summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/x509/by_dir.c4
-rw-r--r--src/lib/libcrypto/x509/by_file.c4
-rw-r--r--src/lib/libcrypto/x509/by_mem.c4
-rw-r--r--src/lib/libcrypto/x509/x509.h22
-rw-r--r--src/lib/libcrypto/x509/x509_addr.c4
-rw-r--r--src/lib/libcrypto/x509/x509_akey.c4
-rw-r--r--src/lib/libcrypto/x509/x509_alt.c4
-rw-r--r--src/lib/libcrypto/x509/x509_asid.c4
-rw-r--r--src/lib/libcrypto/x509/x509_att.c4
-rw-r--r--src/lib/libcrypto/x509/x509_bcons.c4
-rw-r--r--src/lib/libcrypto/x509/x509_bitst.c4
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c4
-rw-r--r--src/lib/libcrypto/x509/x509_conf.c9
-rw-r--r--src/lib/libcrypto/x509/x509_cpols.c4
-rw-r--r--src/lib/libcrypto/x509/x509_crld.c4
-rw-r--r--src/lib/libcrypto/x509/x509_extku.c4
-rw-r--r--src/lib/libcrypto/x509/x509_genn.c4
-rw-r--r--src/lib/libcrypto/x509/x509_ia5.c5
-rw-r--r--src/lib/libcrypto/x509/x509_info.c5
-rw-r--r--src/lib/libcrypto/x509/x509_lib.c4
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c4
-rw-r--r--src/lib/libcrypto/x509/x509_ncons.c4
-rw-r--r--src/lib/libcrypto/x509/x509_ocsp.c4
-rw-r--r--src/lib/libcrypto/x509/x509_pcons.c4
-rw-r--r--src/lib/libcrypto/x509/x509_pmaps.c4
-rw-r--r--src/lib/libcrypto/x509/x509_policy.c6
-rw-r--r--src/lib/libcrypto/x509/x509_prn.c7
-rw-r--r--src/lib/libcrypto/x509/x509_purp.c3
-rw-r--r--src/lib/libcrypto/x509/x509_r2x.c4
-rw-r--r--src/lib/libcrypto/x509/x509_req.c4
-rw-r--r--src/lib/libcrypto/x509/x509_skey.c4
-rw-r--r--src/lib/libcrypto/x509/x509_utl.c4
-rw-r--r--src/lib/libcrypto/x509/x509_v3.c4
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c4
-rw-r--r--src/lib/libcrypto/x509/x509_vpm.c63
-rw-r--r--src/lib/libcrypto/x509/x509name.c4
-rw-r--r--src/lib/libcrypto/x509/x509spki.c5
-rw-r--r--src/lib/libcrypto/x509/x_all.c8
38 files changed, 122 insertions, 123 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 2b2733a04b..9b239c1e9d 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: by_dir.c,v 1.48 2024/08/31 10:19:17 tb Exp $ */ 1/* $OpenBSD: by_dir.c,v 1.49 2025/05/10 05:54:39 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -64,9 +64,9 @@
64 64
65#include <openssl/opensslconf.h> 65#include <openssl/opensslconf.h>
66 66
67#include <openssl/err.h>
68#include <openssl/x509.h> 67#include <openssl/x509.h>
69 68
69#include "err_local.h"
70#include "x509_local.h" 70#include "x509_local.h"
71 71
72typedef struct lookup_dir_hashes_st { 72typedef struct lookup_dir_hashes_st {
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
index 9b0fd2542c..86d4cd6b60 100644
--- a/src/lib/libcrypto/x509/by_file.c
+++ b/src/lib/libcrypto/x509/by_file.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: by_file.c,v 1.31 2024/08/31 10:19:17 tb Exp $ */ 1/* $OpenBSD: by_file.c,v 1.32 2025/05/10 05:54:39 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -62,10 +62,10 @@
62#include <unistd.h> 62#include <unistd.h>
63 63
64#include <openssl/buffer.h> 64#include <openssl/buffer.h>
65#include <openssl/err.h>
66#include <openssl/pem.h> 65#include <openssl/pem.h>
67#include <openssl/x509.h> 66#include <openssl/x509.h>
68 67
68#include "err_local.h"
69#include "x509_local.h" 69#include "x509_local.h"
70 70
71static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, 71static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
diff --git a/src/lib/libcrypto/x509/by_mem.c b/src/lib/libcrypto/x509/by_mem.c
index 71afefa8a4..66093dd445 100644
--- a/src/lib/libcrypto/x509/by_mem.c
+++ b/src/lib/libcrypto/x509/by_mem.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: by_mem.c,v 1.10 2024/08/31 10:19:17 tb Exp $ */ 1/* $OpenBSD: by_mem.c,v 1.11 2025/05/10 05:54:39 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -63,11 +63,11 @@
63#include <unistd.h> 63#include <unistd.h>
64 64
65#include <openssl/buffer.h> 65#include <openssl/buffer.h>
66#include <openssl/err.h>
67#include <openssl/pem.h> 66#include <openssl/pem.h>
68#include <openssl/lhash.h> 67#include <openssl/lhash.h>
69#include <openssl/x509.h> 68#include <openssl/x509.h>
70 69
70#include "err_local.h"
71#include "x509_local.h" 71#include "x509_local.h"
72 72
73static int by_mem_ctrl(X509_LOOKUP *, int, const char *, long, char **); 73static int by_mem_ctrl(X509_LOOKUP *, int, const char *, long, char **);
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index a198b23202..729a06d0ed 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.h,v 1.121 2025/03/09 15:17:22 tb Exp $ */ 1/* $OpenBSD: x509.h,v 1.123 2025/07/16 15:59:26 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -178,6 +178,7 @@ DECLARE_STACK_OF(X509)
178#define X509_FLAG_NO_SIGDUMP (1L << 9) 178#define X509_FLAG_NO_SIGDUMP (1L << 9)
179#define X509_FLAG_NO_AUX (1L << 10) 179#define X509_FLAG_NO_AUX (1L << 10)
180#define X509_FLAG_NO_ATTRIBUTES (1L << 11) 180#define X509_FLAG_NO_ATTRIBUTES (1L << 11)
181#define X509_FLAG_NO_IDS (1L << 12)
181 182
182/* Flags specific to X509_NAME_print_ex() */ 183/* Flags specific to X509_NAME_print_ex() */
183 184
@@ -244,23 +245,7 @@ typedef struct X509_crl_info_st X509_CRL_INFO;
244DECLARE_STACK_OF(X509_CRL) 245DECLARE_STACK_OF(X509_CRL)
245 246
246typedef struct private_key_st { 247typedef struct private_key_st {
247 int version;
248 /* The PKCS#8 data types */
249 X509_ALGOR *enc_algor;
250 ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
251
252 /* When decrypted, the following will not be NULL */
253 EVP_PKEY *dec_pkey; 248 EVP_PKEY *dec_pkey;
254
255 /* used to encrypt and decrypt */
256 int key_length;
257 char *key_data;
258 int key_free; /* true if we should auto free key_data */
259
260 /* expanded version of 'enc_algor' */
261 EVP_CIPHER_INFO cipher;
262
263 int references;
264} X509_PKEY; 249} X509_PKEY;
265 250
266#ifndef OPENSSL_NO_EVP 251#ifndef OPENSSL_NO_EVP
@@ -646,9 +631,6 @@ int X509_CRL_get0_by_serial(X509_CRL *crl,
646 X509_REVOKED **ret, ASN1_INTEGER *serial); 631 X509_REVOKED **ret, ASN1_INTEGER *serial);
647int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); 632int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
648 633
649X509_PKEY * X509_PKEY_new(void );
650void X509_PKEY_free(X509_PKEY *a);
651
652NETSCAPE_SPKI *NETSCAPE_SPKI_new(void); 634NETSCAPE_SPKI *NETSCAPE_SPKI_new(void);
653void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a); 635void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a);
654NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, const unsigned char **in, long len); 636NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, const unsigned char **in, long len);
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index 2208cc434e..b4ee92a14b 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_addr.c,v 1.93 2024/07/13 15:08:58 tb Exp $ */ 1/* $OpenBSD: x509_addr.c,v 1.94 2025/05/10 05:54:39 tb Exp $ */
2/* 2/*
3 * Contributed to the OpenSSL Project by the American Registry for 3 * Contributed to the OpenSSL Project by the American Registry for
4 * Internet Numbers ("ARIN"). 4 * Internet Numbers ("ARIN").
@@ -69,12 +69,12 @@
69#include <openssl/asn1t.h> 69#include <openssl/asn1t.h>
70#include <openssl/buffer.h> 70#include <openssl/buffer.h>
71#include <openssl/conf.h> 71#include <openssl/conf.h>
72#include <openssl/err.h>
73#include <openssl/x509.h> 72#include <openssl/x509.h>
74#include <openssl/x509v3.h> 73#include <openssl/x509v3.h>
75 74
76#include "asn1_local.h" 75#include "asn1_local.h"
77#include "bytestring.h" 76#include "bytestring.h"
77#include "err_local.h"
78#include "x509_local.h" 78#include "x509_local.h"
79 79
80#ifndef OPENSSL_NO_RFC3779 80#ifndef OPENSSL_NO_RFC3779
diff --git a/src/lib/libcrypto/x509/x509_akey.c b/src/lib/libcrypto/x509/x509_akey.c
index 926508c4cd..524fea8009 100644
--- a/src/lib/libcrypto/x509/x509_akey.c
+++ b/src/lib/libcrypto/x509/x509_akey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_akey.c,v 1.3 2024/08/31 10:03:03 tb Exp $ */ 1/* $OpenBSD: x509_akey.c,v 1.4 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -62,9 +62,9 @@
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1t.h> 63#include <openssl/asn1t.h>
64#include <openssl/conf.h> 64#include <openssl/conf.h>
65#include <openssl/err.h>
66#include <openssl/x509v3.h> 65#include <openssl/x509v3.h>
67 66
67#include "err_local.h"
68#include "x509_local.h" 68#include "x509_local.h"
69 69
70static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, 70static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
diff --git a/src/lib/libcrypto/x509/x509_alt.c b/src/lib/libcrypto/x509/x509_alt.c
index 34734a55bd..ca91493848 100644
--- a/src/lib/libcrypto/x509/x509_alt.c
+++ b/src/lib/libcrypto/x509/x509_alt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_alt.c,v 1.19 2025/03/06 07:20:01 tb Exp $ */ 1/* $OpenBSD: x509_alt.c,v 1.20 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -60,9 +60,9 @@
60#include <string.h> 60#include <string.h>
61 61
62#include <openssl/conf.h> 62#include <openssl/conf.h>
63#include <openssl/err.h>
64#include <openssl/x509v3.h> 63#include <openssl/x509v3.h>
65 64
65#include "err_local.h"
66#include "x509_internal.h" 66#include "x509_internal.h"
67 67
68static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, 68static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
diff --git a/src/lib/libcrypto/x509/x509_asid.c b/src/lib/libcrypto/x509/x509_asid.c
index 40ee201a9f..45a154e7d9 100644
--- a/src/lib/libcrypto/x509/x509_asid.c
+++ b/src/lib/libcrypto/x509/x509_asid.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_asid.c,v 1.45 2024/07/13 15:08:58 tb Exp $ */ 1/* $OpenBSD: x509_asid.c,v 1.46 2025/05/10 05:54:39 tb Exp $ */
2/* 2/*
3 * Contributed to the OpenSSL Project by the American Registry for 3 * Contributed to the OpenSSL Project by the American Registry for
4 * Internet Numbers ("ARIN"). 4 * Internet Numbers ("ARIN").
@@ -68,10 +68,10 @@
68#include <openssl/asn1t.h> 68#include <openssl/asn1t.h>
69#include <openssl/bn.h> 69#include <openssl/bn.h>
70#include <openssl/conf.h> 70#include <openssl/conf.h>
71#include <openssl/err.h>
72#include <openssl/x509.h> 71#include <openssl/x509.h>
73#include <openssl/x509v3.h> 72#include <openssl/x509v3.h>
74 73
74#include "err_local.h"
75#include "x509_local.h" 75#include "x509_local.h"
76 76
77#ifndef OPENSSL_NO_RFC3779 77#ifndef OPENSSL_NO_RFC3779
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
index 4931cbbc17..a442a17746 100644
--- a/src/lib/libcrypto/x509/x509_att.c
+++ b/src/lib/libcrypto/x509/x509_att.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_att.c,v 1.25 2024/08/31 10:46:40 tb Exp $ */ 1/* $OpenBSD: x509_att.c,v 1.26 2025/05/10 05:54:39 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -59,13 +59,13 @@
59#include <stdio.h> 59#include <stdio.h>
60 60
61#include <openssl/asn1.h> 61#include <openssl/asn1.h>
62#include <openssl/err.h>
63#include <openssl/evp.h> 62#include <openssl/evp.h>
64#include <openssl/objects.h> 63#include <openssl/objects.h>
65#include <openssl/stack.h> 64#include <openssl/stack.h>
66#include <openssl/x509.h> 65#include <openssl/x509.h>
67#include <openssl/x509v3.h> 66#include <openssl/x509v3.h>
68 67
68#include "err_local.h"
69#include "x509_local.h" 69#include "x509_local.h"
70 70
71int 71int
diff --git a/src/lib/libcrypto/x509/x509_bcons.c b/src/lib/libcrypto/x509/x509_bcons.c
index 99cb5afe9a..c10f822ccc 100644
--- a/src/lib/libcrypto/x509/x509_bcons.c
+++ b/src/lib/libcrypto/x509/x509_bcons.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_bcons.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ 1/* $OpenBSD: x509_bcons.c,v 1.7 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -62,9 +62,9 @@
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1t.h> 63#include <openssl/asn1t.h>
64#include <openssl/conf.h> 64#include <openssl/conf.h>
65#include <openssl/err.h>
66#include <openssl/x509v3.h> 65#include <openssl/x509v3.h>
67 66
67#include "err_local.h"
68#include "x509_local.h" 68#include "x509_local.h"
69 69
70static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, 70static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
diff --git a/src/lib/libcrypto/x509/x509_bitst.c b/src/lib/libcrypto/x509/x509_bitst.c
index 2bc4f9911a..89289b7af0 100644
--- a/src/lib/libcrypto/x509/x509_bitst.c
+++ b/src/lib/libcrypto/x509/x509_bitst.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_bitst.c,v 1.8 2024/08/31 10:23:13 tb Exp $ */ 1/* $OpenBSD: x509_bitst.c,v 1.9 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -60,9 +60,9 @@
60#include <string.h> 60#include <string.h>
61 61
62#include <openssl/conf.h> 62#include <openssl/conf.h>
63#include <openssl/err.h>
64#include <openssl/x509v3.h> 63#include <openssl/x509v3.h>
65 64
65#include "err_local.h"
66#include "x509_local.h" 66#include "x509_local.h"
67 67
68static const BIT_STRING_BITNAME ns_cert_type_table[] = { 68static const BIT_STRING_BITNAME ns_cert_type_table[] = {
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 2c1e427093..2479dcdd0d 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_cmp.c,v 1.44 2024/03/25 03:41:16 joshua Exp $ */ 1/* $OpenBSD: x509_cmp.c,v 1.45 2025/05/10 05:54:39 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -63,11 +63,11 @@
63#include <openssl/opensslconf.h> 63#include <openssl/opensslconf.h>
64 64
65#include <openssl/asn1.h> 65#include <openssl/asn1.h>
66#include <openssl/err.h>
67#include <openssl/objects.h> 66#include <openssl/objects.h>
68#include <openssl/x509.h> 67#include <openssl/x509.h>
69#include <openssl/x509v3.h> 68#include <openssl/x509v3.h>
70 69
70#include "err_local.h"
71#include "evp_local.h" 71#include "evp_local.h"
72#include "x509_local.h" 72#include "x509_local.h"
73 73
diff --git a/src/lib/libcrypto/x509/x509_conf.c b/src/lib/libcrypto/x509/x509_conf.c
index e5b18c2f77..2089f72bc7 100644
--- a/src/lib/libcrypto/x509/x509_conf.c
+++ b/src/lib/libcrypto/x509/x509_conf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_conf.c,v 1.29 2025/03/06 07:20:01 tb Exp $ */ 1/* $OpenBSD: x509_conf.c,v 1.31 2025/06/02 12:18:21 jsg Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -62,11 +62,11 @@
62#include <string.h> 62#include <string.h>
63 63
64#include <openssl/conf.h> 64#include <openssl/conf.h>
65#include <openssl/err.h>
66#include <openssl/x509.h> 65#include <openssl/x509.h>
67#include <openssl/x509v3.h> 66#include <openssl/x509v3.h>
68 67
69#include "conf_local.h" 68#include "conf_local.h"
69#include "err_local.h"
70#include "x509_local.h" 70#include "x509_local.h"
71 71
72static int v3_check_critical(const char **value); 72static int v3_check_critical(const char **value);
@@ -242,8 +242,9 @@ v3_check_critical(const char **value)
242 if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) 242 if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
243 return 0; 243 return 0;
244 p += 9; 244 p += 9;
245 while (isspace((unsigned char)*p)) p++; 245 while (isspace((unsigned char)*p))
246 *value = p; 246 p++;
247 *value = p;
247 return 1; 248 return 1;
248} 249}
249 250
diff --git a/src/lib/libcrypto/x509/x509_cpols.c b/src/lib/libcrypto/x509/x509_cpols.c
index 6bae2a0482..b6a456023f 100644
--- a/src/lib/libcrypto/x509/x509_cpols.c
+++ b/src/lib/libcrypto/x509/x509_cpols.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_cpols.c,v 1.15 2025/03/06 07:20:01 tb Exp $ */ 1/* $OpenBSD: x509_cpols.c,v 1.16 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -62,9 +62,9 @@
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1t.h> 63#include <openssl/asn1t.h>
64#include <openssl/conf.h> 64#include <openssl/conf.h>
65#include <openssl/err.h>
66#include <openssl/x509v3.h> 65#include <openssl/x509v3.h>
67 66
67#include "err_local.h"
68#include "x509_local.h" 68#include "x509_local.h"
69 69
70/* Certificate policies extension support: this one is a bit complex... */ 70/* Certificate policies extension support: this one is a bit complex... */
diff --git a/src/lib/libcrypto/x509/x509_crld.c b/src/lib/libcrypto/x509/x509_crld.c
index 81f2010df5..75afcefca8 100644
--- a/src/lib/libcrypto/x509/x509_crld.c
+++ b/src/lib/libcrypto/x509/x509_crld.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_crld.c,v 1.9 2025/03/06 07:20:01 tb Exp $ */ 1/* $OpenBSD: x509_crld.c,v 1.10 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -62,9 +62,9 @@
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1t.h> 63#include <openssl/asn1t.h>
64#include <openssl/conf.h> 64#include <openssl/conf.h>
65#include <openssl/err.h>
66#include <openssl/x509v3.h> 65#include <openssl/x509v3.h>
67 66
67#include "err_local.h"
68#include "x509_local.h" 68#include "x509_local.h"
69 69
70static void *v2i_crld(const X509V3_EXT_METHOD *method, 70static void *v2i_crld(const X509V3_EXT_METHOD *method,
diff --git a/src/lib/libcrypto/x509/x509_extku.c b/src/lib/libcrypto/x509/x509_extku.c
index da5036a09a..35460ca46b 100644
--- a/src/lib/libcrypto/x509/x509_extku.c
+++ b/src/lib/libcrypto/x509/x509_extku.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_extku.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ 1/* $OpenBSD: x509_extku.c,v 1.7 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -60,9 +60,9 @@
60 60
61#include <openssl/asn1t.h> 61#include <openssl/asn1t.h>
62#include <openssl/conf.h> 62#include <openssl/conf.h>
63#include <openssl/err.h>
64#include <openssl/x509v3.h> 63#include <openssl/x509v3.h>
65 64
65#include "err_local.h"
66#include "x509_local.h" 66#include "x509_local.h"
67 67
68static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, 68static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
diff --git a/src/lib/libcrypto/x509/x509_genn.c b/src/lib/libcrypto/x509/x509_genn.c
index 1ea7155795..5214c394ed 100644
--- a/src/lib/libcrypto/x509/x509_genn.c
+++ b/src/lib/libcrypto/x509/x509_genn.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_genn.c,v 1.7 2024/07/08 14:47:44 beck Exp $ */ 1/* $OpenBSD: x509_genn.c,v 1.8 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -63,6 +63,8 @@
63#include <openssl/conf.h> 63#include <openssl/conf.h>
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66#include "err_local.h"
67
66static const ASN1_TEMPLATE OTHERNAME_seq_tt[] = { 68static const ASN1_TEMPLATE OTHERNAME_seq_tt[] = {
67 { 69 {
68 .flags = 0, 70 .flags = 0,
diff --git a/src/lib/libcrypto/x509/x509_ia5.c b/src/lib/libcrypto/x509/x509_ia5.c
index 4f62a9134c..b8886c6cb8 100644
--- a/src/lib/libcrypto/x509/x509_ia5.c
+++ b/src/lib/libcrypto/x509/x509_ia5.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_ia5.c,v 1.2 2024/07/13 15:08:58 tb Exp $ */ 1/* $OpenBSD: x509_ia5.c,v 1.3 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -61,9 +61,10 @@
61 61
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/conf.h> 63#include <openssl/conf.h>
64#include <openssl/err.h>
65#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
66 65
66#include "err_local.h"
67
67static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); 68static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
68static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, 69static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, char *str); 70 X509V3_CTX *ctx, char *str);
diff --git a/src/lib/libcrypto/x509/x509_info.c b/src/lib/libcrypto/x509/x509_info.c
index d1de346ee6..c91642a02e 100644
--- a/src/lib/libcrypto/x509/x509_info.c
+++ b/src/lib/libcrypto/x509/x509_info.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_info.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */ 1/* $OpenBSD: x509_info.c,v 1.6 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -62,9 +62,10 @@
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1t.h> 63#include <openssl/asn1t.h>
64#include <openssl/conf.h> 64#include <openssl/conf.h>
65#include <openssl/err.h>
66#include <openssl/x509v3.h> 65#include <openssl/x509v3.h>
67 66
67#include "err_local.h"
68
68static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( 69static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
69 X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo, 70 X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo,
70 STACK_OF(CONF_VALUE) *ret); 71 STACK_OF(CONF_VALUE) *ret);
diff --git a/src/lib/libcrypto/x509/x509_lib.c b/src/lib/libcrypto/x509/x509_lib.c
index 6fa66ab88e..0285ac0d3a 100644
--- a/src/lib/libcrypto/x509/x509_lib.c
+++ b/src/lib/libcrypto/x509/x509_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_lib.c,v 1.24 2024/07/13 15:08:58 tb Exp $ */ 1/* $OpenBSD: x509_lib.c,v 1.25 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -60,9 +60,9 @@
60#include <stdio.h> 60#include <stdio.h>
61 61
62#include <openssl/conf.h> 62#include <openssl/conf.h>
63#include <openssl/err.h>
64#include <openssl/x509v3.h> 63#include <openssl/x509v3.h>
65 64
65#include "err_local.h"
66#include "x509_local.h" 66#include "x509_local.h"
67 67
68const X509V3_EXT_METHOD * 68const X509V3_EXT_METHOD *
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index 0367794fca..1ac3436a6e 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_lu.c,v 1.67 2025/03/09 15:20:20 tb Exp $ */ 1/* $OpenBSD: x509_lu.c,v 1.68 2025/05/10 05:54:39 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -59,11 +59,11 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <string.h> 60#include <string.h>
61 61
62#include <openssl/err.h>
63#include <openssl/lhash.h> 62#include <openssl/lhash.h>
64#include <openssl/x509.h> 63#include <openssl/x509.h>
65#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
66 65
66#include "err_local.h"
67#include "x509_local.h" 67#include "x509_local.h"
68 68
69static int X509_OBJECT_up_ref_count(X509_OBJECT *a); 69static int X509_OBJECT_up_ref_count(X509_OBJECT *a);
diff --git a/src/lib/libcrypto/x509/x509_ncons.c b/src/lib/libcrypto/x509/x509_ncons.c
index 148a66e887..f197488d70 100644
--- a/src/lib/libcrypto/x509/x509_ncons.c
+++ b/src/lib/libcrypto/x509/x509_ncons.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_ncons.c,v 1.11 2024/07/13 15:08:58 tb Exp $ */ 1/* $OpenBSD: x509_ncons.c,v 1.12 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -61,9 +61,9 @@
61 61
62#include <openssl/asn1t.h> 62#include <openssl/asn1t.h>
63#include <openssl/conf.h> 63#include <openssl/conf.h>
64#include <openssl/err.h>
65#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
66 65
66#include "err_local.h"
67#include "x509_local.h" 67#include "x509_local.h"
68 68
69static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, 69static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
diff --git a/src/lib/libcrypto/x509/x509_ocsp.c b/src/lib/libcrypto/x509/x509_ocsp.c
index 6531b4c420..d0a0d49890 100644
--- a/src/lib/libcrypto/x509/x509_ocsp.c
+++ b/src/lib/libcrypto/x509/x509_ocsp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_ocsp.c,v 1.4 2024/12/24 09:14:33 schwarze Exp $ */ 1/* $OpenBSD: x509_ocsp.c,v 1.5 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -65,10 +65,10 @@
65 65
66#include <openssl/asn1.h> 66#include <openssl/asn1.h>
67#include <openssl/conf.h> 67#include <openssl/conf.h>
68#include <openssl/err.h>
69#include <openssl/ocsp.h> 68#include <openssl/ocsp.h>
70#include <openssl/x509v3.h> 69#include <openssl/x509v3.h>
71 70
71#include "err_local.h"
72#include "ocsp_local.h" 72#include "ocsp_local.h"
73 73
74/* OCSP extensions and a couple of CRL entry extensions 74/* OCSP extensions and a couple of CRL entry extensions
diff --git a/src/lib/libcrypto/x509/x509_pcons.c b/src/lib/libcrypto/x509/x509_pcons.c
index 66dc57abf6..404fa28724 100644
--- a/src/lib/libcrypto/x509/x509_pcons.c
+++ b/src/lib/libcrypto/x509/x509_pcons.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_pcons.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ 1/* $OpenBSD: x509_pcons.c,v 1.7 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -62,9 +62,9 @@
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1t.h> 63#include <openssl/asn1t.h>
64#include <openssl/conf.h> 64#include <openssl/conf.h>
65#include <openssl/err.h>
66#include <openssl/x509v3.h> 65#include <openssl/x509v3.h>
67 66
67#include "err_local.h"
68#include "x509_local.h" 68#include "x509_local.h"
69 69
70static STACK_OF(CONF_VALUE) * 70static STACK_OF(CONF_VALUE) *
diff --git a/src/lib/libcrypto/x509/x509_pmaps.c b/src/lib/libcrypto/x509/x509_pmaps.c
index 5039f65f2e..141a3a6f90 100644
--- a/src/lib/libcrypto/x509/x509_pmaps.c
+++ b/src/lib/libcrypto/x509/x509_pmaps.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_pmaps.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ 1/* $OpenBSD: x509_pmaps.c,v 1.7 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -61,9 +61,9 @@
61 61
62#include <openssl/asn1t.h> 62#include <openssl/asn1t.h>
63#include <openssl/conf.h> 63#include <openssl/conf.h>
64#include <openssl/err.h>
65#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
66 65
66#include "err_local.h"
67#include "x509_local.h" 67#include "x509_local.h"
68 68
69static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, 69static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
diff --git a/src/lib/libcrypto/x509/x509_policy.c b/src/lib/libcrypto/x509/x509_policy.c
index 4321a9669d..8267e8dc49 100644
--- a/src/lib/libcrypto/x509/x509_policy.c
+++ b/src/lib/libcrypto/x509/x509_policy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_policy.c,v 1.29 2025/01/06 17:42:39 tb Exp $ */ 1/* $OpenBSD: x509_policy.c,v 1.32 2025/05/10 05:54:39 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2022, Google Inc. 3 * Copyright (c) 2022, Google Inc.
4 * 4 *
@@ -17,12 +17,12 @@
17 17
18#include <string.h> 18#include <string.h>
19 19
20#include <openssl/err.h>
21#include <openssl/objects.h> 20#include <openssl/objects.h>
22#include <openssl/stack.h> 21#include <openssl/stack.h>
23#include <openssl/x509.h> 22#include <openssl/x509.h>
24#include <openssl/x509v3.h> 23#include <openssl/x509v3.h>
25 24
25#include "err_local.h"
26#include "stack_local.h" 26#include "stack_local.h"
27#include "x509_internal.h" 27#include "x509_internal.h"
28#include "x509_local.h" 28#include "x509_local.h"
@@ -498,7 +498,7 @@ delete_if_mapped(X509_POLICY_NODE *node, void *data)
498 * with P1 in |parent_policies|. 498 * with P1 in |parent_policies|.
499 * 499 *
500 * This is equivalent to the |X509_POLICY_LEVEL| that would result if the next 500 * This is equivalent to the |X509_POLICY_LEVEL| that would result if the next
501 * certificats contained anyPolicy. |process_certificate_policies| will filter 501 * certificate contained anyPolicy. |process_certificate_policies| will filter
502 * this result down to compute the actual level. 502 * this result down to compute the actual level.
503 */ 503 */
504static X509_POLICY_LEVEL * 504static X509_POLICY_LEVEL *
diff --git a/src/lib/libcrypto/x509/x509_prn.c b/src/lib/libcrypto/x509/x509_prn.c
index 3bf7c803e5..23c649a7b9 100644
--- a/src/lib/libcrypto/x509/x509_prn.c
+++ b/src/lib/libcrypto/x509/x509_prn.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_prn.c,v 1.6 2023/05/08 05:30:38 tb Exp $ */ 1/* $OpenBSD: x509_prn.c,v 1.7 2025/06/02 12:18:22 jsg Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -87,8 +87,9 @@ X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
87 for (i = 0; i < sk_CONF_VALUE_num(val); i++) { 87 for (i = 0; i < sk_CONF_VALUE_num(val); i++) {
88 if (ml) 88 if (ml)
89 BIO_printf(out, "%*s", indent, ""); 89 BIO_printf(out, "%*s", indent, "");
90 else if (i > 0) BIO_printf(out, ", "); 90 else if (i > 0)
91 nval = sk_CONF_VALUE_value(val, i); 91 BIO_printf(out, ", ");
92 nval = sk_CONF_VALUE_value(val, i);
92 if (!nval->name) 93 if (!nval->name)
93 BIO_puts(out, nval->value); 94 BIO_puts(out, nval->value);
94 else if (!nval->value) 95 else if (!nval->value)
diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c
index 619a4b890a..36dfe6abee 100644
--- a/src/lib/libcrypto/x509/x509_purp.c
+++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_purp.c,v 1.43 2024/07/12 18:15:10 beck Exp $ */ 1/* $OpenBSD: x509_purp.c,v 1.44 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001. 3 * project 2001.
4 */ 4 */
@@ -61,7 +61,6 @@
61 61
62#include <openssl/opensslconf.h> 62#include <openssl/opensslconf.h>
63 63
64#include <openssl/err.h>
65#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
66#include <openssl/x509_vfy.h> 65#include <openssl/x509_vfy.h>
67 66
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
index 39b392259b..4ca8a87935 100644
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ b/src/lib/libcrypto/x509/x509_r2x.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_r2x.c,v 1.17 2023/04/25 09:46:36 job Exp $ */ 1/* $OpenBSD: x509_r2x.c,v 1.18 2025/05/10 05:54:39 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -61,11 +61,11 @@
61#include <openssl/asn1.h> 61#include <openssl/asn1.h>
62#include <openssl/bn.h> 62#include <openssl/bn.h>
63#include <openssl/buffer.h> 63#include <openssl/buffer.h>
64#include <openssl/err.h>
65#include <openssl/evp.h> 64#include <openssl/evp.h>
66#include <openssl/objects.h> 65#include <openssl/objects.h>
67#include <openssl/x509.h> 66#include <openssl/x509.h>
68 67
68#include "err_local.h"
69#include "x509_local.h" 69#include "x509_local.h"
70 70
71X509 * 71X509 *
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 704acbd897..df1119a55c 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_req.c,v 1.43 2024/08/31 10:16:52 tb Exp $ */ 1/* $OpenBSD: x509_req.c,v 1.44 2025/05/10 05:54:39 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -64,13 +64,13 @@
64#include <openssl/asn1t.h> 64#include <openssl/asn1t.h>
65#include <openssl/bn.h> 65#include <openssl/bn.h>
66#include <openssl/buffer.h> 66#include <openssl/buffer.h>
67#include <openssl/err.h>
68#include <openssl/evp.h> 67#include <openssl/evp.h>
69#include <openssl/objects.h> 68#include <openssl/objects.h>
70#include <openssl/pem.h> 69#include <openssl/pem.h>
71#include <openssl/x509.h> 70#include <openssl/x509.h>
72 71
73#include "asn1_local.h" 72#include "asn1_local.h"
73#include "err_local.h"
74#include "evp_local.h" 74#include "evp_local.h"
75#include "x509_local.h" 75#include "x509_local.h"
76 76
diff --git a/src/lib/libcrypto/x509/x509_skey.c b/src/lib/libcrypto/x509/x509_skey.c
index d2c90b6f1c..e9e915a0c7 100644
--- a/src/lib/libcrypto/x509/x509_skey.c
+++ b/src/lib/libcrypto/x509/x509_skey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_skey.c,v 1.6 2024/07/13 15:08:58 tb Exp $ */ 1/* $OpenBSD: x509_skey.c,v 1.7 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -59,9 +59,9 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <string.h> 60#include <string.h>
61 61
62#include <openssl/err.h>
63#include <openssl/x509v3.h> 62#include <openssl/x509v3.h>
64 63
64#include "err_local.h"
65#include "x509_local.h" 65#include "x509_local.h"
66 66
67static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, 67static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
diff --git a/src/lib/libcrypto/x509/x509_utl.c b/src/lib/libcrypto/x509/x509_utl.c
index 08383849c9..4be8630d89 100644
--- a/src/lib/libcrypto/x509/x509_utl.c
+++ b/src/lib/libcrypto/x509/x509_utl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_utl.c,v 1.26 2025/01/26 13:51:41 tb Exp $ */ 1/* $OpenBSD: x509_utl.c,v 1.27 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -64,11 +64,11 @@
64#include <openssl/asn1.h> 64#include <openssl/asn1.h>
65#include <openssl/bn.h> 65#include <openssl/bn.h>
66#include <openssl/conf.h> 66#include <openssl/conf.h>
67#include <openssl/err.h>
68#include <openssl/x509v3.h> 67#include <openssl/x509v3.h>
69 68
70#include "bytestring.h" 69#include "bytestring.h"
71#include "conf_local.h" 70#include "conf_local.h"
71#include "err_local.h"
72 72
73/* 73/*
74 * Match reference identifiers starting with "." to any sub-domain. This 74 * Match reference identifiers starting with "." to any sub-domain. This
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
index 688aed15a2..ee14d2dcef 100644
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_v3.c,v 1.43 2024/07/12 09:57:04 tb Exp $ */ 1/* $OpenBSD: x509_v3.c,v 1.44 2025/05/10 05:54:39 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -59,12 +59,12 @@
59#include <stdio.h> 59#include <stdio.h>
60 60
61#include <openssl/asn1.h> 61#include <openssl/asn1.h>
62#include <openssl/err.h>
63#include <openssl/objects.h> 62#include <openssl/objects.h>
64#include <openssl/stack.h> 63#include <openssl/stack.h>
65#include <openssl/x509.h> 64#include <openssl/x509.h>
66#include <openssl/x509v3.h> 65#include <openssl/x509v3.h>
67 66
67#include "err_local.h"
68#include "x509_local.h" 68#include "x509_local.h"
69 69
70int 70int
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index c93ae81bd8..3d0abda615 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_vfy.c,v 1.147 2025/03/04 08:43:25 tb Exp $ */ 1/* $OpenBSD: x509_vfy.c,v 1.148 2025/05/10 05:54:39 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -67,7 +67,6 @@
67#include <openssl/asn1.h> 67#include <openssl/asn1.h>
68#include <openssl/buffer.h> 68#include <openssl/buffer.h>
69#include <openssl/crypto.h> 69#include <openssl/crypto.h>
70#include <openssl/err.h>
71#include <openssl/evp.h> 70#include <openssl/evp.h>
72#include <openssl/lhash.h> 71#include <openssl/lhash.h>
73#include <openssl/objects.h> 72#include <openssl/objects.h>
@@ -75,6 +74,7 @@
75#include <openssl/x509v3.h> 74#include <openssl/x509v3.h>
76 75
77#include "asn1_local.h" 76#include "asn1_local.h"
77#include "err_local.h"
78#include "x509_internal.h" 78#include "x509_internal.h"
79#include "x509_issuer_cache.h" 79#include "x509_issuer_cache.h"
80#include "x509_local.h" 80#include "x509_local.h"
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c
index 4b333e2a2d..19091b12aa 100644
--- a/src/lib/libcrypto/x509/x509_vpm.c
+++ b/src/lib/libcrypto/x509/x509_vpm.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_vpm.c,v 1.47 2025/03/12 04:58:04 tb Exp $ */ 1/* $OpenBSD: x509_vpm.c,v 1.56 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004. 3 * project 2004.
4 */ 4 */
@@ -61,12 +61,12 @@
61 61
62#include <openssl/buffer.h> 62#include <openssl/buffer.h>
63#include <openssl/crypto.h> 63#include <openssl/crypto.h>
64#include <openssl/err.h>
65#include <openssl/lhash.h> 64#include <openssl/lhash.h>
66#include <openssl/stack.h> 65#include <openssl/stack.h>
67#include <openssl/x509.h> 66#include <openssl/x509.h>
68#include <openssl/x509v3.h> 67#include <openssl/x509v3.h>
69 68
69#include "err_local.h"
70#include "x509_local.h" 70#include "x509_local.h"
71 71
72/* X509_VERIFY_PARAM functions */ 72/* X509_VERIFY_PARAM functions */
@@ -113,7 +113,7 @@ sk_OPENSSL_STRING_deep_copy(const STACK_OF(OPENSSL_STRING) *sk)
113} 113}
114 114
115static int 115static int
116x509_param_set_hosts_internal(X509_VERIFY_PARAM *vpm, int mode, 116x509_param_set_hosts_internal(X509_VERIFY_PARAM *param, int mode,
117 const char *name, size_t namelen) 117 const char *name, size_t namelen)
118{ 118{
119 char *copy; 119 char *copy;
@@ -126,9 +126,9 @@ x509_param_set_hosts_internal(X509_VERIFY_PARAM *vpm, int mode,
126 if (name && memchr(name, '\0', namelen)) 126 if (name && memchr(name, '\0', namelen))
127 return 0; 127 return 0;
128 128
129 if (mode == SET_HOST && vpm->hosts) { 129 if (mode == SET_HOST && param->hosts) {
130 sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free); 130 sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
131 vpm->hosts = NULL; 131 param->hosts = NULL;
132 } 132 }
133 if (name == NULL || namelen == 0) 133 if (name == NULL || namelen == 0)
134 return 1; 134 return 1;
@@ -136,17 +136,17 @@ x509_param_set_hosts_internal(X509_VERIFY_PARAM *vpm, int mode,
136 if (copy == NULL) 136 if (copy == NULL)
137 return 0; 137 return 0;
138 138
139 if (vpm->hosts == NULL && 139 if (param->hosts == NULL &&
140 (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { 140 (param->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
141 free(copy); 141 free(copy);
142 return 0; 142 return 0;
143 } 143 }
144 144
145 if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) { 145 if (!sk_OPENSSL_STRING_push(param->hosts, copy)) {
146 free(copy); 146 free(copy);
147 if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) { 147 if (sk_OPENSSL_STRING_num(param->hosts) == 0) {
148 sk_OPENSSL_STRING_free(vpm->hosts); 148 sk_OPENSSL_STRING_free(param->hosts);
149 vpm->hosts = NULL; 149 param->hosts = NULL;
150 } 150 }
151 return 0; 151 return 0;
152 } 152 }
@@ -654,6 +654,8 @@ static const X509_VERIFY_PARAM default_table[] = {
654 } 654 }
655}; 655};
656 656
657#define N_DEFAULT_VERIFY_PARAMS (sizeof(default_table) / sizeof(default_table[0]))
658
657static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; 659static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
658 660
659static int 661static int
@@ -687,9 +689,11 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_add0_table);
687int 689int
688X509_VERIFY_PARAM_get_count(void) 690X509_VERIFY_PARAM_get_count(void)
689{ 691{
690 int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); 692 int num = N_DEFAULT_VERIFY_PARAMS;
691 if (param_table) 693
694 if (param_table != NULL)
692 num += sk_X509_VERIFY_PARAM_num(param_table); 695 num += sk_X509_VERIFY_PARAM_num(param_table);
696
693 return num; 697 return num;
694} 698}
695LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_count); 699LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_count);
@@ -697,9 +701,14 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_count);
697const X509_VERIFY_PARAM * 701const X509_VERIFY_PARAM *
698X509_VERIFY_PARAM_get0(int id) 702X509_VERIFY_PARAM_get0(int id)
699{ 703{
700 int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); 704 int num = N_DEFAULT_VERIFY_PARAMS;
705
706 if (id < 0)
707 return NULL;
708
701 if (id < num) 709 if (id < num)
702 return default_table + id; 710 return &default_table[id];
711
703 return sk_X509_VERIFY_PARAM_value(param_table, id - num); 712 return sk_X509_VERIFY_PARAM_value(param_table, id - num);
704} 713}
705LCRYPTO_ALIAS(X509_VERIFY_PARAM_get0); 714LCRYPTO_ALIAS(X509_VERIFY_PARAM_get0);
@@ -707,22 +716,20 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_get0);
707const X509_VERIFY_PARAM * 716const X509_VERIFY_PARAM *
708X509_VERIFY_PARAM_lookup(const char *name) 717X509_VERIFY_PARAM_lookup(const char *name)
709{ 718{
710 X509_VERIFY_PARAM pm; 719 X509_VERIFY_PARAM param;
711 unsigned int i, limit; 720 size_t i;
721 int idx;
712 722
713 pm.name = (char *)name; 723 memset(&param, 0, sizeof(param));
714 if (param_table) { 724 param.name = (char *)name;
715 size_t idx; 725 if ((idx = sk_X509_VERIFY_PARAM_find(param_table, &param)) != -1)
716 if ((idx = sk_X509_VERIFY_PARAM_find(param_table, &pm)) != -1) 726 return sk_X509_VERIFY_PARAM_value(param_table, idx);
717 return sk_X509_VERIFY_PARAM_value(param_table, idx);
718 }
719 727
720 limit = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); 728 for (i = 0; i < N_DEFAULT_VERIFY_PARAMS; i++) {
721 for (i = 0; i < limit; i++) { 729 if (strcmp(default_table[i].name, name) == 0)
722 if (strcmp(default_table[i].name, name) == 0) {
723 return &default_table[i]; 730 return &default_table[i];
724 }
725 } 731 }
732
726 return NULL; 733 return NULL;
727} 734}
728LCRYPTO_ALIAS(X509_VERIFY_PARAM_lookup); 735LCRYPTO_ALIAS(X509_VERIFY_PARAM_lookup);
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
index d2df06ccc6..9a582d34e4 100644
--- a/src/lib/libcrypto/x509/x509name.c
+++ b/src/lib/libcrypto/x509/x509name.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509name.c,v 1.35 2023/05/29 11:54:50 beck Exp $ */ 1/* $OpenBSD: x509name.c,v 1.36 2025/05/10 05:54:39 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -60,13 +60,13 @@
60#include <string.h> 60#include <string.h>
61 61
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/err.h>
64#include <openssl/evp.h> 63#include <openssl/evp.h>
65#include <openssl/objects.h> 64#include <openssl/objects.h>
66#include <openssl/stack.h> 65#include <openssl/stack.h>
67#include <openssl/x509.h> 66#include <openssl/x509.h>
68 67
69#include "bytestring.h" 68#include "bytestring.h"
69#include "err_local.h"
70#include "x509_local.h" 70#include "x509_local.h"
71 71
72int 72int
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
index 04c9a6f01b..ef5f9e34c8 100644
--- a/src/lib/libcrypto/x509/x509spki.c
+++ b/src/lib/libcrypto/x509/x509spki.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509spki.c,v 1.16 2023/02/16 08:38:17 tb Exp $ */ 1/* $OpenBSD: x509spki.c,v 1.17 2025/05/10 05:54:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -60,9 +60,10 @@
60#include <stdlib.h> 60#include <stdlib.h>
61#include <string.h> 61#include <string.h>
62 62
63#include <openssl/err.h>
64#include <openssl/x509.h> 63#include <openssl/x509.h>
65 64
65#include "err_local.h"
66
66int 67int
67NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) 68NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
68{ 69{
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
index 5997714061..b5d50ae4ee 100644
--- a/src/lib/libcrypto/x509/x_all.c
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x_all.c,v 1.32 2024/06/19 08:00:53 tb Exp $ */ 1/* $OpenBSD: x_all.c,v 1.33 2025/07/10 18:50:23 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -399,7 +399,11 @@ LCRYPTO_ALIAS(i2d_PKCS8PrivateKeyInfo_fp);
399int 399int
400X509_verify(X509 *a, EVP_PKEY *r) 400X509_verify(X509 *a, EVP_PKEY *r)
401{ 401{
402 if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) 402 /*
403 * The Certificate's signature AlgorithmIdentifier must match the one
404 * inside the TBSCertificate, see RFC 5280, 4.1.1.2, 4.1.2.3.
405 */
406 if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature) != 0)
403 return 0; 407 return 0;
404 return ASN1_item_verify(&X509_CINF_it, a->sig_alg, 408 return ASN1_item_verify(&X509_CINF_it, a->sig_alg,
405 a->signature, a->cert_info, r); 409 a->signature, a->cert_info, r);