From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 27 Nov 2025 11:19:55 +0000 (+0100)
Subject: Move CRL extensions from v3_ocsp.c to v3_crldp.c
X-Git-Tag: 4.0-PRE-CLANG-FORMAT-WEBKIT~126
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed04580650907bcd5c11ba09996a9fb6fb9b4972;p=thirdparty%2Fopenssl.git

Move CRL extensions from v3_ocsp.c to v3_crldp.c

Otherwise they will not be handled by no-ocsp build.

Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29234)
---

diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c
index 4f54b7ceab9..4c83df4d9fa 100644
--- a/crypto/ocsp/v3_ocsp.c
+++ b/crypto/ocsp/v3_ocsp.c
@@ -24,8 +24,6 @@ static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
                           BIO *out, int indent);
 static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
                             BIO *out, int indent);
-static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
-                      int indent);
 
 static void *ocsp_nonce_new(void);
 static int i2d_ocsp_nonce(const void *a, unsigned char **pp);
@@ -59,24 +57,6 @@ const X509V3_EXT_METHOD ossl_v3_ocsp_acutoff = {
     NULL
 };
 
-const X509V3_EXT_METHOD ossl_v3_crl_invdate = {
-    NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
-    0, 0, 0, 0,
-    0, 0,
-    0, 0,
-    i2r_ocsp_acutoff, 0,
-    NULL
-};
-
-const X509V3_EXT_METHOD ossl_v3_crl_hold = {
-    NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
-    0, 0, 0, 0,
-    0, 0,
-    0, 0,
-    i2r_object, 0,
-    NULL
-};
-
 const X509V3_EXT_METHOD ossl_v3_ocsp_nonce = {
     NID_id_pkix_OCSP_Nonce, 0, NULL,
     ocsp_nonce_new,
@@ -150,16 +130,6 @@ static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
     return 1;
 }
 
-static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
-                      int ind)
-{
-    if (BIO_printf(bp, "%*s", ind, "") <= 0)
-        return 0;
-    if (i2a_ASN1_OBJECT(bp, oid) <= 0)
-        return 0;
-    return 1;
-}
-
 /*
  * OCSP nonce. This is needs special treatment because it doesn't have an
  * ASN1 encoding at all: it just contains arbitrary data.
diff --git a/crypto/x509/standard_exts.h b/crypto/x509/standard_exts.h
index aef70c2598b..b9b8ada307e 100644
--- a/crypto/x509/standard_exts.h
+++ b/crypto/x509/standard_exts.h
@@ -34,9 +34,7 @@ static const X509V3_EXT_METHOD *const standard_exts[] = {
     &ossl_v3_ext_ku,
     &ossl_v3_delta_crl,
     &ossl_v3_crl_reason,
-#ifndef OPENSSL_NO_OCSP
     &ossl_v3_crl_invdate,
-#endif
     &ossl_v3_sxnet,
     &ossl_v3_info,
     &ossl_v3_audit_identity,
@@ -56,9 +54,7 @@ static const X509V3_EXT_METHOD *const standard_exts[] = {
     &ossl_v3_policy_constraints,
     &ossl_v3_targeting_information,
     &ossl_v3_no_rev_avail,
-#ifndef OPENSSL_NO_OCSP
     &ossl_v3_crl_hold,
-#endif
     &ossl_v3_pci,
     &ossl_v3_name_constraints,
     &ossl_v3_policy_mappings,
diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c
index 140b279d2f3..ef13215aed0 100644
--- a/crypto/x509/v3_crld.c
+++ b/crypto/x509/v3_crld.c
@@ -481,6 +481,49 @@ static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
     return 1;
 }
 
+static int i2r_crl_invdate(const X509V3_EXT_METHOD *method, void *date,
+                           BIO *out, int indent);
+static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
+                      int indent);
+
+const X509V3_EXT_METHOD ossl_v3_crl_invdate = {
+    NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_crl_invdate, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD ossl_v3_crl_hold = {
+    NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_object, 0,
+    NULL
+};
+
+static int i2r_crl_invdate(const X509V3_EXT_METHOD *method, void *date,
+                           BIO *bp, int ind)
+{
+    if (BIO_printf(bp, "%*s", ind, "") <= 0)
+        return 0;
+    if (!ASN1_GENERALIZEDTIME_print(bp, date))
+        return 0;
+    return 1;
+}
+
+static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
+                      int ind)
+{
+    if (BIO_printf(bp, "%*s", ind, "") <= 0)
+        return 0;
+    if (i2a_ASN1_OBJECT(bp, oid) <= 0)
+        return 0;
+    return 1;
+}
+
 /* Append any nameRelativeToCRLIssuer in dpn to iname, set in dpn->dpname */
 int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname)
 {