OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

1 files changed, 66 insertions, 22 deletions

diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
index a0aa5de794..4242d130a2 100644
--- a/src/lib/libcrypto/x509v3/v3_lib.c
+++ b/src/lib/libcrypto/x509v3/v3_lib.c
@@ -62,6 +62,8 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
+#include "ext_dat.h"
+
 static STACK *ext_list = NULL;
 
 static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b);
@@ -87,10 +89,15 @@ static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b)
 
 X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
 {
-        X509V3_EXT_METHOD tmp;
+        X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
         int idx;
+        if(nid < 0) return NULL;
         tmp.ext_nid = nid;
-        if(!ext_list || (tmp.ext_nid < 0) ) return NULL;
+        ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
+                        (char *)standard_exts, STANDARD_EXTENSION_COUNT,
+                        sizeof(X509V3_EXT_METHOD *), (int (*)())ext_cmp);
+        if(ret) return *ret;
+        if(!ext_list) return NULL;
         idx = sk_find(ext_list, (char *)&tmp);
         if(idx == -1) return NULL;
         return (X509V3_EXT_METHOD *)sk_value(ext_list, idx);
@@ -125,7 +132,7 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from)
         *tmpext = *ext;
         tmpext->ext_nid = nid_to;
         tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
-        return 1;
+        return X509V3_EXT_add(tmpext);
 }
 
 void X509V3_EXT_cleanup(void)
@@ -139,28 +146,12 @@ static void ext_list_free(X509V3_EXT_METHOD *ext)
         if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext);
 }
 
-extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet;
-extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
-
-extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
+/* Legacy function: we don't need to add standard extensions
+ * any more because they are now kept in ext_dat.h.
+ */
 
 int X509V3_add_standard_extensions(void)
 {
-        X509V3_EXT_add_list(v3_ns_ia5_list);
-        X509V3_EXT_add_list(v3_alt);
-        X509V3_EXT_add(&v3_bcons);
-        X509V3_EXT_add(&v3_nscert);
-        X509V3_EXT_add(&v3_key_usage);
-        X509V3_EXT_add(&v3_ext_ku);
-        X509V3_EXT_add(&v3_skey_id);
-        X509V3_EXT_add(&v3_akey_id);
-        X509V3_EXT_add(&v3_pkey_usage_period);
-        X509V3_EXT_add(&v3_crl_num);
-        X509V3_EXT_add(&v3_sxnet);
-        X509V3_EXT_add(&v3_crl_reason);
-        X509V3_EXT_add(&v3_cpols);
-        X509V3_EXT_add(&v3_crld);
         return 1;
 }
 
@@ -175,3 +166,56 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
         return method->d2i(NULL, &p, ext->value->length);
 }
 
+/* Get critical flag and decoded version of extension from a NID.
+ * The "idx" variable returns the last found extension and can
+ * be used to retrieve multiple extensions of the same NID.
+ * However multiple extensions with the same NID is usually
+ * due to a badly encoded certificate so if idx is NULL we
+ * choke if multiple extensions exist.
+ * The "crit" variable is set to the critical value.
+ * The return value is the decoded extension or NULL on
+ * error. The actual error can have several different causes,
+ * the value of *crit reflects the cause:
+ * >= 0, extension found but not decoded (reflects critical value).
+ * -1 extension not found.
+ * -2 extension occurs more than once.
+ */
+
+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
+{
+        int lastpos, i;
+        X509_EXTENSION *ex, *found_ex = NULL;
+        if(!x) {
+                if(idx) *idx = -1;
+                if(crit) *crit = -1;
+                return NULL;
+        }
+        if(idx) lastpos = *idx + 1;
+        else lastpos = 0;
+        if(lastpos < 0) lastpos = 0;
+        for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
+        {
+                ex = sk_X509_EXTENSION_value(x, i);
+                if(OBJ_obj2nid(ex->object) == nid) {
+                        if(idx) {
+                                *idx = i;
+                                break;
+                        } else if(found_ex) {
+                                /* Found more than one */
+                                if(crit) *crit = -2;
+                                return NULL;
+                        }
+                        found_ex = ex;
+                }
+        }
+        if(found_ex) {
+                /* Found it */
+                if(crit) *crit = found_ex->critical;
+                return X509V3_EXT_d2i(found_ex);
+        }
+        
+        /* Extension not found */
+        if(idx) *idx = -1;
+        if(crit) *crit = -1;
+        return NULL;
+}