#include <openssl/conf.h>
#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
static STACK *ext_list = NULL;
static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b);
X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
{
- X509V3_EXT_METHOD tmp;
+ X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
int idx;
+ if(nid < 0) return NULL;
tmp.ext_nid = nid;
- if(!ext_list || (tmp.ext_nid < 0) ) return NULL;
+ ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
+ (char *)standard_exts, STANDARD_EXTENSION_COUNT,
+ sizeof(X509V3_EXT_METHOD *), (int (*)())ext_cmp);
+ if(ret) return *ret;
+ if(!ext_list) return NULL;
idx = sk_find(ext_list, (char *)&tmp);
if(idx == -1) return NULL;
return (X509V3_EXT_METHOD *)sk_value(ext_list, idx);
void X509V3_EXT_cleanup(void)
{
sk_pop_free(ext_list, ext_list_free);
+ ext_list = NULL;
}
static void ext_list_free(X509V3_EXT_METHOD *ext)
if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext);
}
-extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet;
-extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
-
-extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
+/* Legacy function: we don't need to add standard extensions
+ * any more because they are now kept in ext_dat.h.
+ */
int X509V3_add_standard_extensions(void)
{
- X509V3_EXT_add_list(v3_ns_ia5_list);
- X509V3_EXT_add_list(v3_alt);
- X509V3_EXT_add(&v3_bcons);
- X509V3_EXT_add(&v3_nscert);
- X509V3_EXT_add(&v3_key_usage);
- X509V3_EXT_add(&v3_ext_ku);
- X509V3_EXT_add(&v3_skey_id);
- X509V3_EXT_add(&v3_akey_id);
- X509V3_EXT_add(&v3_pkey_usage_period);
- X509V3_EXT_add(&v3_crl_num);
- X509V3_EXT_add(&v3_sxnet);
- X509V3_EXT_add(&v3_crl_reason);
- X509V3_EXT_add(&v3_cpols);
- X509V3_EXT_add(&v3_crld);
return 1;
}
return method->d2i(NULL, &p, ext->value->length);
}
+/* Get critical flag and decoded version of extension from a NID.
+ * The "idx" variable returns the last found extension and can
+ * be used to retrieve multiple extensions of the same NID.
+ * However multiple extensions with the same NID is usually
+ * due to a badly encoded certificate so if idx is NULL we
+ * choke if multiple extensions exist.
+ * The "crit" variable is set to the critical value.
+ * The return value is the decoded extension or NULL on
+ * error. The actual error can have several different causes,
+ * the value of *crit reflects the cause:
+ * >= 0, extension found but not decoded (reflects critical value).
+ * -1 extension not found.
+ * -2 extension occurs more than once.
+ */
+
+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
+{
+ int lastpos, i;
+ X509_EXTENSION *ex, *found_ex = NULL;
+ if(!x) {
+ if(idx) *idx = -1;
+ if(crit) *crit = -1;
+ return NULL;
+ }
+ if(idx) lastpos = *idx + 1;
+ else lastpos = 0;
+ if(lastpos < 0) lastpos = 0;
+ for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
+ {
+ ex = sk_X509_EXTENSION_value(x, i);
+ if(OBJ_obj2nid(ex->object) == nid) {
+ if(idx) {
+ *idx = i;
+ break;
+ } else if(found_ex) {
+ /* Found more than one */
+ if(crit) *crit = -2;
+ return NULL;
+ }
+ found_ex = ex;
+ }
+ }
+ if(found_ex) {
+ /* Found it */
+ if(crit) *crit = found_ex->critical;
+ return X509V3_EXT_d2i(found_ex);
+ }
+
+ /* Extension not found */
+ if(idx) *idx = -1;
+ if(crit) *crit = -1;
+ return NULL;
+}
+
+/* As above but for a passed certificate */
+
+void *X509V3_X509_get_d2i(X509 *x, int nid, int *crit, int *idx)
+{
+ return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
+}
+
+void *X509V3_CRL_get_d2i(X509_CRL *x, int nid, int *crit, int *idx)
+{
+ return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
+}
+
+void *X509V3_REVOKED_get_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
+{
+ return X509V3_get_d2i(x->extensions, nid, crit, idx);
+}
projects / openssl.git / blobdiff