summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authortb <>2023-05-08 14:51:00 +0000
committertb <>2023-05-08 14:51:00 +0000
commit3d8c174bc6a25e6d0edc3db05de93421dbf040a6 (patch)
treedb198766581a64569c411de981a865da738988a0 /src/lib
parent9090de50493a67b1c07ff6681b3a92c3e9a2e835 (diff)
downloadopenbsd-3d8c174bc6a25e6d0edc3db05de93421dbf040a6.tar.gz
openbsd-3d8c174bc6a25e6d0edc3db05de93421dbf040a6.tar.bz2
openbsd-3d8c174bc6a25e6d0edc3db05de93421dbf040a6.zip
Rename the other_ctx in X509_STORE_CTX into trusted
The other_ctx is a strong contender for the worst name of a struct member in OpenSSL. It's a void * member whose only purpose ever was to be set to a STACK_OF(X509) * via X509_STORE_CTX_trusted_stack() (yes, this is obviously a setter, why do you ask?) and then to be used by the get_issuer() callback (which of course isn't there to find any old issuer, but only to look for issuers among the 'trusted' certs). Anyway, we may want to rename untrusted into intermediates and trusted into roots later on, but for now let's match the lovely public API. While there rename get_issuer_sk() into get_trusted_issuer() which is a more accurate and slightly less silly name. ok jsing
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libcrypto/x509/x509_local.h4
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c20
2 files changed, 12 insertions, 12 deletions
diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h
index 374cba3d58..9ce1b58ed1 100644
--- a/src/lib/libcrypto/x509/x509_local.h
+++ b/src/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_local.h,v 1.7 2023/04/28 16:30:14 tb Exp $ */ 1/* $OpenBSD: x509_local.h,v 1.8 2023/05/08 14:51:00 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2013. 3 * project 2013.
4 */ 4 */
@@ -327,10 +327,10 @@ struct x509_store_ctx_st {
327 /* The following are set by the caller */ 327 /* The following are set by the caller */
328 X509 *cert; /* The cert to check */ 328 X509 *cert; /* The cert to check */
329 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ 329 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
330 STACK_OF(X509) *trusted; /* trusted stack for use with get_issuer() */
330 STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ 331 STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */
331 332
332 X509_VERIFY_PARAM *param; 333 X509_VERIFY_PARAM *param;
333 void *other_ctx; /* Other info for use with get_issuer() */
334 334
335 /* Callbacks for various operations */ 335 /* Callbacks for various operations */
336 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ 336 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 461e1d2ef2..2410d39b86 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_vfy.c,v 1.121 2023/05/08 05:37:36 tb Exp $ */ 1/* $OpenBSD: x509_vfy.c,v 1.122 2023/05/08 14:51:00 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -144,7 +144,7 @@ static int X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time,
144 int clamp_notafter); 144 int clamp_notafter);
145 145
146static int internal_verify(X509_STORE_CTX *ctx); 146static int internal_verify(X509_STORE_CTX *ctx);
147static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); 147static int get_trusted_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
148static int check_key_level(X509_STORE_CTX *ctx, X509 *cert); 148static int check_key_level(X509_STORE_CTX *ctx, X509 *cert);
149static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err); 149static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err);
150 150
@@ -694,12 +694,12 @@ check_issued(X509_STORE_CTX *ctx, X509 *subject, X509 *issuer)
694 return X509_check_issued(issuer, subject) == X509_V_OK; 694 return X509_check_issued(issuer, subject) == X509_V_OK;
695} 695}
696 696
697/* Alternative lookup method: look from a STACK stored in other_ctx */ 697/* Alternative lookup method: look from a STACK stored in ctx->trusted */
698 698
699static int 699static int
700get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 700get_trusted_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
701{ 701{
702 *issuer = find_issuer(ctx, ctx->other_ctx, x, 1); 702 *issuer = find_issuer(ctx, ctx->trusted, x, 1);
703 if (*issuer) { 703 if (*issuer) {
704 CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); 704 CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509);
705 return 1; 705 return 1;
@@ -2434,17 +2434,17 @@ LCRYPTO_ALIAS(X509_STORE_CTX_init);
2434 */ 2434 */
2435 2435
2436void 2436void
2437X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2437X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *trusted)
2438{ 2438{
2439 ctx->other_ctx = sk; 2439 X509_STORE_CTX_set0_trusted_stack(ctx, trusted);
2440 ctx->get_issuer = get_issuer_sk;
2441} 2440}
2442LCRYPTO_ALIAS(X509_STORE_CTX_trusted_stack); 2441LCRYPTO_ALIAS(X509_STORE_CTX_trusted_stack);
2443 2442
2444void 2443void
2445X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2444X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *trusted)
2446{ 2445{
2447 X509_STORE_CTX_trusted_stack(ctx, sk); 2446 ctx->trusted = trusted;
2447 ctx->get_issuer = get_trusted_issuer;
2448} 2448}
2449LCRYPTO_ALIAS(X509_STORE_CTX_set0_trusted_stack); 2449LCRYPTO_ALIAS(X509_STORE_CTX_set0_trusted_stack);
2450 2450
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 00:53:04 +0000