summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/x509v3/v3_conf.c73
-rw-r--r--src/lib/libcrypto/x509v3/x509v3.h36
2 files changed, 61 insertions, 48 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
index 27e1bc9f57..bb06c18536 100644
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: v3_conf.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */ 1/* $OpenBSD: v3_conf.c,v 1.22 2018/05/13 17:49:02 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -66,23 +66,27 @@
66#include <openssl/x509.h> 66#include <openssl/x509.h>
67#include <openssl/x509v3.h> 67#include <openssl/x509v3.h>
68 68
69static int v3_check_critical(char **value); 69static int v3_check_critical(const char **value);
70static int v3_check_generic(char **value); 70static int v3_check_generic(const char **value);
71static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, 71static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
72 int crit, char *value); 72 int crit, const char *value);
73static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, 73static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
74 int crit, int type, X509V3_CTX *ctx); 74 int crit, int type, X509V3_CTX *ctx);
75static char *conf_lhash_get_string(void *db, char *section, char *value); 75static char *conf_lhash_get_string(void *db, const char *section,
76static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); 76 const char *value);
77static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db,
78 const char *section);
77static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, 79static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
78 int crit, void *ext_struc); 80 int crit, void *ext_struc);
79static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); 81static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
82 long *ext_len);
80 83
81/* CONF *conf: Config file */ 84/* CONF *conf: Config file */
82/* char *name: Name */ 85/* char *name: Name */
83/* char *value: Value */ 86/* char *value: Value */
84X509_EXTENSION * 87X509_EXTENSION *
85X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value) 88X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
89 const char *value)
86{ 90{
87 int crit; 91 int crit;
88 int ext_type; 92 int ext_type;
@@ -102,7 +106,8 @@ X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value)
102/* CONF *conf: Config file */ 106/* CONF *conf: Config file */
103/* char *value: Value */ 107/* char *value: Value */
104X509_EXTENSION * 108X509_EXTENSION *
105X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value) 109X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
110 const char *value)
106{ 111{
107 int crit; 112 int crit;
108 int ext_type; 113 int ext_type;
@@ -117,7 +122,8 @@ X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value)
117/* CONF *conf: Config file */ 122/* CONF *conf: Config file */
118/* char *value: Value */ 123/* char *value: Value */
119static X509_EXTENSION * 124static X509_EXTENSION *
120do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value) 125do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit,
126 const char *value)
121{ 127{
122 const X509V3_EXT_METHOD *method; 128 const X509V3_EXT_METHOD *method;
123 X509_EXTENSION *ext; 129 X509_EXTENSION *ext;
@@ -233,9 +239,9 @@ X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
233 239
234/* Check the extension string for critical flag */ 240/* Check the extension string for critical flag */
235static int 241static int
236v3_check_critical(char **value) 242v3_check_critical(const char **value)
237{ 243{
238 char *p = *value; 244 const char *p = *value;
239 245
240 if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) 246 if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
241 return 0; 247 return 0;
@@ -247,10 +253,10 @@ v3_check_critical(char **value)
247 253
248/* Check extension string for generic extension and return the type */ 254/* Check extension string for generic extension and return the type */
249static int 255static int
250v3_check_generic(char **value) 256v3_check_generic(const char **value)
251{ 257{
252 int gen_type = 0; 258 int gen_type = 0;
253 char *p = *value; 259 const char *p = *value;
254 260
255 if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { 261 if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
256 p += 4; 262 p += 4;
@@ -269,7 +275,7 @@ v3_check_generic(char **value)
269 275
270/* Create a generic extension: for now just handle DER type */ 276/* Create a generic extension: for now just handle DER type */
271static X509_EXTENSION * 277static X509_EXTENSION *
272v3_generic_extension(const char *ext, char *value, int crit, int gen_type, 278v3_generic_extension(const char *ext, const char *value, int crit, int gen_type,
273 X509V3_CTX *ctx) 279 X509V3_CTX *ctx)
274{ 280{
275 unsigned char *ext_der = NULL; 281 unsigned char *ext_der = NULL;
@@ -318,7 +324,7 @@ err:
318} 324}
319 325
320static unsigned char * 326static unsigned char *
321generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) 327generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len)
322{ 328{
323 ASN1_TYPE *typ; 329 ASN1_TYPE *typ;
324 unsigned char *ext_der = NULL; 330 unsigned char *ext_der = NULL;
@@ -336,7 +342,7 @@ generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
336 */ 342 */
337 343
338int 344int
339X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, 345X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
340 STACK_OF(X509_EXTENSION) **sk) 346 STACK_OF(X509_EXTENSION) **sk)
341{ 347{
342 X509_EXTENSION *ext; 348 X509_EXTENSION *ext;
@@ -360,7 +366,8 @@ X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
360/* Convenience functions to add extensions to a certificate, CRL and request */ 366/* Convenience functions to add extensions to a certificate, CRL and request */
361 367
362int 368int
363X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert) 369X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
370 X509 *cert)
364{ 371{
365 STACK_OF(X509_EXTENSION) **sk = NULL; 372 STACK_OF(X509_EXTENSION) **sk = NULL;
366 373
@@ -372,7 +379,7 @@ X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert)
372/* Same as above but for a CRL */ 379/* Same as above but for a CRL */
373 380
374int 381int
375X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 382X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
376 X509_CRL *crl) 383 X509_CRL *crl)
377{ 384{
378 STACK_OF(X509_EXTENSION) **sk = NULL; 385 STACK_OF(X509_EXTENSION) **sk = NULL;
@@ -385,7 +392,7 @@ X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
385/* Add extensions to certificate request */ 392/* Add extensions to certificate request */
386 393
387int 394int
388X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 395X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
389 X509_REQ *req) 396 X509_REQ *req)
390{ 397{
391 STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; 398 STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
@@ -446,13 +453,13 @@ X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
446} 453}
447 454
448static char * 455static char *
449nconf_get_string(void *db, char *section, char *value) 456nconf_get_string(void *db, const char *section, const char *value)
450{ 457{
451 return NCONF_get_string(db, section, value); 458 return NCONF_get_string(db, section, value);
452} 459}
453 460
454static 461static STACK_OF(CONF_VALUE) *
455STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) 462nconf_get_section(void *db, const char *section)
456{ 463{
457 return NCONF_get_section(db, section); 464 return NCONF_get_section(db, section);
458} 465}
@@ -485,8 +492,8 @@ X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
485/* Old conf compatibility functions */ 492/* Old conf compatibility functions */
486 493
487X509_EXTENSION * 494X509_EXTENSION *
488X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *name, 495X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *name,
489 char *value) 496 const char *value)
490{ 497{
491 CONF ctmp; 498 CONF ctmp;
492 499
@@ -498,7 +505,7 @@ X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *name,
498/* char *value: Value */ 505/* char *value: Value */
499X509_EXTENSION * 506X509_EXTENSION *
500X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid, 507X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid,
501 char *value) 508 const char *value)
502{ 509{
503 CONF ctmp; 510 CONF ctmp;
504 511
@@ -507,13 +514,13 @@ X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid,
507} 514}
508 515
509static char * 516static char *
510conf_lhash_get_string(void *db, char *section, char *value) 517conf_lhash_get_string(void *db, const char *section, const char *value)
511{ 518{
512 return CONF_get_string(db, section, value); 519 return CONF_get_string(db, section, value);
513} 520}
514 521
515static STACK_OF(CONF_VALUE) * 522static STACK_OF(CONF_VALUE) *
516conf_lhash_get_section(void *db, char *section) 523conf_lhash_get_section(void *db, const char *section)
517{ 524{
518 return CONF_get_section(db, section); 525 return CONF_get_section(db, section);
519} 526}
@@ -533,8 +540,8 @@ X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
533} 540}
534 541
535int 542int
536X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section, 543X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
537 X509 *cert) 544 const char *section, X509 *cert)
538{ 545{
539 CONF ctmp; 546 CONF ctmp;
540 547
@@ -546,7 +553,7 @@ X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section,
546 553
547int 554int
548X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 555X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
549 char *section, X509_CRL *crl) 556 const char *section, X509_CRL *crl)
550{ 557{
551 CONF ctmp; 558 CONF ctmp;
552 559
@@ -558,7 +565,7 @@ X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
558 565
559int 566int
560X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 567X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
561 char *section, X509_REQ *req) 568 const char *section, X509_REQ *req)
562{ 569{
563 CONF ctmp; 570 CONF ctmp;
564 571
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
index 3efb4ef25d..429239424c 100644
--- a/src/lib/libcrypto/x509v3/x509v3.h
+++ b/src/lib/libcrypto/x509v3/x509v3.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509v3.h,v 1.24 2018/05/13 15:03:01 tb Exp $ */ 1/* $OpenBSD: x509v3.h,v 1.25 2018/05/13 17:49:03 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -121,9 +121,9 @@ void *usr_data; /* Any extension specific data */
121}; 121};
122 122
123typedef struct X509V3_CONF_METHOD_st { 123typedef struct X509V3_CONF_METHOD_st {
124char * (*get_string)(void *db, char *section, char *value); 124char *(*get_string)(void *db, const char *section, const char *value);
125STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); 125STACK_OF(CONF_VALUE) *(*get_section)(void *db, const char *section);
126void (*free_string)(void *db, char * string); 126void (*free_string)(void *db, char *string);
127void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); 127void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
128} X509V3_CONF_METHOD; 128} X509V3_CONF_METHOD;
129 129
@@ -696,23 +696,29 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
696 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); 696 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
697void X509V3_conf_free(CONF_VALUE *val); 697void X509V3_conf_free(CONF_VALUE *val);
698 698
699X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); 699X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
700X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value); 700 const char *value);
701int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk); 701X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
702int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert); 702 const char *value);
703int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); 703int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
704int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); 704 STACK_OF(X509_EXTENSION) **sk);
705int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
706 X509 *cert);
707int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
708 X509_REQ *req);
709int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
710 X509_CRL *crl);
705 711
706X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 712X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
707 int ext_nid, char *value); 713 int ext_nid, const char *value);
708X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 714X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
709 char *name, char *value); 715 const char *name, const char *value);
710int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 716int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
711 char *section, X509 *cert); 717 const char *section, X509 *cert);
712int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 718int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
713 char *section, X509_REQ *req); 719 const char *section, X509_REQ *req);
714int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 720int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
715 char *section, X509_CRL *crl); 721 const char *section, X509_CRL *crl);
716 722
717int X509V3_add_value_bool_nf(char *name, int asn1_bool, 723int X509V3_add_value_bool_nf(char *name, int asn1_bool,
718 STACK_OF(CONF_VALUE) **extlist); 724 STACK_OF(CONF_VALUE) **extlist);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-23 04:44:57 +0000