Loading crypto/x509/x509_vfy.c +9 −9 Original line number Diff line number Diff line Loading @@ -298,7 +298,7 @@ static int verify_chain(X509_STORE_CTX *ctx) int X509_verify_cert(X509_STORE_CTX *ctx) { struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; if (ctx->cert == NULL) { X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); Loading Loading @@ -665,7 +665,7 @@ static int check_trust(X509_STORE_CTX *ctx, int num_untrusted) int i; X509 *x = NULL; X509 *mx; struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; int num = sk_X509_num(ctx->chain); int trust; Loading Loading @@ -2369,7 +2369,7 @@ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) ctx->param = param; } void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, struct dane_st *dane) void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane) { ctx->dane = dane; } Loading Loading @@ -2410,7 +2410,7 @@ static unsigned char *dane_i2d( static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth) { struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; unsigned usage = DANETLS_NONE; unsigned selector = DANETLS_NONE; unsigned ordinal = DANETLS_NONE; Loading Loading @@ -2553,7 +2553,7 @@ static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth) static int check_dane_issuer(X509_STORE_CTX *ctx, int depth) { struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; int matched = 0; X509 *cert; Loading @@ -2578,7 +2578,7 @@ static int check_dane_issuer(X509_STORE_CTX *ctx, int depth) static int check_dane_pkeys(X509_STORE_CTX *ctx) { struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; danetls_record *t; int num = ctx->num_untrusted; X509 *cert = sk_X509_value(ctx->chain, num - 1); Loading Loading @@ -2613,7 +2613,7 @@ static int check_dane_pkeys(X509_STORE_CTX *ctx) return X509_TRUST_UNTRUSTED; } static void dane_reset(struct dane_st *dane) static void dane_reset(SSL_DANE *dane) { /* * Reset state to verify another chain, or clear after failure. Loading @@ -2637,7 +2637,7 @@ static int check_leaf_suiteb(X509_STORE_CTX *ctx, X509 *cert) static int dane_verify(X509_STORE_CTX *ctx) { X509 *cert = ctx->cert; struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; int matched; int done; Loading Loading @@ -2707,7 +2707,7 @@ static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert) static int build_chain(X509_STORE_CTX *ctx) { struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; int num = sk_X509_num(ctx->chain); X509 *cert = sk_X509_value(ctx->chain, num - 1); int ss = cert_self_signed(cert); Loading include/internal/dane.h +1 −1 Original line number Diff line number Diff line Loading @@ -110,7 +110,7 @@ struct dane_ctx_st { /* * Per connection DANE state */ struct dane_st { struct ssl_dane_st { struct dane_ctx_st *dctx; STACK_OF(danetls_record) *trecs; STACK_OF(X509) *certs; /* DANE-TA(2) Cert(0) Full(0) certs */ Loading include/openssl/ossl_typ.h +1 −0 Original line number Diff line number Diff line Loading @@ -158,6 +158,7 @@ typedef struct ec_key_method_st EC_KEY_METHOD; typedef struct rand_meth_st RAND_METHOD; typedef struct ssl_dane_st SSL_DANE; typedef struct x509_st X509; typedef struct X509_algor_st X509_ALGOR; typedef struct X509_crl_st X509_CRL; Loading include/openssl/ssl.h +1 −1 Original line number Diff line number Diff line Loading @@ -1578,7 +1578,7 @@ __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, * Bridge opacity barrier between libcrypt and libssl, also needed to support * offline testing in test/danetest.c */ struct dane_st *SSL_get0_dane(SSL *ssl); SSL_DANE *SSL_get0_dane(SSL *ssl); __owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); __owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); Loading include/openssl/x509_vfy.h +2 −2 Original line number Diff line number Diff line Loading @@ -262,7 +262,7 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ /* For CRL path validation: parent context */ X509_STORE_CTX *parent; CRYPTO_EX_DATA ex_data; struct dane_st *dane; SSL_DANE *dane; /* signed via bare TA public key, rather than CA certificate */ int bare_ta_signed; } /* X509_STORE_CTX */ ; Loading Loading @@ -536,7 +536,7 @@ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); * Bridge opacity barrier between libcrypt and libssl, also needed to support * offline testing in test/danetest.c */ void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, struct dane_st *dane); void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane); /* X509_VERIFY_PARAM functions */ Loading Loading
crypto/x509/x509_vfy.c +9 −9 Original line number Diff line number Diff line Loading @@ -298,7 +298,7 @@ static int verify_chain(X509_STORE_CTX *ctx) int X509_verify_cert(X509_STORE_CTX *ctx) { struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; if (ctx->cert == NULL) { X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); Loading Loading @@ -665,7 +665,7 @@ static int check_trust(X509_STORE_CTX *ctx, int num_untrusted) int i; X509 *x = NULL; X509 *mx; struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; int num = sk_X509_num(ctx->chain); int trust; Loading Loading @@ -2369,7 +2369,7 @@ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) ctx->param = param; } void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, struct dane_st *dane) void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane) { ctx->dane = dane; } Loading Loading @@ -2410,7 +2410,7 @@ static unsigned char *dane_i2d( static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth) { struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; unsigned usage = DANETLS_NONE; unsigned selector = DANETLS_NONE; unsigned ordinal = DANETLS_NONE; Loading Loading @@ -2553,7 +2553,7 @@ static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth) static int check_dane_issuer(X509_STORE_CTX *ctx, int depth) { struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; int matched = 0; X509 *cert; Loading @@ -2578,7 +2578,7 @@ static int check_dane_issuer(X509_STORE_CTX *ctx, int depth) static int check_dane_pkeys(X509_STORE_CTX *ctx) { struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; danetls_record *t; int num = ctx->num_untrusted; X509 *cert = sk_X509_value(ctx->chain, num - 1); Loading Loading @@ -2613,7 +2613,7 @@ static int check_dane_pkeys(X509_STORE_CTX *ctx) return X509_TRUST_UNTRUSTED; } static void dane_reset(struct dane_st *dane) static void dane_reset(SSL_DANE *dane) { /* * Reset state to verify another chain, or clear after failure. Loading @@ -2637,7 +2637,7 @@ static int check_leaf_suiteb(X509_STORE_CTX *ctx, X509 *cert) static int dane_verify(X509_STORE_CTX *ctx) { X509 *cert = ctx->cert; struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; int matched; int done; Loading Loading @@ -2707,7 +2707,7 @@ static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert) static int build_chain(X509_STORE_CTX *ctx) { struct dane_st *dane = (struct dane_st *)ctx->dane; SSL_DANE *dane = ctx->dane; int num = sk_X509_num(ctx->chain); X509 *cert = sk_X509_value(ctx->chain, num - 1); int ss = cert_self_signed(cert); Loading
include/internal/dane.h +1 −1 Original line number Diff line number Diff line Loading @@ -110,7 +110,7 @@ struct dane_ctx_st { /* * Per connection DANE state */ struct dane_st { struct ssl_dane_st { struct dane_ctx_st *dctx; STACK_OF(danetls_record) *trecs; STACK_OF(X509) *certs; /* DANE-TA(2) Cert(0) Full(0) certs */ Loading
include/openssl/ossl_typ.h +1 −0 Original line number Diff line number Diff line Loading @@ -158,6 +158,7 @@ typedef struct ec_key_method_st EC_KEY_METHOD; typedef struct rand_meth_st RAND_METHOD; typedef struct ssl_dane_st SSL_DANE; typedef struct x509_st X509; typedef struct X509_algor_st X509_ALGOR; typedef struct X509_crl_st X509_CRL; Loading
include/openssl/ssl.h +1 −1 Original line number Diff line number Diff line Loading @@ -1578,7 +1578,7 @@ __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, * Bridge opacity barrier between libcrypt and libssl, also needed to support * offline testing in test/danetest.c */ struct dane_st *SSL_get0_dane(SSL *ssl); SSL_DANE *SSL_get0_dane(SSL *ssl); __owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); __owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); Loading
include/openssl/x509_vfy.h +2 −2 Original line number Diff line number Diff line Loading @@ -262,7 +262,7 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ /* For CRL path validation: parent context */ X509_STORE_CTX *parent; CRYPTO_EX_DATA ex_data; struct dane_st *dane; SSL_DANE *dane; /* signed via bare TA public key, rather than CA certificate */ int bare_ta_signed; } /* X509_STORE_CTX */ ; Loading Loading @@ -536,7 +536,7 @@ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); * Bridge opacity barrier between libcrypt and libssl, also needed to support * offline testing in test/danetest.c */ void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, struct dane_st *dane); void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane); /* X509_VERIFY_PARAM functions */ Loading
Viktor Dukhovni <viktor@openssl.org>Viktor Dukhovni <viktor@openssl.org>