mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-01 19:28:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

x509/v3_purp.c: rename 'require_ca' parameters to the more adequate 'non_leaf'

Browse Source 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19064)
This commit is contained in:
Dr. David von Oheimb 2022-08-25 17:26:01 +02:00 committed by Tomas Mraz
parent 3fa6dbd1be
commit 8a2f9a7cc8
1 changed files with 39 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
crypto/x509/v3_purp.c
View File

@ -18,26 +18,26 @@
static int check_ssl_ca(const X509 *x);
static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
int require_ca);
int non_leaf);
static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
int require_ca);
int non_leaf);
static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
int require_ca);
static int purpose_smime(const X509 *x, int require_ca);
int non_leaf);
static int purpose_smime(const X509 *x, int non_leaf);
static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
int require_ca);
int non_leaf);
static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
int require_ca);
int non_leaf);
static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
int require_ca);
int non_leaf);
static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
int require_ca);
int non_leaf);
static int check_purpose_code_sign(const X509_PURPOSE *xp, const X509 *x,
int require_ca);
int non_leaf);
static int no_check_purpose(const X509_PURPOSE *xp, const X509 *x,
int require_ca);
int non_leaf);
static int check_purpose_ocsp_helper(const X509_PURPOSE *xp, const X509 *x,
int require_ca);
int non_leaf);
static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b);
static void xptable_free(X509_PURPOSE *p);
@ -83,7 +83,7 @@ static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b)
* If id == -1 it just calls x509v3_cache_extensions() for its side-effect.
* Returns 1 on success, 0 if x does not allow purpose, -1 on (internal) error.
*/
int X509_check_purpose(X509 *x, int id, int require_ca)
int X509_check_purpose(X509 *x, int id, int non_leaf)
{
int idx;
const X509_PURPOSE *pt;
@ -97,7 +97,7 @@ int X509_check_purpose(X509 *x, int id, int require_ca)
if (idx == -1)
return -1;
pt = X509_PURPOSE_get0(idx);
return pt->check_purpose(pt, x, require_ca);
return pt->check_purpose(pt, x, non_leaf);
}
int X509_PURPOSE_set(int *p, int purpose)
@ -710,11 +710,11 @@ static int check_ssl_ca(const X509 *x)
}
static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
int require_ca)
int non_leaf)
{
if (xku_reject(x, XKU_SSL_CLIENT))
return 0;
if (require_ca)
if (non_leaf)
return check_ssl_ca(x);
/* We need to do digital signatures or key agreement */
if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT))
@ -734,11 +734,11 @@ static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
KU_DIGITAL_SIGNATURE | KU_KEY_ENCIPHERMENT | KU_KEY_AGREEMENT
static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
int require_ca)
int non_leaf)
{
if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC))
return 0;
if (require_ca)
if (non_leaf)
return check_ssl_ca(x);
if (ns_reject(x, NS_SSL_SERVER))
@ -751,22 +751,22 @@ static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
}
static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
int require_ca)
int non_leaf)
{
int ret = check_purpose_ssl_server(xp, x, require_ca);
int ret = check_purpose_ssl_server(xp, x, non_leaf);
if (!ret || require_ca)
if (!ret || non_leaf)
return ret;
/* We need to encipher or Netscape complains */
return ku_reject(x, KU_KEY_ENCIPHERMENT) ? 0 : ret;
}
/* common S/MIME checks */
static int purpose_smime(const X509 *x, int require_ca)
static int purpose_smime(const X509 *x, int non_leaf)
{
if (xku_reject(x, XKU_SMIME))
return 0;
if (require_ca) {
if (non_leaf) {
int ca_ret = check_ca(x);
if (ca_ret == 0)
@ -787,29 +787,29 @@ static int purpose_smime(const X509 *x, int require_ca)
}
static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
int require_ca)
int non_leaf)
{
int ret = purpose_smime(x, require_ca);
int ret = purpose_smime(x, non_leaf);
if (!ret || require_ca)
if (!ret || non_leaf)
return ret;
return ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION) ? 0 : ret;
}
static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
int require_ca)
int non_leaf)
{
int ret = purpose_smime(x, require_ca);
int ret = purpose_smime(x, non_leaf);
if (!ret || require_ca)
if (!ret || non_leaf)
return ret;
return ku_reject(x, KU_KEY_ENCIPHERMENT) ? 0 : ret;
}
static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
int require_ca)
int non_leaf)
{
if (require_ca) {
if (non_leaf) {
int ca_ret = check_ca(x);
return ca_ret == 2 ? 0 : ca_ret;
@ -822,28 +822,28 @@ static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
* is valid. Additional checks must be made on the chain.
*/
static int check_purpose_ocsp_helper(const X509_PURPOSE *xp, const X509 *x,
int require_ca)
int non_leaf)
{
/*
* Must be a valid CA. Should we really support the "I don't know" value
* (2)?
*/
if (require_ca)
if (non_leaf)
return check_ca(x);
/* Leaf certificate is checked in OCSP_verify() */
return 1;
}
static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
int require_ca)
int non_leaf)
{
int i_ext;
/*
* If require_ca is true we must check if this is a valid CA certificate.
* If non_leaf is true we must check if this is a valid CA certificate.
* The extra requirements by the CA/Browser Forum are not checked.
*/
if (require_ca)
if (non_leaf)
return check_ca(x);
/*
@ -878,15 +878,15 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
}
static int check_purpose_code_sign(const X509_PURPOSE *xp, const X509 *x,
int require_ca)
int non_leaf)
{
int i_ext;
/*
* If require_ca is true we must check if this is a valid CA certificate.
* If non_leaf is true we must check if this is a valid CA certificate.
* The extra requirements by the CA/Browser Forum are not checked.
*/
if (require_ca)
if (non_leaf)
return check_ca(x);
/*
@ -932,7 +932,7 @@ static int check_purpose_code_sign(const X509_PURPOSE *xp, const X509 *x,
}
static int no_check_purpose(const X509_PURPOSE *xp, const X509 *x,
int require_ca)
int non_leaf)
{
return 1;
}