diff options
| author | tb <> | 2024-07-13 15:08:58 +0000 |
|---|---|---|
| committer | tb <> | 2024-07-13 15:08:58 +0000 |
| commit | 3a6927c782869fec9a91b17f3757e56538e5d418 (patch) | |
| tree | 9bceb8f53165bf9b9a2232987ecac3565db027df /src/lib/libcrypto/ct | |
| parent | 57d2f282cacabe0c53399ec9c933b34696835dd2 (diff) | |
| download | openbsd-3a6927c782869fec9a91b17f3757e56538e5d418.tar.gz openbsd-3a6927c782869fec9a91b17f3757e56538e5d418.tar.bz2 openbsd-3a6927c782869fec9a91b17f3757e56538e5d418.zip | |
Unify X.509v3 extension methods
Use C99 initializers for all structs (some were forgotten).
Make all the structs static, call them x509v3_ext_* matching NID_*.
Add accessors called x509v3_ext_method_* and use these to implement
X509V3_EXT_get_nid().
This adds consistency and avoids a few contortions like grouping
a few extensions in arrays to save a couple externs.
ok beck jsing
Diffstat (limited to 'src/lib/libcrypto/ct')
| -rw-r--r-- | src/lib/libcrypto/ct/ct_x509v3.c | 127 |
1 files changed, 71 insertions, 56 deletions
diff --git a/src/lib/libcrypto/ct/ct_x509v3.c b/src/lib/libcrypto/ct/ct_x509v3.c index 59f2975cd9..b14ffc9532 100644 --- a/src/lib/libcrypto/ct/ct_x509v3.c +++ b/src/lib/libcrypto/ct/ct_x509v3.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ct_x509v3.c,v 1.6 2021/12/25 15:42:32 tb Exp $ */ | 1 | /* $OpenBSD: ct_x509v3.c,v 1.7 2024/07/13 15:08:58 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Rob Stradling (rob@comodo.com) and Stephen Henson | 3 | * Written by Rob Stradling (rob@comodo.com) and Stephen Henson |
| 4 | * (steve@openssl.org) for the OpenSSL project 2014. | 4 | * (steve@openssl.org) for the OpenSSL project 2014. |
| @@ -128,59 +128,74 @@ ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len) | |||
| 128 | return s; | 128 | return s; |
| 129 | } | 129 | } |
| 130 | 130 | ||
| 131 | /* Handlers for X509v3/OCSP Certificate Transparency extensions */ | 131 | /* X509v3 extension in certificates that contains SCTs */ |
| 132 | const X509V3_EXT_METHOD v3_ct_scts[3] = { | 132 | static const X509V3_EXT_METHOD x509v3_ext_ct_precert_scts = { |
| 133 | /* X509v3 extension in certificates that contains SCTs */ | 133 | .ext_nid = NID_ct_precert_scts, |
| 134 | [0] = { | 134 | .ext_flags = 0, |
| 135 | .ext_nid = NID_ct_precert_scts, | 135 | .it = NULL, |
| 136 | .ext_flags = 0, | 136 | .ext_new = NULL, |
| 137 | .it = NULL, | 137 | .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, |
| 138 | .ext_new = NULL, | 138 | .d2i = (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, |
| 139 | .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, | 139 | .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, |
| 140 | .d2i = (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, | 140 | .i2s = NULL, |
| 141 | .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, | 141 | .s2i = NULL, |
| 142 | .i2s = NULL, | 142 | .i2v = NULL, |
| 143 | .s2i = NULL, | 143 | .v2i = NULL, |
| 144 | .i2v = NULL, | 144 | .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, |
| 145 | .v2i = NULL, | 145 | .r2i = NULL, |
| 146 | .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, | 146 | .usr_data = NULL, |
| 147 | .r2i = NULL, | ||
| 148 | .usr_data = NULL, | ||
| 149 | }, | ||
| 150 | |||
| 151 | /* X509v3 extension to mark a certificate as a pre-certificate */ | ||
| 152 | [1] = { | ||
| 153 | .ext_nid = NID_ct_precert_poison, | ||
| 154 | .ext_flags = 0, | ||
| 155 | .it = &ASN1_NULL_it, | ||
| 156 | .ext_new = NULL, | ||
| 157 | .ext_free = NULL, | ||
| 158 | .d2i = NULL, | ||
| 159 | .i2d = NULL, | ||
| 160 | .i2s = i2s_poison, | ||
| 161 | .s2i = s2i_poison, | ||
| 162 | .i2v = NULL, | ||
| 163 | .v2i = NULL, | ||
| 164 | .i2r = NULL, | ||
| 165 | .r2i = NULL, | ||
| 166 | .usr_data = NULL, | ||
| 167 | }, | ||
| 168 | |||
| 169 | /* OCSP extension that contains SCTs */ | ||
| 170 | [2] = { | ||
| 171 | .ext_nid = NID_ct_cert_scts, | ||
| 172 | .ext_flags = 0, | ||
| 173 | .it = NULL, | ||
| 174 | .ext_new = NULL, | ||
| 175 | .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, | ||
| 176 | .d2i = (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, | ||
| 177 | .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, | ||
| 178 | .i2s = NULL, | ||
| 179 | .s2i = NULL, | ||
| 180 | .i2v = NULL, | ||
| 181 | .v2i = NULL, | ||
| 182 | .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, | ||
| 183 | .r2i = NULL, | ||
| 184 | .usr_data = NULL, | ||
| 185 | }, | ||
| 186 | }; | 147 | }; |
| 148 | |||
| 149 | const X509V3_EXT_METHOD * | ||
| 150 | x509v3_ext_method_ct_precert_scts(void) | ||
| 151 | { | ||
| 152 | return &x509v3_ext_ct_precert_scts; | ||
| 153 | } | ||
| 154 | |||
| 155 | /* X509v3 extension to mark a certificate as a pre-certificate */ | ||
| 156 | static const X509V3_EXT_METHOD x509v3_ext_ct_precert_poison = { | ||
| 157 | .ext_nid = NID_ct_precert_poison, | ||
| 158 | .ext_flags = 0, | ||
| 159 | .it = &ASN1_NULL_it, | ||
| 160 | .ext_new = NULL, | ||
| 161 | .ext_free = NULL, | ||
| 162 | .d2i = NULL, | ||
| 163 | .i2d = NULL, | ||
| 164 | .i2s = i2s_poison, | ||
| 165 | .s2i = s2i_poison, | ||
| 166 | .i2v = NULL, | ||
| 167 | .v2i = NULL, | ||
| 168 | .i2r = NULL, | ||
| 169 | .r2i = NULL, | ||
| 170 | .usr_data = NULL, | ||
| 171 | }; | ||
| 172 | |||
| 173 | const X509V3_EXT_METHOD * | ||
| 174 | x509v3_ext_method_ct_precert_poison(void) | ||
| 175 | { | ||
| 176 | return &x509v3_ext_ct_precert_poison; | ||
| 177 | } | ||
| 178 | |||
| 179 | /* OCSP extension that contains SCTs */ | ||
| 180 | static const X509V3_EXT_METHOD x509v3_ext_ct_cert_scts = { | ||
| 181 | .ext_nid = NID_ct_cert_scts, | ||
| 182 | .ext_flags = 0, | ||
| 183 | .it = NULL, | ||
| 184 | .ext_new = NULL, | ||
| 185 | .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, | ||
| 186 | .d2i = (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, | ||
| 187 | .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, | ||
| 188 | .i2s = NULL, | ||
| 189 | .s2i = NULL, | ||
| 190 | .i2v = NULL, | ||
| 191 | .v2i = NULL, | ||
| 192 | .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, | ||
| 193 | .r2i = NULL, | ||
| 194 | .usr_data = NULL, | ||
| 195 | }; | ||
| 196 | |||
| 197 | const X509V3_EXT_METHOD * | ||
| 198 | x509v3_ext_method_ct_cert_scts(void) | ||
| 199 | { | ||
| 200 | return &x509v3_ext_ct_cert_scts; | ||
| 201 | } | ||