+/* v3_lib.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
-
/* X509 v3 extension utilities */
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/conf.h>
#include <openssl/x509v3.h>
int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
{
- if (ext_list == NULL
- && (ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp)) == NULL) {
+ if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
return 0;
}
IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
const X509V3_EXT_METHOD *, ext);
-/*
- * This table will be searched using OBJ_bsearch so it *must* kept in order
- * of the ext_nid values.
- */
-
-static const X509V3_EXT_METHOD *standard_exts[] = {
- &v3_nscert,
- &v3_ns_ia5_list[0],
- &v3_ns_ia5_list[1],
- &v3_ns_ia5_list[2],
- &v3_ns_ia5_list[3],
- &v3_ns_ia5_list[4],
- &v3_ns_ia5_list[5],
- &v3_ns_ia5_list[6],
- &v3_skey_id,
- &v3_key_usage,
- &v3_pkey_usage_period,
- &v3_alt[0],
- &v3_alt[1],
- &v3_bcons,
- &v3_crl_num,
- &v3_cpols,
- &v3_akey_id,
- &v3_crld,
- &v3_ext_ku,
- &v3_delta_crl,
- &v3_crl_reason,
-#ifndef OPENSSL_NO_OCSP
- &v3_crl_invdate,
-#endif
- &v3_sxnet,
- &v3_info,
-#ifndef OPENSSL_NO_RFC3779
- &v3_addr,
- &v3_asid,
-#endif
-#ifndef OPENSSL_NO_OCSP
- &v3_ocsp_nonce,
- &v3_ocsp_crlid,
- &v3_ocsp_accresp,
- &v3_ocsp_nocheck,
- &v3_ocsp_acutoff,
- &v3_ocsp_serviceloc,
-#endif
- &v3_sinfo,
- &v3_policy_constraints,
-#ifndef OPENSSL_NO_OCSP
- &v3_crl_hold,
-#endif
- &v3_pci,
- &v3_name_constraints,
- &v3_policy_mappings,
- &v3_inhibit_anyp,
- &v3_idp,
- &v3_alt[2],
- &v3_freshest_crl,
-#ifndef OPENSSL_NO_CT
- &v3_ct_scts[0],
- &v3_ct_scts[1],
- &v3_ct_scts[2],
-#endif
- &v3_tls_feature,
-};
-
-/* Number of standard extensions */
-
-#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts)
-
const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
{
X509V3_EXT_METHOD tmp;
const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
{
int nid;
- if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef)
+ if ((nid = OBJ_obj2nid(ext->object)) == NID_undef)
return NULL;
return X509V3_EXT_get_nid(nid);
}
+int X509V3_EXT_free(int nid, void *ext_data)
+{
+ const X509V3_EXT_METHOD *ext_method = X509V3_EXT_get_nid(nid);
+ if (ext_method == NULL) {
+ X509V3err(X509V3_F_X509V3_EXT_FREE,
+ X509V3_R_CANNOT_FIND_FREE_FUNCTION);
+ return 0;
+ }
+
+ if (ext_method->it != NULL)
+ ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it));
+ else if (ext_method->ext_free != NULL)
+ ext_method->ext_free(ext_data);
+ else {
+ X509V3err(X509V3_F_X509V3_EXT_FREE,
+ X509V3_R_CANNOT_FIND_FREE_FUNCTION);
+ return 0;
+ }
+
+ return 1;
+}
+
int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
{
for (; extlist->ext_nid != -1; extlist++)
const X509V3_EXT_METHOD *ext;
X509V3_EXT_METHOD *tmpext;
- if ((ext = X509V3_EXT_get_nid(nid_from)) == NULL) {
- X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, X509V3_R_EXTENSION_NOT_FOUND);
+ if (!(ext = X509V3_EXT_get_nid(nid_from))) {
+ X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,
+ X509V3_R_EXTENSION_NOT_FOUND);
return 0;
}
- if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL) {
+ if (!
+ (tmpext =
+ (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE);
return 0;
}
{
const X509V3_EXT_METHOD *method;
const unsigned char *p;
- ASN1_STRING *extvalue;
- int extlen;
- if ((method = X509V3_EXT_get(ext)) == NULL)
+ if (!(method = X509V3_EXT_get(ext)))
return NULL;
- extvalue = X509_EXTENSION_get_data(ext);
- p = ASN1_STRING_get0_data(extvalue);
- extlen = ASN1_STRING_length(extvalue);
+ p = ext->value->data;
if (method->it)
- return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
- return method->d2i(NULL, &p, extlen);
+ return ASN1_item_d2i(NULL, &p, ext->value->length,
+ ASN1_ITEM_ptr(method->it));
+ return method->d2i(NULL, &p, ext->value->length);
}
/*-
* -2 extension occurs more than once.
*/
-void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
int *idx)
{
int lastpos, i;
lastpos = 0;
for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) {
ex = sk_X509_EXTENSION_value(x, i);
- if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == nid) {
+ if (OBJ_obj2nid(ex->object) == nid) {
if (idx) {
*idx = i;
found_ex = ex;
return 1;
}
- if (*x == NULL
- && (*x = sk_X509_EXTENSION_new_null()) == NULL)
+ if (!*x && !(*x = sk_X509_EXTENSION_new_null()))
return -1;
if (!sk_X509_EXTENSION_push(*x, ext))
return -1;
X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
return 0;
}
+
+IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)