summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h63
1 files changed, 37 insertions, 26 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index abb1389db6..2981f94788 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_vfy.h,v 1.37 2021/10/24 13:52:13 tb Exp $ */ 1/* $OpenBSD: x509_vfy.h,v 1.38 2021/10/31 15:54:08 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -108,26 +108,29 @@ typedef struct x509_file_st
108#define X509_LU_CRL 2 108#define X509_LU_CRL 2
109#define X509_LU_PKEY 3 109#define X509_LU_PKEY 3
110 110
111typedef struct x509_object_st 111#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
112 { 112typedef struct x509_object_st {
113 /* one of the above types */ 113 /* one of the above types */
114 int type; 114 int type;
115 union { 115 union {
116 char *ptr; 116 char *ptr;
117 X509 *x509; 117 X509 *x509;
118 X509_CRL *crl; 118 X509_CRL *crl;
119 EVP_PKEY *pkey; 119 EVP_PKEY *pkey;
120 } data; 120 } data;
121 } X509_OBJECT; 121} X509_OBJECT;
122#else
123typedef struct x509_object_st X509_OBJECT;
124#endif
122 125
123typedef struct x509_lookup_st X509_LOOKUP; 126typedef struct x509_lookup_st X509_LOOKUP;
124 127
125DECLARE_STACK_OF(X509_LOOKUP) 128DECLARE_STACK_OF(X509_LOOKUP)
126DECLARE_STACK_OF(X509_OBJECT) 129DECLARE_STACK_OF(X509_OBJECT)
127 130
131#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
128/* This is a static that defines the function interface */ 132/* This is a static that defines the function interface */
129typedef struct x509_lookup_method_st 133typedef struct x509_lookup_method_st {
130 {
131 const char *name; 134 const char *name;
132 int (*new_item)(X509_LOOKUP *ctx); 135 int (*new_item)(X509_LOOKUP *ctx);
133 void (*free)(X509_LOOKUP *ctx); 136 void (*free)(X509_LOOKUP *ctx);
@@ -143,7 +146,7 @@ typedef struct x509_lookup_method_st
143 const unsigned char *bytes, int len, X509_OBJECT *ret); 146 const unsigned char *bytes, int len, X509_OBJECT *ret);
144 int (*get_by_alias)(X509_LOOKUP *ctx, int type, const char *str, 147 int (*get_by_alias)(X509_LOOKUP *ctx, int type, const char *str,
145 int len, X509_OBJECT *ret); 148 int len, X509_OBJECT *ret);
146 } X509_LOOKUP_METHOD; 149} X509_LOOKUP_METHOD;
147 150
148typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; 151typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
149 152
@@ -152,8 +155,7 @@ typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
152 * parameters used can be customized 155 * parameters used can be customized
153 */ 156 */
154 157
155typedef struct X509_VERIFY_PARAM_st 158typedef struct X509_VERIFY_PARAM_st {
156 {
157 char *name; 159 char *name;
158 time_t check_time; /* Time to use */ 160 time_t check_time; /* Time to use */
159 unsigned long inh_flags; /* Inheritance flags */ 161 unsigned long inh_flags; /* Inheritance flags */
@@ -164,16 +166,22 @@ typedef struct X509_VERIFY_PARAM_st
164 STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ 166 STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
165 X509_VERIFY_PARAM_ID *id; /* opaque ID data */ 167 X509_VERIFY_PARAM_ID *id; /* opaque ID data */
166} X509_VERIFY_PARAM; 168} X509_VERIFY_PARAM;
169#else
170typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
171typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
172#endif
167 173
168DECLARE_STACK_OF(X509_VERIFY_PARAM) 174DECLARE_STACK_OF(X509_VERIFY_PARAM)
169 175
170/* This is used to hold everything. It is used for all certificate 176#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
177/*
178 * This is used to hold everything. It is used for all certificate
171 * validation. Once we have a certificate chain, the 'verify' 179 * validation. Once we have a certificate chain, the 'verify'
172 * function is then called to actually check the cert chain. */ 180 * function is then called to actually check the cert chain.
173struct x509_store_st 181 */
174 { 182struct x509_store_st {
175 /* The following is a cache of trusted certs */ 183 /* The following is a cache of trusted certs */
176 int cache; /* if true, stash any hits */ 184 int cache; /* if true, stash any hits */
177 STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ 185 STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
178 186
179 /* These are external lookup methods */ 187 /* These are external lookup methods */
@@ -196,29 +204,31 @@ struct x509_store_st
196 204
197 CRYPTO_EX_DATA ex_data; 205 CRYPTO_EX_DATA ex_data;
198 int references; 206 int references;
199 } /* X509_STORE */; 207} /* X509_STORE */;
208#endif
200 209
201int X509_STORE_set_depth(X509_STORE *store, int depth); 210int X509_STORE_set_depth(X509_STORE *store, int depth);
202 211
203#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) 212#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
204#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) 213#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
205 214
215#if defined(LIBRESSL_INTERNAL) || !defined(LIBRESSL_OPAQUE_X509)
206/* This is the functions plus an instance of the local variables. */ 216/* This is the functions plus an instance of the local variables. */
207struct x509_lookup_st 217struct x509_lookup_st {
208 {
209 int init; /* have we been started */ 218 int init; /* have we been started */
210 int skip; /* don't use us. */ 219 int skip; /* don't use us. */
211 X509_LOOKUP_METHOD *method; /* the functions */ 220 X509_LOOKUP_METHOD *method; /* the functions */
212 char *method_data; /* method data */ 221 char *method_data; /* method data */
213 222
214 X509_STORE *store_ctx; /* who owns us */ 223 X509_STORE *store_ctx; /* who owns us */
215 } /* X509_LOOKUP */; 224} /* X509_LOOKUP */;
216 225
217/* This is a used when verifying cert chains. Since the 226/*
218 * gathering of the cert chain can take some time (and have to be 227 * This is used when verifying cert chains. Since the gathering of the cert
219 * 'retried', this needs to be kept and passed around. */ 228 * chain can take some time (and has to be 'retried'), this needs to be kept
220struct x509_store_ctx_st /* X509_STORE_CTX */ 229 * and passed around.
221 { 230 */
231struct x509_store_ctx_st {
222 X509_STORE *ctx; 232 X509_STORE *ctx;
223 int current_method; /* used when looking up certs */ 233 int current_method; /* used when looking up certs */
224 234
@@ -265,7 +275,8 @@ struct x509_store_ctx_st /* X509_STORE_CTX */
265 X509_STORE_CTX *parent; /* For CRL path validation: parent context */ 275 X509_STORE_CTX *parent; /* For CRL path validation: parent context */
266 276
267 CRYPTO_EX_DATA ex_data; 277 CRYPTO_EX_DATA ex_data;
268 } /* X509_STORE_CTX */; 278} /* X509_STORE_CTX */;
279#endif
269 280
270void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); 281void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
271 282
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-03 02:00:45 +0000