Unify X.509v3 extension methods

Use C99 initializers for all structs (some were forgotten). Make all the structs static, call them x509v3_ext_* matching NID_*. Add accessors called x509v3_ext_method_* and use these to implement X509V3_EXT_get_nid(). This adds consistency and avoids a few contortions like grouping a few extensions in arrays to save a couple externs. ok beck jsing
author: tb <> 2024-07-13 15:08:58 +0000
committer: tb <> 2024-07-13 15:08:58 +0000
commit: de05eb4f597b95fed408db9aa9e9474eb6daf5e6 (patch)
tree: 9bceb8f53165bf9b9a2232987ecac3565db027df /src/lib/libcrypto/ct/ct_x509v3.c
parent: d694a3319273a6e59cc84d958713e0342bfc206d (diff)
download: openbsd-de05eb4f597b95fed408db9aa9e9474eb6daf5e6.tar.gz
openbsd-de05eb4f597b95fed408db9aa9e9474eb6daf5e6.tar.bz2
openbsd-de05eb4f597b95fed408db9aa9e9474eb6daf5e6.zip
1 files changed, 71 insertions, 56 deletions
diff --git a/src/lib/libcrypto/ct/ct_x509v3.c b/src/lib/libcrypto/ct/ct_x509v3.c
index 59f2975cd9..b14ffc9532 100644
--- a/src/lib/libcrypto/ct/ct_x509v3.c
+++ b/src/lib/libcrypto/ct/ct_x509v3.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ct_x509v3.c,v 1.6 2021/12/25 15:42:32 tb Exp $ */
+/*      $OpenBSD: ct_x509v3.c,v 1.7 2024/07/13 15:08:58 tb Exp $ */
 /*
 * Written by Rob Stradling (rob@comodo.com) and Stephen Henson
 * (steve@openssl.org) for the OpenSSL project 2014.
@@ -128,59 +128,74 @@ ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len)
        return s;
 }
-/* Handlers for X509v3/OCSP Certificate Transparency extensions */
+/* X509v3 extension in certificates that contains SCTs */
-const X509V3_EXT_METHOD v3_ct_scts[3] = {
+static const X509V3_EXT_METHOD x509v3_ext_ct_precert_scts = {
-        /* X509v3 extension in certificates that contains SCTs */
+        .ext_nid = NID_ct_precert_scts,
-        [0] = {
+        .ext_flags = 0,
-                .ext_nid = NID_ct_precert_scts,
+        .it = NULL,
-                .ext_flags = 0,
+        .ext_new = NULL,
-                .it = NULL,
+        .ext_free = (X509V3_EXT_FREE)SCT_LIST_free,
-                .ext_new = NULL,
+        .d2i = (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST,
-                .ext_free = (X509V3_EXT_FREE)SCT_LIST_free,
+        .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST,
-                .d2i = (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST,
+        .i2s = NULL,
-                .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST,
+        .s2i = NULL,
-                .i2s = NULL,
+        .i2v = NULL,
-                .s2i = NULL,
+        .v2i = NULL,
-                .i2v = NULL,
+        .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST,
-                .v2i = NULL,
+        .r2i = NULL,
-                .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST,
+        .usr_data = NULL,
-                .r2i = NULL,
-                .usr_data = NULL,
-        },
-        /* X509v3 extension to mark a certificate as a pre-certificate */
-        [1] = {
-                .ext_nid = NID_ct_precert_poison,
-                .ext_flags = 0,
-                .it = &ASN1_NULL_it,
-                .ext_new = NULL,
-                .ext_free = NULL,
-                .d2i = NULL,
-                .i2d = NULL,
-                .i2s = i2s_poison,
-                .s2i = s2i_poison,
-                .i2v = NULL,
-                .v2i = NULL,
-                .i2r = NULL,
-                .r2i = NULL,
-                .usr_data = NULL,
-        },
-        /* OCSP extension that contains SCTs */
-        [2] = {
-                .ext_nid = NID_ct_cert_scts,
-                .ext_flags = 0,
-                .it = NULL,
-                .ext_new = NULL,
-                .ext_free = (X509V3_EXT_FREE)SCT_LIST_free,
-                .d2i = (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST,
-                .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST,
-                .i2s = NULL,
-                .s2i = NULL,
-                .i2v = NULL,
-                .v2i = NULL,
-                .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST,
-                .r2i = NULL,
-                .usr_data = NULL,
-        },
 };
+const X509V3_EXT_METHOD *
+x509v3_ext_method_ct_precert_scts(void)
+{
+        return &x509v3_ext_ct_precert_scts;
+}
+/* X509v3 extension to mark a certificate as a pre-certificate */
+static const X509V3_EXT_METHOD x509v3_ext_ct_precert_poison = {
+        .ext_nid = NID_ct_precert_poison,
+        .ext_flags = 0,
+        .it = &ASN1_NULL_it,
+        .ext_new = NULL,
+        .ext_free = NULL,
+        .d2i = NULL,
+        .i2d = NULL,
+        .i2s = i2s_poison,
+        .s2i = s2i_poison,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = NULL,
+        .r2i = NULL,
+        .usr_data = NULL,
+};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_ct_precert_poison(void)
+{
+        return &x509v3_ext_ct_precert_poison;
+}
+/* OCSP extension that contains SCTs */
+static const X509V3_EXT_METHOD x509v3_ext_ct_cert_scts = {
+        .ext_nid = NID_ct_cert_scts,
+        .ext_flags = 0,
+        .it = NULL,
+        .ext_new = NULL,
+        .ext_free = (X509V3_EXT_FREE)SCT_LIST_free,
+        .d2i = (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST,
+        .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST,
+        .i2s = NULL,
+        .s2i = NULL,
+        .i2v = NULL,
+        .v2i = NULL,
+        .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST,
+        .r2i = NULL,
+        .usr_data = NULL,
+};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_ct_cert_scts(void)
+{
+        return &x509v3_ext_ct_cert_scts;
+}
author	tb <>	2024-07-13 15:08:58 +0000
committer	tb <>	2024-07-13 15:08:58 +0000
commit	de05eb4f597b95fed408db9aa9e9474eb6daf5e6 (patch)
tree	9bceb8f53165bf9b9a2232987ecac3565db027df /src/lib/libcrypto/ct/ct_x509v3.c
parent	d694a3319273a6e59cc84d958713e0342bfc206d (diff)
download	openbsd-de05eb4f597b95fed408db9aa9e9474eb6daf5e6.tar.gz openbsd-de05eb4f597b95fed408db9aa9e9474eb6daf5e6.tar.bz2 openbsd-de05eb4f597b95fed408db9aa9e9474eb6daf5e6.zip