diff options
| author | tb <> | 2022-01-05 20:18:19 +0000 |
|---|---|---|
| committer | tb <> | 2022-01-05 20:18:19 +0000 |
| commit | 5a7fbd7859d7bab801f5daf68d5523fc85311d17 (patch) | |
| tree | e3e44efe96b9e6d31a69092cc99689058e176a34 /src/lib | |
| parent | 8e86fda5b355f0007c80946d75f2a8cf2a109400 (diff) | |
| download | openbsd-5a7fbd7859d7bab801f5daf68d5523fc85311d17.tar.gz openbsd-5a7fbd7859d7bab801f5daf68d5523fc85311d17.tar.bz2 openbsd-5a7fbd7859d7bab801f5daf68d5523fc85311d17.zip | |
Prepare to provide X509_{set,get}_verify() and X509_STORE_get_verify_cb()
as well as the X509_STORE_CTX_verify_cb and X509_STORE_CTX_verify_fn types
This will fix the X509_STORE_set_verify_func macro which is currently
broken, as pointed out by schwarze.
ok inoguchi jsing
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_lu.c | 25 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.h | 19 |
2 files changed, 37 insertions, 7 deletions
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c index ca96edf221..9400aec320 100644 --- a/src/lib/libcrypto/x509/x509_lu.c +++ b/src/lib/libcrypto/x509/x509_lu.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_lu.c,v 1.53 2021/11/19 07:49:27 schwarze Exp $ */ | 1 | /* $OpenBSD: x509_lu.c,v 1.54 2022/01/05 20:18:19 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -821,8 +821,25 @@ X509_STORE_get0_param(X509_STORE *ctx) | |||
| 821 | } | 821 | } |
| 822 | 822 | ||
| 823 | void | 823 | void |
| 824 | X509_STORE_set_verify_cb(X509_STORE *ctx, | 824 | X509_STORE_set_verify(X509_STORE *store, X509_STORE_CTX_verify_fn verify) |
| 825 | int (*verify_cb)(int, X509_STORE_CTX *)) | ||
| 826 | { | 825 | { |
| 827 | ctx->verify_cb = verify_cb; | 826 | store->verify = verify; |
| 827 | } | ||
| 828 | |||
| 829 | X509_STORE_CTX_verify_fn | ||
| 830 | X509_STORE_get_verify(X509_STORE *store) | ||
| 831 | { | ||
| 832 | return store->verify; | ||
| 833 | } | ||
| 834 | |||
| 835 | void | ||
| 836 | X509_STORE_set_verify_cb(X509_STORE *store, X509_STORE_CTX_verify_cb verify_cb) | ||
| 837 | { | ||
| 838 | store->verify_cb = verify_cb; | ||
| 839 | } | ||
| 840 | |||
| 841 | X509_STORE_CTX_verify_cb | ||
| 842 | X509_STORE_get_verify_cb(X509_STORE *store) | ||
| 843 | { | ||
| 844 | return store->verify_cb; | ||
| 828 | } | 845 | } |
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h index 34fb913350..a02ef94e2b 100644 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ b/src/lib/libcrypto/x509/x509_vfy.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.h,v 1.47 2021/11/19 16:35:10 schwarze Exp $ */ | 1 | /* $OpenBSD: x509_vfy.h,v 1.48 2022/01/05 20:18:19 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -297,6 +297,12 @@ int X509_STORE_set_trust(X509_STORE *ctx, int trust); | |||
| 297 | int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); | 297 | int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); |
| 298 | X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); | 298 | X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); |
| 299 | 299 | ||
| 300 | #if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_CRYPTO_INTERNAL) | ||
| 301 | typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); | ||
| 302 | |||
| 303 | X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *); | ||
| 304 | #endif | ||
| 305 | |||
| 300 | void X509_STORE_set_verify_cb(X509_STORE *ctx, | 306 | void X509_STORE_set_verify_cb(X509_STORE *ctx, |
| 301 | int (*verify_cb)(int, X509_STORE_CTX *)); | 307 | int (*verify_cb)(int, X509_STORE_CTX *)); |
| 302 | #define X509_STORE_set_verify_cb_func(ctx, func) \ | 308 | #define X509_STORE_set_verify_cb_func(ctx, func) \ |
| @@ -388,12 +394,19 @@ void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) | |||
| 388 | int (*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))(X509_STORE_CTX *); | 394 | int (*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))(X509_STORE_CTX *); |
| 389 | void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, | 395 | void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, |
| 390 | int (*verify)(X509_STORE_CTX *)); | 396 | int (*verify)(X509_STORE_CTX *)); |
| 391 | #define X509_STORE_set_verify_func(ctx, func) \ | ||
| 392 | X509_STORE_set_verify((ctx), (func)) | ||
| 393 | int (*X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx))(int, X509_STORE_CTX *); | 397 | int (*X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx))(int, X509_STORE_CTX *); |
| 394 | void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, | 398 | void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, |
| 395 | int (*verify_cb)(int, X509_STORE_CTX *)); | 399 | int (*verify_cb)(int, X509_STORE_CTX *)); |
| 396 | 400 | ||
| 401 | #if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_CRYPTO_INTERNAL) | ||
| 402 | typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); | ||
| 403 | |||
| 404 | void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); | ||
| 405 | X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); | ||
| 406 | #endif | ||
| 407 | #define X509_STORE_set_verify_func(ctx, func) \ | ||
| 408 | X509_STORE_set_verify((ctx), (func)) | ||
| 409 | |||
| 397 | X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); | 410 | X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); |
| 398 | int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); | 411 | int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); |
| 399 | int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); | 412 | int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); |