1 files changed, 3 insertions, 159 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index 61ea11b71a..133ffda337 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.45 2021/11/01 08:14:36 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.46 2021/11/01 20:53:08 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -100,173 +100,17 @@ typedef enum {
        X509_LU_CRL,
 } X509_LOOKUP_TYPE;
-#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
-typedef struct x509_object_st {
-        /* one of the above types */
-        int type;
-        union {
-                char *ptr;
-                X509 *x509;
-                X509_CRL *crl;
-                EVP_PKEY *pkey;
-        } data;
-} X509_OBJECT;
-#else
-typedef struct x509_object_st X509_OBJECT;
-#endif
-typedef struct x509_lookup_st X509_LOOKUP;
 DECLARE_STACK_OF(X509_LOOKUP)
 DECLARE_STACK_OF(X509_OBJECT)
+DECLARE_STACK_OF(X509_VERIFY_PARAM)
-#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
+/* unused in OpenSSL */
-/* This is a static that defines the function interface */
-typedef struct x509_lookup_method_st {
-        const char *name;
-        int (*new_item)(X509_LOOKUP *ctx);
-        void (*free)(X509_LOOKUP *ctx);
-        int (*init)(X509_LOOKUP *ctx);
-        int (*shutdown)(X509_LOOKUP *ctx);
-        int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
-            char **ret);
-        int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name,
-            X509_OBJECT *ret);
-        int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name,
-            ASN1_INTEGER *serial,X509_OBJECT *ret);
-        int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type,
-            const unsigned char *bytes, int len, X509_OBJECT *ret);
-        int (*get_by_alias)(X509_LOOKUP *ctx, int type, const char *str,
-            int len, X509_OBJECT *ret);
-} X509_LOOKUP_METHOD;
 typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
-/* This structure hold all parameters associated with a verify operation
- * by including an X509_VERIFY_PARAM structure in related structures the
- * parameters used can be customized
- */
-typedef struct X509_VERIFY_PARAM_st {
-        char *name;
-        time_t check_time;      /* Time to use */
-        unsigned long inh_flags; /* Inheritance flags */
-        unsigned long flags;    /* Various verify flags */
-        int purpose;            /* purpose to check untrusted certificates */
-        int trust;              /* trust setting to check */
-        int depth;              /* Verify depth */
-        STACK_OF(ASN1_OBJECT) *policies;        /* Permissible policies */
-        X509_VERIFY_PARAM_ID *id;       /* opaque ID data */
-} X509_VERIFY_PARAM;
-#else
-typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
-typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
-#endif
-DECLARE_STACK_OF(X509_VERIFY_PARAM)
-#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
-/*
- * This is used to hold everything.  It is used for all certificate
- * validation.  Once we have a certificate chain, the 'verify'
- * function is then called to actually check the cert chain.
- */
-struct x509_store_st {
-        /* The following is a cache of trusted certs */
-        int cache;      /* if true, stash any hits */
-        STACK_OF(X509_OBJECT) *objs;    /* Cache of all objects */
-        /* These are external lookup methods */
-        STACK_OF(X509_LOOKUP) *get_cert_methods;
-        X509_VERIFY_PARAM *param;
-        /* Callbacks for various operations */
-        int (*verify)(X509_STORE_CTX *ctx);     /* called to verify a certificate */
-        int (*verify_cb)(int ok,X509_STORE_CTX *ctx);   /* error callback */
-        int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
-        int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-        int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-        int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
-        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
-        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-        STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
-        STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
-        int (*cleanup)(X509_STORE_CTX *ctx);
-        CRYPTO_EX_DATA ex_data;
-        int references;
-} /* X509_STORE */;
-#endif
 int X509_STORE_set_depth(X509_STORE *store, int depth);
-#if defined(LIBRESSL_CRYPTO_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
-/* This is the functions plus an instance of the local variables. */
-struct x509_lookup_st {
-        int init;                       /* have we been started */
-        int skip;                       /* don't use us. */
-        X509_LOOKUP_METHOD *method;     /* the functions */
-        char *method_data;              /* method data */
-        X509_STORE *store_ctx;  /* who owns us */
-} /* X509_LOOKUP */;
-/*
- * This is used when verifying cert chains.  Since the gathering of the cert
- * chain can take some time (and has to be 'retried'), this needs to be kept
- * and passed around.
- */
-struct x509_store_ctx_st {
-        X509_STORE *ctx;
-        int current_method;     /* used when looking up certs */
-        /* The following are set by the caller */
-        X509 *cert;             /* The cert to check */
-        STACK_OF(X509) *untrusted;      /* chain of X509s - untrusted - passed in */
-        STACK_OF(X509_CRL) *crls;       /* set of CRLs passed in */
-        X509_VERIFY_PARAM *param;
-        void *other_ctx;        /* Other info for use with get_issuer() */
-        /* Callbacks for various operations */
-        int (*verify)(X509_STORE_CTX *ctx);     /* called to verify a certificate */
-        int (*verify_cb)(int ok,X509_STORE_CTX *ctx);           /* error callback */
-        int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
-        int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-        int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-        int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
-        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
-        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-        int (*check_policy)(X509_STORE_CTX *ctx);
-        STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
-        STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
-        int (*cleanup)(X509_STORE_CTX *ctx);
-        /* The following is built up */
-        int valid;              /* if 0, rebuild chain */
-        int last_untrusted;     /* XXX: number of untrusted certs in chain!!! */
-        STACK_OF(X509) *chain;          /* chain of X509s - built up and trusted */
-        X509_POLICY_TREE *tree; /* Valid policy tree */
-        int explicit_policy;    /* Require explicit policy value */
-        /* When something goes wrong, this is why */
-        int error_depth;
-        int error;
-        X509 *current_cert;
-        X509 *current_issuer;   /* cert currently being tested as valid issuer */
-        X509_CRL *current_crl;  /* current CRL */
-        int current_crl_score;  /* score of current CRL */
-        unsigned int current_reasons;  /* Reason mask */
-        X509_STORE_CTX *parent; /* For CRL path validation: parent context */
-        CRYPTO_EX_DATA ex_data;
-} /* X509_STORE_CTX */;
-#endif
 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define X509_STORE_CTX_set_app_data(ctx,data) \

diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h index 61ea11b71a..133ffda337 100644 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.h,v 1.45 2021/11/01 08:14:36 tb Exp $ */	1	/* $OpenBSD: x509_vfy.h,v 1.46 2021/11/01 20:53:08 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -100,173 +100,17 @@ typedef enum {
100	X509_LU_CRL,	100	X509_LU_CRL,
101	} X509_LOOKUP_TYPE;	101	} X509_LOOKUP_TYPE;
102		102
103	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| !defined(LIBRESSL_OPAQUE_X509)
104	typedef struct x509_object_st {
105	/* one of the above types */
106	int type;
107	union {
108	char *ptr;
109	X509 *x509;
110	X509_CRL *crl;
111	EVP_PKEY *pkey;
112	} data;
113	} X509_OBJECT;
114	#else
115	typedef struct x509_object_st X509_OBJECT;
116	#endif
117
118	typedef struct x509_lookup_st X509_LOOKUP;
119		103
120	DECLARE_STACK_OF(X509_LOOKUP)	104	DECLARE_STACK_OF(X509_LOOKUP)
121	DECLARE_STACK_OF(X509_OBJECT)	105	DECLARE_STACK_OF(X509_OBJECT)
		106	DECLARE_STACK_OF(X509_VERIFY_PARAM)
122		107
123	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| !defined(LIBRESSL_OPAQUE_X509)	108	/* unused in OpenSSL */
124	/* This is a static that defines the function interface */
125	typedef struct x509_lookup_method_st {
126	const char *name;
127	int (new_item)(X509_LOOKUP ctx);
128	void (free)(X509_LOOKUP ctx);
129	int (init)(X509_LOOKUP ctx);
130	int (shutdown)(X509_LOOKUP ctx);
131	int (ctrl)(X509_LOOKUP ctx, int cmd, const char *argc, long argl,
132	char **ret);
133	int (get_by_subject)(X509_LOOKUP ctx, int type, X509_NAME *name,
134	X509_OBJECT *ret);
135	int (get_by_issuer_serial)(X509_LOOKUP ctx, int type, X509_NAME *name,
136	ASN1_INTEGER serial,X509_OBJECT ret);
137	int (get_by_fingerprint)(X509_LOOKUP ctx, int type,
138	const unsigned char bytes, int len, X509_OBJECT ret);
139	int (get_by_alias)(X509_LOOKUP ctx, int type, const char *str,
140	int len, X509_OBJECT *ret);
141	} X509_LOOKUP_METHOD;
142
143	typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;	109	typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
144		110
145	/* This structure hold all parameters associated with a verify operation
146	* by including an X509_VERIFY_PARAM structure in related structures the
147	* parameters used can be customized
148	*/
149
150	typedef struct X509_VERIFY_PARAM_st {
151	char *name;
152	time_t check_time; /* Time to use */
153	unsigned long inh_flags; /* Inheritance flags */
154	unsigned long flags; /* Various verify flags */
155	int purpose; /* purpose to check untrusted certificates */
156	int trust; /* trust setting to check */
157	int depth; /* Verify depth */
158	STACK_OF(ASN1_OBJECT) policies; / Permissible policies */
159	X509_VERIFY_PARAM_ID id; / opaque ID data */
160	} X509_VERIFY_PARAM;
161	#else
162	typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
163	typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
164	#endif
165
166	DECLARE_STACK_OF(X509_VERIFY_PARAM)
167
168	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| !defined(LIBRESSL_OPAQUE_X509)
169	/*
170	* This is used to hold everything. It is used for all certificate
171	* validation. Once we have a certificate chain, the 'verify'
172	* function is then called to actually check the cert chain.
173	*/
174	struct x509_store_st {
175	/* The following is a cache of trusted certs */
176	int cache; /* if true, stash any hits */
177	STACK_OF(X509_OBJECT) objs; / Cache of all objects */
178
179	/* These are external lookup methods */
180	STACK_OF(X509_LOOKUP) *get_cert_methods;
181
182	X509_VERIFY_PARAM *param;
183
184	/* Callbacks for various operations */
185	int (verify)(X509_STORE_CTX ctx); /* called to verify a certificate */
186	int (verify_cb)(int ok,X509_STORE_CTX ctx); /* error callback */
187	int (get_issuer)(X509 issuer, X509_STORE_CTX ctx, X509 x); / get issuers cert from ctx */
188	int (check_issued)(X509_STORE_CTX ctx, X509 x, X509 issuer); /* check issued */
189	int (check_revocation)(X509_STORE_CTX ctx); /* Check revocation status of chain */
190	int (get_crl)(X509_STORE_CTX ctx, X509_CRL *crl, X509 x); /* retrieve CRL */
191	int (check_crl)(X509_STORE_CTX ctx, X509_CRL crl); / Check CRL validity */
192	int (cert_crl)(X509_STORE_CTX ctx, X509_CRL crl, X509 x); /* Check certificate against CRL */
193	STACK_OF(X509) * (lookup_certs)(X509_STORE_CTX ctx, X509_NAME *nm);
194	STACK_OF(X509_CRL) * (lookup_crls)(X509_STORE_CTX ctx, X509_NAME *nm);
195	int (cleanup)(X509_STORE_CTX ctx);
196
197	CRYPTO_EX_DATA ex_data;
198	int references;
199	} /* X509_STORE */;
200	#endif
201		111
202	int X509_STORE_set_depth(X509_STORE *store, int depth);	112	int X509_STORE_set_depth(X509_STORE *store, int depth);
203		113
204	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| !defined(LIBRESSL_OPAQUE_X509)
205	/* This is the functions plus an instance of the local variables. */
206	struct x509_lookup_st {
207	int init; /* have we been started */
208	int skip; /* don't use us. */
209	X509_LOOKUP_METHOD method; / the functions */
210	char method_data; / method data */
211
212	X509_STORE store_ctx; / who owns us */
213	} /* X509_LOOKUP */;
214
215	/*
216	* This is used when verifying cert chains. Since the gathering of the cert
217	* chain can take some time (and has to be 'retried'), this needs to be kept
218	* and passed around.
219	*/
220	struct x509_store_ctx_st {
221	X509_STORE *ctx;
222	int current_method; /* used when looking up certs */
223
224	/* The following are set by the caller */
225	X509 cert; / The cert to check */
226	STACK_OF(X509) untrusted; / chain of X509s - untrusted - passed in */
227	STACK_OF(X509_CRL) crls; / set of CRLs passed in */
228
229	X509_VERIFY_PARAM *param;
230	void other_ctx; / Other info for use with get_issuer() */
231
232	/* Callbacks for various operations */
233	int (verify)(X509_STORE_CTX ctx); /* called to verify a certificate */
234	int (verify_cb)(int ok,X509_STORE_CTX ctx); /* error callback */
235	int (get_issuer)(X509 issuer, X509_STORE_CTX ctx, X509 x); / get issuers cert from ctx */
236	int (check_issued)(X509_STORE_CTX ctx, X509 x, X509 issuer); /* check issued */
237	int (check_revocation)(X509_STORE_CTX ctx); /* Check revocation status of chain */
238	int (get_crl)(X509_STORE_CTX ctx, X509_CRL *crl, X509 x); /* retrieve CRL */
239	int (check_crl)(X509_STORE_CTX ctx, X509_CRL crl); / Check CRL validity */
240	int (cert_crl)(X509_STORE_CTX ctx, X509_CRL crl, X509 x); /* Check certificate against CRL */
241	int (check_policy)(X509_STORE_CTX ctx);
242	STACK_OF(X509) * (lookup_certs)(X509_STORE_CTX ctx, X509_NAME *nm);
243	STACK_OF(X509_CRL) * (lookup_crls)(X509_STORE_CTX ctx, X509_NAME *nm);
244	int (cleanup)(X509_STORE_CTX ctx);
245
246	/* The following is built up */
247	int valid; /* if 0, rebuild chain */
248	int last_untrusted; /* XXX: number of untrusted certs in chain!!! */
249	STACK_OF(X509) chain; / chain of X509s - built up and trusted */
250	X509_POLICY_TREE tree; / Valid policy tree */
251
252	int explicit_policy; /* Require explicit policy value */
253
254	/* When something goes wrong, this is why */
255	int error_depth;
256	int error;
257	X509 *current_cert;
258	X509 current_issuer; / cert currently being tested as valid issuer */
259	X509_CRL current_crl; / current CRL */
260
261	int current_crl_score; /* score of current CRL */
262	unsigned int current_reasons; /* Reason mask */
263
264	X509_STORE_CTX parent; / For CRL path validation: parent context */
265
266	CRYPTO_EX_DATA ex_data;
267	} /* X509_STORE_CTX */;
268	#endif
269
270	void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);	114	void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
271		115
272	#define X509_STORE_CTX_set_app_data(ctx,data) \	116	#define X509_STORE_CTX_set_app_data(ctx,data) \