1 files changed, 78 insertions, 2 deletions
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_lib.c b/src/lib/libssl/src/crypto/x509v3/v3_lib.c
index ea86b9ebb9..482ca8ccf5 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_lib.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_lib.c
@@ -163,8 +163,9 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
 {
        X509V3_EXT_METHOD *method;
        unsigned char *p;
-        if(!(method = X509V3_EXT_get(ext)) || !method->d2i) return NULL;
+        if(!(method = X509V3_EXT_get(ext))) return NULL;
        p = ext->value->data;
+        if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
        return method->d2i(NULL, &p, ext->value->length);
 }
@@ -212,7 +213,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
        }
        if(found_ex) {
                /* Found it */
-                if(crit) *crit = found_ex->critical;
+                if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
                return X509V3_EXT_d2i(found_ex);
        }
@@ -222,4 +223,79 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
        return NULL;
 }
+/* This function is a general extension append, replace and delete utility.
+ * The precise operation is governed by the 'flags' value. The 'crit' and
+ * 'value' arguments (if relevant) are the extensions internal structure.
+ */
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                                        int crit, unsigned long flags)
+{
+        int extidx = -1;
+        int errcode;
+        X509_EXTENSION *ext, *extmp;
+        unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
+        /* If appending we don't care if it exists, otherwise
+         * look for existing extension.
+         */
+        if(ext_op != X509V3_ADD_APPEND)
+                extidx = X509v3_get_ext_by_NID(*x, nid, -1);
+        /* See if extension exists */
+        if(extidx >= 0) {
+                /* If keep existing, nothing to do */
+                if(ext_op == X509V3_ADD_KEEP_EXISTING)
+                        return 1;
+                /* If default then its an error */
+                if(ext_op == X509V3_ADD_DEFAULT) {
+                        errcode = X509V3_R_EXTENSION_EXISTS;
+                        goto err;
+                }
+                /* If delete, just delete it */
+                if(ext_op == X509V3_ADD_DELETE) {
+                        if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
+                        return 1;
+                }
+        } else {
+                /* If replace existing or delete, error since 
+                 * extension must exist
+                 */
+                if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
+                   (ext_op == X509V3_ADD_DELETE)) {
+                        errcode = X509V3_R_EXTENSION_NOT_FOUND;
+                        goto err;
+                }
+        }
+        /* If we get this far then we have to create an extension:
+         * could have some flags for alternative encoding schemes...
+         */
+        ext = X509V3_EXT_i2d(nid, crit, value);
+        if(!ext) {
+                X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
+                return 0;
+        }
+        /* If extension exists replace it.. */
+        if(extidx >= 0) {
+                extmp = sk_X509_EXTENSION_value(*x, extidx);
+                X509_EXTENSION_free(extmp);
+                if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
+                return 1;
+        }
+        if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;
+        if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
+        return 1;
+        err:
+        if(!(flags & X509V3_ADD_SILENT))
+                X509V3err(X509V3_F_X509V3_ADD_I2D, errcode);
+        return 0;
+}
 IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)

diff --git a/src/lib/libssl/src/crypto/x509v3/v3_lib.c b/src/lib/libssl/src/crypto/x509v3/v3_lib.c index ea86b9ebb9..482ca8ccf5 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_lib.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_lib.c
@@ -163,8 +163,9 @@ void X509V3_EXT_d2i(X509_EXTENSION ext)
163	{	163	{
164	X509V3_EXT_METHOD *method;	164	X509V3_EXT_METHOD *method;
165	unsigned char *p;	165	unsigned char *p;
166	if(!(method = X509V3_EXT_get(ext)) \|\| !method->d2i) return NULL;	166	if(!(method = X509V3_EXT_get(ext))) return NULL;
167	p = ext->value->data;	167	p = ext->value->data;
		168	if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
168	return method->d2i(NULL, &p, ext->value->length);	169	return method->d2i(NULL, &p, ext->value->length);
169	}	170	}
170		171
@@ -212,7 +213,7 @@ void X509V3_get_d2i(STACK_OF(X509_EXTENSION) x, int nid, int crit, int idx)
212	}	213	}
213	if(found_ex) {	214	if(found_ex) {
214	/* Found it */	215	/* Found it */
215	if(crit) *crit = found_ex->critical;	216	if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
216	return X509V3_EXT_d2i(found_ex);	217	return X509V3_EXT_d2i(found_ex);
217	}	218	}
218		219
@@ -222,4 +223,79 @@ void X509V3_get_d2i(STACK_OF(X509_EXTENSION) x, int nid, int crit, int idx)
222	return NULL;	223	return NULL;
223	}	224	}
224		225
		226	/* This function is a general extension append, replace and delete utility.
		227	* The precise operation is governed by the 'flags' value. The 'crit' and
		228	* 'value' arguments (if relevant) are the extensions internal structure.
		229	*/
		230
		231	int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) *x, int nid, void value,
		232	int crit, unsigned long flags)
		233	{
		234	int extidx = -1;
		235	int errcode;
		236	X509_EXTENSION ext, extmp;
		237	unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
		238
		239	/* If appending we don't care if it exists, otherwise
		240	* look for existing extension.
		241	*/
		242	if(ext_op != X509V3_ADD_APPEND)
		243	extidx = X509v3_get_ext_by_NID(*x, nid, -1);
		244
		245	/* See if extension exists */
		246	if(extidx >= 0) {
		247	/* If keep existing, nothing to do */
		248	if(ext_op == X509V3_ADD_KEEP_EXISTING)
		249	return 1;
		250	/* If default then its an error */
		251	if(ext_op == X509V3_ADD_DEFAULT) {
		252	errcode = X509V3_R_EXTENSION_EXISTS;
		253	goto err;
		254	}
		255	/* If delete, just delete it */
		256	if(ext_op == X509V3_ADD_DELETE) {
		257	if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
		258	return 1;
		259	}
		260	} else {
		261	/* If replace existing or delete, error since
		262	* extension must exist
		263	*/
		264	if((ext_op == X509V3_ADD_REPLACE_EXISTING) \|\|
		265	(ext_op == X509V3_ADD_DELETE)) {
		266	errcode = X509V3_R_EXTENSION_NOT_FOUND;
		267	goto err;
		268	}
		269	}
		270
		271	/* If we get this far then we have to create an extension:
		272	* could have some flags for alternative encoding schemes...
		273	*/
		274
		275	ext = X509V3_EXT_i2d(nid, crit, value);
		276
		277	if(!ext) {
		278	X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
		279	return 0;
		280	}
		281
		282	/* If extension exists replace it.. */
		283	if(extidx >= 0) {
		284	extmp = sk_X509_EXTENSION_value(*x, extidx);
		285	X509_EXTENSION_free(extmp);
		286	if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
		287	return 1;
		288	}
		289
		290	if(!x && !(x = sk_X509_EXTENSION_new_null())) return -1;
		291	if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
		292
		293	return 1;
		294
		295	err:
		296	if(!(flags & X509V3_ADD_SILENT))
		297	X509V3err(X509V3_F_X509V3_ADD_I2D, errcode);
		298	return 0;
		299	}
		300
225	IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)	301	IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)