1 files changed, 65 insertions, 11 deletions
diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c
index f7bc7ea538..f2c4f1dd57 100644
--- a/src/lib/libcrypto/x509/x509_purp.c
+++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.27 2023/06/25 13:52:27 tb Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.28 2023/07/02 17:12:17 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
@@ -99,18 +99,72 @@ static int xp_cmp(const X509_PURPOSE * const *a, const X509_PURPOSE * const *b);
 static void xptable_free(X509_PURPOSE *p);
 static X509_PURPOSE xstandard[] = {
-        {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
+        {
-        {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
+                .purpose = X509_PURPOSE_SSL_CLIENT,
-        {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
+                .trust = X509_TRUST_SSL_CLIENT,
-        {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
+                .check_purpose = check_purpose_ssl_client,
-        {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
+                .name = "SSL client",
-        {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
+                .sname = "sslclient",
-        {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
+        },
-        {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
+        {
-        {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL},
+                .purpose = X509_PURPOSE_SSL_SERVER,
+                .trust = X509_TRUST_SSL_SERVER,
+                .check_purpose = check_purpose_ssl_server,
+                .name = "SSL server",
+                .sname = "sslserver",
+        },
+        {
+                .purpose = X509_PURPOSE_NS_SSL_SERVER,
+                .trust = X509_TRUST_SSL_SERVER,
+                .check_purpose = check_purpose_ns_ssl_server,
+                .name = "Netscape SSL server",
+                .sname = "nssslserver",
+        },
+        {
+                .purpose = X509_PURPOSE_SMIME_SIGN,
+                .trust = X509_TRUST_EMAIL,
+                .check_purpose = check_purpose_smime_sign,
+                .name = "S/MIME signing",
+                .sname = "smimesign",
+        },
+        {
+                .purpose = X509_PURPOSE_SMIME_ENCRYPT,
+                .trust = X509_TRUST_EMAIL,
+                .check_purpose = check_purpose_smime_encrypt,
+                .name = "S/MIME encryption",
+                .sname = "smimeencrypt",
+        },
+        {
+                .purpose = X509_PURPOSE_CRL_SIGN,
+                .trust = X509_TRUST_COMPAT,
+                .check_purpose = check_purpose_crl_sign,
+                .name = "CRL signing",
+                .sname = "crlsign",
+        },
+        {
+                .purpose = X509_PURPOSE_ANY,
+                .trust = X509_TRUST_DEFAULT,
+                .check_purpose = no_check,
+                .name = "Any Purpose",
+                .sname = "any",
+        },
+        {
+                .purpose = X509_PURPOSE_OCSP_HELPER,
+                .trust = X509_TRUST_COMPAT,
+                .check_purpose = ocsp_helper,
+                .name = "OCSP helper",
+                .sname = "ocsphelper",
+        },
+        {
+                .purpose = X509_PURPOSE_TIMESTAMP_SIGN,
+                .trust = X509_TRUST_TSA,
+                .check_purpose = check_purpose_timestamp_sign,
+                .name = "Time Stamp signing",
+                .sname = "timestampsign",
+        },
 };
-#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
+#define X509_PURPOSE_COUNT (sizeof(xstandard) / sizeof(xstandard[0]))
 static STACK_OF(X509_PURPOSE) *xptable = NULL;

diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c index f7bc7ea538..f2c4f1dd57 100644 --- a/src/lib/libcrypto/x509/x509_purp.c +++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_purp.c,v 1.27 2023/06/25 13:52:27 tb Exp $ */	1	/* $OpenBSD: x509_purp.c,v 1.28 2023/07/02 17:12:17 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2001.	3	* project 2001.
4	*/	4	*/
@@ -99,18 +99,72 @@ static int xp_cmp(const X509_PURPOSE * const a, const X509_PURPOSE const *b);
99	static void xptable_free(X509_PURPOSE *p);	99	static void xptable_free(X509_PURPOSE *p);
100		100
101	static X509_PURPOSE xstandard[] = {	101	static X509_PURPOSE xstandard[] = {
102	{X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},	102	{
103	{X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},	103	.purpose = X509_PURPOSE_SSL_CLIENT,
104	{X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},	104	.trust = X509_TRUST_SSL_CLIENT,
105	{X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},	105	.check_purpose = check_purpose_ssl_client,
106	{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},	106	.name = "SSL client",
107	{X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},	107	.sname = "sslclient",
108	{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},	108	},
109	{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},	109	{
110	{X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL},	110	.purpose = X509_PURPOSE_SSL_SERVER,
		111	.trust = X509_TRUST_SSL_SERVER,
		112	.check_purpose = check_purpose_ssl_server,
		113	.name = "SSL server",
		114	.sname = "sslserver",
		115	},
		116	{
		117	.purpose = X509_PURPOSE_NS_SSL_SERVER,
		118	.trust = X509_TRUST_SSL_SERVER,
		119	.check_purpose = check_purpose_ns_ssl_server,
		120	.name = "Netscape SSL server",
		121	.sname = "nssslserver",
		122	},
		123	{
		124	.purpose = X509_PURPOSE_SMIME_SIGN,
		125	.trust = X509_TRUST_EMAIL,
		126	.check_purpose = check_purpose_smime_sign,
		127	.name = "S/MIME signing",
		128	.sname = "smimesign",
		129	},
		130	{
		131	.purpose = X509_PURPOSE_SMIME_ENCRYPT,
		132	.trust = X509_TRUST_EMAIL,
		133	.check_purpose = check_purpose_smime_encrypt,
		134	.name = "S/MIME encryption",
		135	.sname = "smimeencrypt",
		136	},
		137	{
		138	.purpose = X509_PURPOSE_CRL_SIGN,
		139	.trust = X509_TRUST_COMPAT,
		140	.check_purpose = check_purpose_crl_sign,
		141	.name = "CRL signing",
		142	.sname = "crlsign",
		143	},
		144	{
		145	.purpose = X509_PURPOSE_ANY,
		146	.trust = X509_TRUST_DEFAULT,
		147	.check_purpose = no_check,
		148	.name = "Any Purpose",
		149	.sname = "any",
		150	},
		151	{
		152	.purpose = X509_PURPOSE_OCSP_HELPER,
		153	.trust = X509_TRUST_COMPAT,
		154	.check_purpose = ocsp_helper,
		155	.name = "OCSP helper",
		156	.sname = "ocsphelper",
		157	},
		158	{
		159	.purpose = X509_PURPOSE_TIMESTAMP_SIGN,
		160	.trust = X509_TRUST_TSA,
		161	.check_purpose = check_purpose_timestamp_sign,
		162	.name = "Time Stamp signing",
		163	.sname = "timestampsign",
		164	},
111	};	165	};
112		166
113	#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))	167	#define X509_PURPOSE_COUNT (sizeof(xstandard) / sizeof(xstandard[0]))
114		168
115	static STACK_OF(X509_PURPOSE) *xptable = NULL;	169	static STACK_OF(X509_PURPOSE) *xptable = NULL;
116		170