summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3/v3_conf.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/x509v3/v3_conf.c501
1 files changed, 273 insertions, 228 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
index 519aefc93c..daacf8d5df 100644
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -58,7 +58,6 @@
58/* extension creation utilities */ 58/* extension creation utilities */
59 59
60 60
61
62#include <stdio.h> 61#include <stdio.h>
63#include <ctype.h> 62#include <ctype.h>
64#include "cryptlib.h" 63#include "cryptlib.h"
@@ -68,228 +67,242 @@
68 67
69static int v3_check_critical(char **value); 68static int v3_check_critical(char **value);
70static int v3_check_generic(char **value); 69static int v3_check_generic(char **value);
71static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); 70static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
72static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); 71 int crit, char *value);
72static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
73 int crit, int type, X509V3_CTX *ctx);
73static char *conf_lhash_get_string(void *db, char *section, char *value); 74static char *conf_lhash_get_string(void *db, char *section, char *value);
74static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); 75static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
75static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, 76static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
76 int crit, void *ext_struc); 77 int crit, void *ext_struc);
77static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); 78static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
79
78/* CONF *conf: Config file */ 80/* CONF *conf: Config file */
79/* char *name: Name */ 81/* char *name: Name */
80/* char *value: Value */ 82/* char *value: Value */
81X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, 83X509_EXTENSION *
82 char *value) 84X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value)
83 { 85{
84 int crit; 86 int crit;
85 int ext_type; 87 int ext_type;
86 X509_EXTENSION *ret; 88 X509_EXTENSION *ret;
89
87 crit = v3_check_critical(&value); 90 crit = v3_check_critical(&value);
88 if ((ext_type = v3_check_generic(&value))) 91 if ((ext_type = v3_check_generic(&value)))
89 return v3_generic_extension(name, value, crit, ext_type, ctx); 92 return v3_generic_extension(name, value, crit, ext_type, ctx);
90 ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); 93 ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
91 if (!ret) 94 if (!ret) {
92 { 95 X509V3err(X509V3_F_X509V3_EXT_NCONF,
93 X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION); 96 X509V3_R_ERROR_IN_EXTENSION);
94 ERR_add_error_data(4,"name=", name, ", value=", value); 97 ERR_add_error_data(4, "name=", name, ", value=", value);
95 }
96 return ret;
97 } 98 }
99 return ret;
100}
98 101
99/* CONF *conf: Config file */ 102/* CONF *conf: Config file */
100/* char *value: Value */ 103/* char *value: Value */
101X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, 104X509_EXTENSION *
102 char *value) 105X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value)
103 { 106{
104 int crit; 107 int crit;
105 int ext_type; 108 int ext_type;
109
106 crit = v3_check_critical(&value); 110 crit = v3_check_critical(&value);
107 if ((ext_type = v3_check_generic(&value))) 111 if ((ext_type = v3_check_generic(&value)))
108 return v3_generic_extension(OBJ_nid2sn(ext_nid), 112 return v3_generic_extension(OBJ_nid2sn(ext_nid),
109 value, crit, ext_type, ctx); 113 value, crit, ext_type, ctx);
110 return do_ext_nconf(conf, ctx, ext_nid, crit, value); 114 return do_ext_nconf(conf, ctx, ext_nid, crit, value);
111 } 115}
112 116
113/* CONF *conf: Config file */ 117/* CONF *conf: Config file */
114/* char *value: Value */ 118/* char *value: Value */
115static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, 119static X509_EXTENSION *
116 int crit, char *value) 120do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value)
117 { 121{
118 const X509V3_EXT_METHOD *method; 122 const X509V3_EXT_METHOD *method;
119 X509_EXTENSION *ext; 123 X509_EXTENSION *ext;
120 STACK_OF(CONF_VALUE) *nval; 124 STACK_OF(CONF_VALUE) *nval;
121 void *ext_struc; 125 void *ext_struc;
122 if (ext_nid == NID_undef) 126
123 { 127 if (ext_nid == NID_undef) {
124 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME); 128 X509V3err(X509V3_F_DO_EXT_NCONF,
129 X509V3_R_UNKNOWN_EXTENSION_NAME);
125 return NULL; 130 return NULL;
126 } 131 }
127 if (!(method = X509V3_EXT_get_nid(ext_nid))) 132 if (!(method = X509V3_EXT_get_nid(ext_nid))) {
128 { 133 X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION);
129 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION);
130 return NULL; 134 return NULL;
131 } 135 }
132 /* Now get internal extension representation based on type */ 136 /* Now get internal extension representation based on type */
133 if (method->v2i) 137 if (method->v2i) {
134 { 138 if (*value == '@')
135 if(*value == '@') nval = NCONF_get_section(conf, value + 1); 139 nval = NCONF_get_section(conf, value + 1);
136 else nval = X509V3_parse_list(value); 140 else
137 if(sk_CONF_VALUE_num(nval) <= 0) 141 nval = X509V3_parse_list(value);
138 { 142 if (sk_CONF_VALUE_num(nval) <= 0) {
139 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING); 143 X509V3err(X509V3_F_DO_EXT_NCONF,
140 ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); 144 X509V3_R_INVALID_EXTENSION_STRING);
145 ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid),
146 ",section=", value);
141 return NULL; 147 return NULL;
142 }
143 ext_struc = method->v2i(method, ctx, nval);
144 if(*value != '@') sk_CONF_VALUE_pop_free(nval,
145 X509V3_conf_free);
146 if(!ext_struc) return NULL;
147 }
148 else if(method->s2i)
149 {
150 if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
151 } 148 }
152 else if(method->r2i) 149 ext_struc = method->v2i(method, ctx, nval);
153 { 150 if (*value != '@')
154 if(!ctx->db || !ctx->db_meth) 151 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
155 { 152 if (!ext_struc)
156 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE); 153 return NULL;
154 } else if (method->s2i) {
155 if (!(ext_struc = method->s2i(method, ctx, value)))
156 return NULL;
157 } else if (method->r2i) {
158 if (!ctx->db || !ctx->db_meth) {
159 X509V3err(X509V3_F_DO_EXT_NCONF,
160 X509V3_R_NO_CONFIG_DATABASE);
157 return NULL; 161 return NULL;
158 }
159 if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
160 } 162 }
161 else 163 if (!(ext_struc = method->r2i(method, ctx, value)))
162 { 164 return NULL;
163 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); 165 } else {
166 X509V3err(X509V3_F_DO_EXT_NCONF,
167 X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
164 ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); 168 ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
165 return NULL; 169 return NULL;
166 } 170 }
167 171
168 ext = do_ext_i2d(method, ext_nid, crit, ext_struc); 172 ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
169 if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); 173 if (method->it)
170 else method->ext_free(ext_struc); 174 ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
175 else
176 method->ext_free(ext_struc);
171 return ext; 177 return ext;
178}
172 179
173 } 180static X509_EXTENSION *
174 181do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit,
175static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, 182 void *ext_struc)
176 int crit, void *ext_struc) 183{
177 {
178 unsigned char *ext_der; 184 unsigned char *ext_der;
179 int ext_len; 185 int ext_len;
180 ASN1_OCTET_STRING *ext_oct; 186 ASN1_OCTET_STRING *ext_oct;
181 X509_EXTENSION *ext; 187 X509_EXTENSION *ext;
188
182 /* Convert internal representation to DER */ 189 /* Convert internal representation to DER */
183 if (method->it) 190 if (method->it) {
184 {
185 ext_der = NULL; 191 ext_der = NULL;
186 ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); 192 ext_len = ASN1_item_i2d(ext_struc, &ext_der,
187 if (ext_len < 0) goto merr; 193 ASN1_ITEM_ptr(method->it));
188 } 194 if (ext_len < 0)
189 else 195 goto merr;
190 { 196 } else {
191 unsigned char *p; 197 unsigned char *p;
192 ext_len = method->i2d(ext_struc, NULL); 198 ext_len = method->i2d(ext_struc, NULL);
193 if(!(ext_der = malloc(ext_len))) goto merr; 199 if (!(ext_der = malloc(ext_len)))
200 goto merr;
194 p = ext_der; 201 p = ext_der;
195 method->i2d(ext_struc, &p); 202 method->i2d(ext_struc, &p);
196 } 203 }
197 if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; 204 if (!(ext_oct = M_ASN1_OCTET_STRING_new()))
205 goto merr;
198 ext_oct->data = ext_der; 206 ext_oct->data = ext_der;
199 ext_oct->length = ext_len; 207 ext_oct->length = ext_len;
200 208
201 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); 209 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
202 if (!ext) goto merr; 210 if (!ext)
211 goto merr;
203 M_ASN1_OCTET_STRING_free(ext_oct); 212 M_ASN1_OCTET_STRING_free(ext_oct);
204 213
205 return ext; 214 return ext;
206 215
207 merr: 216merr:
208 X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); 217 X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);
209 return NULL; 218 return NULL;
210 219
211 } 220}
212 221
213/* Given an internal structure, nid and critical flag create an extension */ 222/* Given an internal structure, nid and critical flag create an extension */
214 223
215X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) 224X509_EXTENSION *
216 { 225X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
226{
217 const X509V3_EXT_METHOD *method; 227 const X509V3_EXT_METHOD *method;
228
218 if (!(method = X509V3_EXT_get_nid(ext_nid))) { 229 if (!(method = X509V3_EXT_get_nid(ext_nid))) {
219 X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); 230 X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION);
220 return NULL; 231 return NULL;
221 } 232 }
222 return do_ext_i2d(method, ext_nid, crit, ext_struc); 233 return do_ext_i2d(method, ext_nid, crit, ext_struc);
223} 234}
224 235
225/* Check the extension string for critical flag */ 236/* Check the extension string for critical flag */
226static int v3_check_critical(char **value) 237static int
238v3_check_critical(char **value)
227{ 239{
228 char *p = *value; 240 char *p = *value;
229 if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; 241
230 p+=9; 242 if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
231 while(isspace((unsigned char)*p)) p++; 243 return 0;
232 *value = p; 244 p += 9;
245 while (isspace((unsigned char)*p)) p++;
246 *value = p;
233 return 1; 247 return 1;
234} 248}
235 249
236/* Check extension string for generic extension and return the type */ 250/* Check extension string for generic extension and return the type */
237static int v3_check_generic(char **value) 251static int
252v3_check_generic(char **value)
238{ 253{
239 int gen_type = 0; 254 int gen_type = 0;
240 char *p = *value; 255 char *p = *value;
241 if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) 256
242 { 257 if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
243 p+=4; 258 p += 4;
244 gen_type = 1; 259 gen_type = 1;
245 } 260 } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) {
246 else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) 261 p += 5;
247 {
248 p+=5;
249 gen_type = 2; 262 gen_type = 2;
250 } 263 } else
251 else
252 return 0; 264 return 0;
253 265
254 while (isspace((unsigned char)*p)) p++; 266 while (isspace((unsigned char)*p))
267 p++;
255 *value = p; 268 *value = p;
256 return gen_type; 269 return gen_type;
257} 270}
258 271
259/* Create a generic extension: for now just handle DER type */ 272/* Create a generic extension: for now just handle DER type */
260static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, 273static X509_EXTENSION *
261 int crit, int gen_type, 274v3_generic_extension(const char *ext, char *value, int crit, int gen_type,
262 X509V3_CTX *ctx) 275 X509V3_CTX *ctx)
263 { 276{
264 unsigned char *ext_der=NULL; 277 unsigned char *ext_der = NULL;
265 long ext_len; 278 long ext_len;
266 ASN1_OBJECT *obj=NULL; 279 ASN1_OBJECT *obj = NULL;
267 ASN1_OCTET_STRING *oct=NULL; 280 ASN1_OCTET_STRING *oct = NULL;
268 X509_EXTENSION *extension=NULL; 281 X509_EXTENSION *extension = NULL;
269 if (!(obj = OBJ_txt2obj(ext, 0))) 282
270 { 283 if (!(obj = OBJ_txt2obj(ext, 0))) {
271 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); 284 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
285 X509V3_R_EXTENSION_NAME_ERROR);
272 ERR_add_error_data(2, "name=", ext); 286 ERR_add_error_data(2, "name=", ext);
273 goto err; 287 goto err;
274 } 288 }
275 289
276 if (gen_type == 1) 290 if (gen_type == 1)
277 ext_der = string_to_hex(value, &ext_len); 291 ext_der = string_to_hex(value, &ext_len);
278 else if (gen_type == 2) 292 else if (gen_type == 2)
279 ext_der = generic_asn1(value, ctx, &ext_len); 293 ext_der = generic_asn1(value, ctx, &ext_len);
280 294
281 if (ext_der == NULL) 295 if (ext_der == NULL) {
282 { 296 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
283 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); 297 X509V3_R_EXTENSION_VALUE_ERROR);
284 ERR_add_error_data(2, "value=", value); 298 ERR_add_error_data(2, "value=", value);
285 goto err; 299 goto err;
286 } 300 }
287 301
288 if (!(oct = M_ASN1_OCTET_STRING_new())) 302 if (!(oct = M_ASN1_OCTET_STRING_new())) {
289 { 303 X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE);
290 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
291 goto err; 304 goto err;
292 } 305 }
293 306
294 oct->data = ext_der; 307 oct->data = ext_der;
295 oct->length = ext_len; 308 oct->length = ext_len;
@@ -297,79 +310,88 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
297 310
298 extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); 311 extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
299 312
300 err: 313err:
301 ASN1_OBJECT_free(obj); 314 ASN1_OBJECT_free(obj);
302 M_ASN1_OCTET_STRING_free(oct); 315 M_ASN1_OCTET_STRING_free(oct);
303 if(ext_der) free(ext_der); 316 if (ext_der)
317 free(ext_der);
304 return extension; 318 return extension;
319}
305 320
306 } 321static unsigned char *
307 322generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
308static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) 323{
309 {
310 ASN1_TYPE *typ; 324 ASN1_TYPE *typ;
311 unsigned char *ext_der = NULL; 325 unsigned char *ext_der = NULL;
326
312 typ = ASN1_generate_v3(value, ctx); 327 typ = ASN1_generate_v3(value, ctx);
313 if (typ == NULL) 328 if (typ == NULL)
314 return NULL; 329 return NULL;
315 *ext_len = i2d_ASN1_TYPE(typ, &ext_der); 330 *ext_len = i2d_ASN1_TYPE(typ, &ext_der);
316 ASN1_TYPE_free(typ); 331 ASN1_TYPE_free(typ);
317 return ext_der; 332 return ext_der;
318 } 333}
319 334
320/* This is the main function: add a bunch of extensions based on a config file 335/* This is the main function: add a bunch of extensions based on a config file
321 * section to an extension STACK. 336 * section to an extension STACK.
322 */ 337 */
323 338
324 339int
325int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, 340X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
326 STACK_OF(X509_EXTENSION) **sk) 341 STACK_OF(X509_EXTENSION) **sk)
327 { 342{
328 X509_EXTENSION *ext; 343 X509_EXTENSION *ext;
329 STACK_OF(CONF_VALUE) *nval; 344 STACK_OF(CONF_VALUE) *nval;
330 CONF_VALUE *val; 345 CONF_VALUE *val;
331 int i; 346 int i;
332 if (!(nval = NCONF_get_section(conf, section))) return 0; 347
333 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) 348 if (!(nval = NCONF_get_section(conf, section)))
334 { 349 return 0;
350 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
335 val = sk_CONF_VALUE_value(nval, i); 351 val = sk_CONF_VALUE_value(nval, i);
336 if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) 352 if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
337 return 0; 353 return 0;
338 if (sk) X509v3_add_ext(sk, ext, -1); 354 if (sk)
355 X509v3_add_ext(sk, ext, -1);
339 X509_EXTENSION_free(ext); 356 X509_EXTENSION_free(ext);
340 }
341 return 1;
342 } 357 }
358 return 1;
359}
343 360
344/* Convenience functions to add extensions to a certificate, CRL and request */ 361/* Convenience functions to add extensions to a certificate, CRL and request */
345 362
346int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 363int
347 X509 *cert) 364X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert)
348 { 365{
349 STACK_OF(X509_EXTENSION) **sk = NULL; 366 STACK_OF(X509_EXTENSION) **sk = NULL;
367
350 if (cert) 368 if (cert)
351 sk = &cert->cert_info->extensions; 369 sk = &cert->cert_info->extensions;
352 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 370 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
353 } 371}
354 372
355/* Same as above but for a CRL */ 373/* Same as above but for a CRL */
356 374
357int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 375int
358 X509_CRL *crl) 376X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
359 { 377 X509_CRL *crl)
378{
360 STACK_OF(X509_EXTENSION) **sk = NULL; 379 STACK_OF(X509_EXTENSION) **sk = NULL;
380
361 if (crl) 381 if (crl)
362 sk = &crl->crl->extensions; 382 sk = &crl->crl->extensions;
363 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 383 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
364 } 384}
365 385
366/* Add extensions to certificate request */ 386/* Add extensions to certificate request */
367 387
368int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 388int
369 X509_REQ *req) 389X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
370 { 390 X509_REQ *req)
391{
371 STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; 392 STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
372 int i; 393 int i;
394
373 if (req) 395 if (req)
374 sk = &extlist; 396 sk = &extlist;
375 i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 397 i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
@@ -378,148 +400,171 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
378 i = X509_REQ_add_extensions(req, extlist); 400 i = X509_REQ_add_extensions(req, extlist);
379 sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); 401 sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
380 return i; 402 return i;
381 } 403}
382 404
383/* Config database functions */ 405/* Config database functions */
384 406
385char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) 407char *
386 { 408X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
387 if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) 409{
388 { 410 if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
389 X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); 411 X509V3err(X509V3_F_X509V3_GET_STRING,
412 X509V3_R_OPERATION_NOT_DEFINED);
390 return NULL; 413 return NULL;
391 } 414 }
392 if (ctx->db_meth->get_string) 415 if (ctx->db_meth->get_string)
393 return ctx->db_meth->get_string(ctx->db, name, section); 416 return ctx->db_meth->get_string(ctx->db, name, section);
394 return NULL; 417 return NULL;
395 } 418}
396 419
397STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) 420STACK_OF(CONF_VALUE) *
398 { 421X509V3_get_section(X509V3_CTX *ctx, char *section)
399 if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) 422{
400 { 423 if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
401 X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); 424 X509V3err(X509V3_F_X509V3_GET_SECTION,
425 X509V3_R_OPERATION_NOT_DEFINED);
402 return NULL; 426 return NULL;
403 } 427 }
404 if (ctx->db_meth->get_section) 428 if (ctx->db_meth->get_section)
405 return ctx->db_meth->get_section(ctx->db, section); 429 return ctx->db_meth->get_section(ctx->db, section);
406 return NULL; 430 return NULL;
407 } 431}
408 432
409void X509V3_string_free(X509V3_CTX *ctx, char *str) 433void
410 { 434X509V3_string_free(X509V3_CTX *ctx, char *str)
411 if (!str) return; 435{
436 if (!str)
437 return;
412 if (ctx->db_meth->free_string) 438 if (ctx->db_meth->free_string)
413 ctx->db_meth->free_string(ctx->db, str); 439 ctx->db_meth->free_string(ctx->db, str);
414 } 440}
415 441
416void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) 442void
417 { 443X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
418 if (!section) return; 444{
445 if (!section)
446 return;
419 if (ctx->db_meth->free_section) 447 if (ctx->db_meth->free_section)
420 ctx->db_meth->free_section(ctx->db, section); 448 ctx->db_meth->free_section(ctx->db, section);
421 } 449}
422 450
423static char *nconf_get_string(void *db, char *section, char *value) 451static char *
424 { 452nconf_get_string(void *db, char *section, char *value)
453{
425 return NCONF_get_string(db, section, value); 454 return NCONF_get_string(db, section, value);
426 } 455}
427 456
428static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) 457static
429 { 458STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
459{
430 return NCONF_get_section(db, section); 460 return NCONF_get_section(db, section);
431 } 461}
432 462
433static X509V3_CONF_METHOD nconf_method = { 463static X509V3_CONF_METHOD nconf_method = {
434nconf_get_string, 464 nconf_get_string,
435nconf_get_section, 465 nconf_get_section,
436NULL, 466 NULL,
437NULL 467 NULL
438}; 468};
439 469
440void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) 470void
441 { 471X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
472{
442 ctx->db_meth = &nconf_method; 473 ctx->db_meth = &nconf_method;
443 ctx->db = conf; 474 ctx->db = conf;
444 } 475}
445 476
446void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, 477void
447 X509_CRL *crl, int flags) 478X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
448 { 479 X509_CRL *crl, int flags)
480{
449 ctx->issuer_cert = issuer; 481 ctx->issuer_cert = issuer;
450 ctx->subject_cert = subj; 482 ctx->subject_cert = subj;
451 ctx->crl = crl; 483 ctx->crl = crl;
452 ctx->subject_req = req; 484 ctx->subject_req = req;
453 ctx->flags = flags; 485 ctx->flags = flags;
454 } 486}
455 487
456/* Old conf compatibility functions */ 488/* Old conf compatibility functions */
457 489
458X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 490X509_EXTENSION *
459 char *name, char *value) 491X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *name,
460 { 492 char *value)
493{
461 CONF ctmp; 494 CONF ctmp;
495
462 CONF_set_nconf(&ctmp, conf); 496 CONF_set_nconf(&ctmp, conf);
463 return X509V3_EXT_nconf(&ctmp, ctx, name, value); 497 return X509V3_EXT_nconf(&ctmp, ctx, name, value);
464 } 498}
465 499
466/* LHASH *conf: Config file */ 500/* LHASH *conf: Config file */
467/* char *value: Value */ 501/* char *value: Value */
468X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 502X509_EXTENSION *
469 int ext_nid, char *value) 503X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid,
470 { 504 char *value)
505{
471 CONF ctmp; 506 CONF ctmp;
507
472 CONF_set_nconf(&ctmp, conf); 508 CONF_set_nconf(&ctmp, conf);
473 return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); 509 return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
474 } 510}
475 511
476static char *conf_lhash_get_string(void *db, char *section, char *value) 512static char *
477 { 513conf_lhash_get_string(void *db, char *section, char *value)
514{
478 return CONF_get_string(db, section, value); 515 return CONF_get_string(db, section, value);
479 } 516}
480 517
481static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) 518static STACK_OF(CONF_VALUE) *
482 { 519conf_lhash_get_section(void *db, char *section)
520{
483 return CONF_get_section(db, section); 521 return CONF_get_section(db, section);
484 } 522}
485 523
486static X509V3_CONF_METHOD conf_lhash_method = { 524static X509V3_CONF_METHOD conf_lhash_method = {
487conf_lhash_get_string, 525 conf_lhash_get_string,
488conf_lhash_get_section, 526 conf_lhash_get_section,
489NULL, 527 NULL,
490NULL 528 NULL
491}; 529};
492 530
493void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) 531void
494 { 532X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
533{
495 ctx->db_meth = &conf_lhash_method; 534 ctx->db_meth = &conf_lhash_method;
496 ctx->db = lhash; 535 ctx->db = lhash;
497 } 536}
498 537
499int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 538int
500 char *section, X509 *cert) 539X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section,
501 { 540 X509 *cert)
541{
502 CONF ctmp; 542 CONF ctmp;
543
503 CONF_set_nconf(&ctmp, conf); 544 CONF_set_nconf(&ctmp, conf);
504 return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); 545 return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
505 } 546}
506 547
507/* Same as above but for a CRL */ 548/* Same as above but for a CRL */
508 549
509int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 550int
510 char *section, X509_CRL *crl) 551X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
511 { 552 char *section, X509_CRL *crl)
553{
512 CONF ctmp; 554 CONF ctmp;
555
513 CONF_set_nconf(&ctmp, conf); 556 CONF_set_nconf(&ctmp, conf);
514 return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); 557 return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
515 } 558}
516 559
517/* Add extensions to certificate request */ 560/* Add extensions to certificate request */
518 561
519int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 562int
520 char *section, X509_REQ *req) 563X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
521 { 564 char *section, X509_REQ *req)
565{
522 CONF ctmp; 566 CONF ctmp;
567
523 CONF_set_nconf(&ctmp, conf); 568 CONF_set_nconf(&ctmp, conf);
524 return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); 569 return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
525 } 570}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 08:03:46 +0000