Remove the custom X509v3 extensions stack

This is essentially unused. The only consumer, www/kore,-acme is in the process of being fixed. It is also incomplete: in particular, the verifier doesn't learn about extensions added to the list, making the entire exercise rather pointless. So let's ditch that crap. This was the last consumer of the horror that is OBJ_bsearch_(). The even worse OBJ_bsearch_ex_() is still being "used" by M2Crypto... This prepares the removal of X509V3_EXT_{add{,_list,_alias},cleanup}(). and removes another piece of thread-unsafe global state. ok jsing
author: tb <> 2024-01-25 12:20:17 +0000
committer: tb <> 2024-01-25 12:20:17 +0000
commit: 9a8a5389de656fa8ebe9b22e40f46852fe5eb5fa (patch)
tree: 3a8b9abaa6440cff35a908c4fa179a94228eb86b /src
parent: 5591371e337724aff2335fd8508e39ec9e15b944 (diff)
download: openbsd-9a8a5389de656fa8ebe9b22e40f46852fe5eb5fa.tar.gz
openbsd-9a8a5389de656fa8ebe9b22e40f46852fe5eb5fa.tar.bz2
openbsd-9a8a5389de656fa8ebe9b22e40f46852fe5eb5fa.zip
1 files changed, 42 insertions, 105 deletions
diff --git a/src/lib/libcrypto/x509/x509_lib.c b/src/lib/libcrypto/x509/x509_lib.c
index 93f8dc207b..c78b600677 100644
--- a/src/lib/libcrypto/x509/x509_lib.c
+++ b/src/lib/libcrypto/x509/x509_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lib.c,v 1.14 2023/04/25 10:56:58 tb Exp $ */
+/* $OpenBSD: x509_lib.c,v 1.15 2024/01/25 12:20:17 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -65,8 +65,6 @@
 #include "x509_local.h"
-static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
 extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
 extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_info, v3_sinfo;
 extern const X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
@@ -142,62 +140,17 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
 #define STANDARD_EXTENSION_COUNT (sizeof(standard_exts) / sizeof(standard_exts[0]))
-static int
-ext_cmp(const X509V3_EXT_METHOD * const *a, const X509V3_EXT_METHOD * const *b)
-{
-        return ((*a)->ext_nid - (*b)->ext_nid);
-}
-int
-X509V3_EXT_add(X509V3_EXT_METHOD *ext)
-{
-        if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
-                X509V3error(ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
-                X509V3error(ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        return 1;
-}
-LCRYPTO_ALIAS(X509V3_EXT_add);
-static int
-ext_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
-{
-        const X509V3_EXT_METHOD * const *a = a_;
-        const X509V3_EXT_METHOD * const *b = b_;
-        return ext_cmp(a, b);
-}
-static const X509V3_EXT_METHOD **
-OBJ_bsearch_ext(const X509V3_EXT_METHOD **key,
-    const X509V3_EXT_METHOD *const *base, int num)
-{
-        return (const X509V3_EXT_METHOD **)OBJ_bsearch_(key, base, num,
-            sizeof(const X509V3_EXT_METHOD *), ext_cmp_BSEARCH_CMP_FN);
-}
 const X509V3_EXT_METHOD *
 X509V3_EXT_get_nid(int nid)
 {
-        X509V3_EXT_METHOD tmp;
+        size_t i;
-        const X509V3_EXT_METHOD *t = &tmp, * const *ret;
-        int idx;
-        if (nid < 0)
+        for (i = 0; i < STANDARD_EXTENSION_COUNT; i++) {
-                return NULL;
+                if (standard_exts[i]->ext_nid == nid)
-        tmp.ext_nid = nid;
+                        return standard_exts[i];
-        ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT);
+        }
-        if (ret)
-                return *ret;
+        return NULL;
-        if (!ext_list)
-                return NULL;
-        idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
-        if (idx == -1)
-                return NULL;
-        return sk_X509V3_EXT_METHOD_value(ext_list, idx);
 }
 LCRYPTO_ALIAS(X509V3_EXT_get_nid);
@@ -213,56 +166,6 @@ X509V3_EXT_get(X509_EXTENSION *ext)
 LCRYPTO_ALIAS(X509V3_EXT_get);
 int
-X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
-{
-        for (; extlist->ext_nid!=-1; extlist++)
-                if (!X509V3_EXT_add(extlist))
-                        return 0;
-        return 1;
-}
-LCRYPTO_ALIAS(X509V3_EXT_add_list);
-int
-X509V3_EXT_add_alias(int nid_to, int nid_from)
-{
-        const X509V3_EXT_METHOD *ext;
-        X509V3_EXT_METHOD *tmpext;
-        if (!(ext = X509V3_EXT_get_nid(nid_from))) {
-                X509V3error(X509V3_R_EXTENSION_NOT_FOUND);
-                return 0;
-        }
-        if (!(tmpext = malloc(sizeof(X509V3_EXT_METHOD)))) {
-                X509V3error(ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        *tmpext = *ext;
-        tmpext->ext_nid = nid_to;
-        tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
-        if (!X509V3_EXT_add(tmpext)) {
-                free(tmpext);
-                return 0;
-        }
-        return 1;
-}
-LCRYPTO_ALIAS(X509V3_EXT_add_alias);
-static void
-ext_list_free(X509V3_EXT_METHOD *ext)
-{
-        if (ext->ext_flags & X509V3_EXT_DYNAMIC)
-                free(ext);
-}
-void
-X509V3_EXT_cleanup(void)
-{
-        sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
-        ext_list = NULL;
-}
-LCRYPTO_ALIAS(X509V3_EXT_cleanup);
-int
 X509V3_add_standard_extensions(void)
 {
        return 1;
@@ -434,3 +337,37 @@ err:
        return 0;
 }
 LCRYPTO_ALIAS(X509V3_add1_i2d);
+/*
+ * XXX - remove all the functions below in the next major bump.
+ */
+int
+X509V3_EXT_add(X509V3_EXT_METHOD *ext)
+{
+        X509V3error(ERR_R_DISABLED);
+        return 0;
+}
+LCRYPTO_ALIAS(X509V3_EXT_add);
+int
+X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
+{
+        X509V3error(ERR_R_DISABLED);
+        return 0;
+}
+LCRYPTO_ALIAS(X509V3_EXT_add_list);
+int
+X509V3_EXT_add_alias(int nid_to, int nid_from)
+{
+        X509V3error(ERR_R_DISABLED);
+        return 0;
+}
+LCRYPTO_ALIAS(X509V3_EXT_add_alias);
+void
+X509V3_EXT_cleanup(void)
+{
+}
+LCRYPTO_ALIAS(X509V3_EXT_cleanup);
author	tb <>	2024-01-25 12:20:17 +0000
committer	tb <>	2024-01-25 12:20:17 +0000
commit	9a8a5389de656fa8ebe9b22e40f46852fe5eb5fa (patch)
tree	3a8b9abaa6440cff35a908c4fa179a94228eb86b /src
parent	5591371e337724aff2335fd8508e39ec9e15b944 (diff)
download	openbsd-9a8a5389de656fa8ebe9b22e40f46852fe5eb5fa.tar.gz openbsd-9a8a5389de656fa8ebe9b22e40f46852fe5eb5fa.tar.bz2 openbsd-9a8a5389de656fa8ebe9b22e40f46852fe5eb5fa.zip

diff --git a/src/lib/libcrypto/x509/x509_lib.c b/src/lib/libcrypto/x509/x509_lib.c index 93f8dc207b..c78b600677 100644 --- a/src/lib/libcrypto/x509/x509_lib.c +++ b/src/lib/libcrypto/x509/x509_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_lib.c,v 1.14 2023/04/25 10:56:58 tb Exp $ */	1	/* $OpenBSD: x509_lib.c,v 1.15 2024/01/25 12:20:17 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -65,8 +65,6 @@
65		65
66	#include "x509_local.h"	66	#include "x509_local.h"
67		67
68	static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
69
70	extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;	68	extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
71	extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_info, v3_sinfo;	69	extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_info, v3_sinfo;
72	extern const X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;	70	extern const X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
@@ -142,62 +140,17 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
142		140
143	#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts) / sizeof(standard_exts[0]))	141	#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts) / sizeof(standard_exts[0]))
144		142
145	static int
146	ext_cmp(const X509V3_EXT_METHOD * const a, const X509V3_EXT_METHOD const *b)
147	{
148	return ((a)->ext_nid - (b)->ext_nid);
149	}
150
151	int
152	X509V3_EXT_add(X509V3_EXT_METHOD *ext)
153	{
154	if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
155	X509V3error(ERR_R_MALLOC_FAILURE);
156	return 0;
157	}
158	if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
159	X509V3error(ERR_R_MALLOC_FAILURE);
160	return 0;
161	}
162	return 1;
163	}
164	LCRYPTO_ALIAS(X509V3_EXT_add);
165
166	static int
167	ext_cmp_BSEARCH_CMP_FN(const void a_, const void b_)
168	{
169	const X509V3_EXT_METHOD * const *a = a_;
170	const X509V3_EXT_METHOD * const *b = b_;
171	return ext_cmp(a, b);
172	}
173
174	static const X509V3_EXT_METHOD **
175	OBJ_bsearch_ext(const X509V3_EXT_METHOD **key,
176	const X509V3_EXT_METHOD const base, int num)
177	{
178	return (const X509V3_EXT_METHOD **)OBJ_bsearch_(key, base, num,
179	sizeof(const X509V3_EXT_METHOD *), ext_cmp_BSEARCH_CMP_FN);
180	}
181
182	const X509V3_EXT_METHOD *	143	const X509V3_EXT_METHOD *
183	X509V3_EXT_get_nid(int nid)	144	X509V3_EXT_get_nid(int nid)
184	{	145	{
185	X509V3_EXT_METHOD tmp;	146	size_t i;
186	const X509V3_EXT_METHOD t = &tmp, const *ret;
187	int idx;
188		147
189	if (nid < 0)	148	for (i = 0; i < STANDARD_EXTENSION_COUNT; i++) {
190	return NULL;	149	if (standard_exts[i]->ext_nid == nid)
191	tmp.ext_nid = nid;	150	return standard_exts[i];
192	ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT);	151	}
193	if (ret)	152
194	return *ret;	153	return NULL;
195	if (!ext_list)
196	return NULL;
197	idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
198	if (idx == -1)
199	return NULL;
200	return sk_X509V3_EXT_METHOD_value(ext_list, idx);
201	}	154	}
202	LCRYPTO_ALIAS(X509V3_EXT_get_nid);	155	LCRYPTO_ALIAS(X509V3_EXT_get_nid);
203		156
@@ -213,56 +166,6 @@ X509V3_EXT_get(X509_EXTENSION *ext)
213	LCRYPTO_ALIAS(X509V3_EXT_get);	166	LCRYPTO_ALIAS(X509V3_EXT_get);
214		167
215	int	168	int
216	X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
217	{
218	for (; extlist->ext_nid!=-1; extlist++)
219	if (!X509V3_EXT_add(extlist))
220	return 0;
221	return 1;
222	}
223	LCRYPTO_ALIAS(X509V3_EXT_add_list);
224
225	int
226	X509V3_EXT_add_alias(int nid_to, int nid_from)
227	{
228	const X509V3_EXT_METHOD *ext;
229	X509V3_EXT_METHOD *tmpext;
230
231	if (!(ext = X509V3_EXT_get_nid(nid_from))) {
232	X509V3error(X509V3_R_EXTENSION_NOT_FOUND);
233	return 0;
234	}
235	if (!(tmpext = malloc(sizeof(X509V3_EXT_METHOD)))) {
236	X509V3error(ERR_R_MALLOC_FAILURE);
237	return 0;
238	}
239	tmpext = ext;
240	tmpext->ext_nid = nid_to;
241	tmpext->ext_flags \|= X509V3_EXT_DYNAMIC;
242	if (!X509V3_EXT_add(tmpext)) {
243	free(tmpext);
244	return 0;
245	}
246	return 1;
247	}
248	LCRYPTO_ALIAS(X509V3_EXT_add_alias);
249
250	static void
251	ext_list_free(X509V3_EXT_METHOD *ext)
252	{
253	if (ext->ext_flags & X509V3_EXT_DYNAMIC)
254	free(ext);
255	}
256
257	void
258	X509V3_EXT_cleanup(void)
259	{
260	sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
261	ext_list = NULL;
262	}
263	LCRYPTO_ALIAS(X509V3_EXT_cleanup);
264
265	int
266	X509V3_add_standard_extensions(void)	169	X509V3_add_standard_extensions(void)
267	{	170	{
268	return 1;	171	return 1;
@@ -434,3 +337,37 @@ err:
434	return 0;	337	return 0;
435	}	338	}
436	LCRYPTO_ALIAS(X509V3_add1_i2d);	339	LCRYPTO_ALIAS(X509V3_add1_i2d);
		340
		341	/*
		342	* XXX - remove all the functions below in the next major bump.
		343	*/
		344
		345	int
		346	X509V3_EXT_add(X509V3_EXT_METHOD *ext)
		347	{
		348	X509V3error(ERR_R_DISABLED);
		349	return 0;
		350	}
		351	LCRYPTO_ALIAS(X509V3_EXT_add);
		352
		353	int
		354	X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
		355	{
		356	X509V3error(ERR_R_DISABLED);
		357	return 0;
		358	}
		359	LCRYPTO_ALIAS(X509V3_EXT_add_list);
		360
		361	int
		362	X509V3_EXT_add_alias(int nid_to, int nid_from)
		363	{
		364	X509V3error(ERR_R_DISABLED);
		365	return 0;
		366	}
		367	LCRYPTO_ALIAS(X509V3_EXT_add_alias);
		368
		369	void
		370	X509V3_EXT_cleanup(void)
		371	{
		372	}
		373	LCRYPTO_ALIAS(X509V3_EXT_cleanup);