diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/Symbols.list | 1 | ||||
| -rw-r--r-- | src/lib/libcrypto/hidden/openssl/x509.h | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509.h | 20 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_local.h | 15 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_trs.c | 7 |
5 files changed, 11 insertions, 35 deletions
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list index 3c14b481ad..6b3a8e1267 100644 --- a/src/lib/libcrypto/Symbols.list +++ b/src/lib/libcrypto/Symbols.list | |||
| @@ -2714,7 +2714,6 @@ X509_check_ip_asc | |||
| 2714 | X509_check_issued | 2714 | X509_check_issued |
| 2715 | X509_check_private_key | 2715 | X509_check_private_key |
| 2716 | X509_check_purpose | 2716 | X509_check_purpose |
| 2717 | X509_check_trust | ||
| 2718 | X509_cmp | 2717 | X509_cmp |
| 2719 | X509_cmp_current_time | 2718 | X509_cmp_current_time |
| 2720 | X509_cmp_time | 2719 | X509_cmp_time |
diff --git a/src/lib/libcrypto/hidden/openssl/x509.h b/src/lib/libcrypto/hidden/openssl/x509.h index d0ebe16790..03216ffeb2 100644 --- a/src/lib/libcrypto/hidden/openssl/x509.h +++ b/src/lib/libcrypto/hidden/openssl/x509.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509.h,v 1.10 2024/08/28 08:41:18 tb Exp $ */ | 1 | /* $OpenBSD: x509.h,v 1.11 2024/08/31 10:12:23 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2022 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2022 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -265,7 +265,6 @@ LCRYPTO_USED(X509_ATTRIBUTE_get0_type); | |||
| 265 | LCRYPTO_USED(X509_verify_cert); | 265 | LCRYPTO_USED(X509_verify_cert); |
| 266 | LCRYPTO_USED(X509_find_by_issuer_and_serial); | 266 | LCRYPTO_USED(X509_find_by_issuer_and_serial); |
| 267 | LCRYPTO_USED(X509_find_by_subject); | 267 | LCRYPTO_USED(X509_find_by_subject); |
| 268 | LCRYPTO_USED(X509_check_trust); | ||
| 269 | LCRYPTO_USED(X509_up_ref); | 268 | LCRYPTO_USED(X509_up_ref); |
| 270 | LCRYPTO_USED(X509_chain_up_ref); | 269 | LCRYPTO_USED(X509_chain_up_ref); |
| 271 | LCRYPTO_USED(ERR_load_X509_strings); | 270 | LCRYPTO_USED(ERR_load_X509_strings); |
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index 856ad19ba4..3ab35d3d91 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509.h,v 1.113 2024/08/28 07:15:04 tb Exp $ */ | 1 | /* $OpenBSD: x509.h,v 1.114 2024/08/31 10:12:23 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -153,11 +153,6 @@ typedef struct x509_cinf_st X509_CINF; | |||
| 153 | 153 | ||
| 154 | DECLARE_STACK_OF(X509) | 154 | DECLARE_STACK_OF(X509) |
| 155 | 155 | ||
| 156 | /* standard trust ids */ | ||
| 157 | |||
| 158 | /* OpenSSL changed this to 0 */ | ||
| 159 | #define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ | ||
| 160 | |||
| 161 | #define X509_TRUST_COMPAT 1 | 156 | #define X509_TRUST_COMPAT 1 |
| 162 | #define X509_TRUST_SSL_CLIENT 2 | 157 | #define X509_TRUST_SSL_CLIENT 2 |
| 163 | #define X509_TRUST_SSL_SERVER 3 | 158 | #define X509_TRUST_SSL_SERVER 3 |
| @@ -171,17 +166,6 @@ DECLARE_STACK_OF(X509) | |||
| 171 | #define X509_TRUST_MIN 1 | 166 | #define X509_TRUST_MIN 1 |
| 172 | #define X509_TRUST_MAX 8 | 167 | #define X509_TRUST_MAX 8 |
| 173 | 168 | ||
| 174 | |||
| 175 | /* trust_flags values */ | ||
| 176 | #define X509_TRUST_DYNAMIC 1 | ||
| 177 | #define X509_TRUST_DYNAMIC_NAME 2 | ||
| 178 | |||
| 179 | /* check_trust return codes */ | ||
| 180 | |||
| 181 | #define X509_TRUST_TRUSTED 1 | ||
| 182 | #define X509_TRUST_REJECTED 2 | ||
| 183 | #define X509_TRUST_UNTRUSTED 3 | ||
| 184 | |||
| 185 | /* Flags for X509_print_ex() */ | 169 | /* Flags for X509_print_ex() */ |
| 186 | 170 | ||
| 187 | #define X509_FLAG_COMPAT 0 | 171 | #define X509_FLAG_COMPAT 0 |
| @@ -1013,8 +997,6 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype, | |||
| 1013 | int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, | 997 | int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, |
| 1014 | int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub); | 998 | int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub); |
| 1015 | 999 | ||
| 1016 | int X509_check_trust(X509 *x, int id, int flags); | ||
| 1017 | |||
| 1018 | int X509_up_ref(X509 *x); | 1000 | int X509_up_ref(X509 *x); |
| 1019 | STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); | 1001 | STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); |
| 1020 | 1002 | ||
diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h index b5a02b1146..0f0d5c1de5 100644 --- a/src/lib/libcrypto/x509/x509_local.h +++ b/src/lib/libcrypto/x509/x509_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_local.h,v 1.28 2024/08/31 10:04:50 tb Exp $ */ | 1 | /* $OpenBSD: x509_local.h,v 1.29 2024/08/31 10:12:23 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2013. | 3 | * project 2013. |
| 4 | */ | 4 | */ |
| @@ -71,14 +71,15 @@ __BEGIN_HIDDEN_DECLS | |||
| 71 | #define X509_CRL_HASH_EVP EVP_sha512() | 71 | #define X509_CRL_HASH_EVP EVP_sha512() |
| 72 | #define X509_CRL_HASH_LEN SHA512_DIGEST_LENGTH | 72 | #define X509_CRL_HASH_LEN SHA512_DIGEST_LENGTH |
| 73 | 73 | ||
| 74 | /* | ||
| 75 | * Used internally instead of the confusing X509_TRUST_DEFAULT, | ||
| 76 | * which is not the default for X509_check_trust. | ||
| 77 | * XXX Make X509_check_trust internal, and move the other | ||
| 78 | * X509_TRUST values here to clean up this mess. | ||
| 79 | */ | ||
| 80 | #define X509_TRUST_ACCEPT_ALL -1 | 74 | #define X509_TRUST_ACCEPT_ALL -1 |
| 81 | 75 | ||
| 76 | /* check_trust return codes */ | ||
| 77 | #define X509_TRUST_TRUSTED 1 | ||
| 78 | #define X509_TRUST_REJECTED 2 | ||
| 79 | #define X509_TRUST_UNTRUSTED 3 | ||
| 80 | |||
| 81 | int X509_check_trust(X509 *x, int id, int flags); | ||
| 82 | |||
| 82 | struct X509_pubkey_st { | 83 | struct X509_pubkey_st { |
| 83 | X509_ALGOR *algor; | 84 | X509_ALGOR *algor; |
| 84 | ASN1_BIT_STRING *public_key; | 85 | ASN1_BIT_STRING *public_key; |
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index 9ba8194ee0..e7e42a83cd 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_trs.c,v 1.57 2024/07/12 18:15:10 beck Exp $ */ | 1 | /* $OpenBSD: x509_trs.c,v 1.58 2024/08/31 10:12:23 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -147,10 +147,6 @@ X509_check_trust(X509 *x, int trust_id, int flags) | |||
| 147 | if (!x509v3_cache_extensions(x)) | 147 | if (!x509v3_cache_extensions(x)) |
| 148 | return X509_TRUST_UNTRUSTED; | 148 | return X509_TRUST_UNTRUSTED; |
| 149 | 149 | ||
| 150 | /* | ||
| 151 | * XXX make X509_TRUST_ACCEPT_ALL a real boy once it does not | ||
| 152 | * need to have the same -1 value as X509_TRUST_DEFAULT | ||
| 153 | */ | ||
| 154 | if (trust_id == X509_TRUST_ACCEPT_ALL) | 150 | if (trust_id == X509_TRUST_ACCEPT_ALL) |
| 155 | return 1; | 151 | return 1; |
| 156 | 152 | ||
| @@ -175,4 +171,3 @@ X509_check_trust(X509 *x, int trust_id, int flags) | |||
| 175 | return trust_if_self_signed(x); | 171 | return trust_if_self_signed(x); |
| 176 | } | 172 | } |
| 177 | } | 173 | } |
| 178 | LCRYPTO_ALIAS(X509_check_trust); | ||