Use C99 initializers for all structs (some were forgotten).
Make all the structs static, call them x509v3_ext_* matching NID_*.
Add accessors called x509v3_ext_method_* and use these to implement
X509V3_EXT_get_nid().
This adds consistency and avoids a few contortions like grouping
a few extensions in arrays to save a couple externs.
ok beck jsing
-/* $OpenBSD: ct_x509v3.c,v 1.6 2021/12/25 15:42:32 tb Exp $ */
+/* $OpenBSD: ct_x509v3.c,v 1.7 2024/07/13 15:08:58 tb Exp $ */
/*
* Written by Rob Stradling (rob@comodo.com) and Stephen Henson
* (steve@openssl.org) for the OpenSSL project 2014.
return s;
}
-/* Handlers for X509v3/OCSP Certificate Transparency extensions */
-const X509V3_EXT_METHOD v3_ct_scts[3] = {
- /* X509v3 extension in certificates that contains SCTs */
- [0] = {
- .ext_nid = NID_ct_precert_scts,
- .ext_flags = 0,
- .it = NULL,
- .ext_new = NULL,
- .ext_free = (X509V3_EXT_FREE)SCT_LIST_free,
- .d2i = (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST,
- .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST,
- .i2s = NULL,
- .s2i = NULL,
- .i2v = NULL,
- .v2i = NULL,
- .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST,
- .r2i = NULL,
- .usr_data = NULL,
- },
-
- /* X509v3 extension to mark a certificate as a pre-certificate */
- [1] = {
- .ext_nid = NID_ct_precert_poison,
- .ext_flags = 0,
- .it = &ASN1_NULL_it,
- .ext_new = NULL,
- .ext_free = NULL,
- .d2i = NULL,
- .i2d = NULL,
- .i2s = i2s_poison,
- .s2i = s2i_poison,
- .i2v = NULL,
- .v2i = NULL,
- .i2r = NULL,
- .r2i = NULL,
- .usr_data = NULL,
- },
-
- /* OCSP extension that contains SCTs */
- [2] = {
- .ext_nid = NID_ct_cert_scts,
- .ext_flags = 0,
- .it = NULL,
- .ext_new = NULL,
- .ext_free = (X509V3_EXT_FREE)SCT_LIST_free,
- .d2i = (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST,
- .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST,
- .i2s = NULL,
- .s2i = NULL,
- .i2v = NULL,
- .v2i = NULL,
- .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST,
- .r2i = NULL,
- .usr_data = NULL,
- },
+/* X509v3 extension in certificates that contains SCTs */
+static const X509V3_EXT_METHOD x509v3_ext_ct_precert_scts = {
+ .ext_nid = NID_ct_precert_scts,
+ .ext_flags = 0,
+ .it = NULL,
+ .ext_new = NULL,
+ .ext_free = (X509V3_EXT_FREE)SCT_LIST_free,
+ .d2i = (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST,
+ .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST,
+ .i2s = NULL,
+ .s2i = NULL,
+ .i2v = NULL,
+ .v2i = NULL,
+ .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST,
+ .r2i = NULL,
+ .usr_data = NULL,
};
+
+const X509V3_EXT_METHOD *
+x509v3_ext_method_ct_precert_scts(void)
+{
+ return &x509v3_ext_ct_precert_scts;
+}
+
+/* X509v3 extension to mark a certificate as a pre-certificate */
+static const X509V3_EXT_METHOD x509v3_ext_ct_precert_poison = {
+ .ext_nid = NID_ct_precert_poison,
+ .ext_flags = 0,
+ .it = &ASN1_NULL_it,
+ .ext_new = NULL,
+ .ext_free = NULL,
+ .d2i = NULL,
+ .i2d = NULL,
+ .i2s = i2s_poison,
+ .s2i = s2i_poison,
+ .i2v = NULL,
+ .v2i = NULL,
+ .i2r = NULL,
+ .r2i = NULL,
+ .usr_data = NULL,
+};
+
+const X509V3_EXT_METHOD *
+x509v3_ext_method_ct_precert_poison(void)
+{
+ return &x509v3_ext_ct_precert_poison;
+}
+
+/* OCSP extension that contains SCTs */
+static const X509V3_EXT_METHOD x509v3_ext_ct_cert_scts = {
+ .ext_nid = NID_ct_cert_scts,
+ .ext_flags = 0,
+ .it = NULL,
+ .ext_new = NULL,
+ .ext_free = (X509V3_EXT_FREE)SCT_LIST_free,
+ .d2i = (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST,
+ .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST,
+ .i2s = NULL,
+ .s2i = NULL,
+ .i2v = NULL,
+ .v2i = NULL,
+ .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST,
+ .r2i = NULL,
+ .usr_data = NULL,
+};
+
+const X509V3_EXT_METHOD *
+x509v3_ext_method_ct_cert_scts(void)
+{
+ return &x509v3_ext_ct_cert_scts;
+}
-/* $OpenBSD: x509_addr.c,v 1.92 2024/07/08 14:47:44 beck Exp $ */
+/* $OpenBSD: x509_addr.c,v 1.93 2024/07/13 15:08:58 tb Exp $ */
/*
* Contributed to the OpenSSL Project by the American Registry for
* Internet Numbers ("ARIN").
/*
* OpenSSL dispatch
*/
-const X509V3_EXT_METHOD v3_addr = {
+static const X509V3_EXT_METHOD x509v3_ext_sbgp_ipAddrBlock = {
.ext_nid = NID_sbgp_ipAddrBlock,
.ext_flags = 0,
.it = &IPAddrBlocks_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_sbgp_ipAddrBlock(void)
+{
+ return &x509v3_ext_sbgp_ipAddrBlock;
+}
+
/*
* Figure out whether extension uses inheritance.
*/
-/* $OpenBSD: x509_akey.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */
+/* $OpenBSD: x509_akey.c,v 1.2 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-const X509V3_EXT_METHOD v3_akey_id = {
+static const X509V3_EXT_METHOD x509v3_ext_authority_key_identifier = {
.ext_nid = NID_authority_key_identifier,
.ext_flags = X509V3_EXT_MULTILINE,
.it = &AUTHORITY_KEYID_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_authority_key_identifier(void)
+{
+ return &x509v3_ext_authority_key_identifier;
+}
+
static STACK_OF(CONF_VALUE) *
i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid,
STACK_OF(CONF_VALUE) *extlist)
-/* $OpenBSD: x509_alt.c,v 1.16 2023/08/30 00:49:32 tb Exp $ */
+/* $OpenBSD: x509_alt.c,v 1.17 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
-const X509V3_EXT_METHOD v3_alt[] = {
- {
- .ext_nid = NID_subject_alt_name,
- .ext_flags = 0,
- .it = &GENERAL_NAMES_it,
- .ext_new = NULL,
- .ext_free = NULL,
- .d2i = NULL,
- .i2d = NULL,
- .i2s = NULL,
- .s2i = NULL,
- .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
- .v2i = (X509V3_EXT_V2I)v2i_subject_alt,
- .i2r = NULL,
- .r2i = NULL,
- .usr_data = NULL,
- },
- {
- .ext_nid = NID_issuer_alt_name,
- .ext_flags = 0,
- .it = &GENERAL_NAMES_it,
- .ext_new = NULL,
- .ext_free = NULL,
- .d2i = NULL,
- .i2d = NULL,
- .i2s = NULL,
- .s2i = NULL,
- .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
- .v2i = (X509V3_EXT_V2I)v2i_issuer_alt,
- .i2r = NULL,
- .r2i = NULL,
- .usr_data = NULL,
- },
- {
- .ext_nid = NID_certificate_issuer,
- .ext_flags = 0,
- .it = &GENERAL_NAMES_it,
- .ext_new = NULL,
- .ext_free = NULL,
- .d2i = NULL,
- .i2d = NULL,
- .i2s = NULL,
- .s2i = NULL,
- .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
- .v2i = NULL,
- .i2r = NULL,
- .r2i = NULL,
- .usr_data = NULL,
- },
+static const X509V3_EXT_METHOD x509v3_ext_subject_alt_name = {
+ .ext_nid = NID_subject_alt_name,
+ .ext_flags = 0,
+ .it = &GENERAL_NAMES_it,
+ .ext_new = NULL,
+ .ext_free = NULL,
+ .d2i = NULL,
+ .i2d = NULL,
+ .i2s = NULL,
+ .s2i = NULL,
+ .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+ .v2i = (X509V3_EXT_V2I)v2i_subject_alt,
+ .i2r = NULL,
+ .r2i = NULL,
+ .usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_subject_alt_name(void)
+{
+ return &x509v3_ext_subject_alt_name;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_issuer_alt_name = {
+ .ext_nid = NID_issuer_alt_name,
+ .ext_flags = 0,
+ .it = &GENERAL_NAMES_it,
+ .ext_new = NULL,
+ .ext_free = NULL,
+ .d2i = NULL,
+ .i2d = NULL,
+ .i2s = NULL,
+ .s2i = NULL,
+ .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+ .v2i = (X509V3_EXT_V2I)v2i_issuer_alt,
+ .i2r = NULL,
+ .r2i = NULL,
+ .usr_data = NULL,
+};
+
+const X509V3_EXT_METHOD *
+x509v3_ext_method_issuer_alt_name(void)
+{
+ return &x509v3_ext_issuer_alt_name;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_certificate_issuer = {
+ .ext_nid = NID_certificate_issuer,
+ .ext_flags = 0,
+ .it = &GENERAL_NAMES_it,
+ .ext_new = NULL,
+ .ext_free = NULL,
+ .d2i = NULL,
+ .i2d = NULL,
+ .i2s = NULL,
+ .s2i = NULL,
+ .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+ .v2i = NULL,
+ .i2r = NULL,
+ .r2i = NULL,
+ .usr_data = NULL,
+};
+
+const X509V3_EXT_METHOD *
+x509v3_ext_method_certificate_issuer(void)
+{
+ return &x509v3_ext_certificate_issuer;
+}
+
STACK_OF(CONF_VALUE) *
i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens,
STACK_OF(CONF_VALUE) *ret)
-/* $OpenBSD: x509_asid.c,v 1.44 2024/07/08 14:47:44 beck Exp $ */
+/* $OpenBSD: x509_asid.c,v 1.45 2024/07/13 15:08:58 tb Exp $ */
/*
* Contributed to the OpenSSL Project by the American Registry for
* Internet Numbers ("ARIN").
/*
* OpenSSL dispatch.
*/
-const X509V3_EXT_METHOD v3_asid = {
+static const X509V3_EXT_METHOD x509v3_ext_sbgp_autonomousSysNum = {
.ext_nid = NID_sbgp_autonomousSysNum,
.ext_flags = 0,
.it = &ASIdentifiers_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_sbgp_autonomousSysNum(void)
+{
+ return &x509v3_ext_sbgp_autonomousSysNum;
+}
+
/*
* Figure out whether extension uses inheritance.
*/
-/* $OpenBSD: x509_bcons.c,v 1.4 2024/07/08 14:47:44 beck Exp $ */
+/* $OpenBSD: x509_bcons.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-const X509V3_EXT_METHOD v3_bcons = {
+static const X509V3_EXT_METHOD x509v3_ext_basic_constraints = {
.ext_nid = NID_basic_constraints,
.ext_flags = 0,
.it = &BASIC_CONSTRAINTS_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_basic_constraints(void)
+{
+ return &x509v3_ext_basic_constraints;
+}
+
static const ASN1_TEMPLATE BASIC_CONSTRAINTS_seq_tt[] = {
{
.flags = ASN1_TFLG_OPTIONAL,
-/* $OpenBSD: x509_bitst.c,v 1.5 2024/06/18 08:29:40 tb Exp $ */
+/* $OpenBSD: x509_bitst.c,v 1.6 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
{-1, NULL, NULL}
};
-const X509V3_EXT_METHOD v3_nscert = {
+static const X509V3_EXT_METHOD x509v3_ext_netscape_cert_type = {
.ext_nid = NID_netscape_cert_type,
.ext_flags = 0,
.it = &ASN1_BIT_STRING_it,
.usr_data = ns_cert_type_table,
};
-const X509V3_EXT_METHOD v3_key_usage = {
+const X509V3_EXT_METHOD *
+x509v3_ext_method_netscape_cert_type(void)
+{
+ return &x509v3_ext_netscape_cert_type;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_key_usage = {
.ext_nid = NID_key_usage,
.ext_flags = 0,
.it = &ASN1_BIT_STRING_it,
.usr_data = key_usage_type_table,
};
-const X509V3_EXT_METHOD v3_crl_reason = {
+const X509V3_EXT_METHOD *
+x509v3_ext_method_key_usage(void)
+{
+ return &x509v3_ext_key_usage;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_crl_reason = {
.ext_nid = NID_crl_reason,
.ext_flags = 0,
.it = &ASN1_ENUMERATED_it,
.usr_data = crl_reasons,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_crl_reason(void)
+{
+ return &x509v3_ext_crl_reason;
+}
+
STACK_OF(CONF_VALUE) *
i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits,
STACK_OF(CONF_VALUE) *ret)
-/* $OpenBSD: x509_cpols.c,v 1.12 2024/07/08 14:47:44 beck Exp $ */
+/* $OpenBSD: x509_cpols.c,v 1.13 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
STACK_OF(CONF_VALUE) *unot, int ia5org);
static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
-const X509V3_EXT_METHOD v3_cpols = {
+static const X509V3_EXT_METHOD x509v3_ext_certificate_policies = {
.ext_nid = NID_certificate_policies,
.ext_flags = 0,
.it = &CERTIFICATEPOLICIES_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_certificate_policies(void)
+{
+ return &x509v3_ext_certificate_policies;
+}
+
static const ASN1_TEMPLATE CERTIFICATEPOLICIES_item_tt = {
.flags = ASN1_TFLG_SEQUENCE_OF,
.tag = 0,
-/* $OpenBSD: x509_crld.c,v 1.6 2024/07/08 14:47:44 beck Exp $ */
+/* $OpenBSD: x509_crld.c,v 1.7 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
int indent);
-const X509V3_EXT_METHOD v3_crld = {
+static const X509V3_EXT_METHOD x509v3_ext_crl_distribution_points = {
.ext_nid = NID_crl_distribution_points,
.ext_flags = 0,
.it = &CRL_DIST_POINTS_it,
.usr_data = NULL,
};
-const X509V3_EXT_METHOD v3_freshest_crl = {
+const X509V3_EXT_METHOD *
+x509v3_ext_method_crl_distribution_points(void)
+{
+ return &x509v3_ext_crl_distribution_points;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_freshest_crl = {
.ext_nid = NID_freshest_crl,
.ext_flags = 0,
.it = &CRL_DIST_POINTS_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_freshest_crl(void)
+{
+ return &x509v3_ext_freshest_crl;
+}
+
static STACK_OF(GENERAL_NAME) *
gnames_from_sectname(X509V3_CTX *ctx, char *sect)
{
static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *nval);
-const X509V3_EXT_METHOD v3_idp = {
- NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
- &ISSUING_DIST_POINT_it,
- 0, 0, 0, 0,
- 0, 0,
- 0,
- v2i_idp,
- i2r_idp, 0,
- NULL
+static const X509V3_EXT_METHOD x509v3_ext_issuing_distribution_point = {
+ .ext_nid = NID_issuing_distribution_point,
+ .ext_flags = X509V3_EXT_MULTILINE,
+ .it = &ISSUING_DIST_POINT_it,
+ .ext_new = NULL,
+ .ext_free = NULL,
+ .d2i = NULL,
+ .i2d = NULL,
+ .i2s = NULL,
+ .s2i = NULL,
+ .i2v = NULL,
+ .v2i = v2i_idp,
+ .i2r = i2r_idp,
+ .r2i = NULL,
+ .usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_issuing_distribution_point(void)
+{
+ return &x509v3_ext_issuing_distribution_point;
+}
+
static void *
v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *nval)
-/* $OpenBSD: x509_extku.c,v 1.4 2024/07/08 14:47:44 beck Exp $ */
+/* $OpenBSD: x509_extku.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(
const X509V3_EXT_METHOD *method, void *eku, STACK_OF(CONF_VALUE) *extlist);
-const X509V3_EXT_METHOD v3_ext_ku = {
+static const X509V3_EXT_METHOD x509v3_ext_ext_key_usage = {
.ext_nid = NID_ext_key_usage,
.ext_flags = 0,
.it = &EXTENDED_KEY_USAGE_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_ext_key_usage(void)
+{
+ return &x509v3_ext_ext_key_usage;
+}
+
/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
-const X509V3_EXT_METHOD v3_ocsp_accresp = {
+static const X509V3_EXT_METHOD x509v3_ext_id_pkix_OCSP_acceptableResponses = {
.ext_nid = NID_id_pkix_OCSP_acceptableResponses,
.ext_flags = 0,
.it = &EXTENDED_KEY_USAGE_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_id_pkix_OCSP_acceptableResponses(void)
+{
+ return &x509v3_ext_id_pkix_OCSP_acceptableResponses;
+}
+
static const ASN1_TEMPLATE EXTENDED_KEY_USAGE_item_tt = {
.flags = ASN1_TFLG_SEQUENCE_OF,
.tag = 0,
-/* $OpenBSD: x509_ia5.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */
+/* $OpenBSD: x509_ia5.c,v 1.2 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
- {
- .ext_nid = NID_netscape_base_url,
- .ext_flags = 0,
- .it = &ASN1_IA5STRING_it,
- .ext_new = NULL,
- .ext_free = NULL,
- .d2i = NULL,
- .i2d = NULL,
- .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
- .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
- .i2v = NULL,
- .v2i = NULL,
- .i2r = NULL,
- .r2i = NULL,
- .usr_data = NULL,
- },
- {
- .ext_nid = NID_netscape_revocation_url,
- .ext_flags = 0,
- .it = &ASN1_IA5STRING_it,
- .ext_new = NULL,
- .ext_free = NULL,
- .d2i = NULL,
- .i2d = NULL,
- .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
- .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
- .i2v = NULL,
- .v2i = NULL,
- .i2r = NULL,
- .r2i = NULL,
- .usr_data = NULL,
- },
- {
- .ext_nid = NID_netscape_ca_revocation_url,
- .ext_flags = 0,
- .it = &ASN1_IA5STRING_it,
- .ext_new = NULL,
- .ext_free = NULL,
- .d2i = NULL,
- .i2d = NULL,
- .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
- .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
- .i2v = NULL,
- .v2i = NULL,
- .i2r = NULL,
- .r2i = NULL,
- .usr_data = NULL,
- },
- {
- .ext_nid = NID_netscape_renewal_url,
- .ext_flags = 0,
- .it = &ASN1_IA5STRING_it,
- .ext_new = NULL,
- .ext_free = NULL,
- .d2i = NULL,
- .i2d = NULL,
- .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
- .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
- .i2v = NULL,
- .v2i = NULL,
- .i2r = NULL,
- .r2i = NULL,
- .usr_data = NULL,
- },
- {
- .ext_nid = NID_netscape_ca_policy_url,
- .ext_flags = 0,
- .it = &ASN1_IA5STRING_it,
- .ext_new = NULL,
- .ext_free = NULL,
- .d2i = NULL,
- .i2d = NULL,
- .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
- .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
- .i2v = NULL,
- .v2i = NULL,
- .i2r = NULL,
- .r2i = NULL,
- .usr_data = NULL,
- },
- {
- .ext_nid = NID_netscape_ssl_server_name,
- .ext_flags = 0,
- .it = &ASN1_IA5STRING_it,
- .ext_new = NULL,
- .ext_free = NULL,
- .d2i = NULL,
- .i2d = NULL,
- .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
- .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
- .i2v = NULL,
- .v2i = NULL,
- .i2r = NULL,
- .r2i = NULL,
- .usr_data = NULL,
- },
- {
- .ext_nid = NID_netscape_comment,
- .ext_flags = 0,
- .it = &ASN1_IA5STRING_it,
- .ext_new = NULL,
- .ext_free = NULL,
- .d2i = NULL,
- .i2d = NULL,
- .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
- .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
- .i2v = NULL,
- .v2i = NULL,
- .i2r = NULL,
- .r2i = NULL,
- .usr_data = NULL,
- },
- {
- .ext_nid = -1,
- .ext_flags = 0,
- .it = NULL,
- .ext_new = NULL,
- .ext_free = NULL,
- .d2i = NULL,
- .i2d = NULL,
- .i2s = NULL,
- .s2i = NULL,
- .i2v = NULL,
- .v2i = NULL,
- .i2r = NULL,
- .r2i = NULL,
- .usr_data = NULL,
- },
+static const X509V3_EXT_METHOD x509v3_ext_netscape_base_url = {
+ .ext_nid = NID_netscape_base_url,
+ .ext_flags = 0,
+ .it = &ASN1_IA5STRING_it,
+ .ext_new = NULL,
+ .ext_free = NULL,
+ .d2i = NULL,
+ .i2d = NULL,
+ .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+ .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+ .i2v = NULL,
+ .v2i = NULL,
+ .i2r = NULL,
+ .r2i = NULL,
+ .usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_netscape_base_url(void)
+{
+ return &x509v3_ext_netscape_base_url;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_netscape_revocation_url = {
+ .ext_nid = NID_netscape_revocation_url,
+ .ext_flags = 0,
+ .it = &ASN1_IA5STRING_it,
+ .ext_new = NULL,
+ .ext_free = NULL,
+ .d2i = NULL,
+ .i2d = NULL,
+ .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+ .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+ .i2v = NULL,
+ .v2i = NULL,
+ .i2r = NULL,
+ .r2i = NULL,
+ .usr_data = NULL,
+};
+
+const X509V3_EXT_METHOD *
+x509v3_ext_method_netscape_revocation_url(void)
+{
+ return &x509v3_ext_netscape_revocation_url;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_netscape_ca_revocation_url = {
+ .ext_nid = NID_netscape_ca_revocation_url,
+ .ext_flags = 0,
+ .it = &ASN1_IA5STRING_it,
+ .ext_new = NULL,
+ .ext_free = NULL,
+ .d2i = NULL,
+ .i2d = NULL,
+ .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+ .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+ .i2v = NULL,
+ .v2i = NULL,
+ .i2r = NULL,
+ .r2i = NULL,
+ .usr_data = NULL,
+};
+
+const X509V3_EXT_METHOD *
+x509v3_ext_method_netscape_ca_revocation_url(void)
+{
+ return &x509v3_ext_netscape_ca_revocation_url;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_netscape_renewal_url = {
+ .ext_nid = NID_netscape_renewal_url,
+ .ext_flags = 0,
+ .it = &ASN1_IA5STRING_it,
+ .ext_new = NULL,
+ .ext_free = NULL,
+ .d2i = NULL,
+ .i2d = NULL,
+ .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+ .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+ .i2v = NULL,
+ .v2i = NULL,
+ .i2r = NULL,
+ .r2i = NULL,
+ .usr_data = NULL,
+};
+
+const X509V3_EXT_METHOD *
+x509v3_ext_method_netscape_renewal_url(void)
+{
+ return &x509v3_ext_netscape_renewal_url;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_netscape_ca_policy_url = {
+ .ext_nid = NID_netscape_ca_policy_url,
+ .ext_flags = 0,
+ .it = &ASN1_IA5STRING_it,
+ .ext_new = NULL,
+ .ext_free = NULL,
+ .d2i = NULL,
+ .i2d = NULL,
+ .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+ .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+ .i2v = NULL,
+ .v2i = NULL,
+ .i2r = NULL,
+ .r2i = NULL,
+ .usr_data = NULL,
+};
+
+const X509V3_EXT_METHOD *
+x509v3_ext_method_netscape_ca_policy_url(void)
+{
+ return &x509v3_ext_netscape_ca_policy_url;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_netscape_ssl_server_name = {
+ .ext_nid = NID_netscape_ssl_server_name,
+ .ext_flags = 0,
+ .it = &ASN1_IA5STRING_it,
+ .ext_new = NULL,
+ .ext_free = NULL,
+ .d2i = NULL,
+ .i2d = NULL,
+ .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+ .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+ .i2v = NULL,
+ .v2i = NULL,
+ .i2r = NULL,
+ .r2i = NULL,
+ .usr_data = NULL,
+};
+
+const X509V3_EXT_METHOD *
+x509v3_ext_method_netscape_ssl_server_name(void)
+{
+ return &x509v3_ext_netscape_ssl_server_name;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_netscape_comment = {
+ .ext_nid = NID_netscape_comment,
+ .ext_flags = 0,
+ .it = &ASN1_IA5STRING_it,
+ .ext_new = NULL,
+ .ext_free = NULL,
+ .d2i = NULL,
+ .i2d = NULL,
+ .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING,
+ .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING,
+ .i2v = NULL,
+ .v2i = NULL,
+ .i2r = NULL,
+ .r2i = NULL,
+ .usr_data = NULL,
+};
+
+const X509V3_EXT_METHOD *
+x509v3_ext_method_netscape_comment(void)
+{
+ return &x509v3_ext_netscape_comment;
+}
+
static char *
i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5)
{
-/* $OpenBSD: x509_info.c,v 1.4 2024/07/08 14:47:44 beck Exp $ */
+/* $OpenBSD: x509_info.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(
X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-const X509V3_EXT_METHOD v3_info = {
+static const X509V3_EXT_METHOD x509v3_ext_info_access = {
.ext_nid = NID_info_access,
.ext_flags = X509V3_EXT_MULTILINE,
.it = &AUTHORITY_INFO_ACCESS_it,
.usr_data = NULL,
};
-const X509V3_EXT_METHOD v3_sinfo = {
+const X509V3_EXT_METHOD *
+x509v3_ext_method_info_access(void)
+{
+ return &x509v3_ext_info_access;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_sinfo_access = {
.ext_nid = NID_sinfo_access,
.ext_flags = X509V3_EXT_MULTILINE,
.it = &AUTHORITY_INFO_ACCESS_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_sinfo_access(void)
+{
+ return &x509v3_ext_sinfo_access;
+}
+
static const ASN1_TEMPLATE ACCESS_DESCRIPTION_seq_tt[] = {
{
.flags = 0,
-/* $OpenBSD: x509_int.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */
+/* $OpenBSD: x509_int.c,v 1.2 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
#include <openssl/x509v3.h>
-const X509V3_EXT_METHOD v3_crl_num = {
+static const X509V3_EXT_METHOD x509v3_ext_crl_number = {
.ext_nid = NID_crl_number,
.ext_flags = 0,
.it = &ASN1_INTEGER_it,
.usr_data = NULL,
};
-const X509V3_EXT_METHOD v3_delta_crl = {
+const X509V3_EXT_METHOD *
+x509v3_ext_method_crl_number(void)
+{
+ return &x509v3_ext_crl_number;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_delta_crl = {
.ext_nid = NID_delta_crl,
.ext_flags = 0,
.it = &ASN1_INTEGER_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_delta_crl(void)
+{
+ return &x509v3_ext_delta_crl;
+}
+
static void *
s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value)
{
return s2i_ASN1_INTEGER(meth, value);
}
-const X509V3_EXT_METHOD v3_inhibit_anyp = {
- NID_inhibit_any_policy, 0, &ASN1_INTEGER_it,
- 0, 0, 0, 0,
- (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
- (X509V3_EXT_S2I)s2i_asn1_int,
- 0, 0, 0, 0,
- NULL
+static const X509V3_EXT_METHOD x509v3_ext_inhibit_any_policy = {
+ .ext_nid = NID_inhibit_any_policy,
+ .ext_flags = 0,
+ .it = &ASN1_INTEGER_it,
+ .ext_new = NULL,
+ .ext_free = NULL,
+ .d2i = NULL,
+ .i2d = NULL,
+ .i2s = (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+ .s2i = (X509V3_EXT_S2I)s2i_asn1_int,
+ .i2v = NULL,
+ .v2i = NULL,
+ .i2r = NULL,
+ .r2i = NULL,
+ .usr_data = NULL,
};
+
+const X509V3_EXT_METHOD *
+x509v3_ext_method_inhibit_any_policy(void)
+{
+ return &x509v3_ext_inhibit_any_policy;
+}
-/* $OpenBSD: x509_lib.c,v 1.23 2024/06/17 05:38:08 tb Exp $ */
+/* $OpenBSD: x509_lib.c,v 1.24 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
#include "x509_local.h"
-extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_info, v3_sinfo;
-extern const X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
-extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
-extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
-extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
-extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
-extern const X509V3_EXT_METHOD v3_crl_hold;
-extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
-extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
-extern const X509V3_EXT_METHOD v3_addr, v3_asid;
-extern const X509V3_EXT_METHOD v3_ct_scts[3];
-
-static const X509V3_EXT_METHOD *standard_exts[] = {
- &v3_nscert,
- &v3_ns_ia5_list[0],
- &v3_ns_ia5_list[1],
- &v3_ns_ia5_list[2],
- &v3_ns_ia5_list[3],
- &v3_ns_ia5_list[4],
- &v3_ns_ia5_list[5],
- &v3_ns_ia5_list[6],
- &v3_skey_id,
- &v3_key_usage,
- &v3_pkey_usage_period,
- &v3_alt[0],
- &v3_alt[1],
- &v3_bcons,
- &v3_crl_num,
- &v3_cpols,
- &v3_akey_id,
- &v3_crld,
- &v3_ext_ku,
- &v3_delta_crl,
- &v3_crl_reason,
-#ifndef OPENSSL_NO_OCSP
- &v3_crl_invdate,
-#endif
- &v3_info,
-#ifndef OPENSSL_NO_RFC3779
- &v3_addr,
- &v3_asid,
-#endif
-#ifndef OPENSSL_NO_OCSP
- &v3_ocsp_nonce,
- &v3_ocsp_crlid,
- &v3_ocsp_accresp,
- &v3_ocsp_nocheck,
- &v3_ocsp_acutoff,
- &v3_ocsp_serviceloc,
+const X509V3_EXT_METHOD *
+X509V3_EXT_get_nid(int nid)
+{
+ switch (nid) {
+ case NID_authority_key_identifier:
+ return x509v3_ext_method_authority_key_identifier();
+ case NID_basic_constraints:
+ return x509v3_ext_method_basic_constraints();
+ case NID_certificate_issuer:
+ return x509v3_ext_method_certificate_issuer();
+ case NID_certificate_policies:
+ return x509v3_ext_method_certificate_policies();
+ case NID_crl_distribution_points:
+ return x509v3_ext_method_crl_distribution_points();
+ case NID_crl_number:
+ return x509v3_ext_method_crl_number();
+ case NID_crl_reason:
+ return x509v3_ext_method_crl_reason();
+#ifndef OPENSSL_NO_CT
+ case NID_ct_cert_scts:
+ return x509v3_ext_method_ct_cert_scts();
+ case NID_ct_precert_poison:
+ return x509v3_ext_method_ct_precert_poison();
+ case NID_ct_precert_scts:
+ return x509v3_ext_method_ct_precert_scts();
#endif
- &v3_sinfo,
- &v3_policy_constraints,
+ case NID_delta_crl:
+ return x509v3_ext_method_delta_crl();
+ case NID_ext_key_usage:
+ return x509v3_ext_method_ext_key_usage();
+ case NID_freshest_crl:
+ return x509v3_ext_method_freshest_crl();
#ifndef OPENSSL_NO_OCSP
- &v3_crl_hold,
+ case NID_hold_instruction_code:
+ return x509v3_ext_method_hold_instruction_code();
+ case NID_id_pkix_OCSP_CrlID:
+ return x509v3_ext_method_id_pkix_OCSP_CrlID();
+ case NID_id_pkix_OCSP_Nonce:
+ return x509v3_ext_method_id_pkix_OCSP_Nonce();
+ case NID_id_pkix_OCSP_acceptableResponses:
+ return x509v3_ext_method_id_pkix_OCSP_acceptableResponses();
+ case NID_id_pkix_OCSP_archiveCutoff:
+ return x509v3_ext_method_id_pkix_OCSP_archiveCutoff();
+ case NID_id_pkix_OCSP_serviceLocator:
+ return x509v3_ext_method_id_pkix_OCSP_serviceLocator();
#endif
- &v3_name_constraints,
- &v3_policy_mappings,
- &v3_inhibit_anyp,
- &v3_idp,
- &v3_alt[2],
- &v3_freshest_crl,
-#ifndef OPENSSL_NO_CT
- &v3_ct_scts[0],
- &v3_ct_scts[1],
- &v3_ct_scts[2],
+ case NID_info_access:
+ return x509v3_ext_method_info_access();
+ case NID_inhibit_any_policy:
+ return x509v3_ext_method_inhibit_any_policy();
+ case NID_invalidity_date:
+ return x509v3_ext_method_invalidity_date();
+ case NID_issuer_alt_name:
+ return x509v3_ext_method_issuer_alt_name();
+ case NID_issuing_distribution_point:
+ return x509v3_ext_method_issuing_distribution_point();
+ case NID_key_usage:
+ return x509v3_ext_method_key_usage();
+ case NID_name_constraints:
+ return x509v3_ext_method_name_constraints();
+ case NID_netscape_base_url:
+ return x509v3_ext_method_netscape_base_url();
+ case NID_netscape_ca_policy_url:
+ return x509v3_ext_method_netscape_ca_policy_url();
+ case NID_netscape_ca_revocation_url:
+ return x509v3_ext_method_netscape_ca_revocation_url();
+ case NID_netscape_cert_type:
+ return x509v3_ext_method_netscape_cert_type();
+ case NID_netscape_comment:
+ return x509v3_ext_method_netscape_comment();
+ case NID_netscape_renewal_url:
+ return x509v3_ext_method_netscape_renewal_url();
+ case NID_netscape_revocation_url:
+ return x509v3_ext_method_netscape_revocation_url();
+ case NID_netscape_ssl_server_name:
+ return x509v3_ext_method_netscape_ssl_server_name();
+ case NID_policy_constraints:
+ return x509v3_ext_method_policy_constraints();
+ case NID_policy_mappings:
+ return x509v3_ext_method_policy_mappings();
+ case NID_private_key_usage_period:
+ return x509v3_ext_method_private_key_usage_period();
+#ifndef OPENSSL_NO_RFC3779
+ case NID_sbgp_ipAddrBlock:
+ return x509v3_ext_method_sbgp_ipAddrBlock();
+ case NID_sbgp_autonomousSysNum:
+ return x509v3_ext_method_sbgp_autonomousSysNum();
#endif
-};
-
-#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts) / sizeof(standard_exts[0]))
-
-const X509V3_EXT_METHOD *
-X509V3_EXT_get_nid(int nid)
-{
- size_t i;
-
- for (i = 0; i < STANDARD_EXTENSION_COUNT; i++) {
- if (standard_exts[i]->ext_nid == nid)
- return standard_exts[i];
+ case NID_sinfo_access:
+ return x509v3_ext_method_sinfo_access();
+ case NID_subject_alt_name:
+ return x509v3_ext_method_subject_alt_name();
+ case NID_subject_key_identifier:
+ return x509v3_ext_method_subject_key_identifier();
+ default:
+ return NULL;
}
-
- return NULL;
-}
+};
LCRYPTO_ALIAS(X509V3_EXT_get_nid);
const X509V3_EXT_METHOD *
-/* $OpenBSD: x509_local.h,v 1.25 2024/07/12 18:15:10 beck Exp $ */
+/* $OpenBSD: x509_local.h,v 1.26 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2013.
*/
int X509_PURPOSE_get_by_id(int id);
int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
+const X509V3_EXT_METHOD *x509v3_ext_method_authority_key_identifier(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_basic_constraints(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_certificate_issuer(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_certificate_policies(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_crl_distribution_points(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_crl_number(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_crl_reason(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_ct_cert_scts(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_ct_precert_poison(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_ct_precert_scts(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_delta_crl(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_ext_key_usage(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_freshest_crl(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_hold_instruction_code(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_CrlID(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_Nonce(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_acceptableResponses(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_archiveCutoff(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_serviceLocator(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_info_access(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_inhibit_any_policy(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_invalidity_date(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_issuer_alt_name(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_issuing_distribution_point(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_key_usage(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_name_constraints(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_netscape_base_url(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_netscape_ca_policy_url(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_netscape_ca_revocation_url(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_netscape_cert_type(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_netscape_comment(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_netscape_renewal_url(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_netscape_revocation_url(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_netscape_ssl_server_name(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_policy_constraints(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_policy_mappings(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_private_key_usage_period(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_sbgp_ipAddrBlock(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_sbgp_autonomousSysNum(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_sinfo_access(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_subject_alt_name(void);
+const X509V3_EXT_METHOD *x509v3_ext_method_subject_key_identifier(void);
+
__END_HIDDEN_DECLS
#endif /* !HEADER_X509_LOCAL_H */
-/* $OpenBSD: x509_ncons.c,v 1.10 2024/07/08 14:47:44 beck Exp $ */
+/* $OpenBSD: x509_ncons.c,v 1.11 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);
-const X509V3_EXT_METHOD v3_name_constraints = {
+static const X509V3_EXT_METHOD x509v3_ext_name_constraints = {
.ext_nid = NID_name_constraints,
.ext_flags = 0,
.it = &NAME_CONSTRAINTS_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_name_constraints(void)
+{
+ return &x509v3_ext_name_constraints;
+}
+
static const ASN1_TEMPLATE GENERAL_SUBTREE_seq_tt[] = {
{
.flags = 0,
-/* $OpenBSD: x509_ocsp.c,v 1.2 2022/01/07 09:45:52 tb Exp $ */
+/* $OpenBSD: x509_ocsp.c,v 1.3 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
BIO *bp, int ind);
-const X509V3_EXT_METHOD v3_ocsp_crlid = {
+static const X509V3_EXT_METHOD x509v3_ext_id_pkix_OCSP_CrlID = {
.ext_nid = NID_id_pkix_OCSP_CrlID,
.ext_flags = 0,
.it = &OCSP_CRLID_it,
.usr_data = NULL,
};
-const X509V3_EXT_METHOD v3_ocsp_acutoff = {
+const X509V3_EXT_METHOD *
+x509v3_ext_method_id_pkix_OCSP_CrlID(void)
+{
+ return &x509v3_ext_id_pkix_OCSP_CrlID;
+}
+
+const X509V3_EXT_METHOD x509v3_ext_id_pkix_OCSP_archiveCutoff = {
.ext_nid = NID_id_pkix_OCSP_archiveCutoff,
.ext_flags = 0,
.it = &ASN1_GENERALIZEDTIME_it,
.usr_data = NULL,
};
-const X509V3_EXT_METHOD v3_crl_invdate = {
+const X509V3_EXT_METHOD *
+x509v3_ext_method_id_pkix_OCSP_archiveCutoff(void)
+{
+ return &x509v3_ext_id_pkix_OCSP_archiveCutoff;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_invalidity_date = {
.ext_nid = NID_invalidity_date,
.ext_flags = 0,
.it = &ASN1_GENERALIZEDTIME_it,
.usr_data = NULL,
};
-const X509V3_EXT_METHOD v3_crl_hold = {
+const X509V3_EXT_METHOD *
+x509v3_ext_method_invalidity_date(void)
+{
+ return &x509v3_ext_invalidity_date;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_hold_instruction_code = {
.ext_nid = NID_hold_instruction_code,
.ext_flags = 0,
.it = &ASN1_OBJECT_it,
.usr_data = NULL,
};
-const X509V3_EXT_METHOD v3_ocsp_nonce = {
+const X509V3_EXT_METHOD *
+x509v3_ext_method_hold_instruction_code(void)
+{
+ return &x509v3_ext_hold_instruction_code;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_id_pkix_OCSP_Nonce = {
.ext_nid = NID_id_pkix_OCSP_Nonce,
.ext_flags = 0,
.it = NULL,
.usr_data = NULL,
};
-const X509V3_EXT_METHOD v3_ocsp_nocheck = {
+const X509V3_EXT_METHOD *
+x509v3_ext_method_id_pkix_OCSP_Nonce(void)
+{
+ return &x509v3_ext_id_pkix_OCSP_Nonce;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_id_pkix_OCSP_noCheck = {
.ext_nid = NID_id_pkix_OCSP_noCheck,
.ext_flags = 0,
.it = &ASN1_NULL_it,
.usr_data = NULL,
};
-const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
+const X509V3_EXT_METHOD *
+x509v3_ext_method_id_pkix_OCSP_noCheck(void)
+{
+ return &x509v3_ext_id_pkix_OCSP_noCheck;
+}
+
+static const X509V3_EXT_METHOD x509v3_ext_id_pkix_OCSP_serviceLocator = {
.ext_nid = NID_id_pkix_OCSP_serviceLocator,
.ext_flags = 0,
.it = &OCSP_SERVICELOC_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_id_pkix_OCSP_serviceLocator(void)
+{
+ return &x509v3_ext_id_pkix_OCSP_serviceLocator;
+}
+
static int
i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
{
-/* $OpenBSD: x509_pcons.c,v 1.4 2024/07/08 14:47:44 beck Exp $ */
+/* $OpenBSD: x509_pcons.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-const X509V3_EXT_METHOD v3_policy_constraints = {
+static const X509V3_EXT_METHOD x509v3_ext_policy_constraints = {
.ext_nid = NID_policy_constraints,
.ext_flags = 0,
.it = &POLICY_CONSTRAINTS_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_policy_constraints(void)
+{
+ return &x509v3_ext_policy_constraints;
+}
+
static const ASN1_TEMPLATE POLICY_CONSTRAINTS_seq_tt[] = {
{
.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
-/* $OpenBSD: x509_pku.c,v 1.4 2024/07/08 14:47:44 beck Exp $ */
+/* $OpenBSD: x509_pku.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
-const X509V3_EXT_METHOD v3_pkey_usage_period = {
+static const X509V3_EXT_METHOD x509v3_ext_private_key_usage_period = {
.ext_nid = NID_private_key_usage_period,
.ext_flags = 0,
.it = &PKEY_USAGE_PERIOD_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_private_key_usage_period(void)
+{
+ return &x509v3_ext_private_key_usage_period;
+}
+
static const ASN1_TEMPLATE PKEY_USAGE_PERIOD_seq_tt[] = {
{
.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
-/* $OpenBSD: x509_pmaps.c,v 1.4 2024/07/08 14:47:44 beck Exp $ */
+/* $OpenBSD: x509_pmaps.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(
const X509V3_EXT_METHOD *method, void *pmps, STACK_OF(CONF_VALUE) *extlist);
-const X509V3_EXT_METHOD v3_policy_mappings = {
+static const X509V3_EXT_METHOD x509v3_ext_policy_mappings = {
.ext_nid = NID_policy_mappings,
.ext_flags = 0,
.it = &POLICY_MAPPINGS_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_policy_mappings(void)
+{
+ return &x509v3_ext_policy_mappings;
+}
+
static const ASN1_TEMPLATE POLICY_MAPPING_seq_tt[] = {
{
.flags = 0,
-/* $OpenBSD: x509_skey.c,v 1.5 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: x509_skey.c,v 1.6 2024/07/13 15:08:58 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_skey_id = {
+static const X509V3_EXT_METHOD x509v3_ext_subject_key_identifier = {
.ext_nid = NID_subject_key_identifier,
.ext_flags = 0,
.it = &ASN1_OCTET_STRING_it,
.usr_data = NULL,
};
+const X509V3_EXT_METHOD *
+x509v3_ext_method_subject_key_identifier(void)
+{
+ return &x509v3_ext_subject_key_identifier;
+}
+
char *
i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING *oct)
{
projects / openbsd / commitdiff