projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add opaque ID structure.
[openssl.git]
/
crypto
/
x509
/
x509_vpm.c
diff --git
a/crypto/x509/x509_vpm.c
b/crypto/x509/x509_vpm.c
index 68f158435e0f8a9725b48aacc7cd4274a81a33b1..14336a7ef7ada6198efb262235e0b74db8cee809 100644
(file)
--- a/
crypto/x509/x509_vpm.c
+++ b/
crypto/x509/x509_vpm.c
@@
-65,10
+65,13
@@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+#include "vpm_int.h"
+
/* X509_VERIFY_PARAM functions */
static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
{
/* X509_VERIFY_PARAM functions */
static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
{
+ X509_VERIFY_PARAM_ID *paramid;
if (!param)
return;
param->name = NULL;
if (!param)
return;
param->name = NULL;
@@
-83,31
+86,44
@@
static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
param->policies = NULL;
}
sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
param->policies = NULL;
}
- if (param->host)
+ paramid = param->id;
+ if (paramid->host)
{
{
- OPENSSL_free(param->host);
- param->host = NULL;
- param->hostlen = 0;
+ OPENSSL_free(param
id
->host);
+ param
id
->host = NULL;
+ param
id
->hostlen = 0;
}
}
- if (param->email)
+ if (param
id
->email)
{
{
- OPENSSL_free(param->email);
- param->email = NULL;
- param->emaillen = 0;
+ OPENSSL_free(param
id
->email);
+ param
id
->email = NULL;
+ param
id
->emaillen = 0;
}
}
- if (param->ip)
+ if (param
id
->ip)
{
{
- OPENSSL_free(param->ip);
- param->ip = NULL;
- param->iplen = 0;
+ OPENSSL_free(param
id
->ip);
+ param
id
->ip = NULL;
+ param
id
->iplen = 0;
}
}
+
}
X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
{
X509_VERIFY_PARAM *param;
}
X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
{
X509_VERIFY_PARAM *param;
+ X509_VERIFY_PARAM_ID *paramid;
param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
+ if (!param)
+ return NULL;
+ paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
+ if (!paramid)
+ {
+ OPENSSL_free(param);
+ return NULL;
+ }
memset(param, 0, sizeof(X509_VERIFY_PARAM));
memset(param, 0, sizeof(X509_VERIFY_PARAM));
+ memset(paramid, 0, sizeof(X509_VERIFY_PARAM_ID));
+ param->id = paramid;
x509_verify_param_zero(param);
return param;
}
x509_verify_param_zero(param);
return param;
}
@@
-115,6
+131,7
@@
X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
{
x509_verify_param_zero(param);
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
{
x509_verify_param_zero(param);
+ OPENSSL_free(param->id);
OPENSSL_free(param);
}
OPENSSL_free(param);
}
@@
-155,20
+172,27
@@
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
(to_overwrite || \
((src->field != def) && (to_default || (dest->field == def))))
(to_overwrite || \
((src->field != def) && (to_default || (dest->field == def))))
+/* As above but for ID fields */
+
+#define test_x509_verify_param_copy_id(idf, def) \
+ test_x509_verify_param_copy(id->idf, def)
+
/* Macro to test and copy a field if necessary */
#define x509_verify_param_copy(field, def) \
if (test_x509_verify_param_copy(field, def)) \
dest->field = src->field
/* Macro to test and copy a field if necessary */
#define x509_verify_param_copy(field, def) \
if (test_x509_verify_param_copy(field, def)) \
dest->field = src->field
-
+
int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
const X509_VERIFY_PARAM *src)
{
unsigned long inh_flags;
int to_default, to_overwrite;
int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
const X509_VERIFY_PARAM *src)
{
unsigned long inh_flags;
int to_default, to_overwrite;
+ X509_VERIFY_PARAM_ID *id;
if (!src)
return 1;
if (!src)
return 1;
+ id = src->id;
inh_flags = dest->inh_flags | src->inh_flags;
if (inh_flags & X509_VP_FLAG_ONCE)
inh_flags = dest->inh_flags | src->inh_flags;
if (inh_flags & X509_VP_FLAG_ONCE)
@@
-211,21
+235,21
@@
int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
return 0;
}
return 0;
}
- if (test_x509_verify_param_copy(host, NULL))
+ if (test_x509_verify_param_copy
_id
(host, NULL))
{
{
- if (!X509_VERIFY_PARAM_set1_host(dest,
src->host, src
->hostlen))
+ if (!X509_VERIFY_PARAM_set1_host(dest,
id->host, id
->hostlen))
return 0;
}
return 0;
}
- if (test_x509_verify_param_copy(email, NULL))
+ if (test_x509_verify_param_copy
_id
(email, NULL))
{
{
- if (!X509_VERIFY_PARAM_set1_email(dest,
src->email, src
->emaillen))
+ if (!X509_VERIFY_PARAM_set1_email(dest,
id->email, id
->emaillen))
return 0;
}
return 0;
}
- if (test_x509_verify_param_copy(ip, NULL))
+ if (test_x509_verify_param_copy
_id
(ip, NULL))
{
{
- if (!X509_VERIFY_PARAM_set1_ip(dest,
src->ip, src
->iplen))
+ if (!X509_VERIFY_PARAM_set1_ip(dest,
id->ip, id
->iplen))
return 0;
}
return 0;
}
@@
-374,14
+398,14
@@
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const unsigned char *name, size_t namelen)
{
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const unsigned char *name, size_t namelen)
{
- return int_x509_param_set1(¶m->
host, ¶m
->hostlen,
+ return int_x509_param_set1(¶m->
id->host, ¶m->id
->hostlen,
name, namelen);
}
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
const unsigned char *email, size_t emaillen)
{
name, namelen);
}
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
const unsigned char *email, size_t emaillen)
{
- return int_x509_param_set1(¶m->
email, ¶m
->emaillen,
+ return int_x509_param_set1(¶m->
id->email, ¶m->id
->emaillen,
email, emaillen);
}
email, emaillen);
}
@@
-390,7
+414,7
@@
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
{
if (iplen != 0 && iplen != 4 && iplen != 16)
return 0;
{
if (iplen != 0 && iplen != 4 && iplen != 16)
return 0;
- return int_x509_param_set1(¶m->i
p, ¶m
->iplen, ip, iplen);
+ return int_x509_param_set1(¶m->i
d->ip, ¶m->id
->iplen, ip, iplen);
}
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
}
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
@@
-413,6
+437,11
@@
const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
return param->name;
}
return param->name;
}
+static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0, NULL, 0, NULL, 0};
+
+#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id
+
+
/* Default verify parameters: these are used for various
* applications and can be overridden by the user specified table.
* NB: the 'name' field *must* be in alphabetical order because it
/* Default verify parameters: these are used for various
* applications and can be overridden by the user specified table.
* NB: the 'name' field *must* be in alphabetical order because it
@@
-428,7
+457,8
@@
static const X509_VERIFY_PARAM default_table[] = {
0, /* purpose */
0, /* trust */
100, /* depth */
0, /* purpose */
0, /* trust */
100, /* depth */
- NULL /* policies */
+ NULL, /* policies */
+ vpm_empty_id
},
{
"pkcs7", /* S/MIME sign parameters */
},
{
"pkcs7", /* S/MIME sign parameters */
@@
-438,7
+468,8
@@
static const X509_VERIFY_PARAM default_table[] = {
X509_PURPOSE_SMIME_SIGN, /* purpose */
X509_TRUST_EMAIL, /* trust */
-1, /* depth */
X509_PURPOSE_SMIME_SIGN, /* purpose */
X509_TRUST_EMAIL, /* trust */
-1, /* depth */
- NULL /* policies */
+ NULL, /* policies */
+ vpm_empty_id
},
{
"smime_sign", /* S/MIME sign parameters */
},
{
"smime_sign", /* S/MIME sign parameters */
@@
-448,7
+479,8
@@
static const X509_VERIFY_PARAM default_table[] = {
X509_PURPOSE_SMIME_SIGN, /* purpose */
X509_TRUST_EMAIL, /* trust */
-1, /* depth */
X509_PURPOSE_SMIME_SIGN, /* purpose */
X509_TRUST_EMAIL, /* trust */
-1, /* depth */
- NULL /* policies */
+ NULL, /* policies */
+ vpm_empty_id
},
{
"ssl_client", /* SSL/TLS client parameters */
},
{
"ssl_client", /* SSL/TLS client parameters */
@@
-458,7
+490,8
@@
static const X509_VERIFY_PARAM default_table[] = {
X509_PURPOSE_SSL_CLIENT, /* purpose */
X509_TRUST_SSL_CLIENT, /* trust */
-1, /* depth */
X509_PURPOSE_SSL_CLIENT, /* purpose */
X509_TRUST_SSL_CLIENT, /* trust */
-1, /* depth */
- NULL /* policies */
+ NULL, /* policies */
+ vpm_empty_id
},
{
"ssl_server", /* SSL/TLS server parameters */
},
{
"ssl_server", /* SSL/TLS server parameters */
@@
-468,7
+501,8
@@
static const X509_VERIFY_PARAM default_table[] = {
X509_PURPOSE_SSL_SERVER, /* purpose */
X509_TRUST_SSL_SERVER, /* trust */
-1, /* depth */
X509_PURPOSE_SSL_SERVER, /* purpose */
X509_TRUST_SSL_SERVER, /* trust */
-1, /* depth */
- NULL /* policies */
+ NULL, /* policies */
+ vpm_empty_id
}};
static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
}};
static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;