From 4654ef985b58e2cf7c153057ffc6fda8ab186543 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 9 Oct 1999 02:54:10 +0000 Subject: [PATCH] New functions to parse and get extensions. --- CHANGES | 6 ++++ crypto/x509v3/v3_lib.c | 70 ++++++++++++++++++++++++++++++++++++++++++ crypto/x509v3/x509v3.h | 5 +++ 3 files changed, 81 insertions(+) diff --git a/CHANGES b/CHANGES index 6e03f51cb6..7cbe4ded32 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search + for, obtain and decode and extension and obtain its critical flag. + This allows all the necessary extension code to be handled in a + single function call. + [Steve Henson] + *) RC4 tune-up featuring 30-40% performance improvement on most RISC platforms. See crypto/rc4/rc4_enc.c for further details. [Andy Polyakov] diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index a0aa5de794..06def2a659 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -175,3 +175,73 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) return method->d2i(NULL, &p, ext->value->length); } +/* Get critical flag and decoded version of extension from a NID. + * The "idx" variable returns the last found extension and can + * be used to retrieve multiple extensions of the same NID. + * However multiple extensions with the same NID is usually + * due to a badly encoded certificate so if idx is NULL we + * choke if multiple extensions exist. + * The "crit" variable is set to the critical value. + * The return value is the decoded extension or NULL on + * error. The actual error can have several different causes, + * the value of *crit reflects the cause: + * >= 0, extension found but not decoded (reflects critical value). + * -1 extension not found. + * -2 extension occurs more than once. + */ + +void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) +{ + int lastpos, i; + X509_EXTENSION *ex, *found_ex = NULL; + if(!x) { + if(idx) *idx = -1; + if(crit) *crit = -1; + return NULL; + } + if(idx) lastpos = *idx + 1; + else lastpos = 0; + if(lastpos < 0) lastpos = 0; + for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++) + { + ex = sk_X509_EXTENSION_value(x, i); + if(OBJ_obj2nid(ex->object) == nid) { + if(idx) { + *idx = i; + break; + } else if(found_ex) { + /* Found more than one */ + if(crit) *crit = -2; + return NULL; + } + found_ex = ex; + } + } + if(found_ex) { + /* Found it */ + *crit = found_ex->critical; + return X509V3_EXT_d2i(found_ex); + } + + /* Extension not found */ + if(idx) *idx = -1; + if(crit) *crit = -1; + return NULL; +} + +/* As above but for a passed certificate */ + +void *X509V3_X509_get_d2i(X509 *x, int nid, int *crit, int *idx) +{ + return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); +} + +void *X509V3_CRL_get_d2i(X509_CRL *x, int nid, int *crit, int *idx) +{ + return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); +} + +void *X509V3_REVOKED_get_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) +{ + return X509V3_get_d2i(x->extensions, nid, crit, idx); +} diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index af0e62fe53..229146ac7c 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -424,6 +424,11 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); int X509V3_add_standard_extensions(void); STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line); void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); +void *X509V3_X509_get_d2i(X509 *x, int nid, int *crit, int *idx); +void *X509V3_CRL_get_d2i(X509_CRL *x, int nid, int *crit, int *idx); +void *X509V3_REVOKED_get_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); + X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); char *hex_to_string(unsigned char *buffer, long len); -- 2.39.5