diff options
Diffstat (limited to '')
38 files changed, 122 insertions, 123 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c index 2b2733a04b..9b239c1e9d 100644 --- a/src/lib/libcrypto/x509/by_dir.c +++ b/src/lib/libcrypto/x509/by_dir.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: by_dir.c,v 1.48 2024/08/31 10:19:17 tb Exp $ */ | 1 | /* $OpenBSD: by_dir.c,v 1.49 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -64,9 +64,9 @@ | |||
64 | 64 | ||
65 | #include <openssl/opensslconf.h> | 65 | #include <openssl/opensslconf.h> |
66 | 66 | ||
67 | #include <openssl/err.h> | ||
68 | #include <openssl/x509.h> | 67 | #include <openssl/x509.h> |
69 | 68 | ||
69 | #include "err_local.h" | ||
70 | #include "x509_local.h" | 70 | #include "x509_local.h" |
71 | 71 | ||
72 | typedef struct lookup_dir_hashes_st { | 72 | typedef struct lookup_dir_hashes_st { |
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c index 9b0fd2542c..86d4cd6b60 100644 --- a/src/lib/libcrypto/x509/by_file.c +++ b/src/lib/libcrypto/x509/by_file.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: by_file.c,v 1.31 2024/08/31 10:19:17 tb Exp $ */ | 1 | /* $OpenBSD: by_file.c,v 1.32 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -62,10 +62,10 @@ | |||
62 | #include <unistd.h> | 62 | #include <unistd.h> |
63 | 63 | ||
64 | #include <openssl/buffer.h> | 64 | #include <openssl/buffer.h> |
65 | #include <openssl/err.h> | ||
66 | #include <openssl/pem.h> | 65 | #include <openssl/pem.h> |
67 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
68 | 67 | ||
68 | #include "err_local.h" | ||
69 | #include "x509_local.h" | 69 | #include "x509_local.h" |
70 | 70 | ||
71 | static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, | 71 | static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, |
diff --git a/src/lib/libcrypto/x509/by_mem.c b/src/lib/libcrypto/x509/by_mem.c index 71afefa8a4..66093dd445 100644 --- a/src/lib/libcrypto/x509/by_mem.c +++ b/src/lib/libcrypto/x509/by_mem.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: by_mem.c,v 1.10 2024/08/31 10:19:17 tb Exp $ */ | 1 | /* $OpenBSD: by_mem.c,v 1.11 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -63,11 +63,11 @@ | |||
63 | #include <unistd.h> | 63 | #include <unistd.h> |
64 | 64 | ||
65 | #include <openssl/buffer.h> | 65 | #include <openssl/buffer.h> |
66 | #include <openssl/err.h> | ||
67 | #include <openssl/pem.h> | 66 | #include <openssl/pem.h> |
68 | #include <openssl/lhash.h> | 67 | #include <openssl/lhash.h> |
69 | #include <openssl/x509.h> | 68 | #include <openssl/x509.h> |
70 | 69 | ||
70 | #include "err_local.h" | ||
71 | #include "x509_local.h" | 71 | #include "x509_local.h" |
72 | 72 | ||
73 | static int by_mem_ctrl(X509_LOOKUP *, int, const char *, long, char **); | 73 | static int by_mem_ctrl(X509_LOOKUP *, int, const char *, long, char **); |
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index a198b23202..729a06d0ed 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509.h,v 1.121 2025/03/09 15:17:22 tb Exp $ */ | 1 | /* $OpenBSD: x509.h,v 1.123 2025/07/16 15:59:26 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -178,6 +178,7 @@ DECLARE_STACK_OF(X509) | |||
178 | #define X509_FLAG_NO_SIGDUMP (1L << 9) | 178 | #define X509_FLAG_NO_SIGDUMP (1L << 9) |
179 | #define X509_FLAG_NO_AUX (1L << 10) | 179 | #define X509_FLAG_NO_AUX (1L << 10) |
180 | #define X509_FLAG_NO_ATTRIBUTES (1L << 11) | 180 | #define X509_FLAG_NO_ATTRIBUTES (1L << 11) |
181 | #define X509_FLAG_NO_IDS (1L << 12) | ||
181 | 182 | ||
182 | /* Flags specific to X509_NAME_print_ex() */ | 183 | /* Flags specific to X509_NAME_print_ex() */ |
183 | 184 | ||
@@ -244,23 +245,7 @@ typedef struct X509_crl_info_st X509_CRL_INFO; | |||
244 | DECLARE_STACK_OF(X509_CRL) | 245 | DECLARE_STACK_OF(X509_CRL) |
245 | 246 | ||
246 | typedef struct private_key_st { | 247 | typedef struct private_key_st { |
247 | int version; | ||
248 | /* The PKCS#8 data types */ | ||
249 | X509_ALGOR *enc_algor; | ||
250 | ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ | ||
251 | |||
252 | /* When decrypted, the following will not be NULL */ | ||
253 | EVP_PKEY *dec_pkey; | 248 | EVP_PKEY *dec_pkey; |
254 | |||
255 | /* used to encrypt and decrypt */ | ||
256 | int key_length; | ||
257 | char *key_data; | ||
258 | int key_free; /* true if we should auto free key_data */ | ||
259 | |||
260 | /* expanded version of 'enc_algor' */ | ||
261 | EVP_CIPHER_INFO cipher; | ||
262 | |||
263 | int references; | ||
264 | } X509_PKEY; | 249 | } X509_PKEY; |
265 | 250 | ||
266 | #ifndef OPENSSL_NO_EVP | 251 | #ifndef OPENSSL_NO_EVP |
@@ -646,9 +631,6 @@ int X509_CRL_get0_by_serial(X509_CRL *crl, | |||
646 | X509_REVOKED **ret, ASN1_INTEGER *serial); | 631 | X509_REVOKED **ret, ASN1_INTEGER *serial); |
647 | int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); | 632 | int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); |
648 | 633 | ||
649 | X509_PKEY * X509_PKEY_new(void ); | ||
650 | void X509_PKEY_free(X509_PKEY *a); | ||
651 | |||
652 | NETSCAPE_SPKI *NETSCAPE_SPKI_new(void); | 634 | NETSCAPE_SPKI *NETSCAPE_SPKI_new(void); |
653 | void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a); | 635 | void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a); |
654 | NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, const unsigned char **in, long len); | 636 | NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, const unsigned char **in, long len); |
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c index 2208cc434e..b4ee92a14b 100644 --- a/src/lib/libcrypto/x509/x509_addr.c +++ b/src/lib/libcrypto/x509/x509_addr.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_addr.c,v 1.93 2024/07/13 15:08:58 tb Exp $ */ | 1 | /* $OpenBSD: x509_addr.c,v 1.94 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* | 2 | /* |
3 | * Contributed to the OpenSSL Project by the American Registry for | 3 | * Contributed to the OpenSSL Project by the American Registry for |
4 | * Internet Numbers ("ARIN"). | 4 | * Internet Numbers ("ARIN"). |
@@ -69,12 +69,12 @@ | |||
69 | #include <openssl/asn1t.h> | 69 | #include <openssl/asn1t.h> |
70 | #include <openssl/buffer.h> | 70 | #include <openssl/buffer.h> |
71 | #include <openssl/conf.h> | 71 | #include <openssl/conf.h> |
72 | #include <openssl/err.h> | ||
73 | #include <openssl/x509.h> | 72 | #include <openssl/x509.h> |
74 | #include <openssl/x509v3.h> | 73 | #include <openssl/x509v3.h> |
75 | 74 | ||
76 | #include "asn1_local.h" | 75 | #include "asn1_local.h" |
77 | #include "bytestring.h" | 76 | #include "bytestring.h" |
77 | #include "err_local.h" | ||
78 | #include "x509_local.h" | 78 | #include "x509_local.h" |
79 | 79 | ||
80 | #ifndef OPENSSL_NO_RFC3779 | 80 | #ifndef OPENSSL_NO_RFC3779 |
diff --git a/src/lib/libcrypto/x509/x509_akey.c b/src/lib/libcrypto/x509/x509_akey.c index 926508c4cd..524fea8009 100644 --- a/src/lib/libcrypto/x509/x509_akey.c +++ b/src/lib/libcrypto/x509/x509_akey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_akey.c,v 1.3 2024/08/31 10:03:03 tb Exp $ */ | 1 | /* $OpenBSD: x509_akey.c,v 1.4 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -62,9 +62,9 @@ | |||
62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
63 | #include <openssl/asn1t.h> | 63 | #include <openssl/asn1t.h> |
64 | #include <openssl/conf.h> | 64 | #include <openssl/conf.h> |
65 | #include <openssl/err.h> | ||
66 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
67 | 66 | ||
67 | #include "err_local.h" | ||
68 | #include "x509_local.h" | 68 | #include "x509_local.h" |
69 | 69 | ||
70 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | 70 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, |
diff --git a/src/lib/libcrypto/x509/x509_alt.c b/src/lib/libcrypto/x509/x509_alt.c index 34734a55bd..ca91493848 100644 --- a/src/lib/libcrypto/x509/x509_alt.c +++ b/src/lib/libcrypto/x509/x509_alt.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_alt.c,v 1.19 2025/03/06 07:20:01 tb Exp $ */ | 1 | /* $OpenBSD: x509_alt.c,v 1.20 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project. | 3 | * project. |
4 | */ | 4 | */ |
@@ -60,9 +60,9 @@ | |||
60 | #include <string.h> | 60 | #include <string.h> |
61 | 61 | ||
62 | #include <openssl/conf.h> | 62 | #include <openssl/conf.h> |
63 | #include <openssl/err.h> | ||
64 | #include <openssl/x509v3.h> | 63 | #include <openssl/x509v3.h> |
65 | 64 | ||
65 | #include "err_local.h" | ||
66 | #include "x509_internal.h" | 66 | #include "x509_internal.h" |
67 | 67 | ||
68 | static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, | 68 | static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, |
diff --git a/src/lib/libcrypto/x509/x509_asid.c b/src/lib/libcrypto/x509/x509_asid.c index 40ee201a9f..45a154e7d9 100644 --- a/src/lib/libcrypto/x509/x509_asid.c +++ b/src/lib/libcrypto/x509/x509_asid.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_asid.c,v 1.45 2024/07/13 15:08:58 tb Exp $ */ | 1 | /* $OpenBSD: x509_asid.c,v 1.46 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* | 2 | /* |
3 | * Contributed to the OpenSSL Project by the American Registry for | 3 | * Contributed to the OpenSSL Project by the American Registry for |
4 | * Internet Numbers ("ARIN"). | 4 | * Internet Numbers ("ARIN"). |
@@ -68,10 +68,10 @@ | |||
68 | #include <openssl/asn1t.h> | 68 | #include <openssl/asn1t.h> |
69 | #include <openssl/bn.h> | 69 | #include <openssl/bn.h> |
70 | #include <openssl/conf.h> | 70 | #include <openssl/conf.h> |
71 | #include <openssl/err.h> | ||
72 | #include <openssl/x509.h> | 71 | #include <openssl/x509.h> |
73 | #include <openssl/x509v3.h> | 72 | #include <openssl/x509v3.h> |
74 | 73 | ||
74 | #include "err_local.h" | ||
75 | #include "x509_local.h" | 75 | #include "x509_local.h" |
76 | 76 | ||
77 | #ifndef OPENSSL_NO_RFC3779 | 77 | #ifndef OPENSSL_NO_RFC3779 |
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c index 4931cbbc17..a442a17746 100644 --- a/src/lib/libcrypto/x509/x509_att.c +++ b/src/lib/libcrypto/x509/x509_att.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_att.c,v 1.25 2024/08/31 10:46:40 tb Exp $ */ | 1 | /* $OpenBSD: x509_att.c,v 1.26 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -59,13 +59,13 @@ | |||
59 | #include <stdio.h> | 59 | #include <stdio.h> |
60 | 60 | ||
61 | #include <openssl/asn1.h> | 61 | #include <openssl/asn1.h> |
62 | #include <openssl/err.h> | ||
63 | #include <openssl/evp.h> | 62 | #include <openssl/evp.h> |
64 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
65 | #include <openssl/stack.h> | 64 | #include <openssl/stack.h> |
66 | #include <openssl/x509.h> | 65 | #include <openssl/x509.h> |
67 | #include <openssl/x509v3.h> | 66 | #include <openssl/x509v3.h> |
68 | 67 | ||
68 | #include "err_local.h" | ||
69 | #include "x509_local.h" | 69 | #include "x509_local.h" |
70 | 70 | ||
71 | int | 71 | int |
diff --git a/src/lib/libcrypto/x509/x509_bcons.c b/src/lib/libcrypto/x509/x509_bcons.c index 99cb5afe9a..c10f822ccc 100644 --- a/src/lib/libcrypto/x509/x509_bcons.c +++ b/src/lib/libcrypto/x509/x509_bcons.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_bcons.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ | 1 | /* $OpenBSD: x509_bcons.c,v 1.7 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -62,9 +62,9 @@ | |||
62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
63 | #include <openssl/asn1t.h> | 63 | #include <openssl/asn1t.h> |
64 | #include <openssl/conf.h> | 64 | #include <openssl/conf.h> |
65 | #include <openssl/err.h> | ||
66 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
67 | 66 | ||
67 | #include "err_local.h" | ||
68 | #include "x509_local.h" | 68 | #include "x509_local.h" |
69 | 69 | ||
70 | static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, | 70 | static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, |
diff --git a/src/lib/libcrypto/x509/x509_bitst.c b/src/lib/libcrypto/x509/x509_bitst.c index 2bc4f9911a..89289b7af0 100644 --- a/src/lib/libcrypto/x509/x509_bitst.c +++ b/src/lib/libcrypto/x509/x509_bitst.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_bitst.c,v 1.8 2024/08/31 10:23:13 tb Exp $ */ | 1 | /* $OpenBSD: x509_bitst.c,v 1.9 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -60,9 +60,9 @@ | |||
60 | #include <string.h> | 60 | #include <string.h> |
61 | 61 | ||
62 | #include <openssl/conf.h> | 62 | #include <openssl/conf.h> |
63 | #include <openssl/err.h> | ||
64 | #include <openssl/x509v3.h> | 63 | #include <openssl/x509v3.h> |
65 | 64 | ||
65 | #include "err_local.h" | ||
66 | #include "x509_local.h" | 66 | #include "x509_local.h" |
67 | 67 | ||
68 | static const BIT_STRING_BITNAME ns_cert_type_table[] = { | 68 | static const BIT_STRING_BITNAME ns_cert_type_table[] = { |
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index 2c1e427093..2479dcdd0d 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_cmp.c,v 1.44 2024/03/25 03:41:16 joshua Exp $ */ | 1 | /* $OpenBSD: x509_cmp.c,v 1.45 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -63,11 +63,11 @@ | |||
63 | #include <openssl/opensslconf.h> | 63 | #include <openssl/opensslconf.h> |
64 | 64 | ||
65 | #include <openssl/asn1.h> | 65 | #include <openssl/asn1.h> |
66 | #include <openssl/err.h> | ||
67 | #include <openssl/objects.h> | 66 | #include <openssl/objects.h> |
68 | #include <openssl/x509.h> | 67 | #include <openssl/x509.h> |
69 | #include <openssl/x509v3.h> | 68 | #include <openssl/x509v3.h> |
70 | 69 | ||
70 | #include "err_local.h" | ||
71 | #include "evp_local.h" | 71 | #include "evp_local.h" |
72 | #include "x509_local.h" | 72 | #include "x509_local.h" |
73 | 73 | ||
diff --git a/src/lib/libcrypto/x509/x509_conf.c b/src/lib/libcrypto/x509/x509_conf.c index e5b18c2f77..2089f72bc7 100644 --- a/src/lib/libcrypto/x509/x509_conf.c +++ b/src/lib/libcrypto/x509/x509_conf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_conf.c,v 1.29 2025/03/06 07:20:01 tb Exp $ */ | 1 | /* $OpenBSD: x509_conf.c,v 1.31 2025/06/02 12:18:21 jsg Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -62,11 +62,11 @@ | |||
62 | #include <string.h> | 62 | #include <string.h> |
63 | 63 | ||
64 | #include <openssl/conf.h> | 64 | #include <openssl/conf.h> |
65 | #include <openssl/err.h> | ||
66 | #include <openssl/x509.h> | 65 | #include <openssl/x509.h> |
67 | #include <openssl/x509v3.h> | 66 | #include <openssl/x509v3.h> |
68 | 67 | ||
69 | #include "conf_local.h" | 68 | #include "conf_local.h" |
69 | #include "err_local.h" | ||
70 | #include "x509_local.h" | 70 | #include "x509_local.h" |
71 | 71 | ||
72 | static int v3_check_critical(const char **value); | 72 | static int v3_check_critical(const char **value); |
@@ -242,8 +242,9 @@ v3_check_critical(const char **value) | |||
242 | if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) | 242 | if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) |
243 | return 0; | 243 | return 0; |
244 | p += 9; | 244 | p += 9; |
245 | while (isspace((unsigned char)*p)) p++; | 245 | while (isspace((unsigned char)*p)) |
246 | *value = p; | 246 | p++; |
247 | *value = p; | ||
247 | return 1; | 248 | return 1; |
248 | } | 249 | } |
249 | 250 | ||
diff --git a/src/lib/libcrypto/x509/x509_cpols.c b/src/lib/libcrypto/x509/x509_cpols.c index 6bae2a0482..b6a456023f 100644 --- a/src/lib/libcrypto/x509/x509_cpols.c +++ b/src/lib/libcrypto/x509/x509_cpols.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_cpols.c,v 1.15 2025/03/06 07:20:01 tb Exp $ */ | 1 | /* $OpenBSD: x509_cpols.c,v 1.16 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -62,9 +62,9 @@ | |||
62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
63 | #include <openssl/asn1t.h> | 63 | #include <openssl/asn1t.h> |
64 | #include <openssl/conf.h> | 64 | #include <openssl/conf.h> |
65 | #include <openssl/err.h> | ||
66 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
67 | 66 | ||
67 | #include "err_local.h" | ||
68 | #include "x509_local.h" | 68 | #include "x509_local.h" |
69 | 69 | ||
70 | /* Certificate policies extension support: this one is a bit complex... */ | 70 | /* Certificate policies extension support: this one is a bit complex... */ |
diff --git a/src/lib/libcrypto/x509/x509_crld.c b/src/lib/libcrypto/x509/x509_crld.c index 81f2010df5..75afcefca8 100644 --- a/src/lib/libcrypto/x509/x509_crld.c +++ b/src/lib/libcrypto/x509/x509_crld.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_crld.c,v 1.9 2025/03/06 07:20:01 tb Exp $ */ | 1 | /* $OpenBSD: x509_crld.c,v 1.10 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -62,9 +62,9 @@ | |||
62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
63 | #include <openssl/asn1t.h> | 63 | #include <openssl/asn1t.h> |
64 | #include <openssl/conf.h> | 64 | #include <openssl/conf.h> |
65 | #include <openssl/err.h> | ||
66 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
67 | 66 | ||
67 | #include "err_local.h" | ||
68 | #include "x509_local.h" | 68 | #include "x509_local.h" |
69 | 69 | ||
70 | static void *v2i_crld(const X509V3_EXT_METHOD *method, | 70 | static void *v2i_crld(const X509V3_EXT_METHOD *method, |
diff --git a/src/lib/libcrypto/x509/x509_extku.c b/src/lib/libcrypto/x509/x509_extku.c index da5036a09a..35460ca46b 100644 --- a/src/lib/libcrypto/x509/x509_extku.c +++ b/src/lib/libcrypto/x509/x509_extku.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_extku.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ | 1 | /* $OpenBSD: x509_extku.c,v 1.7 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -60,9 +60,9 @@ | |||
60 | 60 | ||
61 | #include <openssl/asn1t.h> | 61 | #include <openssl/asn1t.h> |
62 | #include <openssl/conf.h> | 62 | #include <openssl/conf.h> |
63 | #include <openssl/err.h> | ||
64 | #include <openssl/x509v3.h> | 63 | #include <openssl/x509v3.h> |
65 | 64 | ||
65 | #include "err_local.h" | ||
66 | #include "x509_local.h" | 66 | #include "x509_local.h" |
67 | 67 | ||
68 | static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, | 68 | static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, |
diff --git a/src/lib/libcrypto/x509/x509_genn.c b/src/lib/libcrypto/x509/x509_genn.c index 1ea7155795..5214c394ed 100644 --- a/src/lib/libcrypto/x509/x509_genn.c +++ b/src/lib/libcrypto/x509/x509_genn.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_genn.c,v 1.7 2024/07/08 14:47:44 beck Exp $ */ | 1 | /* $OpenBSD: x509_genn.c,v 1.8 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -63,6 +63,8 @@ | |||
63 | #include <openssl/conf.h> | 63 | #include <openssl/conf.h> |
64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
65 | 65 | ||
66 | #include "err_local.h" | ||
67 | |||
66 | static const ASN1_TEMPLATE OTHERNAME_seq_tt[] = { | 68 | static const ASN1_TEMPLATE OTHERNAME_seq_tt[] = { |
67 | { | 69 | { |
68 | .flags = 0, | 70 | .flags = 0, |
diff --git a/src/lib/libcrypto/x509/x509_ia5.c b/src/lib/libcrypto/x509/x509_ia5.c index 4f62a9134c..b8886c6cb8 100644 --- a/src/lib/libcrypto/x509/x509_ia5.c +++ b/src/lib/libcrypto/x509/x509_ia5.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_ia5.c,v 1.2 2024/07/13 15:08:58 tb Exp $ */ | 1 | /* $OpenBSD: x509_ia5.c,v 1.3 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -61,9 +61,10 @@ | |||
61 | 61 | ||
62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
63 | #include <openssl/conf.h> | 63 | #include <openssl/conf.h> |
64 | #include <openssl/err.h> | ||
65 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
66 | 65 | ||
66 | #include "err_local.h" | ||
67 | |||
67 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); | 68 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); |
68 | static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, | 69 | static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, |
69 | X509V3_CTX *ctx, char *str); | 70 | X509V3_CTX *ctx, char *str); |
diff --git a/src/lib/libcrypto/x509/x509_info.c b/src/lib/libcrypto/x509/x509_info.c index d1de346ee6..c91642a02e 100644 --- a/src/lib/libcrypto/x509/x509_info.c +++ b/src/lib/libcrypto/x509/x509_info.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_info.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */ | 1 | /* $OpenBSD: x509_info.c,v 1.6 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -62,9 +62,10 @@ | |||
62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
63 | #include <openssl/asn1t.h> | 63 | #include <openssl/asn1t.h> |
64 | #include <openssl/conf.h> | 64 | #include <openssl/conf.h> |
65 | #include <openssl/err.h> | ||
66 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
67 | 66 | ||
67 | #include "err_local.h" | ||
68 | |||
68 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( | 69 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( |
69 | X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo, | 70 | X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo, |
70 | STACK_OF(CONF_VALUE) *ret); | 71 | STACK_OF(CONF_VALUE) *ret); |
diff --git a/src/lib/libcrypto/x509/x509_lib.c b/src/lib/libcrypto/x509/x509_lib.c index 6fa66ab88e..0285ac0d3a 100644 --- a/src/lib/libcrypto/x509/x509_lib.c +++ b/src/lib/libcrypto/x509/x509_lib.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_lib.c,v 1.24 2024/07/13 15:08:58 tb Exp $ */ | 1 | /* $OpenBSD: x509_lib.c,v 1.25 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -60,9 +60,9 @@ | |||
60 | #include <stdio.h> | 60 | #include <stdio.h> |
61 | 61 | ||
62 | #include <openssl/conf.h> | 62 | #include <openssl/conf.h> |
63 | #include <openssl/err.h> | ||
64 | #include <openssl/x509v3.h> | 63 | #include <openssl/x509v3.h> |
65 | 64 | ||
65 | #include "err_local.h" | ||
66 | #include "x509_local.h" | 66 | #include "x509_local.h" |
67 | 67 | ||
68 | const X509V3_EXT_METHOD * | 68 | const X509V3_EXT_METHOD * |
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c index 0367794fca..1ac3436a6e 100644 --- a/src/lib/libcrypto/x509/x509_lu.c +++ b/src/lib/libcrypto/x509/x509_lu.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_lu.c,v 1.67 2025/03/09 15:20:20 tb Exp $ */ | 1 | /* $OpenBSD: x509_lu.c,v 1.68 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -59,11 +59,11 @@ | |||
59 | #include <stdio.h> | 59 | #include <stdio.h> |
60 | #include <string.h> | 60 | #include <string.h> |
61 | 61 | ||
62 | #include <openssl/err.h> | ||
63 | #include <openssl/lhash.h> | 62 | #include <openssl/lhash.h> |
64 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
65 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
66 | 65 | ||
66 | #include "err_local.h" | ||
67 | #include "x509_local.h" | 67 | #include "x509_local.h" |
68 | 68 | ||
69 | static int X509_OBJECT_up_ref_count(X509_OBJECT *a); | 69 | static int X509_OBJECT_up_ref_count(X509_OBJECT *a); |
diff --git a/src/lib/libcrypto/x509/x509_ncons.c b/src/lib/libcrypto/x509/x509_ncons.c index 148a66e887..f197488d70 100644 --- a/src/lib/libcrypto/x509/x509_ncons.c +++ b/src/lib/libcrypto/x509/x509_ncons.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_ncons.c,v 1.11 2024/07/13 15:08:58 tb Exp $ */ | 1 | /* $OpenBSD: x509_ncons.c,v 1.12 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project. | 3 | * project. |
4 | */ | 4 | */ |
@@ -61,9 +61,9 @@ | |||
61 | 61 | ||
62 | #include <openssl/asn1t.h> | 62 | #include <openssl/asn1t.h> |
63 | #include <openssl/conf.h> | 63 | #include <openssl/conf.h> |
64 | #include <openssl/err.h> | ||
65 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
66 | 65 | ||
66 | #include "err_local.h" | ||
67 | #include "x509_local.h" | 67 | #include "x509_local.h" |
68 | 68 | ||
69 | static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, | 69 | static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, |
diff --git a/src/lib/libcrypto/x509/x509_ocsp.c b/src/lib/libcrypto/x509/x509_ocsp.c index 6531b4c420..d0a0d49890 100644 --- a/src/lib/libcrypto/x509/x509_ocsp.c +++ b/src/lib/libcrypto/x509/x509_ocsp.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_ocsp.c,v 1.4 2024/12/24 09:14:33 schwarze Exp $ */ | 1 | /* $OpenBSD: x509_ocsp.c,v 1.5 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -65,10 +65,10 @@ | |||
65 | 65 | ||
66 | #include <openssl/asn1.h> | 66 | #include <openssl/asn1.h> |
67 | #include <openssl/conf.h> | 67 | #include <openssl/conf.h> |
68 | #include <openssl/err.h> | ||
69 | #include <openssl/ocsp.h> | 68 | #include <openssl/ocsp.h> |
70 | #include <openssl/x509v3.h> | 69 | #include <openssl/x509v3.h> |
71 | 70 | ||
71 | #include "err_local.h" | ||
72 | #include "ocsp_local.h" | 72 | #include "ocsp_local.h" |
73 | 73 | ||
74 | /* OCSP extensions and a couple of CRL entry extensions | 74 | /* OCSP extensions and a couple of CRL entry extensions |
diff --git a/src/lib/libcrypto/x509/x509_pcons.c b/src/lib/libcrypto/x509/x509_pcons.c index 66dc57abf6..404fa28724 100644 --- a/src/lib/libcrypto/x509/x509_pcons.c +++ b/src/lib/libcrypto/x509/x509_pcons.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_pcons.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ | 1 | /* $OpenBSD: x509_pcons.c,v 1.7 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project. | 3 | * project. |
4 | */ | 4 | */ |
@@ -62,9 +62,9 @@ | |||
62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
63 | #include <openssl/asn1t.h> | 63 | #include <openssl/asn1t.h> |
64 | #include <openssl/conf.h> | 64 | #include <openssl/conf.h> |
65 | #include <openssl/err.h> | ||
66 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
67 | 66 | ||
67 | #include "err_local.h" | ||
68 | #include "x509_local.h" | 68 | #include "x509_local.h" |
69 | 69 | ||
70 | static STACK_OF(CONF_VALUE) * | 70 | static STACK_OF(CONF_VALUE) * |
diff --git a/src/lib/libcrypto/x509/x509_pmaps.c b/src/lib/libcrypto/x509/x509_pmaps.c index 5039f65f2e..141a3a6f90 100644 --- a/src/lib/libcrypto/x509/x509_pmaps.c +++ b/src/lib/libcrypto/x509/x509_pmaps.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_pmaps.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ | 1 | /* $OpenBSD: x509_pmaps.c,v 1.7 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project. | 3 | * project. |
4 | */ | 4 | */ |
@@ -61,9 +61,9 @@ | |||
61 | 61 | ||
62 | #include <openssl/asn1t.h> | 62 | #include <openssl/asn1t.h> |
63 | #include <openssl/conf.h> | 63 | #include <openssl/conf.h> |
64 | #include <openssl/err.h> | ||
65 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
66 | 65 | ||
66 | #include "err_local.h" | ||
67 | #include "x509_local.h" | 67 | #include "x509_local.h" |
68 | 68 | ||
69 | static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, | 69 | static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, |
diff --git a/src/lib/libcrypto/x509/x509_policy.c b/src/lib/libcrypto/x509/x509_policy.c index 4321a9669d..8267e8dc49 100644 --- a/src/lib/libcrypto/x509/x509_policy.c +++ b/src/lib/libcrypto/x509/x509_policy.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_policy.c,v 1.29 2025/01/06 17:42:39 tb Exp $ */ | 1 | /* $OpenBSD: x509_policy.c,v 1.32 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2022, Google Inc. | 3 | * Copyright (c) 2022, Google Inc. |
4 | * | 4 | * |
@@ -17,12 +17,12 @@ | |||
17 | 17 | ||
18 | #include <string.h> | 18 | #include <string.h> |
19 | 19 | ||
20 | #include <openssl/err.h> | ||
21 | #include <openssl/objects.h> | 20 | #include <openssl/objects.h> |
22 | #include <openssl/stack.h> | 21 | #include <openssl/stack.h> |
23 | #include <openssl/x509.h> | 22 | #include <openssl/x509.h> |
24 | #include <openssl/x509v3.h> | 23 | #include <openssl/x509v3.h> |
25 | 24 | ||
25 | #include "err_local.h" | ||
26 | #include "stack_local.h" | 26 | #include "stack_local.h" |
27 | #include "x509_internal.h" | 27 | #include "x509_internal.h" |
28 | #include "x509_local.h" | 28 | #include "x509_local.h" |
@@ -498,7 +498,7 @@ delete_if_mapped(X509_POLICY_NODE *node, void *data) | |||
498 | * with P1 in |parent_policies|. | 498 | * with P1 in |parent_policies|. |
499 | * | 499 | * |
500 | * This is equivalent to the |X509_POLICY_LEVEL| that would result if the next | 500 | * This is equivalent to the |X509_POLICY_LEVEL| that would result if the next |
501 | * certificats contained anyPolicy. |process_certificate_policies| will filter | 501 | * certificate contained anyPolicy. |process_certificate_policies| will filter |
502 | * this result down to compute the actual level. | 502 | * this result down to compute the actual level. |
503 | */ | 503 | */ |
504 | static X509_POLICY_LEVEL * | 504 | static X509_POLICY_LEVEL * |
diff --git a/src/lib/libcrypto/x509/x509_prn.c b/src/lib/libcrypto/x509/x509_prn.c index 3bf7c803e5..23c649a7b9 100644 --- a/src/lib/libcrypto/x509/x509_prn.c +++ b/src/lib/libcrypto/x509/x509_prn.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_prn.c,v 1.6 2023/05/08 05:30:38 tb Exp $ */ | 1 | /* $OpenBSD: x509_prn.c,v 1.7 2025/06/02 12:18:22 jsg Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -87,8 +87,9 @@ X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) | |||
87 | for (i = 0; i < sk_CONF_VALUE_num(val); i++) { | 87 | for (i = 0; i < sk_CONF_VALUE_num(val); i++) { |
88 | if (ml) | 88 | if (ml) |
89 | BIO_printf(out, "%*s", indent, ""); | 89 | BIO_printf(out, "%*s", indent, ""); |
90 | else if (i > 0) BIO_printf(out, ", "); | 90 | else if (i > 0) |
91 | nval = sk_CONF_VALUE_value(val, i); | 91 | BIO_printf(out, ", "); |
92 | nval = sk_CONF_VALUE_value(val, i); | ||
92 | if (!nval->name) | 93 | if (!nval->name) |
93 | BIO_puts(out, nval->value); | 94 | BIO_puts(out, nval->value); |
94 | else if (!nval->value) | 95 | else if (!nval->value) |
diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c index 619a4b890a..36dfe6abee 100644 --- a/src/lib/libcrypto/x509/x509_purp.c +++ b/src/lib/libcrypto/x509/x509_purp.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_purp.c,v 1.43 2024/07/12 18:15:10 beck Exp $ */ | 1 | /* $OpenBSD: x509_purp.c,v 1.44 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 2001. | 3 | * project 2001. |
4 | */ | 4 | */ |
@@ -61,7 +61,6 @@ | |||
61 | 61 | ||
62 | #include <openssl/opensslconf.h> | 62 | #include <openssl/opensslconf.h> |
63 | 63 | ||
64 | #include <openssl/err.h> | ||
65 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
66 | #include <openssl/x509_vfy.h> | 65 | #include <openssl/x509_vfy.h> |
67 | 66 | ||
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c index 39b392259b..4ca8a87935 100644 --- a/src/lib/libcrypto/x509/x509_r2x.c +++ b/src/lib/libcrypto/x509/x509_r2x.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_r2x.c,v 1.17 2023/04/25 09:46:36 job Exp $ */ | 1 | /* $OpenBSD: x509_r2x.c,v 1.18 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -61,11 +61,11 @@ | |||
61 | #include <openssl/asn1.h> | 61 | #include <openssl/asn1.h> |
62 | #include <openssl/bn.h> | 62 | #include <openssl/bn.h> |
63 | #include <openssl/buffer.h> | 63 | #include <openssl/buffer.h> |
64 | #include <openssl/err.h> | ||
65 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
66 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
67 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
68 | 67 | ||
68 | #include "err_local.h" | ||
69 | #include "x509_local.h" | 69 | #include "x509_local.h" |
70 | 70 | ||
71 | X509 * | 71 | X509 * |
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c index 704acbd897..df1119a55c 100644 --- a/src/lib/libcrypto/x509/x509_req.c +++ b/src/lib/libcrypto/x509/x509_req.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_req.c,v 1.43 2024/08/31 10:16:52 tb Exp $ */ | 1 | /* $OpenBSD: x509_req.c,v 1.44 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -64,13 +64,13 @@ | |||
64 | #include <openssl/asn1t.h> | 64 | #include <openssl/asn1t.h> |
65 | #include <openssl/bn.h> | 65 | #include <openssl/bn.h> |
66 | #include <openssl/buffer.h> | 66 | #include <openssl/buffer.h> |
67 | #include <openssl/err.h> | ||
68 | #include <openssl/evp.h> | 67 | #include <openssl/evp.h> |
69 | #include <openssl/objects.h> | 68 | #include <openssl/objects.h> |
70 | #include <openssl/pem.h> | 69 | #include <openssl/pem.h> |
71 | #include <openssl/x509.h> | 70 | #include <openssl/x509.h> |
72 | 71 | ||
73 | #include "asn1_local.h" | 72 | #include "asn1_local.h" |
73 | #include "err_local.h" | ||
74 | #include "evp_local.h" | 74 | #include "evp_local.h" |
75 | #include "x509_local.h" | 75 | #include "x509_local.h" |
76 | 76 | ||
diff --git a/src/lib/libcrypto/x509/x509_skey.c b/src/lib/libcrypto/x509/x509_skey.c index d2c90b6f1c..e9e915a0c7 100644 --- a/src/lib/libcrypto/x509/x509_skey.c +++ b/src/lib/libcrypto/x509/x509_skey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_skey.c,v 1.6 2024/07/13 15:08:58 tb Exp $ */ | 1 | /* $OpenBSD: x509_skey.c,v 1.7 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -59,9 +59,9 @@ | |||
59 | #include <stdio.h> | 59 | #include <stdio.h> |
60 | #include <string.h> | 60 | #include <string.h> |
61 | 61 | ||
62 | #include <openssl/err.h> | ||
63 | #include <openssl/x509v3.h> | 62 | #include <openssl/x509v3.h> |
64 | 63 | ||
64 | #include "err_local.h" | ||
65 | #include "x509_local.h" | 65 | #include "x509_local.h" |
66 | 66 | ||
67 | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, | 67 | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, |
diff --git a/src/lib/libcrypto/x509/x509_utl.c b/src/lib/libcrypto/x509/x509_utl.c index 08383849c9..4be8630d89 100644 --- a/src/lib/libcrypto/x509/x509_utl.c +++ b/src/lib/libcrypto/x509/x509_utl.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_utl.c,v 1.26 2025/01/26 13:51:41 tb Exp $ */ | 1 | /* $OpenBSD: x509_utl.c,v 1.27 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project. | 3 | * project. |
4 | */ | 4 | */ |
@@ -64,11 +64,11 @@ | |||
64 | #include <openssl/asn1.h> | 64 | #include <openssl/asn1.h> |
65 | #include <openssl/bn.h> | 65 | #include <openssl/bn.h> |
66 | #include <openssl/conf.h> | 66 | #include <openssl/conf.h> |
67 | #include <openssl/err.h> | ||
68 | #include <openssl/x509v3.h> | 67 | #include <openssl/x509v3.h> |
69 | 68 | ||
70 | #include "bytestring.h" | 69 | #include "bytestring.h" |
71 | #include "conf_local.h" | 70 | #include "conf_local.h" |
71 | #include "err_local.h" | ||
72 | 72 | ||
73 | /* | 73 | /* |
74 | * Match reference identifiers starting with "." to any sub-domain. This | 74 | * Match reference identifiers starting with "." to any sub-domain. This |
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c index 688aed15a2..ee14d2dcef 100644 --- a/src/lib/libcrypto/x509/x509_v3.c +++ b/src/lib/libcrypto/x509/x509_v3.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_v3.c,v 1.43 2024/07/12 09:57:04 tb Exp $ */ | 1 | /* $OpenBSD: x509_v3.c,v 1.44 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -59,12 +59,12 @@ | |||
59 | #include <stdio.h> | 59 | #include <stdio.h> |
60 | 60 | ||
61 | #include <openssl/asn1.h> | 61 | #include <openssl/asn1.h> |
62 | #include <openssl/err.h> | ||
63 | #include <openssl/objects.h> | 62 | #include <openssl/objects.h> |
64 | #include <openssl/stack.h> | 63 | #include <openssl/stack.h> |
65 | #include <openssl/x509.h> | 64 | #include <openssl/x509.h> |
66 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
67 | 66 | ||
67 | #include "err_local.h" | ||
68 | #include "x509_local.h" | 68 | #include "x509_local.h" |
69 | 69 | ||
70 | int | 70 | int |
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index c93ae81bd8..3d0abda615 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_vfy.c,v 1.147 2025/03/04 08:43:25 tb Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.148 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -67,7 +67,6 @@ | |||
67 | #include <openssl/asn1.h> | 67 | #include <openssl/asn1.h> |
68 | #include <openssl/buffer.h> | 68 | #include <openssl/buffer.h> |
69 | #include <openssl/crypto.h> | 69 | #include <openssl/crypto.h> |
70 | #include <openssl/err.h> | ||
71 | #include <openssl/evp.h> | 70 | #include <openssl/evp.h> |
72 | #include <openssl/lhash.h> | 71 | #include <openssl/lhash.h> |
73 | #include <openssl/objects.h> | 72 | #include <openssl/objects.h> |
@@ -75,6 +74,7 @@ | |||
75 | #include <openssl/x509v3.h> | 74 | #include <openssl/x509v3.h> |
76 | 75 | ||
77 | #include "asn1_local.h" | 76 | #include "asn1_local.h" |
77 | #include "err_local.h" | ||
78 | #include "x509_internal.h" | 78 | #include "x509_internal.h" |
79 | #include "x509_issuer_cache.h" | 79 | #include "x509_issuer_cache.h" |
80 | #include "x509_local.h" | 80 | #include "x509_local.h" |
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c index 4b333e2a2d..19091b12aa 100644 --- a/src/lib/libcrypto/x509/x509_vpm.c +++ b/src/lib/libcrypto/x509/x509_vpm.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_vpm.c,v 1.47 2025/03/12 04:58:04 tb Exp $ */ | 1 | /* $OpenBSD: x509_vpm.c,v 1.56 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 2004. | 3 | * project 2004. |
4 | */ | 4 | */ |
@@ -61,12 +61,12 @@ | |||
61 | 61 | ||
62 | #include <openssl/buffer.h> | 62 | #include <openssl/buffer.h> |
63 | #include <openssl/crypto.h> | 63 | #include <openssl/crypto.h> |
64 | #include <openssl/err.h> | ||
65 | #include <openssl/lhash.h> | 64 | #include <openssl/lhash.h> |
66 | #include <openssl/stack.h> | 65 | #include <openssl/stack.h> |
67 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
68 | #include <openssl/x509v3.h> | 67 | #include <openssl/x509v3.h> |
69 | 68 | ||
69 | #include "err_local.h" | ||
70 | #include "x509_local.h" | 70 | #include "x509_local.h" |
71 | 71 | ||
72 | /* X509_VERIFY_PARAM functions */ | 72 | /* X509_VERIFY_PARAM functions */ |
@@ -113,7 +113,7 @@ sk_OPENSSL_STRING_deep_copy(const STACK_OF(OPENSSL_STRING) *sk) | |||
113 | } | 113 | } |
114 | 114 | ||
115 | static int | 115 | static int |
116 | x509_param_set_hosts_internal(X509_VERIFY_PARAM *vpm, int mode, | 116 | x509_param_set_hosts_internal(X509_VERIFY_PARAM *param, int mode, |
117 | const char *name, size_t namelen) | 117 | const char *name, size_t namelen) |
118 | { | 118 | { |
119 | char *copy; | 119 | char *copy; |
@@ -126,9 +126,9 @@ x509_param_set_hosts_internal(X509_VERIFY_PARAM *vpm, int mode, | |||
126 | if (name && memchr(name, '\0', namelen)) | 126 | if (name && memchr(name, '\0', namelen)) |
127 | return 0; | 127 | return 0; |
128 | 128 | ||
129 | if (mode == SET_HOST && vpm->hosts) { | 129 | if (mode == SET_HOST && param->hosts) { |
130 | sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free); | 130 | sk_OPENSSL_STRING_pop_free(param->hosts, str_free); |
131 | vpm->hosts = NULL; | 131 | param->hosts = NULL; |
132 | } | 132 | } |
133 | if (name == NULL || namelen == 0) | 133 | if (name == NULL || namelen == 0) |
134 | return 1; | 134 | return 1; |
@@ -136,17 +136,17 @@ x509_param_set_hosts_internal(X509_VERIFY_PARAM *vpm, int mode, | |||
136 | if (copy == NULL) | 136 | if (copy == NULL) |
137 | return 0; | 137 | return 0; |
138 | 138 | ||
139 | if (vpm->hosts == NULL && | 139 | if (param->hosts == NULL && |
140 | (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { | 140 | (param->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { |
141 | free(copy); | 141 | free(copy); |
142 | return 0; | 142 | return 0; |
143 | } | 143 | } |
144 | 144 | ||
145 | if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) { | 145 | if (!sk_OPENSSL_STRING_push(param->hosts, copy)) { |
146 | free(copy); | 146 | free(copy); |
147 | if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) { | 147 | if (sk_OPENSSL_STRING_num(param->hosts) == 0) { |
148 | sk_OPENSSL_STRING_free(vpm->hosts); | 148 | sk_OPENSSL_STRING_free(param->hosts); |
149 | vpm->hosts = NULL; | 149 | param->hosts = NULL; |
150 | } | 150 | } |
151 | return 0; | 151 | return 0; |
152 | } | 152 | } |
@@ -654,6 +654,8 @@ static const X509_VERIFY_PARAM default_table[] = { | |||
654 | } | 654 | } |
655 | }; | 655 | }; |
656 | 656 | ||
657 | #define N_DEFAULT_VERIFY_PARAMS (sizeof(default_table) / sizeof(default_table[0])) | ||
658 | |||
657 | static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; | 659 | static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; |
658 | 660 | ||
659 | static int | 661 | static int |
@@ -687,9 +689,11 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_add0_table); | |||
687 | int | 689 | int |
688 | X509_VERIFY_PARAM_get_count(void) | 690 | X509_VERIFY_PARAM_get_count(void) |
689 | { | 691 | { |
690 | int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); | 692 | int num = N_DEFAULT_VERIFY_PARAMS; |
691 | if (param_table) | 693 | |
694 | if (param_table != NULL) | ||
692 | num += sk_X509_VERIFY_PARAM_num(param_table); | 695 | num += sk_X509_VERIFY_PARAM_num(param_table); |
696 | |||
693 | return num; | 697 | return num; |
694 | } | 698 | } |
695 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_count); | 699 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_count); |
@@ -697,9 +701,14 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_count); | |||
697 | const X509_VERIFY_PARAM * | 701 | const X509_VERIFY_PARAM * |
698 | X509_VERIFY_PARAM_get0(int id) | 702 | X509_VERIFY_PARAM_get0(int id) |
699 | { | 703 | { |
700 | int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); | 704 | int num = N_DEFAULT_VERIFY_PARAMS; |
705 | |||
706 | if (id < 0) | ||
707 | return NULL; | ||
708 | |||
701 | if (id < num) | 709 | if (id < num) |
702 | return default_table + id; | 710 | return &default_table[id]; |
711 | |||
703 | return sk_X509_VERIFY_PARAM_value(param_table, id - num); | 712 | return sk_X509_VERIFY_PARAM_value(param_table, id - num); |
704 | } | 713 | } |
705 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_get0); | 714 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_get0); |
@@ -707,22 +716,20 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_get0); | |||
707 | const X509_VERIFY_PARAM * | 716 | const X509_VERIFY_PARAM * |
708 | X509_VERIFY_PARAM_lookup(const char *name) | 717 | X509_VERIFY_PARAM_lookup(const char *name) |
709 | { | 718 | { |
710 | X509_VERIFY_PARAM pm; | 719 | X509_VERIFY_PARAM param; |
711 | unsigned int i, limit; | 720 | size_t i; |
721 | int idx; | ||
712 | 722 | ||
713 | pm.name = (char *)name; | 723 | memset(¶m, 0, sizeof(param)); |
714 | if (param_table) { | 724 | param.name = (char *)name; |
715 | size_t idx; | 725 | if ((idx = sk_X509_VERIFY_PARAM_find(param_table, ¶m)) != -1) |
716 | if ((idx = sk_X509_VERIFY_PARAM_find(param_table, &pm)) != -1) | 726 | return sk_X509_VERIFY_PARAM_value(param_table, idx); |
717 | return sk_X509_VERIFY_PARAM_value(param_table, idx); | ||
718 | } | ||
719 | 727 | ||
720 | limit = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); | 728 | for (i = 0; i < N_DEFAULT_VERIFY_PARAMS; i++) { |
721 | for (i = 0; i < limit; i++) { | 729 | if (strcmp(default_table[i].name, name) == 0) |
722 | if (strcmp(default_table[i].name, name) == 0) { | ||
723 | return &default_table[i]; | 730 | return &default_table[i]; |
724 | } | ||
725 | } | 731 | } |
732 | |||
726 | return NULL; | 733 | return NULL; |
727 | } | 734 | } |
728 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_lookup); | 735 | LCRYPTO_ALIAS(X509_VERIFY_PARAM_lookup); |
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c index d2df06ccc6..9a582d34e4 100644 --- a/src/lib/libcrypto/x509/x509name.c +++ b/src/lib/libcrypto/x509/x509name.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509name.c,v 1.35 2023/05/29 11:54:50 beck Exp $ */ | 1 | /* $OpenBSD: x509name.c,v 1.36 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -60,13 +60,13 @@ | |||
60 | #include <string.h> | 60 | #include <string.h> |
61 | 61 | ||
62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
63 | #include <openssl/err.h> | ||
64 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
65 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> |
66 | #include <openssl/stack.h> | 65 | #include <openssl/stack.h> |
67 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
68 | 67 | ||
69 | #include "bytestring.h" | 68 | #include "bytestring.h" |
69 | #include "err_local.h" | ||
70 | #include "x509_local.h" | 70 | #include "x509_local.h" |
71 | 71 | ||
72 | int | 72 | int |
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c index 04c9a6f01b..ef5f9e34c8 100644 --- a/src/lib/libcrypto/x509/x509spki.c +++ b/src/lib/libcrypto/x509/x509spki.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509spki.c,v 1.16 2023/02/16 08:38:17 tb Exp $ */ | 1 | /* $OpenBSD: x509spki.c,v 1.17 2025/05/10 05:54:39 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 1999. | 3 | * project 1999. |
4 | */ | 4 | */ |
@@ -60,9 +60,10 @@ | |||
60 | #include <stdlib.h> | 60 | #include <stdlib.h> |
61 | #include <string.h> | 61 | #include <string.h> |
62 | 62 | ||
63 | #include <openssl/err.h> | ||
64 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
65 | 64 | ||
65 | #include "err_local.h" | ||
66 | |||
66 | int | 67 | int |
67 | NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) | 68 | NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) |
68 | { | 69 | { |
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c index 5997714061..b5d50ae4ee 100644 --- a/src/lib/libcrypto/x509/x_all.c +++ b/src/lib/libcrypto/x509/x_all.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x_all.c,v 1.32 2024/06/19 08:00:53 tb Exp $ */ | 1 | /* $OpenBSD: x_all.c,v 1.33 2025/07/10 18:50:23 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -399,7 +399,11 @@ LCRYPTO_ALIAS(i2d_PKCS8PrivateKeyInfo_fp); | |||
399 | int | 399 | int |
400 | X509_verify(X509 *a, EVP_PKEY *r) | 400 | X509_verify(X509 *a, EVP_PKEY *r) |
401 | { | 401 | { |
402 | if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) | 402 | /* |
403 | * The Certificate's signature AlgorithmIdentifier must match the one | ||
404 | * inside the TBSCertificate, see RFC 5280, 4.1.1.2, 4.1.2.3. | ||
405 | */ | ||
406 | if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature) != 0) | ||
403 | return 0; | 407 | return 0; |
404 | return ASN1_item_verify(&X509_CINF_it, a->sig_alg, | 408 | return ASN1_item_verify(&X509_CINF_it, a->sig_alg, |
405 | a->signature, a->cert_info, r); | 409 | a->signature, a->cert_info, r); |