1 files changed, 0 insertions, 456 deletions
diff --git a/src/lib/libcrypto/x509/x509_conf.c b/src/lib/libcrypto/x509/x509_conf.c
deleted file mode 100644
index e5b18c2f77..0000000000
--- a/src/lib/libcrypto/x509/x509_conf.c
+++ /dev/null
@@ -1,456 +0,0 @@
-/* $OpenBSD: x509_conf.c,v 1.29 2025/03/06 07:20:01 tb Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* extension creation utilities */
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include "conf_local.h"
-#include "x509_local.h"
-static int v3_check_critical(const char **value);
-static int v3_check_generic(const char **value);
-static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int nid,
-    int crit, const char *value);
-static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
-    int crit, int type, X509V3_CTX *ctx);
-static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int nid,
-    int crit, void *ext_struct);
-static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
-    long *ext_len);
-X509_EXTENSION *
-X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
-    const char *value)
-{
-        int crit;
-        int ext_type;
-        X509_EXTENSION *ret;
-        crit = v3_check_critical(&value);
-        if ((ext_type = v3_check_generic(&value)))
-                return v3_generic_extension(name, value, crit, ext_type, ctx);
-        ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
-        if (!ret) {
-                X509V3error(X509V3_R_ERROR_IN_EXTENSION);
-                ERR_asprintf_error_data("name=%s, value=%s", name, value);
-        }
-        return ret;
-}
-LCRYPTO_ALIAS(X509V3_EXT_nconf);
-X509_EXTENSION *
-X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int nid, const char *value)
-{
-        int crit;
-        int ext_type;
-        crit = v3_check_critical(&value);
-        if ((ext_type = v3_check_generic(&value)))
-                return v3_generic_extension(OBJ_nid2sn(nid),
-                    value, crit, ext_type, ctx);
-        return do_ext_nconf(conf, ctx, nid, crit, value);
-}
-LCRYPTO_ALIAS(X509V3_EXT_nconf_nid);
-static X509_EXTENSION *
-do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int nid, int crit, const char *value)
-{
-        const X509V3_EXT_METHOD *method;
-        X509_EXTENSION *ext;
-        void *ext_struct;
-        if (nid == NID_undef) {
-                X509V3error(X509V3_R_UNKNOWN_EXTENSION_NAME);
-                return NULL;
-        }
-        if (!(method = X509V3_EXT_get_nid(nid))) {
-                X509V3error(X509V3_R_UNKNOWN_EXTENSION);
-                return NULL;
-        }
-        /* Now get internal extension representation based on type */
-        if (method->v2i) {
-                STACK_OF(CONF_VALUE) *nval;
-                if (*value == '@')
-                        nval = NCONF_get_section(conf, value + 1);
-                else
-                        nval = X509V3_parse_list(value);
-                if (sk_CONF_VALUE_num(nval) <= 0) {
-                        X509V3error(X509V3_R_INVALID_EXTENSION_STRING);
-                        ERR_asprintf_error_data("name=%s,section=%s",
-                            OBJ_nid2sn(nid), value);
-                        if (*value != '@')
-                                sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
-                        return NULL;
-                }
-                ext_struct = method->v2i(method, ctx, nval);
-                if (*value != '@')
-                        sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
-        } else if (method->s2i) {
-                ext_struct = method->s2i(method, ctx, value);
-        } else if (method->r2i) {
-                if (ctx->db == NULL) {
-                        X509V3error(X509V3_R_NO_CONFIG_DATABASE);
-                        return NULL;
-                }
-                ext_struct = method->r2i(method, ctx, value);
-        } else {
-                X509V3error(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
-                ERR_asprintf_error_data("name=%s", OBJ_nid2sn(nid));
-                return NULL;
-        }
-        if (ext_struct == NULL)
-                return NULL;
-        ext = do_ext_i2d(method, nid, crit, ext_struct);
-        if (method->it)
-                ASN1_item_free(ext_struct, method->it);
-        else
-                method->ext_free(ext_struct);
-        return ext;
-}
-static X509_EXTENSION *
-do_ext_i2d(const X509V3_EXT_METHOD *method, int nid, int crit,
-    void *ext_struct)
-{
-        unsigned char *ext_der = NULL;
-        int ext_len;
-        ASN1_OCTET_STRING *ext_oct = NULL;
-        X509_EXTENSION *ext;
-        /* Convert internal representation to DER */
-        if (method->it != NULL) {
-                ext_der = NULL;
-                ext_len = ASN1_item_i2d(ext_struct, &ext_der, method->it);
-                if (ext_len < 0)
-                        goto err;
-        } else {
-                unsigned char *p;
-                if ((ext_len = method->i2d(ext_struct, NULL)) <= 0)
-                        goto err;
-                if ((ext_der = calloc(1, ext_len)) == NULL)
-                        goto err;
-                p = ext_der;
-                if (method->i2d(ext_struct, &p) != ext_len)
-                        goto err;
-        }
-        if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL)
-                goto err;
-        ASN1_STRING_set0(ext_oct, ext_der, ext_len);
-        ext_der = NULL;
-        ext_len = 0;
-        ext = X509_EXTENSION_create_by_NID(NULL, nid, crit, ext_oct);
-        if (ext == NULL)
-                goto err;
-        ASN1_OCTET_STRING_free(ext_oct);
-        return ext;
- err:
-        free(ext_der);
-        ASN1_OCTET_STRING_free(ext_oct);
-        X509V3error(ERR_R_MALLOC_FAILURE);
-        return NULL;
-}
-/* Given an internal structure, nid and critical flag create an extension */
-X509_EXTENSION *
-X509V3_EXT_i2d(int nid, int crit, void *ext_struct)
-{
-        const X509V3_EXT_METHOD *method;
-        if (!(method = X509V3_EXT_get_nid(nid))) {
-                X509V3error(X509V3_R_UNKNOWN_EXTENSION);
-                return NULL;
-        }
-        return do_ext_i2d(method, nid, crit, ext_struct);
-}
-LCRYPTO_ALIAS(X509V3_EXT_i2d);
-/* Check the extension string for critical flag */
-static int
-v3_check_critical(const char **value)
-{
-        const char *p = *value;
-        if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
-                return 0;
-        p += 9;
-        while (isspace((unsigned char)*p)) p++;
-                *value = p;
-        return 1;
-}
-/* Check extension string for generic extension and return the type */
-static int
-v3_check_generic(const char **value)
-{
-        int gen_type = 0;
-        const char *p = *value;
-        if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
-                p += 4;
-                gen_type = 1;
-        } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) {
-                p += 5;
-                gen_type = 2;
-        } else
-                return 0;
-        while (isspace((unsigned char)*p))
-                p++;
-        *value = p;
-        return gen_type;
-}
-/* Create a generic extension: for now just handle DER type */
-static X509_EXTENSION *
-v3_generic_extension(const char *name, const char *value, int crit, int gen_type,
-    X509V3_CTX *ctx)
-{
-        unsigned char *ext_der = NULL;
-        long ext_len = 0;
-        ASN1_OBJECT *obj = NULL;
-        ASN1_OCTET_STRING *oct = NULL;
-        X509_EXTENSION *ext = NULL;
-        if ((obj = OBJ_txt2obj(name, 0)) == NULL) {
-                X509V3error(X509V3_R_EXTENSION_NAME_ERROR);
-                ERR_asprintf_error_data("name=%s", name);
-                goto err;
-        }
-        if (gen_type == 1)
-                ext_der = string_to_hex(value, &ext_len);
-        else if (gen_type == 2)
-                ext_der = generic_asn1(value, ctx, &ext_len);
-        else {
-                ERR_asprintf_error_data("Unexpected generic extension type %d", gen_type);
-                goto err;
-        }
-        if (ext_der == NULL) {
-                X509V3error(X509V3_R_EXTENSION_VALUE_ERROR);
-                ERR_asprintf_error_data("value=%s", value);
-                goto err;
-        }
-        if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
-                X509V3error(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        ASN1_STRING_set0(oct, ext_der, ext_len);
-        ext_der = NULL;
-        ext_len = 0;
-        ext = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
- err:
-        ASN1_OBJECT_free(obj);
-        ASN1_OCTET_STRING_free(oct);
-        free(ext_der);
-        return ext;
-}
-static unsigned char *
-generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len)
-{
-        ASN1_TYPE *typ;
-        unsigned char *ext_der = NULL;
-        typ = ASN1_generate_v3(value, ctx);
-        if (typ == NULL)
-                return NULL;
-        *ext_len = i2d_ASN1_TYPE(typ, &ext_der);
-        ASN1_TYPE_free(typ);
-        return ext_der;
-}
-/*
- * This is the main function: add a bunch of extensions based on a config file
- * section to an extension STACK.
- */
-int
-X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
-    STACK_OF(X509_EXTENSION) **sk)
-{
-        X509_EXTENSION *ext;
-        STACK_OF(CONF_VALUE) *nval;
-        CONF_VALUE *val;
-        int i;
-        if (!(nval = NCONF_get_section(conf, section)))
-                return 0;
-        for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                val = sk_CONF_VALUE_value(nval, i);
-                if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
-                        return 0;
-                if (sk)
-                        X509v3_add_ext(sk, ext, -1);
-                X509_EXTENSION_free(ext);
-        }
-        return 1;
-}
-LCRYPTO_ALIAS(X509V3_EXT_add_nconf_sk);
-int
-X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
-    X509 *cert)
-{
-        STACK_OF(X509_EXTENSION) **sk = NULL;
-        if (cert)
-                sk = &cert->cert_info->extensions;
-        return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-}
-LCRYPTO_ALIAS(X509V3_EXT_add_nconf);
-int
-X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
-    X509_CRL *crl)
-{
-        STACK_OF(X509_EXTENSION) **sk = NULL;
-        if (crl)
-                sk = &crl->crl->extensions;
-        return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-}
-LCRYPTO_ALIAS(X509V3_EXT_CRL_add_nconf);
-int
-X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
-    X509_REQ *req)
-{
-        STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
-        int i;
-        if (req)
-                sk = &extlist;
-        i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-        if (!i || !sk)
-                return i;
-        i = X509_REQ_add_extensions(req, extlist);
-        sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
-        return i;
-}
-LCRYPTO_ALIAS(X509V3_EXT_REQ_add_nconf);
-STACK_OF(CONF_VALUE) *
-X509V3_get0_section(X509V3_CTX *ctx, const char *section)
-{
-        if (ctx->db == NULL) {
-                X509V3error(X509V3_R_OPERATION_NOT_DEFINED);
-                return NULL;
-        }
-        return NCONF_get_section(ctx->db, section);
-}
-void
-X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
-{
-        ctx->db = conf;
-}
-LCRYPTO_ALIAS(X509V3_set_nconf);
-void
-X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
-    X509_CRL *crl, int flags)
-{
-        ctx->issuer_cert = issuer;
-        ctx->subject_cert = subj;
-        ctx->crl = crl;
-        ctx->subject_req = req;
-        ctx->flags = flags;
-}
-LCRYPTO_ALIAS(X509V3_set_ctx);
-X509_EXTENSION *
-X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *name,
-    const char *value)
-{
-        CONF ctmp;
-        CONF_set_nconf(&ctmp, conf);
-        return X509V3_EXT_nconf(&ctmp, ctx, name, value);
-}
-LCRYPTO_ALIAS(X509V3_EXT_conf);
-X509_EXTENSION *
-X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int nid,
-    const char *value)
-{
-        CONF ctmp;
-        CONF_set_nconf(&ctmp, conf);
-        return X509V3_EXT_nconf_nid(&ctmp, ctx, nid, value);
-}
-LCRYPTO_ALIAS(X509V3_EXT_conf_nid);

diff --git a/src/lib/libcrypto/x509/x509_conf.c b/src/lib/libcrypto/x509/x509_conf.c deleted file mode 100644 index e5b18c2f77..0000000000 --- a/src/lib/libcrypto/x509/x509_conf.c +++ /dev/null
@@ -1,456 +0,0 @@
1	/* $OpenBSD: x509_conf.c,v 1.29 2025/03/06 07:20:01 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.
4	*/
5	/* ====================================================================
6	* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58	/* extension creation utilities */
59
60	#include <ctype.h>
61	#include <stdio.h>
62	#include <string.h>
63
64	#include <openssl/conf.h>
65	#include <openssl/err.h>
66	#include <openssl/x509.h>
67	#include <openssl/x509v3.h>
68
69	#include "conf_local.h"
70	#include "x509_local.h"
71
72	static int v3_check_critical(const char **value);
73	static int v3_check_generic(const char **value);
74	static X509_EXTENSION do_ext_nconf(CONF conf, X509V3_CTX *ctx, int nid,
75	int crit, const char *value);
76	static X509_EXTENSION v3_generic_extension(const char ext, const char *value,
77	int crit, int type, X509V3_CTX *ctx);
78	static X509_EXTENSION do_ext_i2d(const X509V3_EXT_METHOD method, int nid,
79	int crit, void *ext_struct);
80	static unsigned char generic_asn1(const char value, X509V3_CTX *ctx,
81	long *ext_len);
82
83	X509_EXTENSION *
84	X509V3_EXT_nconf(CONF conf, X509V3_CTX ctx, const char *name,
85	const char *value)
86	{
87	int crit;
88	int ext_type;
89	X509_EXTENSION *ret;
90
91	crit = v3_check_critical(&value);
92	if ((ext_type = v3_check_generic(&value)))
93	return v3_generic_extension(name, value, crit, ext_type, ctx);
94	ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
95	if (!ret) {
96	X509V3error(X509V3_R_ERROR_IN_EXTENSION);
97	ERR_asprintf_error_data("name=%s, value=%s", name, value);
98	}
99	return ret;
100	}
101	LCRYPTO_ALIAS(X509V3_EXT_nconf);
102
103	X509_EXTENSION *
104	X509V3_EXT_nconf_nid(CONF conf, X509V3_CTX ctx, int nid, const char *value)
105	{
106	int crit;
107	int ext_type;
108
109	crit = v3_check_critical(&value);
110	if ((ext_type = v3_check_generic(&value)))
111	return v3_generic_extension(OBJ_nid2sn(nid),
112	value, crit, ext_type, ctx);
113	return do_ext_nconf(conf, ctx, nid, crit, value);
114	}
115	LCRYPTO_ALIAS(X509V3_EXT_nconf_nid);
116
117	static X509_EXTENSION *
118	do_ext_nconf(CONF conf, X509V3_CTX ctx, int nid, int crit, const char *value)
119	{
120	const X509V3_EXT_METHOD *method;
121	X509_EXTENSION *ext;
122	void *ext_struct;
123
124	if (nid == NID_undef) {
125	X509V3error(X509V3_R_UNKNOWN_EXTENSION_NAME);
126	return NULL;
127	}
128	if (!(method = X509V3_EXT_get_nid(nid))) {
129	X509V3error(X509V3_R_UNKNOWN_EXTENSION);
130	return NULL;
131	}
132	/* Now get internal extension representation based on type */
133	if (method->v2i) {
134	STACK_OF(CONF_VALUE) *nval;
135
136	if (*value == '@')
137	nval = NCONF_get_section(conf, value + 1);
138	else
139	nval = X509V3_parse_list(value);
140	if (sk_CONF_VALUE_num(nval) <= 0) {
141	X509V3error(X509V3_R_INVALID_EXTENSION_STRING);
142	ERR_asprintf_error_data("name=%s,section=%s",
143	OBJ_nid2sn(nid), value);
144	if (*value != '@')
145	sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
146	return NULL;
147	}
148	ext_struct = method->v2i(method, ctx, nval);
149	if (*value != '@')
150	sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
151	} else if (method->s2i) {
152	ext_struct = method->s2i(method, ctx, value);
153	} else if (method->r2i) {
154	if (ctx->db == NULL) {
155	X509V3error(X509V3_R_NO_CONFIG_DATABASE);
156	return NULL;
157	}
158	ext_struct = method->r2i(method, ctx, value);
159	} else {
160	X509V3error(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
161	ERR_asprintf_error_data("name=%s", OBJ_nid2sn(nid));
162	return NULL;
163	}
164	if (ext_struct == NULL)
165	return NULL;
166
167	ext = do_ext_i2d(method, nid, crit, ext_struct);
168	if (method->it)
169	ASN1_item_free(ext_struct, method->it);
170	else
171	method->ext_free(ext_struct);
172	return ext;
173	}
174
175	static X509_EXTENSION *
176	do_ext_i2d(const X509V3_EXT_METHOD *method, int nid, int crit,
177	void *ext_struct)
178	{
179	unsigned char *ext_der = NULL;
180	int ext_len;
181	ASN1_OCTET_STRING *ext_oct = NULL;
182	X509_EXTENSION *ext;
183
184	/* Convert internal representation to DER */
185	if (method->it != NULL) {
186	ext_der = NULL;
187	ext_len = ASN1_item_i2d(ext_struct, &ext_der, method->it);
188	if (ext_len < 0)
189	goto err;
190	} else {
191	unsigned char *p;
192
193	if ((ext_len = method->i2d(ext_struct, NULL)) <= 0)
194	goto err;
195	if ((ext_der = calloc(1, ext_len)) == NULL)
196	goto err;
197	p = ext_der;
198	if (method->i2d(ext_struct, &p) != ext_len)
199	goto err;
200	}
201	if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL)
202	goto err;
203	ASN1_STRING_set0(ext_oct, ext_der, ext_len);
204	ext_der = NULL;
205	ext_len = 0;
206
207	ext = X509_EXTENSION_create_by_NID(NULL, nid, crit, ext_oct);
208	if (ext == NULL)
209	goto err;
210	ASN1_OCTET_STRING_free(ext_oct);
211
212	return ext;
213
214	err:
215	free(ext_der);
216	ASN1_OCTET_STRING_free(ext_oct);
217	X509V3error(ERR_R_MALLOC_FAILURE);
218
219	return NULL;
220	}
221
222	/* Given an internal structure, nid and critical flag create an extension */
223	X509_EXTENSION *
224	X509V3_EXT_i2d(int nid, int crit, void *ext_struct)
225	{
226	const X509V3_EXT_METHOD *method;
227
228	if (!(method = X509V3_EXT_get_nid(nid))) {
229	X509V3error(X509V3_R_UNKNOWN_EXTENSION);
230	return NULL;
231	}
232	return do_ext_i2d(method, nid, crit, ext_struct);
233	}
234	LCRYPTO_ALIAS(X509V3_EXT_i2d);
235
236	/* Check the extension string for critical flag */
237	static int
238	v3_check_critical(const char **value)
239	{
240	const char p = value;
241
242	if ((strlen(p) < 9) \|\| strncmp(p, "critical,", 9))
243	return 0;
244	p += 9;
245	while (isspace((unsigned char)*p)) p++;
246	*value = p;
247	return 1;
248	}
249
250	/* Check extension string for generic extension and return the type */
251	static int
252	v3_check_generic(const char **value)
253	{
254	int gen_type = 0;
255	const char p = value;
256
257	if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
258	p += 4;
259	gen_type = 1;
260	} else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) {
261	p += 5;
262	gen_type = 2;
263	} else
264	return 0;
265
266	while (isspace((unsigned char)*p))
267	p++;
268	*value = p;
269	return gen_type;
270	}
271
272	/* Create a generic extension: for now just handle DER type */
273	static X509_EXTENSION *
274	v3_generic_extension(const char name, const char value, int crit, int gen_type,
275	X509V3_CTX *ctx)
276	{
277	unsigned char *ext_der = NULL;
278	long ext_len = 0;
279	ASN1_OBJECT *obj = NULL;
280	ASN1_OCTET_STRING *oct = NULL;
281	X509_EXTENSION *ext = NULL;
282
283	if ((obj = OBJ_txt2obj(name, 0)) == NULL) {
284	X509V3error(X509V3_R_EXTENSION_NAME_ERROR);
285	ERR_asprintf_error_data("name=%s", name);
286	goto err;
287	}
288
289	if (gen_type == 1)
290	ext_der = string_to_hex(value, &ext_len);
291	else if (gen_type == 2)
292	ext_der = generic_asn1(value, ctx, &ext_len);
293	else {
294	ERR_asprintf_error_data("Unexpected generic extension type %d", gen_type);
295	goto err;
296	}
297
298	if (ext_der == NULL) {
299	X509V3error(X509V3_R_EXTENSION_VALUE_ERROR);
300	ERR_asprintf_error_data("value=%s", value);
301	goto err;
302	}
303
304	if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
305	X509V3error(ERR_R_MALLOC_FAILURE);
306	goto err;
307	}
308
309	ASN1_STRING_set0(oct, ext_der, ext_len);
310	ext_der = NULL;
311	ext_len = 0;
312
313	ext = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
314
315	err:
316	ASN1_OBJECT_free(obj);
317	ASN1_OCTET_STRING_free(oct);
318	free(ext_der);
319
320	return ext;
321	}
322
323	static unsigned char *
324	generic_asn1(const char value, X509V3_CTX ctx, long *ext_len)
325	{
326	ASN1_TYPE *typ;
327	unsigned char *ext_der = NULL;
328
329	typ = ASN1_generate_v3(value, ctx);
330	if (typ == NULL)
331	return NULL;
332	*ext_len = i2d_ASN1_TYPE(typ, &ext_der);
333	ASN1_TYPE_free(typ);
334	return ext_der;
335	}
336
337	/*
338	* This is the main function: add a bunch of extensions based on a config file
339	* section to an extension STACK.
340	*/
341
342	int
343	X509V3_EXT_add_nconf_sk(CONF conf, X509V3_CTX ctx, const char *section,
344	STACK_OF(X509_EXTENSION) **sk)
345	{
346	X509_EXTENSION *ext;
347	STACK_OF(CONF_VALUE) *nval;
348	CONF_VALUE *val;
349	int i;
350
351	if (!(nval = NCONF_get_section(conf, section)))
352	return 0;
353	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
354	val = sk_CONF_VALUE_value(nval, i);
355	if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
356	return 0;
357	if (sk)
358	X509v3_add_ext(sk, ext, -1);
359	X509_EXTENSION_free(ext);
360	}
361	return 1;
362	}
363	LCRYPTO_ALIAS(X509V3_EXT_add_nconf_sk);
364
365	int
366	X509V3_EXT_add_nconf(CONF conf, X509V3_CTX ctx, const char *section,
367	X509 *cert)
368	{
369	STACK_OF(X509_EXTENSION) **sk = NULL;
370
371	if (cert)
372	sk = &cert->cert_info->extensions;
373	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
374	}
375	LCRYPTO_ALIAS(X509V3_EXT_add_nconf);
376
377	int
378	X509V3_EXT_CRL_add_nconf(CONF conf, X509V3_CTX ctx, const char *section,
379	X509_CRL *crl)
380	{
381	STACK_OF(X509_EXTENSION) **sk = NULL;
382
383	if (crl)
384	sk = &crl->crl->extensions;
385	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
386	}
387	LCRYPTO_ALIAS(X509V3_EXT_CRL_add_nconf);
388
389	int
390	X509V3_EXT_REQ_add_nconf(CONF conf, X509V3_CTX ctx, const char *section,
391	X509_REQ *req)
392	{
393	STACK_OF(X509_EXTENSION) extlist = NULL, *sk = NULL;
394	int i;
395
396	if (req)
397	sk = &extlist;
398	i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
399	if (!i \|\| !sk)
400	return i;
401	i = X509_REQ_add_extensions(req, extlist);
402	sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
403	return i;
404	}
405	LCRYPTO_ALIAS(X509V3_EXT_REQ_add_nconf);
406
407	STACK_OF(CONF_VALUE) *
408	X509V3_get0_section(X509V3_CTX ctx, const char section)
409	{
410	if (ctx->db == NULL) {
411	X509V3error(X509V3_R_OPERATION_NOT_DEFINED);
412	return NULL;
413	}
414	return NCONF_get_section(ctx->db, section);
415	}
416
417	void
418	X509V3_set_nconf(X509V3_CTX ctx, CONF conf)
419	{
420	ctx->db = conf;
421	}
422	LCRYPTO_ALIAS(X509V3_set_nconf);
423
424	void
425	X509V3_set_ctx(X509V3_CTX ctx, X509 issuer, X509 subj, X509_REQ req,
426	X509_CRL *crl, int flags)
427	{
428	ctx->issuer_cert = issuer;
429	ctx->subject_cert = subj;
430	ctx->crl = crl;
431	ctx->subject_req = req;
432	ctx->flags = flags;
433	}
434	LCRYPTO_ALIAS(X509V3_set_ctx);
435
436	X509_EXTENSION *
437	X509V3_EXT_conf(LHASH_OF(CONF_VALUE) conf, X509V3_CTX ctx, const char *name,
438	const char *value)
439	{
440	CONF ctmp;
441
442	CONF_set_nconf(&ctmp, conf);
443	return X509V3_EXT_nconf(&ctmp, ctx, name, value);
444	}
445	LCRYPTO_ALIAS(X509V3_EXT_conf);
446
447	X509_EXTENSION *
448	X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) conf, X509V3_CTX ctx, int nid,
449	const char *value)
450	{
451	CONF ctmp;
452
453	CONF_set_nconf(&ctmp, conf);
454	return X509V3_EXT_nconf_nid(&ctmp, ctx, nid, value);
455	}
456	LCRYPTO_ALIAS(X509V3_EXT_conf_nid);