From de05eb4f597b95fed408db9aa9e9474eb6daf5e6 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 13 Jul 2024 15:08:58 +0000 Subject: Unify X.509v3 extension methods Use C99 initializers for all structs (some were forgotten). Make all the structs static, call them x509v3_ext_* matching NID_*. Add accessors called x509v3_ext_method_* and use these to implement X509V3_EXT_get_nid(). This adds consistency and avoids a few contortions like grouping a few extensions in arrays to save a couple externs. ok beck jsing --- src/lib/libcrypto/ct/ct_x509v3.c | 127 ++++++++++++++++++++++----------------- 1 file changed, 71 insertions(+), 56 deletions(-) (limited to 'src/lib/libcrypto/ct') diff --git a/src/lib/libcrypto/ct/ct_x509v3.c b/src/lib/libcrypto/ct/ct_x509v3.c index 59f2975cd9..b14ffc9532 100644 --- a/src/lib/libcrypto/ct/ct_x509v3.c +++ b/src/lib/libcrypto/ct/ct_x509v3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ct_x509v3.c,v 1.6 2021/12/25 15:42:32 tb Exp $ */ +/* $OpenBSD: ct_x509v3.c,v 1.7 2024/07/13 15:08:58 tb Exp $ */ /* * Written by Rob Stradling (rob@comodo.com) and Stephen Henson * (steve@openssl.org) for the OpenSSL project 2014. @@ -128,59 +128,74 @@ ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len) return s; } -/* Handlers for X509v3/OCSP Certificate Transparency extensions */ -const X509V3_EXT_METHOD v3_ct_scts[3] = { - /* X509v3 extension in certificates that contains SCTs */ - [0] = { - .ext_nid = NID_ct_precert_scts, - .ext_flags = 0, - .it = NULL, - .ext_new = NULL, - .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, - .d2i = (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, - .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, - .i2s = NULL, - .s2i = NULL, - .i2v = NULL, - .v2i = NULL, - .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, - .r2i = NULL, - .usr_data = NULL, - }, - - /* X509v3 extension to mark a certificate as a pre-certificate */ - [1] = { - .ext_nid = NID_ct_precert_poison, - .ext_flags = 0, - .it = &ASN1_NULL_it, - .ext_new = NULL, - .ext_free = NULL, - .d2i = NULL, - .i2d = NULL, - .i2s = i2s_poison, - .s2i = s2i_poison, - .i2v = NULL, - .v2i = NULL, - .i2r = NULL, - .r2i = NULL, - .usr_data = NULL, - }, - - /* OCSP extension that contains SCTs */ - [2] = { - .ext_nid = NID_ct_cert_scts, - .ext_flags = 0, - .it = NULL, - .ext_new = NULL, - .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, - .d2i = (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, - .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, - .i2s = NULL, - .s2i = NULL, - .i2v = NULL, - .v2i = NULL, - .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, - .r2i = NULL, - .usr_data = NULL, - }, +/* X509v3 extension in certificates that contains SCTs */ +static const X509V3_EXT_METHOD x509v3_ext_ct_precert_scts = { + .ext_nid = NID_ct_precert_scts, + .ext_flags = 0, + .it = NULL, + .ext_new = NULL, + .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, + .d2i = (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, + .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, + .r2i = NULL, + .usr_data = NULL, }; + +const X509V3_EXT_METHOD * +x509v3_ext_method_ct_precert_scts(void) +{ + return &x509v3_ext_ct_precert_scts; +} + +/* X509v3 extension to mark a certificate as a pre-certificate */ +static const X509V3_EXT_METHOD x509v3_ext_ct_precert_poison = { + .ext_nid = NID_ct_precert_poison, + .ext_flags = 0, + .it = &ASN1_NULL_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = i2s_poison, + .s2i = s2i_poison, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, +}; + +const X509V3_EXT_METHOD * +x509v3_ext_method_ct_precert_poison(void) +{ + return &x509v3_ext_ct_precert_poison; +} + +/* OCSP extension that contains SCTs */ +static const X509V3_EXT_METHOD x509v3_ext_ct_cert_scts = { + .ext_nid = NID_ct_cert_scts, + .ext_flags = 0, + .it = NULL, + .ext_new = NULL, + .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, + .d2i = (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, + .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, + .r2i = NULL, + .usr_data = NULL, +}; + +const X509V3_EXT_METHOD * +x509v3_ext_method_ct_cert_scts(void) +{ + return &x509v3_ext_ct_cert_scts; +} -- cgit v1.2.3-55-g6feb