summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorShane Lontis <shane.lontis@oracle.com>2021-03-09 14:18:03 +1000
committerShane Lontis <shane.lontis@oracle.com>2021-03-18 17:52:38 +1000
commit4669015d7b0784d00812f6b015ca8080e37ff70b (patch)
treef49b993d32f962a4f86833cea889140aa625f2fb
parent6dd4b77a855570a6433af0a8584bdb9bfe353bc3 (diff)
Add ossl_ x509 symbols
Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
Diffstat
-rw-r--r--crypto/cmp/cmp_ctx.c2
-rw-r--r--crypto/cmp/cmp_msg.c2
-rw-r--r--crypto/cmp/cmp_vfy.c4
-rw-r--r--crypto/cms/cms_env.c6
-rw-r--r--crypto/cms/cms_lib.c2
-rw-r--r--crypto/ec/ec_ameth.c2
-rw-r--r--crypto/ess/ess_lib.c2
-rw-r--r--crypto/pkcs7/pk7_lib.c4
-rw-r--r--crypto/store/store_result.c4
-rw-r--r--crypto/x509/t_x509.c8
-rw-r--r--crypto/x509/v3_purp.c26
-rw-r--r--crypto/x509/x509_local.h8
-rw-r--r--crypto/x509/x509_lu.c4
-rw-r--r--crypto/x509/x509_set.c8
-rw-r--r--crypto/x509/x509_vfy.c18
-rw-r--r--crypto/x509/x509cset.c4
-rw-r--r--crypto/x509/x_crl.c5
-rw-r--r--crypto/x509/x_pubkey.c14
-rw-r--r--crypto/x509/x_x509.c8
-rw-r--r--include/crypto/x509.h30
-rw-r--r--providers/implementations/encode_decode/decode_der2key.c2
21 files changed, 80 insertions, 83 deletions
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index e65dabe323..0016569356 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -607,7 +607,7 @@ int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, const TYPE *val) \
return 1; \
}
-#define X509_invalid(cert) (!x509v3_cache_extensions(cert))
+#define X509_invalid(cert) (!ossl_x509v3_cache_extensions(cert))
#define EVP_PKEY_invalid(key) 0
#define DEFINE_OSSL_CMP_CTX_set1_up_ref(FIELD, TYPE) \
int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 09b2d7b03b..77b2175b11 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -1027,7 +1027,7 @@ X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep,
if (crt == NULL)
ERR_raise(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_FOUND);
else
- (void)x509_set0_libctx(crt, ctx->libctx, ctx->propq);
+ (void)ossl_x509_set0_libctx(crt, ctx->libctx, ctx->propq);
return crt;
}
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 88052d5ec5..064e8e37b3 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -58,7 +58,7 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
}
sig_err:
- res = x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS);
+ res = ossl_x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS);
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_VALIDATING_SIGNATURE);
if (res)
ERR_add_error_mem_bio("\n", bio);
@@ -266,7 +266,7 @@ static int cert_acceptable(const OSSL_CMP_CTX *ctx,
if (!check_kid(ctx, X509_get0_subject_key_id(cert), msg->header->senderKID))
return 0;
/* prevent misleading error later in case x509v3_cache_extensions() fails */
- if (!x509v3_cache_extensions(cert)) {
+ if (!ossl_x509v3_cache_extensions(cert)) {
ossl_cmp_warn(ctx, "cert appears to be invalid");
return 0;
}
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index b0b9e4aaac..494c2cc8fc 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -181,9 +181,9 @@ void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms)
break;
case CMS_RECIPINFO_TRANS:
ri->d.ktri->cms_ctx = ctx;
- x509_set0_libctx(ri->d.ktri->recip,
- ossl_cms_ctx_get0_libctx(ctx),
- ossl_cms_ctx_get0_propq(ctx));
+ ossl_x509_set0_libctx(ri->d.ktri->recip,
+ ossl_cms_ctx_get0_libctx(ctx),
+ ossl_cms_ctx_get0_propq(ctx));
break;
case CMS_RECIPINFO_KEK:
ri->d.kekri->cms_ctx = ctx;
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 03e6c631ef..0c9a372832 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -105,7 +105,7 @@ void ossl_cms_resolve_libctx(CMS_ContentInfo *ci)
for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
cch = sk_CMS_CertificateChoices_value(*pcerts, i);
if (cch->type == CMS_CERTCHOICE_CERT)
- x509_set0_libctx(cch->d.certificate, libctx, propq);
+ ossl_x509_set0_libctx(cch->d.certificate, libctx, propq);
}
}
}
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 2c86af22f0..d447fa4d1c 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -158,7 +158,7 @@ static int eckey_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
OSSL_LIB_CTX *libctx = NULL;
const char *propq = NULL;
- if (!X509_PUBKEY_get0_libctx(&libctx, &propq, pubkey)
+ if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey)
|| !X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
return 0;
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c
index ec1de943e4..ebc76cb79c 100644
--- a/crypto/ess/ess_lib.c
+++ b/crypto/ess/ess_lib.c
@@ -57,7 +57,7 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
unsigned char cert_sha1[SHA_DIGEST_LENGTH];
/* Call for side-effect of computing hash and caching extensions */
- if (!x509v3_cache_extensions(cert))
+ if (!ossl_x509v3_cache_extensions(cert))
return NULL;
if ((cid = ESS_CERT_ID_new()) == NULL)
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 39e1c983e8..6b941c53c4 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -439,12 +439,12 @@ void ossl_pkcs7_resolve_libctx(PKCS7 *p7)
return;
for (i = 0; i < sk_X509_num(certs); i++)
- x509_set0_libctx(sk_X509_value(certs, i), libctx, propq);
+ ossl_x509_set0_libctx(sk_X509_value(certs, i), libctx, propq);
for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rinfos); i++) {
PKCS7_RECIP_INFO *ri = sk_PKCS7_RECIP_INFO_value(rinfos, i);
- x509_set0_libctx(ri->cert, libctx, propq);
+ ossl_x509_set0_libctx(ri->cert, libctx, propq);
}
for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index d41d7d9b94..72f054be17 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -483,7 +483,7 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
/* We determined the object type */
data->object_type = OSSL_OBJECT_CERT;
- if (cert != NULL && !x509_set0_libctx(cert, libctx, propq)) {
+ if (cert != NULL && !ossl_x509_set0_libctx(cert, libctx, propq)) {
X509_free(cert);
cert = NULL;
}
@@ -510,7 +510,7 @@ static int try_crl(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
/* We determined the object type */
data->object_type = OSSL_OBJECT_CRL;
- if (crl != NULL && !x509_crl_set0_libctx(crl, libctx, propq)) {
+ if (crl != NULL && !ossl_x509_crl_set0_libctx(crl, libctx, propq)) {
X509_CRL_free(crl);
crl = NULL;
}
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index e4a204fb1a..5ae952ad1f 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -386,7 +386,7 @@ int X509_aux_print(BIO *out, X509 *x, int indent)
* Helper functions for improving certificate verification error diagnostics
*/
-int x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags)
+int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags)
{
unsigned long flags = ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE |
XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN;
@@ -428,7 +428,7 @@ static int print_certs(BIO *bio, const STACK_OF(X509) *certs)
X509 *cert = sk_X509_value(certs, i);
if (cert != NULL) {
- if (!x509_print_ex_brief(bio, cert, 0))
+ if (!ossl_x509_print_ex_brief(bio, cert, 0))
return 0;
if (!X509V3_extensions_print(bio, NULL,
X509_get0_extensions(cert),
@@ -495,8 +495,8 @@ int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx)
}
BIO_printf(bio, "Failure for:\n");
- x509_print_ex_brief(bio, X509_STORE_CTX_get_current_cert(ctx),
- X509_FLAG_NO_EXTENSIONS);
+ ossl_x509_print_ex_brief(bio, X509_STORE_CTX_get_current_cert(ctx),
+ X509_FLAG_NO_EXTENSIONS);
if (cert_error == X509_V_ERR_CERT_UNTRUSTED
|| cert_error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
|| cert_error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c
index ee2d3c7289..b98fc584ff 100644
--- a/crypto/x509/v3_purp.c
+++ b/crypto/x509/v3_purp.c
@@ -83,7 +83,7 @@ int X509_check_purpose(X509 *x, int id, int require_ca)
int idx;
const X509_PURPOSE *pt;
- if (!x509v3_cache_extensions(x))
+ if (!ossl_x509v3_cache_extensions(x))
return -1;
if (id == -1)
return 1;
@@ -395,7 +395,7 @@ static int check_sig_alg_match(const EVP_PKEY *issuer_key, const X509 *subject)
* X509_SIG_INFO_VALID is set in x->flags if x->siginf was filled successfully.
* Set EXFLAG_INVALID and return 0 in case the certificate is invalid.
*/
-int x509v3_cache_extensions(X509 *x)
+int ossl_x509v3_cache_extensions(X509 *x)
{
BASIC_CONSTRAINTS *bs;
PROXY_CERT_INFO_EXTENSION *pci;
@@ -559,7 +559,7 @@ int x509v3_cache_extensions(X509 *x)
/* .. and the signature alg matches the PUBKEY alg: */
&& check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK)
x->ex_flags |= EXFLAG_SS; /* indicate self-signed */
- /* This is very related to x509_likely_issued(x, x) == X509_V_OK */
+ /* This is very related to ossl_x509_likely_issued(x, x) == X509_V_OK */
}
/* Handle subject alternative names and various other extensions */
@@ -616,7 +616,7 @@ int x509v3_cache_extensions(X509 *x)
}
/* Set x->siginf, ignoring errors due to unsupported algos */
- (void)x509_init_sig_info(x);
+ (void)ossl_x509_init_sig_info(x);
x->ex_flags |= EXFLAG_SET; /* Indicate that cert has been processed */
#ifdef tsan_st_rel
@@ -692,7 +692,7 @@ void X509_set_proxy_pathlen(X509 *x, long l)
int X509_check_ca(X509 *x)
{
/* Note 0 normally means "not a CA" - but in this case means error. */
- if (!x509v3_cache_extensions(x))
+ if (!ossl_x509v3_cache_extensions(x))
return 0;
return check_ca(x);
@@ -904,13 +904,13 @@ int X509_check_issued(X509 *issuer, X509 *subject)
{
int ret;
- if ((ret = x509_likely_issued(issuer, subject)) != X509_V_OK)
+ if ((ret = ossl_x509_likely_issued(issuer, subject)) != X509_V_OK)
return ret;
- return x509_signing_allowed(issuer, subject);
+ return ossl_x509_signing_allowed(issuer, subject);
}
-/* Do the checks 1., 2., and 3. as described above for X509_check_issued() */
-int x509_likely_issued(X509 *issuer, X509 *subject)
+/* do the checks 1., 2., and 3. as described above for X509_check_issued() */
+int ossl_x509_likely_issued(X509 *issuer, X509 *subject)
{
int ret;
@@ -918,9 +918,9 @@ int x509_likely_issued(X509 *issuer, X509 *subject)
X509_get_issuer_name(subject)) != 0)
return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
- /* Set issuer->skid and subject->akid */
- if (!x509v3_cache_extensions(issuer)
- || !x509v3_cache_extensions(subject))
+ /* set issuer->skid and subject->akid */
+ if (!ossl_x509v3_cache_extensions(issuer)
+ || !ossl_x509v3_cache_extensions(subject))
return X509_V_ERR_UNSPECIFIED;
ret = X509_check_akid(issuer, subject->akid);
@@ -938,7 +938,7 @@ int x509_likely_issued(X509 *issuer, X509 *subject)
* Returns 0 for OK, or positive for reason for rejection
* where reason codes match those for X509_verify_cert().
*/
-int x509_signing_allowed(const X509 *issuer, const X509 *subject)
+int ossl_x509_signing_allowed(const X509 *issuer, const X509 *subject)
{
if (subject->ex_flags & EXFLAG_PROXY) {
if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
diff --git a/crypto/x509/x509_local.h b/crypto/x509/x509_local.h
index 1467aca1ff..fa9f4b8800 100644
--- a/crypto/x509/x509_local.h
+++ b/crypto/x509/x509_local.h
@@ -39,7 +39,7 @@ struct X509_VERIFY_PARAM_st {
};
/* No error callback if depth < 0 */
-int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth);
+int ossl_x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth);
/* a sequence of these are used */
struct x509_attributes_st {
@@ -155,7 +155,5 @@ DEFINE_STACK_OF(BY_DIR_ENTRY)
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
-void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
- const ASN1_STRING *sig);
-int x509_likely_issued(X509 *issuer, X509 *subject);
-int x509_signing_allowed(const X509 *issuer, const X509 *subject);
+int ossl_x509_likely_issued(X509 *issuer, X509 *subject);
+int ossl_x509_signing_allowed(const X509 *issuer, const X509 *subject);
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 96dfe83eef..0bd23c21b1 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -738,7 +738,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
}
/* If certificate matches and is currently valid all OK */
if (ctx->check_issued(ctx, x, obj->data.x509)) {
- if (x509_check_cert_time(ctx, obj->data.x509, -1)) {
+ if (ossl_x509_check_cert_time(ctx, obj->data.x509, -1)) {
*issuer = obj->data.x509;
if (!X509_up_ref(*issuer)) {
*issuer = NULL;
@@ -774,7 +774,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
if (ctx->check_issued(ctx, x, pobj->data.x509)) {
ret = 1;
/* If times check fine, exit with match, else keep looking. */
- if (x509_check_cert_time(ctx, pobj->data.x509, -1)) {
+ if (ossl_x509_check_cert_time(ctx, pobj->data.x509, -1)) {
*issuer = pobj->data.x509;
break;
}
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 52b9792d8f..9dd822c223 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -61,7 +61,7 @@ int X509_set_subject_name(X509 *x, const X509_NAME *name)
return X509_NAME_set(&x->cert_info.subject, name);
}
-int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
+int ossl_x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
{
ASN1_TIME *in;
in = *ptm;
@@ -79,14 +79,14 @@ int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
{
if (x == NULL)
return 0;
- return x509_set1_time(&x->cert_info.validity.notBefore, tm);
+ return ossl_x509_set1_time(&x->cert_info.validity.notBefore, tm);
}
int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
{
if (x == NULL)
return 0;
- return x509_set1_time(&x->cert_info.validity.notAfter, tm);
+ return ossl_x509_set1_time(&x->cert_info.validity.notAfter, tm);
}
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
@@ -270,7 +270,7 @@ static int x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
}
/* Returns 1 on success, 0 on failure */
-int x509_init_sig_info(X509 *x)
+int ossl_x509_init_sig_info(X509 *x)
{
return x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature);
}
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 46ea798756..6c6d5442f2 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -85,7 +85,7 @@ static int null_callback(int ok, X509_STORE_CTX *e)
/*-
* Return 1 if given cert is considered self-signed, 0 if not, or -1 on error.
* This actually verifies self-signedness only if requested.
- * It calls X509v3_cache_extensions()
+ * It calls ossl_x509v3_cache_extensions()
* to match issuer and subject names (i.e., the cert being self-issued) and any
* present authority key identifier to match the subject key identifier, etc.
*/
@@ -97,7 +97,7 @@ int X509_self_signed(X509 *cert, int verify_signature)
ERR_raise(ERR_LIB_X509, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
return -1;
}
- if (!x509v3_cache_extensions(cert))
+ if (!ossl_x509v3_cache_extensions(cert))
return -1;
if ((cert->ex_flags & EXFLAG_SS) == 0)
return 0;
@@ -329,7 +329,7 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
if (ctx->check_issued(ctx, x, issuer)
&& (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1)
|| !sk_X509_contains(ctx->chain, issuer))) {
- if (x509_check_cert_time(ctx, issuer, -1))
+ if (ossl_x509_check_cert_time(ctx, issuer, -1))
return issuer;
if (rv == NULL || ASN1_TIME_compare(X509_get0_notAfter(issuer),
X509_get0_notAfter(rv)) > 0)
@@ -342,7 +342,7 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
/* Check that the given certificate 'x' is issued by the certificate 'issuer' */
static int check_issued(ossl_unused X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
{
- int err = x509_likely_issued(issuer, x);
+ int err = ossl_x509_likely_issued(issuer, x);
if (err == X509_V_OK)
return 1;
@@ -1701,7 +1701,7 @@ static int check_policy(X509_STORE_CTX *ctx)
*
* Return 1 on success, 0 otherwise.
*/
-int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
+int ossl_x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
{
time_t *ptime;
int i;
@@ -1745,7 +1745,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
* We report the issuer as NULL because all we have is a bare key.
*/
xi = NULL;
- } else if (x509_likely_issued(xi, xi) != X509_V_OK
+ } else if (ossl_x509_likely_issued(xi, xi) != X509_V_OK
/* exceptional case: last cert in the chain is not self-issued */
&& ((ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) == 0)) {
if (n > 0) {
@@ -1804,7 +1804,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
* we are free to ignore any key usage restrictions on such certs.
*/
int ret = xs == xi && (xi->ex_flags & EXFLAG_CA) == 0
- ? X509_V_OK : x509_signing_allowed(xi, xs);
+ ? X509_V_OK : ossl_x509_signing_allowed(xi, xs);
CB_FAIL_IF(ret != X509_V_OK, ctx, xi, issuer_depth, ret);
if ((pkey = X509_get0_pubkey(xi)) == NULL) {
@@ -1818,7 +1818,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
/* in addition to RFC 5280, do also for trusted (root) cert */
/* Calls verify callback as needed */
- if (!x509_check_cert_time(ctx, xs, n))
+ if (!ossl_x509_check_cert_time(ctx, xs, n))
return 0;
/*
@@ -3287,7 +3287,7 @@ static int build_chain(X509_STORE_CTX *ctx)
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
case X509_V_ERR_CERT_HAS_EXPIRED:
- return 0; /* Callback already issued by x509_check_cert_time() */
+ return 0; /* Callback already issued by ossl_x509_check_cert_time() */
default: /* A preliminary error has become final */
return verify_cb_cert(ctx, NULL, num - 1, ctx->error);
case X509_V_OK:
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index 22143da65e..0c76d656c5 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -38,14 +38,14 @@ int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
{
if (x == NULL)
return 0;
- return x509_set1_time(&x->crl.lastUpdate, tm);
+ return ossl_x509_set1_time(&x->crl.lastUpdate, tm);
}
int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
{
if (x == NULL)
return 0;
- return x509_set1_time(&x->crl.nextUpdate, tm);
+ return ossl_x509_set1_time(&x->crl.nextUpdate, tm);
}
int X509_CRL_sort(X509_CRL *c)
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index 4bb7a880a3..dfe3da37eb 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -270,7 +270,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
{
X509_CRL *old = exarg;
- if (!x509_crl_set0_libctx(crl, old->libctx, old->propq))
+ if (!ossl_x509_crl_set0_libctx(crl, old->libctx, old->propq))
return 0;
}
break;
@@ -500,7 +500,8 @@ void *X509_CRL_get_meth_data(X509_CRL *crl)
return crl->meth_data;
}
-int x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx, const char *propq)
+int ossl_x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx,
+ const char *propq)
{
if (x != NULL) {
x->libctx = libctx;
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 8392540c73..b1268f22c9 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -438,8 +438,8 @@ static EVP_PKEY *d2i_PUBKEY_int(EVP_PKEY **a,
}
/* For the algorithm specific d2i functions further down */
-EVP_PKEY *d2i_PUBKEY_legacy(EVP_PKEY **a,
- const unsigned char **pp, long length)
+EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a,
+ const unsigned char **pp, long length)
{
return d2i_PUBKEY_int(a, pp, length, NULL, NULL, 1, d2i_X509_PUBKEY);
}
@@ -516,7 +516,7 @@ RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
const unsigned char *q;
q = *pp;
- pkey = d2i_PUBKEY_legacy(NULL, &q, length);
+ pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length);
if (pkey == NULL)
return NULL;
key = EVP_PKEY_get1_RSA(pkey);
@@ -557,7 +557,7 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
const unsigned char *q;
q = *pp;
- pkey = d2i_PUBKEY_legacy(NULL, &q, length);
+ pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length);
if (pkey == NULL)
return NULL;
key = EVP_PKEY_get1_DSA(pkey);
@@ -599,7 +599,7 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
const unsigned char *q;
q = *pp;
- pkey = d2i_PUBKEY_legacy(NULL, &q, length);
+ pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length);
if (pkey == NULL)
return NULL;
key = EVP_PKEY_get1_EC_KEY(pkey);
@@ -693,8 +693,8 @@ int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b)
return EVP_PKEY_eq(pA, pB);
}
-int X509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
- const X509_PUBKEY *key)
+int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
+ const X509_PUBKEY *key)
{
if (plibctx)
*plibctx = key->libctx;
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index b6f9f043b8..a4a169a97e 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -102,7 +102,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
{
X509 *old = exarg;
- if (!x509_set0_libctx(ret, old->libctx, old->propq))
+ if (!ossl_x509_set0_libctx(ret, old->libctx, old->propq))
return 0;
}
break;
@@ -130,7 +130,7 @@ X509 *d2i_X509(X509 **a, const unsigned char **in, long len)
cert = (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (X509_it()));
/* Only cache the extensions if the cert object was passed in */
if (cert != NULL && a != NULL) {
- if (!x509v3_cache_extensions(cert)) {
+ if (!ossl_x509v3_cache_extensions(cert)) {
if (free_on_error)
X509_free(cert);
cert = NULL;
@@ -148,7 +148,7 @@ int i2d_X509(const X509 *a, unsigned char **out)
* asn1 object and it needs a libctx to operate.
* Use X509_new_ex() instead if possible.
*/
-int x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq)
+int ossl_x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq)
{
if (x != NULL) {
x->libctx = libctx;
@@ -168,7 +168,7 @@ X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq)
X509 *cert = NULL;
cert = (X509 *)ASN1_item_new((X509_it()));
- if (!x509_set0_libctx(cert, libctx, propq)) {
+ if (!ossl_x509_set0_libctx(cert, libctx, propq)) {
X509_free(cert);
cert = NULL;
}
diff --git a/include/crypto/x509.h b/include/crypto/x509.h
index 4b179a07af..623b880959 100644
--- a/include/crypto/x509.h
+++ b/include/crypto/x509.h
@@ -305,29 +305,27 @@ struct x509_object_st {
};
int ossl_a2i_ipadd(unsigned char *ipout, const char *ipasc);
-int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
-int x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags);
-int x509v3_cache_extensions(X509 *x);
-int x509_init_sig_info(X509 *x);
-int x509_check_issued_int(X509 *issuer, X509 *subject, OSSL_LIB_CTX *libctx,
- const char *propq);
-
-int x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq);
-int x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx, const char *propq);
-int x509_init_sig_info(X509 *x);
-int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *type, void *data,
- unsigned char *md, unsigned int *len,
+int ossl_x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
+int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags);
+int ossl_x509v3_cache_extensions(X509 *x);
+int ossl_x509_init_sig_info(X509 *x);
+
+int ossl_x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq);
+int ossl_x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx,
+ const char *propq);
+int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *type,
+ void *data, unsigned char *md, unsigned int *len,
OSSL_LIB_CTX *libctx, const char *propq);
int ossl_x509_add_cert_new(STACK_OF(X509) **sk, X509 *cert, int flags);
int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, STACK_OF(X509) *certs,
int flags);
-int X509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
- const X509_PUBKEY *key);
+int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
+ const X509_PUBKEY *key);
/* Calculate default key identifier according to RFC 5280 section 4.2.1.2 (1) */
ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey);
/* A variant of d2i_PUBKEY() that is guaranteed to only return legacy keys */
-EVP_PKEY *d2i_PUBKEY_legacy(EVP_PKEY **a,
- const unsigned char **in, long length);
+EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a,
+ const unsigned char **in, long length);
#endif
diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
index 459c672875..359116a8a9 100644
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -337,7 +337,7 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
&& (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
RESET_ERR_MARK();
derp = der;
- pkey = d2i_PUBKEY_legacy(NULL, &derp, der_len);
+ pkey = ossl_d2i_PUBKEY_legacy(NULL, &derp, der_len);
}
if (pkey != NULL) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-12 08:09:23 +0000