summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/asn1/a_strnid.c156
-rw-r--r--src/lib/libcrypto/x509/x509_purp.c76
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c59
3 files changed, 249 insertions, 42 deletions
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
index 034c4d72c3..5d4e5ef8a0 100644
--- a/src/lib/libcrypto/asn1/a_strnid.c
+++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: a_strnid.c,v 1.25 2021/12/13 17:55:53 schwarze Exp $ */ 1/* $OpenBSD: a_strnid.c,v 1.26 2023/07/02 17:12:17 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -187,25 +187,139 @@ ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen,
187/* This table must be kept in NID order */ 187/* This table must be kept in NID order */
188 188
189static const ASN1_STRING_TABLE tbl_standard[] = { 189static const ASN1_STRING_TABLE tbl_standard[] = {
190 {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, 190 {
191 {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, 191 .nid = NID_commonName,
192 {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, 192 .minsize = 1,
193 {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, 193 .maxsize = ub_common_name,
194 {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, 194 .mask = DIRSTRING_TYPE,
195 {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0}, 195 .flags = 0,
196 {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK}, 196 },
197 {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, 197 {
198 {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, 198 .nid = NID_countryName,
199 {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, 199 .minsize = 2,
200 {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, 200 .maxsize = 2,
201 {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, 201 .mask = B_ASN1_PRINTABLESTRING,
202 {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, 202 .flags = STABLE_NO_MASK,
203 {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, 203 },
204 {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, 204 {
205 {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, 205 .nid = NID_localityName,
206 {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, 206 .minsize = 1,
207 {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, 207 .maxsize = ub_locality_name,
208 {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} 208 .mask = DIRSTRING_TYPE,
209 .flags = 0,
210 },
211 {
212 .nid = NID_stateOrProvinceName,
213 .minsize = 1,
214 .maxsize = ub_state_name,
215 .mask = DIRSTRING_TYPE,
216 .flags = 0,
217 },
218 {
219 .nid = NID_organizationName,
220 .minsize = 1,
221 .maxsize = ub_organization_name,
222 .mask = DIRSTRING_TYPE,
223 .flags = 0,
224 },
225 {
226 .nid = NID_organizationalUnitName,
227 .minsize = 1,
228 .maxsize = ub_organization_unit_name,
229 .mask = DIRSTRING_TYPE,
230 .flags = 0,
231 },
232 {
233 .nid = NID_pkcs9_emailAddress,
234 .minsize = 1,
235 .maxsize = ub_email_address,
236 .mask = B_ASN1_IA5STRING,
237 .flags = STABLE_NO_MASK,
238 },
239 {
240 .nid = NID_pkcs9_unstructuredName,
241 .minsize = 1,
242 .maxsize = -1,
243 .mask = PKCS9STRING_TYPE,
244 .flags = 0,
245 },
246 {
247 .nid = NID_pkcs9_challengePassword,
248 .minsize = 1,
249 .maxsize = -1,
250 .mask = PKCS9STRING_TYPE,
251 .flags = 0,
252 },
253 {
254 .nid = NID_pkcs9_unstructuredAddress,
255 .minsize = 1,
256 .maxsize = -1,
257 .mask = DIRSTRING_TYPE,
258 .flags = 0,
259 },
260 {
261 .nid = NID_givenName,
262 .minsize = 1,
263 .maxsize = ub_name,
264 .mask = DIRSTRING_TYPE,
265 .flags = 0,
266 },
267 {
268 .nid = NID_surname,
269 .minsize = 1,
270 .maxsize = ub_name,
271 .mask = DIRSTRING_TYPE,
272 .flags = 0,
273 },
274 {
275 .nid = NID_initials,
276 .minsize = 1,
277 .maxsize = ub_name,
278 .mask = DIRSTRING_TYPE,
279 .flags = 0,
280 },
281 {
282 .nid = NID_serialNumber,
283 .minsize = 1,
284 .maxsize = ub_serial_number,
285 .mask = B_ASN1_PRINTABLESTRING,
286 .flags = STABLE_NO_MASK,
287 },
288 {
289 .nid = NID_friendlyName,
290 .minsize = -1,
291 .maxsize = -1,
292 .mask = B_ASN1_BMPSTRING,
293 .flags = STABLE_NO_MASK,
294 },
295 {
296 .nid = NID_name,
297 .minsize = 1,
298 .maxsize = ub_name,
299 .mask = DIRSTRING_TYPE,
300 .flags = 0,
301 },
302 {
303 .nid = NID_dnQualifier,
304 .minsize = -1,
305 .maxsize = -1,
306 .mask = B_ASN1_PRINTABLESTRING,
307 .flags = STABLE_NO_MASK,
308 },
309 {
310 .nid = NID_domainComponent,
311 .minsize = 1,
312 .maxsize = -1,
313 .mask = B_ASN1_IA5STRING,
314 .flags = STABLE_NO_MASK,
315 },
316 {
317 .nid = NID_ms_csp_name,
318 .minsize = -1,
319 .maxsize = -1,
320 .mask = B_ASN1_BMPSTRING,
321 .flags = STABLE_NO_MASK,
322 },
209}; 323};
210 324
211static int 325static int
@@ -254,7 +368,7 @@ ASN1_STRING_TABLE_get(int nid)
254 return sk_ASN1_STRING_TABLE_value(stable, idx); 368 return sk_ASN1_STRING_TABLE_value(stable, idx);
255 } 369 }
256 return OBJ_bsearch_table(&fnd, tbl_standard, 370 return OBJ_bsearch_table(&fnd, tbl_standard,
257 sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE)); 371 sizeof(tbl_standard) / sizeof(tbl_standard[0]));
258} 372}
259 373
260/* 374/*
diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c
index f7bc7ea538..f2c4f1dd57 100644
--- a/src/lib/libcrypto/x509/x509_purp.c
+++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_purp.c,v 1.27 2023/06/25 13:52:27 tb Exp $ */ 1/* $OpenBSD: x509_purp.c,v 1.28 2023/07/02 17:12:17 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001. 3 * project 2001.
4 */ 4 */
@@ -99,18 +99,72 @@ static int xp_cmp(const X509_PURPOSE * const *a, const X509_PURPOSE * const *b);
99static void xptable_free(X509_PURPOSE *p); 99static void xptable_free(X509_PURPOSE *p);
100 100
101static X509_PURPOSE xstandard[] = { 101static X509_PURPOSE xstandard[] = {
102 {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL}, 102 {
103 {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL}, 103 .purpose = X509_PURPOSE_SSL_CLIENT,
104 {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, 104 .trust = X509_TRUST_SSL_CLIENT,
105 {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL}, 105 .check_purpose = check_purpose_ssl_client,
106 {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, 106 .name = "SSL client",
107 {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, 107 .sname = "sslclient",
108 {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL}, 108 },
109 {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL}, 109 {
110 {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL}, 110 .purpose = X509_PURPOSE_SSL_SERVER,
111 .trust = X509_TRUST_SSL_SERVER,
112 .check_purpose = check_purpose_ssl_server,
113 .name = "SSL server",
114 .sname = "sslserver",
115 },
116 {
117 .purpose = X509_PURPOSE_NS_SSL_SERVER,
118 .trust = X509_TRUST_SSL_SERVER,
119 .check_purpose = check_purpose_ns_ssl_server,
120 .name = "Netscape SSL server",
121 .sname = "nssslserver",
122 },
123 {
124 .purpose = X509_PURPOSE_SMIME_SIGN,
125 .trust = X509_TRUST_EMAIL,
126 .check_purpose = check_purpose_smime_sign,
127 .name = "S/MIME signing",
128 .sname = "smimesign",
129 },
130 {
131 .purpose = X509_PURPOSE_SMIME_ENCRYPT,
132 .trust = X509_TRUST_EMAIL,
133 .check_purpose = check_purpose_smime_encrypt,
134 .name = "S/MIME encryption",
135 .sname = "smimeencrypt",
136 },
137 {
138 .purpose = X509_PURPOSE_CRL_SIGN,
139 .trust = X509_TRUST_COMPAT,
140 .check_purpose = check_purpose_crl_sign,
141 .name = "CRL signing",
142 .sname = "crlsign",
143 },
144 {
145 .purpose = X509_PURPOSE_ANY,
146 .trust = X509_TRUST_DEFAULT,
147 .check_purpose = no_check,
148 .name = "Any Purpose",
149 .sname = "any",
150 },
151 {
152 .purpose = X509_PURPOSE_OCSP_HELPER,
153 .trust = X509_TRUST_COMPAT,
154 .check_purpose = ocsp_helper,
155 .name = "OCSP helper",
156 .sname = "ocsphelper",
157 },
158 {
159 .purpose = X509_PURPOSE_TIMESTAMP_SIGN,
160 .trust = X509_TRUST_TSA,
161 .check_purpose = check_purpose_timestamp_sign,
162 .name = "Time Stamp signing",
163 .sname = "timestampsign",
164 },
111}; 165};
112 166
113#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) 167#define X509_PURPOSE_COUNT (sizeof(xstandard) / sizeof(xstandard[0]))
114 168
115static STACK_OF(X509_PURPOSE) *xptable = NULL; 169static STACK_OF(X509_PURPOSE) *xptable = NULL;
116 170
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index e3265918a4..6b935f8bee 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_trs.c,v 1.31 2023/02/16 08:38:17 tb Exp $ */ 1/* $OpenBSD: x509_trs.c,v 1.32 2023/07/02 17:12:17 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -80,17 +80,56 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
80 */ 80 */
81 81
82static X509_TRUST trstandard[] = { 82static X509_TRUST trstandard[] = {
83 {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL}, 83 {
84 {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, 84 .trust = X509_TRUST_COMPAT,
85 {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, 85 .check_trust = trust_compat,
86 {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, 86 .name = "compatible",
87 {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL}, 87 },
88 {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, 88 {
89 {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}, 89 .trust = X509_TRUST_SSL_CLIENT,
90 {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL} 90 .check_trust = trust_1oidany,
91 .name = "SSL Client",
92 .arg1 = NID_client_auth,
93 },
94 {
95 .trust = X509_TRUST_SSL_SERVER,
96 .check_trust = trust_1oidany,
97 .name = "SSL Server",
98 .arg1 = NID_server_auth,
99 },
100 {
101 .trust = X509_TRUST_EMAIL,
102 .check_trust = trust_1oidany,
103 .name = "S/MIME email",
104 .arg1 = NID_email_protect,
105 },
106 {
107 .trust = X509_TRUST_OBJECT_SIGN,
108 .check_trust = trust_1oidany,
109 .name = "Object Signer",
110 .arg1 = NID_code_sign,
111 },
112 {
113 .trust = X509_TRUST_OCSP_SIGN,
114 .check_trust = trust_1oid,
115 .name = "OCSP responder",
116 .arg1 = NID_OCSP_sign,
117 },
118 {
119 .trust = X509_TRUST_OCSP_REQUEST,
120 .check_trust = trust_1oid,
121 .name = "OCSP request",
122 .arg1 = NID_ad_OCSP,
123 },
124 {
125 .trust = X509_TRUST_TSA,
126 .check_trust = trust_1oidany,
127 .name = "TSA server",
128 .arg1 = NID_time_stamp,
129 },
91}; 130};
92 131
93#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) 132#define X509_TRUST_COUNT (sizeof(trstandard) / sizeof(trstandard[0]))
94 133
95static STACK_OF(X509_TRUST) *trtable = NULL; 134static STACK_OF(X509_TRUST) *trtable = NULL;
96 135
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-24 14:07:43 +0000