167 static void dane_final(SSL_DANE *dane)  in dane_final()  argument
169     sk_danetls_record_pop_free(dane->trecs, tlsa_free);  in dane_final()
170     dane->trecs = NULL;  in dane_final()
172     OSSL_STACK_OF_X509_free(dane->certs);  in dane_final()
173     dane->certs = NULL;  in dane_final()
175     X509_free(dane->mcert);  in dane_final()
176     dane->mcert = NULL;  in dane_final()
177     dane->mtlsa = NULL;  in dane_final()
178     dane->mdpth = -1;  in dane_final()
179     dane->pdpth = -1;  in dane_final()
190     if (!DANETLS_ENABLED(&from->dane))  in ssl_dane_dup()
193     num = sk_danetls_record_num(from->dane.trecs);  in ssl_dane_dup()
194     dane_final(&to->dane);  in ssl_dane_dup()
195     to->dane.flags = from->dane.flags;  in ssl_dane_dup()
196     to->dane.dctx = &SSL_CONNECTION_GET_CTX(to)->dane;  in ssl_dane_dup()
197     to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);  in ssl_dane_dup()
199     if (to->dane.trecs == NULL) {  in ssl_dane_dup()
205         danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);  in ssl_dane_dup()
255 static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)  in tlsa_md_get()  argument
257     if (mtype > dane->dctx->mdmax)  in tlsa_md_get()
259     return dane->dctx->mdevp[mtype];  in tlsa_md_get()
262 static int dane_tlsa_add(SSL_DANE *dane,  in dane_tlsa_add()  argument
274     if (dane->trecs == NULL) {  in dane_tlsa_add()
295         md = tlsa_md_get(dane, mtype);  in dane_tlsa_add()
374             if ((dane->certs == NULL &&  in dane_tlsa_add()
375                  (dane->certs = sk_X509_new_null()) == NULL) ||  in dane_tlsa_add()
376                 !sk_X509_push(dane->certs, cert)) {  in dane_tlsa_add()
420     num = sk_danetls_record_num(dane->trecs);  in dane_tlsa_add()
422         danetls_record *rec = sk_danetls_record_value(dane->trecs, i);  in dane_tlsa_add()
432         if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])  in dane_tlsa_add()
437     if (!sk_danetls_record_insert(dane->trecs, t, i)) {  in dane_tlsa_add()
442     dane->umask |= DANETLS_USAGE_BIT(usage);  in dane_tlsa_add()
626     sc->dane.mdpth = -1;  in ossl_ssl_connection_reset()
627     sc->dane.pdpth = -1;  in ossl_ssl_connection_reset()
628     X509_free(sc->dane.mcert);  in ossl_ssl_connection_reset()
629     sc->dane.mcert = NULL;  in ossl_ssl_connection_reset()
630     sc->dane.mtlsa = NULL;  in ossl_ssl_connection_reset()
755     s->dane.flags = ctx->dane.flags;  in ossl_ssl_connection_new_int()
1171     return dane_ctx_enable(&ctx->dane);  in SSL_CTX_dane_enable()
1176     unsigned long orig = ctx->dane.flags;  in SSL_CTX_dane_set_flags()
1178     ctx->dane.flags |= flags;  in SSL_CTX_dane_set_flags()
1184     unsigned long orig = ctx->dane.flags;  in SSL_CTX_dane_clear_flags()
1186     ctx->dane.flags &= ~flags;  in SSL_CTX_dane_clear_flags()
1192     SSL_DANE *dane;  in SSL_dane_enable()  local
1198     dane = &sc->dane;  in SSL_dane_enable()
1199     if (s->ctx->dane.mdmax == 0) {  in SSL_dane_enable()
1203     if (dane->trecs != NULL) {  in SSL_dane_enable()
1226     dane->mdpth = -1;  in SSL_dane_enable()
1227     dane->pdpth = -1;  in SSL_dane_enable()
1228     dane->dctx = &s->ctx->dane;  in SSL_dane_enable()
1229     dane->trecs = sk_danetls_record_new_null();  in SSL_dane_enable()
1231     if (dane->trecs == NULL) {  in SSL_dane_enable()
1246     orig = sc->dane.flags;  in SSL_dane_set_flags()
1248     sc->dane.flags |= flags;  in SSL_dane_set_flags()
1260     orig = sc->dane.flags;  in SSL_dane_clear_flags()
1262     sc->dane.flags &= ~flags;  in SSL_dane_clear_flags()
1268     SSL_DANE *dane;  in SSL_get0_dane_authority()  local
1274     dane = &sc->dane;  in SSL_get0_dane_authority()
1276     if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK)  in SSL_get0_dane_authority()
1278     if (dane->mtlsa) {  in SSL_get0_dane_authority()
1280             *mcert = dane->mcert;  in SSL_get0_dane_authority()
1282             *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;  in SSL_get0_dane_authority()
1284     return dane->mdpth;  in SSL_get0_dane_authority()
1290     SSL_DANE *dane;  in SSL_get0_dane_tlsa()  local
1296     dane = &sc->dane;  in SSL_get0_dane_tlsa()
1298     if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK)  in SSL_get0_dane_tlsa()
1300     if (dane->mtlsa) {  in SSL_get0_dane_tlsa()
1302             *usage = dane->mtlsa->usage;  in SSL_get0_dane_tlsa()
1304             *selector = dane->mtlsa->selector;  in SSL_get0_dane_tlsa()
1306             *mtype = dane->mtlsa->mtype;  in SSL_get0_dane_tlsa()
1308             *data = dane->mtlsa->data;  in SSL_get0_dane_tlsa()
1310             *dlen = dane->mtlsa->dlen;  in SSL_get0_dane_tlsa()
1312     return dane->mdpth;  in SSL_get0_dane_tlsa()
1322     return &sc->dane;  in SSL_get0_dane()
1333     return dane_tlsa_add(&sc->dane, usage, selector, mtype, data, dlen);  in SSL_dane_tlsa_add()
1339     return dane_mtype_set(&ctx->dane, md, mtype, ord);  in SSL_CTX_dane_mtype_set()
1415     dane_final(&s->dane);  in ossl_ssl_connection_free()
4290     dane_ctx_final(&a->dane);  in SSL_CTX_free()
6493     SSL_DANE *dane = &s->dane;  in ssl_validate_ct()  local
6517     if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {  in ssl_validate_ct()
6518         switch (dane->mtlsa->usage) {  in ssl_validate_ct()
7865     SSL_DANE *dane = SSL_get0_dane(s);  in SSL_add_expected_rpk()  local
7868     if (dane == NULL || dane->dctx == NULL)  in SSL_add_expected_rpk()

Last Index update Tue Nov 12 14:02:13 UTC 2024

Dedicated to & Maintained by Room-11