-/* $OpenBSD: x509_internal.h,v 1.23 2022/11/26 16:08:54 tb Exp $ */
+/* $OpenBSD: x509_internal.h,v 1.24 2023/01/20 22:00:47 job Exp $ */
/*
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
*
int x509_vfy_check_trust(X509_STORE_CTX *ctx);
int x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx);
int x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx);
-void x509v3_cache_extensions(X509 *x);
+int x509v3_cache_extensions(X509 *x);
X509 *x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x);
time_t x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notafter);
-/* $OpenBSD: x509_purp.c,v 1.18 2022/11/26 16:08:55 tb Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.19 2023/01/20 22:00:47 job Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
#define ns_reject(x, usage) \
(((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
-void x509v3_cache_extensions(X509 *x);
-
static int check_ssl_ca(const X509 *x);
static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
int ca);
int idx;
const X509_PURPOSE *pt;
- if (!(x->ex_flags & EXFLAG_SET)) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
- x509v3_cache_extensions(x);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
- if (x->ex_flags & EXFLAG_INVALID)
- return -1;
- }
+ if (!x509v3_cache_extensions(x))
+ return -1;
+
if (id == -1)
return 1;
idx = X509_PURPOSE_get_by_id(id);
setup_dp(x, sk_DIST_POINT_value(x->crldp, i));
}
-void
-x509v3_cache_extensions(X509 *x)
+static void
+x509v3_cache_extensions_internal(X509 *x)
{
BASIC_CONSTRAINTS *bs;
PROXY_CERT_INFO_EXTENSION *pci;
x->ex_flags |= EXFLAG_SET;
}
+int
+x509v3_cache_extensions(X509 *x)
+{
+ if ((x->ex_flags & EXFLAG_SET) == 0) {
+ CRYPTO_w_lock(CRYPTO_LOCK_X509);
+ x509v3_cache_extensions_internal(x);
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+ }
+
+ return (x->ex_flags & EXFLAG_INVALID) == 0;
+}
+
/* CA checks common to all purposes
* return codes:
* 0 not a CA
int
X509_check_ca(X509 *x)
{
- if (!(x->ex_flags & EXFLAG_SET)) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
- x509v3_cache_extensions(x);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
- }
+ x509v3_cache_extensions(x);
return check_ca(x);
}
if (X509_NAME_cmp(X509_get_subject_name(issuer),
X509_get_issuer_name(subject)))
return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
- if (!(issuer->ex_flags & EXFLAG_SET)) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
- x509v3_cache_extensions(issuer);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
- }
- if (issuer->ex_flags & EXFLAG_INVALID)
+
+ if (!x509v3_cache_extensions(issuer))
return X509_V_ERR_UNSPECIFIED;
- if (!(subject->ex_flags & EXFLAG_SET)) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
- x509v3_cache_extensions(subject);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
- }
- if (subject->ex_flags & EXFLAG_INVALID)
+ if (!x509v3_cache_extensions(subject))
return X509_V_ERR_UNSPECIFIED;
if (subject->akid) {
-/* $OpenBSD: x509_verify.c,v 1.62 2023/01/17 23:49:28 beck Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.63 2023/01/20 22:00:47 job Exp $ */
/*
* Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
*
static int
x509_verify_cert_cache_extensions(X509 *cert)
{
- if (!(cert->ex_flags & EXFLAG_SET)) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
- x509v3_cache_extensions(cert);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
- }
- if (cert->ex_flags & EXFLAG_INVALID)
- return 0;
-
- return (cert->ex_flags & EXFLAG_SET);
+ return x509v3_cache_extensions(cert);
}
static int
projects / openbsd / commitdiff