust not set then get from purpose default */ 781 ptmp = X509_PURPOSE_get0(idx);
778 if(!trust) { 782 if(ptmp->trust == X509_TRUST_DEFAULT) {
779 X509_PURPOSE *ptmp; 783 idx = X509_PURPOSE_get_by_id(def_purpose);
784 if(idx == -1) {
785 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
786 X509_R_UNKNOWN_PURPOSE_ID);
787 return 0;
788 }
780 ptmp = X509_PURPOSE_get0(idx); 789 ptmp = X509_PURPOSE_get0(idx);
781 trust = ptmp->trust;
782 } 790 }
791 /* If trust not set then get from purpose default */
792 if(!trust) trust = ptmp->trust;
783 } 793 }
784 if(trust) { 794 if(trust) {
785 idx = X509_TRUST_get_by_id(trust); 795 idx = X509_TRUST_get_by_id(trust);
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
index cf2382d42c..4c20e03ece 100644
--- a/src/lib/libcrypto/x509/x509name.c
+++ b/src/lib/libcrypto/x509/x509name.c
@@ -352,7 +352,7 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
352 int i; 352 int i;
353 353
354 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0); 354 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
355 if(type & MBSTRING_FLAG) 355 if((type > 0) && (type & MBSTRING_FLAG))
356 return ASN1_STRING_set_by_NID(&ne->value, bytes, 356 return ASN1_STRING_set_by_NID(&ne->value, bytes,
357 len, type, 357 len, type,
358 OBJ_obj2nid(ne->object)) ? 1 : 0; 358 OBJ_obj2nid(ne->object)) ? 1 : 0;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-11 01:43:35 +0000