Unify X.509v3 extension methods

Use C99 initializers for all structs (some were forgotten). Make all the structs static, call them x509v3_ext_* matching NID_*. Add accessors called x509v3_ext_method_* and use these to implement X509V3_EXT_get_nid(). This adds consistency and avoids a few contortions like grouping a few extensions in arrays to save a couple externs. ok beck jsing
author: tb <> 2024-07-13 15:08:58 +0000
committer: tb <> 2024-07-13 15:08:58 +0000
commit: de05eb4f597b95fed408db9aa9e9474eb6daf5e6 (patch)
tree: 9bceb8f53165bf9b9a2232987ecac3565db027df /src/lib/libcrypto/x509/x509_lib.c
parent: d694a3319273a6e59cc84d958713e0342bfc206d (diff)
download: openbsd-de05eb4f597b95fed408db9aa9e9474eb6daf5e6.tar.gz
openbsd-de05eb4f597b95fed408db9aa9e9474eb6daf5e6.tar.bz2
openbsd-de05eb4f597b95fed408db9aa9e9474eb6daf5e6.zip
1 files changed, 94 insertions, 79 deletions
diff --git a/src/lib/libcrypto/x509/x509_lib.c b/src/lib/libcrypto/x509/x509_lib.c
index 8382babbdf..6fa66ab88e 100644
--- a/src/lib/libcrypto/x509/x509_lib.c
+++ b/src/lib/libcrypto/x509/x509_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lib.c,v 1.23 2024/06/17 05:38:08 tb Exp $ */
+/* $OpenBSD: x509_lib.c,v 1.24 2024/07/13 15:08:58 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -65,89 +65,104 @@
 #include "x509_local.h"
-extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
+const X509V3_EXT_METHOD *
-extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_info, v3_sinfo;
+X509V3_EXT_get_nid(int nid)
-extern const X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
+{
-extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
+        switch (nid) {
-extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
+        case NID_authority_key_identifier:
-extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
+                return x509v3_ext_method_authority_key_identifier();
-extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
+        case NID_basic_constraints:
-extern const X509V3_EXT_METHOD v3_crl_hold;
+                return x509v3_ext_method_basic_constraints();
-extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
+        case NID_certificate_issuer:
-extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
+                return x509v3_ext_method_certificate_issuer();
-extern const X509V3_EXT_METHOD v3_addr, v3_asid;
+        case NID_certificate_policies:
-extern const X509V3_EXT_METHOD v3_ct_scts[3];
+                return x509v3_ext_method_certificate_policies();
+        case NID_crl_distribution_points:
-static const X509V3_EXT_METHOD *standard_exts[] = {
+                return x509v3_ext_method_crl_distribution_points();
-        &v3_nscert,
+        case NID_crl_number:
-        &v3_ns_ia5_list[0],
+                return x509v3_ext_method_crl_number();
-        &v3_ns_ia5_list[1],
+        case NID_crl_reason:
-        &v3_ns_ia5_list[2],
+                return x509v3_ext_method_crl_reason();
-        &v3_ns_ia5_list[3],
+#ifndef OPENSSL_NO_CT
-        &v3_ns_ia5_list[4],
+        case NID_ct_cert_scts:
-        &v3_ns_ia5_list[5],
+                return x509v3_ext_method_ct_cert_scts();
-        &v3_ns_ia5_list[6],
+        case NID_ct_precert_poison:
-        &v3_skey_id,
+                return x509v3_ext_method_ct_precert_poison();
-        &v3_key_usage,
+        case NID_ct_precert_scts:
-        &v3_pkey_usage_period,
+                return x509v3_ext_method_ct_precert_scts();
-        &v3_alt[0],
-        &v3_alt[1],
-        &v3_bcons,
-        &v3_crl_num,
-        &v3_cpols,
-        &v3_akey_id,
-        &v3_crld,
-        &v3_ext_ku,
-        &v3_delta_crl,
-        &v3_crl_reason,
-#ifndef OPENSSL_NO_OCSP
-        &v3_crl_invdate,
-#endif
-        &v3_info,
-#ifndef OPENSSL_NO_RFC3779
-        &v3_addr,
-        &v3_asid,
-#endif
-#ifndef OPENSSL_NO_OCSP
-        &v3_ocsp_nonce,
-        &v3_ocsp_crlid,
-        &v3_ocsp_accresp,
-        &v3_ocsp_nocheck,
-        &v3_ocsp_acutoff,
-        &v3_ocsp_serviceloc,
 #endif
-        &v3_sinfo,
+        case NID_delta_crl:
-        &v3_policy_constraints,
+                return x509v3_ext_method_delta_crl();
+        case NID_ext_key_usage:
+                return x509v3_ext_method_ext_key_usage();
+        case NID_freshest_crl:
+                return x509v3_ext_method_freshest_crl();
 #ifndef OPENSSL_NO_OCSP
-        &v3_crl_hold,
+        case NID_hold_instruction_code:
+                return x509v3_ext_method_hold_instruction_code();
+        case NID_id_pkix_OCSP_CrlID:
+                return x509v3_ext_method_id_pkix_OCSP_CrlID();
+        case NID_id_pkix_OCSP_Nonce:
+                return x509v3_ext_method_id_pkix_OCSP_Nonce();
+        case NID_id_pkix_OCSP_acceptableResponses:
+                return x509v3_ext_method_id_pkix_OCSP_acceptableResponses();
+        case NID_id_pkix_OCSP_archiveCutoff:
+                return x509v3_ext_method_id_pkix_OCSP_archiveCutoff();
+        case NID_id_pkix_OCSP_serviceLocator:
+                return x509v3_ext_method_id_pkix_OCSP_serviceLocator();
 #endif
-        &v3_name_constraints,
+        case NID_info_access:
-        &v3_policy_mappings,
+                return x509v3_ext_method_info_access();
-        &v3_inhibit_anyp,
+        case NID_inhibit_any_policy:
-        &v3_idp,
+                return x509v3_ext_method_inhibit_any_policy();
-        &v3_alt[2],
+        case NID_invalidity_date:
-        &v3_freshest_crl,
+                return x509v3_ext_method_invalidity_date();
-#ifndef OPENSSL_NO_CT
+        case NID_issuer_alt_name:
-        &v3_ct_scts[0],
+                return x509v3_ext_method_issuer_alt_name();
-        &v3_ct_scts[1],
+        case NID_issuing_distribution_point:
-        &v3_ct_scts[2],
+                return x509v3_ext_method_issuing_distribution_point();
+        case NID_key_usage:
+                return x509v3_ext_method_key_usage();
+        case NID_name_constraints:
+                return x509v3_ext_method_name_constraints();
+        case NID_netscape_base_url:
+                return x509v3_ext_method_netscape_base_url();
+        case NID_netscape_ca_policy_url:
+                return x509v3_ext_method_netscape_ca_policy_url();
+        case NID_netscape_ca_revocation_url:
+                return x509v3_ext_method_netscape_ca_revocation_url();
+        case NID_netscape_cert_type:
+                return x509v3_ext_method_netscape_cert_type();
+        case NID_netscape_comment:
+                return x509v3_ext_method_netscape_comment();
+        case NID_netscape_renewal_url:
+                return x509v3_ext_method_netscape_renewal_url();
+        case NID_netscape_revocation_url:
+                return x509v3_ext_method_netscape_revocation_url();
+        case NID_netscape_ssl_server_name:
+                return x509v3_ext_method_netscape_ssl_server_name();
+        case NID_policy_constraints:
+                return x509v3_ext_method_policy_constraints();
+        case NID_policy_mappings:
+                return x509v3_ext_method_policy_mappings();
+        case NID_private_key_usage_period:
+                return x509v3_ext_method_private_key_usage_period();
+#ifndef OPENSSL_NO_RFC3779
+        case NID_sbgp_ipAddrBlock:
+                return x509v3_ext_method_sbgp_ipAddrBlock();
+        case NID_sbgp_autonomousSysNum:
+                return x509v3_ext_method_sbgp_autonomousSysNum();
 #endif
-};
+        case NID_sinfo_access:
+                return x509v3_ext_method_sinfo_access();
-#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts) / sizeof(standard_exts[0]))
+        case NID_subject_alt_name:
+                return x509v3_ext_method_subject_alt_name();
-const X509V3_EXT_METHOD *
+        case NID_subject_key_identifier:
-X509V3_EXT_get_nid(int nid)
+                return x509v3_ext_method_subject_key_identifier();
-{
+        default:
-        size_t i;
+                return NULL;
-        for (i = 0; i < STANDARD_EXTENSION_COUNT; i++) {
-                if (standard_exts[i]->ext_nid == nid)
-                        return standard_exts[i];
        }
+};
-        return NULL;
-}
 LCRYPTO_ALIAS(X509V3_EXT_get_nid);
 const X509V3_EXT_METHOD *
author	tb <>	2024-07-13 15:08:58 +0000
committer	tb <>	2024-07-13 15:08:58 +0000
commit	de05eb4f597b95fed408db9aa9e9474eb6daf5e6 (patch)
tree	9bceb8f53165bf9b9a2232987ecac3565db027df /src/lib/libcrypto/x509/x509_lib.c
parent	d694a3319273a6e59cc84d958713e0342bfc206d (diff)
download	openbsd-de05eb4f597b95fed408db9aa9e9474eb6daf5e6.tar.gz openbsd-de05eb4f597b95fed408db9aa9e9474eb6daf5e6.tar.bz2 openbsd-de05eb4f597b95fed408db9aa9e9474eb6daf5e6.zip

diff --git a/src/lib/libcrypto/x509/x509_lib.c b/src/lib/libcrypto/x509/x509_lib.c index 8382babbdf..6fa66ab88e 100644 --- a/src/lib/libcrypto/x509/x509_lib.c +++ b/src/lib/libcrypto/x509/x509_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_lib.c,v 1.23 2024/06/17 05:38:08 tb Exp $ */	1	/* $OpenBSD: x509_lib.c,v 1.24 2024/07/13 15:08:58 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -65,89 +65,104 @@
65		65
66	#include "x509_local.h"	66	#include "x509_local.h"
67		67
68	extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;	68	const X509V3_EXT_METHOD *
69	extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_info, v3_sinfo;	69	X509V3_EXT_get_nid(int nid)
70	extern const X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;	70	{
71	extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;	71	switch (nid) {
72	extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;	72	case NID_authority_key_identifier:
73	extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;	73	return x509v3_ext_method_authority_key_identifier();
74	extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;	74	case NID_basic_constraints:
75	extern const X509V3_EXT_METHOD v3_crl_hold;	75	return x509v3_ext_method_basic_constraints();
76	extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;	76	case NID_certificate_issuer:
77	extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;	77	return x509v3_ext_method_certificate_issuer();
78	extern const X509V3_EXT_METHOD v3_addr, v3_asid;	78	case NID_certificate_policies:
79	extern const X509V3_EXT_METHOD v3_ct_scts[3];	79	return x509v3_ext_method_certificate_policies();
80		80	case NID_crl_distribution_points:
81	static const X509V3_EXT_METHOD *standard_exts[] = {	81	return x509v3_ext_method_crl_distribution_points();
82	&v3_nscert,	82	case NID_crl_number:
83	&v3_ns_ia5_list[0],	83	return x509v3_ext_method_crl_number();
84	&v3_ns_ia5_list[1],	84	case NID_crl_reason:
85	&v3_ns_ia5_list[2],	85	return x509v3_ext_method_crl_reason();
86	&v3_ns_ia5_list[3],	86	#ifndef OPENSSL_NO_CT
87	&v3_ns_ia5_list[4],	87	case NID_ct_cert_scts:
88	&v3_ns_ia5_list[5],	88	return x509v3_ext_method_ct_cert_scts();
89	&v3_ns_ia5_list[6],	89	case NID_ct_precert_poison:
90	&v3_skey_id,	90	return x509v3_ext_method_ct_precert_poison();
91	&v3_key_usage,	91	case NID_ct_precert_scts:
92	&v3_pkey_usage_period,	92	return x509v3_ext_method_ct_precert_scts();
93	&v3_alt[0],
94	&v3_alt[1],
95	&v3_bcons,
96	&v3_crl_num,
97	&v3_cpols,
98	&v3_akey_id,
99	&v3_crld,
100	&v3_ext_ku,
101	&v3_delta_crl,
102	&v3_crl_reason,
103	#ifndef OPENSSL_NO_OCSP
104	&v3_crl_invdate,
105	#endif
106	&v3_info,
107	#ifndef OPENSSL_NO_RFC3779
108	&v3_addr,
109	&v3_asid,
110	#endif
111	#ifndef OPENSSL_NO_OCSP
112	&v3_ocsp_nonce,
113	&v3_ocsp_crlid,
114	&v3_ocsp_accresp,
115	&v3_ocsp_nocheck,
116	&v3_ocsp_acutoff,
117	&v3_ocsp_serviceloc,
118	#endif	93	#endif
119	&v3_sinfo,	94	case NID_delta_crl:
120	&v3_policy_constraints,	95	return x509v3_ext_method_delta_crl();
		96	case NID_ext_key_usage:
		97	return x509v3_ext_method_ext_key_usage();
		98	case NID_freshest_crl:
		99	return x509v3_ext_method_freshest_crl();
121	#ifndef OPENSSL_NO_OCSP	100	#ifndef OPENSSL_NO_OCSP
122	&v3_crl_hold,	101	case NID_hold_instruction_code:
		102	return x509v3_ext_method_hold_instruction_code();
		103	case NID_id_pkix_OCSP_CrlID:
		104	return x509v3_ext_method_id_pkix_OCSP_CrlID();
		105	case NID_id_pkix_OCSP_Nonce:
		106	return x509v3_ext_method_id_pkix_OCSP_Nonce();
		107	case NID_id_pkix_OCSP_acceptableResponses:
		108	return x509v3_ext_method_id_pkix_OCSP_acceptableResponses();
		109	case NID_id_pkix_OCSP_archiveCutoff:
		110	return x509v3_ext_method_id_pkix_OCSP_archiveCutoff();
		111	case NID_id_pkix_OCSP_serviceLocator:
		112	return x509v3_ext_method_id_pkix_OCSP_serviceLocator();
123	#endif	113	#endif
124	&v3_name_constraints,	114	case NID_info_access:
125	&v3_policy_mappings,	115	return x509v3_ext_method_info_access();
126	&v3_inhibit_anyp,	116	case NID_inhibit_any_policy:
127	&v3_idp,	117	return x509v3_ext_method_inhibit_any_policy();
128	&v3_alt[2],	118	case NID_invalidity_date:
129	&v3_freshest_crl,	119	return x509v3_ext_method_invalidity_date();
130	#ifndef OPENSSL_NO_CT	120	case NID_issuer_alt_name:
131	&v3_ct_scts[0],	121	return x509v3_ext_method_issuer_alt_name();
132	&v3_ct_scts[1],	122	case NID_issuing_distribution_point:
133	&v3_ct_scts[2],	123	return x509v3_ext_method_issuing_distribution_point();
		124	case NID_key_usage:
		125	return x509v3_ext_method_key_usage();
		126	case NID_name_constraints:
		127	return x509v3_ext_method_name_constraints();
		128	case NID_netscape_base_url:
		129	return x509v3_ext_method_netscape_base_url();
		130	case NID_netscape_ca_policy_url:
		131	return x509v3_ext_method_netscape_ca_policy_url();
		132	case NID_netscape_ca_revocation_url:
		133	return x509v3_ext_method_netscape_ca_revocation_url();
		134	case NID_netscape_cert_type:
		135	return x509v3_ext_method_netscape_cert_type();
		136	case NID_netscape_comment:
		137	return x509v3_ext_method_netscape_comment();
		138	case NID_netscape_renewal_url:
		139	return x509v3_ext_method_netscape_renewal_url();
		140	case NID_netscape_revocation_url:
		141	return x509v3_ext_method_netscape_revocation_url();
		142	case NID_netscape_ssl_server_name:
		143	return x509v3_ext_method_netscape_ssl_server_name();
		144	case NID_policy_constraints:
		145	return x509v3_ext_method_policy_constraints();
		146	case NID_policy_mappings:
		147	return x509v3_ext_method_policy_mappings();
		148	case NID_private_key_usage_period:
		149	return x509v3_ext_method_private_key_usage_period();
		150	#ifndef OPENSSL_NO_RFC3779
		151	case NID_sbgp_ipAddrBlock:
		152	return x509v3_ext_method_sbgp_ipAddrBlock();
		153	case NID_sbgp_autonomousSysNum:
		154	return x509v3_ext_method_sbgp_autonomousSysNum();
134	#endif	155	#endif
135	};	156	case NID_sinfo_access:
136		157	return x509v3_ext_method_sinfo_access();
137	#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts) / sizeof(standard_exts[0]))	158	case NID_subject_alt_name:
138		159	return x509v3_ext_method_subject_alt_name();
139	const X509V3_EXT_METHOD *	160	case NID_subject_key_identifier:
140	X509V3_EXT_get_nid(int nid)	161	return x509v3_ext_method_subject_key_identifier();
141	{	162	default:
142	size_t i;	163	return NULL;
143
144	for (i = 0; i < STANDARD_EXTENSION_COUNT; i++) {
145	if (standard_exts[i]->ext_nid == nid)
146	return standard_exts[i];
147	}	164	}
148		165	};
149	return NULL;
150	}
151	LCRYPTO_ALIAS(X509V3_EXT_get_nid);	166	LCRYPTO_ALIAS(X509V3_EXT_get_nid);
152		167
153	const X509V3_EXT_METHOD *	168	const X509V3_EXT_METHOD *